diff --git a/.github/README.md b/.github/README.md index 510d1f6..0661cc1 100644 --- a/.github/README.md +++ b/.github/README.md @@ -150,26 +150,24 @@ ### Hosts - | Name | Hardware | Use | - |---------------------|-----------------------------------------------------|-----------------------------------------------------| - |💻 **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |💻 **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | - |💻 **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | - |🏠 **treehouse** | NVIDIA DGX Spark | AI Workstation, remote builder, hm-only-reference | - |🖥️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Homeserver (microvms), remote builder, datastorage | - |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Homeserver (IoT server in spe) | - |🖥️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | - |☁️ **stoicclub** | Cloud Server: 1 vCPUs, 8GB RAM | Authoritative dns server | - |☁️ **liliputsteps** | Cloud Server: 1 vCPUs, 8GB RAM | SSH bastion | - |☁️ **twothreetunnel**| Cloud Server: 2 vCPUs, 8GB RAM | Service proxy | - |☁️ **eagleland** | Cloud Server: 2 vCPUs, 8GB RAM | Mailserver | - |☁️ **moonside** | Cloud Server: 4 vCPUs, 24GB RAM | Gaming server, syncthing + lightweight services | - |☁️ **belchsfactory** | Cloud Server: 4 vCPUs, 24GB RAM | Hydra builder and nix binarycache | - |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | - |💿 **drugstore** | - | NixOS-installer ISO for bootstrapping new hosts | - |💿 **brickroad** | - | Kexec tarball for bootstrapping low-memory machines | - |❔ **chaotheatre** | - | Demo config for checking out this configuration | - |❔ **toto** | - | Helper configuration for testing purposes | + | Name | Hardware | Use | + |--------------------|-----------------------------------------------------|------------------------------------------------------| + |💻 **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | + |💻 **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | + |💻 **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | + |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| + |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | + |🖥️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | + |🖥️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | + |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | + |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | + |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | + |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | + |💿 **drugstore** | - | ISO installer configuration | + |❔ **chaotheatre** | - | Demo config for checking out my configurtion | + |❔ **toto** | - | Helper configuration for bootstrapping a new system | ## General Nix tips & useful links diff --git a/.sops.yaml b/.sops.yaml index 4b38475..f828b47 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,16 +7,12 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - - &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d - - &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx - - &stoicclub age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm - - &belchsfactory age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6 - - &eagleland age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8 - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg - &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy + - &milkywell age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh creation_rules: - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$ @@ -25,16 +21,12 @@ creation_rules: - *swarsel age: - *winters - - *twothreetunnel - - *liliputsteps - - *stoicclub - - *belchsfactory - - *eagleland - *hintbooth - *bakery - *toto - *surface - *nbl + - *milkywell - *moonside - path_regex: secrets/repo/[^/]+$ key_groups: @@ -42,16 +34,12 @@ creation_rules: - *swarsel age: - *winters - - *twothreetunnel - - *liliputsteps - - *stoicclub - - *belchsfactory - - *eagleland - *hintbooth - *bakery - *toto - *surface - *nbl + - *milkywell - *moonside - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -59,11 +47,6 @@ creation_rules: - *swarsel age: - *nbl - - *twothreetunnel - - *liliputsteps - - *stoicclub - - *belchsfactory - - *eagleland - *hintbooth - *bakery - *toto @@ -103,19 +86,6 @@ creation_rules: age: - *moonside - - path_regex: secrets/belchsfactory/secrets.yaml - key_groups: - - pgp: - - *swarsel - age: - - *belchsfactory - - path_regex: hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *belchsfactory - - path_regex: secrets/bakery/secrets.yaml key_groups: - pgp: @@ -141,61 +111,20 @@ creation_rules: - *swarsel age: - *winters + - *moonside - - path_regex: secrets/eagleland/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - - *eagleland - - - path_regex: hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc + - *milkywell + - path_regex: hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - - *eagleland - - - - - path_regex: secrets/stoicclub/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *stoicclub - - path_regex: hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *stoicclub - - - path_regex: secrets/liliputsteps/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *liliputsteps - - path_regex: hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *liliputsteps - - - path_regex: secrets/twothreetunnel/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *twothreetunnel - - path_regex: hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *twothreetunnel + - *milkywell - path_regex: hosts/nixos/x86_64-linux/summers/secrets/ key_groups: diff --git a/SwarselSystems.org b/SwarselSystems.org index 61821f7..5dd1d8c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -24,6 +24,7 @@ I used to have two separate files (=Emacs.org= and =Nixos.org=) because the NixO This configuration is part of a NixOS system that is (nearly) fully declarative and can be found here: - [[https:github.com/Swarsel/.dotfiles][~SwarselSystems~ on github.com]] +- [[https:swagit.swarsel.win/Swarsel/.dotfiles][~SwarselSystems~ on swagit.swarsel.win]] This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning. @@ -229,26 +230,24 @@ The structure of this flake as seen many revisions, however lately I have settle Here I give a brief overview over the hostmachines that I am using. This is held in markdown so that I can render it into my GitHub README. #+begin_src markdown :tangle no :noweb-ref hosts - | Name | Hardware | Use | - |---------------------|-----------------------------------------------------|-----------------------------------------------------| - |💻 **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |💻 **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | - |💻 **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | - |🏠 **treehouse** | NVIDIA DGX Spark | AI Workstation, remote builder, hm-only-reference | - |🖥️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Homeserver (microvms), remote builder, datastorage | - |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Homeserver (IoT server in spe) | - |🖥️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | - |☁️ **stoicclub** | Cloud Server: 1 vCPUs, 8GB RAM | Authoritative dns server | - |☁️ **liliputsteps** | Cloud Server: 1 vCPUs, 8GB RAM | SSH bastion | - |☁️ **twothreetunnel**| Cloud Server: 2 vCPUs, 8GB RAM | Service proxy | - |☁️ **eagleland** | Cloud Server: 2 vCPUs, 8GB RAM | Mailserver | - |☁️ **moonside** | Cloud Server: 4 vCPUs, 24GB RAM | Gaming server, syncthing + lightweight services | - |☁️ **belchsfactory** | Cloud Server: 4 vCPUs, 24GB RAM | Hydra builder and nix binarycache | - |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | - |💿 **drugstore** | - | NixOS-installer ISO for bootstrapping new hosts | - |💿 **brickroad** | - | Kexec tarball for bootstrapping low-memory machines | - |❔ **chaotheatre** | - | Demo config for checking out this configuration | - |❔ **toto** | - | Helper configuration for testing purposes | + | Name | Hardware | Use | + |--------------------|-----------------------------------------------------|------------------------------------------------------| + |💻 **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | + |💻 **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | + |💻 **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | + |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| + |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | + |🖥️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | + |🖥️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | + |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | + |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | + |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | + |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | + |💿 **drugstore** | - | ISO installer configuration | + |❔ **chaotheatre** | - | Demo config for checking out my configurtion | + |❔ **toto** | - | Helper configuration for bootstrapping a new system | #+end_src ** Programs @@ -304,9 +303,6 @@ Here I give a brief overview over the hostmachines that I am using. This is held #+end_src ** Manual steps when setting up a new machine -:PROPERTIES: -:CUSTOM_ID: h:ed34ee4d-31f9-4d27-bc6e-ba37ee502d5a -:END: #+begin_src markdown :noweb yes :exports both :results html These steps are required when setting up a normal NixOS host: @@ -361,9 +357,6 @@ If the new machine is home-manager only, perform these steps: #+end_export ** Current issues -:PROPERTIES: -:CUSTOM_ID: h:b562adaf-536c-4267-88a5-026d8a0cda61 -:END: #+begin_src markdown :noweb yes :exports both :results html Currently, these adaptions are made to the configuration to account for bugs in upstream repos: @@ -371,30 +364,6 @@ If the new machine is home-manager only, perform these steps: <> #+end_src -#+RESULTS: -#+begin_export html -Currently, these adaptions are made to the configuration to account for bugs in upstream repos: - -- 202501102: - - flake: - - emacs-overlay: - - : version pinned because emacsclient is currently broken on latest - - niri-flake: - - currently not using the sugared version of screenshot-[,window], as it is currently broken - - home-manager: - - emacs-tramp: - - using stable version in extraPackages (broken in unstable) - - :ensure nil in emacs tramp settings to use package in extraPackages - - emacs-calfwL - - pinned to version not in nixpkgs (is in latest emacs-overlay, but that is broken) - - vesktop: - - running stable version (broken in unstable) - - batgrep: - - running stable version (broken in unstable) - - swayosd: - - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175) -#+end_export - * flake.nix :PROPERTIES: :CUSTOM_ID: h:c7588c0d-2528-485d-b2df-04d6336428d7 @@ -501,57 +470,100 @@ A short overview over each input and what it does: }; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable25_05.url = "github:NixOS/nixpkgs/nixos-25.05"; - + systems.url = "github:nix-systems/default"; + swarsel-modules.url = "github:Swarsel/swarsel-modules/main"; + swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; home-manager = { # url = "github:nix-community/home-manager"; url = "github:Swarsel/home-manager/main"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; + swarsel.url = "github:Swarsel/.dotfiles"; + emacs-overlay = { + # url = "github:nix-community/emacs-overlay"; + url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # emacs-overlay.url = "github:nix-community/emacs-overlay"; - emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; - swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; - systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; stylix.url = "github:danth/stylix"; sops-nix.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; - nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; - nixos-generators.url = "github:nix-community/nixos-generators"; - nixos-images.url = "github:Swarsel/nixos-images/main"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix"; - disko.url = "github:nix-community/disko"; + nix-on-droid = { + url = "github:nix-community/nix-on-droid/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; + nswitch-rcm-nix = { + url = "github:Swarsel/nswitch-rcm-nix"; + }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; impermanence.url = "github:nix-community/impermanence"; - zjstatus.url = "github:dj95/zjstatus"; - nix-darwin.url = "github:lnl7/nix-darwin"; - pre-commit-hooks.url = "github:cachix/git-hooks.nix"; - vbc-nix.url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main"; + zjstatus = { + url = "github:dj95/zjstatus"; + }; + # has been upstreamed + # fw-fanctrl = { + # # url = "github:TamtamHero/fw-fanctrl/packaging/nix"; + # url = "github:Swarsel/fw-fanctrl/packaging/nix"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + nix-darwin = { + url = "github:lnl7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + pre-commit-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vbc-nix = { + url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-topology.url = "github:oddlama/nix-topology"; flake-parts.url = "github:hercules-ci/flake-parts"; - devshell.url = "github:numtide/devshell"; - spicetify-nix.url = "github:Gerg-l/spicetify-nix"; - niri-flake.url = "github:sodiboo/niri-flake"; - nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; - microvm.url = "github:astro/microvm.nix"; + devshell = { + url = "github:numtide/devshell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + spicetify-nix = { + url = "github:Gerg-l/spicetify-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + microvm = { + url = "github:astro/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; treefmt-nix.url = "github:numtide/treefmt-nix"; - dns.url = "github:kirelagin/dns.nix"; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; - }; + }; outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { @@ -730,7 +742,7 @@ Concerning the =flake = _:= part: ) 4; subnetMask = lib.concatStringsSep "." (map toString octets); in - subnetMask; + subnetMask; mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) @@ -739,23 +751,6 @@ Concerning the =flake = _:= part: mkIfElse = p: yes: no: if p then yes else no; - getSubDomain = domain: - let - parts = builtins.split "\\." domain; - domainParts = builtins.filter (x: builtins.isString x && x != "") parts; - in - if builtins.length domainParts > 0 - then builtins.head domainParts - else ""; - - getBaseDomain = domain: - let - parts = builtins.split "\\." domain; - domainParts = builtins.filter (x: builtins.isString x && x != "") parts; - baseParts = builtins.tail domainParts; - in - builtins.concatStringsSep "." baseParts; - pkgsFor = lib.genAttrs (import systems) (system: import inputs.nixpkgs { inherit system; @@ -788,7 +783,7 @@ Concerning the =flake = _:= part: forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f pkgsFor.${system}); readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}"); - readNix = type: lib.filter (name: name != "default.nix" && name != "optional" && name != "darwin") (lib.attrNames (builtins.readDir "${self}/${type}")); + readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}")); mkImports = names: baseDir: lib.map (name: "${self}/${baseDir}/${name}") names; }; @@ -871,7 +866,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { inputs, ... }: + { self, inputs, ... }: { flake = { config, lib, ... }: { @@ -977,47 +972,41 @@ The rest of the outputs either define or help define the actual configurations: }; modules = [ inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-topology.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.stylix.nixosModules.stylix + inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm + # inputs.swarsel-modules.nixosModules.default + inputs.swarsel-nix.nixosModules.default + inputs.niri-flake.nixosModules.niri inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-minecraft.nixosModules.minecraft-servers - inputs.nix-topology.nixosModules.default - inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - inputs.simple-nixos-mailserver.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.stylix.nixosModules.stylix - inputs.swarsel-nix.nixosModules.default (inputs.nixos-extra-modules + "/modules/guests") - (inputs.nixos-extra-modules + "/modules/interface-naming.nix") "${self}/hosts/nixos/${arch}/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" { - _module.args.dns = inputs.dns; microvm.guest.enable = lib.mkDefault false; - networking.hostName = lib.swarselsystems.mkStrong configName; - node = { name = lib.mkForce configName; secretsDir = ../hosts/nixos/${arch}/${configName}/secrets; - lockFromBootstrapping = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true); }; swarselprofiles = { - minimal = lib.mkIf minimal (lib.swarselsystems.mkStrong true); + minimal = lib.mkIf minimal (lib.mkDefault true); }; swarselmodules.server = { - ssh = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true); + ssh = lib.mkIf (!minimal) (lib.mkDefault true); }; swarselsystems = { - mainUser = lib.swarselsystems.mkStrong "swarsel"; + mainUser = lib.mkDefault "swarsel"; }; } ]; @@ -1064,6 +1053,7 @@ The rest of the outputs either define or help define the actual configurations: }; modules = [ inputs.stylix.homeModules.stylix + inputs.niri-flake.homeModules.niri inputs.nix-index-database.homeModules.nix-index # inputs.sops-nix.homeManagerModules.sops inputs.spicetify-nix.homeManagerModules.default @@ -1589,7 +1579,7 @@ Otherwise, I define the function =mkTemplates= here which builds a named attribu } #+end_src -** Formatter (treefmt-nix) +** Formatter :PROPERTIES: :CUSTOM_ID: h:5fce36ae-715d-42d3-9ad4-46137d85083f :END: @@ -1597,50 +1587,34 @@ Otherwise, I define the function =mkTemplates= here which builds a named attribu Defines a formatter that can be called using =nix flake format=. While a nice utility, I have stronger tools to perform this job. #+begin_src nix-ts :tangle nix/formatter.nix - { inputs, ... }: - { - imports = [ - inputs.treefmt-nix.flakeModule - ]; + { inputs, ... }: + { + imports = [ + inputs.treefmt-nix.flakeModule + ]; - perSystem = { pkgs, ... }: { - # formatter = pkgs.nixpkgs-fmt; - # formatter is set by treefmt to: - # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); - treefmt = { - projectRootFile = "flake.nix"; - programs = { - nixfmt = { - enable = true; - package = pkgs.nixpkgs-fmt; - }; - deadnix.enable = true; - statix.enable = true; - shfmt = { - enable = true; - indent_size = 4; - simplify = true; - # needed to replicate what my Emacs shfmt does - # there is no builtin option for space-redirects - package = pkgs.symlinkJoin { - name = "shfmt"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.shfmt ]; - postBuild = '' - wrapProgram $out/bin/shfmt \ - --add-flags '-sr' - ''; - }; - }; - shellcheck.enable = true; - }; - settings.formatter.shellcheck.options = [ - "--shell" - "bash" - ]; + perSystem = { pkgs, ... }: { + # formatter = pkgs.nixpkgs-fmt; + # formatter is set by treefmt to: + # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); + treefmt = { + projectRootFile = "flake.nix"; + programs = { + nixfmt = { + enable = true; + package = pkgs.nixpkgs-fmt; }; + deadnix.enable = true; + statix.enable = true; + shellcheck.enable = true; }; - } + settings.formatter.shellcheck.options = [ + "--shell" + "bash" + ]; + }; + }; + } #+end_src ** TODO Modules @@ -1828,9 +1802,7 @@ On the structure of overlays: as you notice, all of the attributes within overla // (inputs.nur.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev) // (inputs.nix-topology.overlays.default final prev) - // (inputs.nix-index-database.overlays.nix-index final prev) // (inputs.nixgl.overlay final prev) - // (inputs.nix-minecraft.overlay final prev) // (inputs.nixos-extra-modules.overlays.default final prev) ) (modifications final prev); @@ -1854,32 +1826,19 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat { perSystem = { pkgs, system, ... }: { - packages = { - # nix build --print-out-paths --no-link .#live-iso - live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs; - specialArgs = { inherit self; }; - modules = [ - inputs.home-manager.nixosModules.home-manager - "${self}/install/installer-config.nix" - ]; - format = - { - x86_64-linux = "install-iso"; - aarch64-linux = "sd-aarch64-installer"; - }.${system}; - }; - - # nix build --print-out-paths --no-link .#pnap-kexec --system - swarsel-kexec = (inputs.smallpkgs.legacyPackages.${system}.nixos [ + # nix build --print-out-paths --no-link .#images..live-iso + packages.live-iso = inputs.nixos-generators.nixosGenerate { + inherit pkgs; + specialArgs = { inherit self; }; + modules = [ + inputs.home-manager.nixosModules.home-manager + "${self}/install/installer-config.nix" + ]; + format = { - imports = [ "${self}/install/kexec.nix" ]; - _file = __curPos.file; - system.kexec-installer.name = "swarsel-kexec"; - } - inputs.nixos-images.nixosModules.kexec-installer - ]).config.system.build.kexecInstallerTarball; - + x86_64-linux = "install-iso"; + aarch64-linux = "sd-aarch64-installer"; + }.${system}; }; }; } @@ -2165,17 +2124,16 @@ My work machine. Built for more security, this is the gold standard of my config ./disk-config.nix ./hardware-configuration.nix - "${self}/modules/nixos/optional/amdcpu.nix" - "${self}/modules/nixos/optional/amdgpu.nix" - "${self}/modules/nixos/optional/framework.nix" - "${self}/modules/nixos/optional/gaming.nix" - "${self}/modules/nixos/optional/hibernation.nix" - "${self}/modules/nixos/optional/nswitch-rcm.nix" - "${self}/modules/nixos/optional/virtualbox.nix" - "${self}/modules/nixos/optional/work.nix" - ]; + swarselmodules = { + optional = { + amdcpu = true; + amdgpu = true; + hibernation = true; + }; + }; + swarselsystems = { lowResolution = "1280x800"; highResolution = "2560x1600"; @@ -2223,6 +2181,10 @@ My work machine. Built for more security, this is the gold standard of my config } // lib.optionalAttrs (!minimal) { swarselprofiles = { personal = true; + optionals = true; + work = true; + uni = true; + framework = true; }; } @@ -2420,10 +2382,6 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se ./disk-config.nix ./hardware-configuration.nix - "${self}/modules/nixos/optional/gaming.nix" - "${self}/modules/nixos/optional/nswitch-rcm.nix" - "${self}/modules/nixos/optional/virtualbox.nix" - ]; swarselsystems = { @@ -2445,6 +2403,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se isSwap = true; rootDisk = "/dev/nvme0n1"; swapSize = "4G"; + hostName = config.node.name; }; home-manager.users."${primaryUser}" = { @@ -2670,28 +2629,13 @@ This is my main server that I run at home. It handles most tasks that require bi isBtrfs = false; isLinux = true; isNixos = true; - proxyHost = "moonside"; - server = { - restic = { - bucketName = "SwarselWinters"; - paths = [ - "/Vault/data/paperless" - "/Vault/data/koillection" - "/Vault/data/postgresql" - "/Vault/data/firefly-iii" - "/Vault/data/radicale" - "/Vault/data/matrix-synapse" - "/Vault/Eternor/Paperless" - "/Vault/Eternor/Bilder" - "/Vault/Eternor/Immich" - ]; - }; - garage = { - data_dir = { + server.garage = { + data_dir = [ + { capacity = "200G"; - path = "/Vault/data/garage/data"; - }; - }; + path = "/Vault/data/garage/main"; + } + ]; }; }; @@ -2791,23 +2735,15 @@ This is my main server that I run at home. It handles most tasks that require bi } #+end_src **** Summers (Server: ASUS Z10PA-D8) -:PROPERTIES: -:CUSTOM_ID: h:82bf7fb1-631b-4acd-966b-d0c71a9eb463 -:END: ***** Main Configuration -:PROPERTIES: -:CUSTOM_ID: h:dc2233df-cd78-43cc-bb45-57568a83fb24 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { self, inputs, lib, config, minimal, nodes, globals, ... }: + { inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ ./hardware-configuration.nix ./disk-config.nix - - "${self}/modules/nixos/optional/microvm-host.nix" ]; boot = { @@ -2834,6 +2770,9 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules = { + optional = { + microvmHost = true; + }; server = { diskEncryption = lib.mkForce false; # TODO: disable nfs = false; @@ -2903,9 +2842,6 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src ***** hardware-configuration -:PROPERTIES: -:CUSTOM_ID: h:394b1f22-a61b-41da-9fe7-7625f164ed57 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/hardware-configuration.nix { config, lib, modulesPath, ... }: @@ -2937,9 +2873,6 @@ This is my main server that I run at home. It handles most tasks that require bi } #+end_src ***** disko -:PROPERTIES: -:CUSTOM_ID: h:664b45fd-bd7e-4fff-bfc5-29f7a0657be6 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/disk-config.nix { lib, config, ... }: @@ -3062,19 +2995,10 @@ This is my main server that I run at home. It handles most tasks that require bi } #+end_src ***** Guests -:PROPERTIES: -:CUSTOM_ID: h:5e571d89-6590-4aa4-a5f4-5c871683d09b -:END: ****** Guest 1 -:PROPERTIES: -:CUSTOM_ID: h:b9af4b1c-f35a-48a5-afa7-030c2be9c808 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix - { self,lib, minimal, ... }: + { lib, minimal, ... }: { - imports = [ - "${self}/modules/nixos/optional/microvm-guest.nix" - ]; swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; @@ -3086,6 +3010,12 @@ This is my main server that I run at home. It handles most tasks that require bi server = false; }; + swarselmodules = { + optional = { + microvmGuest = false; + }; + }; + microvm = { mem = 1024 * 4; vcpu = 2; @@ -3096,14 +3026,8 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src **** Hintbooth (Router: HUNSN RM02) -:PROPERTIES: -:CUSTOM_ID: h:58c7563e-6954-42e6-a622-9d06523e8e24 -:END: ***** Main Configuration -:PROPERTIES: -:CUSTOM_ID: h:624b3c6a-6e31-4734-a6ea-7c5b461a3429 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/default.nix { lib, minimal, ... }: { @@ -3145,9 +3069,6 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src ***** hardware-configuration -:PROPERTIES: -:CUSTOM_ID: h:b4a0b41c-52eb-4f0b-ba0b-64036c52e594 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix { config, lib, modulesPath, ... }: @@ -3175,9 +3096,6 @@ This is my main server that I run at home. It handles most tasks that require bi } #+end_src ***** disko -:PROPERTIES: -:CUSTOM_ID: h:1500fb57-334b-4f1b-92de-566ea07924d1 -:END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/disk-config.nix { lib, config, ... }: @@ -3390,12 +3308,9 @@ My phone. I use only a minimal config for remote debugging here. #+end_src **** Treehouse (DGX Spark) -:PROPERTIES: -:CUSTOM_ID: h:ced1795a-9884-4277-bcde-6f7b9b1cc2f0 -:END: #+begin_src nix-ts :tangle hosts/home/aarch64-linux/treehouse/default.nix - { self, pkgs, ... }: + { self, ... }: { imports = [ @@ -3413,15 +3328,11 @@ My phone. I use only a minimal config for remote debugging here. }; }; - home.packages = with pkgs; [ - attic-client - ]; # programs.zsh.initContent = " # export GPG_TTY=\"$(tty)\" # export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) # gpgconf --launch gpg-agent # "; - swarselmodules.pii = true; swarselsystems = { isLaptop = false; @@ -3475,6 +3386,7 @@ This machine mainly acts as my proxy server to stand before my local machines. sops = { age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; wireguard-home-preshared-key = { inherit sopsFile; }; @@ -3601,16 +3513,9 @@ This machine mainly acts as my proxy server to stand before my local machines. isBtrfs = true; isNixos = true; isLinux = true; - server = { - restic = { - bucketName = "SwarselMoonside"; - paths = [ - "/persist/opt/minecraft" - ]; - }; - }; syncthing = { serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; } // lib.optionalAttrs (!minimal) { @@ -3625,8 +3530,6 @@ This machine mainly acts as my proxy server to stand before my local machines. shlink = true; slink = true; syncthing = true; - minecraft = true; - restic = true; diskEncryption = lib.mkForce false; }; } @@ -3785,1005 +3688,6 @@ This machine mainly acts as my proxy server to stand before my local machines. } -#+end_src -**** Belchsfactory (OCI) -:PROPERTIES: -:CUSTOM_ID: h:90457194-6b97-4cd6-90bc-4f42d0d69f51 -:END: - -***** Main Configuration -:PROPERTIES: -:CUSTOM_ID: h:cb78799c-d47a-43d4-88ad-d32fcc0abd0b -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/belchsfactory/default.nix - { self, lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - node.lockFromBootstrapping = lib.mkForce false; - - topology.self = { - icon = "devices.cloud-server"; - }; - swarselmodules.server.nginx = false; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - server = { - garage = { - data_dir = { - capacity = "150G"; - path = "/var/lib/garage/data"; - }; - keys = { - nixos = [ - "attic" - ]; - }; - buckets = [ - "attic" - ]; - }; - }; - }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - ssh-builder = lib.mkDefault true; - postgresql = lib.mkDefault true; - attic = lib.mkDefault true; - garage = lib.mkDefault true; - }; - - } - -#+end_src -***** hardware-configuration -:PROPERTIES: -:CUSTOM_ID: h:e9e29520-5800-4756-ad13-1ec9747ab911 -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/belchsfactory/hardware-configuration.nix - { lib, modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; - } -#+end_src -***** disko -:PROPERTIES: -:CUSTOM_ID: h:19a83f57-9e7a-44b9-ae7f-2f021f21abf7 -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/belchsfactory/disk-config.nix - { lib, pkgs, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } - -#+end_src -**** Stoicclub (OCI) - -***** Main Configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/stoicclub/default.nix - { self, lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - swarselmodules.server.nginx = false; - - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 1 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-360e1a5236f034316a10a97cc703ce9e3"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - isBastionTarget = true; - }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nsd = true; - nginx = false; - }; - } - -#+end_src -***** hardware-configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/stoicclub/hardware-configuration.nix - { lib, modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; - } -#+end_src -***** disko - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/stoicclub/disk-config.nix - { lib, pkgs, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } - -#+end_src -**** Liliputsteps (OCI) - -***** Main Configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/liliputsteps/default.nix - { self, lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 1 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-360fb180663ec4f2793a763a087d46885"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - mainUser = "jump"; - }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nginx = false; - bastion = true; - # ssh = false; - }; - - # users.users.swarsel.enable = lib.mkForce false; - # home-manager.users.swarsel.enable = lib.mkForce false - } - -#+end_src -***** hardware-configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/liliputsteps/hardware-configuration.nix - { lib, modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; - } -#+end_src -***** disko - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/liliputsteps/disk-config.nix - { lib, pkgs, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } - -#+end_src -**** Twothreetunnel (OCI) - -***** Main Configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/twothreetunnel/default.nix - { self, lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 2 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-3608deb9b0d4244de95c6620086ff740d"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nginx = false; - }; - - } - -#+end_src -***** hardware-configuration - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/twothreetunnel/hardware-configuration.nix - { lib, modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; - } -#+end_src -***** disko - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/twothreetunnel/disk-config.nix - { lib, pkgs, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } - -#+end_src -**** Eagleland (Hetzner) -:PROPERTIES: -:CUSTOM_ID: h:81bc8746-b46b-4d29-87de-ddbd77788b43 -:END: - -***** Main Configuration -:PROPERTIES: -:CUSTOM_ID: h:96540b9c-1610-45f2-ba19-916051ab5e10 -:END: - -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/eagleland/default.nix - { self, lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "2vCPU, 4GB Ram"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isCloud = true; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - proxyHost = "eagleland"; - }; - } // lib.optionalAttrs (!minimal) { - - swarselmodules.server.mailserver = true; - - swarselprofiles = { - server = true; - }; - - } - -#+end_src -***** hardware-configuration -:PROPERTIES: -:CUSTOM_ID: h:44c29a70-d5fc-49c1-b02e-a5cd2ec6119b -:END: - -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/eagleland/hardware-configuration.nix - { lib, modulesPath, ... }: - - { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - initrd = { - availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - } - -#+end_src -***** disko -:PROPERTIES: -:CUSTOM_ID: h:5c77e384-fdae-4994-bce3-ca736722529c -:END: - -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/eagleland/disk-config.nix - { lib, pkgs, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } #+end_src *** Utility hosts :PROPERTIES: @@ -5163,111 +4067,6 @@ TODO: cleanup this mess #+end_src -**** Brick Road (kexec image) -:PROPERTIES: -:CUSTOM_ID: h:e9fe580c-f1b2-4d7b-aaff-bbdf89a8c9f9 -:END: - -#+begin_src nix-ts :tangle install/kexec.nix - { lib, pkgs, modulesPath, options, ... }: - { - disabledModules = [ - # This module adds values to multiple lists (systemPackages, supportedFilesystems) - # which are impossible/unpractical to remove, so we disable the entire module. - "profiles/base.nix" - ]; - - imports = [ - # reduce closure size by removing perl - "${modulesPath}/profiles/perlless.nix" - # FIXME: we still are left with nixos-generate-config due to nixos-install-tools - { system.forbiddenDependenciesRegexes = lib.mkForce [ ]; } - ]; - - config = { - networking.hostName = "brickroad"; - - system = { - # nixos-option is mainly useful for interactive installations - tools.nixos-option.enable = false; - # among others, this prevents carrying a stdenv with gcc in the image - extraDependencies = lib.mkForce [ ]; - }; - # prevents shipping nixpkgs, unnecessary if system is evaluated externally - nix.registry = lib.mkForce { }; - - # would pull in nano - programs.nano.enable = false; - - # prevents strace - environment = { - defaultPackages = lib.mkForce [ - pkgs.parted - pkgs.gptfdisk - pkgs.e2fsprogs - ]; - - systemPackages = with pkgs; [ - cryptsetup.bin - ]; - - # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs. - ldso32 = null; - }; - - # included in systemd anyway - systemd.sysusers.enable = true; - - # normal users are not allowed with sys-users - # see https://github.com/NixOS/nixpkgs/pull/328926 - users.users.nixos = { - isSystemUser = true; - isNormalUser = lib.mkForce false; - shell = "/run/current-system/sw/bin/bash"; - group = "nixos"; - }; - users.groups.nixos = { }; - - security = { - # we have still run0 from systemd and most of the time we just use root - sudo.enable = false; - polkit.enable = lib.mkForce false; - # introduces x11 dependencies - pam.services.su.forwardXAuth = lib.mkForce false; - }; - - documentation = { - enable = false; - man.enable = false; - nixos.enable = false; - info.enable = false; - doc.enable = false; - }; - - services = { - # no dependency on x11 - dbus.implementation = "broker"; - # we prefer root as this is also what we use in nixos-anywhere - getty.autologinUser = lib.mkForce "root"; - # included in systemd anyway - userborn.enable = false; - }; - - - - # we are missing this from base.nix - boot.supportedFilesystems = [ - "ext4" - "btrfs" - "xfs" - ]; - } // lib.optionalAttrs (options.hardware ? firmwareCompression) { - hardware.firmwareCompression = "xz"; - }; - } - -#+end_src - **** Hotel (Demo Physical/VM) :PROPERTIES: :CUSTOM_ID: h:e1498bef-ec67-483d-bf02-76264e30be8e @@ -5591,11 +4390,6 @@ in "nginx" "virtualHosts" ] - [ - "swarselsystems" - "server" - "dns" - ] ]; attrsForEachOption = @@ -5716,8 +4510,7 @@ in if netSubmod.config.cidrv6 == null then null else - # if we use the /32 wan address as local address directly, do not use the network address in ipv6 - lib.net.cidr.hostCidr (if hostSubmod.config.id == 0 then 1 else hostSubmod.config.id) netSubmod.config.cidrv6; + lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6; }; }; }) @@ -5749,31 +4542,13 @@ in services = mkOption { type = types.attrsOf ( - types.submodule (serviceSubmod: { + types.submodule { options = { domain = mkOption { type = types.str; }; - subDomain = mkOption { - readOnly = true; - type = types.str; - default = lib.swarselsystems.getSubDomain serviceSubmod.config.domain; - }; - baseDomain = mkOption { - readOnly = true; - type = types.str; - default = lib.swarselsystems.getBaseDomain serviceSubmod.config.domain; - }; - proxyAddress4 = mkOption { - type = types.nullOr types.str; - default = null; - }; - proxyAddress6 = mkOption { - type = types.nullOr types.str; - default = null; - }; }; - }) + } ); }; @@ -5816,12 +4591,6 @@ in defaultGateway6 = mkOption { type = types.nullOr types.net.ipv6; }; - wanAddress4 = mkOption { - type = types.nullOr types.net.ipv4; - }; - wanAddress6 = mkOption { - type = types.nullOr types.net.ipv6; - }; }; } ); @@ -5831,10 +4600,6 @@ in main = mkOption { type = types.str; }; - externalDns = mkOption { - type = types.listOf types.str; - description = "List of external dns nameservers"; - }; }; }; }; @@ -5870,10 +4635,6 @@ in description = "Node Name."; type = lib.types.str; }; - lockFromBootstrapping = lib.mkOption { - description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap."; - type = lib.types.bool; - }; }; }; } @@ -5911,8 +4672,7 @@ in github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; - github-forge-token = { owner = mainUser; }; - }) // (lib.optionalAttrs (modules ? optional-work) { + }) // (lib.optionalAttrs modules.optional.work { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; @@ -5953,7 +4713,7 @@ in }; } #+end_src -**** General NixOS settings (nix config, stateVersion) +**** General NixOS settings (nix, stateVersion) :PROPERTIES: :CUSTOM_ID: h:24c9146f-2147-4fd5-bafc-d5853e15cf12 :END: @@ -5986,149 +4746,136 @@ A breakdown of the flags being set: - nix.nixPath: Basically the same as =nix.registry=, but for the legacy nix commands #+begin_src nix-ts :tangle modules/nixos/common/settings.nix - { self, lib, pkgs, config, outputs, inputs, minimal, globals, ... }: - let - inherit (config.swarselsystems) mainUser; - inherit (config.repo.secrets.common) atticPublicKey; - settings = if minimal then { } else { - environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" '' - assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false; - { } - ''; + { self, lib, pkgs, config, outputs, inputs, minimal, ... }: + let + settings = if minimal then { } else { + environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" '' + assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false; + { } + ''; - nix = - let - flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; - in - { - settings = { - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - flake-registry = ""; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf config.swarselsystems.isLinux true; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 10d"; - }; - optimise = { - automatic = true; - dates = "weekly"; - }; - channel.enable = false; - registry = rec { - nixpkgs.flake = inputs.nixpkgs; - # swarsel.flake = inputs.swarsel; - swarsel.flake = self; - n = nixpkgs; - s = swarsel; - }; - nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; - }; + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + { + settings = { + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + flake-registry = ""; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; + optimise = { + automatic = true; + dates = "weekly"; + }; + channel.enable = false; + registry = rec { + nixpkgs.flake = inputs.nixpkgs; + swarsel.flake = inputs.swarsel; + n = nixpkgs; + s = swarsel; + }; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; - services.dbus.implementation = "broker"; + services.dbus.implementation = "broker"; - systemd.services.nix-daemon = { - environment.TMPDIR = "/var/tmp"; - }; + systemd.services.nix-daemon = { + environment.TMPDIR = "/var/tmp"; + }; - }; - in - { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselmodules.general - (lib.recursiveUpdate - { - sops.secrets = lib.mkIf (!minimal) { - github-api-token = { owner = mainUser; }; - }; + }; + in + { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general + (lib.recursiveUpdate + { + sops.secrets.github-api-token = lib.mkIf (!minimal) { + sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; + }; - nix = - let - nix-version = "2_30"; - in - { - package = pkgs.nixVersions."nix_${nix-version}"; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - substituters = [ - "https://${globals.services.attic.domain}/${mainUser}" - ]; - trusted-public-keys = [ - atticPublicKey - ]; - trusted-users = [ - "@wheel" - "${config.swarselsystems.mainUser}" - (lib.mkIf config.swarselmodules.server.ssh-builder "builder") - ]; - }; - # extraOptions = '' - # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins - # extra-builtins-file = ${self + /nix/extra-builtins.nix} - # '' + lib.optionalString (!minimal) '' - # !include ${config.sops.secrets.github-api-token.path} - # ''; - # extraOptions = '' - # plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { - # buildInputs = [config.nix.package pkgs.boost]; - # patches = o.patches or []; - # })}/lib/nix/plugins - # extra-builtins-file = ${self + /nix/extra-builtins.nix} - # ''; + nix = + let + nix-version = "2_30"; + in + { + package = pkgs.nixVersions."nix_${nix-version}"; + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; + }; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${self + /nix/extra-builtins.nix} + # '' + lib.optionalString (!minimal) '' + # !include ${config.sops.secrets.github-api-token.path} + # ''; + # extraOptions = '' + # plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { + # buildInputs = [config.nix.package pkgs.boost]; + # patches = o.patches or []; + # })}/lib/nix/plugins + # extra-builtins-file = ${self + /nix/extra-builtins.nix} + # ''; - extraOptions = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - '' - plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - '' + lib.optionalString (!minimal) '' - !include ${config.sops.secrets.github-api-token.path} - ''; - }; + extraOptions = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + '' + plugin-files = ${nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + '' + lib.optionalString (!minimal) '' + !include ${config.sops.secrets.github-api-token.path} + ''; + }; - system.stateVersion = lib.mkDefault "23.05"; + system.stateVersion = lib.mkDefault "23.05"; - nixpkgs = { - overlays = [ - outputs.overlays.default - (final: prev: - let - additions = final: _: import "${self}/pkgs/config" { - inherit self config lib; - pkgs = final; - homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; - }; - in - additions final prev - ) - ]; - config = { - allowUnfree = true; - }; - }; + nixpkgs = { + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; + }; + in + additions final prev + ) + ]; + config = { + allowUnfree = true; + }; + }; - } - settings); - } + } + settings); + } #+end_src **** Setup home-manager base @@ -6153,6 +4900,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops inputs.spicetify-nix.homeManagerModules.default + # inputs.swarsel-modules.homeModules.default inputs.swarsel-nix.homeModules.default { imports = [ @@ -6191,11 +4939,14 @@ In case of using a fully setup system, this makes also sure that no further user For that reason, make sure that =sops-nix= is properly working before finishing the minimal setup, otherwise we might lose user access. The bootstrapping script takes care of this. #+begin_src nix-ts :tangle modules/nixos/common/users.nix - { pkgs, config, lib, globals, minimal, ... }: + { self, pkgs, config, lib, globals, minimal, ... }: + let + sopsFile = self + /secrets/general/secrets.yaml; + in { options.swarselmodules.users = lib.mkEnableOption "user config"; config = lib.mkIf config.swarselmodules.users { - sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; + sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { mutableUsers = lib.mkIf (!minimal) false; @@ -6507,7 +5258,6 @@ Normally, doing that also resets the lecture that happens on the first use of =s hideMounts = true; directories = [ - "/root/.dotfiles" "/etc/nix" "/etc/NetworkManager/system-connections" "/var/lib/nixos" @@ -6563,106 +5313,102 @@ This section is for setting things that should be used on hosts that are using t Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in [[#h:893a7f33-7715-415b-a895-2687ded31c18][Installed packages]]. #+begin_src nix-ts :tangle modules/nixos/client/packages.nix - { lib, config, pkgs, minimal, ... }: - { - options.swarselmodules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselmodules.packages { + { lib, config, pkgs, minimal, ... }: + { + options.swarselmodules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselmodules.packages { - environment.systemPackages = with pkgs; lib.optionals (!minimal) [ - # yubikey packages - gnupg - yubikey-personalization - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-touch-detector - yubico-piv-tool - cfssl - pcsc-tools - pcscliteWithPolkit.out + environment.systemPackages = with pkgs; lib.optionals (!minimal) [ + # yubikey packages + gnupg + yubikey-personalization + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-touch-detector + yubico-piv-tool + cfssl + pcsc-tools + pcscliteWithPolkit.out - # ledger packages - ledger-live-desktop + # ledger packages + ledger-live-desktop - # pinentry - dbus - # swaylock-effects - syncthingtray-minimal - swayosd + # pinentry + dbus + # swaylock-effects + syncthingtray-minimal + swayosd - # secure boot - sbctl + # secure boot + sbctl - libsForQt5.qt5.qtwayland + libsForQt5.qt5.qtwayland - # do not do this! clashes with the flake - # nix-index + # nix package database + nix-index + nixos-generators - nixos-generators + # commit hooks + pre-commit - # commit hooks - pre-commit + # proc info + acpi - # proc info - acpi + # pci info + pciutils + usbutils - # pci info - pciutils - usbutils + # better make for general tasks + just - # better make for general tasks - just - # sops - ssh-to-age - sops + # keyboards + qmk + vial + via - # keyboards - qmk - vial - via + # theme related + adwaita-icon-theme - # theme related - adwaita-icon-theme + # kde-connect + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr - # kde-connect - xdg-desktop-portal - xdg-desktop-portal-gtk - xdg-desktop-portal-wlr + # bluetooth + bluez + ghostscript_headless + wireguard-tools + nixd + zig + zls - # bluetooth - bluez - ghostscript_headless - wireguard-tools - nixd - zig - zls + elk-to-svg - elk-to-svg + ] ++ lib.optionals minimal [ + networkmanager + curl + git + gnupg + rsync + ssh-to-age + sops + vim + just + sbctl + ]; - ] ++ lib.optionals minimal [ - networkmanager - curl - git - gnupg - rsync - ssh-to-age - sops - vim - just - sbctl - ]; - - nixpkgs.config.permittedInsecurePackages = lib.mkIf (!minimal) [ - "jitsi-meet-1.0.8043" - "electron-29.4.6" - "SDL_ttf-2.0.11" - # audacity? - "mbedtls-2.28.10" - # "qtwebengine-5.15.19" - ]; - }; - } + nixpkgs.config.permittedInsecurePackages = lib.mkIf (!minimal) [ + "jitsi-meet-1.0.8043" + "electron-29.4.6" + "SDL_ttf-2.0.11" + # audacity? + "mbedtls-2.28.10" + # "qtwebengine-5.15.19" + ]; + }; + } #+end_src **** Environment setup @@ -6869,7 +5615,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix-ts :tangle modules/nixos/client/network.nix - { self, lib, pkgs, config, globals, ... }: + { self, lib, pkgs, config, ... }: let certsSopsFile = self + /secrets/certs/secrets.yaml; clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; @@ -6921,7 +5667,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the networking = { inherit (config.swarselsystems) hostName; hosts = { - "${globals.networks.home-lan.hosts.winters.ipv4}" = [ globals.services.transmission.domain ]; + "192.168.178.24" = [ "store.swarsel.win" ]; }; wireless.iwd = { enable = true; @@ -7194,8 +5940,9 @@ I use sops-nix to handle secrets that I want to have available on my machines at sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; - age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; + age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; + defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; validateSopsFiles = false; @@ -7204,96 +5951,6 @@ I use sops-nix to handle secrets that I want to have available on my machines at } #+end_src -**** Remote building - -#+begin_src nix-ts :tangle modules/nixos/client/remotebuild.nix - { lib, config, globals, ... }: - let - inherit (config.swarselsystems) homeDir mainUser isClient; - in - { - options.swarselmodules.remotebuild = lib.mkEnableOption "enable remote builds on this machine"; - config = lib.mkIf config.swarselmodules.remotebuild { - - sops.secrets = { - builder-key = lib.mkIf isClient { owner = mainUser; path = "${homeDir}/.ssh/builder"; mode = "0600"; }; - nixbuild-net-key = { owner = mainUser; path = "${homeDir}/.ssh/nixbuild-net"; mode = "0600"; }; - }; - - nix = { - settings.builders-use-substitutes = true; - distributedBuilds = true; - buildMachines = [ - (lib.mkIf isClient { - hostName = config.repo.secrets.common.builder1-ip; - system = "aarch64-linux"; - maxJobs = 20; - speedFactor = 10; - }) - (lib.mkIf isClient { - hostName = globals.hosts.belchsfactory.wanAddress4; - system = "aarch64-linux"; - maxJobs = 4; - speedFactor = 2; - protocol = "ssh-ng"; - }) - { - hostName = "eu.nixbuild.net"; - system = "x86_64-linux"; - maxJobs = 100; - speedFactor = 2; - supportedFeatures = [ "big-parallel" ]; - } - ]; - }; - programs.ssh = { - knownHosts = { - nixbuild = { - hostNames = [ "eu.nixbuild.net" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; - }; - builder1 = lib.mkIf isClient { - hostNames = [ config.repo.secrets.common.builder1-ip ]; - publicKey = config.repo.secrets.common.builder1-pubHostKey; - }; - jump = lib.mkIf isClient { - hostNames = [ globals.hosts.liliputsteps.wanAddress4 ]; - publicKey = config.repo.secrets.common.jump-pubHostKey; - }; - builder2 = lib.mkIf isClient { - hostNames = [ globals.hosts.belchsfactory.wanAddress4 ]; - publicKey = config.repo.secrets.common.builder2-pubHostKey; - }; - }; - extraConfig = '' - Host eu.nixbuild.net - ConnectTimeout 1 - PubkeyAcceptedKeyTypes ssh-ed25519 - ServerAliveInterval 60 - IPQoS throughput - IdentityFile ${config.sops.secrets.nixbuild-net-key.path} - '' + lib.optionalString isClient '' - Host ${config.repo.secrets.common.builder1-ip} - ConnectTimeout 1 - User ${mainUser} - IdentityFile ${config.sops.secrets.builder-key.path} - - Host ${globals.hosts.belchsfactory.wanAddress4} - ConnectTimeout 5 - ProxyJump ${globals.hosts.liliputsteps.wanAddress4} - User builder - IdentityFile ${config.sops.secrets.builder-key.path} - - Host ${globals.hosts.liliputsteps.wanAddress4} - ConnectTimeout 1 - User jump - IdentityFile ${config.sops.secrets.builder-key.path} - ''; - }; - }; - } -#+end_src - **** Theme (stylix) :PROPERTIES: :CUSTOM_ID: h:e6e44705-94af-49fe-9ca0-0629d0f7d932 @@ -8190,7 +6847,7 @@ Auto login for the initial session. comment = "Sway compositor managed by UWSM"; binPath = "/run/current-system/sw/bin/sway"; }; - niri = lib.mkIf (config.swarselmodules ? niri) { + niri = { prettyName = "Niri"; comment = "Niri compositor managed by UWSM"; binPath = "/run/current-system/sw/bin/niri-session"; @@ -8201,6 +6858,45 @@ Auto login for the initial session. } #+end_src +**** Niri +:PROPERTIES: +:CUSTOM_ID: h:58162d08-3ded-441d-861e-2ebf30e32538 +:END: + +Auto login for the initial session. + +#+begin_src nix-ts :tangle modules/nixos/client/niri.nix + { lib, config, pkgs, ... }: + let + moduleName = "niri"; + in + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; + config = lib.mkIf config.swarselmodules.${moduleName} { + + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; + + + programs.niri = { + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used + }; + } // { + niri-flake.cache.enable = true; + programs.niri = { + package = null; + }; + }; + } +#+end_src + *** Server :PROPERTIES: :CUSTOM_ID: h:e492c24a-83a0-4bcb-a084-706f49318651 @@ -8288,6 +6984,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in config = lib.mkIf config.swarselmodules.server.packages { environment.systemPackages = with pkgs; [ gnupg + nix-index nvd nix-output-monitor ssh-to-age @@ -8373,7 +7070,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix-ts :tangle modules/nixos/server/nginx.nix { pkgs, lib, config, ... }: let - inherit (config.repo.secrets.common) dnsProvider dnsBase; + inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; serviceUser = "nginx"; @@ -8436,12 +7133,9 @@ Here we just define some aliases for rebuilding the system, and we allow some in ]; sops = { - secrets = { - acme-dns-token = { inherit (config.swarselsystems) sopsFile; }; - }; + secrets.acme-dns-token = { inherit (config.swarselsystems) sopsFile; }; templates."certs.secret".content = '' - ACME_DNS_API_BASE=${dnsBase} - ACME_DNS_STORAGE_PATH=${config.sops.placeholder.acme-dns-token} + CF_DNS_API_TOKEN=${config.sops.placeholder.acme-dns-token} ''; }; @@ -8461,7 +7155,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - directories = [ { directory = "/var/lib/acme"; } ]; files = [ dhParamsPathBase ]; }; @@ -8486,52 +7179,28 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; }; - systemd.services.generateDHParams = { - before = [ "nginx.service" ]; - requiredBy = [ "nginx.service" ]; - after = [ "local-fs.target" ]; - requires = [ "local-fs.target" ]; - serviceConfig = { - Type = "oneshot"; - }; - - script = '' - set -eu - - install -d -m 0755 ${sslBasePath} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - - if [ ! -f "${dhParamsPath}" ]; then - ${pkgs.openssl}/bin/openssl dhparam -out "${dhParamsPath}" 4096 - chmod 0644 "${dhParamsPath}" - chown ${serviceUser}:${serviceGroup} "${dhParamsPath}" - else - echo 'Already generated DHParams' - fi - ''; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu - # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - # deps = [ "generateDHParams" "users" "groups" ]; - # }; - # system.activationScripts."generateDHParams" = - # { - # text = '' - # set -eu + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else "${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}"} - - # if [ ! -f "${dhParamsPath}" ]; then - # ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 - # chmod 0644 ${dhParamsPath} - # chown ${serviceUser}:${serviceGroup} ${dhParamsPath} - # fi - # ''; - # deps = [ - # (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - # (lib.mkIf (!config.swarselsystems.isImpermanence) "etc") - # ]; - # }; + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } #+end_src @@ -8555,10 +7224,6 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "yes"; - AllowUsers = [ - "root" - config.swarselsystems.mainUser - ]; }; hostKeys = [ { @@ -8570,12 +7235,10 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [ (self + /secrets/keys/ssh/yubikey.pub) (self + /secrets/keys/ssh/magicant.pub) - # (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub)) ]; users.users.root.openssh.authorizedKeys.keyFiles = [ (self + /secrets/keys/ssh/yubikey.pub) (self + /secrets/keys/ssh/magicant.pub) - # (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub)) ]; security.sudo.extraConfig = '' Defaults env_keep+=SSH_AUTH_SOCK @@ -8584,165 +7247,26 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t } #+end_src -**** Bastion - -#+begin_src nix-ts :tangle modules/nixos/server/bastion.nix - { self, lib, config, ... }: - { - options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server"; - config = lib.mkIf config.swarselmodules.server.bastion { - - users = { - groups = { - jump = { }; - }; - users = { - "jump" = { - isNormalUser = true; - useDefaultShell = true; - group = lib.mkForce "jump"; - createHome = lib.mkForce true; - openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - (self + /secrets/keys/ssh/builder.pub) - ]; - }; - }; - }; - - - services.openssh = { - enable = true; - startWhenNeeded = lib.mkForce false; - authorizedKeysInHomedir = false; - extraConfig = '' - Match User jump - PermitTTY no - X11Forwarding no - PermitTunnel no - GatewayPorts no - AllowAgentForwarding no - ''; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = lib.mkDefault "no"; - AllowUsers = [ - "jump" - ]; - }; - hostKeys = lib.mkIf (!config.swarselmodules.server.ssh) [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - - home-manager.users.jump.config = { - home.stateVersion = lib.mkDefault "23.05"; - programs.ssh = { - enable = true; - enableDefaultConfig = false; - matchBlocks = { - "*" = { - forwardAgent = false; - }; - } // config.repo.secrets.local.ssh.hosts; - }; - }; - }; - } -#+end_src - -**** ssh builder config - -Restricts access to the system by the nix build user as per https://discourse.nixos.org/t/wrapper-to-restrict-builder-access-through-ssh-worth-upstreaming/25834. - -#+begin_src nix-ts :tangle modules/nixos/server/ssh-builder.nix - { self, pkgs, lib, config, ... }: - let - ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" "; - - wrapper-dispatch-ssh-nix = pkgs.writeShellScriptBin "wrapper-dispatch-ssh-nix" '' - case $SSH_ORIGINAL_COMMAND in - "nix-daemon --stdio") - exec env NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt ${config.nix.package}/bin/nix-daemon --stdio - ;; - "nix-store --serve --write") - exec env NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt ${config.nix.package}/bin/nix-store --serve --write - ;; - ,*) - echo "Access only allowed for using the nix remote builder" 1>&2 - exit - esac - ''; - in - { - options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server"; - config = lib.mkIf config.swarselmodules.server.ssh-builder { - users = { - groups.builder = { }; - users.builder = { - useDefaultShell = true; - isSystemUser = true; - group = "builder"; - openssh.authorizedKeys.keys = [ - ''${ssh-restrict} ${builtins.readFile "${self}/secrets/keys/ssh/builder.pub"}'' - ]; - }; - }; - - }; - } -#+end_src - **** Network settings -:PROPERTIES: -:CUSTOM_ID: h:0ff3acc5-9ce8-4b22-a2e2-f6f1e69d47a5 -:END: -Generate hostId using =head -c4 /dev/urandom | od -A none -t x4= #+begin_src nix-ts :tangle modules/nixos/server/network.nix { lib, config, ... }: - let - netConfig = config.repo.secrets.local.networking; - netName = "${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}"; - in { - options = { - swarselmodules.server.network = lib.mkEnableOption "enable server network config"; - swarselsystems.server = { - localNetwork = lib.mkOption { - type = lib.types.str; - default = ""; - }; - netConfigName = lib.mkOption { - type = lib.types.str; - default = netName; - readOnly = true; - }; - }; - }; + options.swarselmodules.server.network = lib.mkEnableOption "enable server network config"; config = lib.mkIf config.swarselmodules.server.network { - swarselsystems.server.localNetwork = netConfig.localNetwork or ""; - - globals.networks.${netName}.hosts.${config.node.name} = { - inherit (netConfig.networks.${netConfig.localNetwork}) id; - mac = netConfig.networks.${netConfig.localNetwork}.mac or null; + globals.networks.home.hosts.${config.node.name} = { + inherit (config.repo.secrets.local.networking.networks.home) id; + mac = config.repo.secrets.local.networking.networks.home.mac or null; }; globals.hosts.${config.node.name} = { inherit (config.repo.secrets.local.networking) defaultGateway4; - wanAddress4 = netConfig.wanAddress4 or null; - wanAddress6 = netConfig.wanAddress6 or null; }; networking = { - inherit (netConfig) hostId; + inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; @@ -8756,9 +7280,6 @@ Generate hostId using =head -c4 /dev/urandom | od -A none -t x4= #+end_src **** Disk encryption -:PROPERTIES: -:CUSTOM_ID: h:19d829f6-580f-4e04-8776-2bfd83c3c3dd -:END: The hostkey can be generated with =ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key=. Use =lspci -v | grep -iA8 'network\|ethernet'= to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach: @@ -8785,114 +7306,86 @@ lspci -k -d 14c3:0616 | | Kernel | modules: | mt7921e | | | | | | | | | #+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, pkgs, lib, config, globals, minimal, ... }: - let - localIp = globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.${config.swarselsystems.server.netConfigName}.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + { self, pkgs, lib, config, globals, minimal, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - hostKeyPathBase = "/etc/secrets/initrd/ssh_host_ed25519_key"; - hostKeyPath = - if config.swarselsystems.isImpermanence then - "/persist/${hostKeyPathBase}" - else - "${hostKeyPathBase}"; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - options.swarselsystems.networkKernelModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; + }; - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "ensureInitrdHostkey" ]; - }; - system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { - text = '' - [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} - ''; - deps = [ - "etc" - ]; - }; + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; - environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { - files = [ hostKeyPathBase ]; - }; + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + wantedBy = [ "initrd.target" ]; + after = [ "network.target" ]; + before = [ "systemd-cryptsetup@cryptroot.service" ]; + path = [ "/bin" ]; - boot = lib.mkIf (!config.swarselsystems.isClient) { - kernelParams = lib.mkIf (!config.swarselsystems.isCloud) [ - "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" - ]; - initrd = { - availableKernelModules = config.swarselsystems.networkKernelModules; - network = { - enable = true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; # avoid hostkey changed nag - authorizedKeys = [ - ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}'' - ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}'' - ]; - hostKeys = [ hostKeyPathBase ]; - }; - # postCommands = '' - # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - # ''; - }; - systemd = { - initrdBin = with pkgs; [ - cryptsetup - ]; - # NOTE: the below does put the text into /root/.profile, but the command will not be run - # services = { - # unlock-luks = { - # wantedBy = [ "initrd.target" ]; - # after = [ "network.target" ]; - # before = [ "systemd-cryptsetup@cryptroot.service" ]; - # path = [ "/bin" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; + script = '' + echo "systemctl default" >> /root/.profile + ''; + }; + }; + }; + }; + }; + }; - # script = '' - # echo "systemctl default" >> /root/.profile - # ''; - # }; - # }; - }; - }; - }; - }; - - } -#+end_src - -**** BTRFS - -#+begin_src nix-ts :tangle modules/nixos/server/btrfs.nix - { lib, config, ... }: - { - options.swarselmodules.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselmodules.btrfs { - boot = { - supportedFilesystems = lib.mkIf config.swarselsystems.isBtrfs [ "btrfs" ]; - }; - }; - } + } #+end_src **** Router -:PROPERTIES: -:CUSTOM_ID: h:b54f2bbb-0088-46b2-957d-fd8234b772c3 -:END: #+begin_src nix-ts :tangle modules/nixos/server/router.nix { lib, config, ... }: @@ -8959,11 +7452,15 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix - { self, lib, config, pkgs, globals, dns, confLib, ... }: + { self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "kavita"; port = 8080; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 8080; + serviceName = "kavita"; + serviceUser = "kavita"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8972,10 +7469,6 @@ lspci -k -d 14c3:0616 calibre ]; - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "users" ]; }; @@ -8989,11 +7482,7 @@ lspci -k -d 14c3:0616 info = "https://${serviceDomain}"; icon = "${self}/files/topology-images/${serviceName}.png"; }; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.${serviceName} = { enable = true; @@ -9003,7 +7492,7 @@ lspci -k -d 14c3:0616 dataDir = "/Vault/data/${serviceName}"; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -9037,26 +7526,23 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/jellyfin.nix - { pkgs, lib, config, globals, dns, confLib, ... }: + { pkgs, lib, config, globals, ... }: let - inherit (confLib.gen { name = "jellyfin"; port = 8096; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 8096; + serviceName = "jellyfin"; + serviceUser = "jellyfin"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; - nixpkgs.config.packageOverrides = pkgs: { intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; }; }; - hardware.graphics = { enable = true; extraPackages = with pkgs; [ @@ -9068,11 +7554,7 @@ lspci -k -d 14c3:0616 }; topology.self.services.${serviceName}.info = "https://${serviceDomain}"; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.${serviceName} = { enable = true; @@ -9080,7 +7562,7 @@ lspci -k -d 14c3:0616 openFirewall = true; # this works only for the default ports }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -9115,18 +7597,18 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/navidrome.nix - { pkgs, config, lib, globals, dns, confLib, ... }: + { pkgs, config, lib, globals, ... }: let - inherit (confLib.gen { name = "navidrome"; port = 4040; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 4040; + serviceName = "navidrome"; + serviceUser = "navidrome"; + serviceGroup = serviceUser; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - environment.systemPackages = with pkgs; [ pciutils alsa-utils @@ -9156,10 +7638,7 @@ lspci -k -d 14c3:0616 networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.snapserver = { enable = true; @@ -9223,7 +7702,7 @@ lspci -k -d 14c3:0616 }; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -9285,9 +7764,12 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/spotifyd.nix - { lib, config, confLib, ... }: + { lib, config, ... }: let - inherit (confLib.gen { name = "spotifyd"; port = 1025; }) servicePort serviceName serviceUser serviceGroup; + servicePort = 1025; + serviceName = "spotifyd"; + serviceUser = "spotifyd"; + serviceGroup = serviceUser; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -9341,10 +7823,14 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/mpd.nix - { self, lib, config, pkgs, confLib, ... }: + { self, lib, config, pkgs, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup; + + servicePort = 3254; + serviceUser = "mpd"; + serviceGroup = serviceUser; + serviceName = "mpd"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -9439,11 +7925,10 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/postgresql.nix - { config, lib, pkgs, confLib, ... }: + { config, lib, pkgs, ... }: let - inherit (confLib.gen { name = "postgresql"; port = 3254; }) serviceName; + serviceName = "postgresql"; postgresVersion = 14; - postgresDirPrefix = if config.swarselsystems.isCloud then "/var/lib" else "/Vault/data" ; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -9452,13 +7937,9 @@ lspci -k -d 14c3:0616 ${serviceName} = { enable = true; package = pkgs."postgresql_${builtins.toString postgresVersion}"; - dataDir = "${postgresDirPrefix}/${serviceName}/${builtins.toString postgresVersion}"; + dataDir = "/Vault/data/${serviceName}/${builtins.toString postgresVersion}"; }; }; - environment.persistence."/persist".directories = lib.mkIf (config.swarselsystems.isImpermanence && config.swarselsystems.isCloud) [ - { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; } - ]; - }; } #+end_src @@ -9469,10 +7950,15 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/matrix.nix - { lib, config, pkgs, globals, dns, confLib, ... }: + { lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + + servicePort = 8008; + serviceName = "matrix"; + serviceDomain = config.repo.secrets.common.services.domains.matrix; + serviceUser = "matrix-synapse"; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -9490,11 +7976,6 @@ lspci -k -d 14c3:0616 { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter @@ -9562,10 +8043,7 @@ lspci -k -d 14c3:0616 }; }; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services = { postgresql = { @@ -9764,7 +8242,7 @@ lspci -k -d 14c3:0616 # messages out after a while. - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -9828,11 +8306,17 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/nextcloud.nix - { pkgs, lib, config, globals, dns, confLib, ... }: + { pkgs, lib, config, globals, ... }: let inherit (config.repo.secrets.local.nextcloud) adminuser; inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + + servicePort = 80; + serviceUser = "nextcloud"; + serviceGroup = serviceUser; + serviceName = "nextcloud"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; nextcloudVersion = "32"; in @@ -9840,19 +8324,13 @@ lspci -k -d 14c3:0616 options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; kanidm-nextcloud-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; }; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + + globals.services.${serviceName}.domain = serviceDomain; services = { ${serviceName} = { @@ -9880,7 +8358,7 @@ lspci -k -d 14c3:0616 }; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -9914,28 +8392,24 @@ lspci -k -d 14c3:0616 :END: #+begin_src nix-ts :tangle modules/nixos/server/immich.nix - { lib, pkgs, config, globals, dns, confLib, ... }: + { lib, pkgs, config, globals, ... }: let - inherit (confLib.gen { name = "immich"; port = 3001; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 3001; + serviceUser = "immich"; + serviceName = "immich"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; topology.self.services.${serviceName}.info = "https://${serviceDomain}"; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.${serviceName} = { enable = true; @@ -9949,9 +8423,9 @@ lspci -k -d 14c3:0616 }; }; - networking.firewall.allowedTCPPorts = [ servicePort ]; + networking.firewall.allowedTCPPorts = [ 3001 ]; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -10000,10 +8474,16 @@ This is my personal document management system. It automatically pulls documents Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml='s. This is needed for e.g. online services that only send their invoices through email body text. #+begin_src nix-ts :tangle modules/nixos/server/paperless.nix - { lib, pkgs, config, dns, globals, confLib, ... }: + { lib, pkgs, config, globals, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "paperless"; port = 28981; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + + servicePort = 28981; + serviceUser = "paperless"; + serviceGroup = serviceUser; + serviceName = "paperless"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -10013,10 +8493,6 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "users" ]; }; @@ -10028,10 +8504,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services = { ${serviceName} = { @@ -10101,7 +8574,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= ) ''; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -10140,9 +8613,10 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/transmission.nix - { self, pkgs, lib, config, confLib, ... }: + { self, pkgs, lib, config, ... }: let - inherit (confLib.gen { name = "transmission"; }) serviceName serviceDomain; + serviceName = "transmission"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; lidarrUser = "lidarr"; lidarrGroup = lidarrUser; @@ -10328,12 +8802,17 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, globals, dns, confLib, ... }: + { lib, config, configName, globals, ... }: let inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (confLib.gen { name = "syncthing"; port = 8384; }) servicePort serviceName serviceUser serviceGroup serviceAddress serviceProxy proxyAddress4 proxyAddress6; + inherit (config.swarselsystems.syncthing) serviceIP; - specificServiceName = "${serviceName}-${config.node.name}"; + servicePort = 8384; + serviceUser = "syncthing"; + serviceGroup = serviceUser; + serviceName = "syncthing"; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + specificServiceName = "syncthing-${configName}"; cfg = config.services.${serviceName}; devices = config.swarselsystems.syncthing.syncDevices; @@ -10347,6 +8826,10 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = lib.types.str; default = config.repo.secrets.common.services.domains.syncthing1; }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "${serviceAddress}"; + }; syncDevices = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; @@ -10372,10 +8855,6 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= }; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${specificServiceName}.baseDomain}.subdomainRecords = { - "${globals.services.${specificServiceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "users" ]; group = serviceGroup; @@ -10386,10 +8865,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services.${specificServiceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; @@ -10445,11 +8921,11 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= }; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${specificServiceName} = { servers = { - "${serviceAddress}:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -10479,7 +8955,6 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: This manages backups for my pictures and obsidian files. -Note: you still need to run =restic- init= once on the host to get the bucket running. #+begin_src nix-ts :tangle modules/nixos/server/restic.nix { lib, pkgs, config, ... }: @@ -10488,14 +8963,6 @@ Note: you still need to run =restic- init= once on the host to get the buc in { options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; - options.swarselsystems.server.restic = { - bucketName = lib.mkOption { - type = lib.types.str; - }; - paths = lib.mkOption { - type = lib.types.listOf lib.types.str; - }; - }; config = lib.mkIf config.swarselmodules.server.restic { sops = { @@ -10518,10 +8985,20 @@ Note: you still need to run =restic- init= once on the host to get the buc in { backups = { - "${config.swarselsystems.server.restic.bucketName}" = { + SwarselWinters = { environmentFile = config.sops.templates."restic-env".path; passwordFile = config.sops.secrets.resticpw.path; - inherit (config.swarselsystems.server.restic) paths; + paths = [ + "/Vault/data/paperless" + "/Vault/data/koillection" + "/Vault/data/postgresql" + "/Vault/data/firefly-iii" + "/Vault/data/radicale" + "/Vault/data/matrix-synapse" + "/Vault/Eternor/Paperless" + "/Vault/Eternor/Bilder" + "/Vault/Eternor/Immich" + ]; pruneOpts = [ "--keep-daily 3" "--keep-weekly 2" @@ -10553,9 +9030,14 @@ Note: you still need to run =restic- init= once on the host to get the buc This section exposes several metrics that I use to check the health of my server. I need to expand on the exporters section at some point, but for now I have everything I need. #+begin_src nix-ts :tangle modules/nixos/server/monitoring.nix - { self, lib, config, globals, dns, confLib, ... }: + { self, lib, config, globals, ... }: let - inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 3000; + serviceUser = "grafana"; + serviceGroup = serviceUser; + serviceName = "grafana"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -10571,10 +9053,6 @@ This section exposes several metrics that I use to check the health of my server options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - sops = { secrets = { grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -10611,11 +9089,7 @@ This section exposes several metrics that I use to check the health of my server networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ]; topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}"; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services = { ${serviceName} = { @@ -10764,7 +9238,7 @@ This section exposes several metrics that I use to check the health of my server }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { "${grafanaUpstream}" = { servers = { @@ -10812,23 +9286,17 @@ This section exposes several metrics that I use to check the health of my server This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually. #+begin_src nix-ts :tangle modules/nixos/server/jenkins.nix - { pkgs, lib, config, globals, dns, confLib, ... }: + { pkgs, lib, config, globals, ... }: let - inherit (confLib.gen { name = "jenkins"; port = 8088; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 8088; + serviceName = "jenkins"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; - services.jenkins = { enable = true; withCLI = true; @@ -10838,7 +9306,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w home = "/Vault/apps/${serviceName}"; }; - nodes.${serviceProxy}.services.nginx = { + services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -10875,9 +9343,10 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w This was an approach of hosting an RSS server from within emacs. That would have been useful as it would have allowed me to allow my feeds from any device. However, it proved impossible to do bidirectional syncing, so I abandoned this configuration in favor of [[#h:9da3df74-6fc5-4ee1-a345-23ab4e8a613d][FreshRSS]]. #+begin_src nix-ts :tangle modules/nixos/server/emacs.nix - { lib, config, confLib, ... }: + { lib, config, ... }: let - inherit (confLib.gen { name = "emacs"; port = 9812; }) servicePort serviceName; + serviceName = "emacs"; + servicePort = 9812; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; @@ -10910,9 +9379,14 @@ I am using this with CapyReader on my phone, set it up as a FreshRSS account wit FreshRSS claims to support HTTP header auth, but at least it does not work with my oauth2-proxy setup. Until this is fixed, I resorted to the "form" login, since I mostly do not use the web version anyways. #+begin_src nix-ts :tangle modules/nixos/server/freshrss.nix - { self, lib, config, globals, dns, confLib, ... }: + { self, lib, config, globals, ... }: let - inherit (confLib.gen { name = "freshrss"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + servicePort = 80; + serviceName = "freshrss"; + serviceUser = "freshrss"; + serviceGroup = serviceName; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -10920,10 +9394,6 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - users.users.${serviceUser} = { extraGroups = [ "users" ]; group = serviceGroup; @@ -10965,10 +9435,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with icon = "${self}/files/topology-images/${serviceName}.png"; }; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.${serviceName} = let @@ -10988,7 +9455,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with # config.sops.templates.freshrss-env.path # ]; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -11026,10 +9493,16 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with :END: #+begin_src nix-ts :tangle modules/nixos/server/forgejo.nix - { lib, config, pkgs, globals, dns, confLib, ... }: + { lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "forgejo"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + + servicePort = 3004; + serviceUser = "forgejo"; + serviceGroup = serviceUser; + serviceName = "forgejo"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -11037,10 +9510,6 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - networking.firewall.allowedTCPPorts = [ servicePort ]; users.users.${serviceUser} = { @@ -11054,10 +9523,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with kanidm-forgejo-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; }; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.${serviceName} = { enable = true; @@ -11158,7 +9624,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with ''; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -11193,10 +9659,14 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with :END: #+begin_src nix-ts :tangle modules/nixos/server/ankisync.nix - { self, lib, config, globals, dns, confLib, ... }: + { self, lib, config, globals, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "ankisync"; port = 27701; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + + servicePort = 27701; + serviceName = "ankisync"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; ankiUser = globals.user.name; in @@ -11204,10 +9674,6 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - networking.firewall.allowedTCPPorts = [ servicePort ]; sops.secrets.anki-pw = { inherit sopsFile; owner = "root"; }; @@ -11218,10 +9684,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with info = "https://${serviceDomain}"; }; - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; + globals.services.${serviceName}.domain = serviceDomain; services.anki-sync-server = { enable = true; @@ -11236,7 +9699,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with ]; }; - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -11278,13 +9741,19 @@ A stupid (but simple) way to get the =originUrl= is to simply set any URL there To get other URLs (token, etc.), use https:///oauth2/openid//.well-known/oauth-authorization-server, e.g. https:///oauth2/openid/nextcloud/.well-known/oauth-authorization-server, with clienID being the client name as specified in kanidm. #+begin_src nix-ts :tangle modules/nixos/server/kanidm.nix - { self, lib, pkgs, config, globals, dns, confLib, ... }: + { self, lib, pkgs, config, globals, ... }: let certsSopsFile = self + /secrets/certs/secrets.yaml; inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; - oauth2ProxyDomain = globals.services.oauth2-proxy.domain; + servicePort = 8300; + serviceUser = "kanidm"; + serviceGroup = serviceUser; + serviceName = "kanidm"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + oauth2ProxyDomain = globals.services.oauth2Proxy.domain; immichDomain = globals.services.immich.domain; paperlessDomain = globals.services.paperless.domain; forgejoDomain = globals.services.forgejo.domain; @@ -11311,10 +9780,6 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ s3:// --endpoint-url https://. --region swarsel= - -or 2) use classic path addressing =aws s3 cp s3:/// --endpoint-url https:// --region swarsel= - #+begin_src nix-ts :tangle modules/nixos/server/garage.nix - # inspired by https://github.com/atropos112/nixos/blob/7fef652006a1c939f4caf9c8a0cb0892d9cdfe21/modules/garage.nix - { lib, pkgs, config, globals, dns, confLib, ... }: + { self, lib, pkgs, config, configName, globals, ... }: let - inherit (confLib.gen { - name = "garage"; - port = 3900; - domain = config.repo.secrets.common.services.domains."garage-${config.node.name}"; - }) servicePort serviceName specificServiceName serviceDomain subDomain baseDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6; + sopsFile = self + /secrets/${configName}/secrets2.yaml; - cfg = lib.recursiveUpdate config.services.${serviceName} config.swarselsystems.server.${serviceName}; - inherit (config.swarselsystems) sopsFile mainUser; + serviceName = "garage"; + servicePort = 3900; + serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}"; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - # needs SSD + cfg = config.services.${serviceName}; metadata_dir = "/var/lib/garage/meta"; - # metadata_dir = if config.swarselsystems.isCloud then "/var/lib/garage/meta" else "/Vault/data/garage/meta"; - - garageRpcPort = 3901; - garageWebPort = 3902; - garageAdminPort = 3903; - garageK2VPort = 3904; - - adminDomain = "${subDomain}admin.${baseDomain}"; - webDomain = "${subDomain}web.${baseDomain}"; in { options = { swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; swarselsystems.server.${serviceName} = { - data_dir = { - path = lib.mkOption { - type = lib.types.str; - description = "Directory where Garage stores its metadata"; - }; - capacity = lib.mkOption { - type = lib.types.str; - }; - }; - buckets = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "List of buckets to create"; - }; - keys = lib.mkOption { - type = lib.types.attrsOf (lib.types.listOf lib.types.str); - default = { }; - description = "Keys and their associated buckets. Each key gets full access (read/write/owner) to its listed buckets."; - example = { - my_key_name = [ "bucket1" "bucket2" ]; - my_other_key = [ "bucket2" "bucket3" ]; - }; + data_dir = lib.mkOption { + type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs); + default = "/var/lib/garage/data"; }; }; }; config = lib.mkIf config.swarselmodules.server.${serviceName} { - assertions = [ - { - assertion = config.swarselsystems.server.${serviceName}.buckets != [ ]; - message = "If Garage is enabled, at least one bucket must be specified in swarselsystems.server.${serviceName}.buckets"; - } - { - assertion = builtins.length (lib.attrsToList config.swarselsystems.server.${serviceName}.keys) > 0; - message = "If Garage is enabled, at least one key must be specified in swarselsystems.server.${serviceName}.keys"; - } - { - assertion = - let - allKeyBuckets = lib.flatten (lib.attrValues config.swarselsystems.server.${serviceName}.keys); - invalidBuckets = builtins.filter (bucket: !(lib.elem bucket config.swarselsystems.server.${serviceName}.buckets)) allKeyBuckets; - in - invalidBuckets == [ ]; - message = "All buckets referenced in keys must exist in the buckets list"; - } - ]; - - nodes.stoicclub.swarselsystems.server.dns.${baseDomain}.subdomainRecords = { - "${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - "${subDomain}admin" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - "${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - "*.${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - "*.${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; sops = { secrets.garage-admin-token = { inherit sopsFile; }; secrets.garage-rpc-secret = { inherit sopsFile; }; }; - # DynamicUser cannot read above secrets - systemd.services.${serviceName}.serviceConfig = { - DynamicUser = false; - ProtectHome = lib.mkForce false; - }; - environment = { persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = "/var/lib/garage"; } - (lib.mkIf config.swarselsystems.isCloud { directory = config.swarselsystems.server.${serviceName}.data_dir.path; }) + { directory = metadata_dir; } ]; systemPackages = [ cfg.package ]; }; - globals.services.${specificServiceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; + systemd.services.${serviceName}.serviceConfig = { + DynamicUser = false; + ProtectHome = lib.mkForce false; }; - services.${serviceName} = { enable = true; package = pkgs.garage_2; settings = { - data_dir = [ config.swarselsystems.server.${serviceName}.data_dir ]; + inherit (config.swarselsystems.${serviceName}) data_dir; inherit metadata_dir; db_engine = "lmdb"; - block_size = "128M"; + block_size = "1MiB"; use_local_tz = false; - disable_scrub = true; - replication_factor = 1; - compression_level = "none"; - rpc_bind_addr = "[::]:${builtins.toString garageRpcPort}"; - # we are not joining our nodes, just use the private ipv4 - rpc_public_addr = "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4}:${builtins.toString garageRpcPort}"; + replication_factor = 2; # Number of copies of data + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317"; rpc_secret_file = config.sops.secrets.garage-rpc-secret.path; s3_api = { - s3_region = mainUser; - api_bind_addr = "[::]:${builtins.toString servicePort}"; - root_domain = ".${serviceDomain}"; - }; - - s3_web = { - bind_addr = "[::]:${builtins.toString garageWebPort}"; - root_domain = ".${config.repo.secrets.common.services.domains."garage-web-${config.node.name}"}"; - add_host_to_metrics = true; + s3_region = "swarsel"; + api_bind_addr = "0.0.0.0:${builtins.toString servicePort}"; + root_domain = ".s3.garage.localhost"; }; admin = { - api_bind_addr = "[::]:${builtins.toString garageAdminPort}"; + api_bind_addr = "0.0.0.0:3903"; admin_token_file = config.sops.secrets.garage-admin-token.path; }; k2v_api = { - api_bind_addr = "[::]:${builtins.toString garageK2VPort}"; + api_bind_addr = "[::]:3904"; }; }; }; - - systemd.services = { - garage-buckets = { - description = "Create Garage buckets"; - after = [ "garage.service" ]; - wants = [ "garage.service" ]; - wantedBy = [ "multi-user.target" ]; - - path = [ cfg.package pkgs.gawk pkgs.coreutils ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "root"; - Group = "root"; - }; - - script = '' - garage status - - # Checking repeatedly with garage status until getting 0 exit code - while ! garage status >/dev/null 2>&1; do - echo "Garage not yet operational, waiting..." - echo "Current garage status output:" - garage status 2>&1 || true - echo "---" - sleep 5 - done - - # Now we check if garage status shows any failed nodes by checking for ==== FAILED NODES ==== - while garage status | grep -q "==== FAILED NODES ===="; do - echo "Garage has failed nodes, waiting..." - echo "Current garage status output:" - garage status 2>&1 || true - echo "---" - sleep 5 - done - - echo "Garage is operational, proceeding with bucket management." - - # Get list of existing buckets - existing_buckets=$(garage bucket list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true) - - # Create buckets that should exist - ${lib.concatMapStringsSep "\n" (bucket: '' - if [[ "$(garage bucket info ${lib.escapeShellArg bucket} 2>&1 >/dev/null)" == *"Bucket not found"* ]]; then - echo "Creating bucket ${lib.escapeShellArg bucket}" - garage bucket create ${lib.escapeShellArg bucket} - else - echo "Bucket ${lib.escapeShellArg bucket} already exists" - fi - '') - cfg.buckets} - - # Remove buckets that shouldn't exist - for bucket in $existing_buckets; do - should_exist=false - ${lib.concatMapStringsSep "\n" (bucket: '' - if [[ "$bucket" == ${lib.escapeShellArg bucket} ]]; then - should_exist=true - fi - '') - cfg.buckets} - - if [[ "$should_exist" == "false" ]]; then - echo "Removing bucket $bucket" - garage bucket delete --yes "$bucket" - fi - done - ''; - }; - - garage-keys = { - description = "Create Garage keys and set permissions"; - after = [ "garage-buckets.service" ]; - wants = [ "garage-buckets.service" ]; - requires = [ "garage-buckets.service" ]; - wantedBy = [ "multi-user.target" ]; - - path = [ cfg.package pkgs.gawk pkgs.coreutils ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "root"; - Group = "root"; - }; - - script = '' - garage key list - echo "Managing keys..." - - # Get list of existing keys - existing_keys=$(garage key list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true) - - # Create keys that should exist - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: '' - if [[ "$(garage key info ${lib.escapeShellArg keyName} 2>&1)" == *"0 matching keys"* ]]; then - echo "Creating key ${lib.escapeShellArg keyName}" - garage key create ${lib.escapeShellArg keyName} - else - echo "Key ${lib.escapeShellArg keyName} already exists" - fi - '') - cfg.keys)} - - # Set up key permissions for buckets - ${lib.concatStringsSep "\n" (lib.mapAttrsToList ( - keyName: buckets: - lib.concatMapStringsSep "\n" (bucket: '' - echo "Granting full access to key ${lib.escapeShellArg keyName} for bucket ${lib.escapeShellArg bucket}" - garage bucket allow --read --write --owner --key ${lib.escapeShellArg keyName} ${lib.escapeShellArg bucket} - '') - buckets - ) - cfg.keys)} - - # Remove permissions from buckets that are no longer associated with keys - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: buckets: '' - # Get current buckets this key has access to - current_buckets=$(garage key info ${lib.escapeShellArg keyName} | grep -A 1000 "==== BUCKETS FOR THIS KEY ====" | tail -n +3 | awk '{print $3}' | grep -v '^$' || true) - - # Remove access from buckets not in the desired list - for current_bucket in $current_buckets; do - should_have_access=false - ${lib.concatMapStringsSep "\n" (bucket: '' - if [[ "$current_bucket" == ${lib.escapeShellArg bucket} ]]; then - should_have_access=true - fi - '') - buckets} - - if [[ "$should_have_access" == "false" ]]; then - echo "Removing access for key ${lib.escapeShellArg keyName} from bucket $current_bucket" - garage bucket deny --key ${lib.escapeShellArg keyName} $current_bucket - fi - done - '') - cfg.keys)} - - # Remove keys that shouldn't exist - for key in $existing_keys; do - should_exist=false - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: '' - if [[ "$key" == ${lib.escapeShellArg keyName} ]]; then - should_exist=true - fi - '') - cfg.keys)} - - if [[ "$should_exist" == "false" ]]; then - echo "Removing key $key" - garage key delete --yes "$key" - fi - done - ''; - }; - }; - - security.acme.certs."${webDomain}" = { - domain = "*.${webDomain}"; - }; - - nodes.${serviceProxy}.services.nginx = { - upstreams = { - ${serviceName} = { - servers = { - "${serviceAddress}:${builtins.toString servicePort}" = { }; - }; - }; - "${serviceName}Web" = { - servers = { - "${serviceAddress}:${builtins.toString garageWebPort}" = { }; - }; - }; - "${serviceName}Admin" = { - servers = { - "${serviceAddress}:${builtins.toString garageAdminPort}" = { }; - }; - }; - }; - virtualHosts = { - "${adminDomain}" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - oauth2.enable = false; - locations = { - "/" = { - proxyPass = "http://${serviceName}Admin"; - }; - }; - }; - "*.${webDomain}" = { - useACMEHost = webDomain; - forceSSL = true; - acmeRoot = null; - oauth2.enable = false; - locations = { - "/" = { - proxyPass = "http://${serviceName}Web"; - }; - }; - }; - "${serviceDomain}" = { - serverAliases = [ "*.${serviceDomain}" ]; - enableACME = true; - forceSSL = true; - acmeRoot = null; - oauth2.enable = false; - locations = { - "/" = { - proxyPass = "http://${serviceName}"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - }; - }; - - }; - } -#+end_src -**** nsd (dns) -:PROPERTIES: -:CUSTOM_ID: h:ef5b7ace-4870-4dfa-9532-9a9d2722dc9a -:END: - -#+begin_src nix-ts :tangle modules/nixos/server/nsd/default.nix - { lib, config, globals, dns, confLib, ... }: - let - inherit (confLib.gen { name = "nsd"; port = 53; }) serviceName servicePort proxyAddress4 proxyAddress6; - inherit (config.swarselsystems) sopsFile; - in - { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - swarselsystems.server.dns = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options = { - subdomainRecords = lib.mkOption { - type = lib.types.attrsOf dns.lib.types.subzone; - default = { }; - }; - }; - } - ); - }; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - sops.secrets = { - tsig-key = { inherit sopsFile; }; - }; - - # services.resolved.enable = false; - networking = { - # nameservers = [ "1.1.1.1" "8.8.8.8" ]; - firewall = { - allowedUDPPorts = [ servicePort ]; - allowedTCPPorts = [ servicePort ]; - }; - }; - - services.nsd = { - enable = true; - keys = { - "${globals.domains.main}.${proxyAddress4}" = { - algorithm = "hmac-sha256"; - keyFile = config.sops.secrets.tsig-key.path; - }; - "${globals.domains.main}.${proxyAddress6}" = { - algorithm = "hmac-sha256"; - keyFile = config.sops.secrets.tsig-key.path; - }; - "${globals.domains.main}" = { - algorithm = "hmac-sha256"; - keyFile = config.sops.secrets.tsig-key.path; - }; - }; - interfaces = [ - "10.1.2.157" - "2603:c020:801f:a0cc::9d" - ]; - zones = { - "${globals.domains.main}" = - let - keyName4 = "${globals.domains.main}.${proxyAddress4}"; - keyName6 = "${globals.domains.main}.${proxyAddress6}"; - keyName = "${globals.domains.main}"; - transferList = [ - "213.239.242.238 ${keyName4}" - "2a01:4f8:0:a101::a:1 ${keyName6}" - "213.133.100.103 ${keyName4}" - "2a01:4f8:0:1::5ddc:2 ${keyName6}" - "193.47.99.3 ${keyName4}" - "2001:67c:192c::add:a3 ${keyName6}" - ]; - - in - { - outgoingInterface = "2603:c020:801f:a0cc::9d"; - notify = transferList ++ [ - "216.218.130.2 ${keyName}" - ]; - provideXFR = transferList ++ [ - "216.218.133.2 ${keyName}" - "2001:470:600::2 ${keyName}" - ]; - - # dnssec = true; - data = dns.lib.toString "${globals.domains.main}" (import ./site1.nix { inherit config globals dns proxyAddress4 proxyAddress6; }); - }; - }; - }; - - }; - } -#+end_src -**** nsd (dns) - site1 -:PROPERTIES: -:CUSTOM_ID: h:dc1dbc54-46f7-406d-a551-527e97439614 -:END: - -#+begin_src nix-ts :tangle modules/nixos/server/nsd/site1.nix - { config, globals, dns, proxyAddress4, proxyAddress6, ... }: - with dns.lib.combinators; { - SOA = { - nameServer = "soa"; - adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin") - serial = 2025120201; # update this on changes for secondary dns - }; - - useOrigin = false; - - NS = [ - "soa" - "srv" - ] ++ globals.domains.externalDns; - - - A = [ config.repo.secrets.local.dns.homepage-ip ]; - - SRV = [ - { - service = "_matrix"; - proto = "_tcp"; - port = 443; - target = "${globals.services.matrix.subDomain}"; - priority = 10; - weight = 5; - } - { - service = "_submissions"; - proto = "_tcp"; - port = 465; - target = "${globals.services.mailserver.subDomain}"; - priority = 5; - weight = 0; - ttl = 3600; - } - { - service = "_submission"; - proto = "_tcp"; - port = 587; - target = "${globals.services.mailserver.subDomain}"; - priority = 5; - weight = 0; - ttl = 3600; - } - { - service = "_imap"; - proto = "_tcp"; - port = 143; - target = "${globals.services.mailserver.subDomain}"; - priority = 5; - weight = 0; - ttl = 3600; - } - { - service = "_imaps"; - proto = "_tcp"; - port = 993; - target = "${globals.services.mailserver.subDomain}"; - priority = 5; - weight = 0; - ttl = 3600; - } - ]; - - MX = [ - { - preference = 10; - exchange = "${globals.services.mailserver.subDomain}"; - } - ]; - - DKIM = [ - { - selector = "mail"; - k = "rsa"; - p = config.repo.secrets.local.dns.mailserver.dkim-public; - ttl = 10800; - } - ]; - - TXT = [ - (with spf; strict [ "a:${globals.services.mailserver.subDomain}.${globals.domains.main}" ]) - "google-site-verification=${config.repo.secrets.local.dns.google-site-verification}" - ]; - - DMARC = [ - { - p = "none"; - ttl = 10800; - } - ]; - - subdomains = config.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords // { - "www".CNAME = [ "${globals.domains.main}." ]; - "_acme-challenge".CNAME = [ "${config.repo.secrets.local.dns.acme-challenge-domain}." ]; - "soa" = host proxyAddress4 proxyAddress6; - "srv" = host proxyAddress4 proxyAddress6; - }; - } -#+end_src -**** Minecraft -:PROPERTIES: -:CUSTOM_ID: h:948d4f4e-b752-4e2e-b8a9-35d9d7f246c6 -:END: - -#+begin_src nix-ts :tangle modules/nixos/server/minecraft/default.nix - { lib, config, pkgs, globals, dns, confLib, ... }: - let - inherit (confLib.gen { name = "minecraft"; port = 25565; dir = "/opt/minecraft"; }) serviceName servicePort serviceDir serviceDomain proxyAddress4 proxyAddress6; - inherit (config.swarselsystems) mainUser; - worldName = "${mainUser}craft"; - in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - - topology.self.services.${serviceName}.info = "https://${serviceDomain}"; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; - - networking.firewall.allowedTCPPorts = [ servicePort ]; - - environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = serviceDir; mode = "0755"; } - ]; - - systemd.services.minecraft-swarselcraft = { - description = "Minecraft Server"; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - serviceConfig = { - User = "root"; - WorkingDirectory = "${serviceDir}/${worldName}"; - - ExecStart = "${lib.getExe pkgs.temurin-jre-bin-17} @user_jvm_args.txt @libraries/net/minecraftforge/forge/1.20.1-47.2.20/unix_args.txt nogui"; - - Restart = "always"; - RestartSec = 30; - StandardInput = "null"; - }; - - wantedBy = [ "multi-user.target" ]; - }; - - - }; - - } -#+end_src -**** Mailserver -:PROPERTIES: -:CUSTOM_ID: h:64cbeb7e-0773-4eb5-8e52-6b97c8f685e2 -:END: - -#+begin_src nix-ts :tangle modules/nixos/server/mailserver.nix - { lib, config, globals, dns, confLib, ... }: - let - inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceDomain serviceProxy proxyAddress4 proxyAddress6; - inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 user3; - baseDomain = globals.domains.main; - in - { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; - - sops.secrets = { - user1-hashed-pw = { inherit sopsFile; owner = serviceUser; }; - user2-hashed-pw = { inherit sopsFile; owner = serviceUser; }; - user3-hashed-pw = { inherit sopsFile; owner = serviceUser; }; - }; - - environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = "/var/vmail"; user = serviceUser; group = serviceGroup; mode = "0770"; } - { directory = "/var/sieve"; user = serviceUser; group = serviceGroup; mode = "0770"; } - { directory = "/var/dkim"; user = "rspamd"; group = "rspamd"; mode = "0700"; } - { directory = serviceDir; user = serviceUser; group = serviceGroup; mode = "0700"; } - { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; } - { directory = "/var/lib/rspamd"; user = "rspamd"; group = "rspamd"; mode = "0700"; } - { directory = "/var/lib/roundcube"; user = "roundcube"; group = "roundcube"; mode = "0700"; } - { directory = "/var/lib/redis-rspamd"; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; } - { directory = "/var/lib/postfix"; user = "root"; group = "root"; mode = "0755"; } - { directory = "/var/lib/knot-resolver"; user = "knot-resolver"; group = "knot-resolver"; mode = "0770"; } - ]; - - mailserver = { - enable = true; - stateVersion = 3; - fqdn = serviceDomain; - domains = [ baseDomain ]; - indexDir = "${serviceDir}/indices"; - openFirewall = true; - certificateScheme = "acme"; - dmarcReporting.enable = true; - - loginAccounts = { - "${user1}@${baseDomain}" = { - hashedPasswordFile = config.sops.secrets.user1-hashed-pw.path; - aliases = [ - "${alias1_1}@${baseDomain}" - "${alias1_2}@${baseDomain}" - "${alias1_3}@${baseDomain}" - "${alias1_4}@${baseDomain}" - ]; - }; - "${user2}@${baseDomain}" = { - hashedPasswordFile = config.sops.secrets.user2-hashed-pw.path; - aliases = [ - "${alias2_1}@${baseDomain}" - ]; - sendOnly = true; - }; - "${user3}@${baseDomain}" = { - hashedPasswordFile = config.sops.secrets.user3-hashed-pw.path; - aliases = [ - "@${baseDomain}" - ]; - catchAll = [ - baseDomain - ]; - }; - }; - }; - - services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = serviceDomain; - extraConfig = '' - $config['imap_host'] = "ssl://${config.mailserver.fqdn}"; - $config['smtp_host'] = "ssl://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - configureNginx = true; - }; - - # the rest of the ports are managed by snm - networking.firewall.allowedTCPPorts = [ 80 servicePort ]; - - nodes.${serviceProxy}.services.nginx = { - virtualHosts = { - "${serviceDomain}" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/".recommendedSecurityHeaders = false; - "~ ^/(SQL|bin|config|logs|temp|vendor)/".recommendedSecurityHeaders = false; - "~ ^/(CHANGELOG.md|INSTALL|LICENSE|README.md|SECURITY.md|UPGRADING|composer.json|composer.lock)".recommendedSecurityHeaders = false; - "~* \\.php(/|$)".recommendedSecurityHeaders = false; - }; - }; - }; - }; - - }; - } -#+end_src -**** Attic (nix binary cache) -:PROPERTIES: -:CUSTOM_ID: h:092593d2-0ca0-4f86-9951-6127a3594e25 -:END: - -Generate the attic server token using =openssl genrsa -traditional 4096 | base64 -w0= - -# Copy and paste from the atticd output -$ attic login local http://localhost:8080 eyJ... -✍️ Configuring server "local" - -$ attic cache create hello -✨ Created cache "hello" on "local" - -#+begin_src nix-ts :tangle modules/nixos/server/attic.nix - { lib, config, globals, dns, confLib, ... }: - let - inherit (confLib.gen { name = "attic"; port = 8091; }) serviceName serviceDir servicePort serviceAddress serviceDomain serviceProxy proxyAddress4 proxyAddress6; - inherit (config.swarselsystems) mainUser isPublic sopsFile; - serviceDB = "atticd"; - in - { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - - globals.services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6; - }; - - sops = lib.mkIf (!isPublic) { - secrets = { - attic-server-token = { inherit sopsFile; }; - attic-garage-access-key = { inherit sopsFile; }; - attic-garage-secret-key = { inherit sopsFile; }; - }; - templates = { - "attic.env" = { - content = '' - ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder.attic-server-token} - AWS_ACCESS_KEY_ID=${config.sops.placeholder.attic-garage-access-key} - AWS_SECRET_ACCESS_KEY=${config.sops.placeholder.attic-garage-secret-key} - ''; - }; - }; - }; - - services.atticd = { - enable = true; - environmentFile = config.sops.templates."attic.env".path; - settings = { - listen = "[::]:${builtins.toString servicePort}"; - api-endpoint = "https://${serviceDomain}/"; - allowed-hosts = [ - serviceDomain - ]; - require-proof-of-possession = false; - compression = { - type = "zstd"; - level = 3; - }; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = - if config.swarselmodules.server.garage then { - type = "s3"; - region = mainUser; - bucket = serviceName; - # attic must be patched to never serve pre-signed s3 urls directly - # otherwise it will redirect clients to this localhost endpoint - endpoint = "http://127.0.0.1:3900"; - } else { - type = "local"; - path = serviceDir; - # attic must be patched to never serve pre-signed s3 urls directly - # otherwise it will redirect clients to this localhost endpoint - }; - - garbage-collection = { - interval = "1 day"; - default-retention-period = "3 months"; - }; - - chunking = { - nar-size-threshold = if config.swarselmodules.server.garage then 0 else 64 * 1024; # 64 KiB - - min-size = 16 * 1024; # 16 KiB - avg-size = 64 * 1024; # 64 KiB - max-size = 256 * 1024; # 256 KiBize = 262144; - }; - }; - }; - - services.postgresql = { - enable = true; - enableTCPIP = true; - ensureDatabases = [ serviceDB ]; - ensureUsers = [ - { - name = serviceDB; - ensureDBOwnership = true; - } - ]; - }; - - systemd.services.atticd = lib.mkIf config.swarselmodules.server.garage { - requires = [ "garage.service" ]; - after = [ "garage.service" ]; - }; - - nodes.${serviceProxy}.services.nginx = { + nodes.moonside.services.nginx = { upstreams = { ${serviceName} = { servers = { @@ -13939,9 +11493,6 @@ $ attic cache create hello locations = { "/" = { proxyPass = "http://${serviceName}"; - extraConfig = '' - client_max_body_size 0; - ''; }; }; }; @@ -14020,48 +11571,6 @@ TODO: evaluate whether I should keep using this structure. #+end_src -**** Niri -:PROPERTIES: -:CUSTOM_ID: h:58162d08-3ded-441d-861e-2ebf30e32538 -:END: - -Auto login for the initial session. - -#+begin_src nix-ts :tangle modules/nixos/optional/niri.nix - { inputs, lib, config, pkgs, ... }: - let - moduleName = "niri"; - in - { - imports = [ - inputs.niri-flake.nixosModules.niri - ]; - options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; - config = lib.mkIf config.swarselmodules.${moduleName} { - - environment.systemPackages = with pkgs; [ - wl-clipboard - wayland-utils - libsecret - cage - gamescope - xwayland-satellite-unstable - ]; - - - programs.niri = { - enable = true; - package = pkgs.niri-unstable; # the actual niri that will be installed and used - }; - } // { - niri-flake.cache.enable = true; - programs.niri = { - package = null; - }; - }; - } -#+end_src - **** gaming :PROPERTIES: :CUSTOM_ID: h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431 @@ -14070,16 +11579,10 @@ Auto login for the initial session. This opens a few gaming ports and installs the steam configuration suite for gaming. There are more options in [[#h:84fd7029-ecb6-4131-9333-289982f24ffa][Gaming]] (home-manager side). #+begin_src nix-ts :tangle modules/nixos/optional/gaming.nix - { self, pkgs, config, ... }: + { pkgs, lib, config, ... }: { - config = { - - home-manager.users."${config.swarselsystems.mainUser}" = { - imports = [ - "${self}/modules/home/optional/gaming.nix" - ]; - }; - + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; @@ -14130,7 +11633,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl #+begin_src nix-ts :tangle modules/nixos/optional/virtualbox.nix { lib, config, pkgs, ... }: { - config = { + options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselmodules.optional.virtualbox { # specialisation = { # VBox.configuration = { virtualisation.virtualbox = { @@ -14174,10 +11678,11 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. #+begin_src nix-ts :tangle modules/nixos/optional/vmware.nix - _: + { lib, config, ... }: { - config = { + options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselmodules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; @@ -14192,9 +11697,10 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. #+begin_src nix-ts :tangle modules/nixos/optional/nswitch-rcm.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - config = { + options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { @@ -14214,16 +11720,10 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/framework.nix - { self, config, ... }: + { lib, config, ... }: { - config = { - - home-manager.users."${config.swarselsystems.mainUser}" = { - imports = [ - "${self}/modules/home/optional/framework.nix" - ]; - }; - + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { services = { fwupd = { enable = true; @@ -14255,9 +11755,10 @@ This holds configuration that is specific to framework laptops. :END: #+begin_src nix-ts :tangle modules/nixos/optional/amdcpu.nix - _: + { lib, config, ... }: { - config = { + options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; @@ -14272,9 +11773,10 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/amdgpu.nix - _: + { lib, config, ... }: { - config = { + options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; @@ -14297,6 +11799,7 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/hibernation.nix { lib, config, ... }: { + options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { hibernation = { offset = lib.mkOption { @@ -14309,7 +11812,7 @@ This holds configuration that is specific to framework laptops. }; }; }; - config = { + config = lib.mkIf config.swarselmodules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" @@ -14327,6 +11830,23 @@ This holds configuration that is specific to framework laptops. } #+end_src +**** BTRFS +:PROPERTIES: +:CUSTOM_ID: h:86fb3236-9e18-43f0-8a08-3a2acd61cc98 +:END: + +#+begin_src nix-ts :tangle modules/nixos/optional/btrfs.nix + { lib, config, ... }: + { + options.swarselmodules.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.btrfs { + boot = { + supportedFilesystems = lib.mkIf config.swarselsystems.isBtrfs [ "btrfs" ]; + }; + }; + } +#+end_src + **** work :PROPERTIES: :CUSTOM_ID: h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf @@ -14343,7 +11863,7 @@ When setting up a new machine: #+end_src #+begin_src nix-ts :tangle modules/nixos/optional/work.nix - { self, lib, pkgs, config, ... }: + { self, lib, pkgs, config, configName, ... }: let inherit (config.swarselsystems) mainUser homeDir; iwd = config.networking.networkmanager.wifi.backend == "iwd"; @@ -14351,24 +11871,18 @@ When setting up a new machine: sopsFile = self + /secrets/work/secrets.yaml; in { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { hostName = lib.mkOption { type = lib.types.str; - default = config.node.name; + default = configName; }; fqdn = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = { - - home-manager.users."${config.swarselsystems.mainUser}" = { - imports = [ - "${self}/modules/home/optional/work.nix" - ]; - }; - + config = lib.mkIf config.swarselmodules.optional.work { sops = let secretNames = [ @@ -14585,38 +12099,21 @@ When setting up a new machine: } #+end_src -**** Uni - -#+begin_src nix-ts :tangle modules/nixos/optional/uni.nix :noweb yes - { self, config, ... }: - { - config = { - - home-manager.users."${config.swarselsystems.mainUser}" = { - imports = [ - "${self}/modules/home/optional/work.nix" - ]; - }; - }; - } - -#+end_src - **** microvm-host -:PROPERTIES: -:CUSTOM_ID: h:ded3276e-3e97-4863-a29e-b978d8aae1c9 -:END: Some standard options that should be set for every microvm host. #+begin_src nix-ts :tangle modules/nixos/optional/microvm-host.nix - { config, lib, ... }: + { lib, config, ... }: { - # imports = [ - # inputs.microvm.nixosModules.host - # ]; + options = { + swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; + }; + # imports = [ + # inputs.microvm.nixosModules.host + # ]; - config = lib.mkIf (config.guests != { }) { + config = lib.mkIf (config.guests != {}) { microvm = { hypervisor = lib.mkDefault "qemu"; @@ -14626,84 +12123,25 @@ Some standard options that should be set for every microvm host. #+end_src **** microvm-guest -:PROPERTIES: -:CUSTOM_ID: h:46419b40-c40b-4b55-ac6f-a30169322bd6 -:END: Some standard options that should be set vor every microvm guest. We set the default #+begin_src nix-ts :tangle modules/nixos/optional/microvm-guest.nix - _: + { lib, config, ... }: { + options.swarselmodules.optional.microvmGuest = lib.mkEnableOption "optional microvmGuest settings"; # imports = [ # inputs.microvm.nixosModules.microvm + # "${self}/profiles/nixos" + # "${self}/modules/nixos" # ]; - - config = - { }; - } - -#+end_src - -**** systemd-networkd (server) - -Some standard options that should be set vor every microvm guest. We set the default - -#+begin_src nix-ts :tangle modules/nixos/optional/systemd-networkd-server.nix - { lib, config, globals, ... }: - { - networking = { - useDHCP = lib.mkForce false; - useNetworkd = true; - dhcpcd.enable = false; - renameInterfacesByMac = lib.mapAttrs (_: v: v.mac) ( - config.repo.secrets.local.networking.networks or { } - ); - }; - boot.initrd.systemd.network = { - enable = true; - networks."10-${config.swarselsystems.server.localNetwork}" = config.systemd.network.networks."10-${config.swarselsystems.server.localNetwork}"; - }; - - systemd = { - network = { - enable = true; - wait-online.enable = false; - networks = - let - netConfig = config.repo.secrets.local.networking; - in - { - "10-${config.swarselsystems.server.localNetwork}" = { - address = [ - "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv4}" - "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv6}" - ]; - routes = [ - { - Gateway = netConfig.defaultGateway6; - GatewayOnLink = true; - } - { - Gateway = netConfig.defaultGateway4; - GatewayOnLink = true; - } - ]; - networkConfig = { - IPv6PrivacyExtensions = true; - IPv6AcceptRA = false; - }; - matchConfig.MACAddress = netConfig.networks.${config.swarselsystems.server.localNetwork}.mac; - linkConfig.RequiredForOnline = "routable"; - }; - }; + config = lib.mkIf config.swarselmodules.optional.microvmGuest + { }; - }; } #+end_src - ** Home-manager :PROPERTIES: :CUSTOM_ID: h:08ded95b-9c43-475d-a0b2-fc088a512287 @@ -14723,9 +12161,6 @@ The general structure here is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a #+end_src *** Steps to setup/upgrade home-manager only -:PROPERTIES: -:CUSTOM_ID: h:360f9da1-334e-4b04-b049-45085db8f10c -:END: Steps to get a home-manager only setup up and running: #+begin_src markdown :noweb-ref homemanageronlysetup :exports both :results html @@ -14789,7 +12224,7 @@ This section sets up all the imports that are used in the home-manager section. } #+end_src -**** General home-manager-settings (nix) +**** General home-manager-settings :PROPERTIES: :CUSTOM_ID: h:4af4f67f-7c48-4754-b4bd-6800e3a66664 :END: @@ -14797,123 +12232,112 @@ This section sets up all the imports that are used in the home-manager section. Again, we adapt =nix= to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same. #+begin_src nix-ts :tangle modules/home/common/settings.nix - { self, outputs, lib, pkgs, config, globals, confLib, ... }: - let - inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; - inherit (confLib.getConfig.repo.secrets.common) atticPublicKey; - in - { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = + { self, outputs, lib, pkgs, config, ... }: + let + inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; + in + { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = + let + nix-version = "2_30"; + in + lib.mkIf config.swarselmodules.general { + nix = lib.mkIf (!config.swarselsystems.isNixos) { + package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${self + /nix/extra-builtins.nix} + # ''; + extraOptions = let - nix-version = "2_30"; + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; in - lib.mkIf config.swarselmodules.general { - nix = lib.mkIf (!config.swarselsystems.isNixos) { - package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; - # extraOptions = '' - # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins - # extra-builtins-file = ${self + /nix/extra-builtins.nix} - # ''; - extraOptions = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - '' + '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - substituters = [ - "https://${globals.services.attic.domain}/${mainUser}" - ]; - trusted-public-keys = [ - atticPublicKey - ]; - trusted-users = [ - "@wheel" - "${mainUser}" - (lib.mkIf config.swarselmodules.server.ssh-builder "builder") - ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf isLinux true; + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf isLinux true; + }; + }; + + nixpkgs = lib.mkIf (!isNixos) { + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config; }; - }; + in + additions final prev + ) + ]; + config = { + allowUnfree = true; + }; + }; - nixpkgs = lib.mkIf (!isNixos) { - overlays = [ - outputs.overlays.default - (final: prev: - let - additions = final: _: import "${self}/pkgs/config" { - inherit self config lib; - pkgs = final; - homeConfig = config; - }; - in - additions final prev - ) - ]; - config = { - allowUnfree = true; - }; - }; + programs = { + # home-manager.enable = lib.mkIf (!isNixos) true; + man = { + enable = true; + generateCaches = true; + }; + }; - programs = { - # home-manager.enable = lib.mkIf (!isNixos) true; - man = { - enable = true; - generateCaches = true; - }; - }; + targets.genericLinux.enable = lib.mkIf (!isNixos) true; - targets.genericLinux.enable = lib.mkIf (!isNixos) true; + home = { + username = lib.mkDefault mainUser; + homeDirectory = lib.mkDefault "/home/${mainUser}"; + stateVersion = lib.mkDefault "23.05"; + keyboard.layout = "us"; + sessionVariables = { + FLAKE = "/home/${mainUser}/.dotfiles"; + }; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + packages = lib.mkIf (!isNixos) [ + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ + --append-flags '--flake ${flakePath}#$(hostname)' + ''; + }) + ]; + }; + }; - home = { - username = lib.mkDefault mainUser; - homeDirectory = lib.mkDefault "/home/${mainUser}"; - stateVersion = lib.mkDefault "23.05"; - keyboard.layout = "us"; - sessionVariables = { - FLAKE = "/home/${mainUser}/.dotfiles"; - }; - extraOutputsToInstall = [ - "doc" - "info" - "devdoc" - ]; - packages = lib.mkIf (!isNixos) [ - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ - --append-flags '--flake ${flakePath}#$(hostname)' - ''; - }) - ]; - }; - }; - - } + } #+end_src **** nixGL @@ -15005,9 +12429,6 @@ This holds packages that I can use as provided, or with small modifications (as # ssh login using idm opkssh - # cache - attic-client - # dict (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) @@ -15043,6 +12464,7 @@ This holds packages that I can use as provided, or with small modifications (as nix-inspect nixpkgs-review manix + comma # shellscripts shfmt @@ -15241,8 +12663,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at options.swarselmodules.sops = lib.mkEnableOption "sops settings"; config = lib.optionalAttrs (inputs ? sops) { sops = { - age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml"; + age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; }; @@ -15256,7 +12678,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at :END: #+begin_src nix-ts :tangle modules/home/common/yubikey.nix - { lib, config, inputs, confLib, ... }: + { lib, config, inputs, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in @@ -15267,8 +12689,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { ids = [ - confLib.getConfig.repo.secrets.common.yubikeys.dev1 - confLib.getConfig.secrets.common.yubikeys.dev2 + nixosConfig.repo.secrets.common.yubikeys.dev1 + nixosConfig.repo.secrets.common.yubikeys.dev2 ]; }; } // lib.optionalAttrs (inputs ? sops) { @@ -15287,10 +12709,10 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. #+begin_src nix-ts :tangle modules/home/common/ssh.nix - { inputs, lib, config, confLib, ... }: + { lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselmodules.ssh ({ + config = lib.mkIf config.swarselmodules.ssh { programs.ssh = { enable = true; enableDefaultConfig = false; @@ -15307,17 +12729,13 @@ It is very convenient to have SSH aliases in place for machines that I use. This serverAliveCountMax = 3; hashKnownHosts = false; userKnownHostsFile = "~/.ssh/known_hosts"; - controlMaster = "auto"; + controlMaster = "no"; controlPath = "~/.ssh/master-%r@%n:%p"; - controlPersist = "5m"; + controlPersist = "no"; }; - } // confLib.getConfig.repo.secrets.common.ssh.hosts; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; - } // lib.optionalAttrs (inputs ? sops) { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { - builder-key = { path = "${config.home.homeDirectory}/.ssh/builder"; mode = "0600"; }; - }; - }); + }; } #+end_src @@ -15522,11 +12940,11 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix-ts :tangle modules/home/common/env.nix - { lib, config, confLib, globals, ... }: + { lib, config, nixosConfig ? config, ... }: let - inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; - inherit (confLib.getConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; - inherit (confLib.getConfig.repo.secrets.common) fullName openrouterApi instaDomain sportDomain; + inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; + inherit (nixosConfig.repo.secrets.common) fullName openrouterApi; inherit (config.swarselsystems) isPublic homeDir; DISPLAY = ":0"; @@ -15540,14 +12958,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var } // (lib.optionalAttrs (!isPublic) { }); systemd.user.sessionVariables = { DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; - FLAKE = "${config.home.homeDirectory}/.dotfiles"; } // lib.optionalAttrs (!isPublic) { - SWARSEL_DOMAIN = globals.domains.main; - SWARSEL_RSS_DOMAIN = globals.services.freshrss.domain; - SWARSEL_MUSIC_DOMAIN = globals.services.navidrome.domain; - SWARSEL_FILES_DOMAIN = globals.services.nextcloud.domain; - SWARSEL_INSTA_DOMAIN = instaDomain; - SWARSEL_SPORT_DOMAIN = sportDomain; SWARSEL_MAIL1 = address1; SWARSEL_MAIL2 = address2; SWARSEL_MAIL3 = address3; @@ -15560,7 +12971,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = lib.mkDefault allMailAddresses; - GITHUB_NOTIFICATION_TOKEN_PATH = confLib.getConfig.sops.secrets.github-notifications-token.path; + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; OPENROUTER_API_KEY = openrouterApi; }; }; @@ -15674,7 +13085,7 @@ This section is for programs that require no further configuration. zsh Integrat :CUSTOM_ID: h:64dbbb9e-8097-4c1b-813c-8c10cf9b9748 :END: -nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for =command-not-found.sh=, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. This also uses the =nix-index-with-full-db= from the nix-index-database input thanks to its overlay. +nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for =command-not-found.sh=, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. #+begin_src nix-ts :tangle modules/home/common/nix-index.nix { self, lib, config, pkgs, ... }: @@ -15693,22 +13104,17 @@ nix-index provides a way to find out which packages are provided by which deriva in { - enable = true; package = pkgs.symlinkJoin { name = "nix-index"; paths = [ commandNotFound ]; }; }; - programs.nix-index-database.comma.enable = true; }; } #+end_src **** nix-your-shell -:PROPERTIES: -:CUSTOM_ID: h:3fd72021-e174-49d0-a42e-58f6ed3682f2 -:END: #+begin_src nix-ts :tangle modules/home/common/nix-your-shell.nix { lib, config, ... }: @@ -15811,7 +13217,6 @@ Eza provides me with a better =ls= command and some other useful aliases. programs.atuin = { enable = true; enableZshIntegration = true; - enableBashIntegration = true; settings = { auto_sync = true; sync_frequency = "5m"; @@ -15830,10 +13235,10 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix-ts :tangle modules/home/common/git.nix - { lib, config, globals, minimal, confLib, ... }: + { lib, config, globals, minimal, nixosConfig ? config, ... }: let - inherit (confLib.getConfig.repo.secrets.common.mail) address1; - inherit (confLib.getConfig.repo.secrets.common) fullName; + inherit (nixosConfig.repo.secrets.common.mail) address1; + inherit (nixosConfig.repo.secrets.common) fullName; gitUser = globals.user.name; in @@ -16117,7 +13522,7 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ]; Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zsh.nix - { config, pkgs, lib, minimal, inputs, globals, confLib, ... }: + { config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }: let inherit (config.swarselsystems) flakePath isNixos; crocDomain = globals.services.croc.domain; @@ -16186,10 +13591,7 @@ Currently I only use it as before with =initExtra= though. }; history = { expireDuplicatesFirst = true; - append = true; - ignoreSpace = true; - ignoreDups = true; - path = "${config.home.homeDirectory}/.histfile"; + path = "$HOME/.histfile"; save = 100000; size = 100000; }; @@ -16246,8 +13648,8 @@ Currently I only use it as before with =initExtra= though. ''; sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) { CROC_RELAY = crocDomain; - CROC_PASS = "$(cat ${confLib.getConfig.sops.secrets.croc-password.path or ""})"; - GITHUB_TOKEN = "$(cat ${confLib.getConfig.sops.secrets.github-nixpkgs-review-token.path or ""})"; + CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})"; + GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})"; QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; # QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox"; }; @@ -16263,39 +13665,7 @@ Currently I only use it as before with =initExtra= though. } #+end_src -**** bash -:PROPERTIES: -:CUSTOM_ID: h:ab30e218-665c-46ad-9708-9d92ebc34fed -:END: - - -#+begin_src nix-ts :tangle modules/home/common/bash.nix - { config, lib, ... }: - { - options.swarselmodules.bash = lib.mkEnableOption "bash settings"; - config = lib.mkIf config.swarselmodules.bash { - - programs.bash = { - enable = true; - # needed for remote builders - bashrcExtra = lib.mkIf (!config.swarselsystems.isNixos) '' - export PATH="/nix/var/nix/profiles/default/bin:$PATH" - ''; - historyFile = "${config.home.homeDirectory}/.histfile"; - historySize = 100000; - historyFileSize = 100000; - historyControl = [ - "ignoreboth" - ]; - }; - }; - } -#+end_src - **** zellij -:PROPERTIES: -:CUSTOM_ID: h:87a28654-8377-41c9-8e6c-2d488e62575f -:END: ***** Main config :PROPERTIES: :CUSTOM_ID: h:00de4901-631c-4b4c-86ce-d9d6e62ed8c7 @@ -16360,9 +13730,6 @@ Currently I only use it as before with =initExtra= though. } #+end_src ***** Keybinds -:PROPERTIES: -:CUSTOM_ID: h:f65f9574-3b50-472d-8e24-2023271d1887 -:END: #+begin_src nix-ts :tangle modules/home/common/zellij-keybinds.nix { lib, config, ... }: { @@ -17624,10 +14991,10 @@ Currently I only use it as before with =initExtra= though. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. #+begin_src nix-ts :tangle modules/home/common/mail.nix - { lib, config, inputs, globals, confLib, ... }: + { lib, config, inputs, nixosConfig ? config, ... }: let - inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4; - inherit (confLib.getConfig.repo.secrets.common) fullName; + inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; + inherit (nixosConfig.repo.secrets.common) fullName; inherit (config.swarselsystems) xdgDir; in { @@ -17749,43 +15116,24 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl maildirBasePath = "Mail"; accounts = { swarsel = { - imap = { - host = globals.services.mailserver.domain; - port = 993; - tls.enable = true; # SSL/TLS - }; - smtp = { - host = globals.services.mailserver.domain; - port = 465; - tls.enable = true; # SSL/TLS - }; - thunderbird = { - enable = true; - profiles = [ "default" ]; - }; address = address4; - userName = address4; + userName = address4-user; realName = fullName; - passwordCommand = "cat ${confLib.getConfig.sops.secrets.address4-token.path}"; - mu.enable = true; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; + smtp = { + host = address4-host; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + mu.enable = false; msmtp = { enable = true; }; mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - AuthMechs = "LOGIN"; - }; - }; + enable = false; }; }; @@ -17795,7 +15143,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${confLib.getConfig.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -17809,7 +15157,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${confLib.getConfig.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; } defaultSettings; @@ -17819,7 +15167,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${confLib.getConfig.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; } defaultSettings; @@ -17958,14 +15306,12 @@ Lastly, I am defining some more packages here that the parser has problems findi secrets = { fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; emacs-radicale-pw = { }; - github-forge-token = { }; }; templates = { authinfo = { path = "${homeDir}/.emacs.d/.authinfo"; content = '' machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} - machine api.github.com login ${mainUser}^forge password ${config.sops.placeholder.github-forge-token} ''; }; }; @@ -18649,9 +15995,6 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+end_src ***** blueman-applet -:PROPERTIES: -:CUSTOM_ID: h:06aceb90-3b97-4d77-9e13-b1a8af26dd50 -:END: #+begin_src nix-ts :tangle modules/home/common/blueman-applet.nix { lib, config, ... }: @@ -18664,9 +16007,6 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+end_src ***** network-manager-applet -:PROPERTIES: -:CUSTOM_ID: h:67907a83-40ed-49ad-9fa7-bcc0b9cf5936 -:END: #+begin_src nix-ts :tangle modules/home/common/network-manager-applet.nix { lib, config, ... }: @@ -18680,9 +16020,6 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+end_src ***** obsidian service for tray -:PROPERTIES: -:CUSTOM_ID: h:7f943057-e0c8-4dbd-9875-67e55bc74a47 -:END: #+begin_src nix-ts :tangle modules/home/common/obsidian-tray.nix { lib, config, ... }: @@ -18715,9 +16052,6 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+end_src ***** anki service for tray -:PROPERTIES: -:CUSTOM_ID: h:872deae6-dc31-44ac-9c4a-95720fce0a53 -:END: Sets up a systemd user service for anki that does not stall the shutdown process. Note that the outcommented =ExecStart= does not work because the home-manager anki package builds a separate anki package that - I think - cannot be referenced as no such expression exists in the module. @@ -18761,9 +16095,6 @@ Sets up a systemd user service for anki that does not stall the shutdown process #+end_src ***** element service for tray -:PROPERTIES: -:CUSTOM_ID: h:2d0f1a35-cff5-4c24-b104-e431c05ae563 -:END: #+begin_src nix-ts :tangle modules/home/common/element-tray.nix { lib, config, pkgs, ... }: @@ -18796,9 +16127,6 @@ Sets up a systemd user service for anki that does not stall the shutdown process #+end_src ***** vesktop service for tray -:PROPERTIES: -:CUSTOM_ID: h:ea741a3c-982e-4e23-8ecf-b30193a5c326 -:END: #+begin_src nix-ts :tangle modules/home/common/vesktop-tray.nix { lib, config, pkgs, ... }: @@ -18831,9 +16159,6 @@ Sets up a systemd user service for anki that does not stall the shutdown process #+end_src ***** syncthing service for tray -:PROPERTIES: -:CUSTOM_ID: h:5e7c606f-628a-4849-94e9-359d7b75f228 -:END: #+begin_src nix-ts :tangle modules/home/common/syncthing-tray.nix { lib, config, pkgs, ... }: @@ -18968,7 +16293,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case. #+begin_src nix-ts :tangle modules/home/common/sway.nix - { config, lib, vars, confLib, ... }: + { config, lib, vars, nixosConfig ? config, ... }: let eachOutput = _: monitor: { inherit (monitor) name; @@ -19351,7 +16676,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se export XDG_CURRENT_DESKTOP=sway; export XDG_SESSION_DESKTOP=sway; export _JAVA_AWT_WM_NONREPARENTING=1; - export GITHUB_NOTIFICATION_TOKEN_PATH=${confLib.getConfig.sops.secrets.github-notifications-token.path}; + export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path}; '' + vars.waylandExports; # extraConfigEarly = " # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK @@ -19398,6 +16723,226 @@ Currently, I am too lazy to explain every option here, but most of it is very se } #+end_src +**** Niri +:PROPERTIES: +:CUSTOM_ID: h:06e77ca4-28ff-4cfd-bc60-b7fd848bfedb +:END: + +#+begin_src nix-ts :tangle modules/home/common/niri.nix + { config, pkgs, lib, vars, ... }: + { + options.swarselmodules.niri = lib.mkEnableOption "niri settings"; + config = lib.mkIf config.swarselmodules.niri { + + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } + { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } + ]; + window-rules = [ + { + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; + }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { + enable = true; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; + }; + }; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; + }; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; + }; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + # "Mod+s".action = screenshot { show-pointer = false; }; + "Mod+s".action.screenshot = { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; + }; + spawn-at-startup = [ + # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + # { command = [ "anki" ]; } + # { command = [ "obsidian" ]; } + # { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = ""; + }; + }; + }; + }; + + } // { + programs.niri = lib.mkIf (!config.swarselmodules.niri) { + package = null; + config = null; + settings = null; + }; + }; + } +#+end_src + **** Kanshi :PROPERTIES: :CUSTOM_ID: h:eb94df98-2bcd-4555-9f88-e252f93b924f @@ -19589,9 +17134,9 @@ When setting up a new machine: This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix-ts :tangle modules/home/common/gammastep.nix - { lib, config, confLib, ... }: + { lib, config, nixosConfig ? config, ... }: let - inherit (confLib.getConfig.repo.secrets.common.location) latitude longitude; + inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; @@ -19638,15 +17183,12 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** Obsidian -:PROPERTIES: -:CUSTOM_ID: h:ffd97152-63ce-41a0-a40e-c78ba3eb6722 -:END: #+begin_src nix-ts :tangle modules/home/common/obsidian.nix - { lib, config, pkgs, confLib, ... }: + { lib, config, pkgs, nixosConfig ? config, ... }: let moduleName = "obsidian"; - inherit (confLib.getConfig.repo.secrets.common.obsidian) userIgnoreFilters; + inherit (nixosConfig.repo.secrets.common.obsidian) userIgnoreFilters; name = "Main"; in { @@ -19799,13 +17341,10 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** Anki -:PROPERTIES: -:CUSTOM_ID: h:6f2839dc-c681-4697-8e93-4ef191362434 -:END: #+begin_src nix-ts :tangle modules/home/common/anki.nix - { lib, config, pkgs, globals, inputs, confLib, ... }: + { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }: let moduleName = "anki"; inherit (config.swarselsystems) isPublic isNixos; @@ -19830,11 +17369,11 @@ This service changes the screen hue at night. I am not sure if that really does syncMedia = true; autoSyncMediaMinutes = 5; url = "https://${globals.services.ankisync.domain}"; - usernameFile = confLib.getConfig.sops.secrets.anki-user.path; + usernameFile = nixosConfig.sops.secrets.anki-user.path; # this is not the password but the syncKey # get it by logging in or out, saving preferences and then # show details on the "settings wont be saved" dialog - keyFile = confLib.getConfig.sops.secrets.anki-pw.path; + keyFile = nixosConfig.sops.secrets.anki-pw.path; }; addons = let @@ -19874,13 +17413,10 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** Element-desktop -:PROPERTIES: -:CUSTOM_ID: h:add71e84-43ff-40c7-9173-de43a13bbae6 -:END: #+begin_src nix-ts :tangle modules/home/common/element.nix - { lib, config, globals, ... }: + { lib, config, ... }: let moduleName = "element-desktop"; in @@ -19892,7 +17428,7 @@ This service changes the screen hue at night. I am not sure if that really does settings = { default_server_config = { "m.homeserver" = { - base_url = "https://${globals.services.matrix.domain}/"; + base_url = "https://swatrix.swarsel.win/"; }; }; UIFeature = { @@ -19912,16 +17448,13 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** Hexchat -:PROPERTIES: -:CUSTOM_ID: h:812cedcd-520e-417e-8923-aaae5ff5e316 -:END: #+begin_src nix-ts :tangle modules/home/common/hexchat.nix - { lib, config, confLib, ... }: + { lib, config, nixosConfig ? config, ... }: let moduleName = "hexchat"; - inherit (confLib.getConfig.repo.secrets.common.irc) irc_nick1; + inherit (nixosConfig.repo.secrets.common.irc) irc_nick1; in { options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings"; @@ -19938,9 +17471,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** obs-studio -:PROPERTIES: -:CUSTOM_ID: h:ef995044-6833-40d6-825b-64063c00a790 -:END: #+begin_src nix-ts :tangle modules/home/common/obs-studio.nix @@ -19960,9 +17490,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** spotify-player -:PROPERTIES: -:CUSTOM_ID: h:b99d62a1-4560-429f-81c1-29fc544a46fb -:END: #+begin_src nix-ts :tangle modules/home/common/spotify-player.nix { lib, config, ... }: @@ -19981,9 +17508,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** vesktop -:PROPERTIES: -:CUSTOM_ID: h:f5e191c5-b8c0-4f66-aa38-9cbfb1619058 -:END: #+begin_src nix-ts :tangle modules/home/common/vesktop.nix { lib, pkgs, config, ... }: @@ -20069,9 +17593,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** batsignal -:PROPERTIES: -:CUSTOM_ID: h:b30fcdf0-93d8-4600-a267-e210bec8e680 -:END: #+begin_src nix-ts :tangle modules/home/common/batsignal.nix { lib, config, ... }: @@ -20102,9 +17623,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** autotiling -:PROPERTIES: -:CUSTOM_ID: h:a7bac755-510c-424b-b964-18fb9e4a6667 -:END: #+begin_src nix-ts :tangle modules/home/common/autotiling.nix { lib, config, ... }: @@ -20124,9 +17642,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** swayidle -:PROPERTIES: -:CUSTOM_ID: h:2e23f3d9-ab65-4f2f-912f-dc236189c457 -:END: #+begin_src nix-ts :tangle modules/home/common/swayidle.nix { lib, config, pkgs, ... }: @@ -20166,9 +17681,6 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** swaylock -:PROPERTIES: -:CUSTOM_ID: h:8e508f62-d3e4-48bc-8bce-641bf38a0106 -:END: #+begin_src nix-ts :tangle modules/home/common/swaylock.nix { lib, config, pkgs, ... }: @@ -20195,12 +17707,9 @@ This service changes the screen hue at night. I am not sure if that really does #+end_src **** opkssh -:PROPERTIES: -:CUSTOM_ID: h:99bde2b8-ab38-4082-b06b-4afde9d06228 -:END: #+begin_src nix-ts :tangle modules/home/common/opkssh.nix - { lib, config, globals, ... }: + { lib, config, ... }: let moduleName = "opkssh"; in @@ -20215,7 +17724,7 @@ This service changes the screen hue at night. I am not sure if that really does providers = [ { alias = "kanidm"; - issuer = "https://${globals.services.kanidm.domain}/oauth2/openid/opkssh"; + issuer = "https://sso.swarsel.win/oauth2/openid/opkssh"; client_id = "opkssh"; scopes = "openid email profile"; redirect_uris = [ @@ -20326,230 +17835,6 @@ Akin to the [[#h:f9aa9af0-9b8d-43ff-901d-9ffccdd70589][Optional]] NixOS modules. } #+end_src -**** Niri -:PROPERTIES: -:CUSTOM_ID: h:06e77ca4-28ff-4cfd-bc60-b7fd848bfedb -:END: - -#+begin_src nix-ts :tangle modules/home/optional/niri.nix - { inputs, config, pkgs, lib, vars, ... }: - { - imports = [ - inputs.niri-flake.homeModules.niri - ]; - options.swarselmodules.niri = lib.mkEnableOption "niri settings"; - config = lib.mkIf config.swarselmodules.niri - { - - programs.niri = { - package = pkgs.niri-unstable; # which package to use for niri validation - settings = { - xwayland-satellite = { - enable = true; - path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; - }; - prefer-no-csd = true; - layer-rules = [ - { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } - { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } - ]; - window-rules = [ - { - matches = [{ app-id = ".*"; }]; - opacity = 0.95; - default-column-width = { proportion = 0.5; }; - shadow = { - enable = true; - draw-behind-window = true; - }; - geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; - } - { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } - { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } - { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } - { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } - { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } - { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } - { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } - { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } - { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } - { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } - { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } - { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } - { matches = [{ title = "^Add$"; }]; open-floating = true; } - { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } - { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } - { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - ]; - environment = { - DISPLAY = ":0"; - } // vars.waylandSessionVariables; - screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; - input = { - mod-key = "Super"; - keyboard = { - xkb = { - layout = "us"; - variant = "altgr-intl"; - }; - }; - mouse = { - natural-scroll = false; - }; - touchpad = { - enable = true; - tap = true; - tap-button-map = "left-right-middle"; - natural-scroll = true; - scroll-method = "two-finger"; - click-method = "clickfinger"; - disabled-on-external-mouse = true; - drag = true; - drag-lock = false; - dwt = true; - dwtp = true; - }; - }; - cursor = { - hide-after-inactive-ms = 2000; - hide-when-typing = true; - }; - layout = { - background-color = "transparent"; - border = { - enable = true; - width = 1; - }; - focus-ring = { - enable = false; - }; - gaps = 5; - }; - binds = with config.lib.niri.actions; let - sh = spawn "sh" "-c"; - in - { - - # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+Shift+t".action = toggle-window-rule-opacity; - # "Mod+Escape".action = "mode $exit"; - "Mod+m".action = focus-workspace-previous; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Shift+f".action = toggle-windowed-fullscreen; - "Mod+q".action = close-window; - "Mod+f".action = spawn "firefox"; - "Mod+Space".action = spawn "fuzzel"; - "Mod+Shift+c".action = spawn "qalculate-gtk"; - "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; - "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; - "Mod+h".action = sh ''hyprpicker | wl-copy''; - # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; - # "Mod+s".action = screenshot { show-pointer = false; }; - "Mod+s".action.screenshot = { show-pointer = false; }; - # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; - "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; - # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - - "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; - "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; - "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; - "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; - "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; - - "Mod+a".action = spawn "swarselcheck-niri" "-s"; - "Mod+x".action = spawn "swarselcheck-niri" "-k"; - "Mod+d".action = spawn "swarselcheck-niri" "-d"; - "Mod+w".action = spawn "swarselcheck-niri" "-e"; - - "Mod+p".action = spawn "pass-fuzzel"; - "Mod+o".action = spawn "pass-fuzzel" "--otp"; - "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; - "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; - - "Mod+Left".action = focus-column-or-monitor-left; - "Mod+Right".action = focus-column-or-monitor-right; - "Mod+Down".action = focus-window-or-workspace-down; - "Mod+Up".action = focus-window-or-workspace-up; - "Mod+Shift+Left".action = move-column-left; - "Mod+Shift+Right".action = move-column-right; - "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; - "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; - # "Mod+Ctrl+Shift+c".action = "reload"; - # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; - # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - # "Mod+r".action = "mode resize"; - # "Mod+Return".action = "exec kitty"; - "Mod+Return".action = spawn "swarselzellij"; - "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; - "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; - "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; - "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; - "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; - "XF86Display".action = spawn "wl-mirror" "eDP-1"; - "Mod+Escape".action = spawn "wlogout"; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+0".action = focus-workspace 0; - - "Mod+Shift+1".action = move-column-to-index 1; - "Mod+Shift+2".action = move-column-to-index 2; - "Mod+Shift+3".action = move-column-to-index 3; - "Mod+Shift+4".action = move-column-to-index 4; - "Mod+Shift+5".action = move-column-to-index 5; - "Mod+Shift+6".action = move-column-to-index 6; - "Mod+Shift+7".action = move-column-to-index 7; - "Mod+Shift+8".action = move-column-to-index 8; - "Mod+Shift+9".action = move-column-to-index 9; - "Mod+Shift+0".action = move-column-to-index 0; - }; - spawn-at-startup = [ - # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } - # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } - # { command = [ "anki" ]; } - # { command = [ "obsidian" ]; } - # { command = [ "nm-applet" ]; } - { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } - ]; - workspaces = { - # "01-Main" = { - # name = "Scratchpad"; - # }; - "99-Scratchpad" = { - name = ""; - }; - }; - }; - }; - - } // { - programs.niri = lib.mkIf (!config.swarselmodules.niri) { - package = null; - config = null; - settings = null; - }; - }; - } -#+end_src - **** Gaming :PROPERTIES: :CUSTOM_ID: h:84fd7029-ecb6-4131-9333-289982f24ffa @@ -20558,12 +17843,13 @@ Akin to the [[#h:f9aa9af0-9b8d-43ff-901d-9ffccdd70589][Optional]] NixOS modules. The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming]]. #+begin_src nix-ts :tangle modules/home/optional/gaming.nix - { config, pkgs, confLib, ... }: + { lib, config, pkgs, nixosConfig ? config, ... }: let inherit (config.swarselsystems) isNixos; in { - config = { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ @@ -20603,7 +17889,7 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming gamescope umu-launcher ]; - steamPackage = if isNixos then confLib.getConfig.programs.steam.package else pkgs.steam; + steamPackage = if isNixos then nixosConfig.programs.steam.package else pkgs.steam; winePackages = with pkgs; [ wineWow64Packages.waylandFull ]; @@ -20634,428 +17920,397 @@ When setting up a new machine: #+end_src #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, inputs, config, pkgs, lib, vars, confLib, ... }: + { self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir mainUser; - inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses; - inherit (confLib.getConfig.repo.secrets.local.work) mailAddress; + inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses; + inherit (nixosConfig.repo.secrets.local.work) mailAddress; certsSopsFile = self + /secrets/certs/secrets.yaml; in { - options.swarselmodules.optional-work = lib.swarselsystems.mkTrueOption; - config = { - home = { - packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - # rclone - libguestfs-with-appliance - prometheus.cli - tigervnc - # openstackclient + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work + ({ + home = { + packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + # rclone + libguestfs-with-appliance + prometheus.cli + tigervnc + # openstackclient - vscode - dev.antigravity + vscode - rustdesk-vbc - ]; - sessionVariables = { - AWS_CA_BUNDLE = confLib.getConfig.sops.secrets.harica-root-ca.path; - }; - }; - systemd.user.sessionVariables = { - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - } // lib.optionalAttrs (!config.swarselsystems.isPublic) { - SWARSEL_MAIL_ALL = lib.mkForce allMailAddresses; - SWARSEL_MAIL_WORK = lib.mkForce mailAddress; - }; - - accounts.email.accounts.work = - let - inherit (confLib.getConfig.repo.secrets.local.work) mailName; - in - { - primary = false; - address = mailAddress; - userName = mailAddress; - realName = mailName; - passwordCommand = "pizauth show work"; - imap = { - host = "outlook.office365.com"; - port = 993; - tls.enable = true; # SSL/TLS - }; - smtp = { - host = "outlook.office365.com"; - port = 587; - tls = { - enable = true; # SSL/TLS - useStartTls = true; - }; - }; - thunderbird = { - enable = true; - profiles = [ "default" ]; - settings = id: { - "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth - "mail.server.server_${id}.authMethod" = 10; # oauth - # "toolkit.telemetry.enabled" = false; - # "toolkit.telemetry.rejected" = true; - # "toolkit.telemetry.prompted" = 2; - }; - }; - msmtp = { - enable = true; - extraConfig = { - auth = "xoauth2"; - host = "outlook.office365.com"; - protocol = "smtp"; - port = "587"; - tls = "on"; - tls_starttls = "on"; - from = "${mailAddress}"; - user = "${mailAddress}"; - passwordeval = "pizauth show work"; - }; - }; - mu.enable = true; - mbsync = { - enable = true; - expunge = "both"; - patterns = [ "INBOX" ]; - extraConfig = { - account = { - AuthMechs = "XOAUTH2"; - }; - }; - }; - }; - - # wayland.windowManager.sway.config = { - # output = { - # "Applied Creative Technology Transmitter QUATTRO201811" = { - # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - # }; - # "Hewlett Packard HP Z24i CN44250RDT" = { - # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - # }; - # "HP Inc. HP 732pk CNC4080YL5" = { - # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - # }; - # }; - # }; - - wayland.windowManager.sway = - let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; - in - { - config = { - keybindings = - let - inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; - "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; - }; - }; - }; - - stylix = { - targets.firefox.profileNames = - let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user2 user3; - in - [ - "${user1}" - "${user2}" - "${user3}" - "work" + rustdesk-vbc ]; - }; - - programs = - let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; - in - { - openstackclient = { - enable = true; - inherit clouds; - }; - awscli = { - enable = true; - package = pkgs.stable24_05.awscli2; - # settings = { - # "default" = { }; - # "profile s3-imagebuilder-prod" = { }; - # }; - # credentials = { - # "s3-imagebuilder-prod" = { - # aws_access_key_id = "5OYXY4879EJG9I91K1B6"; - # credential_process = "${pkgs.pass}/bin/pass show work/awscli/s3-imagebuilder-prod/secret-key"; - # }; - # }; - }; - git.settings.user.email = lib.mkForce gitMail; - - zsh = { - shellAliases = { - dssh = "ssh -l ${user1Long}"; - cssh = "ssh -l ${user2Long}"; - wssh = "ssh -l ${user3Long}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = path1; - }; - - sessionVariables = { - VSPHERE_USER = "$(cat ${confLib.getConfig.sops.secrets.vcuser.path})"; - VSPHERE_PW = "$(cat ${confLib.getConfig.sops.secrets.vcpw.path})"; - GOVC_USERNAME = "$(cat ${confLib.getConfig.sops.secrets.govcuser.path})"; - GOVC_PASSWORD = "$(cat ${confLib.getConfig.sops.secrets.govcpw.path})"; - GOVC_URL = "$(cat ${confLib.getConfig.sops.secrets.govcurl.path})"; - GOVC_DATACENTER = "$(cat ${confLib.getConfig.sops.secrets.govcdc.path})"; - GOVC_DATASTORE = "$(cat ${confLib.getConfig.sops.secrets.govcds.path})"; - GOVC_HOST = "$(cat ${confLib.getConfig.sops.secrets.govchost.path})"; - GOVC_RESOURCE_POOL = "$(cat ${confLib.getConfig.sops.secrets.govcpool.path})"; - GOVC_NETWORK = "$(cat ${confLib.getConfig.sops.secrets.govcnetwork.path})"; - }; - }; - - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; - }; - }; - }; - - firefox = { - profiles = - let - isDefault = false; - in - { - "${user1}" = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "${site1}|${site2}"; - }; - } - vars.firefox; - "${user2}" = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "${site3}"; - }; - } - vars.firefox; - "${user3}" = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - vars.firefox; - work = lib.recursiveUpdate - { - inherit isDefault; - id = 4; - settings = { - "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; - }; - } - vars.firefox; - }; - }; - - chromium = { - enable = true; - package = pkgs.chromium; - - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" - ]; + sessionVariables = { + AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path; }; }; + systemd.user.sessionVariables = { + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; + } // lib.optionalAttrs (!config.swarselsystems.isPublic) { + SWARSEL_MAIL_ALL = lib.mkForce allMailAddresses; + SWARSEL_MAIL_WORK = lib.mkForce mailAddress; + }; - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; + accounts.email.accounts.work = + let + inherit (nixosConfig.repo.secrets.local.work) mailName; + in + { + primary = false; + address = mailAddress; + userName = mailAddress; + realName = mailName; + passwordCommand = "pizauth show work"; + imap = { + host = "outlook.office365.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "outlook.office365.com"; + port = 587; + tls = { + enable = true; # SSL/TLS + useStartTls = true; }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + settings = id: { + "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth + "mail.server.server_${id}.authMethod" = 10; # oauth + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.prompted" = 2; }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; + }; + msmtp = { + enable = true; + extraConfig = { + auth = "xoauth2"; + host = "outlook.office365.com"; + protocol = "smtp"; + port = "587"; + tls = "on"; + tls_starttls = "on"; + from = "${mailAddress}"; + user = "${mailAddress}"; + passwordeval = "pizauth show work"; }; - } - { - profile = { - name = "lidopen"; - exec = [ - "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" - ]; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; + }; + mu.enable = true; + mbsync = { + enable = true; + expunge = "both"; + patterns = [ "INBOX" ]; + extraConfig = { + account = { + AuthMechs = "XOAUTH2"; + }; }; - } - { - profile = + }; + }; + + # wayland.windowManager.sway.config = { + # output = { + # "Applied Creative Technology Transmitter QUATTRO201811" = { + # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + # }; + # "Hewlett Packard HP Z24i CN44250RDT" = { + # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + # }; + # "HP Inc. HP 732pk CNC4080YL5" = { + # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + # }; + # }; + # }; + + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = let - monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + inherit (config.wayland.windowManager.sway.config) modifier; in { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + + stylix = { + targets.firefox.profileNames = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; + in + [ + "${user1}" + "${user2}" + "${user3}" + "work" + ]; + }; + + programs = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; + in + { + openstackclient = { + enable = true; + inherit clouds; + }; + awscli = { + enable = true; + package = pkgs.stable24_05.awscli2; + # settings = { + # "default" = { }; + # "profile s3-imagebuilder-prod" = { }; + # }; + # credentials = { + # "s3-imagebuilder-prod" = { + # aws_access_key_id = "5OYXY4879EJG9I91K1B6"; + # credential_process = "${pkgs.pass}/bin/pass show work/awscli/s3-imagebuilder-prod/secret-key"; + # }; + # }; + }; + git.settings.user.email = lib.mkForce gitMail; + + zsh = { + shellAliases = { + dssh = "ssh -l ${user1Long}"; + cssh = "ssh -l ${user2Long}"; + wssh = "ssh -l ${user3Long}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = path1; + }; + + sessionVariables = { + VSPHERE_USER = "$(cat ${nixosConfig.sops.secrets.vcuser.path})"; + VSPHERE_PW = "$(cat ${nixosConfig.sops.secrets.vcpw.path})"; + GOVC_USERNAME = "$(cat ${nixosConfig.sops.secrets.govcuser.path})"; + GOVC_PASSWORD = "$(cat ${nixosConfig.sops.secrets.govcpw.path})"; + GOVC_URL = "$(cat ${nixosConfig.sops.secrets.govcurl.path})"; + GOVC_DATACENTER = "$(cat ${nixosConfig.sops.secrets.govcdc.path})"; + GOVC_DATASTORE = "$(cat ${nixosConfig.sops.secrets.govcds.path})"; + GOVC_HOST = "$(cat ${nixosConfig.sops.secrets.govchost.path})"; + GOVC_RESOURCE_POOL = "$(cat ${nixosConfig.sops.secrets.govcpool.path})"; + GOVC_NETWORK = "$(cat ${nixosConfig.sops.secrets.govcnetwork.path})"; + }; + }; + + ssh = { + matchBlocks = { + "${loc1}" = { + hostname = "${loc1}.${domain2}"; + user = user4; + }; + "${loc1}.stg" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.staging" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.dev" = { + hostname = "${loc1}.${lifecycle2}.${domain2}"; + user = user4; + }; + "${loc2}" = { + hostname = "${loc2}.${domain1}"; + user = user1Long; + }; + "${loc2}.stg" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "${loc2}.staging" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "*.${domain1}" = { + user = user1Long; + }; + }; + }; + + firefox = { + profiles = + let + isDefault = false; + in + { + "${user1}" = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "${site1}|${site2}"; + }; + } + vars.firefox; + "${user2}" = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "${site3}"; + }; + } + vars.firefox; + "${user3}" = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + vars.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; + }; + } + vars.firefox; + }; + }; + + chromium = { + enable = true; + package = pkgs.chromium; + + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { name = "lidopen"; exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" - "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'" + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { criteria = config.swarselsystems.sharescreen; status = "enable"; - scale = 1.7; - position = "2560,0"; + scale = 1.5; + position = "1462,0"; } { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; } ]; }; - } - { - profile = { - name = "lidclosed"; - exec = [ - "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" - ]; - outputs = [ + } + { + profile = + let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = - let - monitor = "Applied Creative Technology Transmitter QUATTRO201811"; - in - { + name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + { + profile = { name = "lidclosed"; exec = [ - "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { @@ -21063,241 +18318,272 @@ When setting up a new machine: status = "disable"; } { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; } ]; }; - } - ]; - }; - }; - - systemd.user.services = { - pizauth.Service = { - ExecStartPost = [ - "${pkgs.toybox}/bin/sleep 1" - "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" - ]; - }; - - teams-applet = { - Unit = { - Description = "teams applet"; - Requires = [ "tray.target" ]; - After = [ - "graphical-session.target" - "tray.target" + } + { + profile = + let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in + { + name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } ]; - PartOf = [ "graphical-session.target" ]; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - - Service = { - ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; }; }; - onepassword-applet = { - Unit = { - Description = "1password applet"; - Requires = [ "tray.target" ]; - After = [ - "graphical-session.target" - "tray.target" + systemd.user.services = { + pizauth.Service = { + ExecStartPost = [ + "${pkgs.toybox}/bin/sleep 1" + "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" ]; - PartOf = [ "graphical-session.target" ]; }; - Install = { - WantedBy = [ "graphical-session.target" ]; - }; + teams-applet = { + Unit = { + Description = "teams applet"; + Requires = [ "tray.target" ]; + After = [ + "graphical-session.target" + "tray.target" + ]; + PartOf = [ "graphical-session.target" ]; + }; - Service = { - ExecStart = "${pkgs._1password-gui}/bin/1password"; - }; - }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; - }; - - services.pizauth = { - enable = true; - extraConfig = '' - auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; - error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; - token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; - ''; - accounts = { - work = { - authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; - clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; - clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; - scopes = [ - "https://outlook.office365.com/IMAP.AccessAsUser.All" - "https://outlook.office365.com/SMTP.Send" - "offline_access" - ]; - loginHint = "${confLib.getConfig.repo.secrets.local.work.mailAddress}"; - }; - }; - - }; - - xdg = - let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user2 user3; - in - { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + Service = { + ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; }; }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_work = { - name = "Firefox (work)"; - genericName = "Firefox work"; - exec = "firefox -p work"; - inherit terminal categories icon; - }; - "firefox_${user1}" = { - name = "Firefox (${user1})"; - genericName = "Firefox ${user1}"; - exec = "firefox -p ${user1}"; - inherit terminal categories icon; - }; - - "firefox_${user2}" = { - name = "Firefox (${user2})"; - genericName = "Firefox ${user2}"; - exec = "firefox -p ${user2}"; - inherit terminal categories icon; - }; - - "firefox_${user3}" = { - name = "Firefox (${user3})"; - genericName = "Firefox ${user3}"; - exec = "firefox -p ${user3}"; - inherit terminal categories icon; - }; - + onepassword-applet = { + Unit = { + Description = "1password applet"; + Requires = [ "tray.target" ]; + After = [ + "graphical-session.target" + "tray.target" + ]; + PartOf = [ "graphical-session.target" ]; }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + ExecStart = "${pkgs._1password-gui}/bin/1password"; + }; + }; + }; - swarselsystems = { - startup = [ - # { command = "nextcloud --background"; } - # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - # { command = "anki"; } - # { command = "obsidian"; } - # { command = "nm-applet"; } - # { command = "feishin"; } - # { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } - # { command = "1password"; } - ]; - monitors = { - work_back_middle = rec { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-10"; - output = name; - }; - work_front_left = rec { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-7"; - output = name; - }; - work_back_right = rec { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-3"; - output = name; - }; - work_middle_middle_main = rec { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - # output = "DP-8"; - output = name; - }; - work_middle_middle_side = rec { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - # output = "DP-9"; - output = name; - }; - work_seminary = rec { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - # output = "DP-4"; - output = name; + + services.pizauth = { + enable = true; + extraConfig = '' + auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; + error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; + token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; + ''; + accounts = { + work = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + }; }; + }; - inputs = { - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; + + xdg = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; + in + { + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + }; + }; + desktopEntries = + let + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; + in + { + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; + "firefox_${user1}" = { + name = "Firefox (${user1})"; + genericName = "Firefox ${user1}"; + exec = "firefox -p ${user1}"; + inherit terminal categories icon; + }; + + "firefox_${user2}" = { + name = "Firefox (${user2})"; + genericName = "Firefox ${user2}"; + exec = "firefox -p ${user2}"; + inherit terminal categories icon; + }; + + "firefox_${user3}" = { + name = "Firefox (${user3})"; + genericName = "Firefox ${user3}"; + exec = "firefox -p ${user3}"; + inherit terminal categories icon; + }; + + + }; }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; + swarselsystems = { + startup = [ + # { command = "nextcloud --background"; } + # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + # { command = "anki"; } + # { command = "obsidian"; } + # { command = "nm-applet"; } + # { command = "feishin"; } + # { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } + # { command = "1password"; } + ]; + monitors = { + work_back_middle = rec { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-10"; + output = name; + }; + work_front_left = rec { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-7"; + output = name; + }; + work_back_right = rec { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-3"; + output = name; + }; + work_middle_middle_main = rec { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + # output = "DP-8"; + output = name; + }; + work_middle_middle_side = rec { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + # output = "DP-9"; + output = name; + }; + work_seminary = rec { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + # output = "DP-4"; + output = name; + }; }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + + }; + } // lib.optionalAttrs (inputs ? sops) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + harica-root-ca = { + sopsFile = certsSopsFile; + path = "${homeDir}/.aws/certs/harica-root.pem"; + owner = mainUser; }; }; - }; - } // lib.optionalAttrs (inputs ? sops) { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { - harica-root-ca = { - sopsFile = certsSopsFile; - path = "${homeDir}/.aws/certs/harica-root.pem"; - owner = mainUser; - }; - }; - - }; + }); } @@ -21309,27 +18595,29 @@ When setting up a new machine: :END: #+begin_src nix-ts :tangle modules/home/optional/uni.nix :noweb yes - { confLib, ... }: + { config, lib, nixosConfig ? config, ... }: { - config = { - services.pizauth = { - enable = true; - accounts = { - uni = { - authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; - clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; - clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; - scopes = [ - "https://outlook.office365.com/IMAP.AccessAsUser.All" - "https://outlook.office365.com/SMTP.Send" - "offline_access" - ]; - loginHint = "${confLib.getConfig.repo.secrets.local.uni.mailAddress}"; + options.swarselmodules.optional.uni = lib.mkEnableOption "optional uni settings"; + config = lib.mkIf config.swarselmodules.optional.uni + { + services.pizauth = { + enable = true; + accounts = { + uni = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.uni.mailAddress}"; + }; }; }; }; - }; } #+end_src @@ -21342,9 +18630,10 @@ When setting up a new machine: This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/home/optional/framework.nix - _: + { lib, config, ... }: { - config = { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { @@ -21376,26 +18665,6 @@ TODO: check which of these can be replaced but builtin functions. { self, config, lib, ... }: { options.swarselsystems = { - proxyHost = lib.mkOption { - type = lib.types.str; - default = config.node.name; - }; - isBastionTarget = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isCloud = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isServer = lib.mkOption { - type = lib.types.bool; - default = config.swarselsystems.isCloud; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = config.swarselsystems.isLaptop; - }; withHomeManager = lib.mkOption { type = lib.types.bool; default = true; @@ -21429,7 +18698,7 @@ TODO: check which of these can be replaced but builtin functions. isBtrfs = lib.mkEnableOption "use btrfs filesystem"; sopsFile = lib.mkOption { type = lib.types.str; - default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; }; homeDir = lib.mkOption { type = lib.types.str; @@ -21718,43 +18987,6 @@ In short, the options defined here are passed to the modules systems using =_mod } #+end_src -*** Config Library (confLib) -:PROPERTIES: -:CUSTOM_ID: h:a33322d5-014a-4072-a4a5-91bc71c343b8 -:END: -#+begin_src nix-ts :noweb yes :tangle modules/shared/config-lib.nix - { config, lib, globals, nixosConfig ? null, ... }: - { - _module.args = { - confLib = rec { - - addressDefault = if config.swarselsystems.proxyHost != config.node.name then globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4 else "localhost"; - - domainDefault = service: config.repo.secrets.common.services.domains.${service}; - proxyDefault = config.swarselsystems.proxyHost; - - getConfig = if nixosConfig == null then config else nixosConfig; - - gen = { name, user ? name, group ? name, dir ? null, port ? null, domain ? (domainDefault name), address ? addressDefault, proxy ? proxyDefault }: rec { - servicePort = port; - serviceName = name; - specificServiceName = "${name}-${config.node.name}"; - serviceUser = user; - serviceGroup = group; - serviceDomain = domain; - baseDomain = lib.swarselsystems.getBaseDomain domain; - subDomain = lib.swarselsystems.getSubDomain domain; - serviceDir = dir; - serviceAddress = address; - serviceProxy = proxy; - proxyAddress4 = globals.hosts.${proxy}.wanAddress4; - proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null; - }; - }; - }; - } -#+end_src - *** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 @@ -21765,9 +18997,6 @@ This is the central station for self-defined packages. These are all referenced Note: The structure of generating the packages was changed in commit =2cf03a3 refactor: package and module generation=. That commit can be checked out in order to see a simpler version of achieving the same thing. *** Packages (flake) -:PROPERTIES: -:CUSTOM_ID: h:2803e3ab-b746-46c0-bcc4-051a23185bc3 -:END: #+begin_src nix-ts :tangle pkgs/flake/default.nix { self, lib, pkgs, ... }: @@ -21857,9 +19086,6 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src **** quickpass -:PROPERTIES: -:CUSTOM_ID: h:62b9c8cd-b585-4e93-8352-2bfa4a76aec9 -:END: #+begin_src shell :tangle files/scripts/quickpass.sh :mkdirp yes shopt -s nullglob globstar @@ -22453,8 +19679,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man ssh_port="22" persist_dir="" disk_encryption=0 - disk_encryption_args="" - no_disko_deps="false" temp=$(mktemp -d) function help_and_exit() { @@ -22474,7 +19698,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo " Default='${target_user}'." echo " --port specify the ssh port to use for remote access. Default=${ssh_port}." echo " --debug Enable debug mode." - echo " --no-disko-deps Upload only disk script and not dependencies (for use on low ram)." echo " -h | --help Print this help." exit 0 } @@ -22528,14 +19751,14 @@ This program sets up a new NixOS host remotely. It also takes care of secret man SOPS_FILE=".sops.yaml" sed -i "{ - # Remove any * and & entries for this host - /[*&]$key_name/ d; - # Inject a new age: entry - # n matches the first line following age: and p prints it, then we transform it while reusing the spacing - /age:/{n; p; s/\(.*- \*\).*/\1$key_name/}; - # Inject a new hosts or user: entry - /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/} - }" $SOPS_FILE + # Remove any * and & entries for this host + /[*&]$key_name/ d; + # Inject a new age: entry + # n matches the first line following age: and p prints it, then we transform it while reusing the spacing + /age:/{n; p; s/\(.*- \*\).*/\1$key_name/}; + # Inject a new hosts or user: entry + /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/} + }" $SOPS_FILE green "Updating .sops.yaml" cd - } @@ -22562,9 +19785,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift ssh_port=$1 ;; - --no-disko-deps) - no_disko_deps="true" - ;; --debug) set -x ;; @@ -22582,12 +19802,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man help_and_exit fi - LOCKED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.node.lockFromBootstrapping)" - if [[ $LOCKED == "true" ]]; then - red "THIS SYSTEM IS LOCKED FROM BOOTSTRAPPING" - exit - fi - green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -22598,11 +19812,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man if [[ $CRYPTED == "true" ]]; then green "Encryption: ✓" disk_encryption=1 - disk_encryption_args=( - --disk-encryption-keys - /tmp/disko-password - /tmp/disko-password - ) else red "Encryption: X" disk_encryption=0 @@ -22695,14 +19904,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man # ------------------------ green "Deploying minimal NixOS installation on $target_destination" - - if [[ $no_disko_deps == "true" ]]; then - green "Building without disko dependencies (using custom kexec)" - nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --no-disko-deps --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" --kexec "$(nix build --print-out-paths .#packages."$target_arch".swarsel-kexec)/swarsel-kexec-$target_arch.tar.gz" root@"$target_destination" - else - green "Building with disko dependencies (using nixos-images kexec)" - nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination" - fi + nix run github:nix-community/nixos-anywhere/1.10.0 -- --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination" echo "Updating ssh host fingerprint at $target_destination to ~/.ssh/known_hosts" ssh-keyscan -p "$ssh_port" "$target_destination" >> ~/.ssh/known_hosts || true @@ -22774,8 +19976,8 @@ This program sets up a new NixOS host remotely. It also takes care of secret man if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then green "Adding ssh host fingerprints for git{lab,hub}" - $ssh_cmd "mkdir -p /home/$target_user/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com | tee /home/$target_user/.ssh/known_hosts" - $ssh_root_cmd "mkdir -p /root/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com | tee /root/.ssh/known_hosts" + $ssh_cmd "mkdir -p /home/$target_user/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com swagit.swarsel.win | tee /home/$target_user/.ssh/known_hosts" + $ssh_root_cmd "mkdir -p /root/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com swagit.swarsel.win | tee /root/.ssh/known_hosts" fi # -------------------------- @@ -23744,9 +20946,6 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. } #+end_src **** endme -:PROPERTIES: -:CUSTOM_ID: h:abbd18a2-73ae-4ee4-8487-06fef23638bb -:END: Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session. @@ -23764,9 +20963,6 @@ Sometimes my DE crashes after putting it to suspend - to be precise, it happens #+end_src **** git-replace -:PROPERTIES: -:CUSTOM_ID: h:e1330feb-4a9b-4e6d-9d15-6d2adb5879d2 -:END: This script allows for quick git replace of a string. @@ -23840,9 +21036,6 @@ This script allows for quick git replace of a string. #+end_src *** Packages (config) -:PROPERTIES: -:CUSTOM_ID: h:c01a91b8-b751-4978-b987-733de63c8211 -:END: #+begin_src nix-ts :tangle pkgs/config/default.nix { self, homeConfig, lib, pkgs, ... }: @@ -23859,9 +21052,6 @@ This script allows for quick git replace of a string. #+end_src **** cdr -:PROPERTIES: -:CUSTOM_ID: h:78d17941-68b3-4b36-b378-3282ae2178b8 -:END: #+begin_src nix-ts :tangle pkgs/config/cdr/default.nix @@ -23941,6 +21131,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault false; network = lib.mkDefault true; networkDevices = lib.mkDefault true; + niri = lib.mkDefault false; nix-ld = lib.mkDefault true; nvd = lib.mkDefault true; packages = lib.mkDefault true; @@ -23949,7 +21140,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ppd = lib.mkDefault true; programs = lib.mkDefault true; pulseaudio = lib.mkDefault true; - remotebuild = lib.mkDefault true; security = lib.mkDefault true; sops = lib.mkDefault true; stylix = lib.mkDefault true; @@ -24017,6 +21207,31 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +**** Optionals + +#+begin_src nix-ts :tangle profiles/nixos/optionals/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { + swarselmodules = { + optional = { + gaming = lib.mkDefault true; + virtualbox = lib.mkDefault true; + nswitch-rcm = lib.mkDefault true; + }; + }; + + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + optionals = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src **** Hotel :PROPERTIES: :CUSTOM_ID: h:b79fbb59-9cf2-48eb-b469-2589223dda95 @@ -24076,6 +21291,87 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +**** Work +:PROPERTIES: +:CUSTOM_ID: h:cb3631a8-9c1b-42f2-ab01-502c7b4c273d +:END: + +#+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { + optional = { + work = lib.mkDefault true; + }; + }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + work = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +**** Uni +:PROPERTIES: +:CUSTOM_ID: h:87a83b10-3c2f-407c-89aa-922ad77748a4 +:END: + +#+begin_src nix-ts :tangle profiles/nixos/uni/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + # swarselmodules = { + # optional = { + # uni = lib.mkDefault true; + # }; + # }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + uni = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +**** Framework +:PROPERTIES: +:CUSTOM_ID: h:eb272c99-842a-4095-bc65-283562749300 +:END: + +#+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { + optional = { + framework = lib.mkDefault true; + }; + }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + **** Server :PROPERTIES: :CUSTOM_ID: h:dfc076fd-ee74-4663-b164-653370c52b75 @@ -24113,9 +21409,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src **** Router -:PROPERTIES: -:CUSTOM_ID: h:f3af356a-e732-471b-b8b3-37dcd70297d5 -:END: #+begin_src nix-ts :tangle profiles/nixos/router/default.nix :mkdirp yes { lib, config, ... }: @@ -24186,6 +21479,7 @@ This holds modules that are to be used on most hosts. These are also the most im kitty = lib.mkDefault true; mail = lib.mkDefault true; mako = lib.mkDefault true; + niri = lib.mkDefault false; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -24226,9 +21520,6 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src **** DGX Spark -:PROPERTIES: -:CUSTOM_ID: h:6d30ef28-ee26-4954-90f6-53c33dee9217 -:END: #+begin_src nix-ts :tangle profiles/home/dgxspark/default.nix :mkdirp yes { lib, config, ... }: @@ -24241,7 +21532,6 @@ This holds modules that are to be used on most hosts. These are also the most im atuin = lib.mkDefault true; autotiling = lib.mkDefault false; batsignal = lib.mkDefault false; - bash = lib.mkDefault true; blueman-applet = lib.mkDefault true; desktop = lib.mkDefault false; direnv = lib.mkDefault true; @@ -24263,6 +21553,7 @@ This holds modules that are to be used on most hosts. These are also the most im kitty = lib.mkDefault true; mail = lib.mkDefault false; mako = lib.mkDefault false; + niri = lib.mkDefault false; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -24301,6 +21592,28 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +**** Optionals +:PROPERTIES: +:CUSTOM_ID: h:0554a271-f8ec-4885-b46f-2a02dfd967bd +:END: + +#+begin_src nix-ts :tangle profiles/home/optionals/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { + swarselmodules = { + optional = { + gaming = lib.mkDefault true; + uni = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + **** Minimal :PROPERTIES: :CUSTOM_ID: h:26512487-8c29-4b92-835b-d67394c3f5ef @@ -24377,6 +21690,93 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +**** toto +:PROPERTIES: +:CUSTOM_ID: h:e1d4f141-af11-448a-9796-fc822a8f77ec +:END: + +#+begin_src nix-ts :tangle profiles/home/toto/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { + general = lib.mkDefault true; + sops = lib.mkDefault true; + ssh = lib.mkDefault true; + kitty = lib.mkDefault true; + git = lib.mkDefault true; + }; + }; + + } + +#+end_src + +**** Work +:PROPERTIES: +:CUSTOM_ID: h:7b091523-a5b0-48b6-8b03-4dc2405e2d81 +:END: + +#+begin_src nix-ts :tangle profiles/home/work/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { + optional = { + work = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + +**** Uni +:PROPERTIES: +:CUSTOM_ID: h:56f509b9-3271-4212-b5ea-482dbe288bda +:END: + +#+begin_src nix-ts :tangle profiles/home/uni/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + swarselmodules = { + optional = { + uni = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + +**** Framework +:PROPERTIES: +:CUSTOM_ID: h:712b9d7f-16c0-42b3-b02b-6d79ee15cfcc +:END: + +#+begin_src nix-ts :tangle profiles/home/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + **** Local Server :PROPERTIES: :CUSTOM_ID: h:8027b858-369e-4f12-bbaf-f15eeee3d904 @@ -24543,9 +21943,6 @@ In this section I define extra functions that I need. Some of these functions I Since I am rebinding the =C-z= hotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly. -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. - - #+begin_src emacs-lisp ;; -*- lexical-binding: t; -*- @@ -24562,9 +21959,7 @@ We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom :CUSTOM_ID: h:1e0ee570-e509-4ecb-a3af-b75543731bb0 :END: -I often find myself bouncing between two buffers when I do not want to use a window split. This function simply jumps to the last used buffer. - -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. +I often find myself bouncing between two buffers when I do not want to use a window split. This funnction simply jumps to the last used buffer. #+begin_src emacs-lisp @@ -24653,8 +22048,6 @@ The below function avoids these problems. Originally I used the function =duplic However, this function does not work on regions. Later, I found a solution implemented by [[https://github.com/bbatsov/crux][crux]]. I do not need the whole package, so I just extracted the three functions I needed from it. -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. - #+begin_src emacs-lisp (defun crux-get-positions-of-line-or-region () @@ -24822,13 +22215,6 @@ This function was found here: [[https://www.reddit.com/r/emacs/comments/re31i6/h #+end_src **** Magit: List directories using vertico/consult -:PROPERTIES: -:CUSTOM_ID: h:1f8bfddf-a12a-49c8-beaa-97baa47abb9f -:END: - -At work and when working on private projects, I often have to jump between several git repositories. This function fires up a picker that gets me to the magit overview page of that repository. - -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. #+begin_src emacs-lisp @@ -24928,8 +22314,6 @@ Normally emacs cycles between three states: However, I want to be able to fold a single heading consistently. -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. - #+begin_src emacs-lisp (defun org-fold-outer () @@ -24991,63 +22375,6 @@ These functions are used here: [[#h:5653d693-ecca-4c95-9633-66b9e3241070][Corfu] #+end_src -**** Insert link to another header in org file -:PROPERTIES: -:CUSTOM_ID: h:06e70e44-502b-4a49-8b48-63c511f1c377 -:END: - -When writing this file, I often want to refer to a different section of the file. One way to do this is to =C-x O= (consult-org-heading) to get to said heading, then =C=c s= (org-store-link), finally =C-o= (evil-jump-backward) to get back to the origin and insert the link using =C-c C-l= (org-insert-link). - -These two scripts just let me do all of this in one step. I have styled the picker in a way that is similar to consult-org-heading. - -We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. - -#+begin_src emacs-lisp - - (defun swarsel/org-colorize-outline (parents raw) - (let* ((palette ["#58B6ED" "#8BD49C" "#33CED8" "#4B9CCC" - "yellow" "orange" "salmon" "red"]) - (n (length parents)) - (colored-parents - (cl-mapcar - (lambda (p i) - (propertize p 'face `(:foreground ,(aref palette (mod i (length palette))) :weight bold))) - parents - (number-sequence 0 (1- n))))) - (concat - (when parents - (string-join colored-parents "/")) - (when parents "/") - (propertize raw 'face `(:foreground ,(aref palette (mod n (length palette))) - :weight bold))))) - - (defun swarsel/org-insert-link-to-heading () - (interactive) - (let ((candidates '())) - (org-map-entries - (lambda () - (let* ((raw (org-get-heading t t t t)) - (parents (org-get-outline-path t)) - (m (copy-marker (point))) - (colored (swarsel/org-colorize-outline parents raw))) - (push (cons colored m) candidates)))) - - (let* ((choice (completing-read "Heading: " (mapcar #'car candidates))) - (marker (cdr (assoc choice candidates))) - id raw-heading) - (unless marker - (user-error "No marker for heading??")) - - (save-excursion - (goto-char marker) - (setq id (prot-org--id-get)) - (setq raw-heading (org-get-heading t t t t))) - - (insert (org-link-make-string (format "#%s" id) - raw-heading))))) - -#+end_src - *** Custom Keybindings :PROPERTIES: :CUSTOM_ID: h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5 @@ -25157,7 +22484,6 @@ I also define some keybinds to some combinations directly. Those are used mostly "" 'swarsel/last-buffer "M-\\" 'indent-region "M-r" 'swarsel/consult-magit-repos - "M-i" 'swarsel/org-insert-link-to-heading "" 'yank "" 'kill-region "" 'kill-ring-save @@ -25175,19 +22501,19 @@ I also define some keybinds to some combinations directly. Those are used mostly :CUSTOM_ID: h:07951589-54ba-4e3e-bd7b-4106cd22ff6a :END: -In this section I setup some aliases that I use for various directories on my system. This is just to prevent setting the same stuff too often. +In this section I setup some aliases that I use for various directories on my system. Some of these are actually used for magit repository finding etc., but many of them serve no real use and I need to clean this up someday. #+begin_src emacs-lisp ;; set Nextcloud directory for journals etc. (setq swarsel-emacs-directory "~/.emacs.d" - swarsel-dotfiles-directory (getenv "FLAKE") + swarsel-dotfiles-directory "~/.dotfiles" swarsel-swarsel-org-filepath (expand-file-name "SwarselSystems.org" swarsel-dotfiles-directory) swarsel-tasks-org-file "Tasks.org" swarsel-archive-org-file "Archive.org" - swarsel-work-projects-directory (getenv "DOCUMENT_DIR_WORK") - swarsel-private-projects-directory (getenv "DOCUMENT_DIR_PRIV") + swarsel-work-projects-directory "~/Documents/Work" + swarsel-private-projects-directory "~/Documents/Private" ) #+end_src @@ -25263,7 +22589,7 @@ Here I set up some things that are too minor to put under other categories. ;; use UTF-8 everywhere (set-language-environment "UTF-8") - ;; (profiler-start 'cpu) + (profiler-start 'cpu) ;; set default font size (defvar swarsel/default-font-size 130) (setq swarsel-standard-font "FiraCode Nerd Font Mono" @@ -25560,8 +22886,6 @@ This minor-mode adds functionality for doing better surround-commands; for examp :CUSTOM_ID: h:df6729b6-2135-4070-bcab-a6a26f0fb2c4 :END: -This makes it so that when setting a mark in evil mode (using =m =), it creates a visual marker at that place that reminds me what the key for that marker position is (the marker is of course not part of the text of the document, and is hence not saved). - #+begin_src emacs-lisp (use-package evil-visual-mark-mode @@ -25589,12 +22913,11 @@ This adds support for tree-sitter objects. This allows for the following chords: (define-key evil-outer-text-objects-map "a" (evil-textobj-tree-sitter-get-textobj ("if_statement.outer" "conditional.outer" "loop.outer") '((python-mode . ((if_statement.outer) @if_statement.outer)) (python-ts-mode . ((if_statement.outer) @if_statement.outer))))) #+end_src -**** evil-numbers +**** evil-textobj-tree-sitter :PROPERTIES: :CUSTOM_ID: h:06002ad2-686a-42c5-82d7-61f1340e262d :END: -A very simple package that brings back the vim possibility of incrementing/decrementing numbers. I do not need it often, but it is nice to have. #+begin_src emacs-lisp @@ -25606,7 +22929,7 @@ A very simple package that brings back the vim possibility of incrementing/decre :CUSTOM_ID: h:e888d7a7-1755-4109-af11-5358b8cf140e :END: -This sets up a wordlist that is, for example, used in completions. When coding, I do not really need this, but it is sometimes useful when writing prose. +This should setup a wordlist that can be used as a dictionary. However, for some reason this does not work, and I will need to further investigate this issue. #+begin_src emacs-lisp @@ -25673,7 +22996,7 @@ This section loads the base icons used in my configuration. I am using =nerd-ico Used in: - [[#h:b190d512-bfb5-42ec-adec-8d86bab726ce][Vertico and friends]] -- [[#h:5653d693-ecca-4c95-9633-66b9e3241070][Corfu]] +- [[#h:5653d693-ecca-4c95-9633-66b9e3241070][IN USE Corfu]] #+begin_src emacs-lisp @@ -25704,9 +23027,9 @@ This minor mode allows mixing fixed and variable pitch fonts within the same buf :CUSTOM_ID: h:ed585848-875a-4673-910c-d2e1901dd95b :END: -Here I set up the modeline with some information that I find useful. I was using the doom modeline for a while. Most informations I disabled for it, except for the cursor information (row + column) as well as a widget for =mu4e= and git information. +Here I set up the modeline with some information that I find useful. Specficially I am using the doom modeline. Most informations I disable for it, except for the cursor information (row + column) as well as a widget for =mu4e= and git information. -I have currently disabled this in favor of [[#h:80ed2431-9c9a-4bfc-a3c0-08a2a058d208][mini-modeline]], which saves more screen space and holds only the information I really need. +I have currently disabled this in favor of [[#h:80ed2431-9c9a-4bfc-a3c0-08a2a058d208][mini-modeline]]. #+begin_src emacs-lisp @@ -25726,16 +23049,7 @@ I have currently disabled this in favor of [[#h:80ed2431-9c9a-4bfc-a3c0-08a2a058 :CUSTOM_ID: h:80ed2431-9c9a-4bfc-a3c0-08a2a058d208 :END: -I have found that the doom-modeline, while very useful, consumes too much screen space for my liking. This modeline takes a more minimalistic approach. The only information that is shown is: - -- the line number -- state of the file (whether it is saved etc.) -- the name of the file -- the percentage of the cursor in the file -- the major mode of the file -- the current evil mode - -This is really the perfect solution for me, but it might not be for everyone. +I have found that the doom-modeline, while very useful, consumes too much screen space for my liking. This modeline takes a more minimalistic approach. #+begin_src emacs-lisp @@ -25777,16 +23091,21 @@ This is really the perfect solution for me, but it might not be for everyone. :CUSTOM_ID: h:b190d512-bfb5-42ec-adec-8d86bab726ce :END: -This set of packages uses the default emacs completion framework and works together to provide a very nice user experience. +This set of packages uses the default emacs completion framework and works together to provide a very nice user experience: +- Vertico simply provides a vertically stacking completion +- Marginalia adds more information to completion results +- Orderless allows for fuzzy matching +- Consult provides better implementations for several user functions, e.g. =consult-line= or =consult-outline= +- Embark allows acting on the results in the minibuffer while the completion is still ongoing - this is extremely useful since it allows to, for example, read the documentation for several functions without closing the help search. It can also collect the results of a grep operation into a seperate buffer that edits the result in their original location. + +Nerd icons is originally enabled here: [[#h:eb0ea526-a83a-4664-b3a1-2b40d3a31493][Icons]] ***** vertico :PROPERTIES: :CUSTOM_ID: h:d7c7f597-f870-4e01-8f7e-27dd31dd245d :END: -Vertico simply provides a vertically stacking completion framework. - #+begin_src emacs-lisp (setq read-buffer-completion-ignore-case t @@ -25829,8 +23148,6 @@ This package allows for =Ido=-like directory navigation. :CUSTOM_ID: h:211fc0bd-0d64-4577-97d8-6abc94435f04 :END: -Orderless allows for fuzzy matching. - When first installing orderless, I often times faced the problem, that when editing long files and calling =consult-line=, Emacs would hang when changing a search term in the middle (e.g. from =servicse.xserver= to =servic.xserver= in order to fix the typo). The below orderless rules have a more strict matching that has a positive impact on performance. #+begin_src emacs-lisp @@ -25858,7 +23175,6 @@ When first installing orderless, I often times faced the problem, that when edit :PROPERTIES: :CUSTOM_ID: h:49ab82bf-812d-4fbe-a5b6-d3ad703fe32c :END: -Consult provides better implementations for several user functions, e.g. =consult-line= or =consult-outline=. The big winner here are the convenient keybinds being setup here for general use. Also, I setup vim-navigation for minibuffer completions. =consult-buffer= is set twice because I am still used to that weird =C-M-j= command that I chose for =ivy-switch-buffer= when I first started using Emacs. I want to move to the other command but for now it is not feasible to delete the other one. @@ -25886,7 +23202,6 @@ The big winner here are the convenient keybinds being setup here for general use :PROPERTIES: :CUSTOM_ID: h:1c564ee5-ccd7-48be-b69a-d963400c4704 :END: -Embark allows acting on the results in the minibuffer while the completion is still ongoing - this is extremely useful since it allows to, for example, read the documentation for several functions without closing the help search. It can also collect the results of a grep operation into a seperate buffer that edits the result in their original location. I have stripped down the embark keybinds heavily. It is very useful to me even in it's current state, but it quickly becomes overwhelming. =embark-dwim= acts on a candidate without closing the minibuffer, which is very useful. =embark-act= lets the user choose from all actions, but has an overwhelming interface. @@ -25929,7 +23244,6 @@ Provides previews for embark. :PROPERTIES: :CUSTOM_ID: h:f32040a4-882f-4e6b-97f1-a0105c44c034 :END: -Marginalia adds more information to completion results. I set the annotation-mode of marginalia to =heavy=. This gives even more information on the stuff that you are looking at. One thing I am missing from ivy is the highlighting on =mode=-commands based on the current state of the mode. Also, I do not understand all the shorthands used by marginalia yet. @@ -25950,7 +23264,6 @@ I set the annotation-mode of marginalia to =heavy=. This gives even more informa :END: As stated above, this simply provides nerd-icons to the completion framework. -It is originally enabled here: [[#h:eb0ea526-a83a-4664-b3a1-2b40d3a31493][Icons]] #+begin_src emacs-lisp @@ -26084,8 +23397,6 @@ This places little angled indicators on the fringe of a window which indicate bu This defines the authentication sources used by =org-calfw= ([[#h:c760f04e-622f-4b3e-8916-53ca8cce6edc][Calendar]]) and [[#h:1a8585ed-d9f2-478f-a132-440ada1cde2c][Forge]]. -This file is written using home-manager [[#h:d87d80fd-2ac7-4f29-b338-0518d06b4deb][sops]] in [[#h:c05d1b64-7110-4151-b436-46bc447113b4][Home-manager: Emacs]] - #+begin_src emacs-lisp ;; (setq auth-sources '( "~/.emacs.d/.caldav" "~/.emacs.d/.authinfo.gpg") @@ -26370,9 +23681,7 @@ This just makes org-mode a little bit more beautiful, mostly by making the =begi :CUSTOM_ID: h:4e11a845-a7bb-4eb5-b4ce-5b2f52e07425 :END: -Recently I have grown fond of holding presentations using Emacs. - -When holding presentations, I think it is important to not have too many distractions on your slides. org-present just shows a plain background, is very responsive, and it is still an org buffer (so you can e.g. run source block codes while in the presentation). +Recently I have grown fond of holding presentations using Emacs :) #+begin_src emacs-lisp @@ -26481,11 +23790,6 @@ When holding presentations, I think it is important to not have too many distrac #+end_src **** Render markdown blocks as body to expand noweb blocks -:PROPERTIES: -:CUSTOM_ID: h:d4137200-7f91-43d9-9550-e0b6bfda1683 -:END: - -I have written this function to allow me to get a preview of the information that is gathered throughout the file and aggregated in [[#h:ed34ee4d-31f9-4d27-bc6e-ba37ee502d5a][Manual steps when setting up a new machine]]. Normally, running a markdown source block does nothing in Emacs. Hence, I just let it return the output, which inserts the noweb-ref blocks. #+begin_src emacs-lisp (defun org-babel-execute:markdown (body params) @@ -26497,9 +23801,7 @@ I have written this function to allow me to get a preview of the information tha :CUSTOM_ID: h:406c2ecc-0e3e-4d9f-9ae3-3eb1f8b87d1b :END: -This adds a nix mode to Emacs. This has become increasingly useful since I have added [[#h:cd552ba1-4db1-4605-8ead-4fcb6a466826][lsp-mode in org-src blocks]], because since that time, I am now able to actually make use of major modes while I theoretically stay in org-mode. - -It supports all functions that I normally need. Note that getting completions for flake inputs is a bit finnicky and I am not quite fond of it yet. +This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as I am mostly editing nix-files in org-mode anyways. #+begin_src emacs-lisp @@ -26547,7 +23849,7 @@ It supports all functions that I normally need. Note that getting completions fo :CUSTOM_ID: h:e8074881-3441-4abd-b25b-358a87e7984f :END: -This adds support for Hashicorp Configuration Language. Used at work, it is mostly a [[#h:7834adb0-fbd3-4136-bdb7-6dbc9a083296][Terraform Mode]] that does not support autoformatting upon save. It still is nice :) +This adds support for Hashicorp Configuration Language. I need this at work. #+begin_src emacs-lisp @@ -26562,7 +23864,7 @@ This adds support for Hashicorp Configuration Language. Used at work, it is most :CUSTOM_ID: h:c9e3ffd7-4fb1-4a04-8563-92ceec4b4410 :END: -This adds support for Groovy, which I specifically need to work with Jenkinsfiles. Similar to [[id:7aa9803f-b419-40fa-aafc-4bb934c8f687][HCL Mode]], it just provides some nice functions. +This adds support for Groovy, which I specifically need to work with Jenkinsfiles. I need this at work. #+begin_src emacs-lisp @@ -26577,8 +23879,6 @@ This adds support for Groovy, which I specifically need to work with Jenkinsfile :CUSTOM_ID: h:77fa79d8-81d5-46f2-82f9-8e2922538d44 :END: -This is supposed to provide auto-completion when turned on. Of course I cannot globally turn this on since it would run in any =.yaml= file then, but even when manually started, it seems to do nothing. This would be nice at work. - #+begin_src emacs-lisp @@ -26590,7 +23890,7 @@ This is supposed to provide auto-completion when turned on. Of course I cannot g :CUSTOM_ID: h:534d8729-4422-4f0c-9ae6-d3737d4a6dd3 :END: -This adds support for Dockerfiles in a similar way to [[id:ebd53be9-c38a-4a0f-a7b4-eee30a0074fc][Jenkinsfile/Groovy]]. +This adds support for Dockerfiles. I need this at work. #+begin_src emacs-lisp @@ -26603,7 +23903,7 @@ This adds support for Dockerfiles in a similar way to [[id:ebd53be9-c38a-4a0f-a7 :CUSTOM_ID: h:7834adb0-fbd3-4136-bdb7-6dbc9a083296 :END: -This adds support for Terraform configuration files. This is basically the same as the [[id:7aa9803f-b419-40fa-aafc-4bb934c8f687][HCL Mode]] mode as the languages are very similar. +This adds support for Terraform configuration files. I need this at work. #+begin_src emacs-lisp @@ -26621,9 +23921,7 @@ This adds support for Terraform configuration files. This is basically the same :CUSTOM_ID: h:5ca7484b-b9d6-4023-88d1-a1e37d5df249 :END: -Adds functions for formatting nix code. I make huge use of this using the chords =C- o b= (org-babel-mark-block) and then =C- o n= (nixpkgs-fmt-region). This is what I use to keep my nix org-src-blocks formatted. However, using [[id:a67adf2f-20ce-49d6-ba6b-0341ca3d9972][org-mode: Upon-save actions (Auto-tangle, export to html, formatting)]], the resulting tangled files will be formatted in any case. - -Note that for files that are not managed using this file (which there should normally not be many of), we can still use =nix fmt= for running treefmt for formatting and checks. +Adds functions for formatting nix code. #+begin_src emacs-lisp @@ -26636,7 +23934,7 @@ Note that for files that are not managed using this file (which there should nor :CUSTOM_ID: h:489a71c4-38af-44a3-a9ef-8b1ed1ee4ac4 :END: -Adds functions for formatting shellscripts. Similarly to [[id:460a47fd-cddc-4080-9eba-6724fc63606e][nix formatting]]m I use this using the chords =C- o b= (org-babel-mark-block) and then =C- o s= (shfmt-region). This is what I use to keep shell script blocks formatted in this file. This is also handled by treefmt, but still, I want this file to stay organized as well. +Adds functions for formatting shellscripts. #+begin_src emacs-lisp @@ -26656,8 +23954,6 @@ Adds functions for formatting shellscripts. Similarly to [[id:460a47fd-cddc-4080 :CUSTOM_ID: h:734dc40a-a2c4-4839-b884-cb99b81aa6fe :END: -Adds a mode for markdown, specifically MultiMarkdown, which allows me to render LaTeX and other nice things. - #+begin_src emacs-lisp (setq markdown-command "pandoc") @@ -26676,8 +23972,6 @@ Adds a mode for markdown, specifically MultiMarkdown, which allows me to render :CUSTOM_ID: h:8d90fe51-0b32-423a-a159-4f853bc29b68 :END: -Allows me to render LaTeX just where I write it. I do not need this as much anymore, but during my studies this was very valuable to me. - #+begin_src emacs-lisp (add-hook 'markdown-mode-hook @@ -26693,8 +23987,6 @@ Allows me to render LaTeX just where I write it. I do not need this as much anym :CUSTOM_ID: h:a83c5820-2016-44ae-90a0-4756bb471c01 :END: -This adds elfeed, a neat RSS reader for Emacs. I use this as a client for [[#h:9da3df74-6fc5-4ee1-a345-23ab4e8a613d][FreshRSS]]. While I read most of my feeds on my phone (using Capy Reader), it is still good to have an Emacs-native reader as well. Some time ago I was still running a separate Emacs instance on my server: [[id:0e07e2fb-adc4-4fd8-9b54-0a59338a471e][Emacs elfeed (RSS Server)]]. This instance would then sync the read feeds to other instances. This was very brittle however and is only left as a historical note. - #+begin_src emacs-lisp (use-package elfeed) @@ -26714,13 +24006,9 @@ This adds elfeed, a neat RSS reader for Emacs. I use this as a client for [[#h:9 (setq elfeed-protocol-enabled-protocols '(fever)) (setq elfeed-protocol-fever-update-unread-only t) (setq elfeed-protocol-fever-fetch-category-as-tag t) - - (let ((domain (getenv "SWARSEL_RSS_DOMAIN"))) - (setq elfeed-protocol-feeds - `((,(concat "fever+https://Swarsel@" domain) - :api-url ,(concat "https://" domain "/api/fever.php") - :password-file "~/.emacs.d/.fever")))) - + (setq elfeed-protocol-feeds '(("fever+https://Swarsel@signpost.swarsel.win" + :api-url "https://signpost.swarsel.win/api/fever.php" + :password-file "~/.emacs.d/.fever"))) (define-key elfeed-show-mode-map (kbd ";") 'visual-fill-column-mode) (define-key elfeed-show-mode-map (kbd "j") 'elfeed-goodies/split-show-next) @@ -26736,7 +24024,7 @@ This adds elfeed, a neat RSS reader for Emacs. I use this as a client for [[#h:9 :CUSTOM_ID: h:87453f1c-8ea5-4d0a-862d-8973d5bc5405 :END: -This is the ripgrep package for Emacs. +This is the ripgrep command for Emacs. #+begin_src emacs-lisp @@ -26750,7 +24038,7 @@ This is the ripgrep package for Emacs. Tree-sitter is a parsing library integrated into Emacs to provide better syntax highlighting and code analysis. It generates concrete syntax trees for source code, enabling more accurate and efficient text processing. Emacs' tree-sitter integration enhances language support, offering features like incremental parsing and precise syntax-aware editing. This improves the development experience by providing robust and dynamic syntax features, making it easier for me to navigate and manipulate code. -In order to update the language grammars, run the next command below. NOTE: since we now load =epkgs.treesit-grammars.with-all-grammars= in [[#h:c05d1b64-7110-4151-b436-46bc447113b4][Home-manager: Emacs]], we actually never run this anymore. I leave it here however for a potential future reader. For safety, I still instruct treesit to install missing grammars on the fly. +In order to update the language grammars, run the next command below. #+begin_src emacs-lisp :tangle no :export both @@ -26903,7 +24191,7 @@ projectile is useful for keeping track of your git projects within Emacs. I most magit is the best git utility I have ever used - it has a beautiful interface and is very verbose. Here I mostly just setup the list of repositories that I want to expost to magit. -Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. We set that here: [[id:59df9a4c-2a1f-466b-abe2-fbb8524cd0ed][Yubikey support]]. +Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. We also set that here. #+begin_src emacs-lisp @@ -26921,7 +24209,7 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. :CUSTOM_ID: h:d78709dd-4f79-441c-9166-76f61f90359a :END: -The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least. This works especially well since I have switched from =pinentry-gtk3= to =pinentry-waypromt=. +The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least. #+begin_src emacs-lisp @@ -26949,8 +24237,6 @@ NOTE: Make sure to configure a GitHub token before using this package! create classic token with repo; user; read:org permissions (2)machine api.github.com login USERNAME^forge password 012345abcdef... - The above is handled by [[id:ebb558ed-883a-486f-a6f5-8b283eb735a3][Home-manager: Emacs]] and only here as a historical note. Forge lets me interact with non-core git objects like issues and pull requests from within emacs. - #+begin_src emacs-lisp (use-package forge @@ -27304,8 +24590,6 @@ company is now disabled since it seems that corfu runs just fine with lsp-mode a :CUSTOM_ID: h:cd552ba1-4db1-4605-8ead-4fcb6a466826 :END: -This incredible function allows to start a sub-pane in a org-file while in a source-block that spins up a lsp-server. In practise that allows me to use a nix lsp when editing complex blocks in my config. The only bother is that we have to add the modes where it should run manually to =org-babel-lang-list=, but that is a small price to pay for the usefulness that it brings. - #+begin_src emacs-lisp ;; thanks to https://tecosaur.github.io/emacs-config/config.html#lsp-support-src (cl-defmacro lsp-org-babel-enable (lang) @@ -27343,8 +24627,6 @@ This incredible function allows to start a sub-pane in a org-file while in a sou :CUSTOM_ID: h:f7bc590b-9f91-4f6a-8ffe-93e1dea90a61 :END: -This is another lsp-implementation for Emacs using multi-threading, so this should be the least blocking one. Still, in general I prefer [[#h:6cf0310b-2fdf-45f0-9845-4704649777eb][eglot]]. - #+begin_src emacs-lisp @@ -27600,9 +24882,6 @@ This adds the simple utility of sending desktop notifications whenever a new mai #+end_src **** Work: Signing Mails (S/MIME, smime) -:PROPERTIES: -:CUSTOM_ID: h:3584632a-9d6d-4ba6-8aa5-e1383581993c -:END: Used to automatically sign messages sent from my work email address using S/MIME certificate. @@ -27645,7 +24924,7 @@ This provides a beautiful calender to emacs. :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - ;; (setq org-caldav-url "https://cal.example.org/swarsel/calendar") + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") ;; (setq org-caldav-calendars ;; '((:calendar-id "personal" ;; :inbox "~/Calendars/leon_cal.org"))) @@ -27719,66 +24998,59 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool :config (dashboard-setup-startup-hook) ;; (setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*"))) + (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal + dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package + dashboard-set-file-icons t + dashboard-items '((recents . 5) + (projects . 5) + (agenda . 5)) + dashboard-set-footer nil + dashboard-banner-logo-title "Welcome to SwarsEmacs!" + dashboard-image-banner-max-height 300 + dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png" + dashboard-projects-backend 'projectile + dashboard-projects-switch-function 'magit-status + dashboard-set-navigator t + dashboard-startupify-list '(dashboard-insert-banner + dashboard-insert-newline + dashboard-insert-banner-title + dashboard-insert-newline + dashboard-insert-navigator + dashboard-insert-newline + dashboard-insert-init-info + dashboard-insert-items + ) + dashboard-navigator-buttons + `(;; line1 + ((,"" + "SwarselSocial" + "Browse Swarsele" + (lambda (&rest _) (browse-url "instagram.com/Swarsele"))) - (let ((files-domain (getenv "SWARSEL_FILES_DOMAIN")) - (music-domain (getenv "SWARSEL_MUSIC_DOMAIN")) - (insta-domain (getenv "SWARSEL_INSTA_DOMAIN")) - (sport-domain (getenv "SWARSEL_SPORT_DOMAIN")) - (swarsel-domain (getenv "SWARSEL_DOMAIN")) - ) - (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal - dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package - dashboard-set-file-icons t - dashboard-items '((recents . 5) - (projects . 5) - (agenda . 5)) - dashboard-set-footer nil - dashboard-banner-logo-title "Welcome to SwarsEmacs!" - dashboard-image-banner-max-height 300 - dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png" - dashboard-projects-backend 'projectile - dashboard-projects-switch-function 'magit-status - dashboard-set-navigator t - dashboard-startupify-list '(dashboard-insert-banner - dashboard-insert-newline - dashboard-insert-banner-title - dashboard-insert-newline - dashboard-insert-navigator - dashboard-insert-newline - dashboard-insert-init-info - dashboard-insert-items - ) - dashboard-navigator-buttons - `(;; line1 - ((,"" - "SwarselSocial" - "Browse Swarsele" - (lambda (&rest _) (browse-url ,insta-domain))) - - (,"" - "SwarselSound" - "Browse SwarselSound" - (lambda (&rest _) (browse-url ,(concat "https://" music-domain))) ) - (,"" - "SwarselSwarsel" - "Browse Swarsel" - (lambda (&rest _) (browse-url "https://github.com/Swarsel")) ) - (,"" - "SwarselStash" - "Browse SwarselStash" - (lambda (&rest _) (browse-url ,(concat "https://" files-domain))) ) - (,"󰫑" - "SwarselSport" - "Browse SwarselSports" - (lambda (&rest _) (browse-url ,sport-domain))) - ) - ( - (,"󱄅" - ,swarsel-domain - ,(concat "Browse " main-domain) - (lambda (&rest _) (browse-url ,(concat "https://" swarsel-domain)))) - ) - )))) + (,"" + "SwarselSound" + "Browse SwarselSound" + (lambda (&rest _) (browse-url "sound.swarsel.win")) ) + (,"" + "SwarselSwarsel" + "Browse Swarsel" + (lambda (&rest _) (browse-url "github.com/Swarsel")) ) + (,"" + "SwarselStash" + "Browse SwarselStash" + (lambda (&rest _) (browse-url "stash.swarsel.win")) ) + (,"󰫑" + "SwarselSport" + "Browse SwarselSports" + (lambda (&rest _) (browse-url "social.parkour.wien/@Lenno"))) + ) + ( + (,"󱄅" + "swarsel.win" + "Browse swarsel.win" + (lambda (&rest _) (browse-url "swarsel.win"))) + ) + ))) #+end_src @@ -27881,9 +25153,6 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool This sections is no longer used really. An introduction can be found in [[#h:bcc3ebbe-df8a-46bd-b42d-73aad6fc66e5][Structure of this file]] under the historical note. The little noweb-ref blocks that I still use are found in [[#h:48e0cb2c-e412-4ae3-a244-80a8c09dbb02][Hosts]] and [[#h:3bb92528-c61c-4b8d-8214-bf2a40baaa32][Services]]. ** General steps when setting up a new machine -:PROPERTIES: -:CUSTOM_ID: h:cc04139d-e9b7-48fe-8e21-fb43aac35b88 -:END: These general steps are needed when setting up a new machine and do not fit into another block well: @@ -27893,9 +25162,6 @@ These general steps are needed when setting up a new machine and do not fit into #+end_src ** Current patches and fixes -:PROPERTIES: -:CUSTOM_ID: h:e1798163-5d88-4776-aa44-57ed2df92e45 -:END: These are current deviations from the standard settings that I take while some things are broken upstream @@ -28663,11 +25929,8 @@ This file defines a few workflows that I often need to run when working on my co sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ - secrets USER HOST: - rsync -rltv -e "ssh -l {{USER}}" /var/tmp/nix-import-encrypted/1000/ {{USER}}@{{HOST}}:/var/tmp/nix-import-encrypted/0 - - bootstrap DEST CONFIG ARCH="x86_64-linux" NODISKODEPS="": - nix develop .#deploy --command zsh -c "swarsel-bootstrap {{NODISKODEPS}} -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" + bootstrap DEST CONFIG ARCH="x86_64-linux": + nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" #+end_src ** aspell.conf @@ -29586,10 +26849,8 @@ The double source block is intended here to circumvent a org-babel convenience w transform-origin: 0px calc(0px - var(--tab-min-height) - var(--tab-block-margin) * 2); transform: rotateX(89.9deg); } - - :root[window-modal-open] #urlbar[popover], - #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox #urlbar[popover], - /* swarsel: removed :hover from below line */ + #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover], + /* swarsel: removed :hover from below line */ #navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover], #urlbar-container > #urlbar[popover]:is([focused],[open]){ pointer-events: auto; @@ -29597,11 +26858,9 @@ The double source block is intended here to circumvent a org-babel convenience w transition-delay: 33ms; transform: rotateX(0deg); } - - :root[window-modal-open] #navigator-toolbox, - #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox, + #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox, #navigator-toolbox:has(#urlbar:is([open],[focus-within])), - /* swarsel: removed :hover from below line */ + /* swarsel: removed :hover from below line */ #navigator-toolbox:is(:focus-within,[movingtab]){ transition-delay: 33ms !important; transform: rotateX(0); @@ -29610,7 +26869,8 @@ The double source block is intended here to circumvent a org-babel convenience w /* This makes things like OS menubar/taskbar show the toolbox when hovered in maximized windows. ,* Unfortunately it also means that other OS native surfaces (such as context menu on macos) ,* and other always-on-top applications will trigger toolbox to show up. */ - @media -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ + @media (-moz-bool-pref: "userchrome.autohide-toolbox.unhide-by-native-ui.enabled"), + -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ :root[sizemode="maximized"]:not(:hover){ #navigator-toolbox:not(:-moz-window-inactive), #urlbar[popover]:not(:-moz-window-inactive){ @@ -29640,9 +26900,13 @@ The double source block is intended here to circumvent a org-babel convenience w padding-block: calc(min(4px,(var(--urlbar-container-height) - var(--urlbar-height)) / 2) + var(--urlbar-container-padding)) !important; } + /* Uncomment this if tabs toolbar is hidden with hide_tabs_toolbar.css */ + /*#titlebar{ margin-bottom: -9px }*/ + /* Uncomment the following for compatibility with tabs_on_bottom.css - this isn't well tested though */ /* #navigator-toolbox{ flex-direction: column; display: flex; } + #titlebar{ order: 2 } ,*/ #+end_src diff --git a/files/emacs/init.el b/files/emacs/init.el index 26d3439..5ada956 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -236,48 +236,6 @@ create a new one." (add-hook 'minibuffer-setup-hook #'swarsel/minibuffer-setup-hook) (add-hook 'minibuffer-exit-hook #'swarsel/minibuffer-exit-hook) -(defun swarsel/org-colorize-outline (parents raw) - (let* ((palette ["#58B6ED" "#8BD49C" "#33CED8" "#4B9CCC" - "yellow" "orange" "salmon" "red"]) - (n (length parents)) - (colored-parents - (cl-mapcar - (lambda (p i) - (propertize p 'face `(:foreground ,(aref palette (mod i (length palette))) :weight bold))) - parents - (number-sequence 0 (1- n))))) - (concat - (when parents - (string-join colored-parents "/")) - (when parents "/") - (propertize raw 'face `(:foreground ,(aref palette (mod n (length palette))) - :weight bold))))) - -(defun swarsel/org-insert-link-to-heading () - (interactive) - (let ((candidates '())) - (org-map-entries - (lambda () - (let* ((raw (org-get-heading t t t t)) - (parents (org-get-outline-path t)) - (m (copy-marker (point))) - (colored (swarsel/org-colorize-outline parents raw))) - (push (cons colored m) candidates)))) - - (let* ((choice (completing-read "Heading: " (mapcar #'car candidates))) - (marker (cdr (assoc choice candidates))) - id raw-heading) - (unless marker - (user-error "No marker for heading??")) - - (save-excursion - (goto-char marker) - (setq id (prot-org--id-get)) - (setq raw-heading (org-get-heading t t t t))) - - (insert (org-link-make-string (format "#%s" id) - raw-heading))))) - ;; Make ESC quit prompts (global-set-key (kbd "") 'keyboard-escape-quit) @@ -376,7 +334,6 @@ create a new one." "" 'swarsel/last-buffer "M-\\" 'indent-region "M-r" 'swarsel/consult-magit-repos - "M-i" 'swarsel/org-insert-link-to-heading "" 'yank "" 'kill-region "" 'kill-ring-save @@ -391,12 +348,12 @@ create a new one." ;; set Nextcloud directory for journals etc. (setq swarsel-emacs-directory "~/.emacs.d" - swarsel-dotfiles-directory (getenv "FLAKE") + swarsel-dotfiles-directory "~/.dotfiles" swarsel-swarsel-org-filepath (expand-file-name "SwarselSystems.org" swarsel-dotfiles-directory) swarsel-tasks-org-file "Tasks.org" swarsel-archive-org-file "Archive.org" - swarsel-work-projects-directory (getenv "DOCUMENT_DIR_WORK") - swarsel-private-projects-directory (getenv "DOCUMENT_DIR_PRIV") + swarsel-work-projects-directory "~/Documents/Work" + swarsel-private-projects-directory "~/Documents/Private" ) ;; Change the user-emacs-directory to keep unwanted things out of ~/.emacs.d @@ -427,7 +384,7 @@ create a new one." ;; use UTF-8 everywhere (set-language-environment "UTF-8") -;; (profiler-start 'cpu) +(profiler-start 'cpu) ;; set default font size (defvar swarsel/default-font-size 130) (setq swarsel-standard-font "FiraCode Nerd Font Mono" @@ -1201,13 +1158,9 @@ create a new one." (setq elfeed-protocol-enabled-protocols '(fever)) (setq elfeed-protocol-fever-update-unread-only t) (setq elfeed-protocol-fever-fetch-category-as-tag t) - -(let ((domain (getenv "SWARSEL_RSS_DOMAIN"))) - (setq elfeed-protocol-feeds - `((,(concat "fever+https://Swarsel@" domain) - :api-url ,(concat "https://" domain "/api/fever.php") - :password-file "~/.emacs.d/.fever")))) - +(setq elfeed-protocol-feeds '(("fever+https://Swarsel@signpost.swarsel.win" + :api-url "https://signpost.swarsel.win/api/fever.php" + :password-file "~/.emacs.d/.fever"))) (define-key elfeed-show-mode-map (kbd ";") 'visual-fill-column-mode) (define-key elfeed-show-mode-map (kbd "j") 'elfeed-goodies/split-show-next) @@ -1715,7 +1668,7 @@ create a new one." :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - ;; (setq org-caldav-url "https://cal.example.org/swarsel/calendar") + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") ;; (setq org-caldav-calendars ;; '((:calendar-id "personal" ;; :inbox "~/Calendars/leon_cal.org"))) @@ -1778,66 +1731,59 @@ create a new one." :config (dashboard-setup-startup-hook) ;; (setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*"))) + (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal + dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package + dashboard-set-file-icons t + dashboard-items '((recents . 5) + (projects . 5) + (agenda . 5)) + dashboard-set-footer nil + dashboard-banner-logo-title "Welcome to SwarsEmacs!" + dashboard-image-banner-max-height 300 + dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png" + dashboard-projects-backend 'projectile + dashboard-projects-switch-function 'magit-status + dashboard-set-navigator t + dashboard-startupify-list '(dashboard-insert-banner + dashboard-insert-newline + dashboard-insert-banner-title + dashboard-insert-newline + dashboard-insert-navigator + dashboard-insert-newline + dashboard-insert-init-info + dashboard-insert-items + ) + dashboard-navigator-buttons + `(;; line1 + ((,"" + "SwarselSocial" + "Browse Swarsele" + (lambda (&rest _) (browse-url "instagram.com/Swarsele"))) - (let ((files-domain (getenv "SWARSEL_FILES_DOMAIN")) - (music-domain (getenv "SWARSEL_MUSIC_DOMAIN")) - (insta-domain (getenv "SWARSEL_INSTA_DOMAIN")) - (sport-domain (getenv "SWARSEL_SPORT_DOMAIN")) - (swarsel-domain (getenv "SWARSEL_DOMAIN")) - ) - (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal - dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package - dashboard-set-file-icons t - dashboard-items '((recents . 5) - (projects . 5) - (agenda . 5)) - dashboard-set-footer nil - dashboard-banner-logo-title "Welcome to SwarsEmacs!" - dashboard-image-banner-max-height 300 - dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png" - dashboard-projects-backend 'projectile - dashboard-projects-switch-function 'magit-status - dashboard-set-navigator t - dashboard-startupify-list '(dashboard-insert-banner - dashboard-insert-newline - dashboard-insert-banner-title - dashboard-insert-newline - dashboard-insert-navigator - dashboard-insert-newline - dashboard-insert-init-info - dashboard-insert-items - ) - dashboard-navigator-buttons - `(;; line1 - ((,"" - "SwarselSocial" - "Browse Swarsele" - (lambda (&rest _) (browse-url ,insta-domain))) - - (,"" - "SwarselSound" - "Browse SwarselSound" - (lambda (&rest _) (browse-url ,(concat "https://" music-domain))) ) - (,"" - "SwarselSwarsel" - "Browse Swarsel" - (lambda (&rest _) (browse-url "https://github.com/Swarsel")) ) - (,"" - "SwarselStash" - "Browse SwarselStash" - (lambda (&rest _) (browse-url ,(concat "https://" files-domain))) ) - (,"󰫑" - "SwarselSport" - "Browse SwarselSports" - (lambda (&rest _) (browse-url ,sport-domain))) - ) - ( - (,"󱄅" - ,swarsel-domain - ,(concat "Browse " main-domain) - (lambda (&rest _) (browse-url ,(concat "https://" swarsel-domain)))) - ) - )))) + (,"" + "SwarselSound" + "Browse SwarselSound" + (lambda (&rest _) (browse-url "sound.swarsel.win")) ) + (,"" + "SwarselSwarsel" + "Browse Swarsel" + (lambda (&rest _) (browse-url "github.com/Swarsel")) ) + (,"" + "SwarselStash" + "Browse SwarselStash" + (lambda (&rest _) (browse-url "stash.swarsel.win")) ) + (,"󰫑" + "SwarselSport" + "Browse SwarselSports" + (lambda (&rest _) (browse-url "social.parkour.wien/@Lenno"))) + ) + ( + (,"󱄅" + "swarsel.win" + "Browse swarsel.win" + (lambda (&rest _) (browse-url "swarsel.win"))) + ) + ))) (use-package vterm :ensure t) diff --git a/files/firefox/chrome/userChrome.css b/files/firefox/chrome/userChrome.css index c616488..bbe2d57 100644 --- a/files/firefox/chrome/userChrome.css +++ b/files/firefox/chrome/userChrome.css @@ -60,10 +60,8 @@ See the above repository for updates as well as full license text. */ transform-origin: 0px calc(0px - var(--tab-min-height) - var(--tab-block-margin) * 2); transform: rotateX(89.9deg); } - -:root[window-modal-open] #urlbar[popover], -#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox #urlbar[popover], - /* swarsel: removed :hover from below line */ +#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover], +/* swarsel: removed :hover from below line */ #navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover], #urlbar-container > #urlbar[popover]:is([focused],[open]){ pointer-events: auto; @@ -71,11 +69,9 @@ See the above repository for updates as well as full license text. */ transition-delay: 33ms; transform: rotateX(0deg); } - -:root[window-modal-open] #navigator-toolbox, -#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox, +#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox, #navigator-toolbox:has(#urlbar:is([open],[focus-within])), - /* swarsel: removed :hover from below line */ +/* swarsel: removed :hover from below line */ #navigator-toolbox:is(:focus-within,[movingtab]){ transition-delay: 33ms !important; transform: rotateX(0); @@ -84,7 +80,8 @@ See the above repository for updates as well as full license text. */ /* This makes things like OS menubar/taskbar show the toolbox when hovered in maximized windows. * Unfortunately it also means that other OS native surfaces (such as context menu on macos) * and other always-on-top applications will trigger toolbox to show up. */ -@media -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ +@media (-moz-bool-pref: "userchrome.autohide-toolbox.unhide-by-native-ui.enabled"), + -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ :root[sizemode="maximized"]:not(:hover){ #navigator-toolbox:not(:-moz-window-inactive), #urlbar[popover]:not(:-moz-window-inactive){ @@ -114,7 +111,11 @@ See the above repository for updates as well as full license text. */ padding-block: calc(min(4px,(var(--urlbar-container-height) - var(--urlbar-height)) / 2) + var(--urlbar-container-padding)) !important; } +/* Uncomment this if tabs toolbar is hidden with hide_tabs_toolbar.css */ + /*#titlebar{ margin-bottom: -9px }*/ + /* Uncomment the following for compatibility with tabs_on_bottom.css - this isn't well tested though */ /* #navigator-toolbox{ flex-direction: column; display: flex; } +#titlebar{ order: 2 } */ diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index 4c4fef3..a59ae37 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -8,8 +8,6 @@ target_user="swarsel" ssh_port="22" persist_dir="" disk_encryption=0 -disk_encryption_args="" -no_disko_deps="false" temp=$(mktemp -d) function help_and_exit() { @@ -29,7 +27,6 @@ function help_and_exit() { echo " Default='${target_user}'." echo " --port specify the ssh port to use for remote access. Default=${ssh_port}." echo " --debug Enable debug mode." - echo " --no-disko-deps Upload only disk script and not dependencies (for use on low ram)." echo " -h | --help Print this help." exit 0 } @@ -83,14 +80,14 @@ function update_sops_file() { SOPS_FILE=".sops.yaml" sed -i "{ - # Remove any * and & entries for this host - /[*&]$key_name/ d; - # Inject a new age: entry - # n matches the first line following age: and p prints it, then we transform it while reusing the spacing - /age:/{n; p; s/\(.*- \*\).*/\1$key_name/}; - # Inject a new hosts or user: entry - /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/} - }" $SOPS_FILE + # Remove any * and & entries for this host + /[*&]$key_name/ d; + # Inject a new age: entry + # n matches the first line following age: and p prints it, then we transform it while reusing the spacing + /age:/{n; p; s/\(.*- \*\).*/\1$key_name/}; + # Inject a new hosts or user: entry + /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/} + }" $SOPS_FILE green "Updating .sops.yaml" cd - } @@ -117,9 +114,6 @@ while [[ $# -gt 0 ]]; do shift ssh_port=$1 ;; - --no-disko-deps) - no_disko_deps="true" - ;; --debug) set -x ;; @@ -137,12 +131,6 @@ if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" help_and_exit fi -LOCKED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.node.lockFromBootstrapping)" -if [[ $LOCKED == "true" ]]; then - red "THIS SYSTEM IS LOCKED FROM BOOTSTRAPPING" - exit -fi - green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -153,11 +141,6 @@ CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.sw if [[ $CRYPTED == "true" ]]; then green "Encryption: ✓" disk_encryption=1 - disk_encryption_args=( - --disk-encryption-keys - /tmp/disko-password - /tmp/disko-password - ) else red "Encryption: X" disk_encryption=0 @@ -250,14 +233,7 @@ $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "$ # ------------------------ green "Deploying minimal NixOS installation on $target_destination" - -if [[ $no_disko_deps == "true" ]]; then - green "Building without disko dependencies (using custom kexec)" - nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --no-disko-deps --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" --kexec "$(nix build --print-out-paths .#packages."$target_arch".swarsel-kexec)/swarsel-kexec-$target_arch.tar.gz" root@"$target_destination" -else - green "Building with disko dependencies (using nixos-images kexec)" - nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination" -fi +nix run github:nix-community/nixos-anywhere/1.10.0 -- --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination" echo "Updating ssh host fingerprint at $target_destination to ~/.ssh/known_hosts" ssh-keyscan -p "$ssh_port" "$target_destination" >> ~/.ssh/known_hosts || true @@ -329,8 +305,8 @@ $ssh_root_cmd "chown $target_user:users /home/$target_user/.ssh/ssh_host_ed25519 if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then green "Adding ssh host fingerprints for git{lab,hub}" - $ssh_cmd "mkdir -p /home/$target_user/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com | tee /home/$target_user/.ssh/known_hosts" - $ssh_root_cmd "mkdir -p /root/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com | tee /root/.ssh/known_hosts" + $ssh_cmd "mkdir -p /home/$target_user/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com swagit.swarsel.win | tee /home/$target_user/.ssh/known_hosts" + $ssh_root_cmd "mkdir -p /root/.ssh/; ssh-keyscan -t ssh-ed25519 gitlab.com github.com swagit.swarsel.win | tee /root/.ssh/known_hosts" fi # -------------------------- diff --git a/flake.lock b/flake.lock index de60846..2c8ba1c 100644 --- a/flake.lock +++ b/flake.lock @@ -35,6 +35,119 @@ "type": "github" } }, + "base16-fish_2": { + "flake": false, + "locked": { + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + } + }, + "base16-fish_3": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_4": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_5": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_6": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_7": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-fish_8": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, "base16-helix": { "flake": false, "locked": { @@ -51,6 +164,118 @@ "type": "github" } }, + "base16-helix_2": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_3": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_4": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_5": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_6": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_7": { + "flake": false, + "locked": { + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_8": { + "flake": false, + "locked": { + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, "base16-vim": { "flake": false, "locked": { @@ -68,6 +293,251 @@ "type": "github" } }, + "base16-vim_2": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_3": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_4": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_5": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_6": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_7": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_8": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16_2": { + "inputs": { + "fromYaml": "fromYaml_2" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_3": { + "inputs": { + "fromYaml": "fromYaml_3" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_4": { + "inputs": { + "fromYaml": "fromYaml_4" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_5": { + "inputs": { + "fromYaml": "fromYaml_5" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_6": { + "inputs": { + "fromYaml": "fromYaml_6" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_7": { + "inputs": { + "fromYaml": "fromYaml_7" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_8": { + "inputs": { + "fromYaml": "fromYaml_8" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, "blank": { "locked": { "lastModified": 1625557891, @@ -83,29 +553,133 @@ "type": "github" } }, - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, "crane": { "locked": { - "lastModified": 1763938834, - "narHash": "sha256-j8iB0Yr4zAvQLueCZ5abxfk6fnG/SJ5JnGUziETjwfg=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "d9e753122e51cee64eb8d2dddfe11148f339f5a2", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_10": { + "locked": { + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_11": { + "locked": { + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_12": { + "locked": { + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_13": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_14": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_15": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_16": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_17": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -116,8 +690,8 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_7", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixos-extra-modules", "nixt", @@ -156,16 +730,340 @@ "type": "github" } }, + "crane_4": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_5": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_6": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_7": { + "locked": { + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_8": { + "locked": { + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_9": { + "locked": { + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "devshell": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1762521437, - "narHash": "sha256-RXN+lcx4DEn3ZS+LqEJSUu/HH+dwGvy0syN7hTo/Chg=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", "owner": "numtide", "repo": "devshell", - "rev": "07bacc9531f5f4df6657c0a02a806443685f384a", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_10": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_11": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_12": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_13": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_14": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_15": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_17": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_18": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -245,16 +1143,297 @@ "type": "github" } }, - "disko": { + "devshell_5": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_9": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "owner": "nix-community", + "repo": "disko", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "owner": "nix-community", + "repo": "disko", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "owner": "nix-community", + "repo": "disko", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "owner": "nix-community", + "repo": "disko", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "owner": "nix-community", + "repo": "disko", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "owner": "nix-community", + "repo": "disko", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "owner": "nix-community", + "repo": "disko", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -295,28 +1474,11 @@ "type": "github" } }, - "dns": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1759510210, - "narHash": "sha256-rR3BuhcSyQ3bQ0rS14I53O7gWzlPEs15skl1TWx+TeI=", - "owner": "kirelagin", - "repo": "dns.nix", - "rev": "f3cb11f642d4fa6224e2b1ddfd2c3ba42e9ffea2", - "type": "github" - }, - "original": { - "owner": "kirelagin", - "repo": "dns.nix", - "type": "github" - } - }, "emacs-overlay": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -335,9 +1497,184 @@ "type": "github" } }, + "emacs-overlay_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_4" + }, + "locked": { + "lastModified": 1760432944, + "narHash": "sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "aba8daa237dc07a3bb28a61c252a718e8eb38057", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_7" + }, + "locked": { + "lastModified": 1759770590, + "narHash": "sha256-ex/JTut0wrrVHFWwNIuBAlnR71R7dletYxcJEH9NYAw=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "4e4ed8f8beda9d47887cf4411720cb8a83a43e90", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_10" + }, + "locked": { + "lastModified": 1758705066, + "narHash": "sha256-CFVYMyz/p4c/w0E2BLz/dCmjl4zfJRUS+ERUJmaZj+E=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "d8da68a0986380aca8ee9d277dfc4bcb0761a278", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_13" + }, + "locked": { + "lastModified": 1757927471, + "narHash": "sha256-odfHgmioy0yGxiAFTnAq7SMYTLUv1JApKES5i2KfS4c=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "6302a8a5904203bc18532e71b3d61f4b324d20fb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_16" + }, + "locked": { + "lastModified": 1754705618, + "narHash": "sha256-JYwLLpnzJz0+ihJrwZUTAodx2+iBPWfnmfhJy3lpSw4=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "c5aea4616a2c482eb3f1765f90de9771ba1d134a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_19" + }, + "locked": { + "lastModified": 1751908357, + "narHash": "sha256-7JeYhMYTdfzHsFfGZRUM+t0nx4HdYa3oaMH2B/qz9MA=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "8e4ecd7c43c5e061dd2fc4d9d1994ec4d67cab2e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-overlay_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_21" + }, + "locked": { + "lastModified": 1751908357, + "narHash": "sha256-7JeYhMYTdfzHsFfGZRUM+t0nx4HdYa3oaMH2B/qz9MA=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "8e4ecd7c43c5e061dd2fc4d9d1994ec4d67cab2e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_4", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -370,6 +1707,118 @@ "type": "github" } }, + "firefox-gnome-theme_2": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_3": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_4": { + "flake": false, + "locked": { + "lastModified": 1756083905, + "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_5": { + "flake": false, + "locked": { + "lastModified": 1756083905, + "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_6": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_7": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_8": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -386,7 +1835,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_10": { "flake": false, "locked": { "lastModified": 1747046372, @@ -402,7 +1851,375 @@ "type": "github" } }, + "flake-compat_11": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_12": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_13": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_15": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_16": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_17": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_18": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_19": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_20": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_21": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_22": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_23": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_24": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_25": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_26": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_27": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_28": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_29": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_30": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_31": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_32": { "flake": false, "locked": { "lastModified": 1696426674, @@ -437,11 +2254,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -451,6 +2268,38 @@ } }, "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1696426674, @@ -466,30 +2315,14 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_9": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -503,11 +2336,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -516,7 +2349,454 @@ "type": "github" } }, + "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_12": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_6" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_13": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_14": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_7" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_15": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_16": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_17": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_8" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_18": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_19": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_9" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_20": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_21": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_22": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_10" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_23": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_24": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_11" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_25": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_26": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_27": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_12" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_28": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_29": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_13" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -534,7 +2814,238 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_30": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_31": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_32": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_14" + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_33": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_34": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_15" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_35": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_36": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_37": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_16" + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_38": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_39": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_17" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -551,7 +3062,207 @@ "type": "indirect" } }, - "flake-parts_4": { + "flake-parts_40": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_41": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_42": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_18" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_43": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_19" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_44": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_20" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_45": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_21" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_46": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_22" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_47": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_23" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_48": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_24" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_49": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_25" + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nur", @@ -572,7 +3283,25 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_50": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_26" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -593,7 +3322,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -611,22 +3340,46 @@ "type": "github" } }, - "flake-utils": { + "flake-parts_8": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1614513358, - "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "flake-utils_2": { + "flake-parts_9": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_5" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-utils": { "inputs": { "systems": "systems" }, @@ -644,10 +3397,388 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_10": { + "inputs": { + "systems": "systems_12" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_11": { + "inputs": { + "systems": "systems_13" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_12": { + "inputs": { + "systems": "systems_16" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_13": { + "inputs": { + "systems": "systems_17" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_14": { + "inputs": { + "systems": "systems_20" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_15": { + "inputs": { + "systems": "systems_21" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_16": { + "inputs": { + "systems": "systems_24" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_17": { + "inputs": { + "systems": "systems_25" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_18": { + "inputs": { + "systems": "systems_28" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_19": { + "inputs": { + "systems": "systems_29" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_20": { + "inputs": { + "systems": "systems_31" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_21": { + "inputs": { + "systems": "systems_32" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_22": { + "inputs": { + "systems": "systems_36" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_23": { + "inputs": { + "systems": "systems_39" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_24": { + "inputs": { + "systems": "systems_43" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_25": { + "inputs": { + "systems": "systems_47" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_26": { + "inputs": { + "systems": "systems_51" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_27": { + "inputs": { + "systems": "systems_56" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_28": { + "inputs": { + "systems": "systems_61" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_29": { + "inputs": { + "systems": "systems_66" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -663,15 +3794,12 @@ } }, "flake-utils_4": { - "inputs": { - "systems": "systems_3" - }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -681,8 +3809,23 @@ } }, "flake-utils_5": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "inputs": { - "systems": "systems_4" + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -698,28 +3841,16 @@ "type": "github" } }, - "flake-utils_6": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flake-utils_7": { + "inputs": { + "systems": "systems_7" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -730,7 +3861,25 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_10" + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "inputs": { + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, @@ -762,29 +3911,250 @@ "type": "github" } }, - "git-hooks": { + "fromYaml_2": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_3": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_4": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_5": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_6": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_7": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_8": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fw-fanctrl": { "inputs": { - "flake-compat": [ - "simple-nixos-mailserver", - "flake-compat" - ], - "gitignore": "gitignore_5", + "flake-compat": "flake-compat_13", "nixpkgs": [ - "simple-nixos-mailserver", + "swarsel", + "swarsel", + "swarsel", "nixpkgs" ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "lastModified": 1758793578, + "narHash": "sha256-+7U2+A7saK1M6TWYJTtey4IX49SMOPlxpLnEBxJ7TtM=", + "owner": "Swarsel", + "repo": "fw-fanctrl", + "rev": "7ccb75900c70a93ee61f16a2da5b6ef36d7fc60f", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", + "owner": "Swarsel", + "ref": "packaging/nix", + "repo": "fw-fanctrl", + "type": "github" + } + }, + "fw-fanctrl_2": { + "inputs": { + "flake-compat": "flake-compat_17", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757943948, + "narHash": "sha256-rvXWg0baAoSTj2FXghf11muq5rnI/N9QsHBAHwBAGyU=", + "owner": "Swarsel", + "repo": "fw-fanctrl", + "rev": "96c7d0b120f218eac27a472795cd50228e6447ce", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "packaging/nix", + "repo": "fw-fanctrl", + "type": "github" + } + }, + "fw-fanctrl_3": { + "inputs": { + "flake-compat": "flake-compat_21", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743661097, + "narHash": "sha256-ZSx9BdbW+/4k3Pmecl7ZhpHXnpreuAgYxrRaJC8VmuU=", + "owner": "TamtamHero", + "repo": "fw-fanctrl", + "rev": "473575cd1753cb4ec429ea085975e48d32970894", + "type": "github" + }, + "original": { + "owner": "TamtamHero", + "ref": "packaging/nix", + "repo": "fw-fanctrl", + "type": "github" + } + }, + "fw-fanctrl_4": { + "inputs": { + "flake-compat": "flake-compat_25", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743661097, + "narHash": "sha256-ZSx9BdbW+/4k3Pmecl7ZhpHXnpreuAgYxrRaJC8VmuU=", + "owner": "TamtamHero", + "repo": "fw-fanctrl", + "rev": "473575cd1753cb4ec429ea085975e48d32970894", + "type": "github" + }, + "original": { + "owner": "TamtamHero", + "ref": "packaging/nix", + "repo": "fw-fanctrl", + "type": "github" + } + }, + "fw-fanctrl_5": { + "inputs": { + "flake-compat": "flake-compat_29", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743661097, + "narHash": "sha256-ZSx9BdbW+/4k3Pmecl7ZhpHXnpreuAgYxrRaJC8VmuU=", + "owner": "TamtamHero", + "repo": "fw-fanctrl", + "rev": "473575cd1753cb4ec429ea085975e48d32970894", + "type": "github" + }, + "original": { + "owner": "TamtamHero", + "ref": "packaging/nix", + "repo": "fw-fanctrl", "type": "github" } }, @@ -792,7 +4162,261 @@ "inputs": { "nixpkgs": [ "lanzaboote", - "pre-commit", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_10": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_11": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_12": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_13": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_14": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_15": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_17": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_18": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_19": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", "nixpkgs" ] }, @@ -832,6 +4456,175 @@ "type": "github" } }, + "gitignore_20": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_21": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_22": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_23": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_24": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_25": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gitignore_3": { "inputs": { "nixpkgs": [ @@ -878,8 +4671,102 @@ "gitignore_5": { "inputs": { "nixpkgs": [ - "simple-nixos-mailserver", - "git-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_9": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -900,20 +4787,137 @@ "gnome-shell": { "flake": false, "locked": { - "host": "gitlab.gnome.org", - "lastModified": 1762869044, - "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=", + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad", - "type": "gitlab" + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" }, "original": { - "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "gnome-49", + "ref": "48.2", "repo": "gnome-shell", - "type": "gitlab" + "type": "github" + } + }, + "gnome-shell_2": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_3": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_4": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_5": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_6": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_7": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, + "gnome-shell_8": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" } }, "haumea": { @@ -961,6 +4965,190 @@ "type": "github" } }, + "home-manager_10": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_11": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754756528, + "narHash": "sha256-W1jYKMetZSOHP5m2Z5Wokdj/ct17swPHs+MiY2WT1HQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3ec1cd9a0703fbd55d865b7fd2b07d08374f0355", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_12": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_13": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751824240, + "narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "fd9e55f5fac45a26f6169310afca64d56b681935", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_14": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_15": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751824240, + "narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "fd9e55f5fac45a26f6169310afca64d56b681935", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -982,6 +5170,166 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760571159, + "narHash": "sha256-Y086n2U0kN9HjOo+UScwQDS27gKMiIlT6vDehvlmdAg=", + "owner": "JuneStepp", + "repo": "home-manager", + "rev": "ce469fb711fe3a3e83d8f350d7ac6353ffcfe8db", + "type": "github" + }, + "original": { + "owner": "JuneStepp", + "ref": "anki-fix-booleans", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759761710, + "narHash": "sha256-6ZG7VZZsbg39gtziGSvCJKurhIahIuiCn+W6TGB5kOU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "929535c3082afdf0b18afec5ea1ef14d7689ff1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758692005, + "narHash": "sha256-bNRMXWSLM4K9cF1YaHYjLol60KIAWW4GzAoJDp5tA0w=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6ce2e18007ff022db41d9cc042f8838e8c51ed66", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_9": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -997,6 +5345,111 @@ "type": "github" } }, + "impermanence_2": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_3": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_4": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_5": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_6": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_7": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "impermanence_8": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "incl": { "inputs": { "nixlib": [ @@ -1023,16 +5476,179 @@ "lanzaboote": { "inputs": { "crane": "crane", - "nixpkgs": "nixpkgs_5", - "pre-commit": "pre-commit", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1763975256, - "narHash": "sha256-IhdDL+0YwlLz5Ty0EnAxWN/btemN9FxcQbYs/V/8jvs=", + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "6803b15c4ab9df2dcc478254b4adb55524746ac7", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_2": { + "inputs": { + "crane": "crane_3", + "flake-compat": "flake-compat_7", + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_10", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_3": { + "inputs": { + "crane": "crane_4", + "flake-compat": "flake-compat_10", + "flake-parts": "flake-parts_13", + "nixpkgs": "nixpkgs_18", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_3", + "rust-overlay": "rust-overlay_4" + }, + "locked": { + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_4": { + "inputs": { + "crane": "crane_5", + "flake-compat": "flake-compat_14", + "flake-parts": "flake-parts_18", + "nixpkgs": "nixpkgs_26", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_4", + "rust-overlay": "rust-overlay_5" + }, + "locked": { + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_5": { + "inputs": { + "crane": "crane_6", + "flake-compat": "flake-compat_18", + "flake-parts": "flake-parts_23", + "nixpkgs": "nixpkgs_34", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_5", + "rust-overlay": "rust-overlay_6" + }, + "locked": { + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_6": { + "inputs": { + "crane": "crane_7", + "flake-compat": "flake-compat_22", + "flake-parts": "flake-parts_28", + "nixpkgs": "nixpkgs_42", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_6", + "rust-overlay": "rust-overlay_7" + }, + "locked": { + "lastModified": 1754297745, + "narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "892cbdca865d6b42f9c0d222fe309f7720259855", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_7": { + "inputs": { + "crane": "crane_8", + "flake-compat": "flake-compat_26", + "flake-parts": "flake-parts_33", + "nixpkgs": "nixpkgs_50", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_7", + "rust-overlay": "rust-overlay_8" + }, + "locked": { + "lastModified": 1751381593, + "narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "f4eb75540307c2b33521322c04b7fea74e48a66f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lanzaboote_8": { + "inputs": { + "crane": "crane_9", + "flake-compat": "flake-compat_30", + "flake-parts": "flake-parts_38", + "nixpkgs": "nixpkgs_58", + "pre-commit-hooks-nix": "pre-commit-hooks-nix_8", + "rust-overlay": "rust-overlay_9" + }, + "locked": { + "lastModified": 1751381593, + "narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "f4eb75540307c2b33521322c04b7fea74e48a66f", "type": "github" }, "original": { @@ -1043,16 +5659,65 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_6", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], "spectrum": "spectrum" }, "locked": { - "lastModified": 1763928900, - "narHash": "sha256-4+5LVMFWSUppY5yvFFdV+T8Lc/rgSYEGx38/9Y20+EI=", + "lastModified": 1762030278, + "narHash": "sha256-7p3blvxYNqOHQqpW4+MzcwxLh0ur0QtNXzNuquDyDxQ=", "owner": "astro", "repo": "microvm.nix", - "rev": "e3e222005b29a78f85128573f3c6f09a11270c91", + "rev": "062a1d49f12d194855dbb87285a323f58ddfa725", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, + "microvm_2": { + "inputs": { + "flake-utils": "flake-utils_6", + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "spectrum": "spectrum_2" + }, + "locked": { + "lastModified": 1760236243, + "narHash": "sha256-u2HvURFrR6UnPbCltTOWQBvX6N8XSpCE5m0p4c8UOKA=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "67c23f6fc72e78cc4b8e46b8b9b1d3982d27bee4", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, + "microvm_3": { + "inputs": { + "flake-utils": "flake-utils_9", + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "spectrum": "spectrum_3" + }, + "locked": { + "lastModified": 1759708185, + "narHash": "sha256-s8bRMSQVILQlhbBqCKBFtIcsxbcuH2oX35JJ7FHw4BI=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "901c80e256d41f63d8036b042d1675c745c1a617", "type": "github" }, "original": { @@ -1126,17 +5791,159 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_7", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1763995371, - "narHash": "sha256-Cbekq2OAWevdTayYMO7SCf05aGHPZ236MTyCkKyYZOs=", + "lastModified": 1762026425, + "narHash": "sha256-7eDtQrr+CRZ1pLjJ6Bx7Ab9pUIowXJ7ooqEh6p3jIn8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "c4fb0f9d13fadf1b3c33e693509d8cdcbbd7d08e", + "rev": "342730d4f8e109f3506932d2be1c8f9ab19a7039", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-flake_2": { + "inputs": { + "niri-stable": "niri-stable_2", + "niri-unstable": "niri-unstable_2", + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_5", + "xwayland-satellite-stable": "xwayland-satellite-stable_2", + "xwayland-satellite-unstable": "xwayland-satellite-unstable_2" + }, + "locked": { + "lastModified": 1760432014, + "narHash": "sha256-shqc+38nKs/XS2scgJV8KP5/D0PWAXYYgf5nT6BfHNE=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "f2aa74f5d28fed7fca48cd4bea4c0803699c0f6c", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-flake_3": { + "inputs": { + "niri-stable": "niri-stable_3", + "niri-unstable": "niri-unstable_3", + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_8", + "xwayland-satellite-stable": "xwayland-satellite-stable_3", + "xwayland-satellite-unstable": "xwayland-satellite-unstable_3" + }, + "locked": { + "lastModified": 1759711756, + "narHash": "sha256-gdX1IM8MT3vTqLSXLDc9HNg30EcHkAgUXeNh4UpcyYU=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "372ecde34b3af73ae523d4b055f5bcdab00b5ee6", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-flake_4": { + "inputs": { + "niri-stable": "niri-stable_4", + "niri-unstable": "niri-unstable_4", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_11", + "xwayland-satellite-stable": "xwayland-satellite-stable_4", + "xwayland-satellite-unstable": "xwayland-satellite-unstable_4" + }, + "locked": { + "lastModified": 1758697829, + "narHash": "sha256-1pO4A16ssvjHNyHilpvxo15mBkAifCSOiLs3hBlrYdU=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "9dbeb8f613d2da107bff8375c2db7182a2bb79bb", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-flake_5": { + "inputs": { + "niri-stable": "niri-stable_5", + "niri-unstable": "niri-unstable_5", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_14", + "xwayland-satellite-stable": "xwayland-satellite-stable_5", + "xwayland-satellite-unstable": "xwayland-satellite-unstable_5" + }, + "locked": { + "lastModified": 1757870947, + "narHash": "sha256-0N8w6SB6a68kWioFmlr+KfwfG44KVjPjJIBSQKNdNhE=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "8e9b1a571399104e42d8fa5de6c28c63bff0c16a", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-flake_6": { + "inputs": { + "niri-stable": "niri-stable_6", + "niri-unstable": "niri-unstable_6", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_17", + "xwayland-satellite-stable": "xwayland-satellite-stable_6", + "xwayland-satellite-unstable": "xwayland-satellite-unstable_6" + }, + "locked": { + "lastModified": 1754797984, + "narHash": "sha256-t2WFkdB2qUyZt5rdqmJ340kqhvQWWOCJBJIc1nQ/Hg4=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "647a310f1eaa59abec8aa215ff69d8979195425e", "type": "github" }, "original": { @@ -1162,14 +5969,179 @@ "type": "github" } }, + "niri-stable_2": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-stable_3": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-stable_4": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-stable_5": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-stable_6": { + "flake": false, + "locked": { + "lastModified": 1748151941, + "narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.05.1", + "repo": "niri", + "type": "github" + } + }, "niri-unstable": { "flake": false, "locked": { - "lastModified": 1763990232, - "narHash": "sha256-RdtlZ+nufSwEgNsF0yuTOO2eGpn87Qm9b3tRQPsibH4=", + "lastModified": 1761888958, + "narHash": "sha256-YgArUHI81Esn6fOCwVSrMI2G4RI3f3BPbRbPWsJubAc=", "owner": "YaLTeR", "repo": "niri", - "rev": "45b45ac29d654c0e6759ab996c69dfde40053536", + "rev": "e2576879216a39e5c45b9d2906531bc2065e724c", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable_2": { + "flake": false, + "locked": { + "lastModified": 1760426302, + "narHash": "sha256-HEeX0wTT2DTRAgADnOmcyk7k/J8KlFosBpFp0yIVfm0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "87dc96fa69738b5d57562a0a556efa7def138539", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable_3": { + "flake": false, + "locked": { + "lastModified": 1759395653, + "narHash": "sha256-sv9J1z6CrTPf9lRJLyCN90fZVdQz7LFeX7pIlInH8BQ=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "ba6e5e082a79901dc89b0d49c5da1b769d652aec", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable_4": { + "flake": false, + "locked": { + "lastModified": 1758691861, + "narHash": "sha256-CYgoGrY/Fx+hjzp8graTxJw1M7mn1f2jBkK26M04T0s=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "e837e39623457dc5ad29c34a5ce4d4616e5fbf1e", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable_5": { + "flake": false, + "locked": { + "lastModified": 1757832020, + "narHash": "sha256-SCdus7r4IS8l3jzF8mcMFMlDvACTdmDCcsPnGUEqll0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "e6a8ad38479eb179dc7301755316f993e3e872ea", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable_6": { + "flake": false, + "locked": { + "lastModified": 1754742008, + "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", "type": "github" }, "original": { @@ -1180,14 +6152,184 @@ }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1763505477, - "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", + "lastModified": 1762022020, + "narHash": "sha256-tNj4SqLu87rV3z2Pf1Zr3vC93zYyMuLif1qLhHmQl64=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", + "rev": "fc4e3dbe4039f8ff4fc303e50491ca8ba009ffd4", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760338583, + "narHash": "sha256-IGwy02SH5K2hzIFrKMRsCmyvwOwWxrcquiv4DbKL1S4=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "9a9ab01072f78823ca627ae5e895e40d493c3ecf", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758805352, + "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758447883, + "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -1219,6 +6361,195 @@ "type": "github" } }, + "nix-formatter-pack_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_3", + "nmt": "nmt_2" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_5", + "nmt": "nmt_3" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_7", + "nmt": "nmt_4" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_9", + "nmt": "nmt_5" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_11", + "nmt": "nmt_6" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_13", + "nmt": "nmt_7" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-formatter-pack_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd_15", + "nmt": "nmt_8" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -1226,11 +6557,11 @@ ] }, "locked": { - "lastModified": 1763870992, - "narHash": "sha256-NPyc76Wxmv/vAsXJ8F+/8fXECHYcv2YGSqdiSHp/F/A=", + "lastModified": 1761451000, + "narHash": "sha256-qBJL6xEIjqYq9zOcG2vf2nPTeVBppNJzvO0LuQWMwMo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "d7423982c7a26586aa237d130b14c8b302c7a367", + "rev": "ed6b293161b378a7368cda38659eb8d3d9a0dac4", "type": "github" }, "original": { @@ -1239,23 +6570,171 @@ "type": "github" } }, - "nix-minecraft": { + "nix-index-database_2": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] }, "locked": { - "lastModified": 1763776632, - "narHash": "sha256-mvumw4Djwi6BgMKVKw5cpNt8a80+h/LvPy2AHOtzBzE=", - "owner": "Infinidoge", - "repo": "nix-minecraft", - "rev": "e6d3b589d9f1f869e68142f44654e59fcb47390c", + "lastModified": 1760241904, + "narHash": "sha256-OD7QnaGEVNdukYEbJbUNWPsvnDrpbZOZxVIk6Pt9Jhw=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "c9f5ea45f25652ec2f771f9426ccacb21cbbaeaa", "type": "github" }, "original": { - "owner": "Infinidoge", - "repo": "nix-minecraft", + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759637156, + "narHash": "sha256-8NI1SqntLfKl6Q0Luemc3aIboezSJElofUrqipF5g78=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "0ca69684091aa3a6b1fe994c4afeff305b15e915", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758427679, + "narHash": "sha256-xwjWRJTKDCjQ0iwfh7WhDhgcS0Wt3d1Yscg83mKBCn4=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "fd2569ca2ef7d69f244cd9ffcb66a0540772ff85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757822619, + "narHash": "sha256-3HIpe3P2h1AUPYcAH9cjuX0tZOqJpX01c0iDwoUYNZ8=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "050a5feb5d1bb5b6e5fc04a7d3d816923a87c9ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754195341, + "narHash": "sha256-YL71IEf2OugH3gmAsxQox6BJI0KOcHKtW2QqT/+s2SA=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "b7fcd4e26d67fca48e77de9b0d0f954b18ae9562", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751774635, + "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "85686025ba6d18df31cc651a91d5adef63378978", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751774635, + "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "85686025ba6d18df31cc651a91d5adef63378978", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", "type": "github" } }, @@ -1263,7 +6742,9 @@ "inputs": { "home-manager": "home-manager_2", "nix-formatter-pack": "nix-formatter-pack", - "nixpkgs": "nixpkgs_10", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nmd": "nmd_2" @@ -1283,19 +6764,376 @@ "type": "github" } }, + "nix-on-droid_2": { + "inputs": { + "home-manager": "home-manager_4", + "nix-formatter-pack": "nix-formatter-pack_2", + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_2", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_2", + "nmd": "nmd_4" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_3": { + "inputs": { + "home-manager": "home-manager_6", + "nix-formatter-pack": "nix-formatter-pack_3", + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_3", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_3", + "nmd": "nmd_6" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_4": { + "inputs": { + "home-manager": "home-manager_8", + "nix-formatter-pack": "nix-formatter-pack_4", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_4", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_4", + "nmd": "nmd_8" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_5": { + "inputs": { + "home-manager": "home-manager_10", + "nix-formatter-pack": "nix-formatter-pack_5", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_5", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_5", + "nmd": "nmd_10" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_6": { + "inputs": { + "home-manager": "home-manager_12", + "nix-formatter-pack": "nix-formatter-pack_6", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_6", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_6", + "nmd": "nmd_12" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_7": { + "inputs": { + "home-manager": "home-manager_14", + "nix-formatter-pack": "nix-formatter-pack_7", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_7", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_7", + "nmd": "nmd_14" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, + "nix-on-droid_8": { + "inputs": { + "home-manager": "home-manager_16", + "nix-formatter-pack": "nix-formatter-pack_8", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs_8", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_8", + "nmd": "nmd_16" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, "nix-topology": { "inputs": { "devshell": "devshell_2", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_11", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1762088663, - "narHash": "sha256-rpCvFan9Dji1Vw4HfVqYdfWesz5sKZE3uSgYR9gRreA=", + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", "owner": "oddlama", "repo": "nix-topology", - "rev": "c15f569794a0f1a437850d0ac81675bcf23ca6cb", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_2": { + "inputs": { + "devshell": "devshell_6", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_11", + "pre-commit-hooks": "pre-commit-hooks_4" + }, + "locked": { + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_3": { + "inputs": { + "devshell": "devshell_8", + "flake-utils": "flake-utils_10", + "nixpkgs": "nixpkgs_19", + "pre-commit-hooks": "pre-commit-hooks_6" + }, + "locked": { + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_4": { + "inputs": { + "devshell": "devshell_10", + "flake-utils": "flake-utils_12", + "nixpkgs": "nixpkgs_27", + "pre-commit-hooks": "pre-commit-hooks_8" + }, + "locked": { + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_5": { + "inputs": { + "devshell": "devshell_12", + "flake-utils": "flake-utils_14", + "nixpkgs": "nixpkgs_35", + "pre-commit-hooks": "pre-commit-hooks_10" + }, + "locked": { + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_6": { + "inputs": { + "devshell": "devshell_14", + "flake-utils": "flake-utils_16", + "nixpkgs": "nixpkgs_43", + "pre-commit-hooks": "pre-commit-hooks_12" + }, + "locked": { + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_7": { + "inputs": { + "devshell": "devshell_16", + "flake-utils": "flake-utils_18", + "nixpkgs": "nixpkgs_51", + "pre-commit-hooks": "pre-commit-hooks_14" + }, + "locked": { + "lastModified": 1744142264, + "narHash": "sha256-h5KyodobZm8dx/HSNN+basgdmjxrQxudjrss4gAQpZk=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "f49121cbbf4a86c560638ade406d99ee58deb7aa", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, + "nix-topology_8": { + "inputs": { + "devshell": "devshell_18", + "flake-utils": "flake-utils_20", + "nixpkgs": "nixpkgs_59", + "pre-commit-hooks": "pre-commit-hooks_16" + }, + "locked": { + "lastModified": 1744142264, + "narHash": "sha256-h5KyodobZm8dx/HSNN+basgdmjxrQxudjrss4gAQpZk=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "f49121cbbf4a86c560638ade406d99ee58deb7aa", "type": "github" }, "original": { @@ -1341,15 +7179,148 @@ }, "nixgl": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", + "owner": "guibou", + "repo": "nixGL", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_2": { + "inputs": { + "flake-utils": "flake-utils_8", "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1762090880, - "narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=", + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", "owner": "guibou", "repo": "nixGL", - "rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_3": { + "inputs": { + "flake-utils": "flake-utils_11", + "nixpkgs": "nixpkgs_20" + }, + "locked": { + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", + "owner": "guibou", + "repo": "nixGL", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_4": { + "inputs": { + "flake-utils": "flake-utils_13", + "nixpkgs": "nixpkgs_28" + }, + "locked": { + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", + "owner": "guibou", + "repo": "nixGL", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_5": { + "inputs": { + "flake-utils": "flake-utils_15", + "nixpkgs": "nixpkgs_36" + }, + "locked": { + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", + "owner": "guibou", + "repo": "nixGL", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_6": { + "inputs": { + "flake-utils": "flake-utils_17", + "nixpkgs": "nixpkgs_44" + }, + "locked": { + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", + "owner": "guibou", + "repo": "nixGL", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_7": { + "inputs": { + "flake-utils": "flake-utils_19", + "nixpkgs": "nixpkgs_52" + }, + "locked": { + "lastModified": 1751696036, + "narHash": "sha256-hXq4IOgSdAAaF/9q/2U8TBDL7aXZyQmtq4wl6USZjKo=", + "owner": "guibou", + "repo": "nixGL", + "rev": "d47b0db35dfa693c10f7c378043dcc6121d3f4ec", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixgl_8": { + "inputs": { + "flake-utils": "flake-utils_21", + "nixpkgs": "nixpkgs_60" + }, + "locked": { + "lastModified": 1751696036, + "narHash": "sha256-hXq4IOgSdAAaF/9q/2U8TBDL7aXZyQmtq4wl6USZjKo=", + "owner": "guibou", + "repo": "nixGL", + "rev": "d47b0db35dfa693c10f7c378043dcc6121d3f4ec", "type": "github" }, "original": { @@ -1373,11 +7344,118 @@ "type": "github" } }, + "nixlib_2": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_3": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_4": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_5": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_6": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_7": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_8": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixos-extra-modules": { "inputs": { "devshell": "devshell_3", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_13", + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], "nixt": "nixt", "pre-commit-hooks": "pre-commit-hooks_2" }, @@ -1391,7 +7469,6 @@ }, "original": { "owner": "oddlama", - "ref": "main", "repo": "nixos-extra-modules", "type": "github" } @@ -1399,7 +7476,184 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_15" + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_2": { + "inputs": { + "nixlib": "nixlib_2", + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_3": { + "inputs": { + "nixlib": "nixlib_3", + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_4": { + "inputs": { + "nixlib": "nixlib_4", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_5": { + "inputs": { + "nixlib": "nixlib_5", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_6": { + "inputs": { + "nixlib": "nixlib_6", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_7": { + "inputs": { + "nixlib": "nixlib_7", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_8": { + "inputs": { + "nixlib": "nixlib_8", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] }, "locked": { "lastModified": 1751903740, @@ -1417,11 +7671,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1761933221, + "narHash": "sha256-rNHeoG3ZrA94jczyLSjxCtu67YYPYIlXXr0uhG3wNxM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "7467f155fcba189eb088a7601f44fbef7688669b", "type": "github" }, "original": { @@ -1431,83 +7685,253 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": "nixos-stable", - "nixos-unstable": "nixos-unstable" - }, + "nixos-hardware_2": { "locked": { - "lastModified": 1763686321, - "narHash": "sha256-csmQ+rYF54VReDExlDQynz4rPgdu5nb+fzDDPB/HJkM=", - "owner": "Swarsel", - "repo": "nixos-images", - "rev": "f4744a931548edb964a7d0e4678ca9d56a7f158e", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { - "owner": "Swarsel", - "ref": "main", - "repo": "nixos-images", + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", "type": "github" } }, - "nixos-stable": { + "nixos-hardware_3": { "locked": { - "lastModified": 1749237914, - "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", - "ref": "nixos-25.05", - "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", - "shallow": true, - "type": "git", - "url": "https://github.com/NixOS/nixpkgs" + "lastModified": 1759582739, + "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "3441b5242af7577230a78ffb03542add264179ab", + "type": "github" }, "original": { - "ref": "nixos-25.05", - "shallow": true, - "type": "git", - "url": "https://github.com/NixOS/nixpkgs" + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" } }, - "nixos-unstable": { + "nixos-hardware_4": { "locked": { - "lastModified": 1749401433, - "narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=", - "ref": "nixpkgs-unstable", - "rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff", - "shallow": true, - "type": "git", - "url": "https://github.com/NixOS/nixpkgs" + "lastModified": 1758663926, + "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "type": "github" }, "original": { - "ref": "nixpkgs-unstable", - "shallow": true, - "type": "git", - "url": "https://github.com/NixOS/nixpkgs" + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-hardware_5": { + "locked": { + "lastModified": 1757891025, + "narHash": "sha256-NfiTk59huy/YK9H4W4wVwRYyiP2u86QqROM5KK4f5F4=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "4c38a024fa32e61db2be8573e5282b15d9733a79", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-hardware_6": { + "locked": { + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-hardware_7": { + "locked": { + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-hardware_8": { + "locked": { + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-dev": { "locked": { - "lastModified": 1763648956, - "narHash": "sha256-JBATYs0HPlATioA2kYFwUAsnzWv9Bd2tXqeCOr/ix6I=", + "lastModified": 1762578095, + "narHash": "sha256-uW5Ff1H/lVvsKcNXtU7COQifqnRQ5i/YTEPGQwundNQ=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "230b56741730ede84e7e488d11cb34044f5b54c7", + "rev": "a99a76ccf7bfbb8c5d6129e6ff69413c6db55c1a", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_2": { + "locked": { + "lastModified": 1761589965, + "narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_3": { + "locked": { + "lastModified": 1759233809, + "narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_4": { + "locked": { + "lastModified": 1758012660, + "narHash": "sha256-f3jC14FeFhapXEKzk4Hfy3LXxZ2PIpmCxciVniHXSLA=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "3c0bb56bf5189fd91ead7e1443976301a42fac37", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_5": { + "locked": { + "lastModified": 1758012660, + "narHash": "sha256-f3jC14FeFhapXEKzk4Hfy3LXxZ2PIpmCxciVniHXSLA=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "3c0bb56bf5189fd91ead7e1443976301a42fac37", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_6": { + "locked": { + "lastModified": 1756088794, + "narHash": "sha256-aBaRmk3lNNUm/1H1Jf6hA8miLg3HsYEhcuxUXTGa2gw=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "2d9f8b36adb25667fbc313f141444dea4d496850", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_7": { + "locked": { + "lastModified": 1752736260, + "narHash": "sha256-90Gt98hmw/20aOAd7KaSW6otXu7MOBctRmI9RlXD/s0=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "169c3483f7c06fbb58c9346e4d9d112c8aa7827e", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-dev_8": { + "locked": { + "lastModified": 1752440522, + "narHash": "sha256-CInQkEG3f8XwIBQxYFhuFCT+T++JPstThfifAMD0yRk=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "1f569e3bd49502cb4ec312214662d93619cf2c54", "type": "github" }, "original": { @@ -1533,6 +7957,118 @@ "type": "github" } }, + "nixpkgs-docs_2": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_3": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_4": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_5": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_6": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_7": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-docs_8": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-for-bootstrap": { "locked": { "lastModified": 1720244366, @@ -1549,6 +8085,118 @@ "type": "github" } }, + "nixpkgs-for-bootstrap_2": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_3": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_4": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_5": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_6": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_7": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nixpkgs-for-bootstrap_8": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, "nixpkgs-kernel": { "locked": { "lastModified": 1748026106, @@ -1566,13 +8214,270 @@ "type": "github" } }, + "nixpkgs-kernel_2": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_3": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_4": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_5": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_6": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_7": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, + "nixpkgs-kernel_8": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_10": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_11": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_12": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_13": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_14": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_15": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_16": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_17": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_18": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_19": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -1593,6 +8498,111 @@ "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, + "nixpkgs-lib_20": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_21": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_22": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_23": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_24": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_25": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_26": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-lib_3": { "locked": { "lastModified": 1719876945, @@ -1620,6 +8630,72 @@ "type": "github" } }, + "nixpkgs-lib_5": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_6": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_7": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_8": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_9": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1760139962, @@ -1652,6 +8728,118 @@ "type": "github" } }, + "nixpkgs-stable24_05_2": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_3": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_4": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_5": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_6": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_7": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_05_8": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable24_11": { "locked": { "lastModified": 1751274312, @@ -1668,13 +8856,125 @@ "type": "github" } }, + "nixpkgs-stable24_11_2": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_3": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_4": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_5": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_6": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_7": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable24_11_8": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable25_05": { "locked": { - "lastModified": 1763622513, - "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", "type": "github" }, "original": { @@ -1684,13 +8984,221 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_10": { "locked": { - "lastModified": 1763622513, - "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_11": { + "locked": { + "lastModified": 1758589230, + "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_12": { + "locked": { + "lastModified": 1758589230, + "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_13": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_14": { + "locked": { + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_15": { + "locked": { + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_16": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_17": { + "locked": { + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_18": { + "locked": { + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_19": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_20": { + "locked": { + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "29e290002bfff26af1db6f64d070698019460302", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_21": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_22": { + "locked": { + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { @@ -1702,11 +9210,107 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1763622513, - "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1760139962, + "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_5": { + "locked": { + "lastModified": 1760139962, + "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_6": { + "locked": { + "lastModified": 1760139962, + "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_7": { + "locked": { + "lastModified": 1759580034, + "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_8": { + "locked": { + "lastModified": 1759580034, + "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_9": { + "locked": { + "lastModified": 1759580034, + "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318", "type": "github" }, "original": { @@ -1718,15 +9322,16 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1764086288, - "narHash": "sha256-S223/Mc4Ax75PfWySz8b44jjAnz36jUk4U+XiCfMy9I=", + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c4fd5c5627b75a9aa111ccd2ac4f86906f32af2a", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -1764,69 +9369,21 @@ }, "nixpkgs_13": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", - "owner": "NixOS", + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_14": { - "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_15": { - "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_16": { - "locked": { - "lastModified": 1763835633, - "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_17": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -1842,13 +9399,13 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_15": { "locked": { - "lastModified": 1763835633, - "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", "type": "github" }, "original": { @@ -1858,13 +9415,13 @@ "type": "github" } }, - "nixpkgs_19": { + "nixpkgs_16": { "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "lastModified": 1760164275, + "narHash": "sha256-gKl2Gtro/LNf8P+4L3S2RsZ0G390ccd5MyXYrTdMCFE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", + "rev": "362791944032cb532aabbeed7887a441496d5e6e", "type": "github" }, "original": { @@ -1874,29 +9431,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_17": { "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_20": { + "nixpkgs_18": { "locked": { - "lastModified": 1763553727, - "narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=", + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "094318ea16502a7a81ce90dd3638697020f030a2", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { @@ -1906,33 +9463,80 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_19": { "locked": { - "lastModified": 1763618868, - "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_20": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_22": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", - "owner": "NixOS", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -1940,15 +9544,15 @@ }, "nixpkgs_23": { "locked": { - "lastModified": 1762977756, - "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", - "owner": "NixOS", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -1956,11 +9560,90 @@ }, "nixpkgs_24": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1759570798, + "narHash": "sha256-kbkzsUKYzKhuvMOuxt/aTwWU2mnrwoY964yN3Y4dE98=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0d4f673a88f8405ae14484e6a1ea870e0ba4ca26", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_25": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_26": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_27": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_28": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_29": { + "locked": { + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -1970,39 +9653,738 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_3": { "locked": { - "lastModified": 1761236834, - "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", "type": "github" }, "original": { "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_30": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_31": { + "locked": { + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_32": { + "locked": { + "lastModified": 1758262103, + "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01", + "type": "github" + }, + "original": { + "owner": "NixOS", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_33": { "locked": { - "lastModified": 1751274312, - "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", - "owner": "nixos", + "lastModified": 1756819007, + "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_27": { + "nixpkgs_34": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_35": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_36": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_37": { + "locked": { + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_38": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_39": { + "locked": { + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_40": { + "locked": { + "lastModified": 1757746433, + "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_41": { + "locked": { + "lastModified": 1756819007, + "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_42": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_43": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_44": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_45": { + "locked": { + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_46": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_47": { + "locked": { + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_48": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_49": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_50": { + "locked": { + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_51": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_52": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_53": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_54": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_55": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_56": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_57": { + "locked": { + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_58": { + "locked": { + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_59": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_60": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_61": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_62": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_63": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_64": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_65": { + "locked": { + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_66": { + "locked": { + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_67": { + "locked": { + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_68": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_69": { + "locked": { + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_70": { + "locked": { + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_71": { "locked": { "lastModified": 1754800730, "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", @@ -2018,60 +10400,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_72": { "locked": { - "lastModified": 1764086288, - "narHash": "sha256-S223/Mc4Ax75PfWySz8b44jjAnz36jUk4U+XiCfMy9I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c4fd5c5627b75a9aa111ccd2ac4f86906f32af2a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1763678758, - "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -2081,29 +10416,189 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_73": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_74": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "type": "github" + }, + "original": { + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs_75": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_76": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_77": { + "locked": { + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_78": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_79": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_8": { "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_80": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_81": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_82": { + "locked": { + "lastModified": 1761236834, + "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_83": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", "type": "github" }, "original": { @@ -2115,15 +10610,15 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "nixos", + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -2131,7 +10626,7 @@ }, "nixt": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" @@ -2169,6 +10664,164 @@ "type": "gitlab" } }, + "nmd_10": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_5" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_11": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_12": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_6" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_13": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_14": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_7" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_15": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_8" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, "nmd_2": { "inputs": { "nixpkgs": [ @@ -2191,6 +10844,142 @@ "type": "sourcehut" } }, + "nmd_3": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_2" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_5": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_3" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_7": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset_4" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmd_9": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, "nmt": { "flake": false, "locked": { @@ -2207,6 +10996,118 @@ "type": "gitlab" } }, + "nmt_2": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_3": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_4": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_5": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_6": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_7": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, + "nmt_8": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "nosys": { "locked": { "lastModified": 1668010795, @@ -2224,8 +11125,141 @@ }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_17" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_2": { + "inputs": { + "flake-parts": "flake-parts_9", + "nixpkgs": "nixpkgs_14" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_3": { + "inputs": { + "flake-parts": "flake-parts_14", + "nixpkgs": "nixpkgs_22" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_4": { + "inputs": { + "flake-parts": "flake-parts_19", + "nixpkgs": "nixpkgs_30" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_5": { + "inputs": { + "flake-parts": "flake-parts_24", + "nixpkgs": "nixpkgs_38" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_6": { + "inputs": { + "flake-parts": "flake-parts_29", + "nixpkgs": "nixpkgs_46" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_7": { + "inputs": { + "flake-parts": "flake-parts_34", + "nixpkgs": "nixpkgs_54" + }, + "locked": { + "lastModified": 1721304043, + "narHash": "sha256-8mY9tdjo44E23xGMcUFA2a1tUcEpz7oK5upuZZ9v5SU=", + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "rev": "b45dc5d673631c97a4b8379926de89a66561d6dc", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "nswitch-rcm-nix", + "type": "github" + } + }, + "nswitch-rcm-nix_8": { + "inputs": { + "flake-parts": "flake-parts_39", + "nixpkgs": "nixpkgs_62" }, "locked": { "lastModified": 1721304043, @@ -2243,15 +11277,218 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_18" + "flake-parts": "flake-parts_5", + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1763996502, - "narHash": "sha256-pJGdiniI2GntAsMSLBo8sNmb61XJ7Jl9vLayMl57qUo=", + "lastModified": 1762033460, + "narHash": "sha256-RXBIqO8fcw/kiveRGxFVA+j6hPJkB6ikg0I1/pueud0=", "owner": "nix-community", "repo": "NUR", - "rev": "dad4410a04874ea636c9ebae579b74342f04ea20", + "rev": "c5403cdf368174b0792dd0a155f8e5bc8f0bade7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_10": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756961635, + "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=", + "owner": "nix-community", + "repo": "NUR", + "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_11": { + "inputs": { + "flake-parts": "flake-parts_30", + "nixpkgs": "nixpkgs_47" + }, + "locked": { + "lastModified": 1754726338, + "narHash": "sha256-Zz4zAgAvgXwAzkJuhuoYFpQ9eJs/vtaYCso+rfwahsw=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ab1e2e53a418b3907f87c24ce277975438f1bd78", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_12": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751906969, + "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_13": { + "inputs": { + "flake-parts": "flake-parts_35", + "nixpkgs": "nixpkgs_55" + }, + "locked": { + "lastModified": 1751906969, + "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_14": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748730660, + "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_15": { + "inputs": { + "flake-parts": "flake-parts_40", + "nixpkgs": "nixpkgs_63" + }, + "locked": { + "lastModified": 1751906969, + "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_16": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1748730660, + "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", "type": "github" }, "original": { @@ -2285,6 +11522,169 @@ "type": "github" } }, + "nur_3": { + "inputs": { + "flake-parts": "flake-parts_10", + "nixpkgs": "nixpkgs_15" + }, + "locked": { + "lastModified": 1760434122, + "narHash": "sha256-PICj8/WLB+WSVv6d09i9n0pY2jobzDLhDijebTmwslQ=", + "owner": "nix-community", + "repo": "NUR", + "rev": "53775ebf6ee76abaa2a4462393ea26b1bbe6f655", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_4": { + "inputs": { + "flake-parts": [ + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_5": { + "inputs": { + "flake-parts": "flake-parts_15", + "nixpkgs": "nixpkgs_23" + }, + "locked": { + "lastModified": 1759783224, + "narHash": "sha256-QTsVtR+MhvH6QTFcn31Jubm7qXltInAhTFdtsPifcbA=", + "owner": "nix-community", + "repo": "NUR", + "rev": "9d6e275d4f74ac272aef29fb9845ea7da6559de6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_6": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_7": { + "inputs": { + "flake-parts": "flake-parts_20", + "nixpkgs": "nixpkgs_31" + }, + "locked": { + "lastModified": 1758706012, + "narHash": "sha256-Gee6jqg2BLBwG6uv/U7xEQRuBobbKJOLIm5/KfpcYq4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "8f016c352545dc7d55969e1ab3f1dc2f01cdb3e4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_8": { + "inputs": { + "flake-parts": [ + "swarsel", + "swarsel", + "swarsel", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756961635, + "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=", + "owner": "nix-community", + "repo": "NUR", + "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_9": { + "inputs": { + "flake-parts": "flake-parts_25", + "nixpkgs": "nixpkgs_39" + }, + "locked": { + "lastModified": 1757935448, + "narHash": "sha256-dIk3hiBlSsHZJViknedzOyTb7VjHFmty6d2P59/DRi4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "b8ed69c1bcb6c358bb1df56e2a2e64323f6572c6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "paisano": { "inputs": { "nixpkgs": [ @@ -2399,32 +11799,9 @@ "type": "github" } }, - "pre-commit": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763741496, - "narHash": "sha256-uIRqs/H18YEtMOn1OkbnPH+aNTwXKx+iU3qnxEkVUd0=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "20e71a403c5de9ce5bd799031440da9728c1cda1", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "gitignore": "gitignore_2", "nixpkgs": [ "nix-topology", @@ -2449,9 +11826,535 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_2": { + "inputs": { + "flake-compat": [ + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_5", + "nixpkgs": [ + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_3": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_8", + "nixpkgs": [ + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_4": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_11", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_5": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_14", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_6": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_17", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_7": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_20", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_8": { + "inputs": { + "flake-compat": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_23", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_10": { + "inputs": { + "flake-compat": "flake-compat_19", + "gitignore": "gitignore_15", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_11": { + "inputs": { + "flake-compat": "flake-compat_20", + "gitignore": "gitignore_16", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_12": { + "inputs": { + "flake-compat": "flake-compat_23", + "gitignore": "gitignore_18", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_13": { + "inputs": { + "flake-compat": "flake-compat_24", + "gitignore": "gitignore_19", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_14": { + "inputs": { + "flake-compat": "flake-compat_27", + "gitignore": "gitignore_21", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_15": { + "inputs": { + "flake-compat": "flake-compat_28", + "gitignore": "gitignore_22", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_16": { + "inputs": { + "flake-compat": "flake-compat_31", + "gitignore": "gitignore_24", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_17": { + "inputs": { + "flake-compat": "flake-compat_32", + "gitignore": "gitignore_25", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "gitignore": "gitignore_3", "nixpkgs": [ "nixos-extra-modules", @@ -2474,16 +12377,183 @@ }, "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_6", "gitignore": "gitignore_4", - "nixpkgs": "nixpkgs_19" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_4": { + "inputs": { + "flake-compat": "flake-compat_8", + "gitignore": "gitignore_6", + "nixpkgs": [ + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_5": { + "inputs": { + "flake-compat": "flake-compat_9", + "gitignore": "gitignore_7", + "nixpkgs": [ + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760392170, + "narHash": "sha256-WftxJgr2MeDDFK47fQKywzC72L2jRc/PWcyGdjaDzkw=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "46d55f0aeb1d567a78223e69729734f3dca25a85", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_6": { + "inputs": { + "flake-compat": "flake-compat_11", + "gitignore": "gitignore_9", + "nixpkgs": [ + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_7": { + "inputs": { + "flake-compat": "flake-compat_12", + "gitignore": "gitignore_10", + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759523803, + "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_8": { + "inputs": { + "flake-compat": "flake-compat_15", + "gitignore": "gitignore_12", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_9": { + "inputs": { + "flake-compat": "flake-compat_16", + "gitignore": "gitignore_13", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -2496,7 +12566,6 @@ "inputs": { "devshell": "devshell", "disko": "disko", - "dns": "dns", "emacs-overlay": "emacs-overlay", "flake-parts": "flake-parts", "home-manager": "home-manager", @@ -2506,15 +12575,13 @@ "niri-flake": "niri-flake", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", - "nix-minecraft": "nix-minecraft", "nix-on-droid": "nix-on-droid", "nix-topology": "nix-topology", "nixgl": "nixgl", "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixos-images": "nixos-images", - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_5", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", "nixpkgs-stable": "nixpkgs-stable_3", @@ -2524,16 +12591,16 @@ "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks_3", - "simple-nixos-mailserver": "simple-nixos-mailserver", - "smallpkgs": "smallpkgs", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", - "swarsel-nix": "swarsel-nix", - "systems": "systems_8", - "treefmt-nix": "treefmt-nix", - "vbc-nix": "vbc-nix", - "zjstatus": "zjstatus" + "swarsel": "swarsel", + "swarsel-modules": "swarsel-modules_6", + "swarsel-nix": "swarsel-nix_3", + "systems": "systems_64", + "treefmt-nix": "treefmt-nix_3", + "vbc-nix": "vbc-nix_8", + "zjstatus": "zjstatus_8" } }, "rust-analyzer-src": { @@ -2561,11 +12628,207 @@ ] }, "locked": { - "lastModified": 1763865987, - "narHash": "sha256-DJpzM8Jz3B0azJcAoF+YFHr8rEbxYLJ0wy1kWZ29HOw=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "042d905c01a6eec3bcae8530dacb19cda9758a63", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_10": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_11": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_12": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_13": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_14": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_15": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_17": { + "inputs": { + "nixpkgs": [ + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", "type": "github" }, "original": { @@ -2610,16 +12873,170 @@ "rust-overlay_3": { "inputs": { "nixpkgs": [ - "zjstatus", + "swarsel", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1754880555, - "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_8": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_9": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", "type": "github" }, "original": { @@ -2644,55 +13061,254 @@ "type": "github" } }, - "simple-nixos-mailserver": { - "inputs": { - "blobs": "blobs", - "flake-compat": "flake-compat_8", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_20" - }, + "scss-reset_2": { + "flake": false, "locked": { - "lastModified": 1763564778, - "narHash": "sha256-HSWMOylEaTtVgzIjpTbjcjVLXHDwNyV081eVUBfAcMs=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "4987d275a90392347f84923cd4cd8efcf0aa7a22", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "ref": "master", - "repo": "nixos-mailserver", - "type": "gitlab" - } - }, - "smallpkgs": { - "locked": { - "lastModified": 1749401433, - "narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff", + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", "type": "github" }, "original": { - "narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff", + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_3": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_4": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_5": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_6": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_7": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, + "scss-reset_8": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", "type": "github" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_21" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1763870012, - "narHash": "sha256-AHxFfIu73SpNLAOZbu/AvpLhZ/Szhx6gRPj9ufZtaZA=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4e7d74d92398b933cc0e0e25af5b0836efcfdde3", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_16" + }, + "locked": { + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_24" + }, + "locked": { + "lastModified": 1759635238, + "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_32" + }, + "locked": { + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_5": { + "inputs": { + "nixpkgs": "nixpkgs_40" + }, + "locked": { + "lastModified": 1757847158, + "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_6": { + "inputs": { + "nixpkgs": "nixpkgs_48" + }, + "locked": { + "lastModified": 1754328224, + "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_7": { + "inputs": { + "nixpkgs": "nixpkgs_56" + }, + "locked": { + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_8": { + "inputs": { + "nixpkgs": "nixpkgs_64" + }, + "locked": { + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { @@ -2717,17 +13333,171 @@ "url": "https://spectrum-os.org/git/spectrum" } }, + "spectrum_2": { + "flake": false, + "locked": { + "lastModified": 1759482047, + "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=", + "ref": "refs/heads/main", + "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9", + "revCount": 996, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, + "spectrum_3": { + "flake": false, + "locked": { + "lastModified": 1759482047, + "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=", + "ref": "refs/heads/main", + "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9", + "revCount": 996, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_22", - "systems": "systems_5" + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_4" }, "locked": { - "lastModified": 1763985453, - "narHash": "sha256-vUqODgLIjeyHN7DP8dVx7oH9yB/L8qcxpN//4EmMQcM=", + "lastModified": 1761452941, + "narHash": "sha256-yy+9lSj40cWS4awLqjQ5H5/7/SOf9ZarOgTzH8GHkRk=", "owner": "Gerg-l", "repo": "spicetify-nix", - "rev": "89cd40c646ec5b12e5c20c0e18f082e7629d4819", + "rev": "20a56cfc4dc794ade2e8d4346cc4a5adcd1bb512", + "type": "github" + }, + "original": { + "owner": "Gerg-l", + "repo": "spicetify-nix", + "type": "github" + } + }, + "spicetify-nix_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "systems": "systems_9" + }, + "locked": { + "lastModified": 1760243311, + "narHash": "sha256-LNrok211+WWlMGWqpGPpnGcnWhyo5SfvMv62uDiLzoI=", + "owner": "Gerg-l", + "repo": "spicetify-nix", + "rev": "93f1d45e48191a0b24c5c15e5cf369566ff75be9", + "type": "github" + }, + "original": { + "owner": "Gerg-l", + "repo": "spicetify-nix", + "type": "github" + } + }, + "spicetify-nix_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_14" + }, + "locked": { + "lastModified": 1759638324, + "narHash": "sha256-bj0L3n2UWE/DjqFjsydWsSzO74+dqUA4tiOX4At6LbM=", + "owner": "Gerg-l", + "repo": "spicetify-nix", + "rev": "c39a58510e55c4970e57176ab14b722a978e5f01", + "type": "github" + }, + "original": { + "owner": "Gerg-l", + "repo": "spicetify-nix", + "type": "github" + } + }, + "spicetify-nix_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_18" + }, + "locked": { + "lastModified": 1758584568, + "narHash": "sha256-FDxTheW6ynpbro/8eTZHhAY7J+HOf0jXeXq3jrJDcS8=", + "owner": "Gerg-l", + "repo": "spicetify-nix", + "rev": "9e9e48ca16628bf09a02bc5449d4b0761e15eebd", + "type": "github" + }, + "original": { + "owner": "Gerg-l", + "repo": "spicetify-nix", + "type": "github" + } + }, + "spicetify-nix_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_22" + }, + "locked": { + "lastModified": 1757824114, + "narHash": "sha256-cyVbc8UxyWKAuXOgqLggil2mXLZWY0wyfBWYqUwgYjM=", + "owner": "Gerg-l", + "repo": "spicetify-nix", + "rev": "d23584b2000b7f7a59a1764ff9ab93b89444bfd9", + "type": "github" + }, + "original": { + "owner": "Gerg-l", + "repo": "spicetify-nix", + "type": "github" + } + }, + "spicetify-nix_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_26" + }, + "locked": { + "lastModified": 1754196919, + "narHash": "sha256-0zATw65mNql9H8e7HWVBPpijMSbDVeK7JNivRBcUScM=", + "owner": "Gerg-l", + "repo": "spicetify-nix", + "rev": "24fcb94f7792ab755b933e1c9516996530ac1fbd", "type": "github" }, "original": { @@ -2747,7 +13517,7 @@ "blank": "blank", "devshell": "devshell_4", "dmerge": "dmerge", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_4", "incl": "incl", "makes": [ "nixos-extra-modules", @@ -2821,11 +13591,11 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_23", + "nixpkgs": "nixpkgs_9", "nur": "nur_2", - "systems": "systems_6", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -2833,11 +13603,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1763845141, - "narHash": "sha256-o8TKdZluj/yC8qPIVNe2g4qopyFmQglH52+lvQx82kE=", + "lastModified": 1761840967, + "narHash": "sha256-alE8Vesztx3tPxXpJURtYWD8x1cXaU/x+10Q6hbgGBY=", "owner": "danth", "repo": "stylix", - "rev": "adc650610085adbe130b9860d5bdb869f96050af", + "rev": "c33226f205aeab42a170913cd1f8bc3428b7e6b1", "type": "github" }, "original": { @@ -2846,11 +13616,412 @@ "type": "github" } }, + "stylix_2": { + "inputs": { + "base16": "base16_2", + "base16-fish": "base16-fish_2", + "base16-helix": "base16-helix_2", + "base16-vim": "base16-vim_2", + "firefox-gnome-theme": "firefox-gnome-theme_2", + "flake-parts": "flake-parts_11", + "gnome-shell": "gnome-shell_2", + "nixpkgs": "nixpkgs_17", + "nur": "nur_4", + "systems": "systems_10", + "tinted-foot": "tinted-foot_2", + "tinted-kitty": "tinted-kitty_2", + "tinted-schemes": "tinted-schemes_2", + "tinted-tmux": "tinted-tmux_2", + "tinted-zed": "tinted-zed_2" + }, + "locked": { + "lastModified": 1760350849, + "narHash": "sha256-JqcM5Pkm5q1c9D5zpINJsN1yCB4Vq1cL12ZuFyo32T4=", + "owner": "danth", + "repo": "stylix", + "rev": "7b4957d716f4fb615bf0e37d3b23c112579b1408", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_3": { + "inputs": { + "base16": "base16_3", + "base16-fish": "base16-fish_3", + "base16-helix": "base16-helix_3", + "base16-vim": "base16-vim_3", + "firefox-gnome-theme": "firefox-gnome-theme_3", + "flake-parts": "flake-parts_16", + "gnome-shell": "gnome-shell_3", + "nixpkgs": "nixpkgs_25", + "nur": "nur_6", + "systems": "systems_15", + "tinted-foot": "tinted-foot_3", + "tinted-kitty": "tinted-kitty_3", + "tinted-schemes": "tinted-schemes_3", + "tinted-tmux": "tinted-tmux_3", + "tinted-zed": "tinted-zed_3" + }, + "locked": { + "lastModified": 1759690047, + "narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", + "owner": "danth", + "repo": "stylix", + "rev": "09022804b2bcd217f3a41a644d26b23d30375d12", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_4": { + "inputs": { + "base16": "base16_4", + "base16-fish": "base16-fish_4", + "base16-helix": "base16-helix_4", + "base16-vim": "base16-vim_4", + "firefox-gnome-theme": "firefox-gnome-theme_4", + "flake-parts": "flake-parts_21", + "gnome-shell": "gnome-shell_4", + "nixpkgs": "nixpkgs_33", + "nur": "nur_8", + "systems": "systems_19", + "tinted-foot": "tinted-foot_4", + "tinted-kitty": "tinted-kitty_4", + "tinted-schemes": "tinted-schemes_4", + "tinted-tmux": "tinted-tmux_4", + "tinted-zed": "tinted-zed_4" + }, + "locked": { + "lastModified": 1758698745, + "narHash": "sha256-IonbUp7KTYzXS1UGraXPAa7QJFgLJrAZGswE5CfUILU=", + "owner": "danth", + "repo": "stylix", + "rev": "799c811ac53ef9820dd007b6ddf33390964c6bef", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_5": { + "inputs": { + "base16": "base16_5", + "base16-fish": "base16-fish_5", + "base16-helix": "base16-helix_5", + "base16-vim": "base16-vim_5", + "firefox-gnome-theme": "firefox-gnome-theme_5", + "flake-parts": "flake-parts_26", + "gnome-shell": "gnome-shell_5", + "nixpkgs": "nixpkgs_41", + "nur": "nur_10", + "systems": "systems_23", + "tinted-foot": "tinted-foot_5", + "tinted-kitty": "tinted-kitty_5", + "tinted-schemes": "tinted-schemes_5", + "tinted-tmux": "tinted-tmux_5", + "tinted-zed": "tinted-zed_5" + }, + "locked": { + "lastModified": 1757360005, + "narHash": "sha256-VwzdFEQCpYMU9mc7BSQGQe5wA1MuTYPJnRc9TQCTMcM=", + "owner": "danth", + "repo": "stylix", + "rev": "834a743c11d66ea18e8c54872fbcc72ce48bc57f", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_6": { + "inputs": { + "base16": "base16_6", + "base16-fish": "base16-fish_6", + "base16-helix": "base16-helix_6", + "base16-vim": "base16-vim_6", + "firefox-gnome-theme": "firefox-gnome-theme_6", + "flake-parts": "flake-parts_31", + "gnome-shell": "gnome-shell_6", + "nixpkgs": "nixpkgs_49", + "nur": "nur_12", + "systems": "systems_27", + "tinted-foot": "tinted-foot_6", + "tinted-kitty": "tinted-kitty_6", + "tinted-schemes": "tinted-schemes_6", + "tinted-tmux": "tinted-tmux_6", + "tinted-zed": "tinted-zed_6" + }, + "locked": { + "lastModified": 1754597531, + "narHash": "sha256-OpC9/PBIuL2WEJUkcuD/wVxI8r+3o6f5RylSIefjHo4=", + "owner": "danth", + "repo": "stylix", + "rev": "63bb34a66ad7d1af2e95ee20dd675896b2074c32", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_7": { + "inputs": { + "base16": "base16_7", + "base16-fish": "base16-fish_7", + "base16-helix": "base16-helix_7", + "base16-vim": "base16-vim_7", + "firefox-gnome-theme": "firefox-gnome-theme_7", + "flake-parts": "flake-parts_36", + "gnome-shell": "gnome-shell_7", + "nixpkgs": "nixpkgs_57", + "nur": "nur_14", + "systems": "systems_30", + "tinted-foot": "tinted-foot_7", + "tinted-kitty": "tinted-kitty_7", + "tinted-schemes": "tinted-schemes_7", + "tinted-tmux": "tinted-tmux_7", + "tinted-zed": "tinted-zed_7" + }, + "locked": { + "lastModified": 1751906932, + "narHash": "sha256-vRZH3bq24I/heef0AIFnaBmDGdQSpTmyjT4vtpa7qqk=", + "owner": "danth", + "repo": "stylix", + "rev": "c538d1a3571386eaaca31aef7bb5fd5c155327b0", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "stylix_8": { + "inputs": { + "base16": "base16_8", + "base16-fish": "base16-fish_8", + "base16-helix": "base16-helix_8", + "base16-vim": "base16-vim_8", + "firefox-gnome-theme": "firefox-gnome-theme_8", + "flake-parts": "flake-parts_41", + "gnome-shell": "gnome-shell_8", + "nixpkgs": "nixpkgs_65", + "nur": "nur_16", + "systems": "systems_33", + "tinted-foot": "tinted-foot_8", + "tinted-kitty": "tinted-kitty_8", + "tinted-schemes": "tinted-schemes_8", + "tinted-tmux": "tinted-tmux_8", + "tinted-zed": "tinted-zed_8" + }, + "locked": { + "lastModified": 1751906932, + "narHash": "sha256-vRZH3bq24I/heef0AIFnaBmDGdQSpTmyjT4vtpa7qqk=", + "owner": "danth", + "repo": "stylix", + "rev": "c538d1a3571386eaaca31aef7bb5fd5c155327b0", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, + "swarsel": { + "inputs": { + "devshell": "devshell_5", + "disko": "disko_2", + "emacs-overlay": "emacs-overlay_2", + "flake-parts": "flake-parts_7", + "home-manager": "home-manager_3", + "impermanence": "impermanence_2", + "lanzaboote": "lanzaboote_2", + "microvm": "microvm_2", + "niri-flake": "niri-flake_2", + "nix-darwin": "nix-darwin_2", + "nix-index-database": "nix-index-database_2", + "nix-on-droid": "nix-on-droid_2", + "nix-topology": "nix-topology_2", + "nixgl": "nixgl_2", + "nixos-generators": "nixos-generators_2", + "nixos-hardware": "nixos-hardware_2", + "nixpkgs": "nixpkgs_13", + "nixpkgs-dev": "nixpkgs-dev_2", + "nixpkgs-kernel": "nixpkgs-kernel_2", + "nixpkgs-stable": "nixpkgs-stable_6", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_2", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_2", + "nswitch-rcm-nix": "nswitch-rcm-nix_2", + "nur": "nur_3", + "pre-commit-hooks": "pre-commit-hooks_5", + "sops-nix": "sops-nix_2", + "spicetify-nix": "spicetify-nix_2", + "stylix": "stylix_2", + "swarsel": "swarsel_2", + "swarsel-modules": "swarsel-modules_5", + "swarsel-nix": "swarsel-nix_2", + "systems": "systems_59", + "vbc-nix": "vbc-nix_7", + "zjstatus": "zjstatus_7" + }, + "locked": { + "lastModified": 1762037797, + "narHash": "sha256-5tDtggBgcwLvUPbXUo2Jwu4cXKPXxCaUZ9KArrr9uXQ=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "40b42028d2e56e091d6b687c252ce2c86fb03f5f", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel-modules": { + "inputs": { + "flake-parts": "flake-parts_42", + "nixpkgs": "nixpkgs_68", + "systems": "systems_40" + }, + "locked": { + "lastModified": 1756088962, + "narHash": "sha256-YkCFGvVfT3TcXTIhnzctUCft5Do8NIwTGqwToKUMY3Y=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "f1ceec3b17ed4b009ee9bac92c14308f57bcedb7", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, + "swarsel-modules_2": { + "inputs": { + "flake-parts": "flake-parts_43", + "nixpkgs": "nixpkgs_70", + "systems": "systems_44" + }, + "locked": { + "lastModified": 1756090249, + "narHash": "sha256-agns3Ql6JdfJw6esJ7OX7302HWzE2mWOepm5ZDU0E4U=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "43262a7b53ee0e0c9646e46f0a60cd50845e908d", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, + "swarsel-modules_3": { + "inputs": { + "flake-parts": "flake-parts_44", + "nixpkgs": "nixpkgs_72", + "systems": "systems_48" + }, + "locked": { + "lastModified": 1757950182, + "narHash": "sha256-+dfxuorjUbaTvn+GNJMyCTbJjUVkkGTEIIaWpK2lGWM=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "161c215217c9d6037658b00eebca9d420a44a733", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, + "swarsel-modules_4": { + "inputs": { + "flake-parts": "flake-parts_45", + "nixpkgs": "nixpkgs_74", + "systems": "systems_52" + }, + "locked": { + "lastModified": 1757950182, + "narHash": "sha256-+dfxuorjUbaTvn+GNJMyCTbJjUVkkGTEIIaWpK2lGWM=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "161c215217c9d6037658b00eebca9d420a44a733", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, + "swarsel-modules_5": { + "inputs": { + "flake-parts": "flake-parts_47", + "nixpkgs": "nixpkgs_77", + "systems": "systems_57" + }, + "locked": { + "lastModified": 1757950182, + "narHash": "sha256-+dfxuorjUbaTvn+GNJMyCTbJjUVkkGTEIIaWpK2lGWM=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "161c215217c9d6037658b00eebca9d420a44a733", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, + "swarsel-modules_6": { + "inputs": { + "flake-parts": "flake-parts_49", + "nixpkgs": "nixpkgs_80", + "systems": "systems_62" + }, + "locked": { + "lastModified": 1757950182, + "narHash": "sha256-+dfxuorjUbaTvn+GNJMyCTbJjUVkkGTEIIaWpK2lGWM=", + "owner": "Swarsel", + "repo": "swarsel-modules", + "rev": "161c215217c9d6037658b00eebca9d420a44a733", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-modules", + "type": "github" + } + }, "swarsel-nix": { "inputs": { - "flake-parts": "flake-parts_6", - "nixpkgs": "nixpkgs_24", - "systems": "systems_7" + "flake-parts": "flake-parts_46", + "nixpkgs": "nixpkgs_75", + "systems": "systems_53" }, "locked": { "lastModified": 1760190732, @@ -2867,6 +14038,342 @@ "type": "github" } }, + "swarsel-nix_2": { + "inputs": { + "flake-parts": "flake-parts_48", + "nixpkgs": "nixpkgs_78", + "systems": "systems_58" + }, + "locked": { + "lastModified": 1760190732, + "narHash": "sha256-Bxn/5+MCKOzR9LgUyHDhxCU3eejxz+hfsAT9Sqqz6B0=", + "owner": "Swarsel", + "repo": "swarsel-nix", + "rev": "f0ab1f68c94d777aa7d0a8f23745cb9aa8172fd4", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-nix", + "type": "github" + } + }, + "swarsel-nix_3": { + "inputs": { + "flake-parts": "flake-parts_50", + "nixpkgs": "nixpkgs_81", + "systems": "systems_63" + }, + "locked": { + "lastModified": 1760190732, + "narHash": "sha256-Bxn/5+MCKOzR9LgUyHDhxCU3eejxz+hfsAT9Sqqz6B0=", + "owner": "Swarsel", + "repo": "swarsel-nix", + "rev": "f0ab1f68c94d777aa7d0a8f23745cb9aa8172fd4", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "swarsel-nix", + "type": "github" + } + }, + "swarsel_2": { + "inputs": { + "devshell": "devshell_7", + "disko": "disko_3", + "emacs-overlay": "emacs-overlay_3", + "flake-parts": "flake-parts_12", + "home-manager": "home-manager_5", + "impermanence": "impermanence_3", + "lanzaboote": "lanzaboote_3", + "microvm": "microvm_3", + "niri-flake": "niri-flake_3", + "nix-darwin": "nix-darwin_3", + "nix-index-database": "nix-index-database_3", + "nix-on-droid": "nix-on-droid_3", + "nix-topology": "nix-topology_3", + "nixgl": "nixgl_3", + "nixos-generators": "nixos-generators_3", + "nixos-hardware": "nixos-hardware_3", + "nixpkgs": "nixpkgs_21", + "nixpkgs-dev": "nixpkgs-dev_3", + "nixpkgs-kernel": "nixpkgs-kernel_3", + "nixpkgs-stable": "nixpkgs-stable_9", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_3", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_3", + "nswitch-rcm-nix": "nswitch-rcm-nix_3", + "nur": "nur_5", + "pre-commit-hooks": "pre-commit-hooks_7", + "sops-nix": "sops-nix_3", + "spicetify-nix": "spicetify-nix_3", + "stylix": "stylix_3", + "swarsel": "swarsel_3", + "swarsel-modules": "swarsel-modules_4", + "swarsel-nix": "swarsel-nix", + "systems": "systems_54", + "vbc-nix": "vbc-nix_6", + "zjstatus": "zjstatus_6" + }, + "locked": { + "lastModified": 1760219467, + "narHash": "sha256-DcbzT2+6RElOsaaToQAoYnHLEBqFm0pomLaOhgxyHZ4=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "95fa226b9e70df2b7f78cdd630583c842a38e822", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel_3": { + "inputs": { + "devshell": "devshell_9", + "disko": "disko_4", + "emacs-overlay": "emacs-overlay_4", + "flake-parts": "flake-parts_17", + "fw-fanctrl": "fw-fanctrl", + "home-manager": "home-manager_7", + "impermanence": "impermanence_4", + "lanzaboote": "lanzaboote_4", + "niri-flake": "niri-flake_4", + "nix-darwin": "nix-darwin_4", + "nix-index-database": "nix-index-database_4", + "nix-on-droid": "nix-on-droid_4", + "nix-topology": "nix-topology_4", + "nixgl": "nixgl_4", + "nixos-generators": "nixos-generators_4", + "nixos-hardware": "nixos-hardware_4", + "nixpkgs": "nixpkgs_29", + "nixpkgs-dev": "nixpkgs-dev_4", + "nixpkgs-kernel": "nixpkgs-kernel_4", + "nixpkgs-stable": "nixpkgs-stable_12", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_4", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_4", + "nswitch-rcm-nix": "nswitch-rcm-nix_4", + "nur": "nur_7", + "pre-commit-hooks": "pre-commit-hooks_9", + "sops-nix": "sops-nix_4", + "spicetify-nix": "spicetify-nix_4", + "stylix": "stylix_4", + "swarsel": "swarsel_4", + "swarsel-modules": "swarsel-modules_3", + "systems": "systems_49", + "vbc-nix": "vbc-nix_5", + "zjstatus": "zjstatus_5" + }, + "locked": { + "lastModified": 1758869406, + "narHash": "sha256-TulduD1ANpUvR9WNm3Hci+crvfTETd0Y3RevczQR8SQ=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "a896d5eb5db719b7539825d355ab1bb8ec563b4b", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel_4": { + "inputs": { + "devshell": "devshell_11", + "disko": "disko_5", + "emacs-overlay": "emacs-overlay_5", + "flake-parts": "flake-parts_22", + "fw-fanctrl": "fw-fanctrl_2", + "home-manager": "home-manager_9", + "impermanence": "impermanence_5", + "lanzaboote": "lanzaboote_5", + "niri-flake": "niri-flake_5", + "nix-darwin": "nix-darwin_5", + "nix-index-database": "nix-index-database_5", + "nix-on-droid": "nix-on-droid_5", + "nix-topology": "nix-topology_5", + "nixgl": "nixgl_5", + "nixos-generators": "nixos-generators_5", + "nixos-hardware": "nixos-hardware_5", + "nixpkgs": "nixpkgs_37", + "nixpkgs-dev": "nixpkgs-dev_5", + "nixpkgs-kernel": "nixpkgs-kernel_5", + "nixpkgs-stable": "nixpkgs-stable_15", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_5", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_5", + "nswitch-rcm-nix": "nswitch-rcm-nix_5", + "nur": "nur_9", + "pre-commit-hooks": "pre-commit-hooks_11", + "sops-nix": "sops-nix_5", + "spicetify-nix": "spicetify-nix_5", + "stylix": "stylix_5", + "swarsel": "swarsel_5", + "swarsel-modules": "swarsel-modules_2", + "systems": "systems_45", + "vbc-nix": "vbc-nix_4", + "zjstatus": "zjstatus_4" + }, + "locked": { + "lastModified": 1758712194, + "narHash": "sha256-ySYaSpCWBd0tlhnuJJY9XqcUNGXrACGMXVhTiigThhg=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "355cf03bd13a9325bb8ef10912900fe3623771ac", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel_5": { + "inputs": { + "devshell": "devshell_13", + "disko": "disko_6", + "emacs-overlay": "emacs-overlay_6", + "flake-parts": "flake-parts_27", + "fw-fanctrl": "fw-fanctrl_3", + "home-manager": "home-manager_11", + "impermanence": "impermanence_6", + "lanzaboote": "lanzaboote_6", + "niri-flake": "niri-flake_6", + "nix-darwin": "nix-darwin_6", + "nix-index-database": "nix-index-database_6", + "nix-on-droid": "nix-on-droid_6", + "nix-topology": "nix-topology_6", + "nixgl": "nixgl_6", + "nixos-generators": "nixos-generators_6", + "nixos-hardware": "nixos-hardware_6", + "nixpkgs": "nixpkgs_45", + "nixpkgs-dev": "nixpkgs-dev_6", + "nixpkgs-kernel": "nixpkgs-kernel_6", + "nixpkgs-stable": "nixpkgs-stable_18", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_6", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_6", + "nswitch-rcm-nix": "nswitch-rcm-nix_6", + "nur": "nur_11", + "pre-commit-hooks": "pre-commit-hooks_13", + "sops-nix": "sops-nix_6", + "spicetify-nix": "spicetify-nix_6", + "stylix": "stylix_6", + "swarsel": "swarsel_6", + "swarsel-modules": "swarsel-modules", + "systems": "systems_41", + "vbc-nix": "vbc-nix_3", + "zjstatus": "zjstatus_3" + }, + "locked": { + "lastModified": 1756257870, + "narHash": "sha256-Hd4fEVT1CMgcHezEIM0EEsB8oRXGbz24D4LbkVRtTHQ=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "0848f04326bc9630f8081f37582d3fa146e0ef94", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel_6": { + "inputs": { + "devshell": "devshell_15", + "disko": "disko_7", + "emacs-overlay": "emacs-overlay_7", + "flake-parts": "flake-parts_32", + "fw-fanctrl": "fw-fanctrl_4", + "home-manager": "home-manager_13", + "impermanence": "impermanence_7", + "lanzaboote": "lanzaboote_7", + "nix-darwin": "nix-darwin_7", + "nix-index-database": "nix-index-database_7", + "nix-on-droid": "nix-on-droid_7", + "nix-topology": "nix-topology_7", + "nixgl": "nixgl_7", + "nixos-generators": "nixos-generators_7", + "nixos-hardware": "nixos-hardware_7", + "nixpkgs": "nixpkgs_53", + "nixpkgs-dev": "nixpkgs-dev_7", + "nixpkgs-kernel": "nixpkgs-kernel_7", + "nixpkgs-stable": "nixpkgs-stable_20", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_7", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_7", + "nswitch-rcm-nix": "nswitch-rcm-nix_7", + "nur": "nur_13", + "pre-commit-hooks": "pre-commit-hooks_15", + "sops-nix": "sops-nix_7", + "stylix": "stylix_7", + "swarsel": "swarsel_7", + "systems": "systems_37", + "vbc-nix": "vbc-nix_2", + "zjstatus": "zjstatus_2" + }, + "locked": { + "lastModified": 1754349779, + "narHash": "sha256-7iNPObM2jj2vMW/vADukJv7v5/pm0Y06jE5AH4WBWYg=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "9577cdf243bee1062bb05ca378f7bcf834569baa", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, + "swarsel_7": { + "inputs": { + "devshell": "devshell_17", + "disko": "disko_8", + "emacs-overlay": "emacs-overlay_8", + "flake-parts": "flake-parts_37", + "fw-fanctrl": "fw-fanctrl_5", + "home-manager": "home-manager_15", + "impermanence": "impermanence_8", + "lanzaboote": "lanzaboote_8", + "nix-darwin": "nix-darwin_8", + "nix-index-database": "nix-index-database_8", + "nix-on-droid": "nix-on-droid_8", + "nix-topology": "nix-topology_8", + "nixgl": "nixgl_8", + "nixos-generators": "nixos-generators_8", + "nixos-hardware": "nixos-hardware_8", + "nixpkgs": "nixpkgs_61", + "nixpkgs-dev": "nixpkgs-dev_8", + "nixpkgs-kernel": "nixpkgs-kernel_8", + "nixpkgs-stable": "nixpkgs-stable_22", + "nixpkgs-stable24_05": "nixpkgs-stable24_05_8", + "nixpkgs-stable24_11": "nixpkgs-stable24_11_8", + "nswitch-rcm-nix": "nswitch-rcm-nix_8", + "nur": "nur_15", + "pre-commit-hooks": "pre-commit-hooks_17", + "sops-nix": "sops-nix_8", + "stylix": "stylix_8", + "systems": "systems_34", + "vbc-nix": "vbc-nix", + "zjstatus": "zjstatus" + }, + "locked": { + "lastModified": 1752459314, + "narHash": "sha256-M5HXx+T6MZpMyjsQL2i8k4BHmX5SsYYHaS612/7pOnk=", + "owner": "Swarsel", + "repo": ".dotfiles", + "rev": "21c1067572f4469a6f889a63b422a75a5972730f", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": ".dotfiles", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -2897,6 +14404,141 @@ "type": "github" } }, + "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_12": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_13": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_14": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_15": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_16": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_17": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_18": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_19": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -2912,6 +14554,156 @@ "type": "github" } }, + "systems_20": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_21": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_22": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_23": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_24": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_25": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_26": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_27": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_28": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_29": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_3": { "locked": { "lastModified": 1681028828, @@ -2927,6 +14719,156 @@ "type": "github" } }, + "systems_30": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_31": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_32": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_33": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_34": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_35": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_36": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_37": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_38": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_39": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_4": { "locked": { "lastModified": 1681028828, @@ -2942,6 +14884,156 @@ "type": "github" } }, + "systems_40": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_41": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_42": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_43": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_44": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_45": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_46": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_47": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_48": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_49": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_5": { "locked": { "lastModified": 1681028828, @@ -2957,6 +15049,156 @@ "type": "github" } }, + "systems_50": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_51": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_52": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_53": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_54": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_55": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_56": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_57": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_58": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_59": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_6": { "locked": { "lastModified": 1681028828, @@ -2972,6 +15214,111 @@ "type": "github" } }, + "systems_60": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_61": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_62": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_63": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_64": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_65": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_66": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_7": { "locked": { "lastModified": 1681028828, @@ -3004,16 +15351,16 @@ }, "systems_9": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -3034,6 +15381,125 @@ "type": "github" } }, + "tinted-foot_2": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_3": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_4": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_5": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_6": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_7": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_8": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, "tinted-kitty": { "flake": false, "locked": { @@ -3050,6 +15516,118 @@ "type": "github" } }, + "tinted-kitty_2": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_3": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_4": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_5": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_6": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_7": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_8": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, "tinted-schemes": { "flake": false, "locked": { @@ -3066,6 +15644,118 @@ "type": "github" } }, + "tinted-schemes_2": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_3": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_4": { + "flake": false, + "locked": { + "lastModified": 1754779259, + "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_5": { + "flake": false, + "locked": { + "lastModified": 1754779259, + "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_6": { + "flake": false, + "locked": { + "lastModified": 1750770351, + "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_7": { + "flake": false, + "locked": { + "lastModified": 1748180480, + "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_8": { + "flake": false, + "locked": { + "lastModified": 1748180480, + "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, "tinted-tmux": { "flake": false, "locked": { @@ -3082,6 +15772,118 @@ "type": "github" } }, + "tinted-tmux_2": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_3": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_4": { + "flake": false, + "locked": { + "lastModified": 1754788770, + "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "fb2175accef8935f6955503ec9dd3c973eec385c", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_5": { + "flake": false, + "locked": { + "lastModified": 1754788770, + "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "fb2175accef8935f6955503ec9dd3c973eec385c", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_6": { + "flake": false, + "locked": { + "lastModified": 1751159871, + "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_7": { + "flake": false, + "locked": { + "lastModified": 1748740859, + "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_8": { + "flake": false, + "locked": { + "lastModified": 1748740859, + "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, "tinted-zed": { "flake": false, "locked": { @@ -3098,9 +15900,178 @@ "type": "github" } }, + "tinted-zed_2": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_3": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_4": { + "flake": false, + "locked": { + "lastModified": 1755613540, + "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_5": { + "flake": false, + "locked": { + "lastModified": 1755613540, + "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_6": { + "flake": false, + "locked": { + "lastModified": 1751158968, + "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_7": { + "flake": false, + "locked": { + "lastModified": 1725758778, + "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_8": { + "flake": false, + "locked": { + "lastModified": 1725758778, + "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_82" }, "locked": { "lastModified": 1762938485, @@ -3118,8 +16089,192 @@ }, "vbc-nix": { "inputs": { - "nixpkgs": "nixpkgs_26", - "systems": "systems_9" + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_35" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_2": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_38" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_3": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_42" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_4": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_46" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_5": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_50" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "nixpkgs" + ], + "systems": "systems_55" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_7": { + "inputs": { + "nixpkgs": [ + "swarsel", + "nixpkgs" + ], + "systems": "systems_60" + }, + "locked": { + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "ref": "main", + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/vbc-it/vbc-nix.git" + } + }, + "vbc-nix_8": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_65" }, "locked": { "lastModified": 1742477270, @@ -3153,14 +16308,179 @@ "type": "github" } }, + "xwayland-satellite-stable_2": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-stable_3": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-stable_4": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-stable_5": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-stable_6": { + "flake": false, + "locked": { + "lastModified": 1748488455, + "narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.6", + "repo": "xwayland-satellite", + "type": "github" + } + }, "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1763704521, - "narHash": "sha256-ceYEV6PnvUN8Zixao4gpPuN+VT3B0SlAXKuPNHZhqUY=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "f379ff5722a821212eb59ada9cf8e51cb3654aad", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable_2": { + "flake": false, + "locked": { + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable_3": { + "flake": false, + "locked": { + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable_4": { + "flake": false, + "locked": { + "lastModified": 1758577423, + "narHash": "sha256-sB2GAOjhjoWnjU6A/uHNJiY6O3UeztV5pJAN2g1FkXU=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "03368548ba745e17a85bd631613a59cb2d8469a4", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable_5": { + "flake": false, + "locked": { + "lastModified": 1757179758, + "narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "970728d0d9d1eada342bb8860af214b601139e58", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable_6": { + "flake": false, + "locked": { + "lastModified": 1754533920, + "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", "type": "github" }, "original": { @@ -3194,10 +16514,157 @@ }, "zjstatus": { "inputs": { - "crane": "crane_3", - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_27", - "rust-overlay": "rust-overlay_3" + "crane": "crane_10", + "flake-utils": "flake-utils_22", + "nixpkgs": "nixpkgs_66", + "rust-overlay": "rust-overlay_10" + }, + "locked": { + "lastModified": 1750957292, + "narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "abd848f23eff00d21ec09278072111d97dfd7fe6", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_2": { + "inputs": { + "crane": "crane_11", + "flake-utils": "flake-utils_23", + "nixpkgs": "nixpkgs_67", + "rust-overlay": "rust-overlay_11" + }, + "locked": { + "lastModified": 1750957292, + "narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "abd848f23eff00d21ec09278072111d97dfd7fe6", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_3": { + "inputs": { + "crane": "crane_12", + "flake-utils": "flake-utils_24", + "nixpkgs": "nixpkgs_69", + "rust-overlay": "rust-overlay_12" + }, + "locked": { + "lastModified": 1753722377, + "narHash": "sha256-L9CujCLS4PmpEhGKqezD4DognRNcYDz/oAL7T8jqCxk=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "f6c28d9b780891afa693d1b9be4384b16ae7a578", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_4": { + "inputs": { + "crane": "crane_13", + "flake-utils": "flake-utils_25", + "nixpkgs": "nixpkgs_71", + "rust-overlay": "rust-overlay_13" + }, + "locked": { + "lastModified": 1757256304, + "narHash": "sha256-qANK2Hwhi4Nbpcsy6lunncyt725gthaSX/0dLluBxtw=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "e2ea91819408f0b0dd7ee15249341cace6eb09cc", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_5": { + "inputs": { + "crane": "crane_14", + "flake-utils": "flake-utils_26", + "nixpkgs": "nixpkgs_73", + "rust-overlay": "rust-overlay_14" + }, + "locked": { + "lastModified": 1757256304, + "narHash": "sha256-qANK2Hwhi4Nbpcsy6lunncyt725gthaSX/0dLluBxtw=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "e2ea91819408f0b0dd7ee15249341cace6eb09cc", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_6": { + "inputs": { + "crane": "crane_15", + "flake-utils": "flake-utils_27", + "nixpkgs": "nixpkgs_76", + "rust-overlay": "rust-overlay_15" + }, + "locked": { + "lastModified": 1757256304, + "narHash": "sha256-qANK2Hwhi4Nbpcsy6lunncyt725gthaSX/0dLluBxtw=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "e2ea91819408f0b0dd7ee15249341cace6eb09cc", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_7": { + "inputs": { + "crane": "crane_16", + "flake-utils": "flake-utils_28", + "nixpkgs": "nixpkgs_79", + "rust-overlay": "rust-overlay_16" + }, + "locked": { + "lastModified": 1757256304, + "narHash": "sha256-qANK2Hwhi4Nbpcsy6lunncyt725gthaSX/0dLluBxtw=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "e2ea91819408f0b0dd7ee15249341cace6eb09cc", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_8": { + "inputs": { + "crane": "crane_17", + "flake-utils": "flake-utils_29", + "nixpkgs": "nixpkgs_83", + "rust-overlay": "rust-overlay_17" }, "locked": { "lastModified": 1761162625, diff --git a/flake.nix b/flake.nix index 944e25f..363b431 100644 --- a/flake.nix +++ b/flake.nix @@ -11,57 +11,100 @@ }; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable25_05.url = "github:NixOS/nixpkgs/nixos-25.05"; - + systems.url = "github:nix-systems/default"; + swarsel-modules.url = "github:Swarsel/swarsel-modules/main"; + swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; home-manager = { # url = "github:nix-community/home-manager"; url = "github:Swarsel/home-manager/main"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; + swarsel.url = "github:Swarsel/.dotfiles"; + emacs-overlay = { + # url = "github:nix-community/emacs-overlay"; + url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # emacs-overlay.url = "github:nix-community/emacs-overlay"; - emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; - swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; - systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; stylix.url = "github:danth/stylix"; sops-nix.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; - nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; - nixos-generators.url = "github:nix-community/nixos-generators"; - nixos-images.url = "github:Swarsel/nixos-images/main"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix"; - disko.url = "github:nix-community/disko"; + nix-on-droid = { + url = "github:nix-community/nix-on-droid/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; + nswitch-rcm-nix = { + url = "github:Swarsel/nswitch-rcm-nix"; + }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; impermanence.url = "github:nix-community/impermanence"; - zjstatus.url = "github:dj95/zjstatus"; - nix-darwin.url = "github:lnl7/nix-darwin"; - pre-commit-hooks.url = "github:cachix/git-hooks.nix"; - vbc-nix.url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main"; + zjstatus = { + url = "github:dj95/zjstatus"; + }; + # has been upstreamed + # fw-fanctrl = { + # # url = "github:TamtamHero/fw-fanctrl/packaging/nix"; + # url = "github:Swarsel/fw-fanctrl/packaging/nix"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + nix-darwin = { + url = "github:lnl7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + pre-commit-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vbc-nix = { + url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-topology.url = "github:oddlama/nix-topology"; flake-parts.url = "github:hercules-ci/flake-parts"; - devshell.url = "github:numtide/devshell"; - spicetify-nix.url = "github:Gerg-l/spicetify-nix"; - niri-flake.url = "github:sodiboo/niri-flake"; - nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; - microvm.url = "github:astro/microvm.nix"; + devshell = { + url = "github:numtide/devshell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + spicetify-nix = { + url = "github:Gerg-l/spicetify-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + microvm = { + url = "github:astro/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; treefmt-nix.url = "github:numtide/treefmt-nix"; - dns.url = "github:kirelagin/dns.nix"; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; - }; + }; outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { diff --git a/hosts/home/aarch64-linux/treehouse/default.nix b/hosts/home/aarch64-linux/treehouse/default.nix index 90acf4b..459976e 100644 --- a/hosts/home/aarch64-linux/treehouse/default.nix +++ b/hosts/home/aarch64-linux/treehouse/default.nix @@ -1,4 +1,4 @@ -{ self, pkgs, ... }: +{ self, ... }: { imports = [ @@ -16,15 +16,11 @@ }; }; - home.packages = with pkgs; [ - attic-client - ]; # programs.zsh.initContent = " # export GPG_TTY=\"$(tty)\" # export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) # gpgconf --launch gpg-agent # "; - swarselmodules.pii = true; swarselsystems = { isLaptop = false; diff --git a/hosts/nixos/aarch64-linux/belchsfactory/default.nix b/hosts/nixos/aarch64-linux/belchsfactory/default.nix deleted file mode 100644 index cd85107..0000000 --- a/hosts/nixos/aarch64-linux/belchsfactory/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ self, lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - node.lockFromBootstrapping = lib.mkForce false; - - topology.self = { - icon = "devices.cloud-server"; - }; - swarselmodules.server.nginx = false; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - server = { - garage = { - data_dir = { - capacity = "150G"; - path = "/var/lib/garage/data"; - }; - keys = { - nixos = [ - "attic" - ]; - }; - buckets = [ - "attic" - ]; - }; - }; - }; -} // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - ssh-builder = lib.mkDefault true; - postgresql = lib.mkDefault true; - attic = lib.mkDefault true; - garage = lib.mkDefault true; - }; - -} diff --git a/hosts/nixos/aarch64-linux/belchsfactory/disk-config.nix b/hosts/nixos/aarch64-linux/belchsfactory/disk-config.nix deleted file mode 100644 index 9a98cce..0000000 --- a/hosts/nixos/aarch64-linux/belchsfactory/disk-config.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ lib, pkgs, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/aarch64-linux/belchsfactory/hardware-configuration.nix b/hosts/nixos/aarch64-linux/belchsfactory/hardware-configuration.nix deleted file mode 100644 index 2278aaf..0000000 --- a/hosts/nixos/aarch64-linux/belchsfactory/hardware-configuration.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; -} diff --git a/hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc deleted file mode 100644 index efc25e8..0000000 --- a/hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:8qaX0CjyxK8qoAyVyxwfXlejWyGSY579EVmmUCi9PPyB5LyPjfDvXxlRFCOlC6eYbSJ1AWLqqZ6yYgZaimUHkOTh7dL+D4wSkmGeRnxZoQhq9n9sYZPJUfqEhMwEGxlrAvchXJuruZG+Tp9+Ev0if9f9J9qdU1y+yLGQxc2vnibMg2uxdpfYjHaDWa9bybRQZxINkD//um8uxkRs0xvWgZu63ReQZMPjx9K3vNtdJTZsW5+ZUB368QA2mnry2Zf60PWJT/+NsNKIwyzjhUNJ/eTFxjNJ4zPj/AnXFezfGvpVu6XFYsLk5uPb3XfpUlCj4mTVvmVlA40lf4rOhyoRRAW8d28puJArBf3nPzIkWQUfmFwO5EE3qPDkjMlaRa/RdRx0dvrbLDv7Ujt1XaK8bl3Vkz77oumCYFPV7J4mAeu3/LFBAoWKik6Wj8WQE+QwUWo=,iv:ZQaOO2Blpqn+Xnzt4fcPu+rNAvEdluwJEYRxPVItLcU=,tag:rKJ5g27ZK1wCpcyCVfffpA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbi9PZkRob2JkcjlEMUJu\nSG5TemplWkhWVXZNWStCVXhrUlFRSUtPeWk4CjZEQVN4b1lYVkxYQmU0SEJ0QnAv\nTE9IdHZUYmVjb0hxSno1QWxGN1ZMUFEKLS0tIEwrVU5uZmZPRGdZcjVsVk1IQ1Vv\nRXdMcW0xR2g5SCswKzF5RkIwUmtocDgKVI/EMQuvfKGeJH7wFm8VP5rKLhYKOlPt\nA+QIDAdrtFogW9Swwhzxu1tIOfMXzfyW9P+ec/b6/vU96PMqJQ6ZGg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-11-28T14:15:06Z", - "mac": "ENC[AES256_GCM,data:TxnVPtRHzUEr9StM3RlOgqD11036yM74HL1Q8ZkNSU89geAaUoDj8LJD1QKglDT5UNzfKeaZD4DT6bqill+H5FUuonOgLPxNoFKMyWhppQkMWM5F/bw8JUulacmE28b2Rd5zRVOYe3TkE11kMAbxRD+CvqEFBrLsZAndr9QdfUc=,iv:uzjzk1FUN52oAE0cuw7OLLmMRxE/VLQ+tUExxYQjwTQ=,tag:+BOG6wRb0h/jhyy7l8ZA/A==,type:str]", - "pgp": [ - { - "created_at": "2025-11-25T18:32:49Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/+Mi33CAnGK/475xmMlZn2P4aR2iFjWFms6XU540JZnfQi\nF6/bjq1otgxGlnR6x3zhPQU3whCQIv538UeiYWMoS8oPxj5b5eF33agihYaCq2wx\nHv4p0+hOJMl2SJPCHfmTkClqYGYMOzTPe1g6oiY0N3FWVoiWXdbWNkIGVNjgkedz\n5f9JPFWn6iB/Z07qUMwG2OOzh8ZPlh/PgNCBrCVMUYrD/FrAck389uMw4yHFz8AV\n3ETnx2gHFTwL5F8H7x3uVungoBVCJk+NpXiKS6nVKwH4jliydiU2ZClSzjHpCqCW\nd365MCahC67IkuCkWhwuPwDaKIk7Qw4rZaLybcad5/TQ0zT+XCm6/2DYIYTj2gip\nqrBDZxHZhkpYcArjckWDRchO9t9E/c3qJfD1Zxi6fBz0vu2WcCuTT8Qd6Zn+DlMb\nVr0D2LPlZGRJ+kM9xuZXaY1bGNAA2POvLn698prPuTkMNxidQEhPNuNy4PlYKXAP\nFfRzJ5zFUneW19j8SgL6BxfLoYDFWkoHIutNDH5H290MJqnFDUrQ5bQn8odM+1OL\noJ1AchHN3J0J5aa2Z8X0NSVN7N0TmU3xVZ1GmfdqbH+3V+OR3NMgJ/FKMQEutT56\nAsBc7tSHtJGaRS9plJ+RryuPRRnqGmRkS3vVmBkrD+pY/TwUbXUBKjEOWhq9uwiF\nAgwDC9FRLmchgYQBEACD1XnsK/sTsgtvt69H/aBHWVIWQNTmdhwJBUHmqkusFhPf\nXxfGN+bvapWulYI+Wb4LAQQbUhMmz8drPnWpCEobS3LSeU8CDD3wBrGAJubI7YLK\nttn4oB7XK5mrg9SIQ8M8kOElv19oCMudkX8dRs4gs0TBO6jbr7/lsiyL/sN3Ylk+\nnyORFeSgE9vVcvJ8QnIF+MQXF9Re61zJFqjXiDMEklzbHHVeLzS5IlYgJoDvV3Gg\n9lTtvdO/FV5JtjFeYI16rjPb7ip/KtljU5pBM8wp6VU4Dre0VsRBgztm279g+WaL\nDJuf6lmfwNSk66tiLpsaJoEu7A+UhLURI10cv92E7fydbGRZMgSjK6ZK4Ue6WH1U\nYQJenngZPXcRcqfCeTVTjzG6ikL3aCfvbuJ3/oT8Y8oBA5Ch2PG7fWAJMMUVIFAM\nLO8KqCSdRCoJrJ69s8iyBycOhPhMiwLZU2HLlMux/kLq5OB2JMGm8P4nxoXTp9Dz\n2TPoPigZritYHsIXZ3cM2iR3OL3AiotKlaIp74ElUeuc0K+Bcp1C//OtKTPuYGnc\n0ttC/dx3c9vv6W80JJ6i7bCRoDiuGrrdx783ly2br4VLDFSaS8rNbrM5ccSTVImw\nUFxZO9rLO0n7N6z4hlgrKw3G1SWKYqbgOVXxIog7st8JvmPLQZYjEuH9Xwq6WdJc\nAU2esxsAaDKyIPHg+DAXOPBagzU1tBKFYtwaiFVDqYk5gNE/2hAnKcuU7O3sua1q\ntsgL2kY8VSHcFFv8N6FhDYPdCrDgAwOtJSZGf7uV92q7/vbMWx+vGq/7FaQ=\n=m1sm\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/aarch64-linux/liliputsteps/default.nix b/hosts/nixos/aarch64-linux/liliputsteps/default.nix deleted file mode 100644 index dc866d7..0000000 --- a/hosts/nixos/aarch64-linux/liliputsteps/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ self, lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 1 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-360fb180663ec4f2793a763a087d46885"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - mainUser = "jump"; - }; -} // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nginx = false; - bastion = true; - # ssh = false; - }; - - # users.users.swarsel.enable = lib.mkForce false; - # home-manager.users.swarsel.enable = lib.mkForce false -} diff --git a/hosts/nixos/aarch64-linux/liliputsteps/disk-config.nix b/hosts/nixos/aarch64-linux/liliputsteps/disk-config.nix deleted file mode 100644 index 9a98cce..0000000 --- a/hosts/nixos/aarch64-linux/liliputsteps/disk-config.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ lib, pkgs, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/aarch64-linux/liliputsteps/hardware-configuration.nix b/hosts/nixos/aarch64-linux/liliputsteps/hardware-configuration.nix deleted file mode 100644 index 2278aaf..0000000 --- a/hosts/nixos/aarch64-linux/liliputsteps/hardware-configuration.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; -} diff --git a/hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc deleted file mode 100644 index bd5dbdf..0000000 --- a/hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:GntHmFTkr7OKUlAVPP1aPeGJEoM1/W9xoZzdXG/udBrKB8eadaOsdsT9/I4Q4zydLnAUZAb+k+/pu3inqiGPClNWU0LUMj7wTwPuVe57EyLaO2oaN4z2nvWhJnwfatvdLrFICz3MN7XLnpEe3D+3ovN2hmys1pd6cAJtEKDtmLJ3RNAhEXrMwOZ0MSzylApoi9yXULH8PqNBX7jPOZYYZ0jlnIbZB267Ln19ES0bZcK7L0608NdB+Q3xb3TQ+oSfnvsdxKyPkPqjxAto40feG97UYVW6AgYV1KlRp9etjEhIRZgn1qDvigGM/Y4HLgLxPM83h79LIVHDj1OySMyYR4bfwAR1U+Ij2nX0Wv6Q/nKx0Nmghen40AqLYp762ACLVRd30DALthhtMxhsiYIT6za3dNFRNnL1Lfss1+IwDm+XHBehBQsjXbs06nZcQURfszW03Y9KH1h5ePIS93gmkdUyH5Ya1JT609s8faukz4fcNmnXlZcnCW4fUawW3YS1zpWPGDNm54GFI06vii5JuVORrf6m2HJEIyYSzeYASC+rZOfEF8gXGjyaeh/B9nAzSq2Q/Nfm+fsceXfOkhD+ZD/nYg+whYPPfA38B5oWvwnSNRNipJLYVvdLLd6M9pTV2FHuEsFKpXwumuwMAhl287jpDVb5B6gYPnWm4zOXYX3KXd68KVFNOGCC1XrrlqVBwQqraozD+1e77eCK4OEyF8R2Wt+mCFDwrMp5hKiiFCHEX67RYqWwmZVx2hS1bovBfacoXknUaSQnfpUd5GYIVYqonyqo6cdn6LKR/0d+7wR+JuL+PO83XcEQvegfHXAXmxIEzPdsL2PqVWGL2B/qyyAZGb3hoY7hmrpEeCCefYhSkxewVDCuvL7xLBCFjq0PsPJw0CqYE0KDIgXxcGLQ5f+pn6O07YDfN+7PVPrPAaN/UTwd+2Xa9UfVELdKKhAWiywsiDCUVO9vkpvgSoYYSrtB8Ceg3RXWohbO8VrjF6UhUxnslAw8TBnBx4FtaSuI73UiJnkg9V1es47NmOA7,iv:JYRzdtAYu24aWIL/hfWLbkS8xpcPw3ylZROuuUMVmIY=,tag:Ot7G/QiTLhmnlYe7Z9aOTQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVU5HTGhyL0ZBRXkzZ3hq\ndzBMd1JZTktZbWNFMGRzcXhFK3RHb090cFdBCmpMa0FNMWFCenBjYk9FaDIrTkFS\nSnN6S210ejN5SVVhd2FWRG1SUHB4WWcKLS0tIDV2K0h1QWxwUXkwVnZlYnR6eEtl\nUVR0UGJOR1hadUtNcjYyWE9wblAwWFUKVM+J/pqtZFADYTQHfWCdvPzlhtgR6zAy\nu0EWk77+K2J0GeBuDr1W5yblUCknht6WZCJZcO6fW7AuWSQK3e/EVA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-12-01T16:51:40Z", - "mac": "ENC[AES256_GCM,data:SWLGPgFcdiGSvN5BTmE8Nq7+pBiNJM05H1hhqJY6wJqYZehKhQrQRj6/DSlYWPvYE/DdWo5Tiuc3RNY3NANwhki+7kl0OBxHoaHqBgOTa96rdPwe6V3s55v++jtm0xg/qLHEPCqrKqw/aiBAQLJkDOh/IykeEXBMW3S6EM+aQ0U=,iv:2wn4jQHdWWhIzOyGhZxow8WG6W0VgA2gwhb5X+k9ja0=,tag:8g4wQb0u7vbIPkVX8Ey0eA==,type:str]", - "pgp": [ - { - "created_at": "2025-12-01T15:59:42Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cl6I+s/JLwwTCX7WKdzeOIkrsK9DpY3pXBuzoZRSRSJE\nwFJO99Uc7/uH1DSsEB/25CWI6eWx7k6l7YDbcbXQgi5ZNoAt7BePeCu2LK/3coZB\nJe4SManP0sPqxrSd92Tnm6Zl9EL4cJ/5D2C2RBTWOaOtZHR8gyxx5+rzCotCoTXA\nJseGE4B8r/M0O7PAS9+oD14AwCndhuvkmFOq0Y1/wXldV6yCdgc//0oJBSTCBJUZ\nYMSQLovEYGvF9bFfpWYU8J53WqlGn7QKVccDN0/gfi8IVGVZGccUA58VaVqkzR41\ndYlRZ/sjtd+VXmOg8Fx79bOlzTn+RBCp9y+q5yKnzUKGe0/Lrnt6+j7+ieIowi76\npBd0bEaoh6wqdCJ7GSjsj5kdSXRop3Ae0ff+J0pBQNctehpcWj5/TpeA1zyslwEC\nD1B/KVN+Gh0XBCg636dUkt2E4NPNDckSRuvTLy+8IkTm7aQqTjqDu3WUOSPzZiZK\nBUGZWwXAS+xPPMH26X6gPTfZj+7Gdv6yxTVIwkphDbWfihxIP//WNbKX1QN4VSHf\nCmoPOrriIdgZ7d2olZEJxPgEVzavkRkiMSFQbQgzjx5Af3ccdav3mxlubjXldmpe\n689Joj8cgBPg1Yfk/yl7tVK9TFJgYXTqKfsXwscrSlsV+dRAN0pHuq1uo9cTE/SF\nAgwDC9FRLmchgYQBEADCJ5IVMNp+PgUDOiajCfpNq3/HsntzIWG0tIjCb5L9TFWQ\nMA2LQWhcU5CRBh7Sakf8IFi/U40SD+dILUh8JR/7g2i9mCS+1e0pkUwSIYxzAI+z\nQeycuyOrdQJFrk+nFbTdZVAerElxew/wQUiC2uoI8tA5+XyNeNfipaptPh9FpFuz\nXhFbkZDJ4kapGzsAn4FgUdmdqAgZ5n2W46WAmDmVKM0W1F0zZdkBEdkEKkv1gRpZ\nRntb/mVEiGAdXv6yAzvHrxgIBkxazzstRmCMXa252RUIakXqvkP1vw7B6ChSFQR+\nq9WNo9x0EYXivd/+ROjHT7WNhEToWems/3CQpQd1LEFXajLdpAWd875acqhBJqtY\nkpKqUG5F4JmTZ7hMuGI0g30nOofMtmFhDX/gCpJ97lEudHyNrHe0KWaQAwtRknz+\nrcPrZQmGRRcf4xcBVe/EDUNlkp9fPWEhFAwKMsVkkvCAADZbvdhLR6URJMmUj5KG\nOuwglHnSOMxCovAQUd3vCtNkkAnRPNOW/WMThr+qfjq8oKdDIaYBxjzjSz1FIsho\nKiz4W3flRzUcALjKTXadQl/jJEhpP3C6Ivh0d29SiKyrWG+Y4KlDIRctub9UjH46\nb2wqbnBzSrC8u9xJINIB4yryXsZiQyP5b39guSKIPjURebus7LBxq+0I7Z1OptJe\nAYk5htmFDe9Sgc+Do1L0kdxjblaoWOc0OiwYshQ9cMv+/IsU0U6T7w2A+8QkzPFc\nGVEmrW1Jyz2O3eMpq/Nl2IsmPDYTEPqhkRtAshBuYsoZJUz73/EovcSxyJ2moA==\n=o5Pw\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/aarch64-linux/moonside/default.nix b/hosts/nixos/aarch64-linux/moonside/default.nix index 1c3cf3f..692c684 100644 --- a/hosts/nixos/aarch64-linux/moonside/default.nix +++ b/hosts/nixos/aarch64-linux/moonside/default.nix @@ -11,6 +11,7 @@ in sops = { age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; wireguard-home-preshared-key = { inherit sopsFile; }; @@ -137,16 +138,9 @@ in isBtrfs = true; isNixos = true; isLinux = true; - server = { - restic = { - bucketName = "SwarselMoonside"; - paths = [ - "/persist/opt/minecraft" - ]; - }; - }; syncthing = { serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; } // lib.optionalAttrs (!minimal) { @@ -161,8 +155,6 @@ in shlink = true; slink = true; syncthing = true; - minecraft = true; - restic = true; diskEncryption = lib.mkForce false; }; } diff --git a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc index dd4cf5e..086c4d7 100644 --- a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc +++ b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:jGfSfCOqW+p24TaH0vlcNImiY/Pu9YhdIwri4N4RvG64f1fmfNV3z6LmoShCYBfIWF2P7DvOa92dPY2ek9UiC1bEmiMtc/scpGxpir4WNuMLUtMWb0IGmnhtzq7fRAH5FkYLJBSW7pAgVsoajRGbo8Dbk5Dqcm75Pfj2YcC79oAckYt3vSzBcskgJ+ccdCfJ6vDlnAilay/GatZbIQmbEefOi9Rplfln8Ounj/hH+Z6zat04+rI5Lj8bTPu7NOeUlUmgoApuJSFafTb3zgxqnvQL5axOgIaJqiXFWhIf5httmu0mjhJupMXxt14IXgKe+ESAZFF8hWHHUNOpE8gEt5tPRQ1hqA7eHoGSYCrEQK9rSXRweO9LCfGV1+UduXgX1hKgwKDS4A5u69MvcpXQoSYX33ZzuwY7tbykb1tbEb3jN2BOSCBB2ZKHRfsTMqAHTE1RekcBArMxp7+8BkM/oww8RTMJ3I8tcU3QAr/LoFvKwvfIVrbT9gSlKSZUeoBc0WMzmRdjXhAZmQe2pb/TOFmPm31ih/E98zKA8PXhNrqjzEVN99lfn/NKsOLd9a8LXK8XoTTueTWqENEdJRx6dHpWuqBy5GdkrDVCRzgiO3Hpkwg56nPmCGoD5o1IgnRLJItNYrIRejIRaISjlefpezCMYIGMIx+CusvAwiOuuWT6kNfDnaK1U4P3Ndk39lsz8Eg2GMruc4VZ3kpTCeQdvbl/jmFwNMPtzJYooiDualIAL95iZU+RW/K+2g3ZA/Q/gJrc+hB6I+z3PzMod5015Oj0FG97XQzn2TeBD1fuO8UtyxSNajGD3ZK3Laa5QrSNUrzlf7YONSn98Z8OqKsAz+D/vnr0Lg4kjrrhYvN6GpR/QqMnNZT7m4d/oxACDycao6ZUDNE/dvuXSA4nSJp+5cxDXjgSMhnOgS7/gCiLhEBkLwzwdexT/e5vGcqqMmyeMK8vSFsPpRoPv26nsyRalwctY2ClX5KrEEckHNf+p9djB7eJDyLxXkPRLm0yp3dcmcEyk0tUffpcJ6zqWnlm46yfAf29fmIJfQWJ8ehSY+bYwDnx2LmCPcfH+sRSSV2Y1Ay22ry9rVJU88SuRdSPsHOitCuu0TQU56Su0wG24ilh6Bq4Dk+0JxlL3wyPWsnoaYvaRiJ6cs3j0tTwwxepbwiakLzWnVcqHDSoQ+Bn0T4CmcF5ztmpuLZSe/UXA48k77JmbT8vne0ig+kVfRuKhG+qV6g+GnxTIPPXGzQ1hWTS3Fg8YBMt1XYyjX3xa218agvPwLhCru1v3dAfHKk6N8G6SN6EN78RQmJApjSHAGFO,iv:a18hH0e5s4BTTlVIkQT34z8a2jELj59ZHhBbb93o3t0=,tag:sj4baRiZic6sWnJXjhL7TQ==,type:str]", + "data": "ENC[AES256_GCM,data:RTj0FFJudZusWh2SuAPBHhpYEU20GmWbeZZSCG/vKCz83iUEJxpZ0lSDm71BN1Di7sz+VchcbWxkUjc+SV9paFOtuRKMPynW5n/HTyp/ub3y8oPUN4AjxiRnvfzh8Qxd/vnmxd6lSh2HxMlOqJURN0JY3D3g+tpHyTIvFUWef6HgzLNZCXDnP3HJzbIY53VPj9f+DsdxtFwU5OHkWd8gH2D4XuPPetN0Iv2HaR9+dvlVrbKEXgElgdENkU+ED78TFxvabk1hqPZqXhsfORF/5RpwF15ip5iSlVWPTwMdBREqCsHRiA+u5F9nwJ5C70U1wz39J40CJoa9oihIxyAmN3dktD0JuY0jiqyxwTRFZXYh7Ioe4CksaET0P7LbTa7+BpctgoBqvmnhM3ZDNcSZMNcCbtX98V30UqEPBoTn3kRYvg/1C1SycR96bVW/AiHMiIzD93dNw2gUWdyQX9xtHvgdxLo3U20pJhjMEcsk9V98H6lPiLp3lltrjAX35RsG5R629W8/WVOGoUQn9nX/y6m9VFKoUPf8/M7tvlxDT9A/QBQQvShdA4AM0K8mdNzb85ac5In+43gWDRXWQPPf72e5gL5nPIqPcZvAcoLHsYFH5ebr7VUaUbHm890jQDoNvtezZ1w9nRlZNGVTwdvwWB3rfzorzwCAKLhkFv6ATUYimP0tiHPOz0MxTQKXg12rtyPXbh8bwjhg0kdIlwljAYnYUKiX7SVSeYq7TQksQIiH83JwxCGrL4xjMWZhNkrg3KQUrEMHHaMbNCZvb5M2nMceBo6eA2zi5qYA9sLVnLTrlwx+3Wl7uFBv+9Z+8qvGg3adpGrtJTJjVf+cig01gzao5WrJtT9q4YD1tOHnWfBhwI9/3ny2A0WlyjlY/fS8WUiOmyhl/6N+ukdffzDZQOcTGf1QD0zO+9FYPqYhxr8eGKRHAB0R81Q5y+ORTLwXJ7EhRIK2f45FJisRIsiR+VTsI2cqy7n9HtubY8jQPxLMLnxuUqTu/OjtUMCcbJO8iqYDxWf6NlCZuTaLsQuUPWvO5uUelQpDmN6HhxSGKD9XG4M7/zCuCWNhKWoH0Z9xfw==,iv:Bs1fdmD4jbM/9hiPHxu+yENrVrwFsmhJ5J38W5+4PtM=,tag:UBpHq3ldgdVORaRxuswzVQ==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-27T14:12:09Z", - "mac": "ENC[AES256_GCM,data:6CqpegjS90H6fAllBsvz3d/y4MpNyMUo+v1sby4hHHw36GlQvnULHuv8dhXrlYaE+L21aoz1RITl7IEtNl/R8zjGh8b0dGIc2iUa2M5dNvHNPMTuucAEQPuEEvTiwI72winpEkdB86fHFFHvBwHwmlNVFJYx5b9bNlpjCofewQI=,iv:qOv8s8j5jOtcoKzgN/HkXvIsS/sk/DFZ4lcEKBLsrKA=,tag:ifXbcFGzpJ+DSJPkvaX0pw==,type:str]", + "lastmodified": "2025-11-10T23:16:52Z", + "mac": "ENC[AES256_GCM,data:CuwVt8/XKRMUHs1rh7Yf4Bk5tWXqTz0HXUiEEjuLhj1TRuMWs6aTC1h9uTMoybP+FmjKeRTar1E8dgUmoheFUGaBFqxd1Kx/FmNeJVLhUOPgmT9XOIjEjTNnzOoaMsYvfhP+AnLKgx+CfOsLnLMOqdKEggx1t5jNfiI2rXqOdfI=,iv:4Mc3WcgMg3z99dERJk+EF4hPpgGZo4mfMt6X45zgp5I=,tag:MP0YDtR1Wq3088WVzXS+8A==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:12:55Z", diff --git a/hosts/nixos/aarch64-linux/stoicclub/default.nix b/hosts/nixos/aarch64-linux/stoicclub/default.nix deleted file mode 100644 index 217d272..0000000 --- a/hosts/nixos/aarch64-linux/stoicclub/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ self, lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - swarselmodules.server.nginx = false; - - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 1 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-360e1a5236f034316a10a97cc703ce9e3"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - isBastionTarget = true; - }; -} // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nsd = true; - nginx = false; - }; -} diff --git a/hosts/nixos/aarch64-linux/stoicclub/disk-config.nix b/hosts/nixos/aarch64-linux/stoicclub/disk-config.nix deleted file mode 100644 index 9a98cce..0000000 --- a/hosts/nixos/aarch64-linux/stoicclub/disk-config.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ lib, pkgs, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/aarch64-linux/stoicclub/hardware-configuration.nix b/hosts/nixos/aarch64-linux/stoicclub/hardware-configuration.nix deleted file mode 100644 index 2278aaf..0000000 --- a/hosts/nixos/aarch64-linux/stoicclub/hardware-configuration.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; -} diff --git a/hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc deleted file mode 100644 index e292b25..0000000 --- a/hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:4C3fdXBKI/x/7B56b2n6OshGRaGgwYc4HQv4CRgXi+Y83hQj6wfbcqA55Xm9cXOfGAm2NNGIcUrVyuGHKlur7lUkvoNYe+a5A4GEkXVxiAoJKGcHa2nqfmR+GQJRAE6gNm9wgUL24CfKonEb09NgFBFfL7srXtkU8R1TMduUiYvzH7eNy45jQnWdQ3xgNYkb65iIZ3KCkcbjKrlOtN1Qu8+PuQmMl175gUVJcaLmpMgsz5IPetyHUWIkmqjgwhim4CyTZGwOaQW376Xq2mZUf9IOhdqLyR8GcKFLsY/GLDzp1eGfx9xUpAu3NMmjblHDdIyRcv0EjS+Cj/EUQwTrw3R2szXAb1m33sIVyloGT8RyVsu1J+RSIQOEKpVLaTxsCoulIfyBj5h9vajMVFdMmyqAFPJTVF8fNmy57VuBiDR1WYY5WT2QkBwe4A5ZZLpRmudeZAqEjD+R8Itcin4Ce8K4LtkpfLZeCUpnoaWk1u0CH5QuFCyd+s2+S2DBnFqfBmhTVzEtwXyd6zEeLo+LGCh2Eu2XwYi+DV5Xfdp4leTwEXQ+63MB2ZtOQkoxT6pi/w1rSlEcVknJJIc0HRhrRSx685i29qmcWGfjw765ECxCM2RKJKdwtYHwyLQGyTkGgzNlWr/EzskD7wwtanR0K0NUBS3MGbBaSmeI+bJ+B1ld2n7Efp1eg8AdMz/VHywvFQpS6HY5ItPCWNcDB9DMerUQINO1EtP1Dd57vafzQGGcduUKW+ywuwUdOU/XTXPaVP7VWdX9EFIlv/RMK4UX/l3Yy/Vf6iciT45zouIgoFECRe59Uz0185BHTn9xeE9oYGiLfKzlnxhNpXNaNmYGVRxKxKwfMNrA+hRtuoGrD0uE/Ev6F5ytMYMZGsQ5D6TJOHXPfAVWo5MzPA1Q2dgoCF9zZvYgCaOcSZTntoJY9X1MiwMkYIbtOtTQ4jJOI9DfXX+kOp/fejHrQEyAasCvh2zxCW2FjMckREdqtYxPEDsHGc8+0BDGgj+00a5wC19U60jolvdLsUwy41inmirgxBMaQhuavMXEpFXT0hEecZfJn8eJqPVPDVLC8LvlB+C593ByHeoR3VOIfFVv3bgCP+cQudAR+U/b8YO4gSpuVV4WF7JXLCwRCi0Flw7EzAuhuR9JYd8GKUEDctGmAYiPy1YiQCLFnAWmZvHQ2q6TeVDTQ5LPmjqM1b4iqoqn3AHhMu9HWswy4LFNujZblSo0hSHRZ+2P/+Xjrgfz2d3QF66ngEjW1tanw7hxGmiZJXXyPN+2bdB04B8ZnL/gBzQ2661fGYGYCBU=,iv:mU4ydooaOySi7MTe+b/DGfs1fzpDXbkASUo1cDsh4O8=,tag:Jh18+kJPLJFlGx5HymywOw==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZzY0QVQ4ZUxxZkdhQ2Zn\nOHpmTnRaR0R3cXh2Z2JFM1RDVDB2QnE3M3prCm43NjQyOS93UTZKaUlUUmhVcTdG\nUWp1YU1kVmZPc0tBN2FMY2FFVkI1a0UKLS0tIFovZi9FQlhMaXpvcnRYN2FiSm16\nTzJESjNyZ1NzajJRNDR6ZTd2TitoQTgKe2hC6OpYIzgqzhmeJuHWe0yXNE+/Ek26\nGt7s1B6OKnrj+S3es84ePOjAbLHr/ez282b/h0y55ws4R7jMemUIrQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-12-01T12:12:55Z", - "mac": "ENC[AES256_GCM,data:AhvfUvZnKSnhQCTHJpqs5OBELhGYv66on1+kSLX2lONyTbNfwHYsJHII4zHY+bS5cBkZbjtzMfJQkFWtDbU7c8wvdJnHN6H11MOEzC+GfI3R7UzwzJsUjNYE03u8FJCuLvI1SO3EObiKIgH80MV8qlXC+1+f7mKnfZNH8Kekor8=,iv:pAEz8tDZzaFee1EcNBd6zrl0yN55ywVK/eGof/B5MAU=,tag:LbjMr3rOb3By87yOfUK/3A==,type:str]", - "pgp": [ - { - "created_at": "2025-11-20T01:03:05Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//eTxMD8ZbwJUqVsi1IKK2qdprLTjE0rqdDue+OvP0V+Ns\n1uTnw+b2UBykbIofXcG4P61OxAFdEs8whiIdffQtkDTkOgzV9IQCBOSGxZGEJXMe\nrl5BZLlF98JZ5R15v8V8vMwWwtC90GZ7gZLDV+yZz40Zqm3mTrFz/3PERukwu4Gb\nLTJDOsGmpooyI8KnrIsBhfEwo7/ouAayuKQfvt2i2Tngk9Em73R91BlpcxsOEmqr\n5KWA4GCsjUOmZZKLj2vyENPgQh8t8bP5fGJ3Rf4J1MCWAB89omcE0aRWId/l5sdA\n/Nxinh3xQsiXHPzPLZQ+UjHs+MjNdUoZapoDBP84j2tHsSxh0RMRhlHpESDWq3Mm\n1acWrChyyds6Lz5ZqkioqvAZ3lslS0kPdQqfsLzYWBhA9kLOIJKYfat+vxsAPwAa\n6kceXtxSzUpThtDUPDibjomn7Mrj7ZoHhiJZup/M27glf/V4P3zk+ctpXMSIE7Ia\nQ/jgRDzpcs+u05RsP32jFbCAfi//WxRo77MoxGMJxDhYibBp+aRkFAgVYiElhxbt\n/NedcIAHSJZFyDPm0wn411+DPnUTPn9D9LCkmSG68ZeGDGZJl7Sz3bJ3obWWecTG\nBjqxMZVwRuU2gdg1IwempP9u1dP0Q+g8B3veui/gczGx3J5kvNv8hnUBTeUl2EyF\nAgwDC9FRLmchgYQBD/oCciOvXMrH9/hWIIYb1sKiuCmgdVfs7H0q92XdVNgkbPRz\nXAakX7dl5cZt748u/eCHlGUGr4q7yA1tDx9Vm/J+O2HljN3lBVCbm7HP+YcI+5g0\nvvxr0cIPtr5CXlZz6hJjTgzE4HfEKagGdjgllbHYBB+0rtq/2pZTa20fG0w4coeI\nB/D0iVFwyuM3Wxt/7gXpPtI+m/3qt8QoFIGsZkck7X5hdJwGF4DD5jKxYB28s5Hc\n4ZBG19jezjMIVJUGE58TTVDTvZvJ5Vaw2RizV8DRkFS3q0UIOapOESpZiRnoOqA1\nDQpAU26RSEj8wlYsgNrVWUpdwlYs5e3EWYNkGROTRSB/dGcCSVF31A76W7af+6uv\nwZdMCrAGlD4GBj/yojdnqstfB2Jxu99VubcImWKfaJEXYx5xoREGmK9+t896GJi+\nE8mjiMOMRZFV2n2nwTxAFMaiDJ+VpKpKGVKCOSDwqsePhY/A4kb+N1nnhutmSl/v\n1SCDDvC9+jYNLUC1IaJfFOrNClA43IdJELOAavRx2t1RdyfyOx3D8rrWhF4+NB9Z\nlAc2e7hOoP/OEtf4YjZWq3dQtWSdwePWBxD9xyvF/kEmd2NcezqdfggH3g84qBxy\nUxBDD3ojMMAXlkPU3hRiDeLd1mHxDizVxqYkIYDSeAKtuv2ECH8y7/mv3sKrFtJe\nAQvSMW7gOmIdtQaIpsXHMxzXf+Nv0l3dZeWYD/TnVvoeVOaRQ9dHrtl3J0U9UN3j\nBOJdFaptlS4SIRkva6v6srrM7dXKvjR6IabdzaWl098VW9RFD+YGJ6ZhuQ+zOA==\n=l0k2\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/aarch64-linux/twothreetunnel/default.nix b/hosts/nixos/aarch64-linux/twothreetunnel/default.nix deleted file mode 100644 index 8a30e09..0000000 --- a/hosts/nixos/aarch64-linux/twothreetunnel/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ self, lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 2 vCPUs, 8GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = false; - rootDisk = "/dev/disk/by-id/scsi-3608deb9b0d4244de95c6620086ff740d"; - isBtrfs = true; - isNixos = true; - isLinux = true; - isCloud = true; - }; -} // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - nginx = false; - }; - -} diff --git a/hosts/nixos/aarch64-linux/twothreetunnel/disk-config.nix b/hosts/nixos/aarch64-linux/twothreetunnel/disk-config.nix deleted file mode 100644 index 9a98cce..0000000 --- a/hosts/nixos/aarch64-linux/twothreetunnel/disk-config.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ lib, pkgs, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/aarch64-linux/twothreetunnel/hardware-configuration.nix b/hosts/nixos/aarch64-linux/twothreetunnel/hardware-configuration.nix deleted file mode 100644 index 2278aaf..0000000 --- a/hosts/nixos/aarch64-linux/twothreetunnel/hardware-configuration.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; -} diff --git a/hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc deleted file mode 100644 index e82a9a3..0000000 --- a/hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:G3Q+Hn7QkvBZeXzNR+0Bax+Va5sK5E0K3hNTkdsNJx4C6pIwrBEBOt3IKv/c00QhpAnPqo9gbKqWU9gv7I56nEOwVtVH3lrMlbxNl9LIiSv9SvSxVkTOow2msSJV/U+1KpjNQ/LnOo2Fxebfz1yiRtgi7hSazzqzIazZAFBldlKkjLR5SFCG8t5s/nccqZU+cLmS7hJDS5LtgW1XeunqUY7jnKuh7gT2I6fPsu15Vy+YeKLmYIt0a20bWGePBIlyiGRtpnMgtIt5gk5+OpSndO8P/GMgUzRwRZEL1b8U57jbhkPLdnwwy/iV6rEFCD9i6qB0ufVW/euc+y5mN0dx8op9FwJVzkJhUIIy9Qbbc8WOjjjWlwbKJNkWfYX7pTtx+xfBKuPF+IwaoMS9j+C3etkoYe5QCr9YGYM5Xer/HL0otYNacQU5S0VqPBzDnLu7NxzB4i22,iv:aFPDBmZasoqEFCbhrRtA2QMB27khuT3rdfCGAafjov0=,tag:GQGuHL5aYPc98tzc6Bb5mA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdEhDamZTRUhQZFNDTTl4\nVVVNNGZXa2h2THVzY0JWMjE2WjNJT0ZoblV3ClYzeEt4c0dWRzlISnN3NGthR21M\nTEtDQ011dFdhRVdPWlpweS9ma0N3dmsKLS0tIHFPQzQ5VzkyODZyY1JpcE4xR2Nl\nY2MrSERXTWkvNVZCR2xHUGh4ZXMvYTgK7pxPjnh3idl4QzBkR6LHyRskgqA3apS2\nkbg7As6wlEs34TAO8reyZknKTUd3Xif1v9RXiTcu1sEKHqkcqEoDog==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-12-01T22:45:54Z", - "mac": "ENC[AES256_GCM,data:b2sWPq+S5qqSM6lON+9A//LehgR7Wy7x8EfqeiFOFo9RT3niwaKjfp/Jnf6nKbXF43XM4dsn+dIX52fgxyd0KVLnJTqinhz97sSSs7hYFdXa2FGRhI+VwmuGVvr2ylAJODQgTn+MD7I+s/3DTfh6h0V47IZvxrUpYgg7tJrxzBc=,iv:g4XVN24+COVtRQPzTiI4iki1crjBUVc7vpnJ/vucd2A=,tag:gcnfSvPWvLqG2wTZELRMsg==,type:str]", - "pgp": [ - { - "created_at": "2025-12-01T23:06:36Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//RhpX1uVa49yA8FIfj/y/2C92Z7iBl+l1TGjaYMnuLAp5\nYybqAHwi1gzbnhKvpqO3ndm7qHNwbPBuYBDhu1ZDkQnzyzIthx3JA2G+je4Jem+N\nF8XWUglO+lEUpHD62s9JdOSS2dNRHSd/mcu/GV+k0/DzkXDn3TzzOciKBLn1u03+\n6T3mipG5cm00EEstR+iX46FSzOPX3M2+hYY+HY9rQa1RKUrUUsBBdCEYWgMsQOA9\nDGyweibxkcyxIGZIc882gxa06QxM07ON7NuZjW7vvUz3k7CI3bf5IBfaCvDywaDL\n0AKeTAVGVLnzdapZoP9lZmu6T639wu8BKMxSHiGeUenOrhs/Gl+CA2iCU5XimZCw\nbwPvKRbOGLu2eiBL/BHEMg1XpRw6bh24o3vNIchGRqDKbXICgkKr2gXhvli3qPrH\nCXokXF48e51bERfr9YWi0ryW5tgVEMwyubRi85cYnslwqfT78xzKMNRwF8wJ6PxG\ngwT6bEJ/f7QzXkw9VPY2HbaBBhe7XUBRDhLnV5sPBiZW2JDOt9rXH1LqWQLo7Ot6\nLWvOicAtmY5vnRIm9x1pPFKipmTWj7NzRCLEq5yt0borQsPO5RTC6fvhL/1Lpe1B\nzjAIjJBfQptEn4xjA0unZk6x45UDp9KpJz5zdKF43DSvGOkEF8NuTdEXNpeYHzCF\nAgwDC9FRLmchgYQBEADA36phB2C1d2DvEzi7AB7lK5gGExmaYSCzMJkSfjNQ4SO5\nwMhvRZZyIf5PT9wdJ6hCtOSqqhh0cubmZadrFnz/qjXLVSv9aTD4PFshF5lYgT0x\n2GkiIOkrVZ6vuP6/iIW/p+CqztDymVRR6DAhNNX6gx2NARdhii2K/hitW0QejoJk\nWY07qUIb2z0fPVp5TfAf3Nr87u3faYr0usW8GGABFA7IzJwCK1VA1284UZm4zj6Z\naHm+0wK/1g7Ck2sjzbhqzK3HlZVKd6lBIhmwdzcG1y0Ua5L7PIauLR6ArZkFD3WO\naHyyZ5hyNmoyOMjuTvPCIhiZ3T+aQK2f8pzyOApEWX4piCNhIvcSSy9AQ/f5hvVd\nWLG68dIMnmOWYxHX68jdNttSCcc9oJKNboOPKDdmEblZxGx5HZpYYL7X+Q0JKoMO\nqCXVc7GlIVLX0GghAvgC9Xww8XMQTWgJJJAVOa0tlTDJ4ybvCiyy850+ZPTevlHV\nfvlKSSCGHtjVIuZ5b+jMtBqg0aPDY0OqNFSvJ6x6wk0uICMesv2LNAKF7tUkMvHF\ncHljW96IOLocW96bwVR+nQG7U/ZY7/P6+2Nva8AgbrCd0erEZ/2lIvRV4IEzCk2g\nVzuzg+7pjkh1iHYUX+VX6CbyIPyx2Ic+VNaMrbqtC1YiPK6Bx+SF3eYHw9DYJ9Jc\nASJeqALtG3vg/TOKZwOfTp1GNvSExTUKqhEHpcCCty1UxIpNCPByvvsUqY0Q63DA\nyJ4TVO1QLCLwKz8nK8NWSRGrZ29jNJfAjcNDV/FrPiFqSPHVAErd4Vnbeu8=\n=Yn71\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/x86_64-linux/bakery/default.nix b/hosts/nixos/x86_64-linux/bakery/default.nix index 3927663..98252bc 100644 --- a/hosts/nixos/x86_64-linux/bakery/default.nix +++ b/hosts/nixos/x86_64-linux/bakery/default.nix @@ -10,10 +10,6 @@ in ./disk-config.nix ./hardware-configuration.nix - "${self}/modules/nixos/optional/gaming.nix" - "${self}/modules/nixos/optional/nswitch-rcm.nix" - "${self}/modules/nixos/optional/virtualbox.nix" - ]; swarselsystems = { @@ -35,6 +31,7 @@ in isSwap = true; rootDisk = "/dev/nvme0n1"; swapSize = "4G"; + hostName = config.node.name; }; home-manager.users."${primaryUser}" = { diff --git a/hosts/nixos/x86_64-linux/eagleland/default.nix b/hosts/nixos/x86_64-linux/eagleland/default.nix deleted file mode 100644 index baa5bd5..0000000 --- a/hosts/nixos/x86_64-linux/eagleland/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ self, lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - - "${self}/modules/nixos/optional/systemd-networkd-server.nix" - ]; - - topology.self = { - icon = "devices.cloud-server"; - }; - - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "2vCPU, 4GB Ram"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isCloud = true; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - proxyHost = "eagleland"; - }; -} // lib.optionalAttrs (!minimal) { - - swarselmodules.server.mailserver = true; - - swarselprofiles = { - server = true; - }; - -} diff --git a/hosts/nixos/x86_64-linux/eagleland/disk-config.nix b/hosts/nixos/x86_64-linux/eagleland/disk-config.nix deleted file mode 100644 index 9a98cce..0000000 --- a/hosts/nixos/x86_64-linux/eagleland/disk-config.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ lib, pkgs, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko = { - imageBuilder.extraDependencies = [ pkgs.kmod ]; - devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/x86_64-linux/eagleland/hardware-configuration.nix b/hosts/nixos/x86_64-linux/eagleland/hardware-configuration.nix deleted file mode 100644 index 8dc40ba..0000000 --- a/hosts/nixos/x86_64-linux/eagleland/hardware-configuration.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - initrd = { - availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc deleted file mode 100644 index 7407819..0000000 --- a/hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:nIgv3b+6o5Ce9X9xZtBK62f6dgsAGLPqq7aVFCw2qjD9UiHCrAY9vTn5NSW2O2pbLAfx6h7falS3/0yU+AkJ2H3zhxBy7ZxQ0m9dLoQGrYY/E9Z45xZmdFRxtzexCaxr2DxbP8haJKomQ22cHk07HGsrEZ/CFGkyjRxUr3Y4rewgZPBXahVtM75mWbNpVGApc8cs/W4JbjuXw3qlCQcACz8sZVPHKCjbEypypo6nTmU7NO7worrAJ2QgU75oGJ9g96wp9paFMEDofVp2Y25IVYReGg8T1Qi/kTcZzfzGfSpEwnQBB/ZCW6gNYhMK3shfB8DxKy6+romVXm1K+/0yUmwsCM8xC5zJX0GsO8Uu63YFrW/Y2E6aYZfBHdIgfy4lYOFKC2o0ixirw9EO8HyfsDt47QYB970vLPjYZfKNAZBgltbV3KPsOHxmgiZbTbAl0cb9zRc+jV2voH9T5VhFiUWdfaLBY1HUAVAjU7h62uZoCsi1HWyAroEROKS96npTD+3/vHehYuEGBf1IxYnLwHnKeqsr/Bqoukf3OecOH2EkMTTFQ7E0k9s0keRypoHmeYIh2a3dRcaXXbNEgiAMfabhgUh1NNcYKSZhcIekN8WN8azXjbVIrfEakJ8S+PUf5fJdspN/3Ppm06fDLv7yLHnLc8Eae2COOR8vYKIo3Onu4doxNjisfpHujLXYaCGhWpINEGWF7fkeC1B7,iv:v9MxvhcHg+P00UnOWujSgVlMNcOnDm/gK8kNcN54E2E=,tag:XnPMzsDeGJMt9yv6GnFzqg==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1ZPZFUxRTh0QjB6UDJ4\nOFd2c2lFejhHck5UdUxVbmFFbVRYNEJaSzJZCkNxbndVVThObDkxUmx2WW9ESzhh\na2o0LzFCbWdJVlRIV00rTVUwTktoek0KLS0tIC9qalVvZmpGQXZsV3RIYWRPbmRY\nam80NkRkT2l0ak8wV3pTSW9kSC9nZ3cKCH8eEMmku6WMliEDdAiW2Lk1jAGH9SoP\nWQ5Y6e90jEnp8XbGE7KYiG+jy5fHSc6Y5/YyMmi/b9bF9AhmRT6rdw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-11-28T10:50:22Z", - "mac": "ENC[AES256_GCM,data:lwkkp8YSzX8NM7E65kmPpF/q9Vn+FnCTeePLswDH6AVgndo/7QOy0GtJeXmiwt2YsA4AhRqxexWl2R8tjEysP35pyfQJ4vEkVi+V2tEnoLgftriNJzpoeVuRNXLxTPhPezOZgAcTDDL4yyqJXpcFj0PE1DPHKxazT28BoilaBYE=,iv:3dcAqkw/y6rAPL8wb5iewz37S4xszYFGHxvQiQ98sLk=,tag:SEmbptei6GrTXXyb7zwrIg==,type:str]", - "pgp": [ - { - "created_at": "2025-11-23T15:25:41Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/+OOUtfNq9RBpm1/AbgTjenkcsRwzvyxMQ+VfT7AN/OjEH\naYaVnoU+IYoUJIw8u0zfFuJGyhcU862pMN+isngqNNZiEqY8C9rP4+l82Ks4qLU2\nanUk8HPcUc7bQC19zoSpl5MIeppV4SNC5OAph+YKVcj95l6OFw1EieptfhRFtTps\nwUKMf3p9FC/ndxjDG6Rxro7RQsETJgZ3DE3tRFPsBzMiC3sf+fsOzFgVyABqYZ1k\nDr+pkdBzGB3LXOyeDJWK38DxY/NEEfDgdSGLC6ntQ8eS9fbcNajT6FUwH2uwHJ4y\niWT6Q8z+XFjh3Z458tZhcnBGv6AKGeQ/QG9z+0DALKkkmij+vJqRAGjJxur6XM3K\nf0anUMXLeCINcLEa+Wv7inYJaPXu2NSmqtd1yYYXoAbVcnmzmgW9D2in+JnG5urQ\nCq0MEALyp1axExIaD3BHrFIaK9IX2PO1E/PLDng8AtGEx5Fn//OQX0Wt/yB2eEk2\n3uubPz1a1eMfRz1pK5CFOpJoZ8bmyg5n4g/5MgVgoxzA5nhjfMYD/HD8EG3ta8PI\nrQZhtlg7C+5nEsNevD4RPmzO7z1JdqJGMIWPPUJKZ7WozA5192aAw6HVKdtI4FH7\nXv4KY+GcmUvsKhpaWidW7vsY4MWSfn4m6Ybg2vqHsCUjj5fHVHF9BeKQecIcTTyF\nAgwDC9FRLmchgYQBD/4mfMCt5Ez8WITcru+pwlMHCeSUOxfftsydqdtt/gZ2oJTH\nhMMN2A26x3LXIfZ8IA6to6ldxQLfj3gDF8H+akHbRyndrA1V0U+EhoNZ/DYECkNB\nx8xtrJwsY47siT7sWlounXqnQr5E4nfSfDOsfSv04aUyyUsMqdjFRVY1/b5BCkoJ\nOptFJJjdosfmGfsHCGYvqj0XNycVQj3ioYEwOdDMlZ8riSyRTRPL9UAfgFeQ5swG\n1I1qWaF2+8KUk01wQwmwYLKs1JUnVOl6Uy4XpHbcZcCEIW3VVnwxFVCYcHwhDXWT\n4YGeGFfosuthL4AjJ2EmNKLq+sUxmD7ANS2E561+0BDAakQ3Z0eA/wpJ6VWQtfV0\n05tw6zS3BWwTi5fiiN4JvXqnj+8aT1PBtgxrCeDCjQ36KGViLzDsZOCMNYcr1EZI\nEFMTmaUDFWtoHQKi7ZU+oiRGGfZdnbh0icCsnBecePo4//LaCvBn6lA+vFBmuHLo\nZ2Idh5JSYFoEvhdX3j+sO0dOqzQdDEDy6+Y3S3T4vuSB3w5k1B5c3EDseKfLHUY/\nhgAIxO7rtELyhlFODMmEOzLWwOfxq/5ar/izxkdQS5HPNyVXT6SKikTGmI2z8Uw3\njyCaXv7ny5IVG/kR5aTP+DIHhichcpxJk7j+wZfZV/g8O2PWQpYXfxr36gSo49Je\nARJUBGaEVAhqoNfaHCUbvHCSbbI2yKY+sliX3p7MmcMdy/cvKyowQUuw/FYtdbGD\nHwCe6GZZzHWJZkX3nju3zhOy3gBDBDB1fbF4W0VjsjOwYjy/7MNMVH0eXli20Q==\n=qkvc\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc index 15fe6cb..46aaa21 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:trvZ+abrf69YhdmIQ1ekgDW82PtPnJkC5bfvh6lABb1BBkPWZk8Ds7Ug4CtulspitB/Spwd0ksGHSuEpk7Xg9V+5O9nm4/8JWWh7EF4qKWeRiwqj/dpfHTtTQPOzywHQFwLg6EWS3wSwUu60dZqJ8f36rvr+KAZc71jZayZmm3TIpeDaMsCAyO+TrfzeKM8AYN4uUVr30raquNjd2XzGgufE3FFCQdo4yhvzVGHGq0+wrZGr,iv:Yx4RkCBSkB4gK1dnMGudPwPP6moR4/7ovDZ77f1WL9o=,tag:9tTUU6ax2K2CqKjxHn2ZaQ==,type:str]", + "data": "ENC[AES256_GCM,data:RwbQZyqU0OjA/wD3o0HppPWFjfHNAHsGF8DzdJrXZLlE5RPUigHWtMLcX+2bNd0DpS3r7WHCSyiu+mmg6GWFiE6wAOBU1Q19BpQ8k3oTt8sP3N4/5PfzYcXlHRfwxmB9/pv8YCi5+cOU5ExWiQ+kC767UbgPIC2ugUD6tkP14KkhW0EGgEhF3elBfOGrSHGgjltgIFMYm/WKZjM=,iv:EBpghMcCGd/wow68V3zoDfzwywDGwmlqn3btNHrfxbk=,tag:jvSZyRIQ7BmQdKc6YEBIZQ==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VHAxaWdiV1VlWEY2UktF\ncE96UHJnWGNpY0ZFUmZVSi9xSXpBMmI2S1VFCjB6cWtDTTJrNFhZRC9yUHRYdUpS\naytwOUJ4NTRxTmJmc0R0Wmh5dFVKbzQKLS0tIHQ2NUtqRjh6MVF6VHJFSHVFTFFD\nNWh0MDVjekFDUWZvTUZNK0Z4M0lJbVEKGZk1BvZsNTkIor5rTcpi2UE4W/BqNMWU\nIAe3irNN6p1si2zebrCEyiaJYuaVn7uYVwXcscJlNTfkr9szm8TjSA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-23T18:19:50Z", - "mac": "ENC[AES256_GCM,data:IA71SHchjrqqU5tRlJ4Ozgx2rRxhKE42CsC7ygBLdAZcyZs+7iMpskYejIue8+JXto7zJxe38UbolnLOaTkHzSVGJkKMYQQQ/sXoDtaWlsYTN648ug4zAbgN1neifNnG+756abcg9NEuJRXBhXDzqmAecHkzv6U0HW9LHPO9W1s=,iv:dEiu6FnSqALXDOtpCZ3FiQ8D6GU0FjQAFA12SPaSIAY=,tag:/SXghsNzu8ceOQk/2w8e7w==,type:str]", + "lastmodified": "2025-11-10T01:10:14Z", + "mac": "ENC[AES256_GCM,data:NSUKiOFGZyTb9U6e8cJoOJPAMfnk5iuw7pLK0JJzdwf4pI1aMSqjSDylQ5EqqbdFKZKRmaIjjHSpcJep6q0TRFA6wOznHWyv/UCECGwqZrS3EXgcQF5lZl7NVXPPSsMZgPReEVQcMtMivatPrfksEeCaam4WC/M+dqd2d2RrOXI=,iv:KnBNepDoaQeQ9MSrSN6dkrbS6YqkMYMpmXFd5v+oWoI=,tag:vPhsazyi8d3ugGoW8Z1Asg==,type:str]", "pgp": [ { "created_at": "2025-11-11T17:51:27Z", diff --git a/hosts/nixos/x86_64-linux/pyramid/default.nix b/hosts/nixos/x86_64-linux/pyramid/default.nix index d5e9942..1d5b350 100644 --- a/hosts/nixos/x86_64-linux/pyramid/default.nix +++ b/hosts/nixos/x86_64-linux/pyramid/default.nix @@ -10,17 +10,16 @@ in ./disk-config.nix ./hardware-configuration.nix - "${self}/modules/nixos/optional/amdcpu.nix" - "${self}/modules/nixos/optional/amdgpu.nix" - "${self}/modules/nixos/optional/framework.nix" - "${self}/modules/nixos/optional/gaming.nix" - "${self}/modules/nixos/optional/hibernation.nix" - "${self}/modules/nixos/optional/nswitch-rcm.nix" - "${self}/modules/nixos/optional/virtualbox.nix" - "${self}/modules/nixos/optional/work.nix" - ]; + swarselmodules = { + optional = { + amdcpu = true; + amdgpu = true; + hibernation = true; + }; + }; + swarselsystems = { lowResolution = "1280x800"; highResolution = "2560x1600"; @@ -68,5 +67,9 @@ in } // lib.optionalAttrs (!minimal) { swarselprofiles = { personal = true; + optionals = true; + work = true; + uni = true; + framework = true; }; } diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix index 347a7d0..ebc92ff 100644 --- a/hosts/nixos/x86_64-linux/summers/default.nix +++ b/hosts/nixos/x86_64-linux/summers/default.nix @@ -1,11 +1,9 @@ -{ self, inputs, lib, config, minimal, nodes, globals, ... }: +{ inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ ./hardware-configuration.nix ./disk-config.nix - - "${self}/modules/nixos/optional/microvm-host.nix" ]; boot = { @@ -32,6 +30,9 @@ }; swarselmodules = { + optional = { + microvmHost = true; + }; server = { diskEncryption = lib.mkForce false; # TODO: disable nfs = false; diff --git a/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix b/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix index 7363993..a08c95c 100644 --- a/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix +++ b/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix @@ -1,8 +1,5 @@ -{ self, lib, minimal, ... }: +{ lib, minimal, ... }: { - imports = [ - "${self}/modules/nixos/optional/microvm-guest.nix" - ]; swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; @@ -14,6 +11,12 @@ server = false; }; + swarselmodules = { + optional = { + microvmGuest = false; + }; + }; + microvm = { mem = 1024 * 4; vcpu = 2; diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix index 2fb27c2..b991df4 100644 --- a/hosts/nixos/x86_64-linux/winters/default.nix +++ b/hosts/nixos/x86_64-linux/winters/default.nix @@ -25,28 +25,13 @@ isBtrfs = false; isLinux = true; isNixos = true; - proxyHost = "moonside"; - server = { - restic = { - bucketName = "SwarselWinters"; - paths = [ - "/Vault/data/paperless" - "/Vault/data/koillection" - "/Vault/data/postgresql" - "/Vault/data/firefly-iii" - "/Vault/data/radicale" - "/Vault/data/matrix-synapse" - "/Vault/Eternor/Paperless" - "/Vault/Eternor/Bilder" - "/Vault/Eternor/Immich" - ]; - }; - garage = { - data_dir = { + server.garage = { + data_dir = [ + { capacity = "200G"; - path = "/Vault/data/garage/data"; - }; - }; + path = "/Vault/data/garage/main"; + } + ]; }; }; diff --git a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc index 1c519c5..0c94b81 100644 --- a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:vevuVfscWMiD3Lzc/bAS+jAqpzgkfBfcFAB7ChacGaj/PJfoi5AzpmlkDhm11GBcvUXcveMnbLbQexaF3dgPVwvbD9xr6e+mcMJjIry5c5a5wOcZkyGxXgPuPg415An9AQrO56XeTTSaUL+ScQB3kv6eIyzCtxZag7pRLnOgwFuGYqfwcDIcX8QHCc0ijf3XLPaM6dEgiFYDeOMFhOF4+Z8/d9eHoEQ3tOkWTmkoVqZFz80ZicEraliWnWMvCBhRLKo3gb7KFRce/AAEZQaS3CZOJz7v7var4Ds1+PZnU282aSU/xsY5Dq1vOrsZuoYqXA5WrdC9HaXAYLGaGFCzLwRTAfJvigV4PNwOePskCSa/qRlOGpyO1t1B01Y4pghdERNlS+1ltEz8nKVfIi4DR6dKy8NIhLl3huJQy6KHsLrjDHnmxeypo2sJ+NeyuNTKqwJo9x3krcIBt8SaUoFIDkBgshcDCp2eBcKvRIOFIa8r3rsxQ7gwG3YV7hS+NR0nwsUXodGXVzrdehDNddr+mI4GEMl8TTP9sdVSaPhKpN+QB3GGGoYwX2HJYXdY9CKIIlYcgFiDfPz9x4HqGnGfSpeB6QgTK40pmRmG6jQyIFZiW+hQBS4XHtKQ8CJx4zUNpiUArYzustw6riPkfYDex21SzsUIjpRYxB8uGHFvJlJVgr4FkQQg6frebKf2EjIhjc9Mjdw+g7cGb5+WavUfy+fIXztYwRI0l8aftosfCMdGsSChntKCymz0kpGREx00HF5blA6oyifHaVxRYoqraxCwbe+p1RTFlGonaYtb0gBWpdrQU+24HVQU1rMhc8HFHPjcWofE/ymEPkhRzkxIXMmNQFi/18KvZWoy2qOVtPmsEc4mOVRtC6w9AZZpcxI9CXhhuyDZlJ/k4bJzkZFrcNW8I7OjEXTNmsYkzJDSVzD3Od/1zhubU8LYZBBXuejzeH0TXNsXbS6tQXCJ2D7Gzrcx8LpXL/a1IjAUmIXguVtPT9nGallXO9jHV9g7GGjF7weTaEMb/eNSuLgQOpq8vziN1XLWhVo0WEQ8zU97KSVJS5moaTEPAEUlHC4PfM3AQHpWMW4EL7FZu5r1yw+EDOUA4k9u9HIVbn5XVZbWb18aVVkYZoulLIVU7I74LJlYE/BSYhGzp6Ff1k6qzPNTbVgXEtiNuLQKa//8gHoQUCsu019MEVAU4LhZ+nt4genG4qFUTuBujTriO4Vhdel9Qsoq95FLXDzdwRInUzfUhbLli/rKv+LDW7wIdh/peWslq5XkWBeMqJC97OSGzM/MaWIzzMY68FjCJfYX6I2nskFD1xZiECKukn0LV/wqQhrkmUuyG6RsZGAZuOoStWJMs8v+x+ZIMHzg1jItXO2ozt8P73EvdgOExJi5/aSf8sQwX7H5lesDtnGYU5+xV9k6R8icsIqG/TLuFAiqK1hmFQv7H/9pFkRq1LUXFmJXoKDfDByG6xUjMeyYOwT6yLShhH3MMWvh3yjflwzGo7uTU1BTpNbKT0LEh3Q9C1txZ0uKROhWKu70iH+kHRFVlhUbyYpZovu3BPB3WDhLiLuXIOss5+dVv5RBSYUtxpzp7Oq7mbMRIGCY1hOVCiCcUEvcXXiQ8JBCklWUEEJ15BAIewetgDiVci4USgZZYrALplmSFkKTZbFjYEIrf3ghKFXfVTkMixRmzTHoxKpYXzvB3TZnkmAXVhvJbGEiHsAaHpcfycAXygQAWsIFYzYSDrqYXmRhwEy/A5cqy8dYx+UA3bBAi4v0QPMoro3UtdI2ipM=,iv:+QSRj/TyZl6xbwLDbuwb83RkBiLUi85VYcpss8Jn8fk=,tag:uPqu0GaUGmChLweOGN10yQ==,type:str]", + "data": "ENC[AES256_GCM,data:dwoz+/DxlUbk05hmg/EwtmUkuD759sQ4iVbjHqcPpY9y2l/gzuPSJT2CMI2GbZs5SKhtlqoqZ5jHG3LwcQjgulmYHB2ThJR4ALi7usJm08q0UfMirnm6mPxjnhdhJXdO6YQ4LaRyP81txSphrl28eJwp2efz3rkUp8nAA3keL6MLZsBkdOXujOJhpreTr1mprWTA6U8aRWFBW7Y1vWvxAH3dtQ03XhYXM88pY6k+HKMvcXSsiDhvwnxG/+UYvSIHcanmboCJDYbgXZECnIGsar7ZOmbsZ3GM6X37qPJpxNmUjc4OoRaJJCcn6saH8kOJkx2rxMyzgMryuGdBq4R/m2JsvDoCPDh+gKO+luCI+hH/iduxnDgYjZAQ2gv3Q14MGNe9nvPWVfiRXXzqRf/8vDXjpnD2FFKmMSqiCvPJHRL52uwO3R2zYUrUfQgDN0Jk6nII8B64l+l69Q8Mod1J5nEMwoUOihhOsjaz6TMIUo6b0GKvxZG04Noyd7S+KuxZe1BsrxSnn7REt6qyQKqAHnMYVXpBmOxOpzhAhOrBIOz6LuqHPzmooQukuBDH/Ej2rC5hLBAFW7mvHIcTqo9sJFbnT3lYYtwLSlHBE3R26vud9pG8K2SuVdy2MWJMpLscR48V9r3nAbWsXKXLZALW38z33/UMfzTJ4g4L7Eo/4E5RXlihyL5/p8ISsoQdf6Uj718pVPTToBRBbIEMOSoJ4ntPoVxQbcpdrGO9zrqqPeZWQSE1JM8anGeZVqeMEVmZJxIbfquX8eMKJrkTroa/9HysuIi0O311F/kntoCtDOYCd3mYPcT8UnZHW3wuG7lqYRd15i/eaMhj3z1eTWoZ40R8w+2TaQB+TjyoLoGGzHvyktI5UkYiaMwa2FoFz40tz5YdZ8aODLQhwJc1mv3Fm0VLudXm7NUcfc4tr35EKbDg1wKtUS13VMSHjbi8ANbTB3nBvpBsPKtD12BTqaP4Q0HJipdnDbcwas/MoG27rFO5+q8+cb82IgjSpCeekrIgUY1wsnOyR3j3ByITp8jfmCRMF1vjKifKr0pgREF1dW59VQ33TvUyjfveQV0ixeV+vM9QueQsUVFzeqYTagsPSM/Czx/UNo8hyG1ze0p+acoOb257Q/Um8nkj3iNPAzx3WN6IdjJkpN1Ldp1SvU5qd3o3DDcSw2ztz8usBkH91BrBaV9MYGH/FSM/HL2CfTZoZodP1VqKFi1Hl3pHHyPEagvoJp1ayUZqmymKu4x1wFxC5FMUXjWUwWZZx1PIOwOtf8pLqVd6FySJlwG/MA4Bfxcnc+eSZ1EYcuHU3ziGbtGiB0eqWXA0fhUwIHHUFnV7H8NoRaJnbDS+kviFdTQKvoF3OmymEwhaq/Oak0ZQk8NLHC7KTQ6xVCb7bBtLpkBdXFE3YB5ltXvEYvSL02qX9i6oBf8GRi4Tl+k6zca6QVJzHG4hU8Nh3cxXBmF2IIY4JiKy0YlsVXCg7OHEWMEl4qT09dAsrDcKQC205YRF7XO8AXimENFQM2Nr/moadk2SF3D2DuJEE2HnSBk4H2tVlMNns32MpTFBZwbf3JOIHJV9CFyVSjhjuNjVjMK4vVdpnEzhmnaKjDqMnuRGNZmrl6p8gKM26KlWcYpIclQkPxy1pY1iFINxGH4YEGdAztpx1YhBkQNkQT492InrPA/PE5XFStP4WsKsLW72lhSVgH8D27S76yGihXyaVXXfd0VF5Fx/gUnbd7fph4Vi1VtFonhfK+ctHg==,iv:aQoC+pr7OoTyTT0FE4MbENfzfJ0Beq1Lsz9G1jnFQPs=,tag:JuYmfDP2foCVDH8CwfL4fQ==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-23T18:03:21Z", - "mac": "ENC[AES256_GCM,data:8KSKQH7qF2vLnR17a3XhYGAqYq4YNgf7XEkpeNVHD39Aj8MzdlsGPr9vI2o/N1yTpQyJrPW1ntKVvI9rHwcJhm5nyaQiHVwKHWcxcn7li6AeztV4HUqwKxQwf3MHfZ4fhWJrI7NYAuMAbmK6epa/ROGsIGnT6vQh3SImcn+Kkcg=,iv:dT8dBuSsYRxGe93/9ie/6/X4Ru5NDycz2pgMVI83wbc=,tag:r1mPjG/JOQsRDzCktIlisQ==,type:str]", + "lastmodified": "2025-11-10T01:10:47Z", + "mac": "ENC[AES256_GCM,data:2gKEGIYctY7g7mL7lay1T7XmxGdsRzz/dIC1p98zDTnIoBrq5mf5CV/FjAGi5jDsmEMoCSUTWFaT/0Wq3nmRC+OyjL3/Hsit+HJDBVbyf/mY+zs2UQd3KVYoxmpDeAJ1E9s8ygxEu5lJGzacWbJ9BggKUUnywXYfNg0fS7ntjUw=,iv:5xedOuJ3VFm4pEjXyVBM9Iwe5pK1dYP4nTRkk7exrvo=,tag:sEVygcLMqkI9CWQDjoaEqQ==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/index.html b/index.html index ad5d0e2..73a386f 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configurationo @@ -209,8 +209,8 @@
  • 1.4. Hosts
  • 1.5. Programs
  • 1.6. Services
    • -
  • 1.7. Manual steps when setting up a new machine
    • -
  • 1.8. Current issues
    • +
  • 1.7. Manual steps when setting up a new machine
    • +
  • 1.8. Current issues
  • 2. flake.nix @@ -229,7 +229,7 @@
  • 2.7. Topology
  • 2.8. Devshell (checks)
  • 2.9. Templates
    • -
  • 2.10. Formatter (treefmt-nix)
    • +
  • 2.10. Formatter
  • 2.11. TODO Modules
  • 2.12. Apps
  • 2.13. Overlays
    • @@ -269,28 +269,28 @@
  • 3.1.2.3.2. hardware-configuration
    • -
  • 3.1.2.4. Summers (Server: ASUS Z10PA-D8) +
  • 3.1.2.4. Summers (Server: ASUS Z10PA-D8)
    • -
  • 3.1.2.5. Hintbooth (Router: HUNSN RM02) +
  • 3.1.2.5. Hintbooth (Router: HUNSN RM02)
  • 3.1.2.6. machpizza (MacBook Pro)
  • 3.1.2.7. Magicant (Phone)
    • -
  • 3.1.2.8. Treehouse (DGX Spark)
    • +
  • 3.1.2.8. Treehouse (DGX Spark)
  • 3.1.3. Virtual hosts @@ -302,27 +302,6 @@
  • 3.1.3.1.3. disko
    • -
  • 3.1.3.2. Belchsfactory (OCI) - -
    • -
  • 3.1.3.3. Milkywell (OCI) - -
    • -
  • 3.1.3.4. Eagleland (Hetzner) - -
  • 3.1.4. Utility hosts @@ -334,13 +313,12 @@
  • 3.1.4.2. TODO Drugstore (ISO installer config)
    • -
  • 3.1.4.3. Brick Road (kexec image)
    • -
  • 3.1.4.4. Hotel (Demo Physical/VM) +
  • 3.1.4.3. Hotel (Demo Physical/VM)
    • @@ -428,9 +406,9 @@
  • 3.2.3.4. nfs/samba (smb)
  • 3.2.3.5. NGINX
  • 3.2.3.6. ssh
    • -
  • 3.2.3.7. Network settings
    • -
  • 3.2.3.8. Disk encryption
    • -
  • 3.2.3.9. Router
    • +
  • 3.2.3.7. Network settings
    • +
  • 3.2.3.8. Disk encryption
    • +
  • 3.2.3.9. Router
  • 3.2.3.10. kavita
  • 3.2.3.11. jellyfin
  • 3.2.3.12. navidrome
    • @@ -463,13 +441,8 @@
  • 3.2.3.39. slink
  • 3.2.3.40. Snipe-IT
  • 3.2.3.41. Homebox
    • -
  • 3.2.3.42. OPKSSH
    • -
  • 3.2.3.43. Garage
    • -
  • 3.2.3.44. nsd (dns)
    • -
  • 3.2.3.45. nsd (dns) - site1
    • -
  • 3.2.3.46. Minecraft
    • -
  • 3.2.3.47. Mailserver
    • -
  • 3.2.3.48. Attic (nix binary cache)
    • +
  • 3.2.3.42. OPKSSH
    • +
  • 3.2.3.43. Garage
  • 3.2.4. Darwin @@ -489,20 +462,20 @@
  • 3.2.5.8. Hibernation
  • 3.2.5.9. BTRFS
  • 3.2.5.10. work
    • -
  • 3.2.5.11. microvm-host
    • -
  • 3.2.5.12. microvm-guest
    • +
  • 3.2.5.11. microvm-host
    • +
  • 3.2.5.12. microvm-guest
  • 3.3. Home-manager
  • 4.4.2. Nix Mode
    • @@ -843,7 +813,7 @@
  • 4.4.40. Calendar
    • @@ -858,8 +828,8 @@
  • 5. Appendix A: Noweb-Ref blocks
  • 6. Appendix B: Supplementary Files @@ -911,7 +881,7 @@

    -This file has 113366 words spanning 30228 lines and was last revised on 2025-11-27 16:49:14 +0100. +This file has 104733 words spanning 27960 lines and was last revised on 2025-11-19 15:22:29 +0100.

    @@ -980,7 +950,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-11-27 16:49:14 +0100) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-11-19 15:22:29 +0100)

    • @@ -992,7 +962,7 @@ system-configuration-options 
    ---prefix=/nix/store/al2a1g9wz4w7ixx0d7ain2myhchxiv74-emacs-git-pgtk-20251013.0 --disable-build-details --with-modules --with-pgtk --disable-gc-mark-trace --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux
+--prefix=/nix/store/3ncyph43ppsx6dnx46faxr5dmv9g8ym7-emacs-git-pgtk-20251013.0 --disable-build-details --with-modules --with-pgtk --disable-gc-mark-trace --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux
    @@ -1214,26 +1184,24 @@ Here I give a brief overview over the hostmachines that I am using. This is held

    -
    | Name                | Hardware                                            | Use                                                 |
-|---------------------|-----------------------------------------------------|-----------------------------------------------------|
-|💻 **pyramid**       | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                         |
-|💻 **bakery**        | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                     |
-|💻 **machpizza**     | MacBook Pro 2016                                    | MacOS reference and build sandbox                   |
-|🏠 **treehouse**     | NVIDIA DGX Spark                                    | AI Workstation, remote builder, hm-only-reference   |
-|🖥️ **summers**       | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Homeserver (microvms), remote builder, datastorage  |
-|🖥️ **winters**       | ASRock J4105-ITX, 32GB RAM                          | Homeserver (IoT server in spe)                      |
-|🖥️ **hintbooth**     | HUNSN RM02, 8GB RAM                                 | Router                                              |
-|☁️ **stoicclub**     | Cloud Server: 1 vCPUs, 8GB RAM                      | Authoritative dns server                            |
-|☁️ **liliputsteps**  | Cloud Server: 1 vCPUs, 8GB RAM                      | SSH bastion                                         |
-|☁️ **twothreetunnel**| Cloud Server: 2 vCPUs, 8GB RAM                      | Service proxy                                       |
-|☁️ **eagleland**     | Cloud Server: 2 vCPUs, 8GB RAM                      | Mailserver                                          |
-|☁️ **moonside**      | Cloud Server: 4 vCPUs, 24GB RAM                     | Gaming server, syncthing + lightweight services     |
-|☁️ **belchsfactory** | Cloud Server: 4 vCPUs, 24GB RAM                     | Hydra builder and nix binarycache                   |
-|📱 **magicant**      | Samsung Galaxy Z Flip 6                             | Phone                                               |
-|💿 **drugstore**     | -                                                   | NixOS-installer ISO for bootstrapping new hosts     |
-|💿 **brickroad**     | -                                                   | Kexec tarball for bootstrapping low-memory machines |
-|❔ **chaotheatre**   | -                                                   | Demo config for checking out this configuration     |
-|❔ **toto**          | -                                                   | Helper configuration for testing purposes           |
+
    | Name               | Hardware                                            | Use                                                  |
+|--------------------|-----------------------------------------------------|------------------------------------------------------|
+|💻 **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
+|💻 **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
+|💻 **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
+|🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
+|🖥️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
+|🖥️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
+|🖥️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
+|☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+|☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+|☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
+|☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
+|☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
+|📱 **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
+|💿 **drugstore**    | -                                                   | ISO installer configuration                          |
+|❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
+|❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
    @@ -1290,9 +1258,9 @@ Here I give a brief overview over the hostmachines that I am using. This is held -
    -

    1.7. Manual steps when setting up a new machine

    -
    +
    +

    1.7. Manual steps when setting up a new machine

    +
    These steps are required when setting up a normal NixOS host:
 
@@ -1367,9 +1335,9 @@ If the new machine is home-manager only, perform these steps:
   3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
    -
    -

    1.8. Current issues

    -
    +
    +

    1.8. Current issues

    +
    Currently, these adaptions are made to the configuration to account for bugs in upstream repos:
 
@@ -1551,57 +1519,100 @@ This provides devshell support for flake-parts
   };
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
     nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
     nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
     nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
     nixpkgs-stable25_05.url = "github:NixOS/nixpkgs/nixos-25.05";
-
+    systems.url = "github:nix-systems/default";
+    swarsel-modules.url = "github:Swarsel/swarsel-modules/main";
+    swarsel-nix.url = "github:Swarsel/swarsel-nix/main";
     home-manager = {
       # url = "github:nix-community/home-manager";
       url = "github:Swarsel/home-manager/main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    nix-index-database = {
-      url = "github:nix-community/nix-index-database";
+    swarsel.url = "github:Swarsel/.dotfiles";
+    emacs-overlay = {
+      # url = "github:nix-community/emacs-overlay";
+      url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    # emacs-overlay.url = "github:nix-community/emacs-overlay";
-    emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
-    swarsel-nix.url = "github:Swarsel/swarsel-nix/main";
-    systems.url = "github:nix-systems/default";
     nur.url = "github:nix-community/NUR";
     nixgl.url = "github:guibou/nixGL";
     stylix.url = "github:danth/stylix";
     sops-nix.url = "github:Mic92/sops-nix";
     lanzaboote.url = "github:nix-community/lanzaboote";
-    nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
-    nixos-generators.url = "github:nix-community/nixos-generators";
-    nixos-images.url = "github:Swarsel/nixos-images/main";
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix";
-    disko.url = "github:nix-community/disko";
+    nix-on-droid = {
+      url = "github:nix-community/nix-on-droid/release-24.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-hardware = {
+      url = "github:NixOS/nixos-hardware/master";
+    };
+    nswitch-rcm-nix = {
+      url = "github:Swarsel/nswitch-rcm-nix";
+    };
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     impermanence.url = "github:nix-community/impermanence";
-    zjstatus.url = "github:dj95/zjstatus";
-    nix-darwin.url = "github:lnl7/nix-darwin";
-    pre-commit-hooks.url = "github:cachix/git-hooks.nix";
-    vbc-nix.url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main";
+    zjstatus = {
+      url = "github:dj95/zjstatus";
+    };
+    # has been upstreamed
+    # fw-fanctrl = {
+    #   # url = "github:TamtamHero/fw-fanctrl/packaging/nix";
+    #   url = "github:Swarsel/fw-fanctrl/packaging/nix";
+    #   inputs.nixpkgs.follows = "nixpkgs";
+    # };
+    nix-darwin = {
+      url = "github:lnl7/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    pre-commit-hooks = {
+      url = "github:cachix/git-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    vbc-nix = {
+      url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nix-topology.url = "github:oddlama/nix-topology";
     flake-parts.url = "github:hercules-ci/flake-parts";
-    devshell.url = "github:numtide/devshell";
-    spicetify-nix.url = "github:Gerg-l/spicetify-nix";
-    niri-flake.url = "github:sodiboo/niri-flake";
-    nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
-    microvm.url = "github:astro/microvm.nix";
+    devshell = {
+      url = "github:numtide/devshell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    spicetify-nix = {
+      url = "github:Gerg-l/spicetify-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    niri-flake = {
+      url = "github:sodiboo/niri-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-extra-modules = {
+      url = "github:oddlama/nixos-extra-modules";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     treefmt-nix.url = "github:numtide/treefmt-nix";
-    dns.url = "github:kirelagin/dns.nix";
-    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
-  };
 
+  };
   outputs =
     inputs:
     inputs.flake-parts.lib.mkFlake { inherit inputs; } {
@@ -1818,7 +1829,7 @@ let
             ) 4;
           subnetMask = lib.concatStringsSep "." (map toString octets);
         in
-        subnetMask;
+          subnetMask;
 
       mkIfElseList = p: yes: no: lib.mkMerge [
         (lib.mkIf p yes)
@@ -1827,23 +1838,6 @@ let
 
       mkIfElse = p: yes: no: if p then yes else no;
 
-      getSubDomain = domain:
-        let
-          parts = builtins.split "\\." domain;
-          domainParts = builtins.filter (x: builtins.isString x && x != "") parts;
-        in
-        if builtins.length domainParts > 0
-        then builtins.head domainParts
-        else "";
-
-      getBaseDomain = domain:
-        let
-          parts = builtins.split "\\." domain;
-          domainParts = builtins.filter (x: builtins.isString x && x != "") parts;
-          baseParts = builtins.tail domainParts;
-        in
-        builtins.concatStringsSep "." baseParts;
-
       pkgsFor = lib.genAttrs (import systems) (system:
         import inputs.nixpkgs {
           inherit system;
@@ -1975,7 +1969,7 @@ Lastly, in order make this actually available to my configurations, i use the 
 
    # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix
-{ inputs, ... }:
+{ self, inputs, ... }:
 {
   flake = { config, lib, ... }:
     {
@@ -2091,48 +2085,41 @@ The rest of the outputs either define or help define the actual configurations:
           };
           modules = [
             inputs.disko.nixosModules.disko
-            inputs.home-manager.nixosModules.home-manager
+            inputs.sops-nix.nixosModules.sops
             inputs.impermanence.nixosModules.impermanence
             inputs.lanzaboote.nixosModules.lanzaboote
+            inputs.nix-topology.nixosModules.default
+            inputs.home-manager.nixosModules.home-manager
+            inputs.stylix.nixosModules.stylix
+            inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
+            # inputs.swarsel-modules.nixosModules.default
+            inputs.swarsel-nix.nixosModules.default
+            inputs.niri-flake.nixosModules.niri
             inputs.microvm.nixosModules.host
             inputs.microvm.nixosModules.microvm
-            inputs.niri-flake.nixosModules.niri
-            inputs.nix-index-database.nixosModules.nix-index
-            inputs.nix-minecraft.nixosModules.minecraft-servers
-            inputs.nix-topology.nixosModules.default
-            inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
-            inputs.simple-nixos-mailserver.nixosModules.default
-            inputs.sops-nix.nixosModules.sops
-            inputs.stylix.nixosModules.stylix
-            inputs.swarsel-nix.nixosModules.default
             (inputs.nixos-extra-modules + "/modules/guests")
-            (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
             "${self}/hosts/nixos/${arch}/${configName}"
             "${self}/profiles/nixos"
             "${self}/modules/nixos"
             {
-              _module.args.dns = inputs.dns;
 
               microvm.guest.enable = lib.mkDefault false;
 
-              networking.hostName = lib.swarselsystems.mkStrong configName;
-
               node = {
                 name = lib.mkForce configName;
                 secretsDir = ../hosts/nixos/${arch}/${configName}/secrets;
-                lockFromBootstrapping = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
               };
 
               swarselprofiles = {
-                minimal = lib.mkIf minimal (lib.swarselsystems.mkStrong true);
+                minimal = lib.mkIf minimal (lib.mkDefault true);
               };
 
               swarselmodules.server = {
-                ssh = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
+                ssh = lib.mkIf (!minimal) (lib.mkDefault true);
               };
 
               swarselsystems = {
-                mainUser = lib.swarselsystems.mkStrong "swarsel";
+                mainUser = lib.mkDefault "swarsel";
               };
             }
           ];
@@ -2727,7 +2714,7 @@ Otherwise, I define the function mkTemplates here which builds a na
    -

    2.10. Formatter (treefmt-nix)

    +

    2.10. Formatter

    Defines a formatter that can be called using nix flake format. While a nice utility, I have stronger tools to perform this job. @@ -2753,21 +2740,6 @@ Defines a formatter that can be called using nix flake format. Whil }; deadnix.enable = true; statix.enable = true; - shfmt = { - enable = true; - indent_size = 4; - simplify = true; - # needed to replicate what my Emacs shfmt does - # there is no builtin option for space-redirects - package = pkgs.symlinkJoin { - name = "shfmt"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.shfmt ]; - postBuild = '' - wrapProgram $out/bin/shfmt --append-flags '-sr' - ''; - }; - }; shellcheck.enable = true; }; settings.formatter.shellcheck.options = [ @@ -2993,9 +2965,7 @@ in // (inputs.nur.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev) // (inputs.nix-topology.overlays.default final prev) - // (inputs.nix-index-database.overlays.nix-index final prev) // (inputs.nixgl.overlay final prev) - // (inputs.nix-minecraft.overlay final prev) // (inputs.nixos-extra-modules.overlays.default final prev) ) (modifications final prev); @@ -3026,32 +2996,19 @@ This is an improvement to what I did earlier, where I did not use nixos-ge { perSystem = { pkgs, system, ... }: { - packages = { - # nix build --print-out-paths --no-link .#live-iso - live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs; - specialArgs = { inherit self; }; - modules = [ - inputs.home-manager.nixosModules.home-manager - "${self}/install/installer-config.nix" - ]; - format = - { - x86_64-linux = "install-iso"; - aarch64-linux = "sd-aarch64-installer"; - }.${system}; - }; - - # nix build --print-out-paths --no-link .#pnap-kexec --system <system> - swarsel-kexec = (inputs.smallpkgs.legacyPackages.${system}.nixos [ + # nix build --print-out-paths --no-link .#images.<target-system>.live-iso + packages.live-iso = inputs.nixos-generators.nixosGenerate { + inherit pkgs; + specialArgs = { inherit self; }; + modules = [ + inputs.home-manager.nixosModules.home-manager + "${self}/install/installer-config.nix" + ]; + format = { - imports = [ "${self}/install/kexec.nix" ]; - _file = __curPos.file; - system.kexec-installer.name = "swarsel-kexec"; - } - inputs.nixos-images.nixosModules.kexec-installer - ]).config.system.build.kexecInstallerTarball; - + x86_64-linux = "install-iso"; + aarch64-linux = "sd-aarch64-installer"; + }.${system}; }; }; } @@ -3846,7 +3803,7 @@ This is my main server that I run at home. It handles most tasks that require bi

    3.1.2.3.1. Main Configuration
    -
    { lib, config, minimal, ... }:
+
    { lib, minimal, ... }:
 {
 
   imports = [
@@ -3873,29 +3830,13 @@ This is my main server that I run at home. It handles most tasks that require bi
     isBtrfs = false;
     isLinux = true;
     isNixos = true;
-    proxyHost = "moonside";
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-      restic = {
-        bucketName = "SwarselWinters";
-        paths = [
-          "/Vault/data/paperless"
-          "/Vault/data/koillection"
-          "/Vault/data/postgresql"
-          "/Vault/data/firefly-iii"
-          "/Vault/data/radicale"
-          "/Vault/data/matrix-synapse"
-          "/Vault/Eternor/Paperless"
-          "/Vault/Eternor/Bilder"
-          "/Vault/Eternor/Immich"
-        ];
-      };
-      garage = {
-        data_dir = {
+    server.garage = {
+      data_dir = [
+        {
           capacity = "200G";
-          path = "/Vault/data/garage/data";
-        };
-      };
+          path = "/Vault/data/garage/main";
+        }
+      ];
     };
   };
 
@@ -3999,13 +3940,13 @@ This is my main server that I run at home. It handles most tasks that require bi
    -
    -
    3.1.2.4. Summers (Server: ASUS Z10PA-D8)
    -
    +
    +
    3.1.2.4. Summers (Server: ASUS Z10PA-D8)
    +
    -
    -
    3.1.2.4.1. Main Configuration
    -
    +
    +
    3.1.2.4.1. Main Configuration
    +
    { inputs, lib, config, minimal, nodes, globals, ... }:
 {
@@ -4112,9 +4053,9 @@ This is my main server that I run at home. It handles most tasks that require bi
    -
    -
    3.1.2.4.2. hardware-configuration
    -
    +
    +
    3.1.2.4.2. hardware-configuration
    +
    { config, lib, modulesPath, ... }:
 
@@ -4148,9 +4089,9 @@ This is my main server that I run at home. It handles most tasks that require bi
    -
    -
    3.1.2.4.3. disko
    -
    +
    +
    3.1.2.4.3. disko
    +
    { lib, config, ... }:
 let
@@ -4274,13 +4215,13 @@ in
    -
    -
    3.1.2.4.4. Guests
    -
    +
    +
    3.1.2.4.4. Guests
    +
    -
    -3.1.2.4.4.1. Guest 1 -
    +
    +3.1.2.4.4.1. Guest 1 +
    { lib, minimal, ... }:
 {
@@ -4314,15 +4255,15 @@ in
    -
    -
    3.1.2.5. Hintbooth (Router: HUNSN RM02)
    -
    +
    +
    3.1.2.5. Hintbooth (Router: HUNSN RM02)
    +
    -
    -
    3.1.2.5.1. Main Configuration
    -
    +
    +
    3.1.2.5.1. Main Configuration
    +
    -
    { lib, config, minimal,  ... }:
+
    { lib, minimal,  ... }:
 {
 
   imports = [
@@ -4342,9 +4283,6 @@ in
     rootDisk = "/dev/sda";
     swapSize = "8G";
     networkKernelModules = [ "igb" ];
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-    };
   };
 
 } // lib.optionalAttrs (!minimal) {
@@ -4366,9 +4304,9 @@ in
    -
    -
    3.1.2.5.2. hardware-configuration
    -
    +
    +
    3.1.2.5.2. hardware-configuration
    +
    { config, lib, modulesPath, ... }:
 
@@ -4398,9 +4336,9 @@ in
    -
    -
    3.1.2.5.3. disko
    -
    +
    +
    3.1.2.5.3. disko
    +
    { lib, config, ... }:
 let
@@ -4619,11 +4557,11 @@ My phone. I use only a minimal config for remote debugging here.
    -
    -
    3.1.2.8. Treehouse (DGX Spark)
    -
    +
    +
    3.1.2.8. Treehouse (DGX Spark)
    +
    -
    { self, pkgs, ... }:
+
    { self, ... }:
 {
 
   imports = [
@@ -4641,15 +4579,11 @@ My phone. I use only a minimal config for remote debugging here.
     };
   };
 
-  home.packages = with pkgs; [
-    attic-client
-  ];
   # programs.zsh.initContent = "
   #   export GPG_TTY=\"$(tty)\"
   # export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
   # gpgconf --launch gpg-agent
   #       ";
-  swarselmodules.pii = true;
 
   swarselsystems = {
     isLaptop = false;
@@ -4708,6 +4642,7 @@ in
 
   sops = {
     age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
+    # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml";
     secrets = {
       wireguard-private-key = { inherit sopsFile; };
       wireguard-home-preshared-key = { inherit sopsFile; };
@@ -4834,18 +4769,9 @@ in
     isBtrfs = true;
     isNixos = true;
     isLinux = true;
-    proxyHost = "moonside";
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-      restic = {
-        bucketName = "SwarselMoonside";
-        paths = [
-          "/persist/opt/minecraft"
-        ];
-      };
-    };
     syncthing = {
       serviceDomain = config.repo.secrets.common.services.domains.syncthing3;
+      serviceIP = "localhost";
     };
   };
 } // lib.optionalAttrs (!minimal) {
@@ -4860,8 +4786,6 @@ in
     shlink = true;
     slink = true;
     syncthing = true;
-    minecraft = true;
-    restic = true;
     diskEncryption = lib.mkForce false;
   };
 }
@@ -5022,706 +4946,6 @@ in
 }
 
 
-
    
-
    -
    -
    -
    -
    -
    3.1.3.2. Belchsfactory (OCI)
    -
    -
    -
    -
    3.1.3.2.1. Main Configuration
    -
    -
    -
    { lib, config, minimal, ... }:
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-  ];
-
-  node.lockFromBootstrapping = lib.mkForce false;
-
-  topology.self = {
-    icon = "devices.cloud-server";
-  };
-  swarselmodules.server.nginx = false;
-
-  swarselsystems = {
-    flakePath = "/root/.dotfiles";
-    info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM";
-    isImpermanence = true;
-    isSecureBoot = false;
-    isCrypted = true;
-    isSwap = false;
-    rootDisk = "/dev/sda";
-    isBtrfs = true;
-    isNixos = true;
-    isLinux = true;
-    isCloud = true;
-    proxyHost = "belchsfactory";
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-      garage = {
-        data_dir = {
-          capacity = "150G";
-          path = "/var/lib/garage/data";
-        };
-        keys = {
-          nixos = [
-            "attic"
-          ];
-        };
-        buckets = [
-          "attic"
-        ];
-      };
-    };
-  };
-} // lib.optionalAttrs (!minimal) {
-  swarselprofiles = {
-    server = true;
-  };
-
-  swarselmodules.server = {
-    postgresql = lib.mkDefault true;
-    attic = lib.mkDefault true;
-    garage = lib.mkDefault true;
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.1.3.2.2. hardware-configuration
    -
    -
    -
    { lib, modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ];
-      kernelModules = [ ];
-    };
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
-}
-
    -
    -
    -
    -
    -
    3.1.3.2.3. disko
    -
    -
    -
    { lib, pkgs, config, ... }:
-let
-  type = "btrfs";
-  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
-  subvolumes = {
-    "/root" = {
-      mountpoint = "/";
-      mountOptions = [
-        "subvol=root"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/home";
-      mountOptions = [
-        "subvol=home"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/persist";
-      mountOptions = [
-        "subvol=persist"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/var/log";
-      mountOptions = [
-        "subvol=log"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/nix" = {
-      mountpoint = "/nix";
-      mountOptions = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/swap" = lib.mkIf config.swarselsystems.isSwap {
-      mountpoint = "/.swapvol";
-      swap.swapfile.size = config.swarselsystems.swapSize;
-    };
-  };
-in
-{
-  disko = {
-    imageBuilder.extraDependencies = [ pkgs.kmod ];
-    devices = {
-      disk = {
-        disk0 = {
-          type = "disk";
-          device = config.swarselsystems.rootDisk;
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                priority = 1;
-                name = "ESP";
-                size = "512M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "defaults" ];
-                };
-              };
-              root = lib.mkIf (!config.swarselsystems.isCrypted) {
-                size = "100%";
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                    MNTPOINT=$(mktemp -d)
-                    mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
-                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
-              };
-              luks = lib.mkIf config.swarselsystems.isCrypted {
-                size = "100%";
-                content = {
-                  type = "luks";
-                  name = "cryptroot";
-                  passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                  settings = {
-                    allowDiscards = true;
-                    # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                    crypttabExtraOpts = [
-                      "fido2-device=auto"
-                      "token-timeout=10"
-                    ];
-                  };
-                  content = {
-                    inherit type subvolumes extraArgs;
-                    postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                      MNTPOINT=$(mktemp -d)
-                      mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
-                      trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                      btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                    '';
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-}
-
-
    -
    -
    -
    -
    -
    -
    3.1.3.3. Milkywell (OCI)
    -
    -
    -
    -
    3.1.3.3.1. Main Configuration
    -
    -
    -
    { lib, config, minimal, ... }:
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-  ];
-  node.lockFromBootstrapping = false;
-  sops = {
-    age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
-  };
-
-  topology.self = {
-    icon = "devices.cloud-server";
-  };
-
-  networking = {
-    domain = "subnet03112148.vcn03112148.oraclevcn.com";
-    firewall = {
-      allowedTCPPorts = [ 53 ];
-    };
-  };
-
-  system.stateVersion = "23.11";
-
-  swarselsystems = {
-    flakePath = "/root/.dotfiles";
-    info = "VM.Standard.E2.1.Micro";
-    isImpermanence = true;
-    isSecureBoot = false;
-    isCrypted = false;
-    isSwap = true;
-    swapSize = "8G";
-    rootDisk = "/dev/sda";
-    isBtrfs = true;
-    isNixos = true;
-    isLinux = true;
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-    };
-  };
-} // lib.optionalAttrs (!minimal) {
-  swarselprofiles = {
-    server = true;
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.1.3.3.2. hardware-configuration
    -
    -
    -
    { lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
-      kernelModules = [ "dm-snapshot" ];
-    };
-    kernelModules = [ "kvm-amd" ];
-    extraModulePackages = [ ];
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
-
-
    -
    -
    -
    -
    -
    3.1.3.3.3. disko
    -
    -
    -
    { lib, pkgs, config, ... }:
-let
-  type = "btrfs";
-  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
-  subvolumes = {
-    "/root" = {
-      mountpoint = "/";
-      mountOptions = [
-        "subvol=root"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/home";
-      mountOptions = [
-        "subvol=home"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/persist";
-      mountOptions = [
-        "subvol=persist"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/var/log";
-      mountOptions = [
-        "subvol=log"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/nix" = {
-      mountpoint = "/nix";
-      mountOptions = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/swap" = lib.mkIf config.swarselsystems.isSwap {
-      mountpoint = "/.swapvol";
-      swap.swapfile.size = config.swarselsystems.swapSize;
-    };
-  };
-in
-{
-  disko = {
-    imageBuilder.extraDependencies = [ pkgs.kmod ];
-    devices = {
-      disk = {
-        disk0 = {
-          type = "disk";
-          device = config.swarselsystems.rootDisk;
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                priority = 1;
-                name = "ESP";
-                size = "512M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "defaults" ];
-                };
-              };
-              root = lib.mkIf (!config.swarselsystems.isCrypted) {
-                size = "100%";
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                    MNTPOINT=$(mktemp -d)
-                    mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
-                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
-              };
-              luks = lib.mkIf config.swarselsystems.isCrypted {
-                size = "100%";
-                content = {
-                  type = "luks";
-                  name = "cryptroot";
-                  passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                  settings = {
-                    allowDiscards = true;
-                    # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                    crypttabExtraOpts = [
-                      "fido2-device=auto"
-                      "token-timeout=10"
-                    ];
-                  };
-                  content = {
-                    inherit type subvolumes extraArgs;
-                    postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                      MNTPOINT=$(mktemp -d)
-                      mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
-                      trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                      btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                    '';
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-}
-
    -
    -
    -
    -
    -
    -
    3.1.3.4. Eagleland (Hetzner)
    -
    -
    -
    -
    3.1.3.4.1. Main Configuration
    -
    -
    -
    { lib, config, minimal, ... }:
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-  ];
-
-  topology.self = {
-    icon = "devices.cloud-server";
-  };
-
-  networking = {
-    useDHCP = lib.mkForce false;
-    useNetworkd = true;
-    dhcpcd.enable = false;
-    renameInterfacesByMac = lib.mapAttrs (_: v: v.mac) (
-      config.repo.secrets.local.networking.networks or { }
-    );
-  };
-  boot.initrd.systemd.network = {
-    enable = true;
-    networks = {
-      inherit (config.systemd.network.networks) "10-wan";
-    };
-  };
-
-  systemd = {
-    network = {
-      enable = true;
-      wait-online.enable = false;
-      networks =
-        let
-          netConfig = config.repo.secrets.local.networking;
-        in
-        {
-          "10-wan" = {
-            address = [
-              "${netConfig.wanAddress4}/32"
-              "${netConfig.wanAddress6}/64"
-            ];
-            gateway = [ "fe80::1" ];
-            routes = [
-              { Destination = netConfig.defaultGateway4; }
-              {
-                Gateway = netConfig.defaultGateway4;
-                GatewayOnLink = true;
-              }
-            ];
-            matchConfig.MACAddress = netConfig.networks.${config.swarselsystems.server.localNetwork}.mac;
-            networkConfig.IPv6PrivacyExtensions = "yes";
-            linkConfig.RequiredForOnline = "routable";
-          };
-        };
-    };
-  };
-
-  swarselmodules.server.mailserver = true;
-
-  swarselsystems = {
-    flakePath = "/root/.dotfiles";
-    info = "2vCPU, 4GB Ram";
-    isImpermanence = true;
-    isSecureBoot = false;
-    isCrypted = true;
-    isCloud = true;
-    isSwap = true;
-    swapSize = "4G";
-    rootDisk = "/dev/sda";
-    isBtrfs = true;
-    isNixos = true;
-    isLinux = true;
-    proxyHost = "eagleland";
-    server = {
-      inherit (config.repo.secrets.local.networking) localNetwork;
-    };
-  };
-} // lib.optionalAttrs (!minimal) {
-  swarselprofiles = {
-    server = true;
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.1.3.4.2. hardware-configuration
    -
    -
    -
    { lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-      kernelModules = [ ];
-    };
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
-
-
    -
    -
    -
    -
    -
    3.1.3.4.3. disko
    -
    -
    -
    { lib, pkgs, config, ... }:
-let
-  type = "btrfs";
-  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
-  subvolumes = {
-    "/root" = {
-      mountpoint = "/";
-      mountOptions = [
-        "subvol=root"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/home";
-      mountOptions = [
-        "subvol=home"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/persist";
-      mountOptions = [
-        "subvol=persist"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/var/log";
-      mountOptions = [
-        "subvol=log"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/nix" = {
-      mountpoint = "/nix";
-      mountOptions = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/swap" = lib.mkIf config.swarselsystems.isSwap {
-      mountpoint = "/.swapvol";
-      swap.swapfile.size = config.swarselsystems.swapSize;
-    };
-  };
-in
-{
-  disko = {
-    imageBuilder.extraDependencies = [ pkgs.kmod ];
-    devices = {
-      disk = {
-        disk0 = {
-          type = "disk";
-          device = config.swarselsystems.rootDisk;
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                priority = 1;
-                name = "ESP";
-                size = "512M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "defaults" ];
-                };
-              };
-              root = lib.mkIf (!config.swarselsystems.isCrypted) {
-                size = "100%";
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                    MNTPOINT=$(mktemp -d)
-                    mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
-                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
-              };
-              luks = lib.mkIf config.swarselsystems.isCrypted {
-                size = "100%";
-                content = {
-                  type = "luks";
-                  name = "cryptroot";
-                  passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                  settings = {
-                    allowDiscards = true;
-                    # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                    crypttabExtraOpts = [
-                      "fido2-device=auto"
-                      "token-timeout=10"
-                    ];
-                  };
-                  content = {
-                    inherit type subvolumes extraArgs;
-                    postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                      MNTPOINT=$(mktemp -d)
-                      mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
-                      trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                      btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                    '';
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-}
    @@ -6111,117 +5335,12 @@ in } - -
    -
    -
    -
    -
    3.1.4.3. Brick Road (kexec image)
    -
    -
    -
    { lib, pkgs, modulesPath, options, ... }:
-{
-  disabledModules = [
-    # This module adds values to multiple lists (systemPackages, supportedFilesystems)
-    # which are impossible/unpractical to remove, so we disable the entire module.
-    "profiles/base.nix"
-  ];
-
-  imports = [
-    # reduce closure size by removing perl
-    "${modulesPath}/profiles/perlless.nix"
-    # FIXME: we still are left with nixos-generate-config due to nixos-install-tools
-    { system.forbiddenDependenciesRegexes = lib.mkForce [ ]; }
-  ];
-
-  config = {
-    networking.hostName = "brickroad";
-
-    system = {
-      # nixos-option is mainly useful for interactive installations
-      tools.nixos-option.enable = false;
-      # among others, this prevents carrying a stdenv with gcc in the image
-      extraDependencies = lib.mkForce [ ];
-    };
-    # prevents shipping nixpkgs, unnecessary if system is evaluated externally
-    nix.registry = lib.mkForce { };
-
-    # would pull in nano
-    programs.nano.enable = false;
-
-    # prevents strace
-    environment = {
-      defaultPackages = lib.mkForce [
-        pkgs.parted
-        pkgs.gptfdisk
-        pkgs.e2fsprogs
-      ];
-
-      systemPackages = with pkgs; [
-        cryptsetup.bin
-      ];
-
-      # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
-      ldso32 = null;
-    };
-
-    # included in systemd anyway
-    systemd.sysusers.enable = true;
-
-    # normal users are not allowed with sys-users
-    # see https://github.com/NixOS/nixpkgs/pull/328926
-    users.users.nixos = {
-      isSystemUser = true;
-      isNormalUser = lib.mkForce false;
-      shell = "/run/current-system/sw/bin/bash";
-      group = "nixos";
-    };
-    users.groups.nixos = { };
-
-    security = {
-      # we have still run0 from systemd and most of the time we just use root
-      sudo.enable = false;
-      polkit.enable = lib.mkForce false;
-      # introduces x11 dependencies
-      pam.services.su.forwardXAuth = lib.mkForce false;
-    };
-
-    documentation = {
-      enable = false;
-      man.enable = false;
-      nixos.enable = false;
-      info.enable = false;
-      doc.enable = false;
-    };
-
-    services = {
-      # no dependency on x11
-      dbus.implementation = "broker";
-      # we prefer root as this is also what we use in nixos-anywhere
-      getty.autologinUser = lib.mkForce "root";
-      # included in systemd anyway
-      userborn.enable = false;
-    };
-
-
-
-    # we are missing this from base.nix
-    boot.supportedFilesystems = [
-      "ext4"
-      "btrfs"
-      "xfs"
-    ];
-  } // lib.optionalAttrs (options.hardware ? firmwareCompression) {
-    hardware.firmwareCompression = "xz";
-  };
-}
-
    -
    3.1.4.4. Hotel (Demo Physical/VM)
    +
    3.1.4.3. Hotel (Demo Physical/VM)

    This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys). @@ -6232,7 +5351,7 @@ I also set the WLR_RENDERER_ALLOW_SOFTWARE=1 to allow this configur

    -
    3.1.4.4.1. Main configuration
    +
    3.1.4.3.1. Main configuration
    { self, config, pkgs, lib, minimal, ... }:
@@ -6302,7 +5421,7 @@ in
    -
    3.1.4.4.2. disko
    +
    3.1.4.3.2. disko
    # NOTE: ... is needed because dikso passes diskoFile
@@ -6438,7 +5557,7 @@ in
    -
    3.1.4.4.3. NixOS dummy options configuration
    +
    3.1.4.3.3. NixOS dummy options configuration
    _:
@@ -6449,7 +5568,7 @@ in
    -
    3.1.4.4.4. home-manager dummy options configuration
    +
    3.1.4.3.4. home-manager dummy options configuration
    _:
@@ -6702,31 +5821,13 @@ in
 
           services = mkOption {
             type = types.attrsOf (
-              types.submodule (serviceSubmod: {
+              types.submodule {
                 options = {
                   domain = mkOption {
                     type = types.str;
                   };
-                  subDomain = mkOption {
-                    readOnly = true;
-                    type = types.str;
-                    default = lib.swarselsystems.getSubDomain serviceSubmod.config.domain;
-                  };
-                  baseDomain = mkOption {
-                    readOnly = true;
-                    type = types.str;
-                    default = lib.swarselsystems.getBaseDomain serviceSubmod.config.domain;
-                  };
-                  proxyAddress4 = mkOption {
-                    type = types.nullOr types.str;
-                    default = null;
-                  };
-                  proxyAddress6 = mkOption {
-                    type = types.nullOr types.str;
-                    default = null;
-                  };
                 };
-              })
+              }
             );
           };
 
@@ -6769,12 +5870,6 @@ in
                   defaultGateway6 = mkOption {
                     type = types.nullOr types.net.ipv6;
                   };
-                  wanAddress4 = mkOption {
-                    type = types.nullOr types.net.ipv4;
-                  };
-                  wanAddress6 = mkOption {
-                    type = types.nullOr types.net.ipv6;
-                  };
                 };
               }
             );
@@ -6818,10 +5913,6 @@ in
         description = "Node Name.";
         type = lib.types.str;
       };
-      lockFromBootstrapping = lib.mkOption {
-        description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap.";
-        type = lib.types.bool;
-      };
     };
   };
 }
@@ -6859,7 +5950,6 @@ in
         github-nixpkgs-review-token = { owner = mainUser; };
       }) // (lib.optionalAttrs modules.emacs {
         emacs-radicale-pw = { owner = mainUser; };
-        github-forge-token = { owner = mainUser; };
       }) // (lib.optionalAttrs modules.optional.work {
         harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
       }) // (lib.optionalAttrs modules.anki {
@@ -6946,10 +6036,8 @@ A breakdown of the flags being set:
 
 
 
    
-
    { self, lib, pkgs, config, outputs, inputs, minimal, globals, ... }:
+
    { self, lib, pkgs, config, outputs, inputs, minimal, ... }:
 let
-  inherit (config.swarselsystems) mainUser;
-  inherit (config.repo.secrets.common) atticPublicKey;
   settings = if minimal then { } else {
     environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" ''
       assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
@@ -6986,8 +6074,7 @@ let
         channel.enable = false;
         registry = rec {
           nixpkgs.flake = inputs.nixpkgs;
-          # swarsel.flake = inputs.swarsel;
-          swarsel.flake = self;
+          swarsel.flake = inputs.swarsel;
           n = nixpkgs;
           s = swarsel;
         };
@@ -7008,7 +6095,7 @@ in
     (lib.recursiveUpdate
       {
         sops.secrets.github-api-token = lib.mkIf (!minimal) {
-          owner = mainUser;
+          sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
         };
 
         nix =
@@ -7025,12 +6112,6 @@ in
                 "cgroups"
                 "pipe-operators"
               ];
-              substituters = [
-                "https://${globals.services.attic.domain}/${mainUser}"
-              ];
-              trusted-public-keys = [
-                atticPublicKey
-              ];
               trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
             };
             # extraOptions = ''
@@ -7111,6 +6192,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
         inputs.nix-index-database.homeModules.nix-index
         inputs.sops-nix.homeManagerModules.sops
         inputs.spicetify-nix.homeManagerModules.default
+        # inputs.swarsel-modules.homeModules.default
         inputs.swarsel-nix.homeModules.default
         {
           imports = [
@@ -7153,11 +6235,14 @@ For that reason, make sure that sops-nix is properly working before
 
    
 
 
    
-
    { pkgs, config, lib, globals, minimal, ... }:
+
    { self, pkgs, config, lib, globals, minimal, ... }:
+let
+  sopsFile = self + /secrets/general/secrets.yaml;
+in
 {
   options.swarselmodules.users = lib.mkEnableOption "user config";
   config = lib.mkIf config.swarselmodules.users {
-    sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
+    sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
 
     users = {
       mutableUsers = lib.mkIf (!minimal) false;
@@ -7481,7 +6566,6 @@ in
       hideMounts = true;
       directories =
         [
-          "/root/.dotfiles"
           "/etc/nix"
           "/etc/NetworkManager/system-connections"
           "/var/lib/nixos"
@@ -7574,9 +6658,8 @@ Mostly used to install some compilers and lsp's that I want to have available wh
 
       libsForQt5.qt5.qtwayland
 
-      # do not do this! clashes with the flake
-      # nix-index
-
+      # nix package database
+      nix-index
       nixos-generators
 
       # commit hooks
@@ -7592,9 +6675,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh
       # better make for general tasks
       just
 
-      # sops
-      ssh-to-age
-      sops
 
       # keyboards
       qmk
@@ -7864,7 +6944,7 @@ Here I only enable networkmanager and a few default networks. The r
 
    
 
 
    
-
    { self, lib, pkgs, config, globals, ... }:
+
    { self, lib, pkgs, config, ... }:
 let
   certsSopsFile = self + /secrets/certs/secrets.yaml;
   clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
@@ -7916,7 +6996,7 @@ in
     networking = {
       inherit (config.swarselsystems) hostName;
       hosts = {
-        "${globals.networks.home-lan.hosts.winters.ipv4}" = [ globals.services.transmission.domain ];
+        "192.168.178.24" = [ "store.swarsel.win" ];
       };
       wireless.iwd = {
         enable = true;
@@ -8193,8 +7273,9 @@ I use sops-nix to handle secrets that I want to have available on my machines at
     sops = {
 
       # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
-      age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
-      defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
+      age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+      # defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
+      defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
 
       validateSopsFiles = false;
 
@@ -9313,6 +8394,7 @@ in
   config = lib.mkIf config.swarselmodules.server.packages {
     environment.systemPackages = with pkgs; [
       gnupg
+      nix-index
       nvd
       nix-output-monitor
       ssh-to-age
@@ -9483,7 +8565,6 @@ in
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      directories = [ { directory = "/var/lib/acme"; } ];
       files = [ dhParamsPathBase ];
     };
 
@@ -9508,52 +8589,28 @@ in
         '';
       };
     };
-    systemd.services.generateDHParams = {
-      before = [ "nginx.service" ];
-      requiredBy = [ "nginx.service" ];
-      after = [ "local-fs.target" ];
-      requires = [ "local-fs.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-      };
-
-      script = ''
-        set -eu
-
-        install -d -m 0755 ${sslBasePath}
-        ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
-
-        if [ ! -f "${dhParamsPath}" ]; then
-          ${pkgs.openssl}/bin/openssl dhparam -out "${dhParamsPath}" 4096
-          chmod 0644 "${dhParamsPath}"
-          chown ${serviceUser}:${serviceGroup} "${dhParamsPath}"
-        else
-          echo 'Already generated DHParams'
-        fi
-      '';
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateDHParams" "users" "groups" ];
     };
+    system.activationScripts."generateDHParams" =
+      {
+        text = ''
+          set -eu
 
-    # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-    #   deps = [ "generateDHParams" "users" "groups" ];
-    # };
-    # system.activationScripts."generateDHParams" =
-    #   {
-    #     text = ''
-    #       set -eu
+          ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}
+          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
 
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else "${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}"}
-
-    #       if [ ! -f "${dhParamsPath}" ]; then
-    #         ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
-    #         chmod 0644 ${dhParamsPath}
-    #         chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
-    #       fi
-    #     '';
-    #     deps = [
-    #       (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-    #       (lib.mkIf (!config.swarselsystems.isImpermanence) "etc")
-    #     ];
-    #   };
+          if [ ! -f "${dhParamsPathBase}" ]; then
+            ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
+            chmod 0644 ${dhParamsPath}
+            chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
+          fi
+        '';
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
+      };
   };
 }
 
    
@@ -9604,35 +8661,22 @@ Here I am forcing startWhenNeeded to false so that the value will n
 
    
 
    
 
    
-
    
-
    3.2.3.7. Network settings
    
-
    
-
    
-Generate hostId using head -c4 /dev/urandom | od -A none -t x4
-
    
-
+
    
+
    3.2.3.7. Network settings
    
+
    
 
    
 
    { lib, config, ... }:
-let
-  inherit (config.swarselsystems.server) localNetwork;
-in
 {
   options.swarselmodules.server.network = lib.mkEnableOption "enable server network config";
-  options.swarselsystems.server.localNetwork = lib.mkOption {
-    type = lib.types.str;
-    default = "home";
-  };
   config = lib.mkIf config.swarselmodules.server.network {
 
-    globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${localNetwork}".hosts.${config.node.name} = {
-      inherit (config.repo.secrets.local.networking.networks.${localNetwork}) id;
-      mac = config.repo.secrets.local.networking.networks.${localNetwork}.mac or null;
+    globals.networks.home.hosts.${config.node.name} = {
+      inherit (config.repo.secrets.local.networking.networks.home) id;
+      mac = config.repo.secrets.local.networking.networks.home.mac or null;
     };
 
     globals.hosts.${config.node.name} = {
       inherit (config.repo.secrets.local.networking) defaultGateway4;
-      wanAddress4 = config.repo.secrets.local.networking.wanAddress4 or null;
-      wanAddress6 = config.repo.secrets.local.networking.wanAddress6 or null;
     };
 
     networking = {
@@ -9651,9 +8695,9 @@ in
 
    
 
    
 
    
-
    
-
    3.2.3.8. Disk encryption
    
-
    
+
    
+
    3.2.3.8. Disk encryption
    
+
    
 
    
 The hostkey can be generated with ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key.
 Use lspci -v | grep -iA8 'network\|ethernet' to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach:
@@ -9668,11 +8712,75 @@ Use lspci -nn | grep -i network to find out manufacturer info:
    -
    -04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616]
-
    + +++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    04:00.0Networkcontroller[0280]:MEDIATEKCorp.MT7922802.11axPCIExpressWirelessNetworkAdapter[14c3:0616]
    6a:00.0Ethernetcontroller[0200]:IntelCorporationI210GigabitNetworkConnection[8086:1533](rev03) 
    +

    From the last bracket you then find out the correct kernel module:

    @@ -9776,16 +8884,11 @@ From the last bracket you then find out the correct kernel module: 
    { self, pkgs, lib, config, globals, minimal, ... }:
 let
-  localIp = globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}".hosts.${config.node.name}.ipv4;
-  subnetMask = globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}".subnetMask4;
+  localIp = globals.networks.home.hosts.${config.node.name}.ipv4;
+  subnetMask = globals.networks.home.subnetMask4;
   gatewayIp = globals.hosts.${config.node.name}.defaultGateway4;
 
-  hostKeyPathBase = "/etc/secrets/initrd/ssh_host_ed25519_key";
-  hostKeyPath =
-    if config.swarselsystems.isImpermanence then
-      "/persist/${hostKeyPathBase}"
-    else
-      "${hostKeyPathBase}";
+  hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key";
 in
 {
   options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config";
@@ -9795,40 +8898,35 @@ in
   };
   config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) {
 
-
-    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-      deps = [ "ensureInitrdHostkey" ];
-    };
     system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) {
       text = ''
         [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath}
       '';
-      deps = [
-        "etc"
-      ];
+      deps = [ "users" ];
     };
 
     environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) {
-      files = [ hostKeyPathBase ];
+      files = [ hostKeyPath ];
     };
 
-    boot = lib.mkIf (!config.swarselsystems.isLaptop) {
-      kernelParams = lib.mkIf (!config.swarselsystems.isCloud) [
+    boot = lib.mkIf (config.swarselprofiles.server || minimal) {
+      kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [
         "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none"
       ];
       initrd = {
         availableKernelModules = config.swarselsystems.networkKernelModules;
         network = {
           enable = true;
+          udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
           flushBeforeStage2 = true;
           ssh = {
             enable = true;
             port = 2222; # avoid hostkey changed nag
-            authorizedKeys = [
-              ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}''
-              ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}''
+            authorizedKeyFiles = [
+              (self + /secrets/keys/ssh/yubikey.pub)
+              (self + /secrets/keys/ssh/magicant.pub)
             ];
-            hostKeys = [ hostKeyPathBase ];
+            hostKeys = [ hostKeyPath ];
           };
           # postCommands = ''
           #   echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
@@ -9838,24 +8936,23 @@ in
           initrdBin = with pkgs; [
             cryptsetup
           ];
-          # NOTE: the below does put the text into /root/.profile, but the command will not be run
-          # services = {
-          #   unlock-luks = {
-          #     wantedBy = [ "initrd.target" ];
-          #     after = [ "network.target" ];
-          #     before = [ "systemd-cryptsetup@cryptroot.service" ];
-          #     path = [ "/bin" ];
+          services = {
+            unlock-luks = {
+              wantedBy = [ "initrd.target" ];
+              after = [ "network.target" ];
+              before = [ "systemd-cryptsetup@cryptroot.service" ];
+              path = [ "/bin" ];
 
-          #     serviceConfig = {
-          #       Type = "oneshot";
-          #       RemainAfterExit = true;
-          #     };
+              serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+              };
 
-          #     script = ''
-          #       echo "systemctl default" >> /root/.profile
-          #     '';
-          #   };
-          # };
+              script = ''
+                echo "systemctl default" >> /root/.profile
+              '';
+            };
+          };
         };
       };
     };
@@ -9866,9 +8963,9 @@ in
    -
    -
    3.2.3.9. Router
    -
    +
    +
    3.2.3.9. Router
    +
    { lib, config, ... }:
 let
@@ -9934,11 +9031,15 @@ in
 
    3.2.3.10. kavita
    
 
    
 
    
-
    { self, lib, config, pkgs, globals, dns, confLib, ... }:
+
    { self, lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
 
-  inherit (confLib.gen { name = "kavita"; port = 8080; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8080;
+  serviceName = "kavita";
+  serviceUser = "kavita";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9947,10 +9048,6 @@ in
       calibre
     ];
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
     };
@@ -9964,11 +9061,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -9978,7 +9071,7 @@ in
       dataDir = "/Vault/data/${serviceName}";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10012,26 +9105,23 @@ in
 
    3.2.3.11. jellyfin
    
 
    
 
    
-
    { pkgs, lib, config, globals, dns, confLib, ... }:
+
    { pkgs, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "jellyfin"; port = 8096; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8096;
+  serviceName = "jellyfin";
+  serviceUser = "jellyfin";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
     };
-
     nixpkgs.config.packageOverrides = pkgs: {
       intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
     };
-
     hardware.graphics = {
       enable = true;
       extraPackages = with pkgs; [
@@ -10043,11 +9133,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -10055,7 +9141,7 @@ in
       openFirewall = true; # this works only for the default ports
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10090,18 +9176,18 @@ in
 
    3.2.3.12. navidrome
    
 
    
 
    
-
    { pkgs, config, lib, globals, dns, confLib, ... }:
+
    { pkgs, config, lib, globals, ... }:
 let
-  inherit (confLib.gen { name = "navidrome"; port = 4040; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 4040;
+  serviceName = "navidrome";
+  serviceUser = "navidrome";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     environment.systemPackages = with pkgs; [
       pciutils
       alsa-utils
@@ -10131,10 +9217,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.snapserver = {
       enable = true;
@@ -10198,7 +9281,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10260,9 +9343,12 @@ in
 
    3.2.3.13. spotifyd
    
 
    
 
    
-
    { lib, config, confLib, ... }:
+
    { lib, config, ... }:
 let
-  inherit (confLib.gen { name = "spotifyd"; port = 1025; }) servicePort serviceName serviceUser serviceGroup;
+  servicePort = 1025;
+  serviceName = "spotifyd";
+  serviceUser = "spotifyd";
+  serviceGroup = serviceUser;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10316,10 +9402,14 @@ in
 
    3.2.3.14. mpd
    
 
    
 
    
-
    { self, lib, config, pkgs, confLib, ... }:
+
    { self, lib, config, pkgs, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
+
+  servicePort = 3254;
+  serviceUser = "mpd";
+  serviceGroup = serviceUser;
+  serviceName = "mpd";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10414,11 +9504,10 @@ in
 
    3.2.3.16. postgresql
    
 
    
 
    
-
    { config, lib, pkgs, confLib, ... }:
+
    { config, lib, pkgs, ... }:
 let
-  inherit (confLib.gen { name = "postgresql"; port = 3254; }) serviceName;
+  serviceName = "postgresql";
   postgresVersion = 14;
-  postgresDirPrefix = if config.swarselsystems.isCloud then "/var/lib" else "/Vault/data" ;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10427,13 +9516,9 @@ in
       ${serviceName} = {
         enable = true;
         package = pkgs."postgresql_${builtins.toString postgresVersion}";
-        dataDir = "${postgresDirPrefix}/${serviceName}/${builtins.toString postgresVersion}";
+        dataDir = "/Vault/data/${serviceName}/${builtins.toString postgresVersion}";
       };
     };
-    environment.persistence."/persist".directories = lib.mkIf (config.swarselsystems.isImpermanence && config.swarselsystems.isCloud) [
-      { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }
-    ];
-
   };
 }
 
    
@@ -10444,10 +9529,15 @@ in
 
    3.2.3.17. matrix
    
 
    
 
    
-
    { lib, config, pkgs, globals, dns, confLib, ... }:
+
    { lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 8008;
+  serviceName = "matrix";
+  serviceDomain = config.repo.secrets.common.services.domains.matrix;
+  serviceUser = "matrix-synapse";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   federationPort = 8448;
   whatsappPort = 29318;
@@ -10465,11 +9555,6 @@ in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     environment.systemPackages = with pkgs; [
       matrix-synapse
       lottieconverter
@@ -10537,10 +9622,7 @@ in
       };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       postgresql = {
@@ -10739,7 +9821,7 @@ in
     # messages out after a while.
 
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10803,11 +9885,17 @@ in
 
    3.2.3.18. nextcloud
    
 
    
 
    
-
    { pkgs, lib, config, globals, dns, confLib, ... }:
+
    { pkgs, lib, config, globals, ... }:
 let
   inherit (config.repo.secrets.local.nextcloud) adminuser;
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 80;
+  serviceUser = "nextcloud";
+  serviceGroup = serviceUser;
+  serviceName = "nextcloud";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   nextcloudVersion = "32";
 in
@@ -10815,19 +9903,13 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops.secrets = {
       nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
       kanidm-nextcloud-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -10855,7 +9937,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10889,28 +9971,24 @@ in
 
    3.2.3.19. immich
    
 
    
 
    
-
    { lib, pkgs, config, globals, dns, confLib, ... }:
+
    { lib, pkgs, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "immich"; port = 3001; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3001;
+  serviceUser = "immich";
+  serviceName = "immich";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -10924,9 +10002,9 @@ in
       };
     };
 
-    networking.firewall.allowedTCPPorts = [ servicePort ];
+    networking.firewall.allowedTCPPorts = [ 3001 ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -10979,10 +10057,16 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of 
 
    
 
 
    
-
    { lib, pkgs, config, dns, globals, confLib, ... }:
+
    { lib, pkgs, config, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "paperless"; port = 28981; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 28981;
+  serviceUser = "paperless";
+  serviceGroup = serviceUser;
+  serviceName = "paperless";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   tikaPort = 9998;
   gotenbergPort = 3002;
@@ -10992,10 +10076,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
     };
@@ -11007,10 +10087,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -11080,7 +10157,7 @@ in
                      )
     '';
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -11119,9 +10196,10 @@ in
 
    3.2.3.21. transmission
    
 
    
 
    
-
    { self, pkgs, lib, config, confLib, ... }:
+
    { self, pkgs, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "transmission"; }) serviceName serviceDomain;
+  serviceName = "transmission";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   lidarrUser = "lidarr";
   lidarrGroup = lidarrUser;
@@ -11307,12 +10385,17 @@ in
 
    3.2.3.22. syncthing
    
 
    
 
    
-
    { lib, config, globals, dns, confLib, ... }:
+
    { lib, config, configName, globals, ... }:
 let
   inherit (config.swarselsystems.syncthing) serviceDomain;
-  inherit (confLib.gen { name = "syncthing"; port = 8384; }) servicePort serviceName serviceUser serviceGroup serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  inherit (config.swarselsystems.syncthing) serviceIP;
 
-  specificServiceName = "${serviceName}-${config.node.name}";
+  servicePort = 8384;
+  serviceUser = "syncthing";
+  serviceGroup = serviceUser;
+  serviceName = "syncthing";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  specificServiceName = "syncthing-${configName}";
 
   cfg = config.services.${serviceName};
   devices = config.swarselsystems.syncthing.syncDevices;
@@ -11326,6 +10409,10 @@ in
         type = lib.types.str;
         default = config.repo.secrets.common.services.domains.syncthing1;
       };
+      serviceIP = lib.mkOption {
+        type = lib.types.str;
+        default = "${serviceAddress}";
+      };
       syncDevices = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         default = [ "magicant" "winters" "pyramid" "moonside@oracle" ];
@@ -11351,10 +10438,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${specificServiceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${specificServiceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
       group = serviceGroup;
@@ -11365,10 +10448,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${specificServiceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services."${specificServiceName}".domain = serviceDomain;
 
     services.${serviceName} = rec {
       enable = true;
@@ -11424,11 +10504,11 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${specificServiceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "${serviceIP}:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -11459,7 +10539,6 @@ in
 
    
 
    
 This manages backups for my pictures and obsidian files.
-Note: you still need to run restic-<name> init once on the host to get the bucket running.
 
    
 
 
    
@@ -11469,14 +10548,6 @@ let
 in
 {
   options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
-  options.swarselsystems.server.restic = {
-    bucketName = lib.mkOption {
-      type = lib.types.str;
-    };
-    paths = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
-    };
-  };
   config = lib.mkIf config.swarselmodules.server.restic {
 
     sops = {
@@ -11499,10 +10570,20 @@ in
       in
       {
         backups = {
-          "${config.swarselsystems.server.restic.bucketName}" = {
+          SwarselWinters = {
             environmentFile = config.sops.templates."restic-env".path;
             passwordFile = config.sops.secrets.resticpw.path;
-            inherit (config.swarselsystems.server.restic) paths;
+            paths = [
+              "/Vault/data/paperless"
+              "/Vault/data/koillection"
+              "/Vault/data/postgresql"
+              "/Vault/data/firefly-iii"
+              "/Vault/data/radicale"
+              "/Vault/data/matrix-synapse"
+              "/Vault/Eternor/Paperless"
+              "/Vault/Eternor/Bilder"
+              "/Vault/Eternor/Immich"
+            ];
             pruneOpts = [
               "--keep-daily 3"
               "--keep-weekly 2"
@@ -11536,9 +10617,14 @@ This section exposes several metrics that I use to check the health of my server
 
    
 
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3000;
+  serviceUser = "grafana";
+  serviceGroup = serviceUser;
+  serviceName = "grafana";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   prometheusPort = 9090;
   prometheusUser = "prometheus";
@@ -11554,10 +10640,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -11594,11 +10676,7 @@ in
     networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ];
 
     topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -11747,7 +10825,7 @@ in
     };
 
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         "${grafanaUpstream}" = {
           servers = {
@@ -11797,23 +10875,17 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w
 
    
 
 
    
-
    { pkgs, lib, config, globals, dns, confLib, ... }:
+
    { pkgs, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "jenkins"; port = 8088; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8088;
+  serviceName = "jenkins";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
     services.jenkins = {
       enable = true;
       withCLI = true;
@@ -11823,7 +10895,7 @@ in
       home = "/Vault/apps/${serviceName}";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -11862,9 +10934,10 @@ This was an approach of hosting an RSS server from within emacs. That would have
 
    
 
 
    
-
    { lib, config, confLib, ... }:
+
    { lib, config, ... }:
 let
-  inherit (confLib.gen { name = "emacs"; port = 9812; }) servicePort serviceName;
+  serviceName = "emacs";
+  servicePort = 9812;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server";
@@ -11905,9 +10978,14 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
 
    
 
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "freshrss"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 80;
+  serviceName = "freshrss";
+  serviceUser = "freshrss";
+  serviceGroup = serviceName;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   inherit (config.swarselsystems) sopsFile;
 in
@@ -11915,10 +10993,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
       group = serviceGroup;
@@ -11960,10 +11034,7 @@ in
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} =
       let
@@ -11983,7 +11054,7 @@ in
     #   config.sops.templates.freshrss-env.path
     # ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -12021,10 +11092,16 @@ in
 
    3.2.3.28. forgejo (git server)
    
 
    
 
    
-
    { lib, config, pkgs, globals, dns, confLib, ... }:
+
    { lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "forgejo"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 3004;
+  serviceUser = "forgejo";
+  serviceGroup = serviceUser;
+  serviceName = "forgejo";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   kanidmDomain = globals.services.kanidm.domain;
 in
@@ -12032,10 +11109,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
     users.users.${serviceUser} = {
@@ -12049,10 +11122,7 @@ in
       kanidm-forgejo-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -12153,7 +11223,7 @@ in
         '';
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -12188,10 +11258,14 @@ in
 
    3.2.3.29. Anki Sync Server
    
 
    
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "ankisync"; port = 27701; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 27701;
+  serviceName = "ankisync";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   ankiUser = globals.user.name;
 in
@@ -12199,10 +11273,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
     sops.secrets.anki-pw = { inherit sopsFile; owner = "root"; };
@@ -12213,10 +11283,7 @@ in
       info = "https://${serviceDomain}";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.anki-sync-server = {
       enable = true;
@@ -12231,7 +11298,7 @@ in
       ];
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -12279,13 +11346,19 @@ To get other URLs (token, etc.), use 
-
    { self, lib, pkgs, config, globals, dns, confLib, ... }:
+
    { self, lib, pkgs, config, globals, ... }:
 let
   certsSopsFile = self + /secrets/certs/secrets.yaml;
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
 
-  oauth2ProxyDomain = globals.services.oauth2-proxy.domain;
+  servicePort = 8300;
+  serviceUser = "kanidm";
+  serviceGroup = serviceUser;
+  serviceName = "kanidm";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
+  oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
   immichDomain = globals.services.immich.domain;
   paperlessDomain = globals.services.paperless.domain;
   forgejoDomain = globals.services.forgejo.domain;
@@ -12312,10 +11385,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       group = serviceGroup;
       isSystemUser = true;
@@ -12341,10 +11410,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
       files = [
@@ -12352,22 +11418,17 @@ in
         keyPathBase
       ];
     };
-    systemd.services."generateSSLCert-${serviceName}" =
+
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
+    };
+    system.activationScripts."generateSSLCert-${serviceName}" =
       let
         daysValid = 3650;
         renewBeforeDays = 365;
       in
       {
-        before = [ "${serviceName}.service" ];
-        requiredBy = [ "${serviceName}.service" ];
-        after = [ "local-fs.target" ];
-        requires = [ "local-fs.target" ];
-
-        serviceConfig = {
-          Type = "oneshot";
-        };
-
-        script = ''
+        text = ''
           set -eu
 
           ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
@@ -12376,18 +11437,16 @@ in
           ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
 
           need_gen=0
-          if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then
+          if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
             need_gen=1
           else
-            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)"
+            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
             end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
             now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
             seconds_left=$(( end_epoch - now_epoch ))
             days_left=$(( seconds_left / 86400 ))
             if [ "$days_left" -lt ${toString renewBeforeDays} ]; then
               need_gen=1
-            else
-              echo 'Certificate exists and is still valid'
             fi
           fi
 
@@ -12403,58 +11462,12 @@ in
             chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
           fi
         '';
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
       };
 
-
-    # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-    #   deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
-    # };
-    # system.activationScripts."generateSSLCert-${serviceName}" =
-    #   let
-    #     daysValid = 3650;
-    #     renewBeforeDays = 365;
-    #   in
-    #   {
-    #     text = ''
-    #       set -eu
-
-    #       ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
-    #       ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir}
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
-
-    #       need_gen=0
-    #       if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
-    #         need_gen=1
-    #       else
-    #         enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
-    #         end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
-    #         now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
-    #         seconds_left=$(( end_epoch - now_epoch ))
-    #         days_left=$(( seconds_left / 86400 ))
-    #         if [ "$days_left" -lt ${toString renewBeforeDays} ]; then
-    #           need_gen=1
-    #         fi
-    #       fi
-
-    #       if [ "$need_gen" -eq 1 ]; then
-    #         ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \
-    #           -keyout "${keyPath}" \
-    #           -out "${certPath}" \
-    #           -subj "/CN=${serviceDomain}" \
-    #           -addext "subjectAltName=DNS:${serviceDomain}"
-
-    #         chmod 0644 "${certPath}"
-    #         chmod 0600 "${keyPath}"
-    #         chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
-    #       fi
-    #     '';
-    #     deps = [
-    #       "etc"
-    #       (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-    #     ];
-    #   };
-
     services = {
       ${serviceName} = {
         package = pkgs.kanidmWithSecretProvisioning_1_7;
@@ -12661,7 +11674,7 @@ in
       ${serviceName}.serviceConfig.RestartSec = "30";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -12695,9 +11708,13 @@ in
 
    3.2.3.31. oauth2-proxy
    
 
    
 
    
-
    { lib, config, globals, dns, confLib, ... }:
+
    { lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3004;
+  serviceUser = "oauth2-proxy";
+  serviceGroup = serviceUser;
+  serviceName = "oauth2-proxy";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   kanidmDomain = globals.services.kanidm.domain;
   mainDomain = globals.domains.main;
@@ -12816,10 +11833,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         "oauth2-cookie-secret" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -12841,10 +11854,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.oauth2Proxy.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -12895,11 +11905,11 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -12930,9 +11940,14 @@ in
 
    3.2.3.32. Firefly-III
    
 
    
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "firefly-iii"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 80;
+  serviceUser = "firefly-iii";
+  serviceGroup = serviceUser;
+  serviceName = "firefly-iii";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   nginxGroup = "nginx";
 
@@ -12943,10 +11958,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users = {
       groups.${serviceGroup} = { };
       users.${serviceUser} = {
@@ -12967,11 +11978,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -13013,7 +12020,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13053,10 +12060,15 @@ in
 
    3.2.3.33. Koillection
    
 
    
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/Vault/data/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  serviceUser = "koillection";
   serviceDB = "koillection";
+  serviceName = "koillection";
+  servicePort = 2282;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/Vault/data/koillection";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
@@ -13068,10 +12080,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
     sops.secrets = {
       koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; };
       koillection-env-file = { inherit sopsFile; };
@@ -13082,11 +12090,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     virtualisation.oci-containers.containers = {
       koillection = {
@@ -13162,7 +12166,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13198,24 +12202,19 @@ in
 
    3.2.3.34. Atuin
    
 
    
 
    
-
    { lib, config, globals, dns, confLib, ... }:
+
    { lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "atuin"; port = 8888; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8888;
+  serviceName = "atuin";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -13225,7 +12224,7 @@ in
       openRegistration = false;
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13261,21 +12260,23 @@ in
 
    3.2.3.35. Radicale
    
 
    
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "radicale"; port = 8000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
   sopsFile = self + /secrets/winters/secrets2.yaml;
 
+  servicePort = 8000;
+  serviceName = "radicale";
+  serviceUser = "radicale";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
   cfg = config.services.${serviceName};
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
 
@@ -13296,11 +12297,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -13353,7 +12350,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13390,9 +12387,8 @@ in
 
    3.2.3.36. croc
    
 
    
 
    
-
    { self, lib, config, pkgs, dns, globals, confLib, ... }:
+
    { self, lib, config, pkgs, ... }:
 let
-  inherit (confLib.gen { name = "croc"; }) serviceName serviceDomain proxyAddress4 proxyAddress6;
   servicePorts = [
     9009
     9010
@@ -13400,6 +12396,8 @@ let
     9012
     9013
   ];
+  serviceName = "croc";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   inherit (config.swarselsystems) sopsFile;
 
@@ -13409,10 +12407,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         croc-password = { inherit sopsFile; };
@@ -13434,10 +12428,7 @@ in
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -13472,9 +12463,13 @@ in
 
    3.2.3.37. microbin
    
 
    
 
    
-
    { self, lib, config, dns, globals, confLib, ... }:
+
    { self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "microbin"; port = 8777; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8777;
+  serviceName = "microbin";
+  serviceUser = "microbin";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   inherit (config.swarselsystems) sopsFile;
 
@@ -13484,10 +12479,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users = {
       groups.${serviceGroup} = { };
 
@@ -13523,11 +12514,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -13579,11 +12566,11 @@ in
       { directory = cfg.dataDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
     ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -13615,9 +12602,12 @@ in
 
    3.2.3.38. shlink
    
 
    
 
    
-
    { self, lib, config, dns, globals, confLib, ... }:
+
    { self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink";}) servicePort serviceName serviceDomain serviceDir serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8081;
+  serviceName = "shlink";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/shlink";
 
   containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
 
@@ -13629,10 +12619,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         shlink-api = { inherit sopsFile; };
@@ -13698,17 +12684,13 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -13744,9 +12726,12 @@ Deployment notes:
 
 
 
    
-
    { self, lib, config, dns, globals, confLib, ... }:
+
    { self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink";}) servicePort serviceName serviceDomain serviceDir serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3000;
+  serviceName = "slink";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/slink";
 
   containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
 in
@@ -13756,10 +12741,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     virtualisation.oci-containers.containers.${serviceName} = {
       image = "anirdev/slink@${containerRev}";
       environment = {
@@ -13804,17 +12785,13 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/shlink.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
@@ -13848,23 +12825,25 @@ in
 
    3.2.3.40. Snipe-IT
    
 
    
 
    
-
    { self, lib, config, globals, dns, confLib, ... }:
+
    { self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "snipeit"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
   sopsFile = self + /secrets/winters/secrets2.yaml;
 
   serviceDB = "snipeit";
 
+  servicePort = 80;
+  serviceName = "snipeit";
+  serviceUser = "snipeit";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
   mysqlPort = 3306;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         snipe-it-appkey = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -13872,11 +12851,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.snipe-it = {
       enable = true;
@@ -13895,7 +12870,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13929,24 +12904,19 @@ in
 
    3.2.3.41. Homebox
    
 
    
 
    
-
    { lib, pkgs, config, globals, dns, confLib, ... }:
+
    { lib, pkgs, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "homebox"; port = 7745; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 7745;
+  serviceName = "homebox";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -13962,7 +12932,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -13992,13 +12962,15 @@ in
 
    
 
    
 
    
-
    
-
    3.2.3.42. OPKSSH
    
-
    
+
    
+
    3.2.3.42. OPKSSH
    
+
    
 
    
-
    { lib, config, globals, confLib, ... }:
+
    { lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "opkssh"; user = "opksshuser"; group = "opksshuser"; }) serviceName serviceUser serviceGroup;
+  serviceName = "opkssh";
+  serviceUser = "opksshuser";
+  serviceGroup = serviceUser;
 
   kanidmDomain = globals.services.kanidm.domain;
 
@@ -14036,885 +13008,92 @@ in
 
    
 
    
 
    
-
    
-
    3.2.3.43. Garage
    
-
    
-
    
-Garage acts as my s3 endpoint. I use it on two of my servers:
-
    
-
-
+
    
+
    3.2.3.43. Garage
    
+
    
 
    
 Generate the admin token using openssl rand -base64 32.
 Generate the rpc token using openssl rand -hex 32.
 
    
 
-
    
-If a website is to be deployed using a s3 bucket, add the corresponding files in one of two ways:
-
    
-
-
    
-either 1) use vhost addressing: aws s3 cp <local file> s3://<path to file; no bucket identifier needed> --endpoint-url https://<bucket>.<garage domain> --region swarsel
-
    
-
-
    
-or 2) use classic path addressing aws s3 cp <local file> s3://<bucket>/<path to file> --endpoint-url https://<garage domain> --region swarsel
-
    
-
 
    
-
    # inspired by https://github.com/atropos112/nixos/blob/7fef652006a1c939f4caf9c8a0cb0892d9cdfe21/modules/garage.nix
-{ lib, pkgs, config, globals, dns, confLib, ... }:
+
    { self, lib, pkgs, config, configName, globals, ... }:
 let
-  inherit (confLib.gen {
-    name = "garage";
-    port = 3900;
-    domain = config.repo.secrets.common.services.domains."garage-${config.node.name}";
-  }) servicePort serviceName specificServiceName serviceDomain subDomain baseDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  sopsFile = self + /secrets/${configName}/secrets2.yaml;
 
-  cfg = lib.recursiveUpdate config.services.${serviceName} config.swarselsystems.server.${serviceName};
-  inherit (config.swarselsystems) sopsFile mainUser;
+  serviceName = "garage";
+  servicePort = 3900;
+  serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
-  # needs SSD
+  cfg = config.services.${serviceName};
   metadata_dir = "/var/lib/garage/meta";
-  # metadata_dir = if config.swarselsystems.isCloud then "/var/lib/garage/meta" else "/Vault/data/garage/meta";
-
-  garageRpcPort = 3901;
-  garageWebPort = 3902;
-  garageAdminPort = 3903;
-  garageK2VPort = 3904;
-
-  adminDomain = "${subDomain}admin.${baseDomain}";
-  webDomain = "${subDomain}web.${baseDomain}";
 in
 {
   options = {
     swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
     swarselsystems.server.${serviceName} = {
-      data_dir = {
-        path = lib.mkOption {
-          type = lib.types.str;
-          description = "Directory where Garage stores its metadata";
-        };
-        capacity = lib.mkOption {
-          type = lib.types.str;
-        };
-      };
-      buckets = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-        description = "List of buckets to create";
-      };
-      keys = lib.mkOption {
-        type = lib.types.attrsOf (lib.types.listOf lib.types.str);
-        default = { };
-        description = "Keys and their associated buckets. Each key gets full access (read/write/owner) to its listed buckets.";
-        example = {
-          my_key_name = [ "bucket1" "bucket2" ];
-          my_other_key = [ "bucket2" "bucket3" ];
-        };
+      data_dir = lib.mkOption {
+        type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs);
+        default = "/var/lib/garage/data";
       };
     };
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-    assertions = [
-      {
-        assertion = config.swarselsystems.server.${serviceName}.buckets != [ ];
-        message = "If Garage is enabled, at least one bucket must be specified in atro.garage.buckets";
-      }
-      {
-        assertion = builtins.length (lib.attrsToList config.swarselsystems.server.${serviceName}.keys) > 0;
-        message = "If Garage is enabled, at least one key must be specified in atro.garage.keys";
-      }
-      {
-        assertion =
-          let
-            allKeyBuckets = lib.flatten (lib.attrValues config.swarselsystems.server.${serviceName}.keys);
-            invalidBuckets = builtins.filter (bucket: !(lib.elem bucket config.swarselsystems.server.${serviceName}.buckets)) allKeyBuckets;
-          in
-          invalidBuckets == [ ];
-        message = "All buckets referenced in keys must exist in the buckets list";
-      }
-    ];
-
-    swarselsystems.server.dns.${baseDomain}.subdomainRecords = {
-      "${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "${subDomain}admin" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "*.${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "*.${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
 
     sops = {
       secrets.garage-admin-token = { inherit sopsFile; };
       secrets.garage-rpc-secret = { inherit sopsFile; };
     };
 
-    # DynamicUser cannot read above secrets
-    systemd.services.${serviceName}.serviceConfig = {
-      DynamicUser = false;
-      ProtectHome = lib.mkForce false;
-    };
-
     environment = {
       persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-        { directory = "/var/lib/garage"; }
-        (lib.mkIf config.swarselsystems.isCloud { directory = config.swarselsystems.server.${serviceName}.data_dir.path; })
+        { directory = metadata_dir; }
       ];
       systemPackages = [
         cfg.package
       ];
     };
 
-    globals.services.${specificServiceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
+    systemd.services.${serviceName}.serviceConfig = {
+      DynamicUser = false;
+      ProtectHome = lib.mkForce false;
     };
 
-
     services.${serviceName} = {
       enable = true;
       package = pkgs.garage_2;
       settings = {
-        data_dir = [ config.swarselsystems.server.${serviceName}.data_dir ];
+        inherit (config.swarselsystems.${serviceName}) data_dir;
         inherit metadata_dir;
         db_engine = "lmdb";
-        block_size = "128M";
+        block_size = "1MiB";
         use_local_tz = false;
-        disable_scrub = true;
-        replication_factor = 1;
-        compression_level = "none";
 
-        rpc_bind_addr = "[::]:${builtins.toString garageRpcPort}";
-        # we are not joining our nodes, just use the private ipv4
-        rpc_public_addr = "${globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}".hosts.${config.node.name}.ipv4}:${builtins.toString garageRpcPort}";
+        replication_factor = 2; # Number of copies of data
 
+        rpc_bind_addr = "[::]:3901";
+        rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317";
         rpc_secret_file = config.sops.secrets.garage-rpc-secret.path;
 
         s3_api = {
-          s3_region = mainUser;
-          api_bind_addr = "[::]:${builtins.toString servicePort}";
-          root_domain = ".${serviceDomain}";
-        };
-
-        s3_web = {
-          bind_addr = "[::]:${builtins.toString garageWebPort}";
-          root_domain = ".${config.repo.secrets.common.services.domains."garage-web-${config.node.name}"}";
-          add_host_to_metrics = true;
+          s3_region = "swarsel";
+          api_bind_addr = "0.0.0.0:${builtins.toString servicePort}";
+          root_domain = ".s3.garage.localhost";
         };
 
         admin = {
-          api_bind_addr = "[::]:${builtins.toString garageAdminPort}";
+          api_bind_addr = "0.0.0.0:3903";
           admin_token_file = config.sops.secrets.garage-admin-token.path;
         };
 
         k2v_api = {
-          api_bind_addr = "[::]:${builtins.toString garageK2VPort}";
+          api_bind_addr = "[::]:3904";
         };
       };
     };
 
-
-    systemd.services = {
-      garage-buckets = {
-        description = "Create Garage buckets";
-        after = [ "garage.service" ];
-        wants = [ "garage.service" ];
-        wantedBy = [ "multi-user.target" ];
-
-        path = [ cfg.package pkgs.gawk pkgs.coreutils ];
-
-        serviceConfig = {
-          Type = "oneshot";
-          RemainAfterExit = true;
-          User = "root";
-          Group = "root";
-        };
-
-        script = ''
-          garage status
-
-          # Checking repeatedly with garage status until getting 0 exit code
-          while ! garage status >/dev/null 2>&1; do
-            echo "Garage not yet operational, waiting..."
-            echo "Current garage status output:"
-            garage status 2>&1 || true
-            echo "---"
-            sleep 5
-          done
-
-          # Now we check if garage status shows any failed nodes by checking for ==== FAILED NODES ====
-          while garage status | grep -q "==== FAILED NODES ===="; do
-            echo "Garage has failed nodes, waiting..."
-            echo "Current garage status output:"
-            garage status 2>&1 || true
-            echo "---"
-            sleep 5
-          done
-
-          echo "Garage is operational, proceeding with bucket management."
-
-          # Get list of existing buckets
-          existing_buckets=$(garage bucket list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true)
-
-          # Create buckets that should exist
-          ${lib.concatMapStringsSep "\n" (bucket: ''
-              if [[ "$(garage bucket info ${lib.escapeShellArg bucket} 2>&1 >/dev/null)" == *"Bucket not found"* ]]; then
-                echo "Creating bucket ${lib.escapeShellArg bucket}"
-                garage bucket create ${lib.escapeShellArg bucket}
-              else
-                echo "Bucket ${lib.escapeShellArg bucket} already exists"
-              fi
-            '')
-            cfg.buckets}
-
-          # Remove buckets that shouldn't exist
-          for bucket in $existing_buckets; do
-            should_exist=false
-            ${lib.concatMapStringsSep "\n" (bucket: ''
-              if [[ "$bucket" == ${lib.escapeShellArg bucket} ]]; then
-                should_exist=true
-              fi
-            '')
-            cfg.buckets}
-
-            if [[ "$should_exist" == "false" ]]; then
-              echo "Removing bucket $bucket"
-              garage bucket delete --yes "$bucket"
-            fi
-          done
-        '';
-      };
-
-      garage-keys = {
-        description = "Create Garage keys and set permissions";
-        after = [ "garage-buckets.service" ];
-        wants = [ "garage-buckets.service" ];
-        requires = [ "garage-buckets.service" ];
-        wantedBy = [ "multi-user.target" ];
-
-        path = [ cfg.package pkgs.gawk pkgs.coreutils ];
-
-        serviceConfig = {
-          Type = "oneshot";
-          RemainAfterExit = true;
-          User = "root";
-          Group = "root";
-        };
-
-        script = ''
-          garage key list
-          echo "Managing keys..."
-
-          # Get list of existing keys
-          existing_keys=$(garage key list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true)
-
-          # Create keys that should exist
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: ''
-              if [[ "$(garage key info ${lib.escapeShellArg keyName} 2>&1)" == *"0 matching keys"* ]]; then
-                echo "Creating key ${lib.escapeShellArg keyName}"
-                garage key create ${lib.escapeShellArg keyName}
-              else
-                echo "Key ${lib.escapeShellArg keyName} already exists"
-              fi
-            '')
-            cfg.keys)}
-
-          # Set up key permissions for buckets
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (
-              keyName: buckets:
-                lib.concatMapStringsSep "\n" (bucket: ''
-                  echo "Granting full access to key ${lib.escapeShellArg keyName} for bucket ${lib.escapeShellArg bucket}"
-                  garage bucket allow --read --write --owner --key ${lib.escapeShellArg keyName} ${lib.escapeShellArg bucket}
-                '')
-                buckets
-            )
-            cfg.keys)}
-
-          # Remove permissions from buckets that are no longer associated with keys
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: buckets: ''
-              # Get current buckets this key has access to
-              current_buckets=$(garage key info ${lib.escapeShellArg keyName} | grep -A 1000 "==== BUCKETS FOR THIS KEY ====" | tail -n +3 | awk '{print $3}' | grep -v '^$' || true)
-
-              # Remove access from buckets not in the desired list
-              for current_bucket in $current_buckets; do
-                should_have_access=false
-                ${lib.concatMapStringsSep "\n" (bucket: ''
-                  if [[ "$current_bucket" == ${lib.escapeShellArg bucket} ]]; then
-                    should_have_access=true
-                  fi
-                '')
-                buckets}
-
-                if [[ "$should_have_access" == "false" ]]; then
-                  echo "Removing access for key ${lib.escapeShellArg keyName} from bucket $current_bucket"
-                  garage bucket deny --key ${lib.escapeShellArg keyName} $current_bucket
-                fi
-              done
-            '')
-            cfg.keys)}
-
-          # Remove keys that shouldn't exist
-          for key in $existing_keys; do
-            should_exist=false
-            ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: ''
-              if [[ "$key" == ${lib.escapeShellArg keyName} ]]; then
-                should_exist=true
-              fi
-            '')
-            cfg.keys)}
-
-            if [[ "$should_exist" == "false" ]]; then
-              echo "Removing key $key"
-              garage key delete --yes "$key"
-            fi
-          done
-        '';
-      };
-    };
-
-    security.acme.certs."${webDomain}" = {
-      domain = "*.${webDomain}";
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
-      upstreams = {
-        ${serviceName} = {
-          servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
-          };
-        };
-        "${serviceName}Web" = {
-          servers = {
-            "${serviceAddress}:${builtins.toString garageWebPort}" = { };
-          };
-        };
-        "${serviceName}Admin" = {
-          servers = {
-            "${serviceAddress}:${builtins.toString garageAdminPort}" = { };
-          };
-        };
-      };
-      virtualHosts = {
-        "${adminDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}Admin";
-            };
-          };
-        };
-        "*.${webDomain}" = {
-          useACMEHost = webDomain;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}Web";
-            };
-          };
-        };
-        "${serviceDomain}" = {
-          serverAliases = [ "*.${serviceDomain}" ];
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}";
-              extraConfig = ''
-                client_max_body_size 0;
-              '';
-            };
-          };
-        };
-      };
-    };
-
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.44. nsd (dns)
    
-
    
-
    
-
    { inputs, lib, config, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "nsd"; port = 53; }) serviceName;
-  # servicePort = 53;
-  # serviceDomain = config.repo.secrets.common.services.domains."${serviceName}";
-  # serviceAddress = globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}".hosts.${config.node.name}.ipv4;
-
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-    swarselsystems.server.dns = lib.mkOption {
-      type = lib.types.attrsOf (
-        lib.types.submodule {
-          options = {
-            subdomainRecords = lib.mkOption {
-              type = lib.types.attrsOf inputs.dns.subzone;
-              default = { };
-            };
-          };
-        }
-      );
-    };
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-    services.nsd = {
-      enable = true;
-      zones = {
-        "${globals.domains.main}" = {
-          # provideXFR = [ ... ];
-          # notify = [ ... ];
-          data = dns.lib.toString "${globals.domains.main}" (import ./site1.nix { inherit config globals dns; });
-        };
-      };
-    };
-
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.45. nsd (dns) - site1
    
-
    
-
    
-
    { config, globals, dns, ... }:
-with dns.lib.combinators; {
-  SOA = {
-    nameServer = "soa";
-    adminEmail = "admin@${globals.domains.main}";
-    serial = 2025112101;
-  };
-
-  useOrigin = false;
-
-  NS = [
-    "soa.${globals.domains.name}."
-    "ns1.he.net"
-    "ns2.he.net"
-    "ns3.he.net"
-    "ns4.he.net"
-    "ns5.he.net"
-    "oxygen.ns.hetzner.com"
-    "pola.ns.cloudflare.com"
-  ];
-
-  A = [ "75.2.60.5" ];
-
-  SRV = [
-    {
-      service = "_matrix";
-      proto = "_tcp";
-      port = 443;
-      target = "${globals.services.matrix.baseDomain}.${globals.domains.main}";
-      priority = 10;
-      wweight = 5;
-    }
-    {
-      service = "_submissions";
-      proto = "_tcp";
-      port = 465;
-      target = "${globals.services.mailserver.baseDomain}.${globals.domains.main}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_submission";
-      proto = "_tcp";
-      port = 587;
-      target = "${globals.services.mailserver.baseDomain}.${globals.domains.main}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_imap";
-      proto = "_tcp";
-      port = 143;
-      target = "${globals.services.mailserver.baseDomain}.${globals.domains.main}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_imaps";
-      proto = "_tcp";
-      port = 993;
-      target = "${globals.services.mailserver.baseDomain}.${globals.domains.main}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-  ];
-
-  MX = [
-    {
-      preference = 10;
-      exchange = "${globals.services.mailserver.baseDomain}.${globals.domains.main}";
-    }
-  ];
-
-  CNAME = [
-    {
-      cname = "www.${glovals.domains.main}";
-    }
-  ];
-
-  DKIM = [
-    {
-    selector = "mail";
-      k = "rsa";
-      p = config.repo.secrets.local.dns.mailserver.dkim-public;
-      ttl = 10800;
-    }
-  ];
-
-  DMARC = [
-    {
-      p = "none";
-      ttl = 10800;
-    }
-  ];
-
-  TXT = [
-    (with spf; strict [ "a:${globals.services.mailserver.baseDomain}.${globals.domains.main}" ])
-    "google-site-verification=${config.repo.secrets.local.dns.google-site-verification}"
-  ];
-
-  DMARC = [
-    {
-    selector = "mail";
-      k = "rsa";
-      p = "none";
-      ttl = 10800;
-    }
-  ];
-
-  subdomains = config.swarselsystems.server.dns.${globals.domain.main}.subdomainRecords // {
-    "minecraft" = host "130.61.119.12" null;
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.46. Minecraft
    
-
    
-
    
-
    { lib, config, pkgs, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "minecraft"; port = 25565; dir = "/opt/minecraft"; }) serviceName servicePort serviceDir serviceDomain proxyAddress4 proxyAddress6;
-  inherit (config.swarselsystems) mainUser;
-  worldName = "${mainUser}craft";
-in
-{
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    networking.firewall.allowedTCPPorts = [ servicePort ];
-
-    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-      { directory = serviceDir; mode = "0755"; }
-    ];
-
-    systemd.services.minecraft-swarselcraft = {
-      description = "Minecraft Server";
-      wants = [ "network-online.target" ];
-      after = [ "network-online.target" ];
-
-      serviceConfig = {
-        User = "root";
-        WorkingDirectory = "${serviceDir}/${worldName}";
-
-        ExecStart = "${lib.getExe pkgs.temurin-jre-bin-17} @user_jvm_args.txt @libraries/net/minecraftforge/forge/1.20.1-47.2.20/unix_args.txt nogui";
-
-        Restart = "always";
-        RestartSec = 30;
-        StandardInput = "null";
-      };
-
-      wantedBy = [ "multi-user.target" ];
-    };
-
-
-  };
-
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.47. Mailserver
    
-
    
-
    
-
    { lib, config, globals, dns, confLib, ... }:
-let
-  inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceDomain serviceProxy proxyAddress4 proxyAddress6;
-  inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 user3;
-  baseDomain = globals.domains.main;
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    sops.secrets = {
-      user1-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-      user2-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-      user3-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-    };
-
-    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-      { directory = "/var/vmail"; user = serviceUser; group = serviceGroup; mode = "0770"; }
-      { directory = "/var/sieve"; user = serviceUser; group = serviceGroup; mode = "0770"; }
-      { directory = "/var/dkim"; user = "rspamd"; group = "rspamd"; mode = "0700"; }
-      { directory = serviceDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
-      { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }
-      { directory = "/var/lib/rspamd"; user = "rspamd"; group = "rspamd"; mode = "0700"; }
-      { directory = "/var/lib/roundcube"; user = "roundcube"; group = "roundcube"; mode = "0700"; }
-      { directory = "/var/lib/redis-rspamd"; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
-      { directory = "/var/lib/postfix"; user = "root"; group = "root"; mode = "0755"; }
-      { directory = "/var/lib/knot-resolver"; user = "knot-resolver"; group = "knot-resolver"; mode = "0770"; }
-    ];
-
-    mailserver = {
-      enable = true;
-      stateVersion = 3;
-      fqdn = serviceDomain;
-      domains = [ baseDomain ];
-      indexDir = "${serviceDir}/indices";
-      openFirewall = true;
-      certificateScheme = "acme";
-      dmarcReporting.enable = true;
-
-      loginAccounts = {
-        "${user1}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user1-hashed-pw.path;
-          aliases = [
-            "${alias1_1}@${baseDomain}"
-            "${alias1_2}@${baseDomain}"
-            "${alias1_3}@${baseDomain}"
-            "${alias1_4}@${baseDomain}"
-          ];
-        };
-        "${user2}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user2-hashed-pw.path;
-          aliases = [
-            "${alias2_1}@${baseDomain}"
-          ];
-          sendOnly = true;
-        };
-        "${user3}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user3-hashed-pw.path;
-          aliases = [
-            "@${baseDomain}"
-          ];
-          catchAll = [
-            baseDomain
-          ];
-        };
-      };
-    };
-
-    services.roundcube = {
-      enable = true;
-      # this is the url of the vhost, not necessarily the same as the fqdn of
-      # the mailserver
-      hostName = serviceDomain;
-      extraConfig = ''
-        $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
-        $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
-        $config['smtp_user'] = "%u";
-        $config['smtp_pass'] = "%p";
-      '';
-      configureNginx = true;
-    };
-
-    # the rest of the ports are managed by snm
-    networking.firewall.allowedTCPPorts = [ 80 servicePort ];
-
-    nodes.${serviceProxy}.services.nginx = {
-      virtualHosts = {
-        "${serviceDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          locations = {
-            "/".recommendedSecurityHeaders = false;
-            "~ ^/(SQL|bin|config|logs|temp|vendor)/".recommendedSecurityHeaders = false;
-            "~ ^/(CHANGELOG.md|INSTALL|LICENSE|README.md|SECURITY.md|UPGRADING|composer.json|composer.lock)".recommendedSecurityHeaders = false;
-            "~* \\.php(/|$)".recommendedSecurityHeaders = false;
-          };
-        };
-      };
-    };
-
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.48. Attic (nix binary cache)
    
-
    
-
    
-Generate the attic server token using openssl genrsa -traditional 4096 | base64 -w0
-
    
-
-
    
-$ attic login local http://localhost:8080 eyJ…
-✍️ Configuring server "local"
-
    
-
-
    
-$ attic cache create hello
-✨ Created cache "hello" on "local"
-
    
-
-
    
-
    { lib, config, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "attic"; port = 8091; }) serviceName serviceDir servicePort serviceAddress serviceDomain serviceProxy proxyAddress4 proxyAddress6;
-  inherit (config.swarselsystems) mainUser isPublic sopsFile;
-  serviceDB = "atticd";
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    sops = lib.mkIf (!isPublic) {
-      secrets = {
-        attic-server-token = { inherit sopsFile; };
-        attic-garage-access-key = { inherit sopsFile; };
-        attic-garage-secret-key = { inherit sopsFile; };
-      };
-      templates = {
-        "attic.env" = {
-          content = ''
-            ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder.attic-server-token}
-            AWS_ACCESS_KEY_ID=${config.sops.placeholder.attic-garage-access-key}
-            AWS_SECRET_ACCESS_KEY=${config.sops.placeholder.attic-garage-secret-key}
-          '';
-        };
-      };
-    };
-
-    services.atticd = {
-      enable = true;
-      environmentFile = config.sops.templates."attic.env".path;
-      settings = {
-        listen = "[::]:${builtins.toString servicePort}";
-        api-endpoint = "https://${serviceDomain}/";
-        allowed-hosts = [
-          serviceDomain
-        ];
-        require-proof-of-possession = false;
-        compression = {
-          type = "zstd";
-          level = 3;
-        };
-        database.url = "postgresql:///atticd?host=/run/postgresql";
-
-        storage =
-          if config.swarselmodules.server.garage then {
-            type = "s3";
-            region = mainUser;
-            bucket = serviceName;
-            # attic must be patched to never serve pre-signed s3 urls directly
-            # otherwise it will redirect clients to this localhost endpoint
-            endpoint = "http://127.0.0.1:3900";
-          } else {
-            type = "local";
-            path = serviceDir;
-            # attic must be patched to never serve pre-signed s3 urls directly
-            # otherwise it will redirect clients to this localhost endpoint
-          };
-
-        garbage-collection = {
-          interval = "1 day";
-          default-retention-period = "3 months";
-        };
-
-        chunking = {
-          nar-size-threshold = if config.swarselmodules.server.garage then 0 else 64 * 1024; # 64 KiB
-
-          min-size = 16 * 1024; # 16 KiB
-          avg-size = 64 * 1024; # 64 KiB
-          max-size = 256 * 1024; # 256 KiBize = 262144;
-        };
-      };
-    };
-
-    services.postgresql = {
-      enable = true;
-      enableTCPIP = true;
-      ensureDatabases = [ serviceDB ];
-      ensureUsers = [
-        {
-          name = serviceDB;
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    systemd.services.atticd = lib.mkIf config.swarselmodules.server.garage {
-      requires = [ "garage.service" ];
-      after = [ "garage.service" ];
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
@@ -14931,9 +13110,6 @@ in
           locations = {
             "/" = {
               proxyPass = "http://${serviceName}";
-              extraConfig = ''
-                client_max_body_size 0;
-              '';
             };
           };
         };
@@ -15568,9 +13744,9 @@ in
 
    
 
    
 
    
-
    
-
    3.2.5.11. microvm-host
    
-
    
+
    
+
    3.2.5.11. microvm-host
    
+
    
 
    
 Some standard options that should be set for every microvm host.
 
    
@@ -15596,9 +13772,9 @@ Some standard options that should be set for every microvm host.
 
    
 
    
 
    
-
    
-
    3.2.5.12. microvm-guest
    
-
    
+
    
+
    3.2.5.12. microvm-guest
    
+
    
 
    
 Some standard options that should be set vor every microvm guest. We set the default
 
    
@@ -15642,9 +13818,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.1. Steps to setup/upgrade home-manager only
    
-
    
+
    
+
    3.3.1. Steps to setup/upgrade home-manager only
    
+
    
 
    
 Steps to get a home-manager only setup up and running:
 
    
@@ -15727,17 +13903,16 @@ in
 
    
 
    
 
    
-
    3.3.2.3. General home-manager-settings (nix)
    
+
    3.3.2.3. General home-manager-settings
    
 
    
 
    
 Again, we adapt nix to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same.
 
    
 
 
    
-
    { self, outputs, lib, pkgs, config, globals, confLib, ... }:
+
    { self, outputs, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser flakePath isNixos isLinux;
-  inherit (confLib.getConfig.repo.secrets.common) atticPublicKey;
 in
 {
   options.swarselmodules.general = lib.mkEnableOption "general nix settings";
@@ -15759,7 +13934,7 @@ in
             };
           in
           ''
-            plugin-files = ${nix-plugins}/lib/nix/plugins
+                  plugin-files = ${nix-plugins}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '';
         settings = {
@@ -15770,12 +13945,6 @@ in
             "cgroups"
             "pipe-operators"
           ];
-          substituters = [
-            "https://${globals.services.attic.domain}/${mainUser}"
-          ];
-          trusted-public-keys = [
-            atticPublicKey
-          ];
           trusted-users = [ "@wheel" "${mainUser}" ];
           connect-timeout = 5;
           bash-prompt-prefix = "$SHLVL:\\w ";
@@ -15950,9 +14119,6 @@ This holds packages that I can use as provided, or with small modifications (as
       # ssh login using idm
       opkssh
 
-      # cache
-      attic-client
-
       # dict
       (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
 
@@ -15988,6 +14154,7 @@ This holds packages that I can use as provided, or with small modifications (as
       nix-inspect
       nixpkgs-review
       manix
+      comma
 
       # shellscripts
       shfmt
@@ -16197,8 +14364,8 @@ in
     options.swarselmodules.sops = lib.mkEnableOption "sops settings";
     config = lib.optionalAttrs (inputs ? sops)  {
       sops = {
-        age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ];
-        defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml";
+        age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
+        defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
         validateSopsFiles = false;
       };
@@ -16512,7 +14679,6 @@ in
     } // (lib.optionalAttrs (!isPublic) { });
     systemd.user.sessionVariables = {
       DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
-      FLAKE = "${config.home.homeDirectory}/.dotfiles";
     } // lib.optionalAttrs (!isPublic) {
       SWARSEL_MAIL1 = address1;
       SWARSEL_MAIL2 = address2;
@@ -16643,7 +14809,7 @@ This section is for programs that require no further configuration. zsh Integrat
 
    3.3.2.14. nix-index
    
 
    
 
    
-nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. This also uses the nix-index-with-full-db from the nix-index-database input thanks to its overlay.
+nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.
 
    
 
 
    
@@ -16663,23 +14829,21 @@ nix-index provides a way to find out which packages are provided by which deriva
       in
 
         {
-
           enable = true;
           package = pkgs.symlinkJoin {
             name = "nix-index";
             paths = [ commandNotFound ];
           };
         };
-    programs.nix-index-database.comma.enable = true;
   };
 }
 
    
 
    
 
    
 
    
-
    
-
    3.3.2.15. nix-your-shell
    
-
    
+
    
+
    3.3.2.15. nix-your-shell
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -16787,7 +14951,6 @@ in
     programs.atuin = {
       enable = true;
       enableZshIntegration = true;
-      enableBashIntegration = true;
       settings = {
         auto_sync = true;
         sync_frequency = "5m";
@@ -17187,10 +15350,7 @@ in
         };
         history = {
           expireDuplicatesFirst = true;
-          append = true;
-          ignoreSpace = true;
-          ignoreDups = true;
-          path = "${config.home.homeDirectory}/.histfile";
+          path = "$HOME/.histfile";
           save = 100000;
           size = 100000;
         };
@@ -17266,40 +15426,12 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.25. bash
    
-
    
-
    
-
    { config, lib, ... }:
-{
-  options.swarselmodules.bash = lib.mkEnableOption "bash settings";
-  config = lib.mkIf config.swarselmodules.bash {
-
-    programs.bash = {
-      enable = true;
-      # needed for remote builders
-      bashrcExtra = lib.mkIf (!config.swarselsystems.isNixos) ''
-        export PATH="/nix/var/nix/profiles/default/bin:$PATH"
-      '';
-      historyFile = "${config.home.homeDirectory}/.histfile";
-      historySize = 100000;
-      historyFileSize = 100000;
-      historyControl = [
-        "ignoreboth"
-      ];
-    };
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.3.2.26. zellij
    
-
    
+
    
+
    3.3.2.25. zellij
    
+
    
 
    
 
    
-
    3.3.2.26.1. Main config
    
+
    3.3.2.25.1. Main config
    
 
    
 
    
 
    { self, lib, config, pkgs, ... }:
@@ -17363,9 +15495,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.26.2. Keybinds
    
-
    
+
    
+
    3.3.2.25.2. Keybinds
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -18517,7 +16649,7 @@ in
 
    
 
    
 
    
-
    3.3.2.27. tmux
    
+
    3.3.2.26. tmux
    
 
    
 
    
 
    { lib, config, pkgs, ... }:
@@ -18626,16 +16758,16 @@ in
 
    
 
    
 
    
-
    3.3.2.28. Mail
    
+
    3.3.2.27. Mail
    
 
    
 
    
 Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
 
    
 
 
    
-
    { lib, config, inputs, globals, nixosConfig ? config, ... }:
+
    { lib, config, inputs, nixosConfig ? config, ... }:
 let
-  inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4;
+  inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
   inherit (nixosConfig.repo.secrets.common) fullName;
   inherit (config.swarselsystems) xdgDir;
 in
@@ -18758,43 +16890,24 @@ in
             maildirBasePath = "Mail";
             accounts = {
               swarsel = {
-                imap = {
-                  host = globals.services.mailserver.domain;
-                  port = 993;
-                  tls.enable = true; # SSL/TLS
-                };
-                smtp = {
-                  host = globals.services.mailserver.domain;
-                  port = 465;
-                  tls.enable = true; # SSL/TLS
-                };
-                thunderbird = {
-                  enable = true;
-                  profiles = [ "default" ];
-                };
                 address = address4;
-                userName = address4;
+                userName = address4-user;
                 realName = fullName;
                 passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
-                mu.enable = true;
+                smtp = {
+                  host = address4-host;
+                  port = 587;
+                  tls = {
+                    enable = true;
+                    useStartTls = true;
+                  };
+                };
+                mu.enable = false;
                 msmtp = {
                   enable = true;
                 };
                 mbsync = {
-                  enable = true;
-                  create = "maildir";
-                  expunge = "both";
-                  patterns = [ "*" ];
-                  extraConfig = {
-                    channel = {
-                      Sync = "All";
-                    };
-                    account = {
-                      Timeout = 120;
-                      PipelineDepth = 1;
-                      AuthMechs = "LOGIN";
-                    };
-                  };
+                  enable = false;
                 };
               };
 
@@ -18849,7 +16962,7 @@ in
 
    
 
    
 
    
-
    3.3.2.29. Home-manager: Emacs
    
+
    3.3.2.28. Home-manager: Emacs
    
 
    
 
    
 By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my init.el file to the configuration which will then be parsed upon system rebuild, looking for use-package sections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such as tree-sitter support are enabled by default, so I do not need to adjust the build process.
@@ -18971,14 +17084,12 @@ in
       secrets = {
         fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
         emacs-radicale-pw = { };
-        github-forge-token = { };
       };
       templates = {
         authinfo = {
           path = "${homeDir}/.emacs.d/.authinfo";
           content = ''
             machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
-            machine api.github.com login ${mainUser}^forge password ${config.sops.placeholder.github-forge-token}
           '';
         };
       };
@@ -18991,7 +17102,7 @@ in
 
    
 
    
 
    
-
    3.3.2.30. Waybar
    
+
    3.3.2.29. Waybar
    
 
    
 
    
 Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores)
@@ -19347,7 +17458,7 @@ in
 
    
 
    
 
    
-
    3.3.2.31. Firefox
    
+
    3.3.2.30. Firefox
    
 
    
 
    
 Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely tridactyl and browserpass.
@@ -19526,14 +17637,14 @@ I used to build the firefox addon bypass-paywalls-clean myself here
 
    
 
    
 
    
-
    3.3.2.32. Services
    
+
    3.3.2.31. Services
    
 
    
 
    
 Services that can be defined through home-manager should be defined here.
 
    
 
    
 
    
-
    3.3.2.32.1. gnome-keyring
    
+
    3.3.2.31.1. gnome-keyring
    
 
    
 
    
 Used for storing sessions in e.g. Nextcloud
@@ -19554,7 +17665,7 @@ Used for storing sessions in e.g. Nextcloud
 
    
 
    
 
    
-
    3.3.2.32.2. KDE Connect
    
+
    3.3.2.31.2. KDE Connect
    
 
    
 
    
 This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control).
@@ -19577,7 +17688,7 @@ This enables phone/computer communication, including sending clipboard, files et
 
    
 
    
 
    
-
    3.3.2.32.3. Mako
    
+
    3.3.2.31.3. Mako
    
 
    
 
    
 Desktop notifications!
@@ -19631,7 +17742,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    3.3.2.32.4. SwayOSD
    
+
    3.3.2.31.4. SwayOSD
    
 
    
 
    
 
    { lib, pkgs, config, ... }:
@@ -19650,7 +17761,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    3.3.2.32.5. yubikey-touch-detector
    
+
    3.3.2.31.5. yubikey-touch-detector
    
 
    
 
    
 
    { lib, config, pkgs, ... }:
@@ -19689,9 +17800,9 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    
-
    3.3.2.32.6. blueman-applet
    
-
    
+
    
+
    3.3.2.31.6. blueman-applet
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -19704,9 +17815,9 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    
-
    3.3.2.32.7. network-manager-applet
    
-
    
+
    
+
    3.3.2.31.7. network-manager-applet
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -19720,9 +17831,9 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    
-
    3.3.2.32.8. obsidian service for tray
    
-
    
+
    
+
    3.3.2.31.8. obsidian service for tray
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -19755,9 +17866,9 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
 
    
 
    
 
    
-
    
-
    3.3.2.32.9. anki service for tray
    
-
    
+
    
+
    3.3.2.31.9. anki service for tray
    
+
    
 
    
 Sets up a systemd user service for anki that does not stall the shutdown process. Note that the outcommented ExecStart does not work because the home-manager anki package builds a separate anki package that - I think - cannot be referenced as no such expression exists in the module.
 
    
@@ -19803,9 +17914,9 @@ Sets up a systemd user service for anki that does not stall the shutdown process
 
    
 
    
 
    
-
    
-
    3.3.2.32.10. element service for tray
    
-
    
+
    
+
    3.3.2.31.10. element service for tray
    
+
    
 
    
 
    { lib, config, pkgs, ... }:
 {
@@ -19838,9 +17949,9 @@ Sets up a systemd user service for anki that does not stall the shutdown process
 
    
 
    
 
    
-
    
-
    3.3.2.32.11. vesktop service for tray
    
-
    
+
    
+
    3.3.2.31.11. vesktop service for tray
    
+
    
 
    
 
    { lib, config, pkgs, ... }:
 {
@@ -19873,9 +17984,9 @@ Sets up a systemd user service for anki that does not stall the shutdown process
 
    
 
    
 
    
-
    
-
    3.3.2.32.12. syncthing service for tray
    
-
    
+
    
+
    3.3.2.31.12. syncthing service for tray
    
+
    
 
    
 
    { lib, config, pkgs, ... }:
 {
@@ -20003,7 +18114,7 @@ Sets up a systemd user service for anki that does not stall the shutdown process
 
    
 
    
 
    
-
    3.3.2.33. Sway
    
+
    3.3.2.32. Sway
    
 
    
 
    
 I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window.
@@ -20447,7 +18558,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
 
    
 
    
 
    
-
    3.3.2.34. Niri
    
+
    3.3.2.33. Niri
    
 
    
 
    
 
    { config, pkgs, lib, vars, ... }:
@@ -20667,7 +18778,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
 
    
 
    
 
    
-
    3.3.2.35. Kanshi
    
+
    3.3.2.34. Kanshi
    
 
    
 
    
 
    { self, lib, pkgs, config, ... }:
@@ -20777,7 +18888,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
 
    
 
    
 
    
-
    3.3.2.36. gpg-agent
    
+
    3.3.2.35. gpg-agent
    
 
    
 
    
 Settings that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here.
@@ -20861,7 +18972,7 @@ in
 
    
 
    
 
    
-
    3.3.2.37. gammastep
    
+
    3.3.2.36. gammastep
    
 
    
 
    
 This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
@@ -20887,7 +18998,7 @@ in
 
    
 
    
 
    
-
    3.3.2.38. Spicetify
    
+
    3.3.2.37. Spicetify
    
 
    
 
    
 
    { inputs, lib, config, pkgs, ... }:
@@ -20917,9 +19028,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.39. Obsidian
    
-
    
+
    
+
    3.3.2.38. Obsidian
    
+
    
 
    
 
    { lib, config, pkgs, nixosConfig ? config, ... }:
 let
@@ -21078,9 +19189,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.40. Anki
    
-
    
+
    
+
    3.3.2.39. Anki
    
+
    
 
    
 
    { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
 let
@@ -21152,9 +19263,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.41. Element-desktop
    
-
    
+
    
+
    3.3.2.40. Element-desktop
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21189,9 +19300,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.42. Hexchat
    
-
    
+
    
+
    3.3.2.41. Hexchat
    
+
    
 
    
 
    { lib, config, nixosConfig ? config, ... }:
 let
@@ -21214,9 +19325,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.43. obs-studio
    
-
    
+
    
+
    3.3.2.42. obs-studio
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21235,9 +19346,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.44. spotify-player
    
-
    
+
    
+
    3.3.2.43. spotify-player
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21256,9 +19367,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.45. vesktop
    
-
    
+
    
+
    3.3.2.44. vesktop
    
+
    
 
    
 
    { lib, pkgs, config, ... }:
 let
@@ -21344,9 +19455,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.46. batsignal
    
-
    
+
    
+
    3.3.2.45. batsignal
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21377,9 +19488,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.47. autotiling
    
-
    
+
    
+
    3.3.2.46. autotiling
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21399,9 +19510,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.48. swayidle
    
-
    
+
    
+
    3.3.2.47. swayidle
    
+
    
 
    
 
    { lib, config, pkgs, ... }:
 let
@@ -21441,9 +19552,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.49. swaylock
    
-
    
+
    
+
    3.3.2.48. swaylock
    
+
    
 
    
 
    { lib, config, pkgs, ... }:
 let
@@ -21470,9 +19581,9 @@ in
 
    
 
    
 
    
-
    
-
    3.3.2.50. opkssh
    
-
    
+
    
+
    3.3.2.49. opkssh
    
+
    
 
    
 
    { lib, config, ... }:
 let
@@ -21734,7 +19845,6 @@ in
           # openstackclient
 
           vscode
-          dev.antigravity
 
           rustdesk-vbc
         ];
@@ -22463,14 +20573,6 @@ TODO: check which of these can be replaced but builtin functions.
 
    { self, config, lib, ... }:
 {
   options.swarselsystems = {
-    proxyHost = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-    };
-    isCloud = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-    };
     withHomeManager = lib.mkOption {
       type = lib.types.bool;
       default = true;
@@ -22504,7 +20606,7 @@ TODO: check which of these can be replaced but builtin functions.
     isBtrfs = lib.mkEnableOption "use btrfs filesystem";
     sopsFile = lib.mkOption {
       type = lib.types.str;
-      default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
+      default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
     };
     homeDir = lib.mkOption {
       type = lib.types.str;
@@ -22805,46 +20907,8 @@ In short, the options defined here are passed to the modules systems using 
 
    
 
    
-
    
-
    3.4.3. Config Library (confLib)
    
-
    
-
    
-
    { config, lib, globals, ... }:
-{
-  _module.args = {
-    confLib = rec {
-
-      addressDefault = if config.swarselsystems.proxyHost != config.node.name then globals.networks."${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}".hosts.${config.node.name}.ipv4 else "localhost";
-
-      domainDefault = service: config.repo.secrets.common.services.domains.${service};
-      proxyDefault = config.swarselsystems.proxyHost;
-
-      getConfig = config;
-
-      gen = { name, user ? name, group ? name, dir ? null, port ? null, domain ? (domainDefault name), address ? addressDefault, proxy ? proxyDefault }: rec {
-        servicePort = port;
-        serviceName = name;
-        specificServiceName = "${name}-${config.node.name}";
-        serviceUser = user;
-        serviceGroup = group;
-        serviceDomain = domain;
-        baseDomain = lib.swarselsystems.getBaseDomain domain;
-        subDomain = lib.swarselsystems.getSubDomain domain;
-        serviceDir = dir;
-        serviceAddress = address;
-        serviceProxy = proxy;
-        proxyAddress4 = globals.hosts.${proxy}.wanAddress4;
-        proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
-      };
-    };
-  };
-}
-
    
-
    
-
    
-
    
 
    
-
    3.4.4. Packages
    
+
    3.4.3. Packages
    
 
    
 
    
 This is the central station for self-defined packages. These are all referenced in default.nix. Wherever possible, I am keeping the shell version of these scripts in this file as well and then read it using builtin.readFile in the NixOS configurations. This lets me keep full control in this one file but also keep the separate files uncluttered.
@@ -22855,9 +20919,9 @@ Note: The structure of generating the packages was changed in commit 2cf03
 
    
 
    
 
    
-
    
-
    3.4.5. Packages (flake)
    
-
    
+
    
+
    3.4.4. Packages (flake)
    
+
    
 
    
 
    { self, lib, pkgs, ... }:
 let
@@ -22876,7 +20940,7 @@ mkPackages packageNames pkgs
 
    
 
    
 
    
-
    3.4.5.1. pass-fuzzel
    
+
    3.4.4.1. pass-fuzzel
    
 
    
 
    
 This app allows me, in conjunction with my Yubikey, to quickly enter passwords when the need arises. Normal and TOTP passwords are supported, and they can either be printed directly or copied to the clipboard.
@@ -22949,9 +21013,9 @@ writeShellApplication {
 
    
 
    
 
    
-
    
-
    3.4.5.2. quickpass
    
-
    
+
    
+
    3.4.4.2. quickpass
    
+
    
 
    
 
    shopt -s nullglob globstar
 
@@ -22981,7 +21045,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.3. cura5
    
+
    3.4.4.3. cura5
    
 
    
 
    
 The version of cura used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead.
@@ -23024,7 +21088,7 @@ writeScriptBin "cura" ''
 
    
 
    
 
    
-
    3.4.5.4. hm-specialisation
    
+
    3.4.4.4. hm-specialisation
    
 
    
 
    
 This script allows for quick git home-manager specialisation switching.
@@ -23050,7 +21114,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.5. cdw
    
+
    3.4.4.5. cdw
    
 
    
 
    
 This script allows for quick git worktree switching.
@@ -23074,7 +21138,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.6. cdb
    
+
    3.4.4.6. cdb
    
 
    
 
    
 This script allows for quick git branch switching.
@@ -23096,7 +21160,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.7. bak
    
+
    3.4.4.7. bak
    
 
    
 
    
 This script lets me quickly backup files by appending .bak to the filename.
@@ -23119,7 +21183,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.8. timer
    
+
    3.4.4.8. timer
    
 
    
 
    
 This app starts a configuratble timer and uses TTS to say something once the timer runs out.
@@ -23142,7 +21206,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.9. e
    
+
    3.4.4.9. e
    
 
    
 
    
 This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm scratchpad window that I sometimes use for calling a command quickly, in case it is on the screen. After emacs closes, the kittyterm window is then shown again if it was visible earlier.
@@ -23188,7 +21252,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.10. command-not-found
    
+
    3.4.4.10. command-not-found
    
 
    
 
    
 The normal command-not-found.sh uses the outdated nix-shell commands as suggestions. This version supplies me with the more modern nixpkgs#<name> version.
@@ -23234,7 +21298,7 @@ command_not_found_handler() {
 
    
 
    
 
    
-
    3.4.5.11. swarselcheck
    
+
    3.4.4.11. swarselcheck
    
 
    
 
    
 This app checks for different apps that I keep around in the scratchpad for quick viewing and hiding (messengers and music players mostly) and then behaves like the kittyterm hider that I described in e.
@@ -23319,7 +21383,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.12. swarselcheck-niri
    
+
    3.4.4.12. swarselcheck-niri
    
 
    
 
    
 
    while :; do
@@ -23374,7 +21438,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.13. swarselzellij
    
+
    3.4.4.13. swarselzellij
    
 
    
 
    
 
    # KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
@@ -23401,7 +21465,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.14. waybarupdate
    
+
    3.4.4.14. waybarupdate
    
 
    
 
    
 This scripts checks if there are uncommited changes in either my dotfile repo, my university repo, or my passfile repo. In that case a warning will be shown in waybar.
@@ -23448,7 +21512,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.15. opacitytoggle
    
+
    3.4.4.15. opacitytoggle
    
 
    
 
    
 This app quickly toggles between 5% and 0% transparency.
@@ -23475,7 +21539,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.16. fs-diff
    
+
    3.4.4.16. fs-diff
    
 
    
 
    
 This utility is used to compare the current state of the root directory with the blanket state that is stored in /root-blank (the snapshot that is restored on each reboot of an impermanence machine). Using this, I can find files that I will lose once I reboot - if there are important files in that list, I can then easily add them to the persist options.
@@ -23516,7 +21580,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.17. github-notifications
    
+
    3.4.4.17. github-notifications
    
 
    
 
    
 This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
@@ -23542,7 +21606,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.18. kanshare
    
+
    3.4.4.18. kanshare
    
 
    
 
    
 This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
@@ -23566,7 +21630,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.19. swarsel-bootstrap
    
+
    3.4.4.19. swarsel-bootstrap
    
 
    
 
    
 This program sets up a new NixOS host remotely. It also takes care of secret management on the new host.
@@ -23583,8 +21647,6 @@ target_user="swarsel"
 ssh_port="22"
 persist_dir=""
 disk_encryption=0
-disk_encryption_args=""
-no_disko_deps="false"
 temp=$(mktemp -d)
 
 function help_and_exit() {
@@ -23604,7 +21666,6 @@ function help_and_exit() {
     echo "                                          Default='${target_user}'."
     echo "  --port <ssh_port>                       specify the ssh port to use for remote access. Default=${ssh_port}."
     echo "  --debug                                 Enable debug mode."
-    echo "  --no-disko-deps                         Upload only disk script and not dependencies (for use on low ram)."
     echo "  -h | --help                             Print this help."
     exit 0
 }
@@ -23658,14 +21719,14 @@ function update_sops_file() {
 
     SOPS_FILE=".sops.yaml"
     sed -i "{
-                                                        # Remove any * and & entries for this host
-                                                        /[*&]$key_name/ d;
-                                                        # Inject a new age: entry
-                                                        # n matches the first line following age: and p prints it, then we transform it while reusing the spacing
-                                                        /age:/{n; p; s/\(.*- \*\).*/\1$key_name/};
-                                                        # Inject a new hosts or user: entry
-                                                        /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/}
-                                                        }" $SOPS_FILE
+                                                # Remove any * and & entries for this host
+                                                /[*&]$key_name/ d;
+                                                # Inject a new age: entry
+                                                # n matches the first line following age: and p prints it, then we transform it while reusing the spacing
+                                                /age:/{n; p; s/\(.*- \*\).*/\1$key_name/};
+                                                # Inject a new hosts or user: entry
+                                                /&$key_type/{n; p; s/\(.*- &\).*/\1$key_name $key/}
+                                                }" $SOPS_FILE
     green "Updating .sops.yaml"
     cd -
 }
@@ -23692,9 +21753,6 @@ while [[ $# -gt 0 ]]; do
         shift
         ssh_port=$1
         ;;
-    --no-disko-deps)
-        no_disko_deps="true"
-        ;;
     --debug)
         set -x
         ;;
@@ -23712,12 +21770,6 @@ if [[ $target_arch == "" || $target_destination == "" || $target_hostname == ""
     help_and_exit
 fi
 
-LOCKED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.node.lockFromBootstrapping)"
-if [[ $LOCKED == "true" ]]; then
-    red "THIS SYSTEM IS LOCKED FROM BOOTSTRAPPING"
-    exit
-fi
-
 green "~SwarselSystems~ remote installer"
 green "Reading system information for $target_hostname ..."
 
@@ -23728,11 +21780,6 @@ CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.sw
 if [[ $CRYPTED == "true" ]]; then
     green "Encryption: ✓"
     disk_encryption=1
-    disk_encryption_args=(
-        --disk-encryption-keys
-        /tmp/disko-password
-        /tmp/disko-password
-    )
 else
     red "Encryption: X"
     disk_encryption=0
@@ -23825,14 +21872,7 @@ $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "$
 # ------------------------
 
 green "Deploying minimal NixOS installation on $target_destination"
-
-if [[ $no_disko_deps == "true" ]]; then
-    green "Building without disko dependencies (using custom kexec)"
-    nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --no-disko-deps --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" --kexec "$(nix build --print-out-paths .#packages."$target_arch".swarsel-kexec)/swarsel-kexec-$target_arch.tar.gz" root@"$target_destination"
-else
-    green "Building with disko dependencies (using nixos-images kexec)"
-    nix run github:nix-community/nixos-anywhere/1.10.0 -- "${disk_encryption_args[@]}" --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination"
-fi
+nix run github:nix-community/nixos-anywhere/1.10.0 -- --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination"
 
 echo "Updating ssh host fingerprint at $target_destination to ~/.ssh/known_hosts"
 ssh-keyscan -p "$ssh_port" "$target_destination" >> ~/.ssh/known_hosts || true
@@ -23980,7 +22020,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.20. swarsel-rebuild
    
+
    3.4.4.20. swarsel-rebuild
    
 
    
 
    
 
    set -eo pipefail
@@ -24110,7 +22150,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.21. swarsel-install
    
+
    3.4.4.21. swarsel-install
    
 
    
 
    
 Autoformatting always puts the EOF with indentation, which makes shfmt check fail. When editing this block, unindent them manually.
@@ -24323,7 +22363,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.22. swarsel-postinstall
    
+
    3.4.4.22. swarsel-postinstall
    
 
    
 
    
 
    set -eo pipefail
@@ -24415,7 +22455,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.23. t2ts
    
+
    3.4.4.23. t2ts
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -24433,7 +22473,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.24. ts2t
    
+
    3.4.4.24. ts2t
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -24451,7 +22491,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.25. vershell
    
+
    3.4.4.25. vershell
    
 
    
 
    
 
    { name, writeShellApplication, ... }:
@@ -24469,7 +22509,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.26. eontimer
    
+
    3.4.4.26. eontimer
    
 
    
 
    
 
    { lib
@@ -24573,7 +22613,7 @@ python3.pkgs.buildPythonApplication rec {
 
    
 
    
 
    
-
    3.4.5.27. project
    
+
    3.4.4.27. project
    
 
    
 
    
 
    set -euo pipefail
@@ -24597,7 +22637,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.28. fhs
    
+
    3.4.4.28. fhs
    
 
    
 
    
 
    { name, pkgs, ... }:
@@ -24616,7 +22656,7 @@ pkgs.buildFHSEnv (base // {
 
    
 
    
 
    
-
    3.4.5.29. swarsel-displaypower
    
+
    3.4.4.29. swarsel-displaypower
    
 
    
 
    
 A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.
@@ -24641,7 +22681,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.30. swarsel-mgba
    
+
    3.4.4.30. swarsel-mgba
    
 
    
 
    
 AppImage version of mgba in which the lua scripting works.
@@ -24675,7 +22715,7 @@ appimageTools.wrapType2 {
 
    
 
    
 
    
-
    3.4.5.31. swarsel-deploy
    
+
    3.4.4.31. swarsel-deploy
    
 
    
 
    
 
    # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix
@@ -24807,7 +22847,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.32. swarsel-build
    
+
    3.4.4.32. swarsel-build
    
 
    
 
    
 
    { name, nix-output-monitor, writeShellApplication, ... }:
@@ -24831,7 +22871,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.33. swarsel-instantiate
    
+
    3.4.4.33. swarsel-instantiate
    
 
    
 
    
 This is a convenience function that calls nix-instantiate with a number of flags that I need in order to evaluate nix expressions in org-src blocks.
@@ -24852,7 +22892,7 @@ writeShellApplication {
 
    
 
    
 
    
-
    3.4.5.34. sshrm
    
+
    3.4.4.34. sshrm
    
 
    
 
    
 This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.
@@ -24884,9 +22924,9 @@ writeShellApplication {
 
    
 
    
 
    
-
    
-
    3.4.5.35. endme
    
-
    
+
    
+
    3.4.4.35. endme
    
+
    
 
    
 Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session.
 
    
@@ -24906,9 +22946,9 @@ writeShellApplication {
 
    
 
    
 
    
-
    
-
    3.4.5.36. git-replace
    
-
    
+
    
+
    3.4.4.36. git-replace
    
+
    
 
    
 This script allows for quick git replace of a string.
 
    
@@ -24985,9 +23025,9 @@ writeShellApplication {
 
    
 
    
 
    
-
    
-
    3.4.6. Packages (config)
    
-
    
+
    
+
    3.4.5. Packages (config)
    
+
    
 
    
 
    { self, homeConfig, lib, pkgs, ... }:
 let
@@ -25003,9 +23043,9 @@ mkPackages packageNames pkgs
 
    
 
    
 
    
-
    
-
    3.4.6.1. cdr
    
-
    
+
    
+
    3.4.5.1. cdr
    
+
    
 
    
 
    { name, homeConfig, writeShellApplication, fzf, ... }:
 
@@ -25167,9 +23207,9 @@ in
 
    
 
    
 
    
-
    
-
    3.5.1.3. Optionals
    
-
    
+
    
+
    3.5.1.3. Optionals
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -25373,9 +23413,9 @@ in
 
    
 
    
 
    
-
    
-
    3.5.1.9. Router
    
-
    
+
    
+
    3.5.1.9. Router
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -25490,9 +23530,9 @@ in
 
    
 
    
 
    
-
    
-
    3.5.2.2. DGX Spark
    
-
    
+
    
+
    3.5.2.2. DGX Spark
    
+
    
 
    
 
    { lib, config, ... }:
 {
@@ -25504,7 +23544,6 @@ in
       atuin = lib.mkDefault true;
       autotiling = lib.mkDefault false;
       batsignal = lib.mkDefault false;
-      bash = lib.mkDefault true;
       blueman-applet = lib.mkDefault true;
       desktop = lib.mkDefault false;
       direnv = lib.mkDefault true;
@@ -25947,11 +23986,6 @@ In this section I define extra functions that I need. Some of these functions I
 Since I am rebinding the C-z hotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly.
 
    
 
-
    
-We set a keybinding to this in Custom Keybindings.
-
    
-
-
 
    
 
    ;; -*- lexical-binding: t; -*-
 
@@ -25969,11 +24003,7 @@ We set a keybinding to this in 4.2.1.2. Switching to last used buffer
 
    
 
    
-I often find myself bouncing between two buffers when I do not want to use a window split. This function simply jumps to the last used buffer.
-
    
-
-
    
-We set a keybinding to this in Custom Keybindings.
+I often find myself bouncing between two buffers when I do not want to use a window split. This funnction simply jumps to the last used buffer.
 
    
 
 
    
@@ -26082,10 +24112,6 @@ The below function avoids these problems. Originally I used the function d
 However, this function does not work on regions. Later, I found a solution implemented by crux. I do not need the whole package, so I just extracted the three functions I needed from it.
 
    
 
-
    
-We set a keybinding to this in Custom Keybindings.
-
    
-
 
    
 
     (defun crux-get-positions-of-line-or-region ()
@@ -26274,17 +24300,9 @@ This function was found here: 
-
    4.2.1.9. Magit: List directories using vertico/consult
    
-
    
-
    
-At work and when working on private projects, I often have to jump between several git repositories. This function fires up a picker that gets me to the magit overview page of that repository.
-
    
-
-
    
-We set a keybinding to this in Custom Keybindings.
-
    
-
+
    
+
    4.2.1.9. Magit: List directories using vertico/consult
    
+
    
 
    
 
     (defun swarsel/consult-magit-repos ()
@@ -26405,10 +24423,6 @@ Normally emacs cycles between three states:
 However, I want to be able to fold a single heading consistently.
 
    
 
-
    
-We set a keybinding to this in Custom Keybindings.
-
    
-
 
    
 
     (defun org-fold-outer ()
@@ -26471,69 +24485,6 @@ These functions are used here: 
-
    
-
    
-
    
-
    
-
    4.2.1.16. Insert link to another header in org file
    
-
    
-
    
-When writing this file, I often want to refer to a different section of the file. One way to do this is to C-x O (consult-org-heading) to get to said heading, then C=c s (org-store-link), finally C-o (evil-jump-backward) to get back to the origin and insert the link using C-c C-l (org-insert-link).
-
    
-
-
    
-These two scripts just let me do all of this in one step. I have styled the picker in a way that is similar to consult-org-heading.
-
    
-
-
    
-We set a keybinding to this in Custom Keybindings.
-
    
-
-
    
-
    -  (defun swarsel/org-colorize-outline (parents raw)
-    (let* ((palette ["#58B6ED" "#8BD49C" "#33CED8" "#4B9CCC"
-                     "yellow" "orange" "salmon" "red"])
-           (n (length parents))
-           (colored-parents
-            (cl-mapcar
-             (lambda (p i)
-               (propertize p 'face `(:foreground ,(aref palette (mod i (length palette))) :weight bold)))
-             parents
-             (number-sequence 0 (1- n)))))
-      (concat
-       (when parents
-         (string-join colored-parents "/"))
-       (when parents "/")
-       (propertize raw 'face `(:foreground ,(aref palette (mod n (length palette)))
-                                 :weight bold)))))
-
-(defun swarsel/org-insert-link-to-heading ()
-  (interactive)
-  (let ((candidates '()))
-    (org-map-entries
-     (lambda ()
-       (let* ((raw (org-get-heading t t t t))
-              (parents (org-get-outline-path t))
-              (m (copy-marker (point)))
-              (colored (swarsel/org-colorize-outline parents raw)))
-         (push (cons colored m) candidates))))
-
-    (let* ((choice (completing-read "Heading: " (mapcar #'car candidates)))
-           (marker (cdr (assoc choice candidates)))
-           id raw-heading)
-      (unless marker
-        (user-error "No marker for heading??"))
-
-      (save-excursion
-        (goto-char marker)
-        (setq id (prot-org--id-get))
-        (setq raw-heading (org-get-heading t t t t)))
-
-      (insert (org-link-make-string (format "#%s" id)
-                                    raw-heading)))))
-
 
    
 
    
 
    
@@ -26650,7 +24601,6 @@ I also define some keybinds to some combinations directly. Those are used mostly
  "<DUMMY-m>" 'swarsel/last-buffer
  "M-\\" 'indent-region
  "M-r" 'swarsel/consult-magit-repos
- "M-i" 'swarsel/org-insert-link-to-heading
  "<Paste>" 'yank
  "<Cut>" 'kill-region
  "<Copy>" 'kill-ring-save
@@ -26670,7 +24620,7 @@ I also define some keybinds to some combinations directly. Those are used mostly
 
    4.2.3. Directory setup / File structure
    
 
    
 
    
-In this section I setup some aliases that I use for various directories on my system. This is just to prevent setting the same stuff too often.
+In this section I setup some aliases that I use for various directories on my system. Some of these are actually used for magit repository finding etc., but many of them serve no real use and I need to clean this up someday.
 
    
 
 
    
@@ -26678,12 +24628,12 @@ In this section I setup some aliases that I use for various directories on my sy
 ;; set Nextcloud directory for journals etc.
 (setq
  swarsel-emacs-directory "~/.emacs.d"
- swarsel-dotfiles-directory (getenv "FLAKE")
+ swarsel-dotfiles-directory "~/.dotfiles"
  swarsel-swarsel-org-filepath (expand-file-name "SwarselSystems.org" swarsel-dotfiles-directory)
  swarsel-tasks-org-file "Tasks.org"
  swarsel-archive-org-file "Archive.org"
- swarsel-work-projects-directory (getenv "DOCUMENT_DIR_WORK")
- swarsel-private-projects-directory (getenv "DOCUMENT_DIR_PRIV")
+ swarsel-work-projects-directory "~/Documents/Work"
+ swarsel-private-projects-directory "~/Documents/Private"
  )
 
    
 
    
@@ -26771,7 +24721,7 @@ Here I set up some things that are too minor to put under other categories.
 
     ;; use UTF-8 everywhere
 (set-language-environment "UTF-8")
-;; (profiler-start 'cpu)
+(profiler-start 'cpu)
 ;; set default font size
 (defvar swarsel/default-font-size 130)
 (setq swarsel-standard-font "FiraCode Nerd Font Mono"
@@ -27100,10 +25050,6 @@ This minor-mode adds functionality for doing better surround-commands; for examp
 
    
 
    4.3.7.6. evil-visual-mark-mode
    
 
    
-
    
-This makes it so that when setting a mark in evil mode (using m <key>), it creates a visual marker at that place that reminds me what the key for that marker position is (the marker is of course not part of the text of the document, and is hence not saved).
-
    
-
 
    
 
     (use-package evil-visual-mark-mode
@@ -27140,12 +25086,8 @@ This adds support for tree-sitter objects. This allows for the following chords:
 
    
 
    
 
    
-
    4.3.7.8. evil-numbers
    
+
    4.3.7.8. evil-textobj-tree-sitter
    
 
    
-
    
-A very simple package that brings back the vim possibility of incrementing/decrementing numbers. I do not need it often, but it is nice to have.
-
    
-
 
    
 
     (use-package evil-numbers)
@@ -27159,7 +25101,7 @@ A very simple package that brings back the vim possibility of incrementing/decre
 
    4.3.8. ispell
    
 
    
 
    
-This sets up a wordlist that is, for example, used in completions. When coding, I do not really need this, but it is sometimes useful when writing prose.
+This should setup a wordlist that can be used as a dictionary. However, for some reason this does not work, and I will need to further investigate this issue.
 
    
 
 
    
@@ -27236,7 +25178,7 @@ Used in:
 
    
 
 
 
    
@@ -27271,11 +25213,11 @@ This minor mode allows mixing fixed and variable pitch fonts within the same buf
 
    4.3.13. Modeline
    
 
    
 
    
-Here I set up the modeline with some information that I find useful. I was using the doom modeline for a while. Most informations I disabled for it, except for the cursor information (row + column) as well as a widget for mu4e and git information.
+Here I set up the modeline with some information that I find useful. Specficially I am using the doom modeline. Most informations I disable for it, except for the cursor information (row + column) as well as a widget for mu4e and git information.
 
    
 
 
    
-I have currently disabled this in favor of mini-modeline, which saves more screen space and holds only the information I really need.
+I have currently disabled this in favor of mini-modeline.
 
    
 
 
    
@@ -27297,20 +25239,7 @@ I have currently disabled this in favor of 4.3.14. mini-modeline
 
    
 
    
-I have found that the doom-modeline, while very useful, consumes too much screen space for my liking. This modeline takes a more minimalistic approach. The only information that is shown is:
-
    
-
-
      
-
    • the line number
      • 
-
    • state of the file (whether it is saved etc.)
      • 
-
    • the name of the file
      • 
-
    • the percentage of the cursor in the file
      • 
-
    • the major mode of the file
      • 
-
    • the current evil mode
      • 
-
    
-
-
    
-This is really the perfect solution for me, but it might not be for everyone.
+I have found that the doom-modeline, while very useful, consumes too much screen space for my liking. This modeline takes a more minimalistic approach.
 
    
 
 
    
@@ -27354,16 +25283,24 @@ This is really the perfect solution for me, but it might not be for everyone.
 
    4.3.15.1. Vertico, Orderless, Marginalia, Consult, Embark
    
 
    
 
    
-This set of packages uses the default emacs completion framework and works together to provide a very nice user experience.
+This set of packages uses the default emacs completion framework and works together to provide a very nice user experience:
+
    
+
+
      
+
    • Vertico simply provides a vertically stacking completion
      • 
+
    • Marginalia adds more information to completion results
      • 
+
    • Orderless allows for fuzzy matching
      • 
+
    • Consult provides better implementations for several user functions, e.g. consult-line or consult-outline
      • 
+
    • Embark allows acting on the results in the minibuffer while the completion is still ongoing - this is extremely useful since it allows to, for example, read the documentation for several functions without closing the help search. It can also collect the results of a grep operation into a seperate buffer that edits the result in their original location.
      • 
+
    
+
+
    
+Nerd icons is originally enabled here: Icons
 
    
 
    
 
    
 
    4.3.15.1.1. vertico
    
 
    
-
    
-Vertico simply provides a vertically stacking completion framework.
-
    
-
 
    
 
     (setq read-buffer-completion-ignore-case t
@@ -27408,10 +25345,6 @@ This package allows for Ido-like directory navigation.
 
    
 
    4.3.15.1.3. orderless
    
 
    
-
    
-Orderless allows for fuzzy matching.
-
    
-
 
    
 When first installing orderless, I often times faced the problem, that when editing long files and calling consult-line, Emacs would hang when changing a search term in the middle (e.g. from servicse.xserver to servic.xserver in order to fix the typo). The below orderless rules have a more strict matching that has a positive impact on performance.
 
    
@@ -27442,10 +25375,6 @@ When first installing orderless, I often times faced the problem, that when edit
 
    
 
    4.3.15.1.4. consult
    
 
    
-
    
-Consult provides better implementations for several user functions, e.g. consult-line or consult-outline.
-
    
-
 
    
 The big winner here are the convenient keybinds being setup here for general use. Also, I setup vim-navigation for minibuffer completions. consult-buffer is set twice because I am still used to that weird C-M-j command that I chose for ivy-switch-buffer when I first started using Emacs. I want to move to the other command but for now it is not feasible to delete the other one.
 
    
@@ -27476,10 +25405,6 @@ The big winner here are the convenient keybinds being setup here for general use
 
    
 
    4.3.15.1.5. embark
    
 
    
-
    
-Embark allows acting on the results in the minibuffer while the completion is still ongoing - this is extremely useful since it allows to, for example, read the documentation for several functions without closing the help search. It can also collect the results of a grep operation into a seperate buffer that edits the result in their original location.
-
    
-
 
    
 I have stripped down the embark keybinds heavily. It is very useful to me even in it's current state, but it quickly becomes overwhelming. embark-dwim acts on a candidate without closing the minibuffer, which is very useful. embark-act lets the user choose from all actions, but has an overwhelming interface.
 
    
@@ -27528,10 +25453,6 @@ Provides previews for embark.
 
    
 
    4.3.15.1.7. marginalia
    
 
    
-
    
-Marginalia adds more information to completion results.
-
    
-
 
    
 I set the annotation-mode of marginalia to heavy. This gives even more information on the stuff that you are looking at. One thing I am missing from ivy is the highlighting on mode-commands based on the current state of the mode. Also, I do not understand all the shorthands used by marginalia yet.
 
    
@@ -27555,7 +25476,6 @@ I set the annotation-mode of marginalia to heavy. This gives even m
 
    
 
    
 As stated above, this simply provides nerd-icons to the completion framework.
-It is originally enabled here: Icons
 
    
 
 
    
@@ -27706,10 +25626,6 @@ This places little angled indicators on the fringe of a window which indicate bu
 This defines the authentication sources used by org-calfw (Calendar) and Forge.
 
    
 
-
    
-This file is written using home-manager sops in Home-manager: Emacs
-
    
-
 
    
 
     ;; (setq auth-sources '( "~/.emacs.d/.caldav" "~/.emacs.d/.authinfo.gpg")
@@ -28031,11 +25947,7 @@ This just makes org-mode a little bit more beautiful, mostly by making the 4.4.1.10. Presentations
 
    
 
    
-Recently I have grown fond of holding presentations using Emacs.
-
    
-
-
    
-When holding presentations, I think it is important to not have too many distractions on your slides. org-present just shows a plain background, is very responsive, and it is still an org buffer (so you can e.g. run source block codes while in the presentation).
+Recently I have grown fond of holding presentations using Emacs :)
 
    
 
 
    
@@ -28146,13 +26058,9 @@ When holding presentations, I think it is important to not have too many distrac
 
    
 
    
 
    
-
    
-
    4.4.1.11. Render markdown blocks as body to expand noweb blocks
    
-
    
-
    
-I have written this function to allow me to get a preview of the information that is gathered throughout the file and aggregated in Manual steps when setting up a new machine. Normally, running a markdown source block does nothing in Emacs. Hence, I just let it return the output, which inserts the noweb-ref blocks.
-
    
-
+
    
+
    4.4.1.11. Render markdown blocks as body to expand noweb blocks
    
+
    
 
    
 
    (defun org-babel-execute:markdown (body params)
   "Just return BODY unchanged, allowing noweb expansion."
@@ -28166,11 +26074,7 @@ I have written this function to allow me to get a preview of the information tha
 
    4.4.2. Nix Mode
    
 
    
 
    
-This adds a nix mode to Emacs. This has become increasingly useful since I have added lsp-mode in org-src blocks, because since that time, I am now able to actually make use of major modes while I theoretically stay in org-mode.
-
    
-
-
    
-It supports all functions that I normally need. Note that getting completions for flake inputs is a bit finnicky and I am not quite fond of it yet.
+This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as I am mostly editing nix-files in org-mode anyways.
 
    
 
 
    
@@ -28221,7 +26125,7 @@ It supports all functions that I normally need. Note that getting completions fo
 
    4.4.3. HCL Mode
    
 
    
 
    
-This adds support for Hashicorp Configuration Language. Used at work, it is mostly a Terraform Mode that does not support autoformatting upon save. It still is nice :)
+This adds support for Hashicorp Configuration Language. I need this at work.
 
    
 
 
    
@@ -28239,7 +26143,7 @@ This adds support for Hashicorp Configuration Language. Used at work, it is most
 
    4.4.4. Jenkinsfile/Groovy
    
 
    
 
    
-This adds support for Groovy, which I specifically need to work with Jenkinsfiles. Similar to [BROKEN LINK: 7aa9803f-b419-40fa-aafc-4bb934c8f687], it just provides some nice functions.
+This adds support for Groovy, which I specifically need to work with Jenkinsfiles. I need this at work.
 
    
 
 
    
@@ -28256,11 +26160,6 @@ This adds support for Groovy, which I specifically need to work with Jenkinsfile
 
    
 
    4.4.5. Ansible
    
 
    
-
    
-This is supposed to provide auto-completion when turned on. Of course I cannot globally turn this on since it would run in any .yaml file then, but even when manually started, it seems to do nothing. This would be nice at work.
-
    
-
-
 
    
 
     (use-package ansible)
@@ -28273,7 +26172,7 @@ This is supposed to provide auto-completion when turned on. Of course I cannot g
 
    4.4.6. Dockerfile
    
 
    
 
    
-This adds support for Dockerfiles in a similar way to [BROKEN LINK: ebd53be9-c38a-4a0f-a7b4-eee30a0074fc].
+This adds support for Dockerfiles. I need this at work.
 
    
 
 
    
@@ -28289,7 +26188,7 @@ This adds support for Dockerfiles in a similar way to [BROKEN LINK: ebd53be9-c38
 
    4.4.7. Terraform Mode
    
 
    
 
    
-This adds support for Terraform configuration files. This is basically the same as the [BROKEN LINK: 7aa9803f-b419-40fa-aafc-4bb934c8f687] mode as the languages are very similar.
+This adds support for Terraform configuration files. I need this at work.
 
    
 
 
    
@@ -28310,11 +26209,7 @@ This adds support for Terraform configuration files. This is basically the same
 
    4.4.8. nix formatting
    
 
    
 
    
-Adds functions for formatting nix code. I make huge use of this using the chords C-<Space> o b (org-babel-mark-block) and then C-<Space> o n (nixpkgs-fmt-region). This is what I use to keep my nix org-src-blocks formatted. However, using [BROKEN LINK: a67adf2f-20ce-49d6-ba6b-0341ca3d9972], the resulting tangled files will be formatted in any case.
-
    
-
-
    
-Note that for files that are not managed using this file (which there should normally not be many of), we can still use nix fmt for running treefmt for formatting and checks.
+Adds functions for formatting nix code.
 
    
 
 
    
@@ -28329,7 +26224,7 @@ Note that for files that are not managed using this file (which there should nor
 
    4.4.9. shfmt
    
 
    
 
    
-Adds functions for formatting shellscripts. Similarly to [BROKEN LINK: 460a47fd-cddc-4080-9eba-6724fc63606e]m I use this using the chords C-<Space> o b (org-babel-mark-block) and then C-<Space> o s (shfmt-region). This is what I use to keep shell script blocks formatted in this file. This is also handled by treefmt, but still, I want this file to stay organized as well.
+Adds functions for formatting shellscripts.
 
    
 
 
    
@@ -28350,10 +26245,6 @@ Adds functions for formatting shellscripts. Similarly to [BROKEN LINK: 460a47fd-
 
    
 
    4.4.10.1. Mode
    
 
    
-
    
-Adds a mode for markdown, specifically MultiMarkdown, which allows me to render LaTeX and other nice things.
-
    
-
 
    
 
     (setq markdown-command "pandoc")
@@ -28372,10 +26263,6 @@ Adds a mode for markdown, specifically MultiMarkdown, which allows me to render
 
    
 
    4.4.10.2. LaTeX in Markdown
    
 
    
-
    
-Allows me to render LaTeX just where I write it. I do not need this as much anymore, but during my studies this was very valuable to me.
-
    
-
 
    
 
     (add-hook 'markdown-mode-hook
@@ -28392,10 +26279,6 @@ Allows me to render LaTeX just where I write it. I do not need this as much anym
 
    
 
    4.4.11. elfeed
    
 
    
-
    
-This adds elfeed, a neat RSS reader for Emacs. I use this as a client for FreshRSS. While I read most of my feeds on my phone (using Capy Reader), it is still good to have an Emacs-native reader as well. Some time ago I was still running a separate Emacs instance on my server: [BROKEN LINK: 0e07e2fb-adc4-4fd8-9b54-0a59338a471e]. This instance would then sync the read feeds to other instances. This was very brittle however and is only left as a historical note.
-
    
-
 
    
 
     (use-package elfeed)
@@ -28434,7 +26317,7 @@ This adds elfeed, a neat RSS reader for Emacs. I use this as a client for 4.4.12. Ripgrep
 
    
 
    
-This is the ripgrep package for Emacs.
+This is the ripgrep command for Emacs.
 
    
 
 
    
@@ -28453,7 +26336,7 @@ Tree-sitter is a parsing library integrated into Emacs to provide better syntax
 
    
 
 
    
-In order to update the language grammars, run the next command below. NOTE: since we now load epkgs.treesit-grammars.with-all-grammars in Home-manager: Emacs, we actually never run this anymore. I leave it here however for a potential future reader. For safety, I still instruct treesit to install missing grammars on the fly.
+In order to update the language grammars, run the next command below.
 
    
 
 
    
@@ -28615,7 +26498,7 @@ magit is the best git utility I have ever used - it has a beautiful interface an
 
    
 
 
    
-Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. We set that here: [BROKEN LINK: 59df9a4c-2a1f-466b-abe2-fbb8524cd0ed].
+Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. We also set that here.
 
    
 
 
    
@@ -28635,7 +26518,7 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc.
 
    4.4.19. Yubikey support
    
 
    
 
    
-The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least. This works especially well since I have switched from pinentry-gtk3 to pinentry-waypromt.
+The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least.
 
    
 
 
    
@@ -28669,10 +26552,6 @@ NOTE: Make sure to configure a GitHub token before using this package!
 (1) in practice: github -<> settings -<> developer option -<>
 create classic token with repo; user; read:org permissions
 (2)machine api.github.com login USERNAMEforge password 012345abcdef…
-
    
-
-
    
-The above is handled by [BROKEN LINK: ebb558ed-883a-486f-a6f5-8b283eb735a3] and only here as a historical note. Forge lets me interact with non-core git objects like issues and pull requests from within emacs.
 
    
 
 
@@ -29076,10 +26955,6 @@ company is now disabled since it seems that corfu runs just fine with lsp-mode a
 
    
 
    4.4.32. lsp-mode in org-src blocks
    
 
    
-
    
-This incredible function allows to start a sub-pane in a org-file while in a source-block that spins up a lsp-server. In practise that allows me to use a nix lsp when editing complex blocks in my config. The only bother is that we have to add the modes where it should run manually to org-babel-lang-list, but that is a small price to pay for the usefulness that it brings.
-
    
-
 
    
 
    ;; thanks to https://tecosaur.github.io/emacs-config/config.html#lsp-support-src
 (cl-defmacro lsp-org-babel-enable (lang)
@@ -29118,11 +26993,6 @@ This incredible function allows to start a sub-pane in a org-file while in a sou
 
    
 
    4.4.33. lsp-bridge
    
 
    
-
    
-This is another lsp-implementation for Emacs using multi-threading, so this should be the least blocking one. Still, in general I prefer eglot.
-
    
-
-
 
    
 
     (use-package lsp-bridge
@@ -29405,9 +27275,9 @@ This adds the simple utility of sending desktop notifications whenever a new mai
 
    
 
    
 
    
-
    
-
    4.4.39.3. Work: Signing Mails (S/MIME, smime)
    
-
    
+
    
+
    4.4.39.3. Work: Signing Mails (S/MIME, smime)
    
+
    
 
    
 Used to automatically sign messages sent from my work email address using S/MIME certificate.
 
    
@@ -29690,9 +27560,9 @@ Also see `prot-window-delete-popup-frame'." command)
 This sections is no longer used really. An introduction can be found in Structure of this file under the historical note. The little noweb-ref blocks that I still use are found in Hosts and Services.
 
    
 
    
-
    
-
    5.1. General steps when setting up a new machine
    
-
    
+
    
+
    5.1. General steps when setting up a new machine
    
+
    
 
    
 These general steps are needed when setting up a new machine and do not fit into another block well:
 
    
@@ -29707,9 +27577,9 @@ These general steps are needed when setting up a new machine and do not fit into
   - `systemd-cryptenroll --fido2-device=auto /dev/`
 
    
 
    
-
    
-
    5.2. Current patches and fixes
    
-
    
+
    
+
    5.2. Current patches and fixes
    
+
    
 
    
 These are current deviations from the standard settings that I take while some things are broken upstream
 
    
@@ -30515,11 +28385,8 @@ dd DRIVE ISO:
 sync USER HOST:
   rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
 
-secrets USER HOST:
-  rsync -rltv -e "ssh -l {{USER}}" /var/tmp/nix-import-encrypted/1000/ {{USER}}@{{HOST}}:/var/tmp/nix-import-encrypted/0
-
-bootstrap DEST CONFIG ARCH="x86_64-linux" NODISKODEPS="":
-  nix develop .#deploy --command zsh -c "swarsel-bootstrap {{NODISKODEPS}} -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"
+bootstrap DEST CONFIG ARCH="x86_64-linux":
+  nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"
 
 
    
 
    
@@ -31450,10 +29317,8 @@ See the above repository for updates as well as full license text. */
   transform-origin: 0px calc(0px - var(--tab-min-height) - var(--tab-block-margin) * 2);
   transform: rotateX(89.9deg);
 }
-
-:root[window-modal-open] #urlbar[popover],
-#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox #urlbar[popover],
-  /* swarsel: removed :hover from below line */
+#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover],
+/* swarsel: removed :hover from below line */
 #navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover],
 #urlbar-container > #urlbar[popover]:is([focused],[open]){
   pointer-events: auto;
@@ -31461,11 +29326,9 @@ See the above repository for updates as well as full license text. */
   transition-delay: 33ms;
   transform: rotateX(0deg);
 }
-
-:root[window-modal-open] #navigator-toolbox,
-#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel), > #tab-group-editor > [panelopen]) ~ toolbox,
+#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox,
 #navigator-toolbox:has(#urlbar:is([open],[focus-within])),
-  /* swarsel: removed :hover from below line */
+/* swarsel: removed :hover from below line */
 #navigator-toolbox:is(:focus-within,[movingtab]){
   transition-delay: 33ms !important;
   transform: rotateX(0);
@@ -31474,7 +29337,8 @@ See the above repository for updates as well as full license text. */
 /* This makes things like OS menubar/taskbar show the toolbox when hovered in maximized windows.
  * Unfortunately it also means that other OS native surfaces (such as context menu on macos)
  * and other always-on-top applications will trigger toolbox to show up. */
-@media -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){
+@media (-moz-bool-pref: "userchrome.autohide-toolbox.unhide-by-native-ui.enabled"),
+       -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){
   :root[sizemode="maximized"]:not(:hover){
     #navigator-toolbox:not(:-moz-window-inactive),
     #urlbar[popover]:not(:-moz-window-inactive){
@@ -31504,9 +29368,13 @@ See the above repository for updates as well as full license text. */
   padding-block: calc(min(4px,(var(--urlbar-container-height) - var(--urlbar-height)) / 2) + var(--urlbar-container-padding)) !important;
 }
 
+/* Uncomment this if tabs toolbar is hidden with hide_tabs_toolbar.css */
+ /*#titlebar{ margin-bottom: -9px }*/
+
 /* Uncomment the following for compatibility with tabs_on_bottom.css - this isn't well tested though */
 /*
 #navigator-toolbox{ flex-direction: column; display: flex; }
+#titlebar{ order: 2 }
 */
 
 
    
@@ -32212,26 +30080,24 @@ Here lies defined the readme for GitHub and Forgejo:
 
   ### Hosts
 
-  | Name                | Hardware                                            | Use                                                 |
-  |---------------------|-----------------------------------------------------|-----------------------------------------------------|
-  |💻 **pyramid**       | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                         |
-  |💻 **bakery**        | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                     |
-  |💻 **machpizza**     | MacBook Pro 2016                                    | MacOS reference and build sandbox                   |
-  |🏠 **treehouse**     | NVIDIA DGX Spark                                    | AI Workstation, remote builder, hm-only-reference   |
-  |🖥️ **summers**       | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Homeserver (microvms), remote builder, datastorage  |
-  |🖥️ **winters**       | ASRock J4105-ITX, 32GB RAM                          | Homeserver (IoT server in spe)                      |
-  |🖥️ **hintbooth**     | HUNSN RM02, 8GB RAM                                 | Router                                              |
-  |☁️ **stoicclub**     | Cloud Server: 1 vCPUs, 8GB RAM                      | Authoritative dns server                            |
-  |☁️ **liliputsteps**  | Cloud Server: 1 vCPUs, 8GB RAM                      | SSH bastion                                         |
-  |☁️ **twothreetunnel**| Cloud Server: 2 vCPUs, 8GB RAM                      | Service proxy                                       |
-  |☁️ **eagleland**     | Cloud Server: 2 vCPUs, 8GB RAM                      | Mailserver                                          |
-  |☁️ **moonside**      | Cloud Server: 4 vCPUs, 24GB RAM                     | Gaming server, syncthing + lightweight services     |
-  |☁️ **belchsfactory** | Cloud Server: 4 vCPUs, 24GB RAM                     | Hydra builder and nix binarycache                   |
-  |📱 **magicant**      | Samsung Galaxy Z Flip 6                             | Phone                                               |
-  |💿 **drugstore**     | -                                                   | NixOS-installer ISO for bootstrapping new hosts     |
-  |💿 **brickroad**     | -                                                   | Kexec tarball for bootstrapping low-memory machines |
-  |❔ **chaotheatre**   | -                                                   | Demo config for checking out this configuration     |
-  |❔ **toto**          | -                                                   | Helper configuration for testing purposes           |
+  | Name               | Hardware                                            | Use                                                  |
+  |--------------------|-----------------------------------------------------|------------------------------------------------------|
+  |💻 **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
+  |💻 **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
+  |💻 **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
+  |🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
+  |🖥️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
+  |🖥️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
+  |🖥️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
+  |☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+  |☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+  |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
+  |☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
+  |☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
+  |📱 **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
+  |💿 **drugstore**    | -                                                   | ISO installer configuration                          |
+  |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
+  |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
   </details>
 
   ## General Nix tips & useful links
@@ -32696,7 +30562,7 @@ similarly, there exists an version that starts from the right.
 
    
 
    
 
    Author: Leon Schwarzäugl
    
-
    Created: 2025-11-27 Do 16:49
    
+
    Created: 2025-11-19 Mi 15:22
    
 
    Validate
    
 
    
 
diff --git a/install/kexec.nix b/install/kexec.nix
deleted file mode 100644
index fc704d8..0000000
--- a/install/kexec.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ lib, pkgs, modulesPath, options, ... }:
-{
-  disabledModules = [
-    # This module adds values to multiple lists (systemPackages, supportedFilesystems)
-    # which are impossible/unpractical to remove, so we disable the entire module.
-    "profiles/base.nix"
-  ];
-
-  imports = [
-    # reduce closure size by removing perl
-    "${modulesPath}/profiles/perlless.nix"
-    # FIXME: we still are left with nixos-generate-config due to nixos-install-tools
-    { system.forbiddenDependenciesRegexes = lib.mkForce [ ]; }
-  ];
-
-  config = {
-    networking.hostName = "brickroad";
-
-    system = {
-      # nixos-option is mainly useful for interactive installations
-      tools.nixos-option.enable = false;
-      # among others, this prevents carrying a stdenv with gcc in the image
-      extraDependencies = lib.mkForce [ ];
-    };
-    # prevents shipping nixpkgs, unnecessary if system is evaluated externally
-    nix.registry = lib.mkForce { };
-
-    # would pull in nano
-    programs.nano.enable = false;
-
-    # prevents strace
-    environment = {
-      defaultPackages = lib.mkForce [
-        pkgs.parted
-        pkgs.gptfdisk
-        pkgs.e2fsprogs
-      ];
-
-      systemPackages = with pkgs; [
-        cryptsetup.bin
-      ];
-
-      # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
-      ldso32 = null;
-    };
-
-    # included in systemd anyway
-    systemd.sysusers.enable = true;
-
-    # normal users are not allowed with sys-users
-    # see https://github.com/NixOS/nixpkgs/pull/328926
-    users.users.nixos = {
-      isSystemUser = true;
-      isNormalUser = lib.mkForce false;
-      shell = "/run/current-system/sw/bin/bash";
-      group = "nixos";
-    };
-    users.groups.nixos = { };
-
-    security = {
-      # we have still run0 from systemd and most of the time we just use root
-      sudo.enable = false;
-      polkit.enable = lib.mkForce false;
-      # introduces x11 dependencies
-      pam.services.su.forwardXAuth = lib.mkForce false;
-    };
-
-    documentation = {
-      enable = false;
-      man.enable = false;
-      nixos.enable = false;
-      info.enable = false;
-      doc.enable = false;
-    };
-
-    services = {
-      # no dependency on x11
-      dbus.implementation = "broker";
-      # we prefer root as this is also what we use in nixos-anywhere
-      getty.autologinUser = lib.mkForce "root";
-      # included in systemd anyway
-      userborn.enable = false;
-    };
-
-
-
-    # we are missing this from base.nix
-    boot.supportedFilesystems = [
-      "ext4"
-      "btrfs"
-      "xfs"
-    ];
-  } // lib.optionalAttrs (options.hardware ? firmwareCompression) {
-    hardware.firmwareCompression = "xz";
-  };
-}
diff --git a/justfile b/justfile
index 2fa83aa..b13d397 100644
--- a/justfile
+++ b/justfile
@@ -23,8 +23,5 @@ dd DRIVE ISO:
 sync USER HOST:
   rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
 
-secrets USER HOST:
-  rsync -rltv -e "ssh -l {{USER}}" /var/tmp/nix-import-encrypted/1000/ {{USER}}@{{HOST}}:/var/tmp/nix-import-encrypted/0
-
-bootstrap DEST CONFIG ARCH="x86_64-linux" NODISKODEPS="":
-  nix develop .#deploy --command zsh -c "swarsel-bootstrap {{NODISKODEPS}} -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"
+bootstrap DEST CONFIG ARCH="x86_64-linux":
+  nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"
diff --git a/modules/home/common/anki.nix b/modules/home/common/anki.nix
index 995cd3a..4c857b7 100644
--- a/modules/home/common/anki.nix
+++ b/modules/home/common/anki.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, globals, inputs, confLib, ... }:
+{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
 let
   moduleName = "anki";
   inherit (config.swarselsystems) isPublic isNixos;
@@ -23,11 +23,11 @@ in
           syncMedia = true;
           autoSyncMediaMinutes = 5;
           url = "https://${globals.services.ankisync.domain}";
-          usernameFile = confLib.getConfig.sops.secrets.anki-user.path;
+          usernameFile = nixosConfig.sops.secrets.anki-user.path;
           # this is not the password but the syncKey
           # get it by logging in or out, saving preferences and then
           # show details on the "settings wont be saved" dialog
-          keyFile = confLib.getConfig.sops.secrets.anki-pw.path;
+          keyFile = nixosConfig.sops.secrets.anki-pw.path;
         };
         addons =
           let
diff --git a/modules/home/common/atuin.nix b/modules/home/common/atuin.nix
index f2d79ea..82383f5 100644
--- a/modules/home/common/atuin.nix
+++ b/modules/home/common/atuin.nix
@@ -8,7 +8,6 @@ in
     programs.atuin = {
       enable = true;
       enableZshIntegration = true;
-      enableBashIntegration = true;
       settings = {
         auto_sync = true;
         sync_frequency = "5m";
diff --git a/modules/home/common/bash.nix b/modules/home/common/bash.nix
deleted file mode 100644
index ccf99c4..0000000
--- a/modules/home/common/bash.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, ... }:
-{
-  options.swarselmodules.bash = lib.mkEnableOption "bash settings";
-  config = lib.mkIf config.swarselmodules.bash {
-
-    programs.bash = {
-      enable = true;
-      # needed for remote builders
-      bashrcExtra = lib.mkIf (!config.swarselsystems.isNixos) ''
-        export PATH="/nix/var/nix/profiles/default/bin:$PATH"
-      '';
-      historyFile = "${config.home.homeDirectory}/.histfile";
-      historySize = 100000;
-      historyFileSize = 100000;
-      historyControl = [
-        "ignoreboth"
-      ];
-    };
-  };
-}
diff --git a/modules/home/common/element.nix b/modules/home/common/element.nix
index 0398726..f9ba831 100644
--- a/modules/home/common/element.nix
+++ b/modules/home/common/element.nix
@@ -1,4 +1,4 @@
-{ lib, config, globals, ... }:
+{ lib, config, ... }:
 let
   moduleName = "element-desktop";
 in
@@ -10,7 +10,7 @@ in
       settings = {
         default_server_config = {
           "m.homeserver" = {
-            base_url = "https://${globals.services.matrix.domain}/";
+            base_url = "https://swatrix.swarsel.win/";
           };
         };
         UIFeature = {
diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix
index 22d01cd..4fe4d82 100644
--- a/modules/home/common/emacs.nix
+++ b/modules/home/common/emacs.nix
@@ -109,14 +109,12 @@ in
       secrets = {
         fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
         emacs-radicale-pw = { };
-        github-forge-token = { };
       };
       templates = {
         authinfo = {
           path = "${homeDir}/.emacs.d/.authinfo";
           content = ''
             machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
-            machine api.github.com login ${mainUser}^forge password ${config.sops.placeholder.github-forge-token}
           '';
         };
       };
diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix
index 4fb6ae4..f2f463d 100644
--- a/modules/home/common/env.nix
+++ b/modules/home/common/env.nix
@@ -1,8 +1,8 @@
-{ lib, config, confLib, globals, ... }:
+{ lib, config, nixosConfig ? config, ... }:
 let
-  inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
-  inherit (confLib.getConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name;
-  inherit (confLib.getConfig.repo.secrets.common) fullName openrouterApi instaDomain sportDomain;
+  inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
+  inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name;
+  inherit (nixosConfig.repo.secrets.common) fullName openrouterApi;
   inherit (config.swarselsystems) isPublic homeDir;
 
   DISPLAY = ":0";
@@ -16,14 +16,7 @@ in
     } // (lib.optionalAttrs (!isPublic) { });
     systemd.user.sessionVariables = {
       DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
-      FLAKE = "${config.home.homeDirectory}/.dotfiles";
     } // lib.optionalAttrs (!isPublic) {
-      SWARSEL_DOMAIN = globals.domains.main;
-      SWARSEL_RSS_DOMAIN = globals.services.freshrss.domain;
-      SWARSEL_MUSIC_DOMAIN = globals.services.navidrome.domain;
-      SWARSEL_FILES_DOMAIN = globals.services.nextcloud.domain;
-      SWARSEL_INSTA_DOMAIN = instaDomain;
-      SWARSEL_SPORT_DOMAIN = sportDomain;
       SWARSEL_MAIL1 = address1;
       SWARSEL_MAIL2 = address2;
       SWARSEL_MAIL3 = address3;
@@ -36,7 +29,7 @@ in
       SWARSEL_CAL3NAME = source3-name;
       SWARSEL_FULLNAME = fullName;
       SWARSEL_MAIL_ALL = lib.mkDefault allMailAddresses;
-      GITHUB_NOTIFICATION_TOKEN_PATH = confLib.getConfig.sops.secrets.github-notifications-token.path;
+      GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path;
       OPENROUTER_API_KEY = openrouterApi;
     };
   };
diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix
index 07d6644..c8862c8 100644
--- a/modules/home/common/gammastep.nix
+++ b/modules/home/common/gammastep.nix
@@ -1,6 +1,6 @@
-{ lib, config, confLib, ... }:
+{ lib, config, nixosConfig ? config, ... }:
 let
-  inherit (confLib.getConfig.repo.secrets.common.location) latitude longitude;
+  inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
 in
 {
   options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings";
diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix
index cda162b..1fb7ad8 100644
--- a/modules/home/common/git.nix
+++ b/modules/home/common/git.nix
@@ -1,7 +1,7 @@
-{ lib, config, globals, minimal, confLib, ... }:
+{ lib, config, globals, minimal, nixosConfig ? config, ... }:
 let
-  inherit (confLib.getConfig.repo.secrets.common.mail) address1;
-  inherit (confLib.getConfig.repo.secrets.common) fullName;
+  inherit (nixosConfig.repo.secrets.common.mail) address1;
+  inherit (nixosConfig.repo.secrets.common) fullName;
 
   gitUser = globals.user.name;
 in
diff --git a/modules/home/common/hexchat.nix b/modules/home/common/hexchat.nix
index 97f70c0..f0d813a 100644
--- a/modules/home/common/hexchat.nix
+++ b/modules/home/common/hexchat.nix
@@ -1,7 +1,7 @@
-{ lib, config, confLib, ... }:
+{ lib, config, nixosConfig ? config, ... }:
 let
   moduleName = "hexchat";
-  inherit (confLib.getConfig.repo.secrets.common.irc) irc_nick1;
+  inherit (nixosConfig.repo.secrets.common.irc) irc_nick1;
 in
 {
   options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix
index 6c46e4a..690eb0d 100644
--- a/modules/home/common/mail.nix
+++ b/modules/home/common/mail.nix
@@ -1,7 +1,7 @@
-{ lib, config, inputs, globals, confLib, ... }:
+{ lib, config, inputs, nixosConfig ? config, ... }:
 let
-  inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4;
-  inherit (confLib.getConfig.repo.secrets.common) fullName;
+  inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
+  inherit (nixosConfig.repo.secrets.common) fullName;
   inherit (config.swarselsystems) xdgDir;
 in
 {
@@ -123,43 +123,24 @@ in
             maildirBasePath = "Mail";
             accounts = {
               swarsel = {
-                imap = {
-                  host = globals.services.mailserver.domain;
-                  port = 993;
-                  tls.enable = true; # SSL/TLS
-                };
-                smtp = {
-                  host = globals.services.mailserver.domain;
-                  port = 465;
-                  tls.enable = true; # SSL/TLS
-                };
-                thunderbird = {
-                  enable = true;
-                  profiles = [ "default" ];
-                };
                 address = address4;
-                userName = address4;
+                userName = address4-user;
                 realName = fullName;
-                passwordCommand = "cat ${confLib.getConfig.sops.secrets.address4-token.path}";
-                mu.enable = true;
+                passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
+                smtp = {
+                  host = address4-host;
+                  port = 587;
+                  tls = {
+                    enable = true;
+                    useStartTls = true;
+                  };
+                };
+                mu.enable = false;
                 msmtp = {
                   enable = true;
                 };
                 mbsync = {
-                  enable = true;
-                  create = "maildir";
-                  expunge = "both";
-                  patterns = [ "*" ];
-                  extraConfig = {
-                    channel = {
-                      Sync = "All";
-                    };
-                    account = {
-                      Timeout = 120;
-                      PipelineDepth = 1;
-                      AuthMechs = "LOGIN";
-                    };
-                  };
+                  enable = false;
                 };
               };
 
@@ -169,7 +150,7 @@ in
                   address = address1;
                   userName = address1;
                   realName = fullName;
-                  passwordCommand = "cat ${confLib.getConfig.sops.secrets.address1-token.path}";
+                  passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
                   gpg = {
                     key = "0x76FD3810215AE097";
                     signByDefault = true;
@@ -183,7 +164,7 @@ in
                   address = address2;
                   userName = address2;
                   realName = address2-name;
-                  passwordCommand = "cat ${confLib.getConfig.sops.secrets.address2-token.path}";
+                  passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
                 }
                 defaultSettings;
 
@@ -193,7 +174,7 @@ in
                   address = address3;
                   userName = address3;
                   realName = address3-name;
-                  passwordCommand = "cat ${confLib.getConfig.sops.secrets.address3-token.path}";
+                  passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
                 }
                 defaultSettings;
 
diff --git a/modules/home/optional/niri.nix b/modules/home/common/niri.nix
similarity index 99%
rename from modules/home/optional/niri.nix
rename to modules/home/common/niri.nix
index 5873b62..699881f 100644
--- a/modules/home/optional/niri.nix
+++ b/modules/home/common/niri.nix
@@ -1,8 +1,5 @@
-{ inputs, config, pkgs, lib, vars, ... }:
+{ config, pkgs, lib, vars, ... }:
 {
-  imports = [
-    inputs.niri-flake.homeModules.niri
-  ];
   options.swarselmodules.niri = lib.mkEnableOption "niri settings";
   config = lib.mkIf config.swarselmodules.niri
     {
diff --git a/modules/home/common/nix-index.nix b/modules/home/common/nix-index.nix
index b749bf8..42aa8d1 100644
--- a/modules/home/common/nix-index.nix
+++ b/modules/home/common/nix-index.nix
@@ -14,13 +14,11 @@
       in
 
       {
-
         enable = true;
         package = pkgs.symlinkJoin {
           name = "nix-index";
           paths = [ commandNotFound ];
         };
       };
-    programs.nix-index-database.comma.enable = true;
   };
 }
diff --git a/modules/home/common/obsidian.nix b/modules/home/common/obsidian.nix
index 03219bc..5020502 100644
--- a/modules/home/common/obsidian.nix
+++ b/modules/home/common/obsidian.nix
@@ -1,7 +1,7 @@
-{ lib, config, pkgs, confLib, ... }:
+{ lib, config, pkgs, nixosConfig ? config, ... }:
 let
   moduleName = "obsidian";
-  inherit (confLib.getConfig.repo.secrets.common.obsidian) userIgnoreFilters;
+  inherit (nixosConfig.repo.secrets.common.obsidian) userIgnoreFilters;
   name = "Main";
 in
 {
diff --git a/modules/home/common/opkssh.nix b/modules/home/common/opkssh.nix
index 1481701..9d5b86d 100644
--- a/modules/home/common/opkssh.nix
+++ b/modules/home/common/opkssh.nix
@@ -1,4 +1,4 @@
-{ lib, config, globals, ... }:
+{ lib, config, ... }:
 let
   moduleName = "opkssh";
 in
@@ -13,7 +13,7 @@ in
         providers = [
           {
             alias = "kanidm";
-            issuer = "https://${globals.services.kanidm.domain}/oauth2/openid/opkssh";
+            issuer = "https://sso.swarsel.win/oauth2/openid/opkssh";
             client_id = "opkssh";
             scopes = "openid email profile";
             redirect_uris = [
diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix
index e9dbb00..a1c84bf 100644
--- a/modules/home/common/packages.nix
+++ b/modules/home/common/packages.nix
@@ -25,9 +25,6 @@
       # ssh login using idm
       opkssh
 
-      # cache
-      attic-client
-
       # dict
       (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
 
@@ -63,6 +60,7 @@
       nix-inspect
       nixpkgs-review
       manix
+      comma
 
       # shellscripts
       shfmt
diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix
index c624b34..3793cbc 100644
--- a/modules/home/common/settings.nix
+++ b/modules/home/common/settings.nix
@@ -1,7 +1,6 @@
-{ self, outputs, lib, pkgs, config, globals, confLib, ... }:
+{ self, outputs, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser flakePath isNixos isLinux;
-  inherit (confLib.getConfig.repo.secrets.common) atticPublicKey;
 in
 {
   options.swarselmodules.general = lib.mkEnableOption "general nix settings";
@@ -23,7 +22,7 @@ in
             };
           in
           ''
-            plugin-files = ${nix-plugins}/lib/nix/plugins
+                  plugin-files = ${nix-plugins}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '';
         settings = {
@@ -34,17 +33,7 @@ in
             "cgroups"
             "pipe-operators"
           ];
-          substituters = [
-            "https://${globals.services.attic.domain}/${mainUser}"
-          ];
-          trusted-public-keys = [
-            atticPublicKey
-          ];
-          trusted-users = [
-            "@wheel"
-            "${mainUser}"
-            (lib.mkIf config.swarselmodules.server.ssh-builder "builder")
-          ];
+          trusted-users = [ "@wheel" "${mainUser}" ];
           connect-timeout = 5;
           bash-prompt-prefix = "$SHLVL:\\w ";
           bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix
index 64bbc28..abf4a38 100644
--- a/modules/home/common/sops.nix
+++ b/modules/home/common/sops.nix
@@ -6,8 +6,8 @@ in
   options.swarselmodules.sops = lib.mkEnableOption "sops settings";
   config = lib.optionalAttrs (inputs ? sops) {
     sops = {
-      age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ];
-      defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml";
+      age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
+      defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
       validateSopsFiles = false;
     };
diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix
index e575925..562f68a 100644
--- a/modules/home/common/ssh.nix
+++ b/modules/home/common/ssh.nix
@@ -1,7 +1,7 @@
-{ inputs, lib, config, confLib, ... }:
+{ lib, config, nixosConfig ? config, ... }:
 {
   options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
-  config = lib.mkIf config.swarselmodules.ssh ({
+  config = lib.mkIf config.swarselmodules.ssh {
     programs.ssh = {
       enable = true;
       enableDefaultConfig = false;
@@ -18,15 +18,11 @@
           serverAliveCountMax = 3;
           hashKnownHosts = false;
           userKnownHostsFile = "~/.ssh/known_hosts";
-          controlMaster = "auto";
+          controlMaster = "no";
           controlPath = "~/.ssh/master-%r@%n:%p";
-          controlPersist = "5m";
+          controlPersist = "no";
         };
-      } // confLib.getConfig.repo.secrets.common.ssh.hosts;
+      } // nixosConfig.repo.secrets.common.ssh.hosts;
     };
-  } // lib.optionalAttrs (inputs ? sops) {
-    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
-      builder-key = { path = "${config.home.homeDirectory}/.ssh/builder"; mode = "0600"; };
-    };
-  });
+  };
 }
diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix
index 83f894a..12ebb83 100644
--- a/modules/home/common/sway.nix
+++ b/modules/home/common/sway.nix
@@ -1,4 +1,4 @@
-{ config, lib, vars, confLib, ... }:
+{ config, lib, vars, nixosConfig ? config, ... }:
 let
   eachOutput = _: monitor: {
     inherit (monitor) name;
@@ -381,7 +381,7 @@ in
         export XDG_CURRENT_DESKTOP=sway;
         export XDG_SESSION_DESKTOP=sway;
         export _JAVA_AWT_WM_NONREPARENTING=1;
-        export GITHUB_NOTIFICATION_TOKEN_PATH=${confLib.getConfig.sops.secrets.github-notifications-token.path};
+        export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
       '' + vars.waylandExports;
       # extraConfigEarly = "
       # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix
index 095e90c..3a5507b 100644
--- a/modules/home/common/yubikey.nix
+++ b/modules/home/common/yubikey.nix
@@ -1,4 +1,4 @@
-{ lib, config, inputs, confLib, ... }:
+{ lib, config, inputs, nixosConfig ? config, ... }:
 let
   inherit (config.swarselsystems) homeDir;
 in
@@ -9,8 +9,8 @@ in
 
     pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
       ids = [
-        confLib.getConfig.repo.secrets.common.yubikeys.dev1
-        confLib.getConfig.secrets.common.yubikeys.dev2
+        nixosConfig.repo.secrets.common.yubikeys.dev1
+        nixosConfig.repo.secrets.common.yubikeys.dev2
       ];
     };
   } // lib.optionalAttrs (inputs ? sops) {
diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix
index 7f7b6e3..30aa13c 100644
--- a/modules/home/common/zsh.nix
+++ b/modules/home/common/zsh.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, minimal, inputs, globals, confLib, ... }:
+{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
 let
   inherit (config.swarselsystems) flakePath isNixos;
   crocDomain = globals.services.croc.domain;
@@ -67,10 +67,7 @@ in
         };
         history = {
           expireDuplicatesFirst = true;
-          append = true;
-          ignoreSpace = true;
-          ignoreDups = true;
-          path = "${config.home.homeDirectory}/.histfile";
+          path = "$HOME/.histfile";
           save = 100000;
           size = 100000;
         };
@@ -127,8 +124,8 @@ in
         '';
         sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
           CROC_RELAY = crocDomain;
-          CROC_PASS = "$(cat ${confLib.getConfig.sops.secrets.croc-password.path or ""})";
-          GITHUB_TOKEN = "$(cat ${confLib.getConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
+          CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
+          GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
           QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
           # QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
         };
diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix
index 3d4baab..9e8a9d8 100644
--- a/modules/home/optional/framework.nix
+++ b/modules/home/optional/framework.nix
@@ -1,6 +1,7 @@
-_:
+{ lib, config, ... }:
 {
-  config = {
+  options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+  config = lib.mkIf config.swarselmodules.optional.framework {
     swarselsystems = {
       inputs = {
         "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix
index 04b2817..d9657db 100644
--- a/modules/home/optional/gaming.nix
+++ b/modules/home/optional/gaming.nix
@@ -1,9 +1,10 @@
-{ config, pkgs, confLib, ... }:
+{ lib, config, pkgs, nixosConfig ? config, ... }:
 let
   inherit (config.swarselsystems) isNixos;
 in
 {
-  config = {
+  options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings";
+  config = lib.mkIf config.swarselmodules.optional.gaming {
     # specialisation = {
     #   gaming.configuration = {
     home.packages = with pkgs; [
@@ -43,7 +44,7 @@ in
         gamescope
         umu-launcher
       ];
-      steamPackage = if isNixos then confLib.getConfig.programs.steam.package else pkgs.steam;
+      steamPackage = if isNixos then nixosConfig.programs.steam.package else pkgs.steam;
       winePackages = with pkgs; [
         wineWow64Packages.waylandFull
       ];
diff --git a/modules/home/optional/uni.nix b/modules/home/optional/uni.nix
index a841620..ef2d2c4 100644
--- a/modules/home/optional/uni.nix
+++ b/modules/home/optional/uni.nix
@@ -1,22 +1,24 @@
-{ confLib, ... }:
+{ config, lib, nixosConfig ? config, ... }:
 {
-  config = {
-    services.pizauth = {
-      enable = true;
-      accounts = {
-        uni = {
-          authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-          tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
-          clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
-          clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
-          scopes = [
-            "https://outlook.office365.com/IMAP.AccessAsUser.All"
-            "https://outlook.office365.com/SMTP.Send"
-            "offline_access"
-          ];
-          loginHint = "${confLib.getConfig.repo.secrets.local.uni.mailAddress}";
+  options.swarselmodules.optional.uni = lib.mkEnableOption "optional uni settings";
+  config = lib.mkIf config.swarselmodules.optional.uni
+    {
+      services.pizauth = {
+        enable = true;
+        accounts = {
+          uni = {
+            authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+            tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
+            clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
+            scopes = [
+              "https://outlook.office365.com/IMAP.AccessAsUser.All"
+              "https://outlook.office365.com/SMTP.Send"
+              "offline_access"
+            ];
+            loginHint = "${nixosConfig.repo.secrets.local.uni.mailAddress}";
+          };
         };
       };
     };
-  };
 }
diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix
index 26b377a..006638a 100644
--- a/modules/home/optional/work.nix
+++ b/modules/home/optional/work.nix
@@ -1,425 +1,394 @@
-{ self, inputs, config, pkgs, lib, vars, confLib, ... }:
+{ self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }:
 let
   inherit (config.swarselsystems) homeDir mainUser;
-  inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
-  inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
+  inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses;
+  inherit (nixosConfig.repo.secrets.local.work) mailAddress;
 
   certsSopsFile = self + /secrets/certs/secrets.yaml;
 in
 {
-  options.swarselmodules.optional-work = lib.swarselsystems.mkTrueOption;
-  config = {
-    home = {
-      packages = with pkgs; [
-        stable.teams-for-linux
-        shellcheck
-        dig
-        docker
-        postman
-        # rclone
-        libguestfs-with-appliance
-        prometheus.cli
-        tigervnc
-        # openstackclient
+  options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
+  config = lib.mkIf config.swarselmodules.optional.work
+    ({
+      home = {
+        packages = with pkgs; [
+          stable.teams-for-linux
+          shellcheck
+          dig
+          docker
+          postman
+          # rclone
+          libguestfs-with-appliance
+          prometheus.cli
+          tigervnc
+          # openstackclient
 
-        vscode
-        dev.antigravity
+          vscode
 
-        rustdesk-vbc
-      ];
-      sessionVariables = {
-        AWS_CA_BUNDLE = confLib.getConfig.sops.secrets.harica-root-ca.path;
-      };
-    };
-    systemd.user.sessionVariables = {
-      DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
-    } // lib.optionalAttrs (!config.swarselsystems.isPublic) {
-      SWARSEL_MAIL_ALL = lib.mkForce allMailAddresses;
-      SWARSEL_MAIL_WORK = lib.mkForce mailAddress;
-    };
-
-    accounts.email.accounts.work =
-      let
-        inherit (confLib.getConfig.repo.secrets.local.work) mailName;
-      in
-      {
-        primary = false;
-        address = mailAddress;
-        userName = mailAddress;
-        realName = mailName;
-        passwordCommand = "pizauth show work";
-        imap = {
-          host = "outlook.office365.com";
-          port = 993;
-          tls.enable = true; # SSL/TLS
-        };
-        smtp = {
-          host = "outlook.office365.com";
-          port = 587;
-          tls = {
-            enable = true; # SSL/TLS
-            useStartTls = true;
-          };
-        };
-        thunderbird = {
-          enable = true;
-          profiles = [ "default" ];
-          settings = id: {
-            "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth
-            "mail.server.server_${id}.authMethod" = 10; # oauth
-            # "toolkit.telemetry.enabled" = false;
-            # "toolkit.telemetry.rejected" = true;
-            # "toolkit.telemetry.prompted" = 2;
-          };
-        };
-        msmtp = {
-          enable = true;
-          extraConfig = {
-            auth = "xoauth2";
-            host = "outlook.office365.com";
-            protocol = "smtp";
-            port = "587";
-            tls = "on";
-            tls_starttls = "on";
-            from = "${mailAddress}";
-            user = "${mailAddress}";
-            passwordeval = "pizauth show work";
-          };
-        };
-        mu.enable = true;
-        mbsync = {
-          enable = true;
-          expunge = "both";
-          patterns = [ "INBOX" ];
-          extraConfig = {
-            account = {
-              AuthMechs = "XOAUTH2";
-            };
-          };
-        };
-      };
-
-    # wayland.windowManager.sway.config = {
-    #   output = {
-    #     "Applied Creative Technology Transmitter QUATTRO201811" = {
-    #       bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}";
-    #     };
-    #     "Hewlett Packard HP Z24i CN44250RDT" = {
-    #       bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}";
-    #     };
-    #     "HP Inc. HP 732pk CNC4080YL5" = {
-    #       bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}";
-    #     };
-    #   };
-    # };
-
-    wayland.windowManager.sway =
-      let
-        inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress;
-      in
-      {
-        config = {
-          keybindings =
-            let
-              inherit (config.wayland.windowManager.sway.config) modifier;
-            in
-            {
-              "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}";
-              "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}";
-            };
-        };
-      };
-
-    stylix = {
-      targets.firefox.profileNames =
-        let
-          inherit (confLib.getConfig.repo.secrets.local.work) user1 user2 user3;
-        in
-        [
-          "${user1}"
-          "${user2}"
-          "${user3}"
-          "work"
+          rustdesk-vbc
         ];
-    };
-
-    programs =
-      let
-        inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
-      in
-      {
-        openstackclient = {
-          enable = true;
-          inherit clouds;
-        };
-        awscli = {
-          enable = true;
-          package = pkgs.stable24_05.awscli2;
-          # settings = {
-          #   "default" = { };
-          #   "profile s3-imagebuilder-prod" = { };
-          # };
-          # credentials = {
-          #   "s3-imagebuilder-prod" = {
-          #     aws_access_key_id = "5OYXY4879EJG9I91K1B6";
-          #     credential_process = "${pkgs.pass}/bin/pass show work/awscli/s3-imagebuilder-prod/secret-key";
-          #   };
-          # };
-        };
-        git.settings.user.email = lib.mkForce gitMail;
-
-        zsh = {
-          shellAliases = {
-            dssh = "ssh -l ${user1Long}";
-            cssh = "ssh -l ${user2Long}";
-            wssh = "ssh -l ${user3Long}";
-          };
-          cdpath = [
-            "~/Documents/Work"
-          ];
-          dirHashes = {
-            d = "$HOME/.dotfiles";
-            w = "$HOME/Documents/Work";
-            s = "$HOME/.dotfiles/secrets";
-            pr = "$HOME/Documents/Private";
-            ac = path1;
-          };
-
-          sessionVariables = {
-            VSPHERE_USER = "$(cat ${confLib.getConfig.sops.secrets.vcuser.path})";
-            VSPHERE_PW = "$(cat ${confLib.getConfig.sops.secrets.vcpw.path})";
-            GOVC_USERNAME = "$(cat ${confLib.getConfig.sops.secrets.govcuser.path})";
-            GOVC_PASSWORD = "$(cat ${confLib.getConfig.sops.secrets.govcpw.path})";
-            GOVC_URL = "$(cat ${confLib.getConfig.sops.secrets.govcurl.path})";
-            GOVC_DATACENTER = "$(cat ${confLib.getConfig.sops.secrets.govcdc.path})";
-            GOVC_DATASTORE = "$(cat ${confLib.getConfig.sops.secrets.govcds.path})";
-            GOVC_HOST = "$(cat ${confLib.getConfig.sops.secrets.govchost.path})";
-            GOVC_RESOURCE_POOL = "$(cat ${confLib.getConfig.sops.secrets.govcpool.path})";
-            GOVC_NETWORK = "$(cat ${confLib.getConfig.sops.secrets.govcnetwork.path})";
-          };
-        };
-
-        ssh = {
-          matchBlocks = {
-            "${loc1}" = {
-              hostname = "${loc1}.${domain2}";
-              user = user4;
-            };
-            "${loc1}.stg" = {
-              hostname = "${loc1}.${lifecycle1}.${domain2}";
-              user = user4;
-            };
-            "${loc1}.staging" = {
-              hostname = "${loc1}.${lifecycle1}.${domain2}";
-              user = user4;
-            };
-            "${loc1}.dev" = {
-              hostname = "${loc1}.${lifecycle2}.${domain2}";
-              user = user4;
-            };
-            "${loc2}" = {
-              hostname = "${loc2}.${domain1}";
-              user = user1Long;
-            };
-            "${loc2}.stg" = {
-              hostname = "${loc2}.${lifecycle1}.${domain2}";
-              user = user1Long;
-            };
-            "${loc2}.staging" = {
-              hostname = "${loc2}.${lifecycle1}.${domain2}";
-              user = user1Long;
-            };
-            "*.${domain1}" = {
-              user = user1Long;
-            };
-          };
-        };
-
-        firefox = {
-          profiles =
-            let
-              isDefault = false;
-            in
-            {
-              "${user1}" = lib.recursiveUpdate
-                {
-                  inherit isDefault;
-                  id = 1;
-                  settings = {
-                    "browser.startup.homepage" = "${site1}|${site2}";
-                  };
-                }
-                vars.firefox;
-              "${user2}" = lib.recursiveUpdate
-                {
-                  inherit isDefault;
-                  id = 2;
-                  settings = {
-                    "browser.startup.homepage" = "${site3}";
-                  };
-                }
-                vars.firefox;
-              "${user3}" = lib.recursiveUpdate
-                {
-                  inherit isDefault;
-                  id = 3;
-                }
-                vars.firefox;
-              work = lib.recursiveUpdate
-                {
-                  inherit isDefault;
-                  id = 4;
-                  settings = {
-                    "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
-                  };
-                }
-                vars.firefox;
-            };
-        };
-
-        chromium = {
-          enable = true;
-          package = pkgs.chromium;
-
-          extensions = [
-            # 1password
-            "gejiddohjgogedgjnonbofjigllpkmbf"
-            # dark reader
-            "eimadpbcbfnmbkopoojfekhnkhdbieeh"
-            # ublock origin
-            "cjpalhdlnbpafiamejdnhcphjbkeiagm"
-            # i still dont care about cookies
-            "edibdbjcniadpccecjdfdjjppcpchdlm"
-            # browserpass
-            "naepdomgkenhinolocfifgehidddafch"
-          ];
+        sessionVariables = {
+          AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path;
         };
       };
+      systemd.user.sessionVariables = {
+        DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
+      } // lib.optionalAttrs (!config.swarselsystems.isPublic) {
+        SWARSEL_MAIL_ALL = lib.mkForce allMailAddresses;
+        SWARSEL_MAIL_WORK = lib.mkForce mailAddress;
+      };
 
-    services = {
-      kanshi = {
-        settings = [
-          {
-            # seminary room
-            output = {
-              criteria = "Applied Creative Technology Transmitter QUATTRO201811";
-              scale = 1.0;
-              mode = "1280x720";
+      accounts.email.accounts.work =
+        let
+          inherit (nixosConfig.repo.secrets.local.work) mailName;
+        in
+        {
+          primary = false;
+          address = mailAddress;
+          userName = mailAddress;
+          realName = mailName;
+          passwordCommand = "pizauth show work";
+          imap = {
+            host = "outlook.office365.com";
+            port = 993;
+            tls.enable = true; # SSL/TLS
+          };
+          smtp = {
+            host = "outlook.office365.com";
+            port = 587;
+            tls = {
+              enable = true; # SSL/TLS
+              useStartTls = true;
             };
-          }
-          {
-            # work main screen
-            output = {
-              criteria = "HP Inc. HP 732pk CNC4080YL5";
-              scale = 1.0;
-              mode = "3840x2160";
+          };
+          thunderbird = {
+            enable = true;
+            profiles = [ "default" ];
+            settings = id: {
+              "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth
+              "mail.server.server_${id}.authMethod" = 10; # oauth
+              # "toolkit.telemetry.enabled" = false;
+              # "toolkit.telemetry.rejected" = true;
+              # "toolkit.telemetry.prompted" = 2;
             };
-          }
-          {
-            # work side screen
-            output = {
-              criteria = "Hewlett Packard HP Z24i CN44250RDT";
-              scale = 1.0;
-              mode = "1920x1200";
-              transform = "270";
+          };
+          msmtp = {
+            enable = true;
+            extraConfig = {
+              auth = "xoauth2";
+              host = "outlook.office365.com";
+              protocol = "smtp";
+              port = "587";
+              tls = "on";
+              tls_starttls = "on";
+              from = "${mailAddress}";
+              user = "${mailAddress}";
+              passwordeval = "pizauth show work";
             };
-          }
-          {
-            profile = {
-              name = "lidopen";
-              exec = [
-                "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}"
-                "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}"
-                "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}"
-              ];
-              outputs = [
-                {
-                  criteria = config.swarselsystems.sharescreen;
-                  status = "enable";
-                  scale = 1.5;
-                  position = "1462,0";
-                }
-                {
-                  criteria = "HP Inc. HP 732pk CNC4080YL5";
-                  scale = 1.4;
-                  mode = "3840x2160";
-                  position = "-1280,0";
-                }
-                {
-                  criteria = "Hewlett Packard HP Z24i CN44250RDT";
-                  scale = 1.0;
-                  mode = "1920x1200";
-                  transform = "90";
-                  position = "-2480,0";
-                }
-              ];
+          };
+          mu.enable = true;
+          mbsync = {
+            enable = true;
+            expunge = "both";
+            patterns = [ "INBOX" ];
+            extraConfig = {
+              account = {
+                AuthMechs = "XOAUTH2";
+              };
             };
-          }
-          {
-            profile =
+          };
+        };
+
+      # wayland.windowManager.sway.config = {
+      #   output = {
+      #     "Applied Creative Technology Transmitter QUATTRO201811" = {
+      #       bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}";
+      #     };
+      #     "Hewlett Packard HP Z24i CN44250RDT" = {
+      #       bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}";
+      #     };
+      #     "HP Inc. HP 732pk CNC4080YL5" = {
+      #       bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}";
+      #     };
+      #   };
+      # };
+
+      wayland.windowManager.sway =
+        let
+          inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress;
+        in
+        {
+          config = {
+            keybindings =
               let
-                monitor = "Applied Creative Technology Transmitter QUATTRO201811";
+                inherit (config.wayland.windowManager.sway.config) modifier;
               in
               {
+                "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}";
+                "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}";
+              };
+          };
+        };
+
+      stylix = {
+        targets.firefox.profileNames =
+          let
+            inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3;
+          in
+          [
+            "${user1}"
+            "${user2}"
+            "${user3}"
+            "work"
+          ];
+      };
+
+      programs =
+        let
+          inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
+        in
+        {
+          openstackclient = {
+            enable = true;
+            inherit clouds;
+          };
+          awscli = {
+            enable = true;
+            package = pkgs.stable24_05.awscli2;
+            # settings = {
+            #   "default" = { };
+            #   "profile s3-imagebuilder-prod" = { };
+            # };
+            # credentials = {
+            #   "s3-imagebuilder-prod" = {
+            #     aws_access_key_id = "5OYXY4879EJG9I91K1B6";
+            #     credential_process = "${pkgs.pass}/bin/pass show work/awscli/s3-imagebuilder-prod/secret-key";
+            #   };
+            # };
+          };
+          git.settings.user.email = lib.mkForce gitMail;
+
+          zsh = {
+            shellAliases = {
+              dssh = "ssh -l ${user1Long}";
+              cssh = "ssh -l ${user2Long}";
+              wssh = "ssh -l ${user3Long}";
+            };
+            cdpath = [
+              "~/Documents/Work"
+            ];
+            dirHashes = {
+              d = "$HOME/.dotfiles";
+              w = "$HOME/Documents/Work";
+              s = "$HOME/.dotfiles/secrets";
+              pr = "$HOME/Documents/Private";
+              ac = path1;
+            };
+
+            sessionVariables = {
+              VSPHERE_USER = "$(cat ${nixosConfig.sops.secrets.vcuser.path})";
+              VSPHERE_PW = "$(cat ${nixosConfig.sops.secrets.vcpw.path})";
+              GOVC_USERNAME = "$(cat ${nixosConfig.sops.secrets.govcuser.path})";
+              GOVC_PASSWORD = "$(cat ${nixosConfig.sops.secrets.govcpw.path})";
+              GOVC_URL = "$(cat ${nixosConfig.sops.secrets.govcurl.path})";
+              GOVC_DATACENTER = "$(cat ${nixosConfig.sops.secrets.govcdc.path})";
+              GOVC_DATASTORE = "$(cat ${nixosConfig.sops.secrets.govcds.path})";
+              GOVC_HOST = "$(cat ${nixosConfig.sops.secrets.govchost.path})";
+              GOVC_RESOURCE_POOL = "$(cat ${nixosConfig.sops.secrets.govcpool.path})";
+              GOVC_NETWORK = "$(cat ${nixosConfig.sops.secrets.govcnetwork.path})";
+            };
+          };
+
+          ssh = {
+            matchBlocks = {
+              "${loc1}" = {
+                hostname = "${loc1}.${domain2}";
+                user = user4;
+              };
+              "${loc1}.stg" = {
+                hostname = "${loc1}.${lifecycle1}.${domain2}";
+                user = user4;
+              };
+              "${loc1}.staging" = {
+                hostname = "${loc1}.${lifecycle1}.${domain2}";
+                user = user4;
+              };
+              "${loc1}.dev" = {
+                hostname = "${loc1}.${lifecycle2}.${domain2}";
+                user = user4;
+              };
+              "${loc2}" = {
+                hostname = "${loc2}.${domain1}";
+                user = user1Long;
+              };
+              "${loc2}.stg" = {
+                hostname = "${loc2}.${lifecycle1}.${domain2}";
+                user = user1Long;
+              };
+              "${loc2}.staging" = {
+                hostname = "${loc2}.${lifecycle1}.${domain2}";
+                user = user1Long;
+              };
+              "*.${domain1}" = {
+                user = user1Long;
+              };
+            };
+          };
+
+          firefox = {
+            profiles =
+              let
+                isDefault = false;
+              in
+              {
+                "${user1}" = lib.recursiveUpdate
+                  {
+                    inherit isDefault;
+                    id = 1;
+                    settings = {
+                      "browser.startup.homepage" = "${site1}|${site2}";
+                    };
+                  }
+                  vars.firefox;
+                "${user2}" = lib.recursiveUpdate
+                  {
+                    inherit isDefault;
+                    id = 2;
+                    settings = {
+                      "browser.startup.homepage" = "${site3}";
+                    };
+                  }
+                  vars.firefox;
+                "${user3}" = lib.recursiveUpdate
+                  {
+                    inherit isDefault;
+                    id = 3;
+                  }
+                  vars.firefox;
+                work = lib.recursiveUpdate
+                  {
+                    inherit isDefault;
+                    id = 4;
+                    settings = {
+                      "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
+                    };
+                  }
+                  vars.firefox;
+              };
+          };
+
+          chromium = {
+            enable = true;
+            package = pkgs.chromium;
+
+            extensions = [
+              # 1password
+              "gejiddohjgogedgjnonbofjigllpkmbf"
+              # dark reader
+              "eimadpbcbfnmbkopoojfekhnkhdbieeh"
+              # ublock origin
+              "cjpalhdlnbpafiamejdnhcphjbkeiagm"
+              # i still dont care about cookies
+              "edibdbjcniadpccecjdfdjjppcpchdlm"
+              # browserpass
+              "naepdomgkenhinolocfifgehidddafch"
+            ];
+          };
+        };
+
+      services = {
+        kanshi = {
+          settings = [
+            {
+              # seminary room
+              output = {
+                criteria = "Applied Creative Technology Transmitter QUATTRO201811";
+                scale = 1.0;
+                mode = "1280x720";
+              };
+            }
+            {
+              # work main screen
+              output = {
+                criteria = "HP Inc. HP 732pk CNC4080YL5";
+                scale = 1.0;
+                mode = "3840x2160";
+              };
+            }
+            {
+              # work side screen
+              output = {
+                criteria = "Hewlett Packard HP Z24i CN44250RDT";
+                scale = 1.0;
+                mode = "1920x1200";
+                transform = "270";
+              };
+            }
+            {
+              profile = {
                 name = "lidopen";
                 exec = [
                   "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}"
-                  "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}"
-                  "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'"
+                  "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}"
+                  "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}"
                 ];
                 outputs = [
                   {
                     criteria = config.swarselsystems.sharescreen;
                     status = "enable";
-                    scale = 1.7;
-                    position = "2560,0";
+                    scale = 1.5;
+                    position = "1462,0";
                   }
                   {
-                    criteria = "Applied Creative Technology Transmitter QUATTRO201811";
+                    criteria = "HP Inc. HP 732pk CNC4080YL5";
+                    scale = 1.4;
+                    mode = "3840x2160";
+                    position = "-1280,0";
+                  }
+                  {
+                    criteria = "Hewlett Packard HP Z24i CN44250RDT";
                     scale = 1.0;
-                    mode = "1280x720";
-                    position = "10000,10000";
+                    mode = "1920x1200";
+                    transform = "90";
+                    position = "-2480,0";
                   }
                 ];
               };
-          }
-          {
-            profile = {
-              name = "lidclosed";
-              exec = [
-                "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}"
-                "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}"
-              ];
-              outputs = [
+            }
+            {
+              profile =
+                let
+                  monitor = "Applied Creative Technology Transmitter QUATTRO201811";
+                in
                 {
-                  criteria = config.swarselsystems.sharescreen;
-                  status = "disable";
-                }
-                {
-                  criteria = "HP Inc. HP 732pk CNC4080YL5";
-                  scale = 1.4;
-                  mode = "3840x2160";
-                  position = "-1280,0";
-                }
-                {
-                  criteria = "Hewlett Packard HP Z24i CN44250RDT";
-                  scale = 1.0;
-                  mode = "1920x1200";
-                  transform = "270";
-                  position = "-2480,0";
-                }
-              ];
-            };
-          }
-          {
-            profile =
-              let
-                monitor = "Applied Creative Technology Transmitter QUATTRO201811";
-              in
-              {
+                  name = "lidopen";
+                  exec = [
+                    "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}"
+                    "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}"
+                    "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'"
+                  ];
+                  outputs = [
+                    {
+                      criteria = config.swarselsystems.sharescreen;
+                      status = "enable";
+                      scale = 1.7;
+                      position = "2560,0";
+                    }
+                    {
+                      criteria = "Applied Creative Technology Transmitter QUATTRO201811";
+                      scale = 1.0;
+                      mode = "1280x720";
+                      position = "10000,10000";
+                    }
+                  ];
+                };
+            }
+            {
+              profile = {
                 name = "lidclosed";
                 exec = [
-                  "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}"
+                  "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}"
+                  "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}"
                 ];
                 outputs = [
                   {
@@ -427,240 +396,271 @@ in
                     status = "disable";
                   }
                   {
-                    criteria = "Applied Creative Technology Transmitter QUATTRO201811";
+                    criteria = "HP Inc. HP 732pk CNC4080YL5";
+                    scale = 1.4;
+                    mode = "3840x2160";
+                    position = "-1280,0";
+                  }
+                  {
+                    criteria = "Hewlett Packard HP Z24i CN44250RDT";
                     scale = 1.0;
-                    mode = "1280x720";
-                    position = "10000,10000";
+                    mode = "1920x1200";
+                    transform = "270";
+                    position = "-2480,0";
                   }
                 ];
               };
-          }
-        ];
-      };
-    };
-
-    systemd.user.services = {
-      pizauth.Service = {
-        ExecStartPost = [
-          "${pkgs.toybox}/bin/sleep 1"
-          "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'"
-        ];
-      };
-
-      teams-applet = {
-        Unit = {
-          Description = "teams applet";
-          Requires = [ "tray.target" ];
-          After = [
-            "graphical-session.target"
-            "tray.target"
+            }
+            {
+              profile =
+                let
+                  monitor = "Applied Creative Technology Transmitter QUATTRO201811";
+                in
+                {
+                  name = "lidclosed";
+                  exec = [
+                    "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}"
+                  ];
+                  outputs = [
+                    {
+                      criteria = config.swarselsystems.sharescreen;
+                      status = "disable";
+                    }
+                    {
+                      criteria = "Applied Creative Technology Transmitter QUATTRO201811";
+                      scale = 1.0;
+                      mode = "1280x720";
+                      position = "10000,10000";
+                    }
+                  ];
+                };
+            }
           ];
-          PartOf = [ "graphical-session.target" ];
-        };
-
-        Install = {
-          WantedBy = [ "graphical-session.target" ];
-        };
-
-        Service = {
-          ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
         };
       };
 
-      onepassword-applet = {
-        Unit = {
-          Description = "1password applet";
-          Requires = [ "tray.target" ];
-          After = [
-            "graphical-session.target"
-            "tray.target"
+      systemd.user.services = {
+        pizauth.Service = {
+          ExecStartPost = [
+            "${pkgs.toybox}/bin/sleep 1"
+            "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'"
           ];
-          PartOf = [ "graphical-session.target" ];
         };
 
-        Install = {
-          WantedBy = [ "graphical-session.target" ];
-        };
+        teams-applet = {
+          Unit = {
+            Description = "teams applet";
+            Requires = [ "tray.target" ];
+            After = [
+              "graphical-session.target"
+              "tray.target"
+            ];
+            PartOf = [ "graphical-session.target" ];
+          };
 
-        Service = {
-          ExecStart = "${pkgs._1password-gui}/bin/1password";
-        };
-      };
+          Install = {
+            WantedBy = [ "graphical-session.target" ];
+          };
 
-    };
-
-    services.pizauth = {
-      enable = true;
-      extraConfig = ''
-        auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi";
-        error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\"";
-        token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state";
-      '';
-      accounts = {
-        work = {
-          authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-          tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
-          clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
-          clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
-          scopes = [
-            "https://outlook.office365.com/IMAP.AccessAsUser.All"
-            "https://outlook.office365.com/SMTP.Send"
-            "offline_access"
-          ];
-          loginHint = "${confLib.getConfig.repo.secrets.local.work.mailAddress}";
-        };
-      };
-
-    };
-
-    xdg =
-      let
-        inherit (confLib.getConfig.repo.secrets.local.work) user1 user2 user3;
-      in
-      {
-        mimeApps = {
-          defaultApplications = {
-            "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
+          Service = {
+            ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
           };
         };
-        desktopEntries =
-          let
-            terminal = false;
-            categories = [ "Application" ];
-            icon = "firefox";
-          in
-          {
-            firefox_work = {
-              name = "Firefox (work)";
-              genericName = "Firefox work";
-              exec = "firefox -p work";
-              inherit terminal categories icon;
-            };
-            "firefox_${user1}" = {
-              name = "Firefox (${user1})";
-              genericName = "Firefox ${user1}";
-              exec = "firefox -p ${user1}";
-              inherit terminal categories icon;
-            };
-
-            "firefox_${user2}" = {
-              name = "Firefox (${user2})";
-              genericName = "Firefox ${user2}";
-              exec = "firefox -p ${user2}";
-              inherit terminal categories icon;
-            };
-
-            "firefox_${user3}" = {
-              name = "Firefox (${user3})";
-              genericName = "Firefox ${user3}";
-              exec = "firefox -p ${user3}";
-              inherit terminal categories icon;
-            };
-
 
+        onepassword-applet = {
+          Unit = {
+            Description = "1password applet";
+            Requires = [ "tray.target" ];
+            After = [
+              "graphical-session.target"
+              "tray.target"
+            ];
+            PartOf = [ "graphical-session.target" ];
           };
+
+          Install = {
+            WantedBy = [ "graphical-session.target" ];
+          };
+
+          Service = {
+            ExecStart = "${pkgs._1password-gui}/bin/1password";
+          };
+        };
+
       };
-    swarselsystems = {
-      startup = [
-        # { command = "nextcloud --background"; }
-        # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
-        # { command = "element-desktop --hidden  --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
-        # { command = "anki"; }
-        # { command = "obsidian"; }
-        # { command = "nm-applet"; }
-        # { command = "feishin"; }
-        # { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; }
-        # { command = "1password"; }
-      ];
-      monitors = {
-        work_back_middle = rec {
-          name = "LG Electronics LG Ultra HD 0x000305A6";
-          mode = "2560x1440";
-          scale = "1";
-          position = "5120,0";
-          workspace = "1:一";
-          # output = "DP-10";
-          output = name;
-        };
-        work_front_left = rec {
-          name = "LG Electronics LG Ultra HD 0x0007AB45";
-          mode = "3840x2160";
-          scale = "1";
-          position = "5120,0";
-          workspace = "1:一";
-          # output = "DP-7";
-          output = name;
-        };
-        work_back_right = rec {
-          name = "HP Inc. HP Z32 CN41212T55";
-          mode = "3840x2160";
-          scale = "1";
-          position = "5120,0";
-          workspace = "1:一";
-          # output = "DP-3";
-          output = name;
-        };
-        work_middle_middle_main = rec {
-          name = "HP Inc. HP 732pk CNC4080YL5";
-          mode = "3840x2160";
-          scale = "1";
-          position = "-1280,0";
-          workspace = "11:M";
-          # output = "DP-8";
-          output = name;
-        };
-        work_middle_middle_side = rec {
-          name = "Hewlett Packard HP Z24i CN44250RDT";
-          mode = "1920x1200";
-          transform = "270";
-          scale = "1";
-          position = "-2480,0";
-          workspace = "12:S";
-          # output = "DP-9";
-          output = name;
-        };
-        work_seminary = rec {
-          name = "Applied Creative Technology Transmitter QUATTRO201811";
-          mode = "1280x720";
-          scale = "1";
-          position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
-          workspace = "14:T";
-          # output = "DP-4";
-          output = name;
+
+      services.pizauth = {
+        enable = true;
+        extraConfig = ''
+          auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi";
+          error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\"";
+          token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state";
+        '';
+        accounts = {
+          work = {
+            authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+            tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
+            clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
+            scopes = [
+              "https://outlook.office365.com/IMAP.AccessAsUser.All"
+              "https://outlook.office365.com/SMTP.Send"
+              "offline_access"
+            ];
+            loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}";
+          };
         };
+
       };
-      inputs = {
-        "1133:45081:MX_Master_2S_Keyboard" = {
-          xkb_layout = "us";
-          xkb_variant = "altgr-intl";
+
+      xdg =
+        let
+          inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3;
+        in
+        {
+          mimeApps = {
+            defaultApplications = {
+              "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
+            };
+          };
+          desktopEntries =
+            let
+              terminal = false;
+              categories = [ "Application" ];
+              icon = "firefox";
+            in
+            {
+              firefox_work = {
+                name = "Firefox (work)";
+                genericName = "Firefox work";
+                exec = "firefox -p work";
+                inherit terminal categories icon;
+              };
+              "firefox_${user1}" = {
+                name = "Firefox (${user1})";
+                genericName = "Firefox ${user1}";
+                exec = "firefox -p ${user1}";
+                inherit terminal categories icon;
+              };
+
+              "firefox_${user2}" = {
+                name = "Firefox (${user2})";
+                genericName = "Firefox ${user2}";
+                exec = "firefox -p ${user2}";
+                inherit terminal categories icon;
+              };
+
+              "firefox_${user3}" = {
+                name = "Firefox (${user3})";
+                genericName = "Firefox ${user3}";
+                exec = "firefox -p ${user3}";
+                inherit terminal categories icon;
+              };
+
+
+            };
         };
-        # "2362:628:PIXA3854:00_093A:0274_Touchpad" = {
-        #   dwt = "enabled";
-        #   tap = "enabled";
-        #   natural_scroll = "enabled";
-        #   middle_emulation = "enabled";
-        #   drag_lock = "disabled";
-        # };
-        "1133:50504:Logitech_USB_Receiver" = {
-          xkb_layout = "us";
-          xkb_variant = "altgr-intl";
+      swarselsystems = {
+        startup = [
+          # { command = "nextcloud --background"; }
+          # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
+          # { command = "element-desktop --hidden  --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+          # { command = "anki"; }
+          # { command = "obsidian"; }
+          # { command = "nm-applet"; }
+          # { command = "feishin"; }
+          # { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; }
+          # { command = "1password"; }
+        ];
+        monitors = {
+          work_back_middle = rec {
+            name = "LG Electronics LG Ultra HD 0x000305A6";
+            mode = "2560x1440";
+            scale = "1";
+            position = "5120,0";
+            workspace = "1:一";
+            # output = "DP-10";
+            output = name;
+          };
+          work_front_left = rec {
+            name = "LG Electronics LG Ultra HD 0x0007AB45";
+            mode = "3840x2160";
+            scale = "1";
+            position = "5120,0";
+            workspace = "1:一";
+            # output = "DP-7";
+            output = name;
+          };
+          work_back_right = rec {
+            name = "HP Inc. HP Z32 CN41212T55";
+            mode = "3840x2160";
+            scale = "1";
+            position = "5120,0";
+            workspace = "1:一";
+            # output = "DP-3";
+            output = name;
+          };
+          work_middle_middle_main = rec {
+            name = "HP Inc. HP 732pk CNC4080YL5";
+            mode = "3840x2160";
+            scale = "1";
+            position = "-1280,0";
+            workspace = "11:M";
+            # output = "DP-8";
+            output = name;
+          };
+          work_middle_middle_side = rec {
+            name = "Hewlett Packard HP Z24i CN44250RDT";
+            mode = "1920x1200";
+            transform = "270";
+            scale = "1";
+            position = "-2480,0";
+            workspace = "12:S";
+            # output = "DP-9";
+            output = name;
+          };
+          work_seminary = rec {
+            name = "Applied Creative Technology Transmitter QUATTRO201811";
+            mode = "1280x720";
+            scale = "1";
+            position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
+            workspace = "14:T";
+            # output = "DP-4";
+            output = name;
+          };
         };
-        "1133:45944:MX_KEYS_S" = {
-          xkb_layout = "us";
-          xkb_variant = "altgr-intl";
+        inputs = {
+          "1133:45081:MX_Master_2S_Keyboard" = {
+            xkb_layout = "us";
+            xkb_variant = "altgr-intl";
+          };
+          # "2362:628:PIXA3854:00_093A:0274_Touchpad" = {
+          #   dwt = "enabled";
+          #   tap = "enabled";
+          #   natural_scroll = "enabled";
+          #   middle_emulation = "enabled";
+          #   drag_lock = "disabled";
+          # };
+          "1133:50504:Logitech_USB_Receiver" = {
+            xkb_layout = "us";
+            xkb_variant = "altgr-intl";
+          };
+          "1133:45944:MX_KEYS_S" = {
+            xkb_layout = "us";
+            xkb_variant = "altgr-intl";
+          };
+        };
+
+      };
+    } // lib.optionalAttrs (inputs ? sops) {
+      sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
+        harica-root-ca = {
+          sopsFile = certsSopsFile;
+          path = "${homeDir}/.aws/certs/harica-root.pem";
+          owner = mainUser;
         };
       };
 
-    };
-  } // lib.optionalAttrs (inputs ? sops) {
-    sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
-      harica-root-ca = {
-        sopsFile = certsSopsFile;
-        path = "${homeDir}/.aws/certs/harica-root.pem";
-        owner = mainUser;
-      };
-    };
-
-  };
+    });
 
 }
diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix
index d878939..aad336f 100644
--- a/modules/nixos/client/network.nix
+++ b/modules/nixos/client/network.nix
@@ -1,4 +1,4 @@
-{ self, lib, pkgs, config, globals, ... }:
+{ self, lib, pkgs, config, ... }:
 let
   certsSopsFile = self + /secrets/certs/secrets.yaml;
   clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
@@ -50,7 +50,7 @@ in
     networking = {
       inherit (config.swarselsystems) hostName;
       hosts = {
-        "${globals.networks.home-lan.hosts.winters.ipv4}" = [ globals.services.transmission.domain ];
+        "192.168.178.24" = [ "store.swarsel.win" ];
       };
       wireless.iwd = {
         enable = true;
diff --git a/modules/nixos/optional/niri.nix b/modules/nixos/client/niri.nix
similarity index 86%
rename from modules/nixos/optional/niri.nix
rename to modules/nixos/client/niri.nix
index 80b5c5a..4724319 100644
--- a/modules/nixos/optional/niri.nix
+++ b/modules/nixos/client/niri.nix
@@ -1,11 +1,8 @@
-{ inputs, lib, config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 let
   moduleName = "niri";
 in
 {
-  imports = [
-    inputs.niri-flake.nixosModules.niri
-  ];
   options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings";
   config = lib.mkIf config.swarselmodules.${moduleName}
     {
diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix
index f52bfd4..b4233eb 100644
--- a/modules/nixos/client/packages.nix
+++ b/modules/nixos/client/packages.nix
@@ -30,9 +30,8 @@
 
       libsForQt5.qt5.qtwayland
 
-      # do not do this! clashes with the flake
-      # nix-index
-
+      # nix package database
+      nix-index
       nixos-generators
 
       # commit hooks
@@ -48,9 +47,6 @@
       # better make for general tasks
       just
 
-      # sops
-      ssh-to-age
-      sops
 
       # keyboards
       qmk
diff --git a/modules/nixos/client/remotebuild.nix b/modules/nixos/client/remotebuild.nix
deleted file mode 100644
index 0ce54c3..0000000
--- a/modules/nixos/client/remotebuild.nix
+++ /dev/null
@@ -1,85 +0,0 @@
-{ lib, config, globals, ... }:
-let
-  inherit (config.swarselsystems) homeDir mainUser isClient;
-in
-{
-  options.swarselmodules.remotebuild = lib.mkEnableOption "enable remote builds on this machine";
-  config = lib.mkIf config.swarselmodules.remotebuild {
-
-    sops.secrets = {
-      builder-key = lib.mkIf isClient { owner = mainUser; path = "${homeDir}/.ssh/builder"; mode = "0600"; };
-      nixbuild-net-key = { owner = mainUser; path = "${homeDir}/.ssh/nixbuild-net"; mode = "0600"; };
-    };
-
-    nix = {
-      settings.builders-use-substitutes = true;
-      distributedBuilds = true;
-      buildMachines = [
-        (lib.mkIf isClient {
-          hostName = config.repo.secrets.common.builder1-ip;
-          system = "aarch64-linux";
-          maxJobs = 20;
-          speedFactor = 10;
-        })
-        (lib.mkIf isClient {
-          hostName = globals.hosts.belchsfactory.wanAddress4;
-          system = "aarch64-linux";
-          maxJobs = 4;
-          speedFactor = 2;
-          protocol = "ssh-ng";
-        })
-        {
-          hostName = "eu.nixbuild.net";
-          system = "x86_64-linux";
-          maxJobs = 100;
-          speedFactor = 2;
-          supportedFeatures = [ "big-parallel" ];
-        }
-      ];
-    };
-    programs.ssh = {
-      knownHosts = {
-        nixbuild = {
-          hostNames = [ "eu.nixbuild.net" ];
-          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
-        };
-        builder1 = lib.mkIf isClient {
-          hostNames = [ config.repo.secrets.common.builder1-ip ];
-          publicKey = config.repo.secrets.common.builder1-pubHostKey;
-        };
-        jump = lib.mkIf isClient {
-          hostNames = [ globals.hosts.liliputsteps.wanAddress4 ];
-          publicKey = config.repo.secrets.common.jump-pubHostKey;
-        };
-        builder2 = lib.mkIf isClient {
-          hostNames = [ globals.hosts.belchsfactory.wanAddress4 ];
-          publicKey = config.repo.secrets.common.builder2-pubHostKey;
-        };
-      };
-      extraConfig = ''
-        Host eu.nixbuild.net
-          ConnectTimeout 1
-          PubkeyAcceptedKeyTypes ssh-ed25519
-          ServerAliveInterval 60
-          IPQoS throughput
-          IdentityFile ${config.sops.secrets.nixbuild-net-key.path}
-      '' + lib.optionalString isClient ''
-        Host ${config.repo.secrets.common.builder1-ip}
-          ConnectTimeout 1
-          User ${mainUser}
-          IdentityFile ${config.sops.secrets.builder-key.path}
-
-        Host ${globals.hosts.belchsfactory.wanAddress4}
-          ConnectTimeout 5
-          ProxyJump ${globals.hosts.liliputsteps.wanAddress4}
-          User builder
-          IdentityFile ${config.sops.secrets.builder-key.path}
-
-        Host ${globals.hosts.liliputsteps.wanAddress4}
-          ConnectTimeout 1
-          User jump
-          IdentityFile ${config.sops.secrets.builder-key.path}
-      '';
-    };
-  };
-}
diff --git a/modules/nixos/client/sops.nix b/modules/nixos/client/sops.nix
index d0ea6f3..2fa10eb 100644
--- a/modules/nixos/client/sops.nix
+++ b/modules/nixos/client/sops.nix
@@ -5,8 +5,9 @@
     sops = {
 
       # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
-      age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
-      defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
+      age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+      # defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
+      defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
 
       validateSopsFiles = false;
 
diff --git a/modules/nixos/client/uwsm.nix b/modules/nixos/client/uwsm.nix
index 5c9d66e..28888f0 100644
--- a/modules/nixos/client/uwsm.nix
+++ b/modules/nixos/client/uwsm.nix
@@ -13,7 +13,7 @@ in
           comment = "Sway compositor managed by UWSM";
           binPath = "/run/current-system/sw/bin/sway";
         };
-        niri = lib.mkIf (config.swarselmodules ? niri) {
+        niri = {
           prettyName = "Niri";
           comment = "Niri compositor managed by UWSM";
           binPath = "/run/current-system/sw/bin/niri-session";
diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix
index 9cae3d7..c33aa95 100644
--- a/modules/nixos/common/globals.nix
+++ b/modules/nixos/common/globals.nix
@@ -82,8 +82,7 @@ let
                 if netSubmod.config.cidrv6 == null then
                   null
                 else
-                # if we use the /32 wan address as local address directly, do not use the network address in ipv6
-                  lib.net.cidr.hostCidr (if hostSubmod.config.id == 0 then 1 else hostSubmod.config.id) netSubmod.config.cidrv6;
+                  lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6;
             };
           };
         })
@@ -115,31 +114,13 @@ in
 
           services = mkOption {
             type = types.attrsOf (
-              types.submodule (serviceSubmod: {
+              types.submodule {
                 options = {
                   domain = mkOption {
                     type = types.str;
                   };
-                  subDomain = mkOption {
-                    readOnly = true;
-                    type = types.str;
-                    default = lib.swarselsystems.getSubDomain serviceSubmod.config.domain;
-                  };
-                  baseDomain = mkOption {
-                    readOnly = true;
-                    type = types.str;
-                    default = lib.swarselsystems.getBaseDomain serviceSubmod.config.domain;
-                  };
-                  proxyAddress4 = mkOption {
-                    type = types.nullOr types.str;
-                    default = null;
-                  };
-                  proxyAddress6 = mkOption {
-                    type = types.nullOr types.str;
-                    default = null;
-                  };
                 };
-              })
+              }
             );
           };
 
@@ -182,12 +163,6 @@ in
                   defaultGateway6 = mkOption {
                     type = types.nullOr types.net.ipv6;
                   };
-                  wanAddress4 = mkOption {
-                    type = types.nullOr types.net.ipv4;
-                  };
-                  wanAddress6 = mkOption {
-                    type = types.nullOr types.net.ipv6;
-                  };
                 };
               }
             );
@@ -197,10 +172,6 @@ in
             main = mkOption {
               type = types.str;
             };
-            externalDns = mkOption {
-              type = types.listOf types.str;
-              description = "List of external dns nameservers";
-            };
           };
         };
       };
diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix
index f853132..fd2db03 100644
--- a/modules/nixos/common/home-manager-secrets.nix
+++ b/modules/nixos/common/home-manager-secrets.nix
@@ -24,8 +24,7 @@ in
         github-nixpkgs-review-token = { owner = mainUser; };
       }) // (lib.optionalAttrs modules.emacs {
         emacs-radicale-pw = { owner = mainUser; };
-        github-forge-token = { owner = mainUser; };
-      }) // (lib.optionalAttrs (modules ? optional-work) {
+      }) // (lib.optionalAttrs modules.optional.work {
         harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
       }) // (lib.optionalAttrs modules.anki {
         anki-user = { owner = mainUser; };
diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix
index 47cc879..3b2d332 100644
--- a/modules/nixos/common/home-manager.nix
+++ b/modules/nixos/common/home-manager.nix
@@ -12,6 +12,7 @@
         inputs.nix-index-database.homeModules.nix-index
         inputs.sops-nix.homeManagerModules.sops
         inputs.spicetify-nix.homeManagerModules.default
+        # inputs.swarsel-modules.homeModules.default
         inputs.swarsel-nix.homeModules.default
         {
           imports = [
diff --git a/modules/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix
index e111c86..31f8641 100644
--- a/modules/nixos/common/impermanence.nix
+++ b/modules/nixos/common/impermanence.nix
@@ -72,7 +72,6 @@ in
       hideMounts = true;
       directories =
         [
-          "/root/.dotfiles"
           "/etc/nix"
           "/etc/NetworkManager/system-connections"
           "/var/lib/nixos"
diff --git a/modules/nixos/common/meta.nix b/modules/nixos/common/meta.nix
index 93b3a90..fcb79d3 100644
--- a/modules/nixos/common/meta.nix
+++ b/modules/nixos/common/meta.nix
@@ -11,10 +11,6 @@
         description = "Node Name.";
         type = lib.types.str;
       };
-      lockFromBootstrapping = lib.mkOption {
-        description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap.";
-        type = lib.types.bool;
-      };
     };
   };
 }
diff --git a/modules/nixos/common/nodes.nix b/modules/nixos/common/nodes.nix
index fe667aa..a2d1ad7 100644
--- a/modules/nixos/common/nodes.nix
+++ b/modules/nixos/common/nodes.nix
@@ -34,11 +34,6 @@ let
       "nginx"
       "virtualHosts"
     ]
-    [
-      "swarselsystems"
-      "server"
-      "dns"
-    ]
   ];
 
   attrsForEachOption =
diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix
index 2ab4bbe..cdcf3a2 100644
--- a/modules/nixos/common/settings.nix
+++ b/modules/nixos/common/settings.nix
@@ -1,7 +1,5 @@
-{ self, lib, pkgs, config, outputs, inputs, minimal, globals, ... }:
+{ self, lib, pkgs, config, outputs, inputs, minimal, ... }:
 let
-  inherit (config.swarselsystems) mainUser;
-  inherit (config.repo.secrets.common) atticPublicKey;
   settings = if minimal then { } else {
     environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" ''
       assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
@@ -38,8 +36,7 @@ let
         channel.enable = false;
         registry = rec {
           nixpkgs.flake = inputs.nixpkgs;
-          # swarsel.flake = inputs.swarsel;
-          swarsel.flake = self;
+          swarsel.flake = inputs.swarsel;
           n = nixpkgs;
           s = swarsel;
         };
@@ -59,8 +56,8 @@ in
   config = lib.mkIf config.swarselmodules.general
     (lib.recursiveUpdate
       {
-        sops.secrets = lib.mkIf (!minimal) {
-          github-api-token = { owner = mainUser; };
+        sops.secrets.github-api-token = lib.mkIf (!minimal) {
+          sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
         };
 
         nix =
@@ -77,17 +74,7 @@ in
                 "cgroups"
                 "pipe-operators"
               ];
-              substituters = [
-                "https://${globals.services.attic.domain}/${mainUser}"
-              ];
-              trusted-public-keys = [
-                atticPublicKey
-              ];
-              trusted-users = [
-                "@wheel"
-                "${config.swarselsystems.mainUser}"
-                (lib.mkIf config.swarselmodules.server.ssh-builder "builder")
-              ];
+              trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
             };
             # extraOptions = ''
             #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index aada123..b04ffd2 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -1,8 +1,11 @@
-{ pkgs, config, lib, globals, minimal, ... }:
+{ self, pkgs, config, lib, globals, minimal, ... }:
+let
+  sopsFile = self + /secrets/general/secrets.yaml;
+in
 {
   options.swarselmodules.users = lib.mkEnableOption "user config";
   config = lib.mkIf config.swarselmodules.users {
-    sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
+    sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
 
     users = {
       mutableUsers = lib.mkIf (!minimal) false;
diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix
index 64ea60d..9051b9d 100644
--- a/modules/nixos/optional/amdcpu.nix
+++ b/modules/nixos/optional/amdcpu.nix
@@ -1,6 +1,7 @@
-_:
+{ lib, config, ... }:
 {
-  config = {
+  options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings";
+  config = lib.mkIf config.swarselmodules.optional.amdcpu {
     hardware = {
       cpu.amd.updateMicrocode = true;
     };
diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix
index f81461c..7af14c6 100644
--- a/modules/nixos/optional/amdgpu.nix
+++ b/modules/nixos/optional/amdgpu.nix
@@ -1,6 +1,7 @@
-_:
+{ lib, config, ... }:
 {
-  config = {
+  options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings";
+  config = lib.mkIf config.swarselmodules.optional.amdgpu {
     hardware = {
       amdgpu = {
         opencl.enable = true;
diff --git a/modules/nixos/server/btrfs.nix b/modules/nixos/optional/btrfs.nix
similarity index 100%
rename from modules/nixos/server/btrfs.nix
rename to modules/nixos/optional/btrfs.nix
diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix
index cade27e..5f0d00d 100644
--- a/modules/nixos/optional/framework.nix
+++ b/modules/nixos/optional/framework.nix
@@ -1,13 +1,7 @@
-{ self, config, ... }:
+{ lib, config, ... }:
 {
-  config = {
-
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      imports = [
-        "${self}/modules/home/optional/framework.nix"
-      ];
-    };
-
+  options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+  config = lib.mkIf config.swarselmodules.optional.framework {
     services = {
       fwupd = {
         enable = true;
diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix
index 09dcec1..5f28872 100644
--- a/modules/nixos/optional/gaming.nix
+++ b/modules/nixos/optional/gaming.nix
@@ -1,13 +1,7 @@
-{ self, pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
 {
-  config = {
-
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      imports = [
-        "${self}/modules/home/optional/gaming.nix"
-      ];
-    };
-
+  options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings";
+  config = lib.mkIf config.swarselmodules.optional.gaming {
     programs.steam = {
       enable = true;
       package = pkgs.steam;
diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix
index 29c9675..d6f0758 100644
--- a/modules/nixos/optional/hibernation.nix
+++ b/modules/nixos/optional/hibernation.nix
@@ -1,5 +1,6 @@
 { lib, config, ... }:
 {
+  options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings";
   options.swarselsystems = {
     hibernation = {
       offset = lib.mkOption {
@@ -12,7 +13,7 @@
       };
     };
   };
-  config = {
+  config = lib.mkIf config.swarselmodules.optional.hibernation {
     boot = {
       kernelParams = [
         "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}"
diff --git a/modules/nixos/optional/microvm-guest.nix b/modules/nixos/optional/microvm-guest.nix
index a90a2cf..8650fbc 100644
--- a/modules/nixos/optional/microvm-guest.nix
+++ b/modules/nixos/optional/microvm-guest.nix
@@ -1,9 +1,11 @@
-_:
+{ lib, config, ... }:
 {
+  options.swarselmodules.optional.microvmGuest = lib.mkEnableOption "optional microvmGuest settings";
   # imports = [
   #   inputs.microvm.nixosModules.microvm
+  #   "${self}/profiles/nixos"
+  #   "${self}/modules/nixos"
   # ];
-
-  config =
+  config = lib.mkIf config.swarselmodules.optional.microvmGuest
     { };
 }
diff --git a/modules/nixos/optional/microvm-host.nix b/modules/nixos/optional/microvm-host.nix
index 2948824..97a9059 100644
--- a/modules/nixos/optional/microvm-host.nix
+++ b/modules/nixos/optional/microvm-host.nix
@@ -1,7 +1,10 @@
-{ config, lib, ... }:
+{ lib, config, ... }:
 {
+  options = {
+    swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
+  };
   # imports = [
-  # inputs.microvm.nixosModules.host
+  #   inputs.microvm.nixosModules.host
   # ];
 
   config = lib.mkIf (config.guests != { }) {
diff --git a/modules/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix
index 00fb2c1..3af88db 100644
--- a/modules/nixos/optional/nswitch-rcm.nix
+++ b/modules/nixos/optional/nswitch-rcm.nix
@@ -1,6 +1,7 @@
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
 {
-  config = {
+  options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings";
+  config = lib.mkIf config.swarselmodules.optional.nswitch-rcm {
     services.nswitch-rcm = {
       enable = true;
       package = pkgs.fetchurl {
diff --git a/modules/nixos/optional/systemd-networkd-server.nix b/modules/nixos/optional/systemd-networkd-server.nix
deleted file mode 100644
index 059072b..0000000
--- a/modules/nixos/optional/systemd-networkd-server.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ lib, config, globals, ... }:
-{
-  networking = {
-    useDHCP = lib.mkForce false;
-    useNetworkd = true;
-    dhcpcd.enable = false;
-    renameInterfacesByMac = lib.mapAttrs (_: v: v.mac) (
-      config.repo.secrets.local.networking.networks or { }
-    );
-  };
-  boot.initrd.systemd.network = {
-    enable = true;
-    networks."10-${config.swarselsystems.server.localNetwork}" = config.systemd.network.networks."10-${config.swarselsystems.server.localNetwork}";
-  };
-
-  systemd = {
-    network = {
-      enable = true;
-      wait-online.enable = false;
-      networks =
-        let
-          netConfig = config.repo.secrets.local.networking;
-        in
-        {
-          "10-${config.swarselsystems.server.localNetwork}" = {
-            address = [
-              "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv4}"
-              "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv6}"
-            ];
-            routes = [
-              {
-                Gateway = netConfig.defaultGateway6;
-                GatewayOnLink = true;
-              }
-              {
-                Gateway = netConfig.defaultGateway4;
-                GatewayOnLink = true;
-              }
-            ];
-            networkConfig = {
-              IPv6PrivacyExtensions = true;
-              IPv6AcceptRA = false;
-            };
-            matchConfig.MACAddress = netConfig.networks.${config.swarselsystems.server.localNetwork}.mac;
-            linkConfig.RequiredForOnline = "routable";
-          };
-        };
-    };
-  };
-}
diff --git a/modules/nixos/optional/uni.nix b/modules/nixos/optional/uni.nix
deleted file mode 100644
index 1edf3b4..0000000
--- a/modules/nixos/optional/uni.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ self, config, ... }:
-{
-  config = {
-
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      imports = [
-        "${self}/modules/home/optional/work.nix"
-      ];
-    };
-  };
-}
diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix
index 2d70471..dc5aa61 100644
--- a/modules/nixos/optional/virtualbox.nix
+++ b/modules/nixos/optional/virtualbox.nix
@@ -1,6 +1,7 @@
 { lib, config, pkgs, ... }:
 {
-  config = {
+  options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings";
+  config = lib.mkIf config.swarselmodules.optional.virtualbox {
     # specialisation = {
     #   VBox.configuration = {
     virtualisation.virtualbox = {
diff --git a/modules/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix
index d79ff04..4236080 100644
--- a/modules/nixos/optional/vmware.nix
+++ b/modules/nixos/optional/vmware.nix
@@ -1,7 +1,8 @@
-_:
+{ lib, config, ... }:
 {
 
-  config = {
+  options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings";
+  config = lib.mkIf config.swarselmodules.optional.vmware {
     virtualisation.vmware.host.enable = true;
     virtualisation.vmware.guest.enable = true;
   };
diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix
index ccfbe7a..edec1bb 100644
--- a/modules/nixos/optional/work.nix
+++ b/modules/nixos/optional/work.nix
@@ -1,4 +1,4 @@
-{ self, lib, pkgs, config, ... }:
+{ self, lib, pkgs, config, configName, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir;
   iwd = config.networking.networkmanager.wifi.backend == "iwd";
@@ -6,24 +6,18 @@ let
   sopsFile = self + /secrets/work/secrets.yaml;
 in
 {
+  options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
   options.swarselsystems = {
     hostName = lib.mkOption {
       type = lib.types.str;
-      default = config.node.name;
+      default = configName;
     };
     fqdn = lib.mkOption {
       type = lib.types.str;
       default = "";
     };
   };
-  config = {
-
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      imports = [
-        "${self}/modules/home/optional/work.nix"
-      ];
-    };
-
+  config = lib.mkIf config.swarselmodules.optional.work {
     sops =
       let
         secretNames = [
diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix
index 6c283b3..b845ad7 100644
--- a/modules/nixos/server/ankisync.nix
+++ b/modules/nixos/server/ankisync.nix
@@ -1,7 +1,11 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "ankisync"; port = 27701; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 27701;
+  serviceName = "ankisync";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   ankiUser = globals.user.name;
 in
@@ -9,10 +13,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
     sops.secrets.anki-pw = { inherit sopsFile; owner = "root"; };
@@ -23,10 +23,7 @@ in
       info = "https://${serviceDomain}";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.anki-sync-server = {
       enable = true;
@@ -41,7 +38,7 @@ in
       ];
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/attic.nix b/modules/nixos/server/attic.nix
deleted file mode 100644
index 3cd0a69..0000000
--- a/modules/nixos/server/attic.nix
+++ /dev/null
@@ -1,129 +0,0 @@
-{ lib, config, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "attic"; port = 8091; }) serviceName serviceDir servicePort serviceAddress serviceDomain serviceProxy proxyAddress4 proxyAddress6;
-  inherit (config.swarselsystems) mainUser isPublic sopsFile;
-  serviceDB = "atticd";
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    sops = lib.mkIf (!isPublic) {
-      secrets = {
-        attic-server-token = { inherit sopsFile; };
-        attic-garage-access-key = { inherit sopsFile; };
-        attic-garage-secret-key = { inherit sopsFile; };
-      };
-      templates = {
-        "attic.env" = {
-          content = ''
-            ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder.attic-server-token}
-            AWS_ACCESS_KEY_ID=${config.sops.placeholder.attic-garage-access-key}
-            AWS_SECRET_ACCESS_KEY=${config.sops.placeholder.attic-garage-secret-key}
-          '';
-        };
-      };
-    };
-
-    services.atticd = {
-      enable = true;
-      environmentFile = config.sops.templates."attic.env".path;
-      settings = {
-        listen = "[::]:${builtins.toString servicePort}";
-        api-endpoint = "https://${serviceDomain}/";
-        allowed-hosts = [
-          serviceDomain
-        ];
-        require-proof-of-possession = false;
-        compression = {
-          type = "zstd";
-          level = 3;
-        };
-        database.url = "postgresql:///atticd?host=/run/postgresql";
-
-        storage =
-          if config.swarselmodules.server.garage then {
-            type = "s3";
-            region = mainUser;
-            bucket = serviceName;
-            # attic must be patched to never serve pre-signed s3 urls directly
-            # otherwise it will redirect clients to this localhost endpoint
-            endpoint = "http://127.0.0.1:3900";
-          } else {
-            type = "local";
-            path = serviceDir;
-            # attic must be patched to never serve pre-signed s3 urls directly
-            # otherwise it will redirect clients to this localhost endpoint
-          };
-
-        garbage-collection = {
-          interval = "1 day";
-          default-retention-period = "3 months";
-        };
-
-        chunking = {
-          nar-size-threshold = if config.swarselmodules.server.garage then 0 else 64 * 1024; # 64 KiB
-
-          min-size = 16 * 1024; # 16 KiB
-          avg-size = 64 * 1024; # 64 KiB
-          max-size = 256 * 1024; # 256 KiBize = 262144;
-        };
-      };
-    };
-
-    services.postgresql = {
-      enable = true;
-      enableTCPIP = true;
-      ensureDatabases = [ serviceDB ];
-      ensureUsers = [
-        {
-          name = serviceDB;
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    systemd.services.atticd = lib.mkIf config.swarselmodules.server.garage {
-      requires = [ "garage.service" ];
-      after = [ "garage.service" ];
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
-      upstreams = {
-        ${serviceName} = {
-          servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
-          };
-        };
-      };
-      virtualHosts = {
-        "${serviceDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}";
-              extraConfig = ''
-                client_max_body_size 0;
-              '';
-            };
-          };
-        };
-      };
-    };
-
-  };
-}
diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix
index ab782c8..d355e6f 100644
--- a/modules/nixos/server/atuin.nix
+++ b/modules/nixos/server/atuin.nix
@@ -1,21 +1,16 @@
-{ lib, config, globals, dns, confLib, ... }:
+{ lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "atuin"; port = 8888; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8888;
+  serviceName = "atuin";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -25,7 +20,7 @@ in
       openRegistration = false;
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/bastion.nix b/modules/nixos/server/bastion.nix
deleted file mode 100644
index 3d797d7..0000000
--- a/modules/nixos/server/bastion.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ self, lib, config, ... }:
-{
-  options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server";
-  config = lib.mkIf config.swarselmodules.server.bastion {
-
-    users = {
-      groups = {
-        jump = { };
-      };
-      users = {
-        "jump" = {
-          isNormalUser = true;
-          useDefaultShell = true;
-          group = lib.mkForce "jump";
-          createHome = lib.mkForce true;
-          openssh.authorizedKeys.keyFiles = [
-            (self + /secrets/keys/ssh/yubikey.pub)
-            (self + /secrets/keys/ssh/magicant.pub)
-            (self + /secrets/keys/ssh/builder.pub)
-          ];
-        };
-      };
-    };
-
-
-    services.openssh = {
-      enable = true;
-      startWhenNeeded = lib.mkForce false;
-      authorizedKeysInHomedir = false;
-      extraConfig = ''
-        Match User jump
-          PermitTTY no
-          X11Forwarding no
-          PermitTunnel no
-          GatewayPorts no
-          AllowAgentForwarding no
-      '';
-      settings = {
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-        PermitRootLogin = lib.mkDefault "no";
-        AllowUsers = [
-          "jump"
-        ];
-      };
-      hostKeys = lib.mkIf (!config.swarselmodules.server.ssh) [
-        {
-          path = "/etc/ssh/ssh_host_ed25519_key";
-          type = "ed25519";
-        }
-      ];
-    };
-
-    home-manager.users.jump.config = {
-      home.stateVersion = lib.mkDefault "23.05";
-      programs.ssh = {
-        enable = true;
-        enableDefaultConfig = false;
-        matchBlocks = {
-          "*" = {
-            forwardAgent = false;
-          };
-        } // config.repo.secrets.local.ssh.hosts;
-      };
-    };
-  };
-}
diff --git a/modules/nixos/server/croc.nix b/modules/nixos/server/croc.nix
index bc15734..d9c1286 100644
--- a/modules/nixos/server/croc.nix
+++ b/modules/nixos/server/croc.nix
@@ -1,6 +1,5 @@
-{ self, lib, config, pkgs, dns, globals, confLib, ... }:
+{ self, lib, config, pkgs, ... }:
 let
-  inherit (confLib.gen { name = "croc"; }) serviceName serviceDomain proxyAddress4 proxyAddress6;
   servicePorts = [
     9009
     9010
@@ -8,6 +7,8 @@ let
     9012
     9013
   ];
+  serviceName = "croc";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   inherit (config.swarselsystems) sopsFile;
 
@@ -17,10 +18,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         croc-password = { inherit sopsFile; };
@@ -42,10 +39,7 @@ in
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix
index 54e678a..c1531dd 100644
--- a/modules/nixos/server/disk-encrypt.nix
+++ b/modules/nixos/server/disk-encrypt.nix
@@ -1,15 +1,10 @@
 { self, pkgs, lib, config, globals, minimal, ... }:
 let
-  localIp = globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4;
-  subnetMask = globals.networks.${config.swarselsystems.server.netConfigName}.subnetMask4;
+  localIp = globals.networks.home.hosts.${config.node.name}.ipv4;
+  subnetMask = globals.networks.home.subnetMask4;
   gatewayIp = globals.hosts.${config.node.name}.defaultGateway4;
 
-  hostKeyPathBase = "/etc/secrets/initrd/ssh_host_ed25519_key";
-  hostKeyPath =
-    if config.swarselsystems.isImpermanence then
-      "/persist/${hostKeyPathBase}"
-    else
-      "${hostKeyPathBase}";
+  hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key";
 in
 {
   options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config";
@@ -19,40 +14,35 @@ in
   };
   config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) {
 
-
-    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-      deps = [ "ensureInitrdHostkey" ];
-    };
     system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) {
       text = ''
         [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath}
       '';
-      deps = [
-        "etc"
-      ];
+      deps = [ "users" ];
     };
 
     environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) {
-      files = [ hostKeyPathBase ];
+      files = [ hostKeyPath ];
     };
 
-    boot = lib.mkIf (!config.swarselsystems.isClient) {
-      kernelParams = lib.mkIf (!config.swarselsystems.isCloud) [
+    boot = lib.mkIf (config.swarselprofiles.server || minimal) {
+      kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [
         "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none"
       ];
       initrd = {
         availableKernelModules = config.swarselsystems.networkKernelModules;
         network = {
           enable = true;
+          udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
           flushBeforeStage2 = true;
           ssh = {
             enable = true;
             port = 2222; # avoid hostkey changed nag
-            authorizedKeys = [
-              ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}''
-              ''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}''
+            authorizedKeyFiles = [
+              (self + /secrets/keys/ssh/yubikey.pub)
+              (self + /secrets/keys/ssh/magicant.pub)
             ];
-            hostKeys = [ hostKeyPathBase ];
+            hostKeys = [ hostKeyPath ];
           };
           # postCommands = ''
           #   echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
@@ -62,24 +52,23 @@ in
           initrdBin = with pkgs; [
             cryptsetup
           ];
-          # NOTE: the below does put the text into /root/.profile, but the command will not be run
-          # services = {
-          #   unlock-luks = {
-          #     wantedBy = [ "initrd.target" ];
-          #     after = [ "network.target" ];
-          #     before = [ "systemd-cryptsetup@cryptroot.service" ];
-          #     path = [ "/bin" ];
+          services = {
+            unlock-luks = {
+              wantedBy = [ "initrd.target" ];
+              after = [ "network.target" ];
+              before = [ "systemd-cryptsetup@cryptroot.service" ];
+              path = [ "/bin" ];
 
-          #     serviceConfig = {
-          #       Type = "oneshot";
-          #       RemainAfterExit = true;
-          #     };
+              serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+              };
 
-          #     script = ''
-          #       echo "systemctl default" >> /root/.profile
-          #     '';
-          #   };
-          # };
+              script = ''
+                echo "systemctl default" >> /root/.profile
+              '';
+            };
+          };
         };
       };
     };
diff --git a/modules/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix
index 311658d..03e1261 100644
--- a/modules/nixos/server/emacs.nix
+++ b/modules/nixos/server/emacs.nix
@@ -1,6 +1,7 @@
-{ lib, config, confLib, ... }:
+{ lib, config, ... }:
 let
-  inherit (confLib.gen { name = "emacs"; port = 9812; }) servicePort serviceName;
+  serviceName = "emacs";
+  servicePort = 9812;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server";
diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix
index b97ba94..c0acad1 100644
--- a/modules/nixos/server/firefly-iii.nix
+++ b/modules/nixos/server/firefly-iii.nix
@@ -1,6 +1,11 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "firefly-iii"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 80;
+  serviceUser = "firefly-iii";
+  serviceGroup = serviceUser;
+  serviceName = "firefly-iii";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   nginxGroup = "nginx";
 
@@ -11,10 +16,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users = {
       groups.${serviceGroup} = { };
       users.${serviceUser} = {
@@ -35,11 +36,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -81,7 +78,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix
index d9d4123..a674078 100644
--- a/modules/nixos/server/forgejo.nix
+++ b/modules/nixos/server/forgejo.nix
@@ -1,7 +1,13 @@
-{ lib, config, pkgs, globals, dns, confLib, ... }:
+{ lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "forgejo"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 3004;
+  serviceUser = "forgejo";
+  serviceGroup = serviceUser;
+  serviceName = "forgejo";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   kanidmDomain = globals.services.kanidm.domain;
 in
@@ -9,10 +15,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
     users.users.${serviceUser} = {
@@ -26,10 +28,7 @@ in
       kanidm-forgejo-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -130,7 +129,7 @@ in
         '';
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix
index d136f6c..0375e64 100644
--- a/modules/nixos/server/freshrss.nix
+++ b/modules/nixos/server/freshrss.nix
@@ -1,6 +1,11 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "freshrss"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 80;
+  serviceName = "freshrss";
+  serviceUser = "freshrss";
+  serviceGroup = serviceName;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   inherit (config.swarselsystems) sopsFile;
 in
@@ -8,10 +13,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
       group = serviceGroup;
@@ -53,10 +54,7 @@ in
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} =
       let
@@ -76,7 +74,7 @@ in
     #   config.sops.templates.freshrss-env.path
     # ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/garage.nix b/modules/nixos/server/garage.nix
index b84fb50..d537552 100644
--- a/modules/nixos/server/garage.nix
+++ b/modules/nixos/server/garage.nix
@@ -1,359 +1,89 @@
-# inspired by https://github.com/atropos112/nixos/blob/7fef652006a1c939f4caf9c8a0cb0892d9cdfe21/modules/garage.nix
-{ lib, pkgs, config, globals, dns, confLib, ... }:
+{ self, lib, pkgs, config, configName, globals, ... }:
 let
-  inherit (confLib.gen {
-    name = "garage";
-    port = 3900;
-    domain = config.repo.secrets.common.services.domains."garage-${config.node.name}";
-  }) servicePort serviceName specificServiceName serviceDomain subDomain baseDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  sopsFile = self + /secrets/${configName}/secrets2.yaml;
 
-  cfg = lib.recursiveUpdate config.services.${serviceName} config.swarselsystems.server.${serviceName};
-  inherit (config.swarselsystems) sopsFile mainUser;
+  serviceName = "garage";
+  servicePort = 3900;
+  serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
-  # needs SSD
+  cfg = config.services.${serviceName};
   metadata_dir = "/var/lib/garage/meta";
-  # metadata_dir = if config.swarselsystems.isCloud then "/var/lib/garage/meta" else "/Vault/data/garage/meta";
-
-  garageRpcPort = 3901;
-  garageWebPort = 3902;
-  garageAdminPort = 3903;
-  garageK2VPort = 3904;
-
-  adminDomain = "${subDomain}admin.${baseDomain}";
-  webDomain = "${subDomain}web.${baseDomain}";
 in
 {
   options = {
     swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
     swarselsystems.server.${serviceName} = {
-      data_dir = {
-        path = lib.mkOption {
-          type = lib.types.str;
-          description = "Directory where Garage stores its metadata";
-        };
-        capacity = lib.mkOption {
-          type = lib.types.str;
-        };
-      };
-      buckets = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-        description = "List of buckets to create";
-      };
-      keys = lib.mkOption {
-        type = lib.types.attrsOf (lib.types.listOf lib.types.str);
-        default = { };
-        description = "Keys and their associated buckets. Each key gets full access (read/write/owner) to its listed buckets.";
-        example = {
-          my_key_name = [ "bucket1" "bucket2" ];
-          my_other_key = [ "bucket2" "bucket3" ];
-        };
+      data_dir = lib.mkOption {
+        type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs);
+        default = "/var/lib/garage/data";
       };
     };
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-    assertions = [
-      {
-        assertion = config.swarselsystems.server.${serviceName}.buckets != [ ];
-        message = "If Garage is enabled, at least one bucket must be specified in swarselsystems.server.${serviceName}.buckets";
-      }
-      {
-        assertion = builtins.length (lib.attrsToList config.swarselsystems.server.${serviceName}.keys) > 0;
-        message = "If Garage is enabled, at least one key must be specified in swarselsystems.server.${serviceName}.keys";
-      }
-      {
-        assertion =
-          let
-            allKeyBuckets = lib.flatten (lib.attrValues config.swarselsystems.server.${serviceName}.keys);
-            invalidBuckets = builtins.filter (bucket: !(lib.elem bucket config.swarselsystems.server.${serviceName}.buckets)) allKeyBuckets;
-          in
-          invalidBuckets == [ ];
-        message = "All buckets referenced in keys must exist in the buckets list";
-      }
-    ];
-
-    nodes.stoicclub.swarselsystems.server.dns.${baseDomain}.subdomainRecords = {
-      "${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "${subDomain}admin" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "*.${subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-      "*.${subDomain}web" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
 
     sops = {
       secrets.garage-admin-token = { inherit sopsFile; };
       secrets.garage-rpc-secret = { inherit sopsFile; };
     };
 
-    # DynamicUser cannot read above secrets
-    systemd.services.${serviceName}.serviceConfig = {
-      DynamicUser = false;
-      ProtectHome = lib.mkForce false;
-    };
-
     environment = {
       persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-        { directory = "/var/lib/garage"; }
-        (lib.mkIf config.swarselsystems.isCloud { directory = config.swarselsystems.server.${serviceName}.data_dir.path; })
+        { directory = metadata_dir; }
       ];
       systemPackages = [
         cfg.package
       ];
     };
 
-    globals.services.${specificServiceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
+    systemd.services.${serviceName}.serviceConfig = {
+      DynamicUser = false;
+      ProtectHome = lib.mkForce false;
     };
 
-
     services.${serviceName} = {
       enable = true;
       package = pkgs.garage_2;
       settings = {
-        data_dir = [ config.swarselsystems.server.${serviceName}.data_dir ];
+        inherit (config.swarselsystems.${serviceName}) data_dir;
         inherit metadata_dir;
         db_engine = "lmdb";
-        block_size = "128M";
+        block_size = "1MiB";
         use_local_tz = false;
-        disable_scrub = true;
-        replication_factor = 1;
-        compression_level = "none";
 
-        rpc_bind_addr = "[::]:${builtins.toString garageRpcPort}";
-        # we are not joining our nodes, just use the private ipv4
-        rpc_public_addr = "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4}:${builtins.toString garageRpcPort}";
+        replication_factor = 2; # Number of copies of data
 
+        rpc_bind_addr = "[::]:3901";
+        rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317";
         rpc_secret_file = config.sops.secrets.garage-rpc-secret.path;
 
         s3_api = {
-          s3_region = mainUser;
-          api_bind_addr = "[::]:${builtins.toString servicePort}";
-          root_domain = ".${serviceDomain}";
-        };
-
-        s3_web = {
-          bind_addr = "[::]:${builtins.toString garageWebPort}";
-          root_domain = ".${config.repo.secrets.common.services.domains."garage-web-${config.node.name}"}";
-          add_host_to_metrics = true;
+          s3_region = "swarsel";
+          api_bind_addr = "0.0.0.0:${builtins.toString servicePort}";
+          root_domain = ".s3.garage.localhost";
         };
 
         admin = {
-          api_bind_addr = "[::]:${builtins.toString garageAdminPort}";
+          api_bind_addr = "0.0.0.0:3903";
           admin_token_file = config.sops.secrets.garage-admin-token.path;
         };
 
         k2v_api = {
-          api_bind_addr = "[::]:${builtins.toString garageK2VPort}";
+          api_bind_addr = "[::]:3904";
         };
       };
     };
 
-
-    systemd.services = {
-      garage-buckets = {
-        description = "Create Garage buckets";
-        after = [ "garage.service" ];
-        wants = [ "garage.service" ];
-        wantedBy = [ "multi-user.target" ];
-
-        path = [ cfg.package pkgs.gawk pkgs.coreutils ];
-
-        serviceConfig = {
-          Type = "oneshot";
-          RemainAfterExit = true;
-          User = "root";
-          Group = "root";
-        };
-
-        script = ''
-          garage status
-
-          # Checking repeatedly with garage status until getting 0 exit code
-          while ! garage status >/dev/null 2>&1; do
-            echo "Garage not yet operational, waiting..."
-            echo "Current garage status output:"
-            garage status 2>&1 || true
-            echo "---"
-            sleep 5
-          done
-
-          # Now we check if garage status shows any failed nodes by checking for ==== FAILED NODES ====
-          while garage status | grep -q "==== FAILED NODES ===="; do
-            echo "Garage has failed nodes, waiting..."
-            echo "Current garage status output:"
-            garage status 2>&1 || true
-            echo "---"
-            sleep 5
-          done
-
-          echo "Garage is operational, proceeding with bucket management."
-
-          # Get list of existing buckets
-          existing_buckets=$(garage bucket list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true)
-
-          # Create buckets that should exist
-          ${lib.concatMapStringsSep "\n" (bucket: ''
-              if [[ "$(garage bucket info ${lib.escapeShellArg bucket} 2>&1 >/dev/null)" == *"Bucket not found"* ]]; then
-                echo "Creating bucket ${lib.escapeShellArg bucket}"
-                garage bucket create ${lib.escapeShellArg bucket}
-              else
-                echo "Bucket ${lib.escapeShellArg bucket} already exists"
-              fi
-            '')
-            cfg.buckets}
-
-          # Remove buckets that shouldn't exist
-          for bucket in $existing_buckets; do
-            should_exist=false
-            ${lib.concatMapStringsSep "\n" (bucket: ''
-              if [[ "$bucket" == ${lib.escapeShellArg bucket} ]]; then
-                should_exist=true
-              fi
-            '')
-            cfg.buckets}
-
-            if [[ "$should_exist" == "false" ]]; then
-              echo "Removing bucket $bucket"
-              garage bucket delete --yes "$bucket"
-            fi
-          done
-        '';
-      };
-
-      garage-keys = {
-        description = "Create Garage keys and set permissions";
-        after = [ "garage-buckets.service" ];
-        wants = [ "garage-buckets.service" ];
-        requires = [ "garage-buckets.service" ];
-        wantedBy = [ "multi-user.target" ];
-
-        path = [ cfg.package pkgs.gawk pkgs.coreutils ];
-
-        serviceConfig = {
-          Type = "oneshot";
-          RemainAfterExit = true;
-          User = "root";
-          Group = "root";
-        };
-
-        script = ''
-          garage key list
-          echo "Managing keys..."
-
-          # Get list of existing keys
-          existing_keys=$(garage key list | tail -n +2 | awk '{print $3}' | grep -v '^$' || true)
-
-          # Create keys that should exist
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: ''
-              if [[ "$(garage key info ${lib.escapeShellArg keyName} 2>&1)" == *"0 matching keys"* ]]; then
-                echo "Creating key ${lib.escapeShellArg keyName}"
-                garage key create ${lib.escapeShellArg keyName}
-              else
-                echo "Key ${lib.escapeShellArg keyName} already exists"
-              fi
-            '')
-            cfg.keys)}
-
-          # Set up key permissions for buckets
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (
-              keyName: buckets:
-                lib.concatMapStringsSep "\n" (bucket: ''
-                  echo "Granting full access to key ${lib.escapeShellArg keyName} for bucket ${lib.escapeShellArg bucket}"
-                  garage bucket allow --read --write --owner --key ${lib.escapeShellArg keyName} ${lib.escapeShellArg bucket}
-                '')
-                buckets
-            )
-            cfg.keys)}
-
-          # Remove permissions from buckets that are no longer associated with keys
-          ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: buckets: ''
-              # Get current buckets this key has access to
-              current_buckets=$(garage key info ${lib.escapeShellArg keyName} | grep -A 1000 "==== BUCKETS FOR THIS KEY ====" | tail -n +3 | awk '{print $3}' | grep -v '^$' || true)
-
-              # Remove access from buckets not in the desired list
-              for current_bucket in $current_buckets; do
-                should_have_access=false
-                ${lib.concatMapStringsSep "\n" (bucket: ''
-                  if [[ "$current_bucket" == ${lib.escapeShellArg bucket} ]]; then
-                    should_have_access=true
-                  fi
-                '')
-                buckets}
-
-                if [[ "$should_have_access" == "false" ]]; then
-                  echo "Removing access for key ${lib.escapeShellArg keyName} from bucket $current_bucket"
-                  garage bucket deny --key ${lib.escapeShellArg keyName} $current_bucket
-                fi
-              done
-            '')
-            cfg.keys)}
-
-          # Remove keys that shouldn't exist
-          for key in $existing_keys; do
-            should_exist=false
-            ${lib.concatStringsSep "\n" (lib.mapAttrsToList (keyName: _: ''
-              if [[ "$key" == ${lib.escapeShellArg keyName} ]]; then
-                should_exist=true
-              fi
-            '')
-            cfg.keys)}
-
-            if [[ "$should_exist" == "false" ]]; then
-              echo "Removing key $key"
-              garage key delete --yes "$key"
-            fi
-          done
-        '';
-      };
-    };
-
-    security.acme.certs."${webDomain}" = {
-      domain = "*.${webDomain}";
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
             "${serviceAddress}:${builtins.toString servicePort}" = { };
           };
         };
-        "${serviceName}Web" = {
-          servers = {
-            "${serviceAddress}:${builtins.toString garageWebPort}" = { };
-          };
-        };
-        "${serviceName}Admin" = {
-          servers = {
-            "${serviceAddress}:${builtins.toString garageAdminPort}" = { };
-          };
-        };
       };
       virtualHosts = {
-        "${adminDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}Admin";
-            };
-          };
-        };
-        "*.${webDomain}" = {
-          useACMEHost = webDomain;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}Web";
-            };
-          };
-        };
         "${serviceDomain}" = {
-          serverAliases = [ "*.${serviceDomain}" ];
           enableACME = true;
           forceSSL = true;
           acmeRoot = null;
@@ -361,9 +91,6 @@ in
           locations = {
             "/" = {
               proxyPass = "http://${serviceName}";
-              extraConfig = ''
-                client_max_body_size 0;
-              '';
             };
           };
         };
diff --git a/modules/nixos/server/homebox.nix b/modules/nixos/server/homebox.nix
index 1d1c9ea..c1b62ab 100644
--- a/modules/nixos/server/homebox.nix
+++ b/modules/nixos/server/homebox.nix
@@ -1,21 +1,16 @@
-{ lib, pkgs, config, globals, dns, confLib, ... }:
+{ lib, pkgs, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "homebox"; port = 7745; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 7745;
+  serviceName = "homebox";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -31,7 +26,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix
index 674ce80..cefa330 100644
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@@ -1,25 +1,21 @@
-{ lib, pkgs, config, globals, dns, confLib, ... }:
+{ lib, pkgs, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "immich"; port = 3001; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3001;
+  serviceUser = "immich";
+  serviceName = "immich";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -33,9 +29,9 @@ in
       };
     };
 
-    networking.firewall.allowedTCPPorts = [ servicePort ];
+    networking.firewall.allowedTCPPorts = [ 3001 ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix
index b5c078f..552f8bf 100644
--- a/modules/nixos/server/jellyfin.nix
+++ b/modules/nixos/server/jellyfin.nix
@@ -1,23 +1,20 @@
-{ pkgs, lib, config, globals, dns, confLib, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "jellyfin"; port = 8096; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8096;
+  serviceName = "jellyfin";
+  serviceUser = "jellyfin";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "video" "render" "users" ];
     };
-
     nixpkgs.config.packageOverrides = pkgs: {
       intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
     };
-
     hardware.graphics = {
       enable = true;
       extraPackages = with pkgs; [
@@ -29,11 +26,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -41,7 +34,7 @@ in
       openFirewall = true; # this works only for the default ports
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix
index f6bc9b1..808bcef 100644
--- a/modules/nixos/server/jenkins.nix
+++ b/modules/nixos/server/jenkins.nix
@@ -1,20 +1,14 @@
-{ pkgs, lib, config, globals, dns, confLib, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "jenkins"; port = 8088; }) servicePort serviceName serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8088;
+  serviceName = "jenkins";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
     services.jenkins = {
       enable = true;
       withCLI = true;
@@ -24,7 +18,7 @@ in
       home = "/Vault/apps/${serviceName}";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix
index 5bb4472..16ea0bd 100644
--- a/modules/nixos/server/kanidm.nix
+++ b/modules/nixos/server/kanidm.nix
@@ -1,10 +1,16 @@
-{ self, lib, pkgs, config, globals, dns, confLib, ... }:
+{ self, lib, pkgs, config, globals, ... }:
 let
   certsSopsFile = self + /secrets/certs/secrets.yaml;
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
 
-  oauth2ProxyDomain = globals.services.oauth2-proxy.domain;
+  servicePort = 8300;
+  serviceUser = "kanidm";
+  serviceGroup = serviceUser;
+  serviceName = "kanidm";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
+  oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
   immichDomain = globals.services.immich.domain;
   paperlessDomain = globals.services.paperless.domain;
   forgejoDomain = globals.services.forgejo.domain;
@@ -31,10 +37,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       group = serviceGroup;
       isSystemUser = true;
@@ -60,10 +62,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
       files = [
@@ -71,22 +70,17 @@ in
         keyPathBase
       ];
     };
-    systemd.services."generateSSLCert-${serviceName}" =
+
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
+    };
+    system.activationScripts."generateSSLCert-${serviceName}" =
       let
         daysValid = 3650;
         renewBeforeDays = 365;
       in
       {
-        before = [ "${serviceName}.service" ];
-        requiredBy = [ "${serviceName}.service" ];
-        after = [ "local-fs.target" ];
-        requires = [ "local-fs.target" ];
-
-        serviceConfig = {
-          Type = "oneshot";
-        };
-
-        script = ''
+        text = ''
           set -eu
 
           ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
@@ -95,18 +89,16 @@ in
           ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
 
           need_gen=0
-          if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then
+          if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
             need_gen=1
           else
-            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)"
+            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
             end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
             now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
             seconds_left=$(( end_epoch - now_epoch ))
             days_left=$(( seconds_left / 86400 ))
             if [ "$days_left" -lt ${toString renewBeforeDays} ]; then
               need_gen=1
-            else
-              echo 'Certificate exists and is still valid'
             fi
           fi
 
@@ -122,58 +114,12 @@ in
             chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
           fi
         '';
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
       };
 
-
-    # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-    #   deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
-    # };
-    # system.activationScripts."generateSSLCert-${serviceName}" =
-    #   let
-    #     daysValid = 3650;
-    #     renewBeforeDays = 365;
-    #   in
-    #   {
-    #     text = ''
-    #       set -eu
-
-    #       ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
-    #       ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir}
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
-
-    #       need_gen=0
-    #       if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
-    #         need_gen=1
-    #       else
-    #         enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
-    #         end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
-    #         now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
-    #         seconds_left=$(( end_epoch - now_epoch ))
-    #         days_left=$(( seconds_left / 86400 ))
-    #         if [ "$days_left" -lt ${toString renewBeforeDays} ]; then
-    #           need_gen=1
-    #         fi
-    #       fi
-
-    #       if [ "$need_gen" -eq 1 ]; then
-    #         ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \
-    #           -keyout "${keyPath}" \
-    #           -out "${certPath}" \
-    #           -subj "/CN=${serviceDomain}" \
-    #           -addext "subjectAltName=DNS:${serviceDomain}"
-
-    #         chmod 0644 "${certPath}"
-    #         chmod 0600 "${keyPath}"
-    #         chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
-    #       fi
-    #     '';
-    #     deps = [
-    #       "etc"
-    #       (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-    #     ];
-    #   };
-
     services = {
       ${serviceName} = {
         package = pkgs.kanidmWithSecretProvisioning_1_7;
@@ -380,7 +326,7 @@ in
       ${serviceName}.serviceConfig.RestartSec = "30";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix
index bc5decd..dfa915e 100644
--- a/modules/nixos/server/kavita.nix
+++ b/modules/nixos/server/kavita.nix
@@ -1,8 +1,12 @@
-{ self, lib, config, pkgs, globals, dns, confLib, ... }:
+{ self, lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
 
-  inherit (confLib.gen { name = "kavita"; port = 8080; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8080;
+  serviceName = "kavita";
+  serviceUser = "kavita";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11,10 +15,6 @@ in
       calibre
     ];
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
     };
@@ -28,11 +28,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -42,7 +38,7 @@ in
       dataDir = "/Vault/data/${serviceName}";
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix
index 1c89adf..eb45709 100644
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@@ -1,7 +1,12 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/Vault/data/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  serviceUser = "koillection";
   serviceDB = "koillection";
+  serviceName = "koillection";
+  servicePort = 2282;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/Vault/data/koillection";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
@@ -13,10 +18,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
     sops.secrets = {
       koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; };
       koillection-env-file = { inherit sopsFile; };
@@ -27,11 +28,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     virtualisation.oci-containers.containers = {
       koillection = {
@@ -107,7 +104,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/mailserver.nix b/modules/nixos/server/mailserver.nix
deleted file mode 100644
index 06270b2..0000000
--- a/modules/nixos/server/mailserver.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{ lib, config, globals, dns, confLib, ... }:
-let
-  inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceDomain serviceProxy proxyAddress4 proxyAddress6;
-  inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 user3;
-  baseDomain = globals.domains.main;
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    sops.secrets = {
-      user1-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-      user2-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-      user3-hashed-pw = { inherit sopsFile; owner = serviceUser; };
-    };
-
-    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-      { directory = "/var/vmail"; user = serviceUser; group = serviceGroup; mode = "0770"; }
-      { directory = "/var/sieve"; user = serviceUser; group = serviceGroup; mode = "0770"; }
-      { directory = "/var/dkim"; user = "rspamd"; group = "rspamd"; mode = "0700"; }
-      { directory = serviceDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
-      { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }
-      { directory = "/var/lib/rspamd"; user = "rspamd"; group = "rspamd"; mode = "0700"; }
-      { directory = "/var/lib/roundcube"; user = "roundcube"; group = "roundcube"; mode = "0700"; }
-      { directory = "/var/lib/redis-rspamd"; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
-      { directory = "/var/lib/postfix"; user = "root"; group = "root"; mode = "0755"; }
-      { directory = "/var/lib/knot-resolver"; user = "knot-resolver"; group = "knot-resolver"; mode = "0770"; }
-    ];
-
-    mailserver = {
-      enable = true;
-      stateVersion = 3;
-      fqdn = serviceDomain;
-      domains = [ baseDomain ];
-      indexDir = "${serviceDir}/indices";
-      openFirewall = true;
-      certificateScheme = "acme";
-      dmarcReporting.enable = true;
-
-      loginAccounts = {
-        "${user1}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user1-hashed-pw.path;
-          aliases = [
-            "${alias1_1}@${baseDomain}"
-            "${alias1_2}@${baseDomain}"
-            "${alias1_3}@${baseDomain}"
-            "${alias1_4}@${baseDomain}"
-          ];
-        };
-        "${user2}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user2-hashed-pw.path;
-          aliases = [
-            "${alias2_1}@${baseDomain}"
-          ];
-          sendOnly = true;
-        };
-        "${user3}@${baseDomain}" = {
-          hashedPasswordFile = config.sops.secrets.user3-hashed-pw.path;
-          aliases = [
-            "@${baseDomain}"
-          ];
-          catchAll = [
-            baseDomain
-          ];
-        };
-      };
-    };
-
-    services.roundcube = {
-      enable = true;
-      # this is the url of the vhost, not necessarily the same as the fqdn of
-      # the mailserver
-      hostName = serviceDomain;
-      extraConfig = ''
-        $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
-        $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
-        $config['smtp_user'] = "%u";
-        $config['smtp_pass'] = "%p";
-      '';
-      configureNginx = true;
-    };
-
-    # the rest of the ports are managed by snm
-    networking.firewall.allowedTCPPorts = [ 80 servicePort ];
-
-    nodes.${serviceProxy}.services.nginx = {
-      virtualHosts = {
-        "${serviceDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          locations = {
-            "/".recommendedSecurityHeaders = false;
-            "~ ^/(SQL|bin|config|logs|temp|vendor)/".recommendedSecurityHeaders = false;
-            "~ ^/(CHANGELOG.md|INSTALL|LICENSE|README.md|SECURITY.md|UPGRADING|composer.json|composer.lock)".recommendedSecurityHeaders = false;
-            "~* \\.php(/|$)".recommendedSecurityHeaders = false;
-          };
-        };
-      };
-    };
-
-  };
-}
diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix
index 24b4865..ba18600 100644
--- a/modules/nixos/server/matrix.nix
+++ b/modules/nixos/server/matrix.nix
@@ -1,7 +1,12 @@
-{ lib, config, pkgs, globals, dns, confLib, ... }:
+{ lib, config, pkgs, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 8008;
+  serviceName = "matrix";
+  serviceDomain = config.repo.secrets.common.services.domains.matrix;
+  serviceUser = "matrix-synapse";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   federationPort = 8448;
   whatsappPort = 29318;
@@ -19,11 +24,6 @@ in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     environment.systemPackages = with pkgs; [
       matrix-synapse
       lottieconverter
@@ -91,10 +91,7 @@ in
       };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       postgresql = {
@@ -293,7 +290,7 @@ in
     # messages out after a while.
 
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix
index 06b830f..1001d69 100644
--- a/modules/nixos/server/microbin.nix
+++ b/modules/nixos/server/microbin.nix
@@ -1,6 +1,10 @@
-{ self, lib, config, dns, globals, confLib, ... }:
+{ self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "microbin"; port = 8777; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8777;
+  serviceName = "microbin";
+  serviceUser = "microbin";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   inherit (config.swarselsystems) sopsFile;
 
@@ -10,10 +14,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users = {
       groups.${serviceGroup} = { };
 
@@ -49,11 +49,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -105,11 +101,11 @@ in
       { directory = cfg.dataDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
     ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
diff --git a/modules/nixos/server/minecraft/default.nix b/modules/nixos/server/minecraft/default.nix
deleted file mode 100644
index dbb7d27..0000000
--- a/modules/nixos/server/minecraft/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ lib, config, pkgs, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "minecraft"; port = 25565; dir = "/opt/minecraft"; }) serviceName servicePort serviceDir serviceDomain proxyAddress4 proxyAddress6;
-  inherit (config.swarselsystems) mainUser;
-  worldName = "${mainUser}craft";
-in
-{
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
-    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    networking.firewall.allowedTCPPorts = [ servicePort ];
-
-    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-      { directory = serviceDir; mode = "0755"; }
-    ];
-
-    systemd.services.minecraft-swarselcraft = {
-      description = "Minecraft Server";
-      wants = [ "network-online.target" ];
-      after = [ "network-online.target" ];
-
-      serviceConfig = {
-        User = "root";
-        WorkingDirectory = "${serviceDir}/${worldName}";
-
-        ExecStart = "${lib.getExe pkgs.temurin-jre-bin-17} @user_jvm_args.txt @libraries/net/minecraftforge/forge/1.20.1-47.2.20/unix_args.txt nogui";
-
-        Restart = "always";
-        RestartSec = 30;
-        StandardInput = "null";
-      };
-
-      wantedBy = [ "multi-user.target" ];
-    };
-
-
-  };
-
-}
diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix
index 4a115a5..d1ee714 100644
--- a/modules/nixos/server/monitoring.nix
+++ b/modules/nixos/server/monitoring.nix
@@ -1,6 +1,11 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3000;
+  serviceUser = "grafana";
+  serviceGroup = serviceUser;
+  serviceName = "grafana";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   prometheusPort = 9090;
   prometheusUser = "prometheus";
@@ -16,10 +21,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -56,11 +57,7 @@ in
     networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ];
 
     topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -209,7 +206,7 @@ in
     };
 
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         "${grafanaUpstream}" = {
           servers = {
diff --git a/modules/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix
index e5734f5..0f7afc4 100644
--- a/modules/nixos/server/mpd.nix
+++ b/modules/nixos/server/mpd.nix
@@ -1,7 +1,11 @@
-{ self, lib, config, pkgs, confLib, ... }:
+{ self, lib, config, pkgs, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
+
+  servicePort = 3254;
+  serviceUser = "mpd";
+  serviceGroup = serviceUser;
+  serviceName = "mpd";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix
index e64dfd1..34b245a 100644
--- a/modules/nixos/server/navidrome.nix
+++ b/modules/nixos/server/navidrome.nix
@@ -1,15 +1,15 @@
-{ pkgs, config, lib, globals, dns, confLib, ... }:
+{ pkgs, config, lib, globals, ... }:
 let
-  inherit (confLib.gen { name = "navidrome"; port = 4040; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 4040;
+  serviceName = "navidrome";
+  serviceUser = "navidrome";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     environment.systemPackages = with pkgs; [
       pciutils
       alsa-utils
@@ -39,10 +39,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.snapserver = {
       enable = true;
@@ -106,7 +103,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix
index 91e9608..661e76b 100644
--- a/modules/nixos/server/network.nix
+++ b/modules/nixos/server/network.nix
@@ -1,40 +1,19 @@
 { lib, config, ... }:
-let
-  netConfig = config.repo.secrets.local.networking;
-  netName = "${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}";
-in
 {
-  options = {
-    swarselmodules.server.network = lib.mkEnableOption "enable server network config";
-    swarselsystems.server = {
-      localNetwork = lib.mkOption {
-        type = lib.types.str;
-        default = "";
-      };
-      netConfigName = lib.mkOption {
-        type = lib.types.str;
-        default = netName;
-        readOnly = true;
-      };
-    };
-  };
+  options.swarselmodules.server.network = lib.mkEnableOption "enable server network config";
   config = lib.mkIf config.swarselmodules.server.network {
 
-    swarselsystems.server.localNetwork = netConfig.localNetwork or "";
-
-    globals.networks.${netName}.hosts.${config.node.name} = {
-      inherit (netConfig.networks.${netConfig.localNetwork}) id;
-      mac = netConfig.networks.${netConfig.localNetwork}.mac or null;
+    globals.networks.home.hosts.${config.node.name} = {
+      inherit (config.repo.secrets.local.networking.networks.home) id;
+      mac = config.repo.secrets.local.networking.networks.home.mac or null;
     };
 
     globals.hosts.${config.node.name} = {
       inherit (config.repo.secrets.local.networking) defaultGateway4;
-      wanAddress4 = netConfig.wanAddress4 or null;
-      wanAddress6 = netConfig.wanAddress6 or null;
     };
 
     networking = {
-      inherit (netConfig) hostId;
+      inherit (config.repo.secrets.local.networking) hostId;
       hostName = config.node.name;
       nftables.enable = lib.mkDefault false;
       enableIPv6 = lib.mkDefault true;
diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix
index aac65d8..c2d5af0 100644
--- a/modules/nixos/server/nextcloud.nix
+++ b/modules/nixos/server/nextcloud.nix
@@ -1,8 +1,14 @@
-{ pkgs, lib, config, globals, dns, confLib, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
   inherit (config.repo.secrets.local.nextcloud) adminuser;
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 80;
+  serviceUser = "nextcloud";
+  serviceGroup = serviceUser;
+  serviceName = "nextcloud";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   nextcloudVersion = "32";
 in
@@ -10,19 +16,13 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops.secrets = {
       nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
       kanidm-nextcloud-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
     };
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -50,7 +50,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix
index a869b23..cfe9330 100644
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@@ -1,6 +1,6 @@
 { pkgs, lib, config, ... }:
 let
-  inherit (config.repo.secrets.common) dnsProvider dnsBase;
+  inherit (config.repo.secrets.common) dnsProvider;
   inherit (config.repo.secrets.common.mail) address3;
 
   serviceUser = "nginx";
@@ -63,12 +63,9 @@ in
     ];
 
     sops = {
-      secrets = {
-        acme-dns-token = { inherit (config.swarselsystems) sopsFile; };
-      };
+      secrets.acme-dns-token = { inherit (config.swarselsystems) sopsFile; };
       templates."certs.secret".content = ''
-        ACME_DNS_API_BASE=${dnsBase}
-        ACME_DNS_STORAGE_PATH=${config.sops.placeholder.acme-dns-token}
+        CF_DNS_API_TOKEN=${config.sops.placeholder.acme-dns-token}
       '';
     };
 
@@ -88,7 +85,6 @@ in
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      directories = [{ directory = "/var/lib/acme"; }];
       files = [ dhParamsPathBase ];
     };
 
@@ -113,51 +109,27 @@ in
         '';
       };
     };
-    systemd.services.generateDHParams = {
-      before = [ "nginx.service" ];
-      requiredBy = [ "nginx.service" ];
-      after = [ "local-fs.target" ];
-      requires = [ "local-fs.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-      };
-
-      script = ''
-        set -eu
-
-        install -d -m 0755 ${sslBasePath}
-        ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
-
-        if [ ! -f "${dhParamsPath}" ]; then
-          ${pkgs.openssl}/bin/openssl dhparam -out "${dhParamsPath}" 4096
-          chmod 0644 "${dhParamsPath}"
-          chown ${serviceUser}:${serviceGroup} "${dhParamsPath}"
-        else
-          echo 'Already generated DHParams'
-        fi
-      '';
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateDHParams" "users" "groups" ];
     };
+    system.activationScripts."generateDHParams" =
+      {
+        text = ''
+          set -eu
 
-    # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-    #   deps = [ "generateDHParams" "users" "groups" ];
-    # };
-    # system.activationScripts."generateDHParams" =
-    #   {
-    #     text = ''
-    #       set -eu
+          ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}
+          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
 
-    #       ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else "${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}"}
-
-    #       if [ ! -f "${dhParamsPath}" ]; then
-    #         ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
-    #         chmod 0644 ${dhParamsPath}
-    #         chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
-    #       fi
-    #     '';
-    #     deps = [
-    #       (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-    #       (lib.mkIf (!config.swarselsystems.isImpermanence) "etc")
-    #     ];
-    #   };
+          if [ ! -f "${dhParamsPathBase}" ]; then
+            ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
+            chmod 0644 ${dhParamsPath}
+            chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
+          fi
+        '';
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
+      };
   };
 }
diff --git a/modules/nixos/server/nsd/default.nix b/modules/nixos/server/nsd/default.nix
deleted file mode 100644
index 6e79fad..0000000
--- a/modules/nixos/server/nsd/default.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ lib, config, globals, dns, confLib, ... }:
-let
-  inherit (confLib.gen { name = "nsd"; port = 53; }) serviceName servicePort proxyAddress4 proxyAddress6;
-  inherit (config.swarselsystems) sopsFile;
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-    swarselsystems.server.dns = lib.mkOption {
-      type = lib.types.attrsOf (
-        lib.types.submodule {
-          options = {
-            subdomainRecords = lib.mkOption {
-              type = lib.types.attrsOf dns.lib.types.subzone;
-              default = { };
-            };
-          };
-        }
-      );
-    };
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    sops.secrets = {
-      tsig-key = { inherit sopsFile; };
-    };
-
-    # services.resolved.enable = false;
-    networking = {
-      # nameservers = [ "1.1.1.1" "8.8.8.8" ];
-      firewall = {
-        allowedUDPPorts = [ servicePort ];
-        allowedTCPPorts = [ servicePort ];
-      };
-    };
-
-    services.nsd = {
-      enable = true;
-      keys = {
-        "${globals.domains.main}.${proxyAddress4}" = {
-          algorithm = "hmac-sha256";
-          keyFile = config.sops.secrets.tsig-key.path;
-        };
-        "${globals.domains.main}.${proxyAddress6}" = {
-          algorithm = "hmac-sha256";
-          keyFile = config.sops.secrets.tsig-key.path;
-        };
-        "${globals.domains.main}" = {
-          algorithm = "hmac-sha256";
-          keyFile = config.sops.secrets.tsig-key.path;
-        };
-      };
-      interfaces = [
-        "10.1.2.157"
-        "2603:c020:801f:a0cc::9d"
-      ];
-      zones = {
-        "${globals.domains.main}" =
-          let
-            keyName4 = "${globals.domains.main}.${proxyAddress4}";
-            keyName6 = "${globals.domains.main}.${proxyAddress6}";
-            keyName = "${globals.domains.main}";
-            transferList = [
-              "213.239.242.238 ${keyName4}"
-              "2a01:4f8:0:a101::a:1 ${keyName6}"
-              "213.133.100.103 ${keyName4}"
-              "2a01:4f8:0:1::5ddc:2 ${keyName6}"
-              "193.47.99.3 ${keyName4}"
-              "2001:67c:192c::add:a3 ${keyName6}"
-            ];
-
-          in
-          {
-            outgoingInterface = "2603:c020:801f:a0cc::9d";
-            notify = transferList ++ [
-              "216.218.130.2 ${keyName}"
-            ];
-            provideXFR = transferList ++ [
-              "216.218.133.2 ${keyName}"
-              "2001:470:600::2 ${keyName}"
-            ];
-
-            # dnssec = true;
-            data = dns.lib.toString "${globals.domains.main}" (import ./site1.nix { inherit config globals dns proxyAddress4 proxyAddress6; });
-          };
-      };
-    };
-
-  };
-}
diff --git a/modules/nixos/server/nsd/site1.nix b/modules/nixos/server/nsd/site1.nix
deleted file mode 100644
index 8cf0deb..0000000
--- a/modules/nixos/server/nsd/site1.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{ config, globals, dns, proxyAddress4, proxyAddress6, ... }:
-with dns.lib.combinators; {
-  SOA = {
-    nameServer = "soa";
-    adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin")
-    serial = 2025120201; # update this on changes for secondary dns
-  };
-
-  useOrigin = false;
-
-  NS = [
-    "soa"
-    "srv"
-  ] ++ globals.domains.externalDns;
-
-
-  A = [ config.repo.secrets.local.dns.homepage-ip ];
-
-  SRV = [
-    {
-      service = "_matrix";
-      proto = "_tcp";
-      port = 443;
-      target = "${globals.services.matrix.subDomain}";
-      priority = 10;
-      weight = 5;
-    }
-    {
-      service = "_submissions";
-      proto = "_tcp";
-      port = 465;
-      target = "${globals.services.mailserver.subDomain}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_submission";
-      proto = "_tcp";
-      port = 587;
-      target = "${globals.services.mailserver.subDomain}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_imap";
-      proto = "_tcp";
-      port = 143;
-      target = "${globals.services.mailserver.subDomain}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-    {
-      service = "_imaps";
-      proto = "_tcp";
-      port = 993;
-      target = "${globals.services.mailserver.subDomain}";
-      priority = 5;
-      weight = 0;
-      ttl = 3600;
-    }
-  ];
-
-  MX = [
-    {
-      preference = 10;
-      exchange = "${globals.services.mailserver.subDomain}";
-    }
-  ];
-
-  DKIM = [
-    {
-      selector = "mail";
-      k = "rsa";
-      p = config.repo.secrets.local.dns.mailserver.dkim-public;
-      ttl = 10800;
-    }
-  ];
-
-  TXT = [
-    (with spf; strict [ "a:${globals.services.mailserver.subDomain}.${globals.domains.main}" ])
-    "google-site-verification=${config.repo.secrets.local.dns.google-site-verification}"
-  ];
-
-  DMARC = [
-    {
-      p = "none";
-      ttl = 10800;
-    }
-  ];
-
-  subdomains = config.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords // {
-    "www".CNAME = [ "${globals.domains.main}." ];
-    "_acme-challenge".CNAME = [ "${config.repo.secrets.local.dns.acme-challenge-domain}." ];
-    "soa" = host proxyAddress4 proxyAddress6;
-    "srv" = host proxyAddress4 proxyAddress6;
-  };
-}
diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix
index 1c838b7..d74a441 100644
--- a/modules/nixos/server/oauth2-proxy.nix
+++ b/modules/nixos/server/oauth2-proxy.nix
@@ -1,6 +1,10 @@
-{ lib, config, globals, dns, confLib, ... }:
+{ lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3004;
+  serviceUser = "oauth2-proxy";
+  serviceGroup = serviceUser;
+  serviceName = "oauth2-proxy";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   kanidmDomain = globals.services.kanidm.domain;
   mainDomain = globals.domains.main;
@@ -119,10 +123,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         "oauth2-cookie-secret" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -144,10 +144,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.oauth2Proxy.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -198,11 +195,11 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
diff --git a/modules/nixos/server/opkssh.nix b/modules/nixos/server/opkssh.nix
index 1cc01bc..823102a 100644
--- a/modules/nixos/server/opkssh.nix
+++ b/modules/nixos/server/opkssh.nix
@@ -1,6 +1,8 @@
-{ lib, config, globals, confLib, ... }:
+{ lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "opkssh"; user = "opksshuser"; group = "opksshuser"; }) serviceName serviceUser serviceGroup;
+  serviceName = "opkssh";
+  serviceUser = "opksshuser";
+  serviceGroup = serviceUser;
 
   kanidmDomain = globals.services.kanidm.domain;
 
diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix
index f8d3440..6f5f744 100644
--- a/modules/nixos/server/packages.nix
+++ b/modules/nixos/server/packages.nix
@@ -4,6 +4,7 @@
   config = lib.mkIf config.swarselmodules.server.packages {
     environment.systemPackages = with pkgs; [
       gnupg
+      nix-index
       nvd
       nix-output-monitor
       ssh-to-age
diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix
index 7a249a4..005bdab 100644
--- a/modules/nixos/server/paperless.nix
+++ b/modules/nixos/server/paperless.nix
@@ -1,7 +1,13 @@
-{ lib, pkgs, config, dns, globals, confLib, ... }:
+{ lib, pkgs, config, globals, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  inherit (confLib.gen { name = "paperless"; port = 28981; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+
+  servicePort = 28981;
+  serviceUser = "paperless";
+  serviceGroup = serviceUser;
+  serviceName = "paperless";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   tikaPort = 9998;
   gotenbergPort = 3002;
@@ -11,10 +17,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
     };
@@ -26,10 +28,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       ${serviceName} = {
@@ -99,7 +98,7 @@ in
                      )
     '';
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/postgresql.nix b/modules/nixos/server/postgresql.nix
index f059e6f..3cfa47d 100644
--- a/modules/nixos/server/postgresql.nix
+++ b/modules/nixos/server/postgresql.nix
@@ -1,8 +1,7 @@
-{ config, lib, pkgs, confLib, ... }:
+{ config, lib, pkgs, ... }:
 let
-  inherit (confLib.gen { name = "postgresql"; port = 3254; }) serviceName;
+  serviceName = "postgresql";
   postgresVersion = 14;
-  postgresDirPrefix = if config.swarselsystems.isCloud then "/var/lib" else "/Vault/data";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11,12 +10,8 @@ in
       ${serviceName} = {
         enable = true;
         package = pkgs."postgresql_${builtins.toString postgresVersion}";
-        dataDir = "${postgresDirPrefix}/${serviceName}/${builtins.toString postgresVersion}";
+        dataDir = "/Vault/data/${serviceName}/${builtins.toString postgresVersion}";
       };
     };
-    environment.persistence."/persist".directories = lib.mkIf (config.swarselsystems.isImpermanence && config.swarselsystems.isCloud) [
-      { directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }
-    ];
-
   };
 }
diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix
index b71ea61..411a3e6 100644
--- a/modules/nixos/server/radicale.nix
+++ b/modules/nixos/server/radicale.nix
@@ -1,18 +1,20 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "radicale"; port = 8000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
   sopsFile = self + /secrets/winters/secrets2.yaml;
 
+  servicePort = 8000;
+  serviceName = "radicale";
+  serviceUser = "radicale";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
   cfg = config.services.${serviceName};
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
 
@@ -33,11 +35,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.${serviceName} = {
       enable = true;
@@ -90,7 +88,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix
index cb5c046..f668104 100644
--- a/modules/nixos/server/restic.nix
+++ b/modules/nixos/server/restic.nix
@@ -4,14 +4,6 @@ let
 in
 {
   options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
-  options.swarselsystems.server.restic = {
-    bucketName = lib.mkOption {
-      type = lib.types.str;
-    };
-    paths = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
-    };
-  };
   config = lib.mkIf config.swarselmodules.server.restic {
 
     sops = {
@@ -34,10 +26,20 @@ in
       in
       {
         backups = {
-          "${config.swarselsystems.server.restic.bucketName}" = {
+          SwarselWinters = {
             environmentFile = config.sops.templates."restic-env".path;
             passwordFile = config.sops.secrets.resticpw.path;
-            inherit (config.swarselsystems.server.restic) paths;
+            paths = [
+              "/Vault/data/paperless"
+              "/Vault/data/koillection"
+              "/Vault/data/postgresql"
+              "/Vault/data/firefly-iii"
+              "/Vault/data/radicale"
+              "/Vault/data/matrix-synapse"
+              "/Vault/Eternor/Paperless"
+              "/Vault/Eternor/Bilder"
+              "/Vault/Eternor/Immich"
+            ];
             pruneOpts = [
               "--keep-daily 3"
               "--keep-weekly 2"
diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix
index 1ed909c..4c61caa 100644
--- a/modules/nixos/server/shlink.nix
+++ b/modules/nixos/server/shlink.nix
@@ -1,6 +1,9 @@
-{ self, lib, config, dns, globals, confLib, ... }:
+{ self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 8081;
+  serviceName = "shlink";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/shlink";
 
   containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
 
@@ -12,10 +15,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         shlink-api = { inherit sopsFile; };
@@ -81,17 +80,13 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/${serviceName}.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix
index fe61faa..1d92892 100644
--- a/modules/nixos/server/slink.nix
+++ b/modules/nixos/server/slink.nix
@@ -1,6 +1,9 @@
-{ self, lib, config, dns, globals, confLib, ... }:
+{ self, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  servicePort = 3000;
+  serviceName = "slink";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/slink";
 
   containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
 in
@@ -10,10 +13,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     virtualisation.oci-containers.containers.${serviceName} = {
       image = "anirdev/slink@${containerRev}";
       environment = {
@@ -58,17 +57,13 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/files/topology-images/shlink.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
-
-    nodes.${serviceProxy}.services.nginx = {
+    services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "localhost:${builtins.toString servicePort}" = { };
           };
         };
       };
diff --git a/modules/nixos/server/snipe-it.nix b/modules/nixos/server/snipe-it.nix
index aad544f..3ae183e 100644
--- a/modules/nixos/server/snipe-it.nix
+++ b/modules/nixos/server/snipe-it.nix
@@ -1,20 +1,22 @@
-{ self, lib, config, globals, dns, confLib, ... }:
+{ self, lib, config, globals, ... }:
 let
-  inherit (confLib.gen { name = "snipeit"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
   sopsFile = self + /secrets/winters/secrets2.yaml;
 
   serviceDB = "snipeit";
 
+  servicePort = 80;
+  serviceName = "snipeit";
+  serviceUser = "snipeit";
+  serviceGroup = serviceUser;
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
   mysqlPort = 3306;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     sops = {
       secrets = {
         snipe-it-appkey = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
@@ -22,11 +24,7 @@ in
     };
 
     topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-
-    globals.services.${serviceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.snipe-it = {
       enable = true;
@@ -45,7 +43,7 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${serviceName} = {
           servers = {
diff --git a/modules/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix
index e5dc58d..fd12435 100644
--- a/modules/nixos/server/spotifyd.nix
+++ b/modules/nixos/server/spotifyd.nix
@@ -1,6 +1,9 @@
-{ lib, config, confLib, ... }:
+{ lib, config, ... }:
 let
-  inherit (confLib.gen { name = "spotifyd"; port = 1025; }) servicePort serviceName serviceUser serviceGroup;
+  servicePort = 1025;
+  serviceName = "spotifyd";
+  serviceUser = "spotifyd";
+  serviceGroup = serviceUser;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
diff --git a/modules/nixos/server/ssh-builder.nix b/modules/nixos/server/ssh-builder.nix
deleted file mode 100644
index 3791bf7..0000000
--- a/modules/nixos/server/ssh-builder.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ self, pkgs, lib, config, ... }:
-let
-  ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" ";
-
-  wrapper-dispatch-ssh-nix = pkgs.writeShellScriptBin "wrapper-dispatch-ssh-nix" ''
-    case $SSH_ORIGINAL_COMMAND in
-      "nix-daemon --stdio")
-        exec env NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt ${config.nix.package}/bin/nix-daemon --stdio
-        ;;
-      "nix-store --serve --write")
-        exec env NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt ${config.nix.package}/bin/nix-store --serve --write
-        ;;
-      *)
-        echo "Access only allowed for using the nix remote builder" 1>&2
-        exit
-    esac
-  '';
-in
-{
-  options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server";
-  config = lib.mkIf config.swarselmodules.server.ssh-builder {
-    users = {
-      groups.builder = { };
-      users.builder = {
-        useDefaultShell = true;
-        isSystemUser = true;
-        group = "builder";
-        openssh.authorizedKeys.keys = [
-          ''${ssh-restrict} ${builtins.readFile "${self}/secrets/keys/ssh/builder.pub"}''
-        ];
-      };
-    };
-
-  };
-}
diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix
index 41b1e23..a588edf 100644
--- a/modules/nixos/server/ssh.nix
+++ b/modules/nixos/server/ssh.nix
@@ -9,10 +9,6 @@
         PasswordAuthentication = false;
         KbdInteractiveAuthentication = false;
         PermitRootLogin = "yes";
-        AllowUsers = [
-          "root"
-          config.swarselsystems.mainUser
-        ];
       };
       hostKeys = [
         {
@@ -24,12 +20,10 @@
     users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
       (self + /secrets/keys/ssh/yubikey.pub)
       (self + /secrets/keys/ssh/magicant.pub)
-      # (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
     ];
     users.users.root.openssh.authorizedKeys.keyFiles = [
       (self + /secrets/keys/ssh/yubikey.pub)
       (self + /secrets/keys/ssh/magicant.pub)
-      # (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
     ];
     security.sudo.extraConfig = ''
       Defaults    env_keep+=SSH_AUTH_SOCK
diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix
index 3babd67..6eb61c6 100644
--- a/modules/nixos/server/syncthing.nix
+++ b/modules/nixos/server/syncthing.nix
@@ -1,9 +1,14 @@
-{ lib, config, globals, dns, confLib, ... }:
+{ lib, config, configName, globals, ... }:
 let
   inherit (config.swarselsystems.syncthing) serviceDomain;
-  inherit (confLib.gen { name = "syncthing"; port = 8384; }) servicePort serviceName serviceUser serviceGroup serviceAddress serviceProxy proxyAddress4 proxyAddress6;
+  inherit (config.swarselsystems.syncthing) serviceIP;
 
-  specificServiceName = "${serviceName}-${config.node.name}";
+  servicePort = 8384;
+  serviceUser = "syncthing";
+  serviceGroup = serviceUser;
+  serviceName = "syncthing";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  specificServiceName = "syncthing-${configName}";
 
   cfg = config.services.${serviceName};
   devices = config.swarselsystems.syncthing.syncDevices;
@@ -17,6 +22,10 @@ in
         type = lib.types.str;
         default = config.repo.secrets.common.services.domains.syncthing1;
       };
+      serviceIP = lib.mkOption {
+        type = lib.types.str;
+        default = "${serviceAddress}";
+      };
       syncDevices = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         default = [ "magicant" "winters" "pyramid" "moonside@oracle" ];
@@ -42,10 +51,6 @@ in
   };
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    nodes.stoicclub.swarselsystems.server.dns.${globals.services.${specificServiceName}.baseDomain}.subdomainRecords = {
-      "${globals.services.${specificServiceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
-    };
-
     users.users.${serviceUser} = {
       extraGroups = [ "users" ];
       group = serviceGroup;
@@ -56,10 +61,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
-    globals.services.${specificServiceName} = {
-      domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6;
-    };
+    globals.services."${specificServiceName}".domain = serviceDomain;
 
     services.${serviceName} = rec {
       enable = true;
@@ -115,11 +117,11 @@ in
       };
     };
 
-    nodes.${serviceProxy}.services.nginx = {
+    nodes.moonside.services.nginx = {
       upstreams = {
         ${specificServiceName} = {
           servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
+            "${serviceIP}:${builtins.toString servicePort}" = { };
           };
         };
       };
diff --git a/modules/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix
index 7dfcd87..64c2199 100644
--- a/modules/nixos/server/transmission.nix
+++ b/modules/nixos/server/transmission.nix
@@ -1,6 +1,7 @@
-{ self, pkgs, lib, config, confLib, ... }:
+{ self, pkgs, lib, config, ... }:
 let
-  inherit (confLib.gen { name = "transmission"; }) serviceName serviceDomain;
+  serviceName = "transmission";
+  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
 
   lidarrUser = "lidarr";
   lidarrGroup = lidarrUser;
diff --git a/modules/shared/config-lib.nix b/modules/shared/config-lib.nix
deleted file mode 100644
index ba5e8bf..0000000
--- a/modules/shared/config-lib.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, globals, nixosConfig ? null, ... }:
-{
-  _module.args = {
-    confLib = rec {
-
-      addressDefault = if config.swarselsystems.proxyHost != config.node.name then globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.ipv4 else "localhost";
-
-      domainDefault = service: config.repo.secrets.common.services.domains.${service};
-      proxyDefault = config.swarselsystems.proxyHost;
-
-      getConfig = if nixosConfig == null then config else nixosConfig;
-
-      gen = { name, user ? name, group ? name, dir ? null, port ? null, domain ? (domainDefault name), address ? addressDefault, proxy ? proxyDefault }: rec {
-        servicePort = port;
-        serviceName = name;
-        specificServiceName = "${name}-${config.node.name}";
-        serviceUser = user;
-        serviceGroup = group;
-        serviceDomain = domain;
-        baseDomain = lib.swarselsystems.getBaseDomain domain;
-        subDomain = lib.swarselsystems.getSubDomain domain;
-        serviceDir = dir;
-        serviceAddress = address;
-        serviceProxy = proxy;
-        proxyAddress4 = globals.hosts.${proxy}.wanAddress4;
-        proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
-      };
-    };
-  };
-}
diff --git a/modules/shared/options.nix b/modules/shared/options.nix
index 911cf5b..d73c0a2 100644
--- a/modules/shared/options.nix
+++ b/modules/shared/options.nix
@@ -1,26 +1,6 @@
 { self, config, lib, ... }:
 {
   options.swarselsystems = {
-    proxyHost = lib.mkOption {
-      type = lib.types.str;
-      default = config.node.name;
-    };
-    isBastionTarget = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-    };
-    isCloud = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-    };
-    isServer = lib.mkOption {
-      type = lib.types.bool;
-      default = config.swarselsystems.isCloud;
-    };
-    isClient = lib.mkOption {
-      type = lib.types.bool;
-      default = config.swarselsystems.isLaptop;
-    };
     withHomeManager = lib.mkOption {
       type = lib.types.bool;
       default = true;
@@ -54,7 +34,7 @@
     isBtrfs = lib.mkEnableOption "use btrfs filesystem";
     sopsFile = lib.mkOption {
       type = lib.types.str;
-      default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
+      default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
     };
     homeDir = lib.mkOption {
       type = lib.types.str;
diff --git a/nix/formatter.nix b/nix/formatter.nix
index 88bb5a6..cf3ce6a 100644
--- a/nix/formatter.nix
+++ b/nix/formatter.nix
@@ -17,22 +17,6 @@
         };
         deadnix.enable = true;
         statix.enable = true;
-        shfmt = {
-          enable = true;
-          indent_size = 4;
-          simplify = true;
-          # needed to replicate what my Emacs shfmt does
-          # there is no builtin option for space-redirects
-          package = pkgs.symlinkJoin {
-            name = "shfmt";
-            buildInputs = [ pkgs.makeWrapper ];
-            paths = [ pkgs.shfmt ];
-            postBuild = ''
-              wrapProgram $out/bin/shfmt \
-              --add-flags '-sr'
-            '';
-          };
-        };
         shellcheck.enable = true;
       };
       settings.formatter.shellcheck.options = [
diff --git a/nix/globals.nix b/nix/globals.nix
index 563a901..912f24c 100644
--- a/nix/globals.nix
+++ b/nix/globals.nix
@@ -1,5 +1,5 @@
 # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix
-{ inputs, ... }:
+{ self, inputs, ... }:
 {
   flake = { config, lib, ... }:
     {
diff --git a/nix/hosts.nix b/nix/hosts.nix
index 858322a..2c99f41 100644
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@@ -15,47 +15,41 @@
           };
           modules = [
             inputs.disko.nixosModules.disko
-            inputs.home-manager.nixosModules.home-manager
+            inputs.sops-nix.nixosModules.sops
             inputs.impermanence.nixosModules.impermanence
             inputs.lanzaboote.nixosModules.lanzaboote
+            inputs.nix-topology.nixosModules.default
+            inputs.home-manager.nixosModules.home-manager
+            inputs.stylix.nixosModules.stylix
+            inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
+            # inputs.swarsel-modules.nixosModules.default
+            inputs.swarsel-nix.nixosModules.default
+            inputs.niri-flake.nixosModules.niri
             inputs.microvm.nixosModules.host
             inputs.microvm.nixosModules.microvm
-            inputs.nix-index-database.nixosModules.nix-index
-            inputs.nix-minecraft.nixosModules.minecraft-servers
-            inputs.nix-topology.nixosModules.default
-            inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
-            inputs.simple-nixos-mailserver.nixosModules.default
-            inputs.sops-nix.nixosModules.sops
-            inputs.stylix.nixosModules.stylix
-            inputs.swarsel-nix.nixosModules.default
             (inputs.nixos-extra-modules + "/modules/guests")
-            (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
             "${self}/hosts/nixos/${arch}/${configName}"
             "${self}/profiles/nixos"
             "${self}/modules/nixos"
             {
-              _module.args.dns = inputs.dns;
 
               microvm.guest.enable = lib.mkDefault false;
 
-              networking.hostName = lib.swarselsystems.mkStrong configName;
-
               node = {
                 name = lib.mkForce configName;
                 secretsDir = ../hosts/nixos/${arch}/${configName}/secrets;
-                lockFromBootstrapping = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
               };
 
               swarselprofiles = {
-                minimal = lib.mkIf minimal (lib.swarselsystems.mkStrong true);
+                minimal = lib.mkIf minimal (lib.mkDefault true);
               };
 
               swarselmodules.server = {
-                ssh = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
+                ssh = lib.mkIf (!minimal) (lib.mkDefault true);
               };
 
               swarselsystems = {
-                mainUser = lib.swarselsystems.mkStrong "swarsel";
+                mainUser = lib.mkDefault "swarsel";
               };
             }
           ];
@@ -102,6 +96,7 @@
           };
           modules = [
             inputs.stylix.homeModules.stylix
+            inputs.niri-flake.homeModules.niri
             inputs.nix-index-database.homeModules.nix-index
             # inputs.sops-nix.homeManagerModules.sops
             inputs.spicetify-nix.homeManagerModules.default
diff --git a/nix/iso.nix b/nix/iso.nix
index d2c993c..75295ad 100644
--- a/nix/iso.nix
+++ b/nix/iso.nix
@@ -2,32 +2,19 @@
 {
   perSystem = { pkgs, system, ... }:
     {
-      packages = {
-        # nix build --print-out-paths --no-link .#live-iso
-        live-iso = inputs.nixos-generators.nixosGenerate {
-          inherit pkgs;
-          specialArgs = { inherit self; };
-          modules = [
-            inputs.home-manager.nixosModules.home-manager
-            "${self}/install/installer-config.nix"
-          ];
-          format =
-            {
-              x86_64-linux = "install-iso";
-              aarch64-linux = "sd-aarch64-installer";
-            }.${system};
-        };
-
-        # nix build --print-out-paths --no-link .#pnap-kexec --system 
-        swarsel-kexec = (inputs.smallpkgs.legacyPackages.${system}.nixos [
+      # nix build --print-out-paths --no-link .#images..live-iso
+      packages.live-iso = inputs.nixos-generators.nixosGenerate {
+        inherit pkgs;
+        specialArgs = { inherit self; };
+        modules = [
+          inputs.home-manager.nixosModules.home-manager
+          "${self}/install/installer-config.nix"
+        ];
+        format =
           {
-            imports = [ "${self}/install/kexec.nix" ];
-            _file = __curPos.file;
-            system.kexec-installer.name = "swarsel-kexec";
-          }
-          inputs.nixos-images.nixosModules.kexec-installer
-        ]).config.system.build.kexecInstallerTarball;
-
+            x86_64-linux = "install-iso";
+            aarch64-linux = "sd-aarch64-installer";
+          }.${system};
       };
     };
 }
diff --git a/nix/lib.nix b/nix/lib.nix
index c3f0338..c41db61 100644
--- a/nix/lib.nix
+++ b/nix/lib.nix
@@ -29,23 +29,6 @@ let
 
       mkIfElse = p: yes: no: if p then yes else no;
 
-      getSubDomain = domain:
-        let
-          parts = builtins.split "\\." domain;
-          domainParts = builtins.filter (x: builtins.isString x && x != "") parts;
-        in
-        if builtins.length domainParts > 0
-        then builtins.head domainParts
-        else "";
-
-      getBaseDomain = domain:
-        let
-          parts = builtins.split "\\." domain;
-          domainParts = builtins.filter (x: builtins.isString x && x != "") parts;
-          baseParts = builtins.tail domainParts;
-        in
-        builtins.concatStringsSep "." baseParts;
-
       pkgsFor = lib.genAttrs (import systems) (system:
         import inputs.nixpkgs {
           inherit system;
@@ -78,7 +61,7 @@ let
       forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f pkgsFor.${system});
 
       readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
-      readNix = type: lib.filter (name: name != "default.nix" && name != "optional" && name != "darwin") (lib.attrNames (builtins.readDir "${self}/${type}"));
+      readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
 
       mkImports = names: baseDir: lib.map (name: "${self}/${baseDir}/${name}") names;
     };
diff --git a/nix/overlays.nix b/nix/overlays.nix
index 0468d04..1f8fdc2 100644
--- a/nix/overlays.nix
+++ b/nix/overlays.nix
@@ -86,9 +86,7 @@ in
               // (inputs.nur.overlays.default final prev)
               // (inputs.emacs-overlay.overlay final prev)
               // (inputs.nix-topology.overlays.default final prev)
-              // (inputs.nix-index-database.overlays.nix-index final prev)
               // (inputs.nixgl.overlay final prev)
-              // (inputs.nix-minecraft.overlay final prev)
               // (inputs.nixos-extra-modules.overlays.default final prev)
             )
             (modifications final prev);
diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix
new file mode 100644
index 0000000..1bcb3fb
--- /dev/null
+++ b/profiles/home/chaostheatre/default.nix
@@ -0,0 +1,44 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselprofiles.chaostheatre {
+    swarselmodules = {
+      packages = lib.mkForce true;
+      ownpackages = lib.mkForce true;
+      general = lib.mkForce true;
+      nixgl = lib.mkForce true;
+      sops = lib.mkForce true;
+      yubikey = lib.mkForce false;
+      ssh = lib.mkForce true;
+      stylix = lib.mkForce true;
+      desktop = lib.mkForce true;
+      symlink = lib.mkForce true;
+      env = lib.mkForce false;
+      programs = lib.mkForce true;
+      nix-index = lib.mkForce true;
+      direnv = lib.mkForce true;
+      eza = lib.mkForce true;
+      git = lib.mkForce false;
+      fuzzel = lib.mkForce true;
+      starship = lib.mkForce true;
+      kitty = lib.mkForce true;
+      zsh = lib.mkForce true;
+      zellij = lib.mkForce true;
+      tmux = lib.mkForce true;
+      mail = lib.mkForce false;
+      emacs = lib.mkForce true;
+      waybar = lib.mkForce true;
+      firefox = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      kdeconnect = lib.mkForce true;
+      mako = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      yubikeytouch = lib.mkForce true;
+      sway = lib.mkForce true;
+      kanshi = lib.mkForce true;
+      gpgagent = lib.mkForce true;
+      gammastep = lib.mkForce false;
+    };
+  };
+
+}
diff --git a/profiles/home/dgxspark/default.nix b/profiles/home/dgxspark/default.nix
index 81c41e0..a0d261a 100644
--- a/profiles/home/dgxspark/default.nix
+++ b/profiles/home/dgxspark/default.nix
@@ -8,7 +8,6 @@
       atuin = lib.mkDefault true;
       autotiling = lib.mkDefault false;
       batsignal = lib.mkDefault false;
-      bash = lib.mkDefault true;
       blueman-applet = lib.mkDefault true;
       desktop = lib.mkDefault false;
       direnv = lib.mkDefault true;
@@ -30,6 +29,7 @@
       kitty = lib.mkDefault true;
       mail = lib.mkDefault false;
       mako = lib.mkDefault false;
+      niri = lib.mkDefault false;
       nix-index = lib.mkDefault true;
       nixgl = lib.mkDefault true;
       nix-your-shell = lib.mkDefault true;
diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix
new file mode 100644
index 0000000..b4c28e2
--- /dev/null
+++ b/profiles/home/framework/default.nix
@@ -0,0 +1,13 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
+  config = lib.mkIf config.swarselprofiles.framework {
+    swarselmodules = {
+      optional = {
+        framework = lib.mkDefault true;
+      };
+    };
+
+  };
+
+}
diff --git a/profiles/home/optionals/default.nix b/profiles/home/optionals/default.nix
new file mode 100644
index 0000000..697de20
--- /dev/null
+++ b/profiles/home/optionals/default.nix
@@ -0,0 +1,13 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals";
+  config = lib.mkIf config.swarselprofiles.optionals {
+    swarselmodules = {
+      optional = {
+        gaming = lib.mkDefault true;
+        uni = lib.mkDefault true;
+      };
+    };
+  };
+
+}
diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix
index c9ce74f..e04e2af 100644
--- a/profiles/home/personal/default.nix
+++ b/profiles/home/personal/default.nix
@@ -29,6 +29,7 @@
       kitty = lib.mkDefault true;
       mail = lib.mkDefault true;
       mako = lib.mkDefault true;
+      niri = lib.mkDefault false;
       nix-index = lib.mkDefault true;
       nixgl = lib.mkDefault true;
       nix-your-shell = lib.mkDefault true;
diff --git a/profiles/home/toto/default.nix b/profiles/home/toto/default.nix
new file mode 100644
index 0000000..2f1473a
--- /dev/null
+++ b/profiles/home/toto/default.nix
@@ -0,0 +1,14 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host";
+  config = lib.mkIf config.swarselprofiles.toto {
+    swarselmodules = {
+      general = lib.mkDefault true;
+      sops = lib.mkDefault true;
+      ssh = lib.mkDefault true;
+      kitty = lib.mkDefault true;
+      git = lib.mkDefault true;
+    };
+  };
+
+}
diff --git a/profiles/home/uni/default.nix b/profiles/home/uni/default.nix
new file mode 100644
index 0000000..e816f45
--- /dev/null
+++ b/profiles/home/uni/default.nix
@@ -0,0 +1,12 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host";
+  config = lib.mkIf config.swarselprofiles.uni {
+    swarselmodules = {
+      optional = {
+        uni = lib.mkDefault true;
+      };
+    };
+  };
+
+}
diff --git a/profiles/home/work/default.nix b/profiles/home/work/default.nix
new file mode 100644
index 0000000..a89b300
--- /dev/null
+++ b/profiles/home/work/default.nix
@@ -0,0 +1,12 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
+  config = lib.mkIf config.swarselprofiles.work {
+    swarselmodules = {
+      optional = {
+        work = lib.mkDefault true;
+      };
+    };
+  };
+
+}
diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix
new file mode 100644
index 0000000..31ce621
--- /dev/null
+++ b/profiles/nixos/chaostheatre/default.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselprofiles.chaostheatre {
+    swarselmodules = {
+      packages = lib.mkForce true;
+      general = lib.mkForce true;
+      home-manager = lib.mkForce true;
+      xserver = lib.mkForce true;
+      users = lib.mkForce true;
+      sops = lib.mkForce true;
+      env = lib.mkForce true;
+      security = lib.mkForce true;
+      systemdTimeout = lib.mkForce true;
+      hardware = lib.mkForce true;
+      pulseaudio = lib.mkForce true;
+      pipewire = lib.mkForce true;
+      network = lib.mkForce true;
+      time = lib.mkForce true;
+      stylix = lib.mkForce true;
+      programs = lib.mkForce true;
+      zsh = lib.mkForce true;
+      syncthing = lib.mkForce true;
+      blueman = lib.mkForce true;
+      networkDevices = lib.mkForce true;
+      gvfs = lib.mkForce true;
+      interceptionTools = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      ppd = lib.mkForce true;
+      yubikey = lib.mkForce false;
+      ledger = lib.mkForce true;
+      keyboards = lib.mkForce true;
+      login = lib.mkForce true;
+      nix-ld = lib.mkForce true;
+      impermanence = lib.mkForce true;
+      nvd = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      sway = lib.mkForce true;
+      xdg-portal = lib.mkForce true;
+      distrobox = lib.mkForce true;
+      appimage = lib.mkForce true;
+      lid = lib.mkForce true;
+      lowBattery = lib.mkForce true;
+      lanzaboote = lib.mkForce true;
+      autologin = lib.mkForce true;
+    };
+
+  };
+
+}
diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix
new file mode 100644
index 0000000..060c3ec
--- /dev/null
+++ b/profiles/nixos/framework/default.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
+  config = lib.mkIf config.swarselprofiles.framework {
+    swarselmodules = {
+      optional = {
+        framework = lib.mkDefault true;
+      };
+    };
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      swarselprofiles = {
+        framework = lib.mkDefault true;
+      };
+    };
+
+  };
+
+}
diff --git a/profiles/nixos/optionals/default.nix b/profiles/nixos/optionals/default.nix
new file mode 100644
index 0000000..ddb7846
--- /dev/null
+++ b/profiles/nixos/optionals/default.nix
@@ -0,0 +1,20 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals";
+  config = lib.mkIf config.swarselprofiles.optionals {
+    swarselmodules = {
+      optional = {
+        gaming = lib.mkDefault true;
+        virtualbox = lib.mkDefault true;
+        nswitch-rcm = lib.mkDefault true;
+      };
+    };
+
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      swarselprofiles = {
+        optionals = lib.mkDefault true;
+      };
+    };
+  };
+
+}
diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix
index dc9583c..1d8f99a 100644
--- a/profiles/nixos/personal/default.nix
+++ b/profiles/nixos/personal/default.nix
@@ -26,6 +26,7 @@
       lowBattery = lib.mkDefault false;
       network = lib.mkDefault true;
       networkDevices = lib.mkDefault true;
+      niri = lib.mkDefault false;
       nix-ld = lib.mkDefault true;
       nvd = lib.mkDefault true;
       packages = lib.mkDefault true;
@@ -34,7 +35,6 @@
       ppd = lib.mkDefault true;
       programs = lib.mkDefault true;
       pulseaudio = lib.mkDefault true;
-      remotebuild = lib.mkDefault true;
       security = lib.mkDefault true;
       sops = lib.mkDefault true;
       stylix = lib.mkDefault true;
diff --git a/profiles/nixos/uni/default.nix b/profiles/nixos/uni/default.nix
new file mode 100644
index 0000000..24fa649
--- /dev/null
+++ b/profiles/nixos/uni/default.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host";
+  config = lib.mkIf config.swarselprofiles.uni {
+    # swarselmodules = {
+    #   optional = {
+    #     uni = lib.mkDefault true;
+    #   };
+    # };
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      swarselprofiles = {
+        uni = lib.mkDefault true;
+      };
+    };
+
+  };
+
+}
diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix
new file mode 100644
index 0000000..0740cc4
--- /dev/null
+++ b/profiles/nixos/work/default.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }:
+{
+  options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
+  config = lib.mkIf config.swarselprofiles.work {
+    swarselmodules = {
+      optional = {
+        work = lib.mkDefault true;
+      };
+    };
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      swarselprofiles = {
+        work = lib.mkDefault true;
+      };
+    };
+
+  };
+
+}
diff --git a/secrets/belchsfactory/secrets.yaml b/secrets/belchsfactory/secrets.yaml
deleted file mode 100644
index a199923..0000000
--- a/secrets/belchsfactory/secrets.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-#ENC[AES256_GCM,data:WqtrDDqt,iv:Ksv7cH9opsgWoXj+YnTct3VtAT6qbaAr78uaZxkN+zc=,tag:9KPeAi/JZvxjKh1w4scsdQ==,type:comment]
-#ENC[AES256_GCM,data:kwewartySAHzmyssuWFPv0XODI/njYrSXxqEE2JBJvuCsJKwZrq4+EzKOtwOlyssEpAvaxxejmb7,iv:p3KO21NvM7zfp4U0s9TVW5jfnOzvQkn06mcFgHp9xVA=,tag:sn/zQwI8EdhWb2w9F+V4rw==,type:comment]
-acme-dns-token: ENC[AES256_GCM,data:Fj1V4MMKYJdXTur3xc7EDnYGXg8GBVPx8X/I6A7bRIdm7cX63yRrtw==,iv:Gaz6xYtEkQilaQG6+5Bz2gHWN3sIRQmCqLryZZYjefM=,tag:lGu+e1u6JOdxq8l8J+6+cw==,type:str]
-#ENC[AES256_GCM,data:IaG0khKtH/NwwvpDAWwZ9kVhtxI=,iv:IFP93sRIw3Lkze3ut20VBYWxBC1/6euA+uJoggFP5SU=,tag:dq2cU1tB2MPA99BJtp0gZA==,type:comment]
-garage-rpc-secret: ENC[AES256_GCM,data:QzyqeNuJPjtG7MTyO+6f+KfquWhHbDGBJ6hrEGDh+3kg6wkCGx/0pUjeOMAaren1jMIwk1iKaAnSbq7NW1GcLA==,iv:WmCRD/kNtmBljkA78Vb5guUVrsQxdoZfRE2tNlt0iWQ=,tag:6wKCXlwbLzxvLpACJbACEg==,type:str]
-#ENC[AES256_GCM,data:guiRBJqw3HqM3e0Zw27bhc/h8sPcni0=,iv:J1Bc5LPzYdhlTUeenn8QqpBzrsoKGr+b499h8T+ilNo=,tag:kjXtd7tH5PzQLWt7EWbMaQ==,type:comment]
-garage-admin-token: ENC[AES256_GCM,data:oxUvX41iOaS7Jvfb281lPKCavwP2z5hvP94EWCp8V/2CuLbeDWJtCxrlqoA=,iv:Qk/0/yJFcUWrgiEJSh2e+cQNsfkCPv7+RETINBDsgzo=,tag:bfTEOjB1Ln/WFy5MbKYCVA==,type:str]
-#ENC[AES256_GCM,data:RB6z24ud0XkaawMtPI14nvHhRkU7pTUGezN/9L4GoAXM0M93VpMbQEouanZASg==,iv:XzDcpdIrPU/rXsqPbMPzuDRFWXvV3hkBpwntCKc604k=,tag:eBHwgiEmxipJaNB5YivyXQ==,type:comment]
-attic-garage-access-key: ENC[AES256_GCM,data:HqaStuLtg4DVVe8SFWvIfJwPFUvJL59rLjY=,iv:T7kkjyISziJ/Dv8BtF6LXfkd+wR9TRN+ZG+7jFMVK2c=,tag:Rlv71YCXV3sYgrrj1CX7Qg==,type:str]
-attic-garage-secret-key: ENC[AES256_GCM,data:XJFQN+8L5hH1wUiTyh1bwojDyQA8bp8cs8wVNYqp/5YZ58ngiuySE9WvDBP4Jxrp2kHTYXzlofcKDsh3H6AFsA==,iv:HQJwUN4dPRY40VKc7eA+O0atRss3qQ35Kg2GxWP7hYE=,tag:UWgjX+2aYm0OMWAmKRT5dQ==,type:str]
-attic-server-token: ENC[AES256_GCM,data:GzTQqXHrg0/anMVg1ffLgEcYa+2dDQKckVzOGeoopeOdO9DhP/M+r5JAbCDeqdG8l/uMQHsSkahYAkPi5EQ4WUth77E3+hLuLLd13kuJDqjPn1TWyDU82omBPeRma8lmUUo8epJlpH174Ts3CX9tYpp6yL7loqRNw315gGoYNHN0FHAGauR8fMQEXf0p/NyMWmepqf+7tCmN1WyemUyLiQZxVEzKpGCLA4mVQOpevHDd6rzS843/xinZ+FhJoJxMM9EB5I2T+poAqrGrceWOMV+yMbeu7yDnf0Q17eEFZVFa41VlsiusjjZDf5kamdrQeiVFeLBmrUNpwOu5wzqvCFgk+a3zi5Ih11cPjnZSUGsN1LL0vGsmAuOvSN+QSvFeaZHx2xiFFpzAE/5r4f4yPai/n4vhUseG2GpyFjwKLU3vuk9YaCLzwgJuUz13BGzGPL//2xZnnjMDlIHz1sH5oUhDjVa4GOjeJNYdtuJBBdiWDJlKcMbsZiyWRSVGOuXg5TLdiqpl6WwOeVSSVo0Z25u0tD6GmVcTbe5bkfbpW4LNzEE6R1Zx4XGXE0KwXdxFS9O7H/EKLSEBX3eIhLFAc7zSXf92uX8yED38bETaHklDNcpTcX3zcNDtYdARkIQdY7GPgpj6RTNNMqOsz8moG2ZvEZNRtBaodYDmacjo7GL4Sxd9XsZG0juV6ZUjaPe1RIoJAaU9wZ9O2NWuCB5M+H73+P1thFSBdJp2HOMdlpvLnInrJNNC7G2NLZMSjlE/fbL8+TwQbs7QYC6msAz53FA7FXU3w4ojN0lgdpYMv6WtgEs+c4WssGhGv7GIwNcXPnbc04JMmpYgrxM7lwZVrzShfPQR/jM5u0AZD+zTeM+X/4IB4bjcWu2b1xGEoD7/JBBqBkVDLTpkryip2utwVwXimExOwTg75evLBeYRjYUIoRM4tfjKjrlwFWx+7SnRtTZTT7UrJ7lX6dWYebqR5JDRMLGk+2tEjj4NGx8hem2n6hOfkIhnGhTAi4OhvRnMwRvEX1v6fNP3X4hksV4k8hGP99GMnmeq584Bk58W/mU0odkdMqqK7xL5tVRE7yx7Muhied+S2qu/Ujj9esmTNY3t8twd8ku3jN+wlQqGOrcJURQrCt3lwMiTuVN/cJQeE/iADWt9mFO+P5P07ZROpNGqOMIJ7TVIv4KiyPkVfpQxQpOHDp2HHIUnwXuE9e6KjM3aZfHNljyadpeBM6kyqMMHmyQs/qQ/4/dFDFZcWQnAsOVatNOkYSxbQGqfrgO6Ekw0hbFxNQlfRyTzOqNjndvdonIhiPLpcxC72TNhJmLaPNmr1ZkqCWcAz+HSVlIoDquLrP2xIvnn9tu2IFhYbmieCKCGXq2VcGesygeEO75JO2ak6ia8aT6WKzlJ60E7xV2yTmTn3Tnu8ERYQEXYbECTwPqQ008bMAvzWU5cytZU1ediMxwi2BggIAoD5H3sufO73dk9RUEHV3RBfXcJ1nXqH6LTSgdCwrjRAy0058QR9UK89vwUglJKVLNsTaM/XNhGItAGazx296tjlH9lIXtTxzi7J+qWLqfNdfi50U2NMB9Ag/w/LwU0po1NNgu6/XKWzuBOJyp8RZ4wpOY4qQvJVD+fFBeubb56HCCWKYIfYexNJ12wGAky6RV5KfrQqMjm+KfPhQOrcXmtn1EODzEiPfX+l5QqqXcqwVi/l6OnGbkC2GLmcajZJEbnXgayt4ZbPIUYe0eUEwySz+QnksqDQqDUhapa0JZ6b31Pc/UmyXAMnljy2XCca0tUyYSP2HcLpLtONacaySIbu2robQuzq8MuJlqbdk4N4EusQn/VUQGqlOPgeK0sm433+WlZy0x7Drd9xI/1lBF0khZ5VP0MHPPa1FDs6xcjL7ALj7DipV8mqZreGdbS1oT8qWVxMVYwOsXYTJTwm2TXrBYTbie6rSDOvx0H7dixr716waVvME40epQy/yHQjCO4P8k+K9q2oJqKZywVZnaPV9tS1AeMttk+ydQrzxH5SuJAuyjggtS5QUzN2QauOA1OnDfVKr7T2P3zNd5mixL9gc5c5q0+XQ0T5+fCoH2alG6hHqOxssgJFTGDwEYN8NEvqihnatIzmeIpcs2GyTUOJnvIsAEA2bTuf+XZ/t42/TDDO6S4dD0R9KvBnslgDHseMi98XKwYF6bxJNjOHyVeersP/aaMkj/lSgHuQdazW+wdiLLtVXd9iDyYz1PiQmM5wCpMZ9dCzOesUQ0A6iFEcwaPzbJaeMhGDgfyVrMa3n1K3KbKon4EGSiZsJWfKcNZ4f/yo2yDO45FP795trFR1QxithgsC6j75I5dPMUDgg/H5IBFSgsGXyLObHV6cyQFav/gyCMgqF1M+ttcX+wm3DHGufGJUZqpwmCCOyoEh5KvTvTmvhGAxoYbILIMfzxkogBC144D0atnmpUaeKoyc/Xo3OpYqOmdEEzsL1ddZSkVoR4Jd0hqtdLDY0QdyFcCbNFAZiQTlRyyUej7UXtogsirhTazWCld0YPP5fI+z8zoyT2UKuO2KfYGokbbpiQBSwn/I8qMLzDIqV0iq/JglroQCzbqSxkOuY5n1kH/c79/u3CrNzha20wgkgpM6kvg4ocZMNbkSfRU859qrVCKybEatgHz9naqCyklpA+q+dIMv9yQsJJSj3gqCGqz+eweBt337W/7/9M9WVwL62gTXL1wHgCerM8LT3lKto4Rr8WmLQboH9FXJkQ1Wmg4XguM2zvIpr4rLjHlGLG7zwUBslDnwCATs7CQQ/s/VVd5cKRapa0+3np51g/9Sp/1lmR2HRBGki6JQnmK2jyDSBd6cDpg1c7wg7CWhaWGMulf9KR5MTcKAtRrGleoIcvJBKdQCO89OykmDCKdPyhR6BkQpRLnmWzM1LmEoT8JMG6zXN22gjLet8NobCn3fNqfTa7aZsqeY2ueI1YRqQolH2X6qAy41GaekNLN8ADmeIm4/jl2Hi6WhWCL5cxoToTOqI8nWVKlF4t8DgiQbXOaC6Nz2WmrjUsCWkFjNg+dVf43jOS8QQBgEcqPMYzrt/bE5t+qIH+CaQXsudP6HawqJfFkn2c6AsoqPxEJ46niuOUmYhCpvHqFUnMKlS0qiECURrriVgN/akHT07lAOxDWPSEKbTidw7njXziHquo8Rg8BnBvsM6HLgqSEqXxA+4lXicWTcgF8zERVNcbTgUMEEqL0LGwZ4Yjoiduepeqq9N5Ip61Eni4oRoa+45GLzvUeRzgufyN2zVDVr9HZ92VPEiGlG6p3cr1QNAN9Ss/qv7v9h/j3Rns0f+z0JTI3aJrV6t0Qt43mPk8Q//BVRaUV6x97J4Pn3ueR0eCaxeHCw8qtHQEqVBxpITcEkU8+PHe6k5hYkXL/IUsvf/K6FuWnEYGo+3C0TGvvmljCtYV3QxKMI2Vz3qK1E94/aThkpJGbhm7RRJtFPtpddGMc64eW5LfUefT61c9P32v/Xr+1tksLl4u9SK4z/LltoCGw03rxZvj6U1iwo7Qm7M74/uIKQmaJjkje87bfX5VbHuq7Oem4wqDbkhq740gi+9i9vW19F1EhwCG8ii+k5pFlWy/LkEr5Qd7+WXP7OsCBxDyrs8QSJIFD8tmuDFsHcGIEUjbHFRwpa02/mSTy5Mu/LUY8sfGIkqZylk02sWrmPsgu74E0l8/E9HRo5I/mAzzuHfCosbaKx5OExqj3waurwiQ5/VaKrjQIRKI2BqWSDFylRoFX7mFZF4DdupUsjehObhSgZs9le6yZJHmN+UBEtgRHuwc7yKBBtWQp9oUI5orr+Qj7eqcMMYuIfSABlqM4geXXyDiuTQa6PdOaDguTsPrZocXkUzB/cMgbUydxdMT8LnvM2qVSQ89AXi0qvDAzm6JfON01QIwzbQ7fG5EKqAV1S7RZ+zDwyS9NzSAy35Ozlw8sccWdUTZieGeU6DR9Ipq1wNOxBEikg4ye7ps6KOeqiHGoskh92iOHO8O68f8PWOcqIrfO2/g2t6O8udBDG0lMrdoihmku4WuAJu0la69kwUQXBckFH1Ptg/GTddg+gsJvuvpiU9fUgf9GwyawtNAhGwlKoHlOsCgJompAUDXLvC11MUoCLe2Mi7uFeVm5S7UD0PGQ5Nwa4Kt8qlMjx2xuqNT9ogqxc6y49qDvlNNB3IdlN72/ty1qsesU7KTWHC+GmMIcjLDmUBeiiXPYpkysZ26tVrpMEWP3Wl9Waie3VHGf6HUQOnopzYD8v+eHj60K/1anINYlUYLcAw61Fb1Nkh5W1FvJUpEEuVmXInNff1UH1Y0DX6BEEcoo/+vEDm9p+GXc6Lc874zleOb9ugfKxGTFSeB/cm/gkm49KFf3wIrcNxNo993V8PcdP9ONLK6jON6WTIIhdF1awJqJFhaPue/d/oPn8AhkqGLB0HfYzi5JesGfxRsKA8ZFQDDs7ZlZj1C6rlPljSLhuj/NsitDZoz9umEX8cClFQ5UA34jHdLj/dXPu0cZXxUany91HAmO2PQWYiPR5hL9dtmW+WIc1ptL0dwEgXe9VR0TQ+joDO/ilfEA5/MD5+CAOL7nDSLo0ypst0IdmADEKiAgQolnU7BeV3PxmSAqLysV9S3sPXo7rH6toY6cQ41ZftzquHkkD6vCDeXHPbzXNrHgM0ZzCZD4k5DDwvHuqNLc0hoaufMNzbz1Cx1aOMc/8yJBskbWtXhRJBxKAK3iBylLNLExYCUkG7PAa7Uno/gi08R/cOC1j5HaaCB82oZd7nEjKY+jO7RFyAPjwVzQItVA+tVHJHOAh4rZyPNEoaateuhGNWRW/GGSddAOVaDkyF9Vx9KldXRVJhhMjvlfGmcB2n3MrjEyOF2dcpBISXIquMm+V4LBettQ6coQPhDLaiClW5EJLgbtUTcTB7BOjOjchYkpRZeWn8Wz5jG1axfHe9BtVcIvCP6ldK05YK5tgQ5k0foFIQRKxmiD7P31+LJwGqAMxDAyM4wPS9WTPDgXWizsIx+exT2/qEpl81kaqMvSQEFTfy+fcn1Fi+81PRWElFfUVizKaiyzH0neUXQZcJCU0wFCxqSg/BA4hy+AUJTgjz8OpODsJUzqujWQ47sUqyHObxsVDAH2B+4i/hh1iYInA/wUHJ06AoD59tP/5oZDr3GIU2o2spgAUJP6rLS77awhAnGZMxoEJFqYJGU8bBllTwrXZL5GvdwJFq+EkagoEa7uXX4WRyh0BYdvynlQhnyTQNc0BOdZlsA7QLqCx4USQSXzSxEG2N/2mUPlP/DNlENf0Un4lJkdVpSose5yWERhfKS4yBP1lsh1bAoiO+JT81z7jIOEgR/G2r5riQnSGKECy7CbYUBYU6IYI86r1Abg0eg/DEJqHOr0fCBkh2/e0tO52IUQPlneTeZrWg7jJfkr0ayZQCeqtxjj2tS9bjnBHtp9AoiIlZz3uc7HBooI7JFS4YKe/Tn+3EahCdy0IzePwSDlX0MW8DauGZHbX4nCptPD6ZFH5JYG6Xs3fdUZyffc1H67/jS37+mk1QoNMk/OiGhuu/PsFT+MGzP6UnFjDPVqZr1pIU7hQBkOsgAFVtGsyGp12BOqktQx9jKbMLeHqwUd1i/XHz7/VFtqIKSNDk2MnOirLIa9+s5fqZM3j/mZe27pQPQpUMSnqErajylcHYwelw7Pkn7r8BJKbUGLI5M08LQQHgRDNxBi+gWEB9Ro2/+7GS94TwQyzfjXmmfEr6rcQ4jBffzH8bxRvgeSIwcNHnDK/SiYCA==,iv:GP5ff3lAzUqfBliMj1J9EcMnTe/BDeEPlZY/Euqep7Q=,tag:7udaKfA4h6d2qzR9EvLALA==,type:str]
-sops:
-    age:
-        - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTEN5NkFlN3BzWVA3elRy
-            eHdlRmE3amJvZWI4OVQyT0VuQjJvWk5MYVJZCkpPc05udWZtTWpnai85MmJzUVQ3
-            TmtGZzhHbGxUWHNiL0lrUmNiNjVvMzgKLS0tIEROR1lzYm5kWE1mVDN5dHJXMkF5
-            NHZwMEl2ZWVONkNuVWprUFhsek91NzQK84WqkK9mtR4q1G2wS6gKqflEUv0VefUJ
-            jcQij+3T2O81paZytTzZNPX3JuebyyitC5KeEoz3Z99uSrCDaLuZAQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T17:45:56Z"
-    mac: ENC[AES256_GCM,data:t+L6NWHaZCrSbHJhFja28E0vSNGHf5hyH183J0KPL/SrJDcK/XuxwSbbCTfwMQtRiuhjprjPjH4ioqZV/eCiLEd3C3LikEwlXb7CutYknpjceNuhi3aJ5+oRVb8vwcrMAtbPKKB1ZJc7PNcRWIFk6oEF7M8NjkC92/3C4fSH9Q4=,iv:t/YjiqCEPJkyHz/W/p6T19An2Lyr8khmwsv8it/nnZM=,tag:lccvtgBMM4NgMfKwgWoeQw==,type:str]
-    pgp:
-        - created_at: "2025-11-26T12:40:31Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAwDh3VI7VctTAQ/5Adw1O86oiP1IkusK1t5JcPR9lt6aZNNVwVTFzkenAQoA
-            oO23QmBYIgrsPNYdck/6EownjbfMCjaIXPiKEGoV3qy9hLk4XM0VRJNYhO+dWLSY
-            2qPoOTHuhDJeaNwJdZe/Q45+rPaYJj7lEoOWsTnNuXyQ8lZ6mDiUPUhiBUrAecFf
-            p1nKg4g6r/kYFmU9Pa7MQ58usZADj8i2zN9qOE0s7Lp0AKTHf2xh1ApIZpjntqBU
-            IHbvBlPhqDRtfJMG13+qs99NTZ8kMNHluZu9suuBuioJC9P7nqyJdB2a/izEVzpr
-            nFW6iRNxn8I2E9BgaH1r1AzhKGtVmy8WKcRQB4RFU5I9ex0qB8JThLUBl2uPDv/Z
-            0CrGH9eC2w1E1NwEyfFDowQvRoo65lNz7xgNtlFpPkJX4X9yZjJHElvVg2I0HJhH
-            XzUCsnsTanQPGzXRbVRhVDyFU0xeUa19l898Ft/lTKguOVaRcrCajXq4ACmykHA2
-            nnEoHh+25ablQiF8JIoWgLREKftdL8zCBWRlyv3i49nmlABykYWy7YJVYloTF4ow
-            k1y9JTD8JjaMT+LFU1s5j9mVPnc1byeKkHdB/Pf0R9wGtESuWdfiyOGxco1rHePi
-            i6Cnn3mEro1Ty+P1aPN/ahxCzAoFs93stF4JgebWjmOZ0R8LOn28OypzRdR91R6F
-            AgwDC9FRLmchgYQBD/0at3f5R74CdMtw0VGIT99q9VbXNpD/ZBETRsNwosWLICDf
-            wLbrlT0YHro+1mDyTcNtM9ZX8OlfppqsD+HSYxCfDIbi6dQwRT4PhB4V1ZtY241X
-            41XfMsMo83TD43JYRn+3XwLwp0ZjLmteGI8x/vVD2OoSxA/2n83+jsVHUj3bM2Yz
-            hO6aQi3dPbv0PlFjAOVzsZ04kXnCM4SiUZGNVUxOHofoPS0ISiROoBZZuB4iTSXJ
-            V87UgqZdyo8eaF6zj9iNo95yfaWJoplJFcTnzUBX4+OU4OxjiS5h3QEWeSG2fJtG
-            NCjztSkDjf/rOOrRJ0nhFC04HuOSs4ccz33RqOrWByyI11SublzcDNanLpV/lfIc
-            q5J626fFqrVanbr/zKJPNBqD+vqH8odbkx+MxntYPt4jPtj6Ijuhva7g8dUCT3n8
-            JPOCVG4oj10djmStnpazs8mCQJm9XcrOyXReQEHnKuO0J3fbvdg98QEom5KZcjY2
-            jHATK7+xCYgOEcN90PFaC+doq9467jODvCJRAj+A5kRp0AgOChlttb0C4kT+Ulc0
-            4+ydcYbRZMJy1f86f6bFCuK0+X2K8IYlJSl/lb69Et4gDdRdDHGqZY4GtbMoJ5yb
-            AVrM6VXFvQI2eEPNUJBir17QDdgdMVSktF6xg+rtEtYAjU0T6fmZTrlpL6jmdNJe
-            ATswWpOyg77HLgPrvBM3ahVwMdBPZYP4ahms3afCTWKvo9ucWSCR4LF/xMEaHZV1
-            yGEpRV0NUMU13CprYem84VFHFeu4+AFKgxeP7xHmqio3Q+v0IMiE+QvWZZ+Z4A==
-            =x3px
-            -----END PGP MESSAGE-----
-          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml
index 7bc7436..6564dea 100644
--- a/secrets/certs/secrets.yaml
+++ b/secrets/certs/secrets.yaml
@@ -8,143 +8,98 @@ sops:
         - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ0p3QlY2c1dGcGIvektO
-            c1BRWWFJTndub0dxUXhlMTlreDUyUlZ5U0NjCldCamVrN24yZ1QycksxTDV4Sk9V
-            aklIT1dGVHJKL0ZWNFN6WnhJN1Z4SzQKLS0tIC9lZUI0cE5aYzBHcWlWc3FkS041
-            bTdlMU5qbHRBZ1V0ZXhjL3FKYmR0Z0EKpA48GyFC1W2+O3WL7Dgjb5dRRfkyJNFi
-            Yl3i2st6zBGH6OFJGdLlBAJ/lqw9LgHKxYbId7XcuAfMkDTNz4Fjjg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WDBMV3RUYUovS0ZmV0JJ
-            bWdqSWE1TTA4MjNvbzFtM1NoY1FsL0FIWm5nCkV5cSt5VWVzYmM1MytuTUJsVHBB
-            a2hoMTNwcXZaYzl4d3lmZUZIVDBQekUKLS0tIHlTcEFqR2pIQTBFU21EZ0h0Z3hL
-            UHN3QmtreUpUMmxTNy8vbXRnV25jRFEKTaCbReUitrOJGVncdR/VQBXmM+mTzTKj
-            HzRnYSUmuuRdkHC/ljjeYR4rkSjN4RJABX0fraKdARBfkoi+x5ulCQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJM0k4SW96SXVJejBGcHJR
-            UVZneUVBT0VzZXNlazJKcU1DYWNPZGNiTFc0CmRtTEdCSkF6dTZZamhPWTF2dWlw
-            QmdNTmJ2Q2JiNXhJd3kxdTdZNXkzU1UKLS0tIHoyMEU0UUJEN3lkZDlGNjJKWjFI
-            Z3A1b1BJNVg3SDNXZ2JPUDZwOXpHTkEKv+NRRLHfnc8j4rVmBDrLdTTtNyb9sUUm
-            EhEmbKkXZfHUQtx3bYUJQeod2wd7CYGzvfrbU96xpFkTAqvUJtWAJw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdXJzVkxzZDlZaStpQm0y
-            d3lyQnFZcUNaZDdrdm1sSW1HS1Y1VkN2cmdJClVuM2Z3ckF0RWsrQ3RkN1Q4SGFF
-            M0d6THFpRDlXTXZseWJjQzU2OCtCWUEKLS0tIGJ6ajNRSmJqNVMveFBSUWF3TmRh
-            VnlXdTd0VS9RSnUwWit5M2RqYk5FVzgKLD8+uG/KUxBUTu4WFcgl187eKapyPrVq
-            0+nL/jITbzy0HA3cTdVR1b2pueKODohBdVIqD+JpPs86z8FaLro80Q==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcUYwUHZYNmNLYjV0WGhV
-            N09HUVo5SUpvUS92UThaV3hvVlN1Tnc4RGhBCk9HL0pXalBiMnJtSWlaOEFKNVlX
-            S3g3eTVtYXJwRy8vSGtmUDBpOGlYMGsKLS0tIDBnMkJaTnBnUGx5d0hXLzJPNWVZ
-            aHc3KzhBT2I0YkNCNkpBdWZPTDB2cm8KSwgUwcFRqWFxEqGrnTd6a7sle5SBXI3J
-            KyfOOrS1agk+nTaUJNpxLOG3aUWPSG8DBlEvP4Z1Kx5kG4e7/kRapQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRWdKL0VjSkJZRERNWWVD
-            eWNobG15RUtQUXpWMlZTYXNBbFowc3pQOEM0CndTK2cwc3ZRWGxiSjQvb2l6YXEy
-            SGdHNVQrZy9tc3k4emRBeVByZExmd1UKLS0tIEdBZFRMejVtalE0WGh0WTExM1Ay
-            R29XRC9wNE4wMUdyTTFpYkh6VnJ5NHcKEDsie612hQqxjH/IdM61a449jiSaqNvW
-            fG6x6U3GQxnjH6yM+Fn1S87c7ZihTIAPzbAmbIiTmVbv7cp8XVz/LA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH
+            TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm
+            NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw
+            anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI
+            Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTkNHVmtwK2JOdHM1ZUJ6
-            aWhTeUxpc0pFd0tXcThYb1NkS3V4V3pwU21NClA1Y29QN29nc2dsY0Z0SmdFZUtE
-            Rk9PdUVhU3ZvSmsxcVhGU3gyMktwcnMKLS0tIGF3dEs3dnBoa1VIWUorZjJwRkJl
-            SStnREZnTGFpMmFGZ1B2MVF2RWRqN2cK5HHfMKlmLG1UQpDYr1Gg8GU3Gg+oGebE
-            y2efhe+oiIwr2uo9+zielNVAykKg2hvwUmyAXBsXsl95sIXFfN2WQw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr
+            WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3
+            NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv
+            S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX
+            SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRXRVSk1SRzdIZkpobFV4
-            Qjg3K3NrTDRGY2VZWWNOTXhDLzlodVhTeG1FCjJvanhyN2pITnVBOXRINUtCbE10
-            TlBEK1hoRHIzRGtoSDRCQmRnZVg4RUUKLS0tIGF3Q1RKL2h1WGdSRWc4MzF1cTBE
-            K3Z2TEZycktQRC9NN3R6bVVUSE9FTE0KOtBDjkAezsWR6wfrfnrdUcpdQgnCXm+s
-            WS/RX6Q5Jw5nOSgkR5SyhHqOpalYlCnYQdE0zmW7n3C/BqnX+53T1A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR
+            VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE
+            WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1
+            dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/
+            gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdXQxOWNveEtZUGkwclVp
-            aER3dERtUHZxRjBweDBYdERROVA3OTNYQTFjCjBZSEVYRGpEWFFUNnM1SU5aWjhs
-            MWNUdUt3UTQ5SUF3MVVHMW5Wam9KazAKLS0tIEtUekJPVlpyYjFzcmJ2Z200OXNs
-            N25JN3BJenVhNnhmYXdFVnZEM25mdXMKpzEJ0eqnUoiyboiy9FBeeZFBNHRrO52Y
-            RICf2lc1bx6i7fLjOhbV+ewjNk7p6ApdJPHaE6Pxa+jJ0O5vVVJjiw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU
+            RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ
+            TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU
+            MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F
+            UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NEpqQjN3WkFYSlNrOUZj
-            aXNDd1JSWnlXNEJCREN0VE04QktNK1gyOHhVCnhCcWdEV2NVYk9vK0xNY1RTRVdU
-            YS9kRWMrSnE1T04yUER1eGMrM1RsS1EKLS0tIFM4dWxCRTBJNExsakxCOTBQSUxQ
-            ZjRQRTQwK0k1bzdzQVBYalBlcE5OV3cK1vkdKETqGDbsj/WMjwLmjwUz38yPXh/H
-            vjJxq20D05HNI3PdBMzZZcaaBzVqf3hx+afk3jQPxggrDiysiRNWLg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu
+            cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj
+            VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ
+            UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P
+            wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSnZNQlZVWlIrVm9HcDVa
-            Q0lCN1pKaVd1amkwdTFibU83bWlzcmdzM2xrCjU2bExsQ2JhN0laK2hocDVBUnNS
-            Y2MyTGp6WGUyUmkyc0VLa1JBSDIySHcKLS0tIHBVYXVQKzFUdEJjdGlBL2VHMldG
-            UzZhUDBCWC94b2lyWEdWeWpJK0tqcWsKH8QLyHTIIEwzUAZCTeUBbOAd78fNHlqk
-            uImJM5y/vjVw8490Uo7rkypQ5Faab+ekcWqPSj6sE/nFEBWTCKdSrA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy
+            VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq
+            L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4
+            aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5
+            a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNlNabmNqK29OQzZJWjFX
-            Sk5OM0FTcGxUVCs4OXV0VUE2dXNMVG5oZUJjCmtRR3l2SHlEd2xBQVFPcjlMMzFR
-            TCtDTmEwVS9ZMFV0Y1VOWEJGWGtSUlEKLS0tIExZUWVMWTVkUisvMEFmUy9QZ1VG
-            RnBDMFZ3TmJObElRYVg2SGFBaWxkZFEKq7un72Bpl2st9AUvAXE9rBir1mORSkAA
-            GnHQyN1tVPurKINQeAmuA8gIn7UlaIi5MxpIkaJFqmO1/6H5e7tkGg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy
+            cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx
+            T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91
+            bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0
+            OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-11-19T14:09:27Z"
     mac: ENC[AES256_GCM,data:tZ6QzVPivueZiC9Qfb3KNZAv02QatgHRNnlM+Y0iV4BZkYoBjxeDojutizvAMwUarnubUdk5I6m2OZK1mvVDZKXyI6zALX4JMeT2xYQWRHYzHpOygLhhGwTFVhV+0C4jN+eJFF2cNf9lu7NuZI9ylZSOY8I3YKUl+l0l3CkXUl4=,iv:JSGOUq+j9T/NXspn70dfu0J4ISV6vVFZUe/Z1CirrJk=,tag:Hm9N55f9qMc056nSTR1piw==,type:str]
     pgp:
-        - created_at: "2025-12-01T23:06:33Z"
+        - created_at: "2025-11-11T17:51:25Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTAQ/9HmPTBEVh2e92ES0g0sOUx7S9I1zoRFm3ONWNoaT6hld4
-            UJiKqbHMQTyjr8m2IvkzT7MhXr6fPsspAFguxdXLAD6LSeWJUkBn6IBT43ISvbkZ
-            1KrJnZHzwMjxMGe1MrBk4C17YPlAwB+CDNNehkKHWkSPfVqNurY4gtNoTrZn7HIz
-            5Npvi9d5W984CeuFoCmY+w7DbKINk0J0YkgT9zBMdfGw1cVAV5aUS5lIBqvo0YAO
-            yIQf5tbG9aCa5CL3OH0JD72GBUkODLfWFzcTpzfjYtjx1rsbu6gqkLcH1eGFqTsa
-            cQ7+A0wbB+9iDN0OXmmPNVix+uMY1yQpxMve3r34v18R9KTCvsSK9gOpk0ilg/T1
-            lBG5wFNEutJmwuXai1Zme5+MJLK0ggUQYywhYY9auGmwC74ZRtRQ48o3SsQ0HJTc
-            tLG0thDciyF/Xy2IPjqnp9vCfITnVw42ZsSIbXfHHYoEBYu4mYhqAP0pmHFzY3jE
-            rc8LzraecOslqfLVgdCPo/7moBpegIfJfCkX+gYxZKRJsuOHNiTVyFHceP2mztKu
-            F6MIVxsJsQjRnkavaHXEwNFr+X+YlzoOAid3UNzO78rKAGUw6mJ8PvLBekqw3wfI
-            zXOWNOgNR/aCUTAbSPn1VBLSM1kioGAKrs6+bAeRypmQGaYiLsDkvOU+qfNxtaKF
-            AgwDC9FRLmchgYQBD/9iq1JX0DpTayA4qSDo7i9qeET6MKK5VmrawaV2LqQpxOk/
-            dEEIT8+ZBhAGjKRIPRZdF0bgcBP92IeOOduPvcdJcRstB1va3nyeKDXkYwaBN0XY
-            FPKMrTk2hifnmlGdBzN3RWGOXURDZdhqjsR0g4M1/85//0ZA1ogFnUsqtPI07TVd
-            oKoZqdt068pgBDgAxiwA4Y6WbSSdEo2xQIQ0JTRMGnIycHGnU8UYWElEjnusGKSc
-            jpC2jzc9TUABawOjCnauExHkBp6PhPRlAbzLA7Kq7v7lLkMKQdnJ0T7kIJUd5LlS
-            7TVXSq97WvGBhtQ45cSIZTskjnXEx3TQip9gNrV+MkZ14ASOwc9Lmw1O4z6cVUte
-            IHzUELZsupE8KQPifgMOyx2Q4OQPQ/vv0CSYJwozbpK+g3XRAtsm70mSlagCtye2
-            MsNNQFfZe3vSV4o+vQfbWQ/LMxP/8YcRmh1/2q02yXS6sjW4MWiAjcW6nTRCxJbI
-            SjMKmIbGNn60MOqn+9MNHA/S12SS1yI2cTPenebbhXAbMnCOHW31D5ufr/UR7Pkm
-            xiBXOT2jROYtvFozH35OpkIPr7tV0O4riUVvPw7swlqTVrJKR67Fi7ORsGJKbztv
-            YgUuZC3679TzXyWRMGauTmOPQO1+jZ0WD1QYtKkXPpTZNLx02a0XaGcc4if3gNJc
-            ATICbOTfcwy5HkC+KcLy0KADtfrO004fSIXV4TNrdfyXNnUshnutAmZBRAilvvdG
-            OQRfyr8P0jKoZw2UUoAFEGFU2GaNg8NvCoZTOesN2BNhSVIdA6QKjnZOzBI=
-            =HuIS
+            hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1
+            3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu
+            AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn
+            dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD
+            0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p
+            4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763
+            wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5
+            zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH
+            HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr
+            hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0
+            NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF
+            AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU
+            zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6
+            H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm
+            +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT
+            iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD
+            Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm
+            kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq
+            eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r
+            tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ
+            RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5
+            FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc
+            AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0
+            YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc=
+            =R1dw
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
diff --git a/secrets/eagleland/secrets.yaml b/secrets/eagleland/secrets.yaml
deleted file mode 100644
index ec63b57..0000000
--- a/secrets/eagleland/secrets.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-#ENC[AES256_GCM,data:TeJxdPs=,iv:M76JVBlBfgjjm1SuT/0tG/98FXpkIPpGng4u4F5p07I=,tag:RXAqa2R0HmEOjW0dD1treA==,type:comment]
-#ENC[AES256_GCM,data:YczkPHAlYVsdVPPGyuByxK9wvRVbAuR6rR9rSFjMvMGxg0QUdIa/yo8o0ppe8I2ywwlLSROp3WLJ,iv:ltLRGMLZsOte9jQEi/VW4Diu/Od8kHPbzsmvPqVgLCE=,tag:YbtxLcYhvPZrC+QFfxtMrA==,type:comment]
-acme-dns-token: ENC[AES256_GCM,data:5U/74jeGpQH39kyjuVwLU3WBYk5MrCMZSFouRFRVbB5FhOkiJtqYBA==,iv:f1TgdiVVbAB+580AtQAe8mCXU0WuS9JX7AWukKbDYj4=,tag:Ut0tbtiNcV/NxfStyZA9XA==,type:str]
-#ENC[AES256_GCM,data:dZiEtGPKsbsd9g==,iv:lNgXQHx/w7pm3EUTBwyFnqv2j0T7zQ59nFLom8F0hQ8=,tag:1cF89QMfjipYZgfl08qSOA==,type:comment]
-user1-hashed-pw: ENC[AES256_GCM,data:uPyDpGOVIqE6cCyvhXIM6v8sTqEx9dV96oqMYS7fRMLiR0kYlCmgNBEeDFmTNRskqwW/WGXrOBn555ZH,iv:KbHW2mOGzOw4t9aOrKLOIobkUNLWj69dk7fFuy1x3aQ=,tag:51+qAavIiM6K256MkhBaZw==,type:str]
-user2-hashed-pw: ENC[AES256_GCM,data:+BES2HwH+Jj6wl7MVzsdmPGxp6AuiPLx+XuOpJClksm9SlbAyqATAHeNokAHmj7yLS79rJF5C3YBBtT4,iv:bSX0PLcriKal3eir24DTyePfropgVhh83U0JdR6/2Cs=,tag:TiSKjApnJg3di+77vV9l6Q==,type:str]
-user3-hashed-pw: ENC[AES256_GCM,data:sr7jv7PppT5Ub8VsvipXdZZWTZ31GFscmZ/CcHzYE4vsfIYYHpFElHGMjlbcTSLjyqfVOcXAKNvabcoO,iv:C22sZLrUUc3G80yyYr1snuwqtAa8USZd8FRtua5hllw=,tag:lu0hPo24CXNI2kE7C8g3Eg==,type:str]
-sops:
-    age:
-        - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWkxKRHJnTjFHcGlhN2Ev
-            aHphYWN6SXNNZWdNc2dBclViaUJFdW9HTUNVCnN2Q2MvMUZpMmFENlpNTVZmZFJj
-            bjFRTmtENzQ2WVpHWmc3S1BCMzZmeE0KLS0tIHRPZlNQRnZXcjMvSERuVVN5WDIr
-            SmZrb2xuVW5VVjM0b244U0lkVmlkVGcKin/6A8ONfW72fbQmvJWiNCzAZfGUtxCI
-            WV0DaPvO7sO5y7q37QxVUOxgJgF0WpKiNel4Y9E06xbl3TK6jXk2MA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T17:45:38Z"
-    mac: ENC[AES256_GCM,data:dQYfZvGJukraN3/rPbu4JxItMxrsEIY2mkLf3ZWmC+wNZ1qLaI+EuqmLRDicNJqQ9cGljystJvrZouUhJXQNwsg4WNck5+WAfFZ4MRevxbZre+LqFfsFi4of6b65iwRTGIahtiLApNoSI6SfcjCt28i1CIofjuQIEk8LBrBlEys=,iv:fKeo9Ot8sG6qYOBE3gt06VqoYKM1/aXMs/jj9dNNFhs=,tag:sOuhoIO4SBUITo8WfCmwaw==,type:str]
-    pgp:
-        - created_at: "2025-11-24T12:05:01Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAwDh3VI7VctTAQ//XLsWCm+hQ4388h7XmawVSSjBF5dRYHUpuW35fMG/+EWj
-            8cGL9dXCBTwBMCV1tEPQikjdVdzFPfCdroeKozvdt9XEOv26sYxtUwihPsp3PDtZ
-            Mq42veeVqcd33NgfINim7DALCoF6wlh6FM8Xeg/HHcFk9T6gcnhHRWbka/nBXm5y
-            3ESVCMws+nuenmNsAp7NP6+TbF5kToSHSd5sf/S+mdo3rMIWVtdwc3Ox7RGeA2Kc
-            1AEGfkIZmrUtnCnhbE6Q89nNfmtdmQ6RFY0sPZem3Kksx5SfxLTP+QwsyUeNG402
-            ndnjCKiWLlQGkO51wgl3oobJ4KqqC1A9wMvYCIiv163bCy+jA1fsGH/OAIa3kCTb
-            sauCsLeq3ilSmzmwbWKFIi3dst+YR63XSs7aSCaZ0HnI8CCPV4TMtNkgtiVCXIGv
-            UmF5XCx7aN3cfGTbTwBzMs741HzQHSxMgKekicJS+NJC/P0DfJu/st781rFqJ536
-            FLYF9yK98kVNLrxpWlw+ayp8pP2wMmDScYjZU0Pi4Xz9y6iF0ZtJfEc/NaThKJ6l
-            K1xat17b7dTdn0H1Ncq2zhZ41nydk6+0K1zYMtjFplCwzGtTDAn7QIY2YEFf+zEF
-            A/FrEW8sjTOYbWORz3ZdH/lhd12FKEG/QFiM5UwQkINRjBO9NFLTmGXzD0C0kVOF
-            AgwDC9FRLmchgYQBD/9TYF9hq4JEshBgmUrv+6MnnuXJCYkDdPFrDWk14bAL+J/M
-            9r3hHNK/PY9OUqgVf1HRO8d/bIvAwDJhs3rhWP/el6IM5UWfkwwwx/blhTzTlbgm
-            1XjN9uPd8lAaNFDgZBKg341zxxuQa6Ikm3MCI/pyXqeOKMlxXfrkH0Lx+e4TyoBF
-            pDflamEOVJt15dQFOB9aiphTZMCmVQfV/eYfjqpRDR837/ptzQgasgk2KFvyxCkp
-            iWL/n1nN4n4lg2BYeg0EinFu9lR03VIPaWYrmYCU1XvDUbVKr3c5FbX1mcyt4PvW
-            oSCq7Gax/YCSQFy6Iv2QiPqhrnelYRuBMuXrnSz8TKfXJtsW8+R42vNc4o4iSYsj
-            ZIzBQO39YcUA01qogP0hxPSGzo1M0cWRpZaX3JbjWLwqZQoiDi9Uw482xDuxO0bx
-            TeFtekSCZTV7Mi1EdENb3J4UdgpEsviFLSsK0uSnCPkHu8MteS+FiztxusgHtH5f
-            YVhQhJ/bIp7jTheow5SZSnb+pRHbTq9GcN48k4G8l4YQZjbXRaYR0ojL//9yexCL
-            z2poLvkw0q59GgiBNudITIKSB0IJCcg3jDafMCJ8iqyBzwPzPHOL0oB+cYyMth5a
-            chufOtDAE3JEUJb8c3RXUnpIl2JScYV/IZNHDIUSpWOszCVDYZ9TUqM/+C8iV9Je
-            AeVg5jGHq5yGwhzhXgM0DJfFksCNvC6uyAJKpw8YRhNGNBt+pSvF38TMA+R1YPmd
-            yntweGKTK9Qjg4zpS0zwnDehJis/RSkNTkK66RsdVpcaMj47WOrvw3zGVqz1fg==
-            =A+L4
-            -----END PGP MESSAGE-----
-          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml
index bc0079d..52b8c15 100644
--- a/secrets/general/secrets.yaml
+++ b/secrets/general/secrets.yaml
@@ -1,8 +1,7 @@
 address1-token: ENC[AES256_GCM,data:2maU0sN0+blUbmZADtzpk2BKSg==,iv:7c+7QB2liu3UjKk0OiiwaYnlz2ysPuvhYTAsgMbsfOM=,tag:MgCOEcqQDIyNlLeTOnOvxQ==,type:str]
 address2-token: ENC[AES256_GCM,data:jZu02PAicI7u6K2P4YsXRmr9Wg==,iv:1Ry6+r8TL04Pioph8I1r0W8MU7UFbvkap378siJxYT0=,tag:Jk+RFCmEu93C3ULkrYh3Gg==,type:str]
 address3-token: ENC[AES256_GCM,data:9rotZe4tdPJpdWZMN8UMjksqlA==,iv:gVzLlM6h/+YXEi2YnJeShrczWc8Qn0lleRdJoPHbJbk=,tag:Zg59VaKgMysjYekfpbRvhw==,type:str]
-#ENC[AES256_GCM,data:pvNcp0qySk95V4tp8WmbPAICSoT5xyUVhbjdxjmq36bfH2wKpXCOzFlwQ5N9o1iY,iv:ykJGXAfXQ32yb3WI07VlILcKvIyXk07DQrGkuPzMazU=,tag:SRaT5AG4pwQvOp3W5SoryQ==,type:comment]
-address4-token: ENC[AES256_GCM,data:21Gy95axXTMPViM=,iv:bC1iHdVfwRJFVe2rANe8HJ4PKXFDC8XbJJzLStho22E=,tag:ZIKGbtG21Tu9vZ7up0w25w==,type:str]
+address4-token: ENC[AES256_GCM,data:q1z9P0zo8/66HZOVYv2sT1bxGsIrKSQKGcM3ouX8DaE=,iv:KJFPnQoGObsiLGH1WZFdhrg6cuasLBgbZ8sQ2jiFzEc=,tag:koqwVXnA+i27IkGSeEawkQ==,type:str]
 fever-pw: ENC[AES256_GCM,data:62cQ/mUFMTb63OY=,iv:RCqzwKEi7LdIegibpVe/WlTsREECy4xrqPFNini49Z8=,tag:bfmBEFj3zzmzfk4T7CfPAw==,type:str]
 main-user-hashed-pw: ENC[AES256_GCM,data:RbXaVuCd8+MTFwwRGK2aJ07clDOOt5msCsEK+384WLdeJz8fjxKJcwIsIUfqlsjKG1Ands9GINlFiCHXPFBRTjnN1ih20t6InA==,iv:pLas4FuJXz5ORvKqZmXyOp9RzKse/vUFOMbw3S1B+Wk=,tag:gkZ2C/Krf53nQiPBVnZ/rw==,type:str]
 #ENC[AES256_GCM,data:O/ceQ4r5sc3YS86n1yQYH40l,iv:Ak2QK9MCIrrT7TRGpyCTEo9e2VsyaeATWjCITqYI+7g=,tag:kcIDdMujWfs2IZIheA82ZQ==,type:comment]
@@ -23,159 +22,119 @@ croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01X
 #ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment]
 #ENC[AES256_GCM,data:G6Xk3eWNCSbuxzy91Yx/5ZGR2OgJHhJMnRWXwxJ96DW5K+igQjIimNBW90cXqs5iztjC3q4F/YUK2IStnqCgZQi1Gye2g8uHj+1Xa0bt5LKNdjWwwfcONxcKTq37R55sgMbIwdPqi2CBZAw/fdsXfKeDNz3V+7fKzkzX8EckUGj2v27TJoR0/fHjLA==,iv:la0FjH6m9ersNIEqcXmp2kpioL2kubzU2up9wJujDTQ=,tag:GvFW4wzi4PD9HdryfNQrwQ==,type:comment]
 github-api-token: ENC[AES256_GCM,data:jUruDrTBfuqYuNXOxEtFsFkeXW6UqPvFiVNIXHVeTBaDkELSmJnz3u80rdfuVhxmRlFg8/ApiiBCB5X5sd+6Zh0JgH7mbaxVe+lta1m1wiCm1fWRBkDOuEoHt7p4pVbec/LUJOyvhWzcTcWTtW1GT96DFxKHBt8v,iv:WAWIck/gqZD6Oq/2LxS7YCD1F1FfCq+ZK1ls6sPdJQk=,tag:VTfKIICDvAsVN+7Fx4o1XA==,type:str]
-#ENC[AES256_GCM,data:zoXRtodA,iv:sMz6Fu4fcWC3QqLsJlxRiEV1DcYjdvemP9cLT00SOMs=,tag:36kstVjfCHVIyw6kMTRxfA==,type:comment]
+#ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment]
 emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str]
-github-forge-token: ENC[AES256_GCM,data:i2c9n5+0Ij7lag5tepbrY/vOAvRQpaY+HiuaT1WzaAOJn+xZGIOUSw==,iv:OHZCJXbNpljnpH0IObVEWc7VSB2AB0OlSCDQJFzaMl4=,tag:ExyHhfBMXiPcmDcBGRy5Yg==,type:str]
 #ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment]
 github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uabyDbGDGqfRUllO5DVSbZxO+A==,iv:mcARvAyPAB9pyCGFy2A/6qeZbSepHyWVNyusaQ5ze3I=,tag:o7AP6g8XHkPUaCnXK3CFig==,type:str]
 #ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment]
 anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str]
 anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str]
-#ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment]
-builder-key: ENC[AES256_GCM,data:OOoA7oRIFJwS48qs42WmIXU4vLTQLRi6Nzb6IUNXAwnj7E9Q/uzOnmJ6ZihqUr3uP3/kqICdZqkB5Lf+lwUqrPmGi8PH8c4uq3L9ZVQyRTKRWvS5biYRMd/NI1ACRevxFJygKZ/q1dH8Cf++m26Jo9On24liepQbogwIctmN8bLXuXrUYVYMcLyGb2W2uznj5Jtwyji87S1xc/TTh/IOFexPY7yAnlwSZ7IoPTOj8o/00Hny8KIwRVf0uLBmtarIS8u4kfjkFUN38X9xmzQqhITaZNRmwerb3JDbD3SYapfsyeLzkzVgsDooOniCRehX1pg7KJu/qHnFM8t7e4qZe9u4PZP08aVAS3tqChuG/Nm4fv3vnF0SwctGQsar2HDmby1IXAw3fSNCW/v/l8VY4IaRX9s7e6c95gd5NX7/CJ2CJUDb4s3e7U0SkftOUz/B1zX47xBHSibZ2Js24N6Tvq/5S4OJFwryvt57Ed+cY+zSROlJwjrTgaGcuwH3MHLfHJlA,iv:2RpiHF4b7+520UJcHVobfJs165EjgxaTATSyOx7HJik=,tag:tGddPi0YeO3E0kHl+E7uGA==,type:str]
-nixbuild-net-key: ENC[AES256_GCM,data:aAa6iyZsjH1sAb6ucSPJb2R+QiG2bTj46Csnjg58+2ngYdfuim6SzWEid8IHJV1+M0s/hVTbZWiPsU2KQ+JCdJ84as520avxs6I0URvNx+VmFi6DNGbBJJJJKdTXIKvtmLHqHobs9XtIHahQKoyUpXiSY88DcwAt4e2mUTa6olgrDv66+/fEGeexP4S7AVB0wYeegyMgWODRrA9gS/YLMxMdqk/VHuwIQpWkhxX+AY8mXkx7LalxrbtV/24qdNtr2GittrvYBAkYGWAVZYotBVKjaWVUVzqF3BU+wmg0c56OG5qtt9eD1THAqNauN3iIfUnV301S+TvVtYjpy7gOj3WzntO/kh4kD+7FnfleLXIVSLgBRc0vHhd+7HKKtVRnAINyPkyjaBpnnBa4cksBvHtI0uis0Pi+4JtObD3m+5dywTeL+HDQfHwu+7CgjvXHQYKvEaJ8z6alyXL88Q6uT2Ikaoyrkpi7OJsuIBiNbs5YzRReSfLVyepm8SAtA8UIwnMiTtgFvwGUEW19ne96,iv:2HN9X9CA1liWuY+LYqTCX6Zy3xARMS/TOL61r2UKsE8=,tag:XcPBwYrQjqhexI7u+0zXQw==,type:str]
 sops:
     age:
         - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeU14bE1QWGlneTBhYXJy
-            eFU5WTZwVlFXTlFOMVdmZGpYNkdMNFk4M1VzClhTeW8zdkRzcUhLRkpKdWxCZnVj
-            R0JaN3RvYk4wTjMrR2JzTU1taFE2blUKLS0tIElUaEVCVDNGbGtCZUZTZ2hwNEdZ
-            ZlhHZDBROW9HQUx0RE5KSlRFNkJVM00KVKIC6Il9Vq4lwNS4Va/Zy+EciImnjEE7
-            uK9asNYPNFLWOGH8WRUYmcsDGupKBCtSJszd9+DoQ28nWo5f2DjHAg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSXA5YnZyQkJrUUI1UGp1
-            TFdPZVhTS1RwNVJ6SVhNeWV6TzhMTnZJUnpRClZuRWxPNXdWUk9GS0ZIUUVsUVdJ
-            RFNtMjVQVURWVW9iQXhWblFRQTYxVUEKLS0tIExFMFZ1eUorbmxCeGFqV0lEa0ow
-            c1VSTjFXVCt6alprYlZaZkVCUHB5R2sKGrXDZrwhZ/IZhX5EheYrM0nBMrAvzKRC
-            o9lLy+KZg/0JTZFE9iz+lPLzzPBVnrSXMSC79Tj28YKTR7xOOPTBnw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYzAyZG85d3hRaUJrajZT
-            R0crcFJNT1Z2YjZEU3BuZEJwYnhleEZBMGd3CkxnNGppRVhqRjRjbWlpaTJRdWI1
-            NVpiNVBJSW1OTWNMNGlRdFVIRW50bjQKLS0tIEQrVmlwdUkxajNtK2ZhV1l0ZXBt
-            Vnp4eDd3Y0RrUlhMbUxNcFpsTkZ3UGsKv1HuzJH4rm1onXAlV7KO0MLNIxndRVNX
-            hFFSSV4QelNtjdEmqYwGpqAuILRpZ7g2/wMLVMMQ7l978KrfL5BFZw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRlNiY2ZRYy93SFZqWlZh
-            Q1NaUFlmQVhUMVE4bVp1Smw2cGNzSDJjQzJrClFEZ3BKdEUzVTZCT2tpb2NHNGVH
-            RzR3SzhvbFNzNzB2eU1oTUZEUmlsUVUKLS0tIEVzTlRodkZWOFpoc0pFendwS3dL
-            YUV0OHJiVDY5enhUYnIyYUZ3RG0weFkKIW1K8NVG4M/YvrGYwbGL6IyaV6dX7qtV
-            tFd57d/A8A3vugzQcMCYvRuiEl1uqqId9Npof+GdS//8AhGeH/LOQQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TUVkT0xrblI4V1NXVkl3
-            am1FK2VsTTMyS0ZqT2lzTG1NYTdkS3pvNFV3CmdzakU5ZnpJdEdncEVFcXBaYVMv
-            dE5aMXlzRUVtZTJQSXJSWlArSzBtZzgKLS0tIFhxYVFWa1R1VFhDOGNyZmdPc1Rh
-            N2VRNE02ZTNxUDNVWnNMb0ttc0JEZzAKCSgy9q357fSjSjnivOEgaNmhocNpzaPK
-            TIzJqTsUoLvGBdpXa5bNSe+guuIZgZfm7PCohyKrcm1AUhFJOWZ5yQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEVyV0ZwSWREWDFab1RB
-            VFczcWxkckk4SkVZU2Nlc1c3UDREaEpHb2dNClIzN3hsMFgwT0VuZVM5aGFKcmx2
-            azNBeXVrMGJyVmM2S0p6eWd6VHNPV2sKLS0tIE1JZVRWWTFnUjYwR3dTZUl1aCtu
-            RFpEREJhRVBacGEzRWhCY010NllET28KqGfrDBjMUogZLG8oGWxUi/J0MNql1Wb8
-            vPbOdd5PI36qAjxWEoax/WMG1LBDWxgJJva5VgI2uNoQtpo6rWHTeg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz
+            THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4
+            ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F
+            T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh
+            EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlc1hldmx0cVJaQ3lkY2hR
-            TDcyQVJ0ampnWFdva05YTzdNZHB2VHdkR2trCmtMaDJUSEhPeUZFS2dXZjRSUEY2
-            dER0T2N5cFpNSVNtVDBtU3Avb1JwZmsKLS0tIHhJY0ErOEhUMkNjTXVCbWFSeW0x
-            WmhYaFpXVXlFTWlhNzY3eVk5bFkvK0UKVf0W1kcQr8uHyY89KW5LfZxkb5tKhsEj
-            H8SwJ2pvLuY5aRudkmnbXQwpF1i7oL17DWKcQI8qIZovxtdJqovmtg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ
+            YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO
+            UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z
+            Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF
+            MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweWlhVGhyMUR5QTFlcytP
-            T1ZMSEkrbVNjdGNjZUU1VzB0Um52S3ZNd1FNCnBjRzUxMyt0VzFnQkJTWVM4YWw5
-            NFhxR1dZeENndVhkU2lkdmQ5RWpoYlkKLS0tIDYzK1pzL29jTXI4SStKYmRWQjBW
-            MWt4NmhOdWlOckIzejJTYStnV01nN28K96etySWmQwVux8Xdo8pXFmCgT9qRq4ZJ
-            X1Bl/iIKZDkeFSZjt+wunABbgG2e086xUFsiUvAXclVKBEnuUf6RDQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl
+            ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz
+            aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr
+            QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9
+            c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RjhEVkNhc3VUcm9zZXFY
-            djJ1QXc1UTJTUlltNHJpblU4TU5PQUZXM1d3CkUzWVVucWp5VGd6TmFQQ2oyaTEy
-            c21leUY1Qy9hMm9KajAyOWRCNERwVkkKLS0tIFlMeEFKRUZTZ1U5OVBvOGNpaUhQ
-            WWZPbWtyYTU1dFRoSWw5NTFRTG5IbzQKyDv4/mBPR8Ev3cGrHzHw/+nGnw39GkB3
-            YGjqlKMpfX1Y8BGlPRxCVRH0c+iQqEBxdqVwOQDC/njKGcMXMT90tA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5
+            cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n
+            ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo
+            cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH
+            rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcElsLy9WV2NmNVRwTi9G
-            YWM3MHZEYUdLMmI0NENTV0JXWXlneU9iOFdJCkxUWE14ZkJtUUF1VFNFcTRRU2hj
-            YmRoUkxJcStEcFQ2eUtPSnEya25xaU0KLS0tIHlweHZlTkovRVEzNkl5ZmppeEI2
-            TTVQUGlaZzB6WjhEeFp3eUdzMGJIVWMK5dQgr7YfvilutGW5nieHcsyTQu3pxzVF
-            gYoCAmKUESrmIubSPOD0RifFBQTFObHJDU5xiDC4a+vampqH/5uOTw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s
+            YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ
+            d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D
+            RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP
+            OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTzhUM3ZOaEdoT3ZqQ2p2
-            VjBvS3RrVG11ZjVnKzVmM0grTlg0b0RKNVNzCjZhb254b3QyUHg5UFppc1o1bGZZ
-            M29yZDNvRnVKL0JqQWoxUGNKNHJXRncKLS0tIEdYWGQ0SmQwT256dGsxZEhqRGY0
-            VThvSXAvMVA3cW9qMW53Q01TdHFtZm8KoiRiL8tDLUJeLocbRIfnGWuUG/0Up5pp
-            exdFlTaLNUej8UT7UCUPZvvYN89Zq1ea110xr9Nim5zzFBErJfRPKA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r
+            cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr
+            RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK
+            RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0
+            MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj
+            bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX
+            T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj
+            ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn
+            /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVZ1WGR6NnJtMC80STNH
-            dFZuRC9jT0lDdGlSWlFIZmJCUEFDanNib25RCm00YVZyakl0RkRBbUM2THNaWEpC
-            K0JtaUVtM2N5NEdyeEtpTDUyTElaQTQKLS0tIHcyN1Brd2hYYTdIZDNoeDBVMjZH
-            NS9yV0dlc3lVOXNIS3dVR2pmYnNwVjAKlbBNLNA7Pl7tUg0S9X3BTICkbehkmTP/
-            mqVVce7F1Ml0dXi0t8AsxK6HyrR14ZF3QsFr2q9PgQ7qnLv9o4xzUw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr
+            RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0
+            ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz
+            Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ
+            X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-01T19:57:43Z"
-    mac: ENC[AES256_GCM,data:2CLFlduO1fsxtvF1fbH18kadQuawMwIYEjsJBvZ65tecIdjT5efPD07+czmysKWBh6FQuVPL8a3uVlqT2WUW57AjQZtxloCMAFS9m2S//I6I8GsLVccGnmudiHUdXFnt+gI1gtb6ukZMEps4m/LSqUHGSptVwqrIN2gBM6Yy9Mo=,iv:S/crBYhr2HTzMYn83bK2YYO7kwfDspF0gvkoiuI9J7o=,tag:+sO+jFMFGZSsCb7PGnlUmw==,type:str]
+    lastmodified: "2025-11-03T15:12:52Z"
+    mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str]
     pgp:
-        - created_at: "2025-12-01T23:06:34Z"
+        - created_at: "2025-11-11T17:51:26Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTARAAq+50+eWOM8TOM93JkwnSjUFLjwO17fT5jfBwWxqLRULp
-            SgO5pCfJSCr2xFgzcuS40+c/ewP8NHwI+S8Mu8lcJ6Olyx279QyZJxdKvVba46Ti
-            7Dgb31UzMQKjjOW8/nhf0JFIq6KH5HUQP+LmmQK59VEdoEnz4XYdxq7mGeJQsn26
-            E0AG5UvIKjjSrZQXbx8zojIEwE3l1t7Ipw2oTzHCalWf5at41cXyWmfIzomWHElC
-            XPwO8mjcBY5LQXDeTu2Xv0mBvFzXNBIFaEhrdphFxJIvpfl1FLefK6LKCDLhQtal
-            HNDBziTORUAnvP9JiIviSr+OUhTHTkDqSMYE6SD3SFsvQ/nArQHRin/FvPPNMVhU
-            TD0yec1VgXTJDJGe0jq+PiWNTwwnxwSRmKdXutp2DPEuv0amRGVOkeAJNSQPADOk
-            ZUGBKqjr+trvcKWReCC+gi6jMTP5N7rpjemufQ/p0pOTKmPeapTcWitqtRvAvGQ9
-            +Q59sDqTgG5w3oSAnvboDwITFil7Pr39Oiwn01btDDlGXj0+ieer1mHOT3vI+NPE
-            LSrFqUa/kMMW4+zZHGlwMoNHZbwLWHGX0O0KZFKauht3ypSsjrJbOeBIGgAq57S/
-            1U+oerlPbnCCrUTuP5Mns0Q86mEbOmQQyGMgfigJ0zFkMOlO3306T01keUv35giF
-            AgwDC9FRLmchgYQBD/4vNejy7yGJSxzL9ouoEDqEaIGx1+pzzAyU+P0GYXV4rwat
-            P6YL8a0CikYLdkjgUsVDfFV7/Ou2Q1aPBn8AGRG6eaMlaICYK1UX0xiP9196dENl
-            qxkm3zQWCfxAkgWyUFernSzzWeE1z9FgEfrTOqKaETprFVxxv5tUKVABcXHSPNqD
-            hYqllb8tL1tS2QrqvxIOcrL7KHAnRPhHimIFeByNN5lN81Z3hLFRQ1Bl3LwDPeF3
-            /kEhVjmGqzw2jEkH60Am9I6xZ2nlSimF7Bi4pcu6QCWhN7PMwWEyGxj+Qu8Osr6F
-            3ab4M2vkyTZyewUGsn9qO3CcPAHPxyvf+pyV/q87ejuE2e4wR8LYcJnk8BOKsNRJ
-            m3sJffhhmB+f58HLzy9TwvaQqMno+/KnbV118lJrdzf8iCJrlUNY62MEjBFo3QhQ
-            2rc4vJXk9VINiZlHW3y9ZXV+dTus/gHKjN137dxq/RPU9tf/1Y3Ow407fDu39DT3
-            YrAAXj3jfEK1aoTtHpLZAp563Q99NYyBQLt3C32X9YZb4VuYCXvGsi3kqjdQl/zg
-            ZxUVlB3Wzm1jhL2KPOu1SuPAT9HLwu1QdDw+kw050DNBWgeLJx9i8/U8LC05vF6z
-            VWyozdZIdIfAKnMrFOU/8pJ/lNYb6pXbIYwbpSIDslV3Cj60KWx7X6JgVUf6d9Je
-            AQZ83SkdK0sBXS3sfjwCewyY+ta7i8zWYcG8KDbW2s7hxRb05u2nYKhJZZJ5xLcK
-            eRhg3W/bMUWk1bYZ+Whz77uSIC3n/mgzIlsaRjMokiX9i0a1jXVyH4LEluPO5Q==
-            =MgE6
+            hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw
+            OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9
+            brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf
+            G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ
+            KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8
+            nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu
+            cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D
+            0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi
+            6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio
+            2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j
+            GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF
+            AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD
+            PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+
+            ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi
+            R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J
+            I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy
+            EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/
+            24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN
+            fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL
+            yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k
+            PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl
+            XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B
+            u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH
+            +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z
+            =s+4A
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
diff --git a/secrets/keys/ssh/builder.pub b/secrets/keys/ssh/builder.pub
deleted file mode 100644
index a13b0ed..0000000
--- a/secrets/keys/ssh/builder.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0y5NPuZhHPvXUJANrg8JQTSq2x4dP5YNIsN75PCS/h dgx
diff --git a/secrets/keys/ssh/jump.pub b/secrets/keys/ssh/jump.pub
deleted file mode 100644
index 45355ef..0000000
--- a/secrets/keys/ssh/jump.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICFHUnLmDa9lK5fTTPERGp+xsGAgSNrRE7/l+F/C4vyz jump
diff --git a/secrets/liliputsteps/secrets.yaml b/secrets/liliputsteps/secrets.yaml
deleted file mode 100644
index fb6586c..0000000
--- a/secrets/liliputsteps/secrets.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-jump-key: ENC[AES256_GCM,data:JLGy1LiNMjn1Kz0NmLYyiqarAj3evsoilCmiqXMc1JeZiFwLYoPiQjLYXg0b4Z77O5g71/OjRwKmocrLV3VBxo0rbw4rpnljGyZ8ehc/kyvoFQN44yGF+6EkKvVn9I8qTzwukTxCs4H7JgsjALAL8a4CGEowfXJlmZxk/a2SKsTr8qPB9XbCsUwrGBpBHa0bjIb52B/srXvKBfPAxIbWNlWdXFKuDyVJ01WNqlADj2sMAGRvI/X99o/EhyKL/3lMZ1rbSzq+RDlzKd6RFNyLM9751WRIc3xT+YHS13MYgpUu0B+2tKqJLXCSoGbRRSYlBw99JF66ns/fB3+Z/KnpoUGGfRN3S1orCnXkTp61UO8zskSIwU0MamrKGL8DM7kDJk1QLxTPU3usBZPXasTOxK4KAdOYo7nk8OvoZKtNj9xci6R9jeMfSh8CycKdxvcqsOw7vVeATUAGrml5Kf+/8AjYZdGdt2EiFL+7o0e8NgI/lkbiFzNISLBc/lrg0rk61pv/,iv:fPbPAptt3Gsgi7v1xCCHRClSJOXokBsvyCuLz/BoGP4=,tag:NhzeHRxwhQNI9HUFwLYMYg==,type:str]
-sops:
-    age:
-        - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJM2J4a0pNZFRXQ0VjOFFQ
-            YVJIL3hFVlg0SlNFaXRvbkxMV3RhZm00Umg4CkszSnZLTXBXWUJHQTlmRllQRjhi
-            OENYMWRaVitPOFAvYXpJMFFYRnVYZ3MKLS0tIHk1UXhOL3FuZjZWNUxzNFdBT2E1
-            R3MrQ2IvVWxGOCtkSDBPZWF1dWdHSk0Kz+zJhpJNmHHj6npV6tQ+n4F01A93haSm
-            nyT+MAs+VxRlRNNbAih8En2uxRlzSHjFekrLLaGbVYTrRtMfLiKyvg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-01T16:49:44Z"
-    mac: ENC[AES256_GCM,data:RIz594CVnEbUw3Zugj+WO82o6yqOD4JwSFzkqFOfd0M+LOFM68tT/14D7vxPitXEPqLvJC6MHG5vQ61PgU4fG9JoIEqxjvq4AAYmSdCwmB64MCeUIr+V4/fcYrRxuRyiXC79z+rJneO7SkGCX95pfVhGjaLftzSjfiNPPsC5pps=,iv:D345cMUSPCGzrL9uWuDwAkAqz2mTvVTL3QVqHesldGk=,tag:HkBF29S1c9g68aKKSYSWhA==,type:str]
-    pgp:
-        - created_at: "2025-12-01T15:59:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAwDh3VI7VctTAQ/6AsofKCzZ3PjJRHeHSt4XfdIVCCvWScjT1JuvOnq2fXIO
-            ZcgXPtVoDvd5vSv/fZed+1WJNRpiuNBdmD8cj7N+XqJotgCsQt3HwROCD1UC70Ww
-            cyHxh3MyukexrO/uIMbQ6ugtIHPVaeC7XyAOugJfHFWZG49aW9LYDkPRGluc0/zh
-            7X/p+hZFLpljfL/qdZAakBDw2V0+yt1+5JW5V57jIXRX62BRSFoHqLrasHjvDgyX
-            h3ktgaIeDL+WssV7jra0oetGsXOL8+GPpo5PVgWONrOl4FBBS1qmNRAbLkJ77KVN
-            bBDV6Oy1DLqYvv/3UcqWy5XW9VxepEVsAaR+gtLzemMQo9e+qBmhE6tNR6Gvi0y4
-            WmVqUZL/gF38sCHoYDT7oWq1cMJ7/zT9Xz5AXgXXSbtBKaxZAFs6QwZfw1rW7dj6
-            Is1lXDNCtprsvc3Kxf/R4hHWT5nVFJN4xpKT+epLnumMA1YvkhWx0uziiky4ZH+6
-            u+RkK9YZYpGdIYPg7ZK+xLmGLU0YwdIbgiyyH5Jo9JJcqgS405ftAe0iyQjHpiU4
-            0b9JvGMWPzJxWvi8rzwYcI/cfd2n7ZPchTT7KTgva9xeFbn4g1ZOlEKOWg/ZoBr4
-            WhpI1SPS9kW0huGXS1k7Dsu0GzRBmv37AEm2mVtYPYwsK0PYLKfd4XGFQnrL0euF
-            AgwDC9FRLmchgYQBD/4jbW4xGw3JC4OLE7o+GqOoAFz5c034IHiEdgStYNx1RrFm
-            m4lstvzqUNL0DFyYdMi74iBtqnnFc+KymCTxiAlKiJThosMbV2sffc7e6CI/z9/Q
-            dsssJwPhv5h8XTbDSeGDk6gEr2kyKV1+9UZky9UYASHii4uzonofnV0RO+PdgTPk
-            mp36YufsnW2yVuKpsbCdMddEXqyaSYuhsU/bMAG2orlWFqqp7kyaARNrdI9hBnYQ
-            ITZTM4pPKQ334qhqUd/JYIR4luBbmBxJgTWSe5VqWqshK7u1aHr2mfXUip43+5hA
-            mxNEp0bmR0SnczKcxiZjZK2ZN+fBTqBnPQAxzCgsBjWrCd4a3CzIDOR/Uf3rEx2W
-            ccDJWRFI+cSpjLps1BphJvgkFjd31XcplLR41R78h28Mec1bE6xHMi21XUbGrITy
-            IuOmWAv4EDwRQtnfq+9qJ2DbmA3Ldo5pNPhldH7njET0TZVvB0ugq7EIvKxiNmX1
-            kHcq0nV1udSRPr/ta/eHInBD0VbVwNhk/z13xzPGKQVkhpcgy1dJj9FeJnUXqzWt
-            7xvHCqeGXVo46YeXYXglxUvEzBtdTGdEC2NTntEGhX6dEC1gl/g1VYcPfJJlk+S4
-            RENvBpCa1Ji51ix8L6u18jT2epfbxcZcSFS/0Nv8a0IUktvOeLe6y6jdYJHYPtJc
-            AQk4Y0lgOBoqiaNtybNCd8c/rO/yQ8m+xIxmiyyghjmPGWzEX8fHrR9fE9TVY0s3
-            8iBJVVDZEwtiLiELlbce0zkdCIH4UiyyEovhP/EEwxF8BrnAXo0NnVzcDGI=
-            =2NIK
-            -----END PGP MESSAGE-----
-          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/secrets/milkywell/secrets.yaml b/secrets/milkywell/secrets.yaml
new file mode 100644
index 0000000..1177071
--- /dev/null
+++ b/secrets/milkywell/secrets.yaml
@@ -0,0 +1,51 @@
+#ENC[AES256_GCM,data:VljHjyZqPvnVxhuoEMhGrWA=,iv:nCHj+sdhAOJx37fGFkRzfrK+PsEP+tRELBhnP3bfoIU=,tag:fH5QNt5TeM3K4nXkeIC4wA==,type:comment]
+anki-pw: ENC[AES256_GCM,data:TR3roG7I1213Lj8=,iv:bK3WIC8Q4Cm6cccXPFx4K25GRRUq7Le6bEAVdEZdNPA=,tag:LLC/agUxZT0MIKxk+TSevw==,type:str]
+#ENC[AES256_GCM,data:EUHyFduvRqc=,iv:RHW3wsx8P1V4hkwnrl456qMgi9uz/1qoSOg5AvqwmhM=,tag:p26hGYMn5fbuNJ7Qr98E0Q==,type:comment]
+kanidm-forgejo-client: ENC[AES256_GCM,data:LuOFq+bj9TIbaN6Arz/etcjEO0WnjswJNw==,iv:eqACcjjr7usTl7Dv8HTqH53cHDa0+HV5IYN8Rh5aChg=,tag:upBfWOUOEoZRPgUtlMZE4Q==,type:str]
+sops:
+    age:
+        - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNN3FrdkRTeUVOR2JsRWNT
+            QTV4bUw1TXN0SVRnNUREQ3VxNzdHN0duS0hRCm1FTGh0a1UxSDlLYnNxRndWNHpP
+            Um51WDlEZm9SMklXWDhjRFBRRHRkaE0KLS0tIDlkK0xhWXAvcTZjcmt2TUJyVGJ6
+            cUUxYkVGN0hVZ3UrNHdmSXBQbVpkNTQK7yfeX133PekxsK/2BXxsx0pxmWBcZkZY
+            UO4ZHCcZQQKMg22BY/3pPz/Ui+uUfZ7AIdLjQb6WQvUbmgz5Lb0M9w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-09T13:41:17Z"
+    mac: ENC[AES256_GCM,data:9SntfZTrKnCMwrQAncIcGO9qPXM4PT+ZWnmk0F6S0Lb2xx5O35/i39P9vYN/QMPMzKc5KmmLCzhictWvBE8mr4+17pfJBH0KgiAqaOm9Vgy8Zg79/xH4fCia8bwYDfKe5uNwvRwknM3u5/eXLNcr6MnkDspDYTusXhw/qTQav54=,iv:P+fHF35oMNP24vadFA/rAYDm6n0ieAMB43ovP+7vJCo=,tag:4gJqIhqRg+3P84aUgRIPbA==,type:str]
+    pgp:
+        - created_at: "2024-12-17T11:38:27Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTAQ/6AvUzw5v7J7zEN+rBs6A0CkOD4U9TG2akgch7eKkdKSB8
+            FfVOheGz/R4IvrCx328yonhx1c6oNdaKE/zlQ4TZhzAiuKcPmAjYogi03OeIsPoH
+            X58lN44KrIIp47UGD0gPSfLDVjCy0M6UoNhXiYaDcvCngoQQT7o8KKPkqNCMK3Qd
+            yomU6Te4uO9A635z6N/dUeO6vmHK2Xt3ek/AaVdGbhjPzcLRq2t6vfsTT+fP1gLZ
+            V182+fPQ7aftyH0zuNCXOxrd2VbvCY8cmq/Sqztr7V/k2Wr1V2G2RTwlYo/VIEgL
+            35Vpz0YXa/aUk27Ifvy40zscK31YH/N3UssgsCBzUHGl4JsbVntDtUrZmU/3Gi5r
+            yvz4icX4fXi/k3UyKxRcakfz+L5Lh0x/lI7+rCG/1AuxGawKxGBuBZzA4gsRNV8o
+            va1JzdxMvMDUkCx/kKCcH7Cn4vuDzmvhoLiATqWyMjjNSiBwaDL0Elc3Zydt9Y7B
+            4ZKfeYW3wPxXqsqoxfKt9X2g6UYZZXSWoXmgcXhV66uUr66aPp2qqL9p47Mlm1tp
+            TpxuGYbtPnTCp5XT+AUHzUv4oFzTt0f6cpr82og0mOjOsy6huKZzpEC4O+QV5tX9
+            aKbmSplCrcuUrELxqy1xec45N1lIHS0r5+BkIMirIrUwMDEgmkP8lBkVjyTr6ViF
+            AgwDC9FRLmchgYQBD/9ISXYyr89r9L1LchFKKSbffMn752vbUULJXa5/wY9yl3ad
+            jh9yLY//4Z317zMs1JjmVubjiwufYZvDEnHmZYdsREXzrpDTjGzdq7bg0pUp85rV
+            VXzX/1ZpQmYeCu6/DRSSHjGxbxWa5he77WtyKKhDK/uasHe6GFoSJTdi/I+/ps3K
+            mC0Famrj3QlC1G1RbyTMNUzUJO3+ggVdaDJhUIQUhQ4mYk/7p9VvmYbXUc49zyBY
+            tmkl5ULEfvwuYaDZumlfCtJwDuFBPVmZvB9c6pT1x+HD/t/+2hwpozQS88Kzvuwx
+            6MblAjZiYiA0n4tteKjELjrQbmCrz0K+/euJi5DeIspAkjzJKac8/R6poVcDPuUk
+            OlpSe2mSJDyXjpK+zS46412eIyG7FtmtXscCFaru5PKU+7PCFWkXY0gErEZEyi9Q
+            LyrKhgsKAagaNhh87Ar9Sm/NKjhkRvgqk5lHkDp13hl7y7PX9qc5/tJukK0DIJEG
+            08KGLjM6+vudjRJA0JljBNeCnlDljwcOLKNbxqVzeNQFLH7PVjOzC2O4QLJTxlE3
+            1QmPnVBewqfz4V5oQs6su52n81QTU+ywFJfhMjCr91+pqpZrh8j2fo7oMhHmR9QN
+            VYCVE61prZzV5B6rylXvk1aqyy9a1WMahBImqtsJS4xP6avNqXN41fog0B7FA9Jc
+            AexORDzza/Hp0SeiV4UQZlBpJ34HrONUiSUry9m2UZ4vbFAxBSXZdt6CVpBGHvCR
+            Dl4GxekAxaiaj2hvNNXJaVMupsMYpOCzyuUBayv0BFouCuaIFkoqOK9tAy0=
+            =pG8D
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
diff --git a/secrets/moonside/secrets.yaml b/secrets/moonside/secrets.yaml
index 08480fc..493716d 100644
--- a/secrets/moonside/secrets.yaml
+++ b/secrets/moonside/secrets.yaml
@@ -1,6 +1,5 @@
 #ENC[AES256_GCM,data:HCHFN2Q=,iv:Z3tD7Hn5eudPR9DuX6etamkpNnYB/NRYGppWdyuUDuM=,tag:tbuWEFDmh4HAyksOZOihLw==,type:comment]
-#ENC[AES256_GCM,data:cEw0zCAIF5242UDWZeHCxNHVWQ18mnmaRyjd62orx2P+uq9fiaoDP39ez1Y+wGh1d+FyyYUlh2l4,iv:TfK44vaoHmvShckrn7ztRvWnEUftaMVNNf8O+c70sS0=,tag:/fDK7VrkBLrcWfbBe/A4wA==,type:comment]
-acme-dns-token: ENC[AES256_GCM,data:qajr+/1OpVno7yyt1z7cXuSFqjZ4aUW41RP6ww1ZxJ0FhZQxhF8OTA==,iv:8QxdzLc7T803XB0E7ZeVmSLnkUQICZP0Jk1zpoWjdqA=,tag:xERubWmq/vxwFk5V59o69w==,type:str]
+acme-dns-token: ENC[AES256_GCM,data:lW/XJCHwApvIofSZHL5h7AUPISjARfmDnpSnprDBHQYzj0u5ZlZS5A==,iv:/y3gjgC9AEU3r+l8Uq6P7DAU2C8i+qTQ9DP4t0g8ZhE=,tag:v24WRudw8NB84b3XBFupHQ==,type:str]
 #ENC[AES256_GCM,data:XdLlonkGBN0b,iv:wimLW/7+a4MJCVg4zazY0ogakxXjdyPNZmZt0CzpXao=,tag:rg7FEi1qaYMkCXX+dwjFLA==,type:comment]
 wireguard-private-key: ENC[AES256_GCM,data:aBQSwDyASfVPhU+5/yT9P99DCEfgt4SvhVq/aLe+AUcXwSqMiI2DkM5THO4=,iv:iAW/OUihMXHoQpX8pX+f/mz2nclj+n/ygwYxx7PVxnQ=,tag:zhlxjoIkfa237RoFNblszw==,type:str]
 wireguard-home-preshared-key: ENC[AES256_GCM,data:yr4vO9Bn+3PJheJHbeNRHu0ozCkgxCGuKBJnb/3zzHVQAsI7GonXXQxFjBM=,iv:1r9QgfdLkXCtrRS+/2+f251FjHiAm9nf/Zfzu+CYuws=,tag:kWiXCTfj4Rrzhx+SpSp/dg==,type:str]
@@ -15,10 +14,6 @@ microbin-admin-password: ENC[AES256_GCM,data:+UyWJAsQ4Jd5iJgdepJ/m9OvkEewLKQz+A=
 microbin-uploader-password: ENC[AES256_GCM,data:20QOWTMLS7iTS/Q=,iv:EuUYcY1l4ykKjWvCA0bpXPU0033jlQ8qjYyqSuLAQl0=,tag:Ka5gWBajMdeZS25AajToiA==,type:str]
 #ENC[AES256_GCM,data:ZnMVMv6M,iv:z53BHIVvMUfYseftc6DTU9Mlb9ywEvNHv24TvIZiMFI=,tag:QdeWjrw0pmJsXYobADzA1A==,type:comment]
 shlink-api: ENC[AES256_GCM,data:XdfDJMjyhJyeqVB4RKgCdkWT2nYC/Pw21D8H/JzkGLuwGx8Q,iv:zucJGNLX8018gD34NL/BwTe0fPFucqpBtMCYXd3IGHs=,tag:/sN/ayEhUaCPmu6fS+mMHQ==,type:str]
-#ENC[AES256_GCM,data:R5mm4WAJww==,iv:6Uyb7Qtl6vt7nur/NLBlrVtKoPkF3ZjXdAhT24HW/ug=,tag:6X9b1zZbpHoEZmaYb9NQSw==,type:comment]
-resticpw: ENC[AES256_GCM,data:PcrDphqR5Pin2hM=,iv:lnMlqwyCvbH75qbL2eJYblmuFOaVMmbPHjZ5l0n2Glw=,tag:YUxadLufJ2VPghLded851A==,type:str]
-resticaccesskey: ENC[AES256_GCM,data:DOp2cFy1Y5HyXcsQ5O3nsrEOQBtlQQ3P8Q==,iv:0X6HF9kbPNDmhtENHgFeOSHln6xlCf5DNJfqavucDWI=,tag:+THGH00yBT9RhvJtENco2Q==,type:str]
-resticsecretaccesskey: ENC[AES256_GCM,data:qpPTWx16Z92cup6ACh2KQPeIk8KPasQB4e/SwxUxfA==,iv:EqWTKXXA7wyArlF+D33tKF37tz8/ORsjsWjRPYBWPqg=,tag:F21+4cL/cozDIene7UQcyA==,type:str]
 sops:
     age:
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
@@ -30,8 +25,8 @@ sops:
             bURRem1aY203VW0ya0tZWUY3WTJLQ3MKonflaevgNP91G1cVgzoE6/K800kyG6BK
             Goe81HCYFfm86pzv5wV3/38j7fTZNeZnKwPFkMgEUueF1kA8J9V5CA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T17:44:47Z"
-    mac: ENC[AES256_GCM,data:h3skmRhVfBa/W6GB35O3sHdDLmo/4VQ3rgFbltdweDP+9qbQv+6tduRGknGiQjnyuaGGVyPlEOqfLKzYjP8Jsx+XnprblNfD75yiGckBFQaBKhd8l+hfcYVRNTrKCWkFUrYXIfCWgbrXNmq47SHn0+TBedXRw+9LoSyqsRdIJOk=,iv:Js2C7XfOD4d5fF+Otn7xJxBw0Nfh1cB7oLjyCrUA9es=,tag:4flxdWSlXyslNErlEFM2VA==,type:str]
+    lastmodified: "2025-08-12T09:24:55Z"
+    mac: ENC[AES256_GCM,data:qeBiuiK/On/NeMpjiCKeIvbQCRH0JcPFldJaTD+nHLtwNU+qpHX4y+dL/jTQrdSWxHV9+E3KmxnakEP91qZnycrSXhwSIIavNtXUP1veuv/JmHOxW6UxpJBJVDeMNe9k2AFQ3gwYEnXrisjvLDkYyqa+E+GsE7b82i3iyerpskY=,iv:jbw0OIJM3vr9SXkdAObc6JS6v4r11s6MPkg33x1sCvU=,tag:/BAMuCJgh78UgOXkTVkN7Q==,type:str]
     pgp:
         - created_at: "2025-06-13T21:18:31Z"
           enc: |-
@@ -65,4 +60,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.2
diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc
index b9e9770..d6641b4 100644
--- a/secrets/repo/globals.nix.enc
+++ b/secrets/repo/globals.nix.enc
@@ -1,50 +1,38 @@
 {
-	"data": "ENC[AES256_GCM,data:q80uSaX4Xyy7mMSskw8lnCagLIci19YvQC60/jqv1O877lEDHnHXh7DlK0XcWM6pa96mISk6zILfJk/eMxG0CyR12ryBlPHtzARmcpAQspD9oRaLKEuKDqvm57BmL5J5yItapJlBKfWQwQS/pEI4HJF8+xVrX8eTsMB+pBk/HsBLl7w1VU6Ob/hlEzyn8v5QMS+nB01v/61GTPuluslneXKnHC221A8ek2lyPN/D1uj6hXnifRsuo8DoPghe5asQ3VM8mOZa2SJ4NWEvWJ7V5SLbgPLvNGi0G+XfQ1kgb4qDSdNpBlCWY2hlqEquEO9YJoLjr9jNYGMysPtnmIGPEinGF5SLDLpQomph5krAZsQPxG/oTiB89SYN9hF5SuUzSHuuRJao5hVgWj4d/KPy/xjZ5rN9dOL7c35EiCuMViH+vsYBue1ehYSww7Y+JR49ho84+sSJeEHTdpnnhtogRxbekPawBbYs9w3gXx/pUhVGZJS8QqcNLsGeEvWgDGmfbsZagQHG9Mdib5wAVp8o8O318EFoptlf2TrRK07BS/ibSc7GE6KIOde31OVamVwfAYL0p5JopQNEDuW9YStMhDQa5YhfuRCrlZFteXqXAMh775uXQge14pwtETExTE5PxI3hBWKIqrb8XP5ke+j73cx4A0VsuG6TtXf7YfWohiuRBkcojp1r0FY12jzkCOstJ2DjBFBI+5u5dF0R6SbezQ9vZs8yWbYF0kICTtZ32cEWnE/pVgdS8S9CqVsVyflpjtM/DeedkpoLh9JtN1oKSDos7+SJA+r8/ilXIhRTwb7tt3hSBw0AFkZ/rnSHOGHTBRY4T5lH5IkOqOQqAqbH0ta6hhxPoDjKzj8R2JatCnZGOLzL6tK50w/Xm80Wtj0LxDmmzmYPxCRI14nUobeFqDi1aGU4jpqKUayUHZcnTVgfURtSV/lT5QrsXdTXt1k9ywwq+1oT37D8Irk6+gaSZNcI6PQG/KpBPzmeS7r2ubrKhwhVMNlwF0QxDGR3273+AD90rAZq9niuS2yJRINXs0pImPK8y20uKDiv77B1HSpP+CpoPlikGy4jAgCqbpyrUYyYUB0O5MMZ6VK4aLwJABsE12Ef+WGC8tbtGNxGTAGm3gxRZ3/iKNl++WKZWo3khVflHWb026iYqEl5oOnUif7TVmXGbEiccjos0QoygbEtxSqeN4IxxXg2QxRh5rbfxsFiURln6lhGhjUj7SrSnbRZT6o38xdhKrLqs1zM5ss6na/9W0rHel3wmy+Ocz6UgJ8Nj412EM2dwo/oQq3k0epRLOGBJE8f86qjQAn+GZXnq0pwGq8MijhRWJDc+4uBxoYLiHrFJIy9MvqNRgQ3QRwgMXDB0psnKpybMyHd7VDWmNd7GLopEfQEv/o6Fk53ZW6rLu6l6EdS9GuZONOJsjHB7rVoUl9qi/AjXWenzZYaDrqAY6P3lDWdoNZLmV4AQu+t4EIaMz1QjLfzeDhVG/v13+hZ7UbCIOtr/FQ6hfKjZ0A6l7sfLKcuerH5AwMs9/TYEcqEppfrcAKtBK47kJiB6Vnr0uVg13D3w3PlL/8kA54xuJzQUO3+ns73yPLjjhpqt52WfyzUmhpymzNo+3EPuUC/l8GWohvdNntb0rkx0ibJA3LirgGE1IQK6qzeZNkvXVHvY1pYVV1nDRWi3HlpsA3UCMI4IxRX+brFQqM49o0cqoE7CZPnEQR3UoUg9qQ0RJpiW3BlaIPUexxdgn1j9RbUt47zQsEI7+5gvg7EYLbj9ZPEJCxUH+UkukrPESHauKXPvI1EbbUncMd2sLyxn6IX7Zili26O9vON7PM1gL/Y1s25T3meBn2CqT76Zl0HjB2Mzh4XjuDGE01Agp4BETiKrCMprZB7+mR89PQywIyaJWS1mvDSmzbaTXk4VZVqH3lpwNC4QpaxOb1ZFjj80uPKErBZ4yeLKIEVaDW1fwQyjkXWjIwHhUle3AJgnAfxsM33fvxFucjGyc91FAJgX7IhTSATnjsf3dUm9FyW4xR4RXbJ1OCuZZ9C/M8LIHZSuXYNNmjOq0D7qUiCR2Lesth6hquHCnomLDxcPtzYlUlC7ZdF71jLyaop6QWk2n3nKbURLV5Vm+DrLi3Zuy6OAy2K/MLJhKEi1LhMw9pJYbNgq1z8SGFz8O+k96JXuZnIDZxzj9zdlTOjawkCu3WCGSAOqLcvPryZqe8LYOlozyVQcDQ7d1h9fTlz5gA6a6UViH9dl7uzkR0i0srEVbhuZLw/YTM4dEANtXT9MbKE/KoqG0jmzI4vf+mAux8mgIGNTQ04AfFxG+Coghn6WHWFJtEdOOT8hCfoZxs1qJA446Q2+ACCNeZgMiT4BE3x5L+wiS7Km/7d01XV3KCuOC4P5GwkVcH0l9WToJN0ViuM2bi6uz7JcEvgCb8AiVfpLk2NCE0YAcWY8nMV+aw1hOAKvuzIwt8vptTb3TApUQ==,iv:Xbgn+Nv6py85+Sl72aYxyDgfPEGsWK4+YqiYTQ/5pw8=,tag:CInhg7J3Au9HcgIWkisiOg==,type:str]",
+	"data": "ENC[AES256_GCM,data:1nK/JO8sa+N6EXpyIHBnRapOXYbtM38jnNCf/j0wIOG+0uJvQEFc1e9gIFvuvmPUpUjh6XMuEKNxvLTjFlaLiypOX3yJVTn2fiyOWSm244wcye0GRPe+RWIi+1kEPrFDBEG2JFB+9iGSx0Vf2NfBPgaVFnr4Z2TTGH/kvxiTV6KYucWQNHh+jvVKZ6vAsCP2pFWp2yhpov9l5Tj6MwyK7E46Gn7DmCAtlZcA64Nht+99Zrrfuq8byan6w8RMFR830GJvdMAAD/Vsz/6aGQfHhpJwl4L8/4WwvhQq/DuU1umI1Q7r7FosXbos6g8wTWuM3ccD7V//tFDeVkaMKJzkLkQt0JbyzansijadTYjo0I1w15iH2nySBSIrsOJauBcw3XaP6NfAC3fN1lh/fDaj5HWud5v2ginWRfJNYalfMvTkXm2E5m8SXjanGJL1bHBle4TwEDNPT8+LFIJm8gf57rQRcRlh,iv:W3xvnTblM4Aa0dzDKiWqHM6B5zmu5ddk3D4tYAVNBiY=,tag:KelbYP9xbTmDaWiPrkS+Mw==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNjR2L09PalRkUTREY2lW\nSWFmL2lTRWtMOXA4Qk9kbzNicTJZV0JEM1FRClpjQmlZRGhHUDR0YlZlUW1uaUJm\nSElmZXJ5RnczVm5uZnpyejVMQkhDNlUKLS0tIFdhZzB6TGh4UkZUUktmY3ZRUXM2\nSURjZG9kVXZ0a1dCZWczV3VGTXVva3cKTGhXQjLhn3hpY72nfeu0pVCz+qzJi1gJ\n6AcGZQDKavoJaP+qadTVe8pa0Vu1NX3ILJBKigPF6OTVJY8/BaiX1Q==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWE8ydmNXRlBEM2lidU5k\nb01jQ0Q5TjlRZXI1YjlTTDF2N0VNZ2pJOTJFCjV5bmZuWE82UGtWSGJFWkVCbmVD\nRlJLczhwN21XSGhaaWFpVlNyWUNZem8KLS0tIGphZ0RFVUdXdUVTbDFibjR1TFp5\nQ3hvZjhaWFI2TnVzTWJ6dCt4K05lTzAK5pJgUGGCwzPO6yWyqiQuCEwYc3PrFXV9\n/fhVaRhdLJXc6/hBvWsK5vzQNe4o64AfUjS+iHyXi5m0dGINzWCDSw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUFV1Q2pQUEJvOUtQWFZL\nNlowSmg3MGQwUTJxMFhXcFZ0aElLMEM5NWpNCk5lZkNUQzNzNnVVZCtkMzdIdStV\ndmJ1dDBwck9lVUc5MmhKekxWV3h1UGcKLS0tIC9yOHBUbzY4R1c1aXZ4N0JVZkpF\nZ0gvMnhxSXl0LytxVUVxVGV1eElIYlkKPa58QsZc7y15LJlOamtTNrWPH+EkblLX\nEI7IkmOWK/lhG9KEwG4h1+8gDS+5bHPuvqz/7+sROo/A8Ry0Tj9oWg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIODlXSjhFbmo4ZWZUWkdj\ncEVHT3N5Vjg1NnJVNzFOWEkybzVxTEtWbWhZCjRHUlo2L0U4YjZFS2tMMVM0NjJQ\nQWtLV21MWTZRWkFWVGdUNUEzK0g1TnMKLS0tIDFxaTNtQ00zbXJNQUdqVUc4QUJ5\ndWVvTGpMNVkxZmVjK2xKN3F0dE1mZTQKuw+pFE5tYe6vcTL4FrgvJs7RKKGJBNZO\nDUjlUxMB/WBR52BNuDL7kviFeLaF2HLeF4s+GkvqYugHnTBiZ5fzww==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudFBlTlVWMUk4QzByRlN2\nTUcrS0VhV2xEUTc2ZkJjY3dZaTg1ZTBmNVNvCnNhY2FpQkJkQ1VZRDhTN1dUaE5M\nSTJ4WUt0SDA2Y2FSK1JENU5kVkcwNlEKLS0tIFRvV3haejQxNUJUSGd6bkJMa3hM\nVFJQUWNhaGlVenRLSDhHd0VJSDcwKzAKt+JZAK2QVUdB4Nh/xqKS1acqQy7iNMka\n/YrjK6J9CSTGUAjfMZTPXXwstVYaZCZYUnZ0xeIlRZPQw741hx4kWQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WkJ1Q3Rlcjc0QTRmallo\nRlRlclFmcXArUW04R3JEY2FWYlBBTWxscGxjCnpOcTJqN3FzR05NcTh2SytFbU1l\nbEJHZXZPdHVuODcyVjZLU1k2WEJxaHcKLS0tIEtNRnBzK29mZlZXeGdpYTRXWW1S\nZVVuQk9rQXBOZk5QQ01ucDAyelh3eEUKKmljNvAc5Af+B6x4hVlNjZZiznPu+U2/\n4cA9twbGvxJab6cU/aXLtB1yOmQMbm5sroBZ8+sqThGo1n1eBRHQDg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RUM0TVJFam5lTERkSzRZ\nVmF1SmJYU3VlN0psUXlYKzVkV0VNS21UWFNzCjU2b2p3cEZod21rYVNxWDQvS0lB\neHhDTTIySzZ3TnNYTkVQU1g4ejUzOEkKLS0tIDNxaWpMV2RJQzl5T1gyOW1aT0xH\nMFU0S1FyOFZnczhETTBvZkNmQUtvcEEKO32cV09CY6x9ievHyaKNLFR2Jt1y8Pbg\nCXnpvFmXMXROoxRaDN2N4+0SRyjhzuAabyAKszOksW+iJ7fwAmuR/Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMWtLZkZHRHBGK0JnQThs\nN1g2K2lQYWFmdTIyOEE4cmg4R3FnWWdldEQ0CndFbFBZOGRhWlh5QU9DWlc3MkVk\ncktUdDZjWXQ4anE1S3RsMnN4UnJOc3MKLS0tIFZlSU02eHByMzNScCs5QWdHYnlU\nWDdJcHBzQ0l2MjMxdFU4Q1c1S2pVdHcKvAzlHn0XQ3Oi5SqckELFtEWl3kOulf/U\nZ4ux4+FGfkjYbq7jiyyHL8RfLVuBRDS4MGcGYEsI0YQvmcgxBFLP2Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRFZFcWhDYkpENkhmVzhr\naGVueEFRdUxHZ2l3K24zL1pWR1VtSzUxWWx3CkVReU5FSnI2TDkwV05KaVl6cERY\ndzR2Yk8way9aNlhIZEEwNmUyOTdYYncKLS0tIFNqVHpNczhZREkweCtYWmpPcjdK\nRWdRQ1ZGa256cTJrdEloRmpGTXFDMGsKF9A40XY/cRGd4ZQXnxnlHVxAWks77j+z\nt18W7/lECC0Dt/jLMfEup9dnPyXS60C4Mz35kRNFCPXgvlIiozzyYw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMkh6ZG11ZVIzKzdocnNw\nODVzSmFlaEt3bEo5QWZCUVErRUQ5WklpUjBVCnNzZkdoSHdJNEJtYlpEV1VHNWF3\nQjAvVE9ZOWU0U01QdmdDMzU5NHA2ZWcKLS0tIHJZeGpsMVJhRFZCVnk4T0JqVExm\ndDYxU3RMNTVvUVhEdVJ1VHVybkhJaDgKOcg5MoybrReGg5Y+kVusweFcEKzc1xd9\ndhZC22Klz/va5RRS5IVnoaIj9JaDuN6p//mZGKtYhUQfr5SaiWnfHQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdGswSkh5bmZHait6Uisw\nTzRqZDUvOThVWjhHeWFUUGJzUUpWbWU4UkFJCk1pNjZjMUV6UWtHbUc2anpRcmZZ\nYTlOOTJFS2YyS1daRzJMUFZacHJiWjAKLS0tIEcveS9RckRLQ1N4dlRiaGliYW9E\ncmhXeVVnQ3RYSmJKcUs4NTVQLzMvN3cKPxFN6MiGXyXVX0ePLTioLGTxCyEUY+X2\nHJeiFKuFkDIpfdSxrPgwrWY6r8bVeLqMsepdruqUE4o0UGHVEOn7VA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bVBGL0l0bzFiREVscjcx\nRElzN243eDRwV0g5NGMwRzdlTmk5Umd5Unl3CnBDTlV4b3Z4K0hUbFRiMmpObE4r\nSEZPampwNUxxRGMzbFBwQldWVEFIY1UKLS0tIGtzZE1NSFFWdlFHQTg3RXNwSEdM\nTnZ2R3ppbEVBeCtvaGlNWTVWZXQ0Q2MKoOLKAxiCiTrQ1gATwuqh2aphq3zWskp/\nWeQ8oqOwc4mL5nzKIJp3VzTQ+CdL2BYfDsxhsqgilSruht0tFm+Opw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5S2FWYzNseEkxUndRa2F6\ncW5kYzhvengrZ1pycnphQ2FFR1dYUXh4VlZFCjBPS3FhbXBvanZRNWwyYWZCSmRl\nTEs4V0NaajBkQzRxV2lJalBIVnI2bmMKLS0tIElpV0ZOU0RWWkswZ0Y4UUFiMlN6\neFRGdDIzNHA2b0lGSFFzaFZBcXNsWUkKvpYIHTeGlQ+Bqz/EcjlQ7R6I3yuwNc9l\njQQ99P3tq7bFgj4UIUDdRWaZG7PDGesEJZ6fjJEieA5o5IO3Kq0GAg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHblFPenlYNDA2WnlVdFBm\nait3bEpqR2ZUUjlOM0tMT1Q4UEpFSXpNUGxFCmtvQjVyc3RUT2pMKzdBbHNwaFUz\nelFFRVZFVzdSekY3c2M3RmJvcDR1N28KLS0tIFZBazRsTW41N0tHdXJWZnpwUUJB\nNk1iMkxZOFFDY2JtVnM4WU5KUVVEVmsKHb8PCo8cTyipymup/F8Oue5DiP+uPznd\nXbD74jiB732WPPNOrXh+wU74Uj7EpYoazvTcs4tHu30cCpbCz6cqCw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-12-01T12:37:59Z",
-		"mac": "ENC[AES256_GCM,data:F9Ma+RYXq2sAYc+uPn2u/A6hxbhybc0wDDVVspFJNIYBu1aUi34xKjxPaPQ+H5hWJEa4V3FtUugCJnMSv63gbA9sKPdxHI/AXIUAK3f7b4aPXEs4RTAQaxuvlAz98wi8cU59BDmdzRpYxfN0+FsIeIxjT7lcDS1JIcFo3M2o6+U=,iv:qWMGQYH+DERoSiMTJ5i/eviFD0diTujCjHGK+c+U0y4=,tag:hvrPpfhzdD/g/JXLwKRrtg==,type:str]",
+		"lastmodified": "2025-11-09T22:41:57Z",
+		"mac": "ENC[AES256_GCM,data:iHmgHvT3yn5ayimvO+miRA3dA/0o4juBvBzWIXwtZyt5gSI4oJizMbRaX5coVJgeDdPsYaiQFqSnEPrPmrMIR16jdmscQLvz7X1gtdanMP++5q13jWOkiUHPC2nZy47M+36bzC2P/BHqKE782ERTGnD70VZO4a1lOa7pB32NutY=,iv:oOn9x/xf5g82GXdZ9fDxgEiUScXXfzSdEZccqFQLF4w=,tag:iEhx2Hm0yP6G/1w6cIgHIg==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2025-11-23T20:29:01Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//QwNJ7lhnXTXntHGRFgxzpIRgDBFe/cIjztt3FfA5tavw\nWt9+Zm3et3imgGE2n/7CrgWFobhsFLP5oEXavzea6IjyH3T+RWeW9nxCzFZrP6fQ\nOS3oEhQ/SBTUFP5xDJHz/b2oNrEMQjDXlZYoMtMQihmn6qx3fiFK+dTaCKvnH3zC\nrKH03Y1iWiK5JsKs8nn97m3x9XfT/TQSlbDe1ktlGIzh0p8zvIEJcGgbz35BkBYL\nN/RK/l+xHWnt2jLLi6vj6WFano8x3BzpVrahYA7ynKoVWQChE80TUDacaVjh64MO\nYqGUluZwTSaw1NXlaRIas2z2Rm+HEpeeNEyVUCpe/gAGOawmTAhcIgORhkIK81S6\nToiAqIWaw/i/xtH+U2M59YOPRwG9XHG9/DAEmdCsztB/AykNxOMq6xJDayu++kyY\nRXe0uYbPd3b0nGMcngBr/DTWUSuO9qcpg21d4VfmNTaLHgXY8QS+8bYTETJDqyvR\nFioAfHx+H+/la+OrLwee+CONCHGrlItSo1s4jQXW3TvbWlB19gj9XYVLU6dohrke\n1h9hr0Ia82/a+5or7RCU5Gtf8tHqueOdIfG0acv7ohtmjxtZOegSgZZfPIRpUI+X\npuLxrD1u9FFF/KaVJOERZJze4jVOHvPbr69B3OD2TJkoHXQzlCEu1E2/U/zGNz+F\nAgwDC9FRLmchgYQBEAC+7PFEa8+euceAKBBPiV6CswPFy1n+4o2E3n5DGFMxm3n/\n9O074js/c2X8km0FZLg/OQ68h5iZPX/mavCybvNOdIDUDzpEYiiYhQKThVW0Oz07\nOPxXNA1U34hv+raMlvR0Uyuync7RoMJLy3VIlqttqn9urQsusUJPYTtWpVRaojjc\nhunYPQV7XdIGJG92sCMgG8JeYLpRpDJphX232xuxt4L6BZh+Ddr0TUGmKdMbPGSo\nU50Ub1uDWWDYL0BWN8BzsuQQNDOTBMVqucG/WCr7d//x1A6CY2wz8tK0pIzyv0sa\nIF0PYAguFFZ2noT9QA64wyB4BJn8bgW7L6ohv0XfVdLK0fR59lb1A9Ar386uhaCc\nstjmijCLy9T1aN8roKM98CUUamNwPFZhv+Fb70/5qN6OLRz1SPrpZRyaaqOsiyz8\nyJCxMz0KwOSc3PsLLBVhBPr5wk2w9tB7CJxk6hCjgbugXbLXXedYtlNwXyOXb7kB\nAMjGWFw1e46pCmkpHr8e0XbKqY1lXfeBPO6y3MhrqQ7Atn61lSGGuwmsbRM0oLET\nHYNbjZexMVTxsle29eM6k6Y/MPSxLp2mwj4orPgIOXKaxletNKDgLoqnSUIhbItX\n102RMnCLptObGPmlzJ3z7xSWievOiyOtT6yY1tCQQfdWE9cHONni1TYTupY9/tJe\nATViviHLvdhJTVcj/MJY5pQ3EK/UYwxJPXZG0CWHixz1uJeZTdfJm0t++tiWlRO3\nDRZ7TIvYUsicqCj/DKrcOLpS3U9toBp2dz2tCzHwZC7u99v5YgpCl058ZEMwcw==\n=TbqJ\n-----END PGP MESSAGE-----",
+				"created_at": "2025-07-02T12:10:18Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//YG1H7a2MZEWjFupRqe1jgxJMsDXq0zWdK8Wy9mHCLmEk\njFJL8xjuJGYx1tKlQKq5tLPob1NmnIr9KXwtarFrIdWY34BwqmkYSO8Vmcp7iq5U\nL0xTRX4ZWTyOpTMwsIhIrEGWd1be4HlS/QedJxOn7/D5Y+XBHf+0t+4ScE+4n4ek\nlRhSxR9OlFrmmxAjD/PHsrekgi7wX02lHhy+yKmDQ4YYL3ve6AONY3dltOFr1wk3\nQ3ffjIGegkXTiafNbAvo6joekDDIGm44lRCoaxuS/0ZbDC0IZN9EUpw7KmJvRpaW\nkYWKLLZn07CpsG5cNvZvcSMTyVi+La7WJ4Nf8x+6XzRboVcVfQ/ZnCFqUKJTIGcS\ni+UBMgNxX7PCVmbQ2pIKzn5eSk0OTwgUv4LOJzivFDc60Mk/iq2c8ptOOuzBxhR2\n/M1fs4D8QfseU3b+/2e1ysVZGpba/QxYkdgeAa3FtZz8YpgFlSHdenuljrJke28I\nqkwWEdR80jBXwZ785Ur7Uqw3Pjv0xW9hwa0s3yJ1HyL4Was0ONp2aJIW1NSRbbFv\njTVJVQOJVz+bxMla9t9cB6JmV/JxSe4Q7dkiHFxdmxug2qL9aqpXFRy0M+R6HClp\n8FjvClOhyRAOFYwjm4Ry/jY1mM33hh+KiJ9fYxAZ6ZQBonl3BdOq6/LbAwKDdC6F\nAgwDC9FRLmchgYQBD/9YHAFQvEDfzbTbJrQT4BjqRyKjgA27tA3D8MwS9Gvub91V\nJfaYbn0bc9oJBqkTEmiKw2zOTTbEC0zw18aB3rHrAc0EjYZCP9XMYQvctJo1XAKo\nZFJcCCmdKzLX6XO7rLOyjEp4J5QfdgR2NAt4NXbBH9SjqNJ29bQhR14JyYUtd+Wo\nHcypltxgX4Hd69ZHBrhY/1YVfhLOoO/vhiyCLZPFrV5HYGo7Dzrtw1aZg+RYAH5R\nixZ+ADpdVj1Tc0EwBEIzjsmJ28g8liYOeRI8g4X8/RmgJRtPerBRMxXqXxHHU0Bq\ngZpm4Aafy2NGLWPQjjjbWO3emQSkQWPtldyiYf2pSdixm8gahMK4/As3Ziu1MvIw\nMlu6TsOca2762DJfw3eWJ7DeVAVH0gDOeibPMlRVOIlqRbKOg58ZDsVMwyQaiTxC\nWa/2Do6jOIEfWGhM8MbzVuhqEvkxlUHDJjP2v50SPCBVhdI3p+im5mr9cgalwlp/\nanSR7KMC1diRz2cpePb3bHgtJGoSHRoId85Xo/mhgPQS3wJGujEUafQQRR089YF7\nLHWgahHAYX1RP0tYA9sJQxBZkc4ryCMk3R6k6HdiZsoGB5D5rJa4ufdACrgsCuML\noF/hCCulldltYNN9ZekgB1Xii5SEYku0NP4NZnA6dsoXDE7hlcy95bm09iA7StJe\nASuM1tJbFJI7eRKdg2OafM5+aVGRsJqHmYue9sD+LY7LoOK0nR6tPrL97AybKqq1\nsHwXmxhaJglwBpConTHTIIKQw0ZGUuzowFHjrTs69lLkdIOq3BP8/3cBYJAeLw==\n=P5FL\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc
index 6e6edd2..48ee1ff 100644
--- a/secrets/repo/pii.nix.enc
+++ b/secrets/repo/pii.nix.enc
@@ -1,50 +1,38 @@
 {
-	"data": "ENC[AES256_GCM,data:+wL1DglgGMBEfAqSj3Vgtb4HFkDa/fa0dvH5BjSUWoRSnMHC+kj6PtF6w2xVryTsxrELIkpuUdCFwHQkuMeODTXR90ZgH5CpGGkoIKEMEqvoIGj6oULysrLsSPpkhhkgpQRRs5l+EEVDbHbi7XRJtMDh9E84+ZtAk+VvdusIlvyd9D1p2+8A0/lm+Oo3Bv1lt7S1Slnj6wmwgr82SHEmtn7Rof+9jEXuT4qi9M4zT2ogYHKsNNqI9DUXp4SQmLkQ4deZjo6aqNn+Uf3mTUSUUUJ89TjYIgcajw8ukJVBh34+bQb7rCqIjNGxJyUl9rHoiakO8zjD85zH2p+vZSFlR03gVx2ZLfaGhM7EXJfhuppYDh4z5C4/G0qzfQ4iV6nh2bt48XFrRKJ+JaJYi57hYRWPQa9OTChNMV5xHIaublcJE/Z+N5GSHEprdN7jna8F0kKNg3KkD33w3fQQ6mia1icAXEBForPRhhjvxUQprygvurLv3vD55gboVFhV9UCZKlqc8gRhSEfYs+rU7zirKA51jJA2uZ290zdrIXu+pprTo40/hxvuZPbEYD4T5zWxzL8vG1MjDDHwbTegah/WYczg+9F+pj/Q+ursF3qym9BGQ6SupvILl/MFpnV6yh7Qr9iWjdF+Q1etTK2crHNsTKLx82tEjT3VxdH46XE4QTZhZJWzBh4TWfeYtuTbAB0i3mqE1l+4pXgfAYv+H50hikDflViGtiFEyjPGPPPnzq5CitWhLZW003GEIATmTPBTpbUC1oPdBuNn52pGvBob09j1Ux9IeCE5sFYm8KFuZhqjMK3hrtsiE6Yj7ey1yMVdh1o8mvLIPZbmfXdAwvYlcGD+QLTXNpDjbsPEpjdXvtnYoR6IVnqPi/pPP8Vy7vBBFOYr+UPRNuKKXbBLNZ+0GOznbC0wNWeTib1roc8t6OIizNCWv6bOQslI0PqB5nJnbdE6NZJyQg4JgzbqDiJwNx84zC6TTLvxVDdYvgY3YVJhTF4xqcpLIADRAN0/hqeLpt+0hRTQzbcEDb+mHqRiNnlAcwG0yAbvJhuOVV3curU0w/CA4ilGnTssn7D9qZyCAcVdNlU1ccZff5vOHw+Fvh9h4w7Slu6LpRAP48lr9XPIZf6bxbBR8JzMJ0rss1Gp/ufuJdkm5UVF5VOpQVv2Je2g3Kv1PFvtTzFRpK504n1VlTsiZZPHSI755iHf/tKOlsoaH0DH5ImnihWbqH1hZ6XiNKtxOc50Q1x11O8PGYlsgjinqJzJPePMVWjySNryFX+a1AErRArGLeg70R1c+2bdO51CisBOtb+m4i74WTGKaPqf7k3pIyukd5/eP2G10LPm8ICltTgXV54PbojZmbn2uadO8E5/jwEIR/JNgehrKYCXF/DWF2EQDzvR81OWeGhK0WQ3NhxRA3tRpsva+DzOqk8zj9WAjlnBQVWxex02jWUKds0g56n/s1ST2qH0DBiTNwucgyhWBCuFdalP0ymsWAM5RFtO5GyEPRfYacFFJDYwJMxAlxK2ANtO1PIf+7hWdBq8Y4/N3kNeDrMvy5UR/gofPtLKEmEBtlDe2G2caka/2S2sjlGhCD+y1DWOs4bsEa28h2wu9isT9edBGQFjpOb4q9ug+WWEFwcU5Lw3PzbH4b8IQREZuEByrEUij/30uA+UcnHadvVfOakEVtrSbQ6vLEdKez1vn2dKAG5DECLW0d7sUZcN73EbeTl2edWONn9dboHuYRbAAkrV3L2U7wr9Gj01PgXA1yjQn+bhU1FJVcX6BnATWWlq1UHaNT+taH8Lq71+zJGDIVKOIuzloNTro0aR+kPkOseN4KzQkjD9eatT41vki3RlK3sz6/qwyas4YWQH+AJ8F3XKd5U0unng66MgaxZ/lFeKg0jn04CQxc9PgeHq1vBJ4br3WltqxEnXZFCHdP7CxxFKMlMWXgrSrBUFPCxICI7xyxhS3jTouQsROfMchLGvb4/7miwPBlLkGP4Nb61CA2uqQOByh/xxn2hp7KNf+YGufjwqm0eEPVol6TcZ0OBs5Ly92v82JwsnPPnsFd5IleS+iJexE4BKAoX7catJIrJQ6GHxonbR8O4toQAR9MTgJUYtVVc+65TCjFbThXwuG/4Us9p9heSr6qA47JgZXsX2PdDA4e04rX6jLpam0W0hE8nka8JvYa0PHtnv5SmeigobgVbWqscP6mV9UyoMU59BE4zrO3ygwRIuLxvQeRHBGfrly2RVWVreiuEZIBMOBY8E710qOU4Pd4ba6utxJfcS97895ZG6BgRf4U47eFPjIun/83QixvN1g9p7Ez04IT0Uu6kE2ju2D9UJuyiCtkiqwmuvZFLkqMeRalX81z4817DK2NRvw71OWW+3fZAyBnrr68OfIQnvkHQFFdtMOYVAVMhcgTezHFMDhcFzBfXgCKUL/fdoqtNCT4fabIO870iRS50cAlpqfYSJTu0r9UD93R4eoUlCAa+tc9IR8jPhTKdh62TQcVsRIW4WXMUMV4gt7GixlHUmnSGO/4hPvdzLey4ZLVL7mjgzHsjTvQdZ2KpF2DhK728vyYWh3AP0u/e12nuiPMzuTnXhB5W1JXevcYQWbVOyKeKJ+muFO6lgVcWTWeF25VJGBjlTAzSiGgA86Ef/gZcU1t0PxMH6gnvXqpI27AmFmRvYkyHJmy3ueVyFVbhOBvisX7XmX0QISRmaQ3VFCf6bN++L9K9oQyZkzYdDcOoLupIMSVGtXBxqdLyvJs2vRuoWx8YZI2nSn8ZeKpQSvfTtLllH5aBL6tOubfKwDvp5q46xHu4rhOAilXKfbDF2PpWn5ldUL/zS1lsba/MIBos3TtGdwvpDvBvEzjcgsEe2ffs69EArL4lCQB2Q5rUvSWfLNusnV4uY7KeYLlG+M9yuQH141LlRXE+cb0UiVroE55C2kRw+5oHATR2AUygDvd8zvuQhGVr8AFM6y66BAfvQG0y8LCO6VwR57uskLXLldZuTdXh2QKLHD6ljHQJ2CP6DYrnOwyry4Y1ZccvGy4yWbgmEPW5h1SZ08TbmCDM05fyrHPe5WInbJo3DPfHLAUFXjzFwGPMHB/OSlbST5u1pppCoOl6VtJo322W3k4h/DG7TxH5xyHlMWthKp3I7Y7EsHyo47LETN+4Ibu/q2N75buKvPoXs8GFn+26p14iVw7QpmJR1u3P4T5CB5aclBBfjvv2qsshVF/IjT61KL6EKeYAqJUpvcuzQJDu0dtHl7syVK/tDucV7ATV5kv+YUM2vxaGRSJjQhRzv7ehzOIoTKPKAhfRVGY7X01fLC9i9vDchbbLXqECMeiklbohQBaSzSdKpQhlBk03+eFuV0kkHMwY4blRx/MlY4+jP/hlP3UDO0FXsI5HcWICdul3jDyiiVtnf3SPf8bLs/r+Nnh1bPTn+cxszRm3sdwMf3j2ysewLmr6yOkSqZfyMEVVOjM6O6sy9uIF3GVZmZtpTm6etZ/BdUv+Z93DMvfaSPcaB59SCYkX4DVqr5BjAEmewaqdKyA0A9vBbvI+3zQGX06BN9VEZYDvIlbh60/MY2CSSyEQeD4KkdhuuKZgKNBXGdz3XQGqZcreWo7RKo8Ezigm1tUblNNwpD3705aPRQgpfFo/1YkBSsnIrPi/LCpoEU77ILYl5eu0zcIdMXMep1mba7Y+R6dJCdgtaJK6wnLgw+u0dT2cjilMLEIFPVPAU7qU6QrloVMPUQBuHRwwogb9T1L+tK9SFzyONpchhH+YLe40X5lTmdBDnH2dZ9xUrHOjFFhrwgXaM71e7qPoXqShw4a73l+e/x9e6w//g5nNmOLizYEMm+9XqsRGEICFWKsYStXOnBz9GJhPG1TwatYlJ3fo4/gtV2qdS7HIL1TopNoHuTIGafOvRctwd9ScxYM3syjudqPt1h6utYyy3VXvpc9bzY/pZUDMFXxhiEmrH9xIjWIbEdqu1D+nRns1GuVariV/cnmkjhqi7vRwuUJ+nx66fJt+kC8RzJIt3gvHQ9IrQN47W4ylAG1JEp8iEX6k78upwyO6msrwLklS1AB5rk+L2KUDwOcbFngsPZrDPs6Ia3ALDW3oJeTdK/9m0w/V6GJiFAEAtyiGLZUQTl+A0GGQF8dglKmIGNfRFutPmlYjUi9AmDhwoEvV+nqA7NW34oAfHWlF0e4Ru9ucaSZIDrqaylpGgeMzbuGC6s/6B5f8I6mqnUqUYBXuk2kUCtcdMbOnfhzEm76DUqh/YxFJI7DR2C3rEOBrlTBFnYNRQrtRk0tqP1al4anY7Kl4dkgfG98hRwyz3AjyRfkfehhY9g2MFBc1Wu5egIjODbeX7xIef5nFrSW6x6EPko3y788lO8gYSVwde5Rs+RJDCQTJw3ZSfTbUz2ycVKTrm8phJz7FPgzEmXuKnysVuStu6nC0RVShk6LZ0C4wjNX7Wt7DjqVwxtT6R69JKs9EkCd7dfIwDr6ezphh0PasZToQo0XT61gv6lMIGFZguBwOvqFn8TKVSsG3P2llFyGrzrvTQoYP0GlE1BVe2mEr2LZQOzg9NRFltQ4mw0seI7GuQm+L5CanfjruohTvlrtyYhoCHcth4iOKpJxpAS0lcwqv68DiTN+kcAbVkfGgJgIMxV85r977aXNS4hlV7SU1DFo8dm3jTO65ppo2csj8KLcFgf1eQyo2X8dq4KNs+Vp+tGtHUsPmHGXGoVkmAyr6Pz2BDMYr5FkIirAxeq32yg29vQWJwOe5FC+gTwVUX4Tv4NT7vVRqPhkC8zHITVoCLlXo+qGvfqBLd5srNYD10bGF1Wk2iV8det08xJHIbDP41xeJsMZWolENRDgEG3Vry+u7vQ1CmTCToO7f4iKCGeDWUXj8PkBPnapZ7K7vBnePayoKjE7MJUpn9u+85BNrrmSMK9UQciIOgUAqUQDc+HHbnpmzEKTeeUUyM6QOTo/kOHFQpjJRlIRoJnWhxefBRDBSqpAKTJPIOcpxMBb9cqvlJIyrBAE0VGpPqrPcd6qSxm9Of8qa4arBfLCdu7e2AGrUmiVAjPoVNFfMnjLh/riSM9mqOFpkpiR3LTGUwDMRNbuyd2uFboc2sz5Um0ZfriOwSwXVkbClLvAH0sz4iEm8ZVrBOHmt3QghGWCnb1v3OBiB3ibp+lvaqVcV04cbb76sCCu+T01kYTX5KmueyUIS4DuehafGd13h2qjPjBjwnvm6GUc/TwyKEhwuBuodoPORatYxCutNVoufzztyytOxPl61vQhjsDPT04V65PlKnCSVL+Kx/7712pqaqc/rItfJekOUFNFE9pF721Sh2EU6vinbWGL/J6X6uDFHYEmhvJN3oBJdWdN6HRsrY+pksoG1nRRREGVxNiL4b7u8+VI/Sp88/zIAhqjz6Kwij9K1MX7ZHVXMmbDLhJLehqXXJU51NEnDr8GdokErsBuzeP31Jgt1DfbUf7wZUe5dbQ3E7dyrZvI1lnAwe50TIXZNUzjAGzs5PQyRALJsErNKSdTN9HrJcDCaX88O9jTIjaSjkATpqVnFpEbgKKAv695yg1X0l8WMXVrWXF05rXT1ybCT5EzPIapPZkjiMB8Jty9yy7swJHgQfr1TxufzpONzGw3KXTR3vDvf2kU2h//1wl2e5ChsTirGXlukKxYKljfyc1avMxqezGkiqdqPXRK/it8P2HVBEEIkOBBJIHWmjdUHLUhyOltGaEELwFNU23fZC4XysX54QbJQwYsswhAufVZOXekABk30tUd+JNJu6fsKoWUVFJUYq9RpUh9VFzf1lCEnCqlsoV6+TGqN9zscvl6xh+jDMvlGYbM0ab2foJ6i6yzdr16ELa7jH6xLNteUE9+yimDrNfuwgwTFM/FQmunFcklaWt/D7i2bsChP/apuHXtatMxCpfIwvvgBz9X5yozxPLTFIPEbNPfxx6bcatOiG9YORp/E3MO9nrYI2I+dJ8hBXxBPvXj+KKIXOBXsXonRJq3QxPNnzWS0jKPtjmSolwsqU/ayY5eLZSlQ9AjbW0Myy2HXHbetORs4YtqXCneZcFDf80p1wxqjXCIskDRL2mXPTYkqEyzpkoLNhe44h3gu9XCK1FGTlwqp7uQgYjhydvJ4Zz6wwKxRsem7vvNeuHmm5iLhsO0BWqg1PF5R42UDmw+V96tojPLkdUnBne4D9XfgC8baY2W/ClCKwF1nusbu0G0X8RnM9Fx3KTOG14ng3KwXP4liNf7DlNMwo3iFvFFy/11dXNeVHFi7WFZ3HQhnZL7nalespqwoTrJ8PFzHE3emOFYUT78alzTeGbDs/3nZk8r0JD1l6d2+u/dZ/lbFjvilKtRvOLIcQfYfbzej+UHQgaWGiPUpT1AZZG48x7VX49ky41IuTMmLjZ0wwS3B228Etu9LuxcGyHNzpRTBroOKIMTL+ld3R24bH2efVHMFxNKNUUx+p3GGkOKCJRtzgI6AjYgl32WI0RkMI6OCf/M549ygNVdXohCtGOaD8oBuxi4ngfeXN7iK+KGRxFq3W79U2HaeTKkt1H8GTYXOQYrwX+c5YMO0yZWVkge7IJFTUerDJ+d9wMDXQMgCVq6DlKxpmUYR/lGkMGgPtW9z2hLnIKxrg6XUFCZdAR3hu4Fx2RtCoGMXRLbzeFA/FdjA+rWLciubnOXGrCwjKxeMEKgqB5jGNSZQK31RNczaUcA32wrYLgo3ee73m0JxrMRhteUgh78frtXGUCd3st/XhIuISGi6PdtwykH2YOWieN9PFjBoItTPhnl9F3530N5gZ2PXgIBD5uaulx8j2lBWzYTD+W1Ihkh+UFoxxpv0kV08ZtUwdF4GIPMdeyt5LCwfyUlRDkPUb2xEOVjhX9yZRi0xrLZ2xEkPT88Lzm1egHyCFY2xF0aBg9+QIJJWSgkc3pvgMfjZG0iYq3Th9cl1sB6v1neUUW7+0WYue7BHZ5j4w0Oi4sWGLHlYP8utJW1xuvHX6SxYYlHifmvJC7Wpq4mvL2lrfI2Er2IVBvmpeqEr1/k+jHVau7umaQapuyixBk7i1sgpiWG/cTJs/rY/uxVTWDjODTP0DoWKhGhvhYS4eiKCiwqjkquK3t5SQR5Wb0hTHjeGD6EiIet21yJ/GRExS1EXdd6nWGDHm6TwTI4IDyAG5EGtshjseJepJqrlLgAMP2m60VcIDddrTVDMy19ypi0QmEQylz08aIbs9i0S2mvAwn+NAae5Mc2JXH9A6E6UfWYY71W8j5mbSxFIlptOPWJORBvrFU7xsoXL/smKgATitf+E34sznQkUjcCA6JQ5uRnRcAV3fmpjiXeGp6xsbCfcTA+SyGNB90UVfMFKMwQ3LH7lcwgdhEaXaLlY+L6oEmk5DiaP0Q2ovWzMstrcT7WkviWtf5KyJbf3hHUOwQvG99yYYpzP0b91W1JtXUdxxPuY6GfIR6dDrB5fL+uE07pgXe/SsxFI18LxYrU1dmMjlrbwM16BIZnAyo87SwrLo6Ut4URxIF1YGycSFBkhbXL1rZIBNSd2+FIVQ+raGYdxVqzg/8fbSeftkgxW4BtojBKc+dUs2SAxXurpMhz1flUgdUT9aIUWRLccwiOA7B/lN7DhW7bN/QF1MajVzPedv0Ax7BxHB82DNAK1tkBBxleNGaBo4ptC1EKWGOvzf5FPRIjX0qSjL67eG+YpZGPfo3maW8jHT/ArGob4CaiAk1ZsMtJZET1zt1a7q9XNpQCCVmIWSApAemMO7NMv6WSlMGh9hkLL4RfFJhRiuoh2I6g6A0Q3hJii2RewVJRQhQVxMo9nIatC19mhNsVtcBPH3J58Qp9I11UFWugaUkyG3BryO7gvoh9hEzVYyIGpTZN+sVB9agNQLazbu7s4DpeLPn0Ze7qw3JRwgy/kAbAY1B9+Q38A66ztvr2q0sUIR0BdHxyXLp4Oxn0U7WbEth3dAH4OYyUEpR1uRVi+br6tYiwccSHl+bDjJki9lu+tnB1Vla2J8gTzSMDjUL9oRoAKd4prX5lr7elI52+EIiel7sHaefZ8gAKfyD15FnkoqDmNaGELvEfOKYU9yfabN5b5bNufKjth1dYKt+LUGLQ9gjV4LH7ABzyqL1aFb1218+nDDNWp3pegY8TXUWnYk1N1Q2Q874HuU8mc7NH+NYrSNYzWnk2faYpDv07423Qqa8LCed10fgJaG3dMYy8UQSx3HytGR/YlpupOUo7mXP5GVJblcVz7htHeCUMuL0rMP+N/u+QatcMunnzWAZTprNYSnCK/XKGcsb0xjLfkINWvja7a7c4asQ/rBdKFZPARFRyhl95VNNnqcj2Rp,iv:cyjC5VQUr4RK2YwZMysK70viAI41VheecfIkCOAFHm0=,tag:N6GPAKgBXYdLddHPv5mtrQ==,type:str]",
+	"data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGejd4Rlhqb09hWE01czJm\nMGpuazBFcWJ6bElnQ3pMUHVVV25MYVhMSldRCi9VNm5jcTRkaUNPemZkQmtvZjNC\nL3FVbjhYT0pLV3RTVGg4d3ZQMmJ3VE0KLS0tIDRFMGJJemFNM3E2a1BabmFvNWdx\nMDBsbWVhd1puQm54SDZiNlYxT3Znam8KIcaM7GlsZS2jieYlN4bi/CX5dp+TYsQN\nXJUKYKg4+vrtZpVi9NHyFif0Hwask+vdaziogHO/xKA7KiCo+NqCNg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwOUJSMHVRR3VKcjlOeUFH\nazFYS0R4T0NnU1hzWjFYNk1qai9NYmdJaDFVCkZpUUJKeTBmbnVZTXJVZERVQm9m\nemw1V0lJb1JVRjlGcnZjZW1lNDltWGsKLS0tIHNZaks2M2tXVC93ajNYTSthTDZu\nNXc2WG5MejJ1Z0thajJDSldBSVE1b00Kusadu31IGTpzXG8/1BXjdMrUWFWm+Gew\n+c52Tbh8tm778zYb0Z6EFupjd4lVUYfn3GuyCCB8mpGteLidOeuqPw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZDBzY0pJNDdEVlNDYTgx\nb0FkZERJZE1HVEhQSUVlOEJUZjVFWVVmenhvCjJoS1hGVkxpY3czTjcrR0V5Mkds\nZSs5d0dEUmx1TnlyS3RsZmV4VWJXaXMKLS0tIHoyeGNQVEdmRWpOMlViOGdmalhI\nZzZha29SUmFaNk4xMXFDVlZaZGI3WVkKc1eB7uQChwRejq1h6F44uXeshmvsn0Aa\nCHzCJ/uGc4bx8hfY9inZ/XVh0JsGa2w1G1lSbE0heTottM2bpHad1w==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQXVMRmtQbFl5Z2VTVkVT\naDBnV0cvcGp5WGtYcVZMaTc5OWlncitZTjNFCmcvY2F0Wnl4TU5tY1Y2WWlUWjNq\nL1IzWU42Y29yZGRsSnA0RTFZVUhwR0EKLS0tIFlYOEJ0U2VWc3RMNzFhT2RhYjZZ\nZkd2QndCbGV3RnpaWkYxTkRVMytqcDgKqFoTKhY6DzxBWRjuy2Qd3jWQBYlT6pFa\n9WH0t3bOtm86oIjJf8kUICmE2oRVX8OqFNIpzKD0dMoOuXgz5O1EwQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK05CODZFTWk5TkhjZnh1\nNXZjZ2ttM0VndU96Nk5oN3E2VTJhbWloNGpRCk93MkZqTldQNUZNbDJVVjVYTWJu\nZVFBTEFFMVN3cThUd3U2ekttLzJyMTAKLS0tIGFBTmNKOWZiME1hQWpLMXprRzh1\neVpFb0swSnVVRmZFclRjVkd0V0MvQlUK1JUjwmyotjEVt88K9B5EyCGSnTOBlT5g\nyD4wIMSQxm7/E+8F/o9s1aDm3PG9SM2U0A/y5Mb/TWscU34ShnDm+g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUaU5BVGlBUUdrVzFYM0Vu\nZ0RHaUlKZzkxQS9UcXB2UnQwY1REOSsyc1YwClIya0FtU1NlRUk2amwyWnQ4Qnor\nMWpPTzJRS3FSaEU3ajA5NnVhZDJQcnMKLS0tIDRlemVKdjZ2MzVCRm4yZ0VGZjZH\nYXdJUXlOZ3R1YU16djNMUmxHb045UXcK4kvPN486Phfe8lwLU2E+QIVb3uXHo+v5\nUkxjdxWjpWV1DWFKtFzILU8f9gwYs2LNGqe/uaik/cnECqS+m050KQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZlFKQjVCSXRSZUNVMDFs\nd1VYWVp1SkNTclg3REwyMXhlUHlBSm9OWXpRCmU1Mm9ZNW05a1lweUtsVHhLY2ZZ\nZUtaU0tLNlNva2E3VzZFVkZaamJsV3cKLS0tIFE0Nm8wSVRiRW41b1ROTGFQNFA2\nTjRVdHUvN21Vc2ZLL09KS2N3aDVhR28KYTNt5W4NlvkQgcXsJgWzhOMFXX30/DHf\njbpekMCUEd8P7rvV2IrZUUCAd7d72SysWG/1Bjud+7OvE1BLw+001w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZFd6NGlQMW1Jb2Vac1Jy\nam9zL2hzK085KzB0cExWNTc1RHRIRTVQMzAwCjRPekg3WGVETmc5TFYzaVAreVNB\nU2JoaHpqdnhsd1hseVUvY2V1a2E1ZHMKLS0tIGpFR0h1bDJlTnVpQ0NmazhlRStu\nUjlGZGJTYUdHU1ZwNzloQWYrYUJzNlUKns93LeJxg8zNxnWxVH2DWIjGGmWcwOHa\nRD6+2MDs0fcaTIvzLhTihVaykBZ1rvk3Nq1p7p4Zz7cyDUvwW8bO8A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Y3BuNFhyYXFJdzdkK1A0\nQytCM1ZHZ3Q1OU9IT0FEWGxnNTc0UDIyWGh3CjV3Z3o4SFlGS0VHOXlNK2pEQW5E\nRFJzMG80eWh1OStObm9GdzlXL3EvaG8KLS0tIDRMUFdFMDFyNFdWcE85Y1p1Rmph\nVHhEdkd6SUxmOFpGcVdIVEtGN1VWZHMKor1bN9dhFbjPq9uhB0Io7Ekg9fVsxANz\n6UerABKTnZcXBzoEzsUKCLGtZQPftW94gwZ18ofE6rQ0Ref/wJMpkg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcHhWQ1lVNUFpY0hhZ1Ft\nRWY1UFdidGlSN1dNSnJrTEwzQVRUUGxQTms0CmtOTE5FczYxYldVbkRvLzlLRUkw\nTFIyTFBQekM4TmNqZ0pWV012b01EOUEKLS0tIC9qdUlsSnI5S0RrRlc4aDZIc3c1\nZVprZlJtRnNrbGpzaVNrWSt1enBNT1UKHrdxe5Qf1aMbY8Ne/uqNPYhYstIKPmun\nuCMseNq4SRUYa3Jw/bUy+l0GYC9+srFFJ45inpV4XAPeaKBr4WhPgA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldmdYY0o1YlUvbCtSZ1dB\nUzVsbWhvZXV2aDZjKzNWcVk5ZFliN3MzZ2dnClVkV0xRYTBHbXdDQ01hRERBREJj\nQ3ZQZGh3M09IUXJBRzl4OHgwc29idUEKLS0tIG5VSS8rY0g3SEVLaGpheU1YSDRO\nWGNIc1VCcitRTHUxUE8yUU8zZzVMRmcKdZlbPcCgNGz8bm39yULl6ou306ofV1Gn\n6tYYXgEb4PA/VpLSHQBOdO7uaSIb0WSfLRP1Sd75dgsT+WlhQYoHkg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c3pxR0Rpd1doeWhsSVB4\ndWtxNHkxdkZjWHJDMW9sUFM1UnBNaS95M0RRCk5GMldwUWdhUWJJZGdSbWptQ2VE\nRHpMM1lqV202cjRrQ1N5WjBDd1kxKzAKLS0tIEZDc2VHaHBXd1loL0UrZTJJaGRk\nLzVzb1RZVmtNYkZNM1pqZHhYRWVSOGcKIH/JKbzaOlWOpt1YShHar0i5T/rd5m1w\nkx6wZ3b4dpUdN3FyPdhrjT5RWOL1BHhcpjmRdBTAHgdqRLSZfYEosw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcnJhbjVlU2gwWU9sOWVG\naHptNlFlRUdjNWFOSkFNdVlwMWNkTWJOcVdZCkEvYTg4MDJ3TWFPdUpzOW9Ma1lN\na3NPZWtYS2FSN3dYbG4vbnE4MGpSVDQKLS0tIHEzTEV4UGdDVy9TUzRQdng5dnhj\nMnpXUUxiUE9UY0V5SXIzMXVLYnM0N0kKkesE0fgETq2RvizLIOMaJpCdcS3tThZE\n8k7cm9iNSpf43wa9Fvszu+hRiPZW9om8caZOiKid5VWBnMEQ3MYvkw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdC8yODJqc2dBZzFodlJw\ndEJUejNMbVZXZm1uQ0FHeFhKd0craG14N2o4CnlvVkp6eFVLcDlnYStHaVRoajlm\nb05yZXA2aGpNaXROY2paYmpqM0dCencKLS0tIEVhMDR3d0Fla1RKY3l5cXZsNEFP\nZk9vdGl4eGxhcnBxVE91Z3ZoZ3Zzd1UKavS6iLiXL5acrtOc34OT2V/Ol6lWLtCo\nZglO7H8Agh58FRhyQUvDu+bHXTGnxWIhOnyAjJYwP3XUk0p/3E4PPA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-12-01T23:39:07Z",
-		"mac": "ENC[AES256_GCM,data:WEVxtO3Y7YI/COpOvvadujDYV66MtcKKujiE9P5mrDqqdjG8p2fLwhSNJHVJUwPyV8xAIIxCTqIA3bKmVKJ7vRCn2GQo5tRsWljNVU6g44LcXcX5wSeIgExyvUNjBppLbWsjstvfuJatAZwqDBN7eP/Ntu0R7p3wlr4IddDe/t0=,iv:es5N9A7ypxtNB9wPYT9uumwpLZg7wT/gesO5Q6njtxA=,tag:kgxsF5ZiYvM0wHDq6C19PA==,type:str]",
+		"lastmodified": "2025-11-12T21:23:26Z",
+		"mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2025-11-23T20:29:17Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cXb4LCSFl87V234GULIunsSJFGmzu1fp/lwq4I9UShKy\nb0GHhheX+z+0U1+L4Qk4SeE408A4su52sRJJ3EN63+eq0+FPFxoxQH0NtfTSQcWa\nn9/sXnP8hrjnm6r64lAFd3B0HQQE/l0kqDrvU+UYAKfwomxpbdenoqQbinqX5Qgm\nY1Yqz8jIIxU064S4iiwTkLzqUi8SCPa1MCGQi9HEPxUHoVeuquNEQcs0HB34XW8Z\nxLUWSsUdpjb8NM73WArpml8XG9bHmdG0xxX1mZwK+uA552t1WDVqX9QHClGmQTdl\nPM21S8chJI1W77EjCsV6QfSicICU3RbvLSfLU0WoZ394VmZmxTGGoofpESdLVd4F\nU5ZLR2t7iXy0jb/TEeZfTGD2PPrt+hSWt5K3PIQnAb7fvLg/9fiG1LOeQlW+SZKD\nlojaMn01Dg6Rfex2qsXNrKfi/qmA3tpjeN8pIBpCg6EPlCFUzp7/cueTF9Xj/Tqk\nL+IOOFTKLECr/lQepz6rS1XRHrJtWSyksd3rt03s2Q5UqLdoiUZAYXgJAWntNMKL\nU65rKQdJZXtp99oDG+YVp9F2ZCogZN/Ac5+sUTmke66xku6dh5Qqe9MpYtAhPmQO\najMZiAeIaoaYwc8vFMGvNbJH2pmJaFrW9v4MELkTmi0EjZEPgPWCOIgUkEtKanOF\nAgwDC9FRLmchgYQBD/9eJUINu1YEtZZI8iNujEBNMlgmKjl4nVAwB3sviKvByWgx\nXxN4xptU+6gHpAeyRxwvWLhv/xGkHWAUJHkMsqMKYyXQQPAC9x4l1pq67AsNpMu7\nWcec+B8n+X3gwnmLes5H0fvdJ+gCMR32JL1PRnLnkTjeSX/JBFRG9tPZ09k0YvTw\n4ebwpYxlimxXZGR0DDRh3Jls9+YqgBzMb4EOo64SyzD1ZWUjP9addRpj4A5UpSRN\nFscy54sG1CMRzLyXYJb6AgDLVysfMq0Fgg2AgvaadmoKh82/Knf42C1K9DPqakQl\nmLyzXprvUR8mlBpWwZ5b/XIC6DuhiCz0g7dYX4XPeUxvah7PkRp3cmdWsJDCgq8V\nbwQg4Dm+k+8BZIZwRC4+3gLchhm9Jq/KtJ7iWqeVb+YQ/v+/712BiEJSANofqMQy\nmkHVksp8E/PFU9KYhG5lkQu88zVmnimfWFO7UKfIJGBBzgt0vicrSKjHPkgbb88R\nG9diNPOuXpCJJVecE5p0BEfizfDWnV7JSm9s7GNdTqglQx2KkLYJ1mijWuF1OIf/\nl1cdN8IFRI/glXC53+Wfj6D5B+lhdT1D3DG9MVGxeEyhQCDdnF7+Zy1jyDsrOpDv\naCq0MqXoa+FrtEBwlke2Dukf4RHtyBWsAg94dJuHVV0STnJbB+2T7uDDvVikvtJc\nAQw36Ni1lDO239BV5VYMDiNR7zzcLRHV+hXjlGqo4f+UbTy4jXxgQwS0z4lGn5XY\n1AKcAoNYxjuuGhgoM5Gw1ch02QFFzXWD/Bva5dLEMO/1Kqre/LM6+iUhKd0=\n=bZ7p\n-----END PGP MESSAGE-----",
+				"created_at": "2025-06-13T20:13:06Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAmZXyxrBEhacTQUwv9FVbGqeRHWUXrpJRybOA8pufPNnx\nLiwPK9op9HhMqfJ8uirmtsUhDg3lPCQRmnCMHpJt2Uy71SVomp9zkAQTRDFOp22E\n1SAAGEF1q4AP4YdM05iJcsxjQi7+2mufwrxxVdND+qjj4xbop5rFL2PNZUhJeCEz\nfFBdu8bL+IfHASN6xJDtgxat0shh2+hYebdDriu7JmlfvLtsTHRzsWJqNPQ45/+N\ni7LQTgkDDfCm+IDJ4sG5dJDovLCzgwiYtmRjaoRQFYGOEgPAoUcDQSYfHoCGCQ7a\naALczQHIZ4ant2kfQxcpM3nYXpCmBm+gu+VzggLMGpgYeajiquXszdLbqhHs7KqM\nsBSWpDyhNgAzr1+5nBkpkRmZTeelZQkFKukNLx9Xa0DJTTsDsnVB2AsFixqDrDnf\nb768FvRWtJgKQ/igY5sItD5qUA/mHpE/eXn8EhTdrGoFvTIxjzWuxQ+l+bHbUwqk\nHj3rJFPp1jJQshqToa/J1cASli9kOarh8+nl3/b+dfhiQ0ttpoE9W95LTsYprPfI\nMG9chQ5rOBO0Z/dQSuB33c5wrKm76dqNJG+zJht8bZxQw9lS8Ish86dZkdf8GVWP\nxPHx8A7RfLoMKI4huBXJ9uLtr1CJ9odzjTiH1zQZmpaU8ZeVvKpgjiSxM1L5OqqF\nAgwDC9FRLmchgYQBD/99rzXeVRHewJGRjIQ3tH79rmSA0teEPH42P4BJmYbStgVB\n+v0fuJ4GgPMcYDFlK2xcn2W78PU+/hgmfXwuIMkXCFv+SCKB+tgulIFmvOTrsyUl\nTQdzRisnLt+wc5+Sv6vSeOwRAwYlLrFfBBf2gtyxNDS64xelpILKCvWkLXEbI77p\nUdHRAZFesZgVv1jYVDQekHSFg4wPouWlqf28Btj5FsrDlr6/urLc5LOZEbUrXVj+\nZ61oNdC867xUyMQng/Scco58ysUWVlNDkR5mI9Utop1PPkzEMEsS5wPqw3oVlTsT\n3SqxUNAivZUakENbk6kKQmzLDwZ4ZduNJOwvopOoYHme5eC3yVjj7JpGSYmL2CsS\nHmByP1I8bCYibLOeNKiNLZ8uTdNunYuwNW3xnqOcwbPjtTlf0crfDQPB5HkYqs+F\nJw5p+UUP51Ls35MFfLf1zwiIE1WbkX3//BFTdhCgdPdXP+OZmhnDoP2VR7b0JdRx\n7IHvEDmw35s02XBDWS1fY5rJDcnaUOoyjM1EACIR3ArIuAeJr5CtzXxM3+pt4e4O\noEC1t8C7/W5DOLGgeki1lXipGHg2yZH5RSf66DjUNta1rIH4VsA5PoOShEy9dWCF\nWR018lWIFfpiRYAD3KQ2SvjuSAs8zSZW9QlXN2t1J9BM82etvR8bObhKIJE3Q9Jc\nARN4GVV0kpVwHH/kmXeoi+WcwfUVCuWQXH47Wf++UzzTJnBFUc2uQeWGQZLyb+qF\nfLb3MJwImA68QUz54a3YDaNsm1J6x4swR5bcRkUMsdozzSDInz5i0NsZrE0=\n=CQXY\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/secrets/stoicclub/secrets.yaml b/secrets/stoicclub/secrets.yaml
deleted file mode 100644
index 0f27848..0000000
--- a/secrets/stoicclub/secrets.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-tsig-key: ENC[AES256_GCM,data:E6fpwErUUmyLbtSyCItzLxvrUfq2UPV//5u1VxnMMn5+TWj/PMuwjvmClEQ=,iv:KJrXIgWMMcs7riIPotAK+Qtj94o/sGKrgi7sOxVs1rU=,tag:YAyz9tEf4vC2LnJV56DMpw==,type:str]
-sops:
-    age:
-        - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMREU0eVFEbnRaVEJlRG5L
-            QjhVQ2F2WHZFaXJOM2hsOTBPMTQ2ditVMXpVClA5bndRc1YzV29NUEorSFNDNUxE
-            eEFwMnJoMHhMbDJtY0J2UnNIME1DRVEKLS0tIHN1dVNLWGRvbTRsWE1rT3c5aS96
-            VXBRUEc0eDlQOXg5YlNJSmhDL0ZiUW8KvzVC0PMvMRjBaAS9WhpYvsWc34coUupY
-            aoF/zkgPmPWj6SY1vURpgUHC5FHolHL3DYQS/SQxdOXSrXIDxlIJyQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T15:48:32Z"
-    mac: ENC[AES256_GCM,data:Rd9MTRKzK4AaqzPBsxztoY10pECecWjHZlQAtbQdzzdLVe2TL8hIjH8TlJ8Pju9nmS5gvb/gB2CoaQZcxJsOvYsEYVg27+B2/ITGHslkbK7ngVd8ARNYITbx/eGp9D6VIYIzPBqcz1TkNvtPIuBLZzjCnxrvhA4gX93ZEEAUknM=,iv:Lrhi7Zj2IqC1ApsRT0IwmhJHaHf3dopvi7/4etVOBuQ=,tag:fSTaLrVhJd9A87PsPV+z1A==,type:str]
-    pgp:
-        - created_at: "2025-11-28T00:26:23Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAwDh3VI7VctTARAAhPx3hRyNLnIXwbGsjD6lAwhdqhe1yfJikB3+kWa+vaKC
-            /WOu22h0HB8cQwzeU6+LKeieuy70fEMcE2EHh8HjTuAIoi6kCDFjXA37pEtyIKaJ
-            9uAc7EBNPOcv2TzFEnHjJXlMIRX1M4RegiZpOiZbkVkJeC7lJSe1mQhvHEqw3wmT
-            7ye3ohDvHB7y2W040AD5wymntNOO3BSxQJEVPaKo7sLmbkUSPXRCBj7H715dHyFe
-            jf6nWbAElfUVM9oSK/TiYZwVcZv4/LbexAivRrlkFmnPpQMTrTeafS8r0sUtOoDn
-            8YKuBu0JQMVFJpLA0hUrH/MIkEalbgv3DWsC5DoEEni5oQY3vC/bd0nM7P0hETop
-            wGFoBHM/kvGK8AnhcRmWy1fj15/TNrzF4uXn1Xr2tOLFrlLTor3JKCqIYTBWUIAl
-            Ve98SrZcvEdZKRqQiRyAXueJ1S4R60pCtTp6AtKxc7RyJuw6YM3VD3jcKBeIWf2l
-            UZr8yKfu24Rhy1WAe8+HT/LBzkB6/RKacBtJZVd0Ffnp8Cjaid3BJN3OQTLSSRCc
-            /t037ctWN/nSC8M/P6F/ZbSN4xEHRxT75c/qGpSBaMJgtwlD0wNIBCS9McuYD8p6
-            e74KFlmm4901fytpHJvrdeQl6IAJCPV80540z3N78cdSxfTOF4Qj4/Dr4Flcp4CF
-            AgwDC9FRLmchgYQBD/4vX3zwM6MDpwW7+zeKrAgXYsHjIj2TYz8EIJ+bIH5/sUPn
-            F+o8kZyVjAc/c4AnKcCyWz1aYR47p9iHnk7Tf3mh8+MzZ4LCkuZjKmYjlfExd3RI
-            J0upRtTak4M/k2nxfVnosYwwFJhUnJpBlIt9DIU1AcDshAHnAOOeysIsfV7ahNQB
-            iYMvk196d+2HGdIPFPIG5tgJOFqamY3TtHrPmFx5SSj1ep4V2IMPqDudZDoyMscn
-            /8dYZCgnSFBDTFY/X8ngftxaXsdyRE/0QJFjG+c2M6G5gkccfpxkNU0toAwz3m9p
-            hS3s2YYkrMem/VdkqEvGW3cHnmM3ZHAttrfO49z91nmRaWDMm2ocl4CNoAsiEmc9
-            /pQN9spgQGonDLM/yMpiuHEZNT8Pv+1YDS7kN2FlHuodsTazAi2ZoMDOrvHQhXkG
-            9mS8fgVIJncthfxwbswjz77OZo/zyF41WgYzet9Lr8g7RDegmA+nPeFIJ+EVDKXH
-            o+KMJVbRrCiGnSvcVtBXQtvhcuJLe/LWvXbnsAo18+HPqA1PyaJtuMgc3dihuddV
-            KXGtDIpiy7UFw5o2w7Plqs2T+N0wQI2MTEkKS/TdWVO5zTMoI1uPE+b5H7z56Cnj
-            Xa65aUphUxxLMN9rbVXBSfhTyZCFM+nj7fY9pFmoUgfhKSZ83j3w5XlVL6bz9tJR
-            AUc8r4d6z59EE5vsIuImiM7/jsSudYewau2wnMuli3FmYISiR6kU+bRBmm0nF6Q/
-            Kqt5nLxrcGKz2ivRxU6Hxc9D4gRaekoTkeP5J0Cr0IYt
-            =D/qK
-            -----END PGP MESSAGE-----
-          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/secrets/twothreetunnel/secrets.yaml b/secrets/twothreetunnel/secrets.yaml
deleted file mode 100644
index c232a83..0000000
--- a/secrets/twothreetunnel/secrets.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-#ENC[AES256_GCM,data:Zj552Ho=,iv:uOiDvsLPsT3D6A1SLgDl8jbAyz5bK8s1h7mIc6WT10k=,tag:rTD510uyO65F/qcD/UTUpw==,type:comment]
-#ENC[AES256_GCM,data:a8v9FPS8GcZOyREs74GhUpnAZlYF9Q9lRU3ZdsYERajtDiGncywKPLE61PlnH8o/h+QkkWjpsjy+,iv:Ck+7CaYym5fT4uy44b8yLw+b1FDvvjxrxql3ed+B2as=,tag:sb7vA0tVe1G+TDcJLhQ66g==,type:comment]
-acme-dns-token: ENC[AES256_GCM,data:9AvuFB/nYm2H6JK+pKY0wD658dHGZyV9w8B/+PeTKb5PkFJGlqdz0A==,iv:DeH3sRv9hCzhy38jnXVeGlAbUeXWOwf2avdINWuhJb8=,tag:jXjmtG+uoTonlXSSKLkY3g==,type:str]
-#ENC[AES256_GCM,data:/+idD/eetpnX,iv:NNXMyIt6uUfT3JVU9g39xjUL71cw5UVmESKVIf54tqc=,tag:pz+D3tUk0gWTfAirJGhlkw==,type:comment]
-wireguard-private-key: ENC[AES256_GCM,data:7cSHZL3c1P2oPPOX+HLFCDSg9gcWmdHY8LLb8kBVaRMsvRCk7gx/b2H6+Xg=,iv:YNKe76UGywvChY46X52nunFFHj3c4qJJVQRcU7bkRY0=,tag:uR4UZbtXSm6ywlVOZ4wQIg==,type:str]
-wireguard-home-preshared-key: ENC[AES256_GCM,data:YeTvFuNDs7Yb9pvzcb/tHyYeQrVJGpvKzr0l1F+4ch6F1rTpk5ad37bi9kc=,iv:bI+KSgSwbanPjKi0zV38zhXamCo6Lnu9z0PhvA1n82U=,tag:4m7rJ5K0RSkU/dGm1bRInA==,type:str]
-#ENC[AES256_GCM,data:IpoTYZX4KGjPA+hZ,iv:Hd1V9//M1f/10HQ7ZEEA9ZtuO8EBtY1kn3n28krYxpg=,tag:We6WirbRgSH1qOjC4g7spg==,type:comment]
-oauth2-cookie-secret: ENC[AES256_GCM,data:ZN44Kdai0hUgx0GduynlyMHDnZpdnp1SPAGEaNaNFHGMhM9Q5HPzotiNXQM=,iv:vsYhWriY5G4KLiJ12MLm26B7aBzCL5GAr+S15klH4Bc=,tag:t+MsS0Wgo5papvoeK1nk+g==,type:str]
-kanidm-oauth2-proxy-client: ENC[AES256_GCM,data:a90dn//LD6tvDYGSNT2neorQRfo0puo7GA==,iv:a/R6xlwGdrwJNc7qBoo0Zmlh7GkZ1+uU+RzOxRE+okc=,tag:3WpAVThFLXZFsCIl5xM0IQ==,type:str]
-sops:
-    age:
-        - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcDZzcEJTNE94amhZSEZk
-            Wlhkc0dXY0d5Y2Myd21YYURORlRnMDRlYTBzCkZ1UEhzSzdTZjJENzAvOHJBVFRH
-            MDBMb3VmTGhnUXhRRnpYS3p5NE5HYnMKLS0tIHpROEhpeDZQYUNJMkExTDBsNUh3
-            NmVFamgzKzRlV2oxS0x0UCsrc240eEEKByZ5WYf+QO8T43VLfO2ym4x7TQltS1nS
-            ckgZLorWZBWQg2vAwQktxQ0WTcjhM6tktZ7zgCIzKBLbQXtSt7VG9Q==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-01T22:42:29Z"
-    mac: ENC[AES256_GCM,data:CTOMF/JUbJjKrO/WCaNqCgNVv/XuBGu5nD7ssRplhg7Fmfpqyg6+qQylZcVO4XXQPvpXsA7VfnACe0irflx2Rh/5eULLfaL6eSVnr15CmwTxxnJatMtvnn1V6tGDX7Fs2s3xdEM0G7Zu022A7WWgibiiVzv/tH09znKuxpNIdio=,iv:iYgbJLaOM3JZK1BGV8fVsq5wrh+7hpQwUdXBbsTQEj8=,tag:cPQdmBkZ+DAlQ3xAQts6BA==,type:str]
-    pgp:
-        - created_at: "2025-12-01T23:06:35Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAwDh3VI7VctTAQ/+O2d2BMDS3DVPfUHLD69K6VsdewczQkPoskMrS5JeQn0R
-            gDhR318J311UMClomIIrgDlbleoKS9tdC1rM3DoCaGFq4MyydK4MLy0+6wme1n3a
-            ZyOsQ1jSpdgkWUfbalbxL9/cWtQBwfahXve39L+ocqb34KT8jeLcRNZWORWAst7X
-            a6fHFp4gZrTnOjn26TJc7dJxYGWQIWk3WBYpzC8kpqkMaIemIy0FHaObNYy3DvM0
-            Z++AYqmwEYiz+tG1bVRUZ1ck/z8kR+Zv1Wg0uVM5Jmg6rArrz75xSS297euPZhO3
-            bQwEdJ2rcrdaz5LHC6zgsDrVz5LsfoTxilOwIgsqSGqOBIGAN6XttZXjjul6MVyE
-            XBlHqqrCVlLl+OCumWC0U6vr/bcGV6CaMJPE80Rh//wThtvyKVFRQey8EmJH7IGx
-            vHtfOaOScJc0sCCyXOx4HBeeGAYq0ogSRTlgK6Z+kXx/MkYRHiw6Vdrw0anmFF08
-            7lYB4SPafnEB4m2IPz1390ZSDXWGT5QmrhpnajuILIIcWwe0mNPfDbLQWF6CZALB
-            UJs0XvM/gfXhnqVnkayTXc9IrIHkLoKwyMh1g+st+d0fAYaUD2Wd9BI+zi22m4iR
-            J7Mw0bMBciO4MRIZEEFsCvuv4UzFjQ4mO9ib6LXI7y51sIJuYPkq3lllkntFdCuF
-            AgwDC9FRLmchgYQBD/9F+tb1K7aKNq73pk2YTmzH+WR2Dr3+MxNgnQlnIJMxdoTi
-            QE3C9U9UaO5ngdHbnG3ruBQKjGhLI8meFMTJatPwuOFcHPN+I3lEO+PkHGH0VkGQ
-            A1xkeFizc5l0tfTD9JpatOwaKKr1b4cERZP5hSTZ3MJsRJsykySKmLLpfmC1pZ7L
-            OWLdJ740YEPXXw76seRgZ66tKou1lADRBXAfHxmlj7yrt/MB2xg0FfPw6/i1HTlV
-            kwyobNlNO6whpgHjX16Qfcuj5YMRSDmyb+Ol5dheiA+DvoowhkijCGv04Mye10RI
-            bvjcmhVA+2lNP3tzF2duyIQi4nPDhQLcBs8djH8flKWDZOuz9Jt1QDTb4h6iJzfK
-            RkfU9j7/GjDiiksOdC0/yYgn90dGdPBI/iR890Uyuav/nwzF9Kz9aHQGPhCbwfRZ
-            gN7f3zyt9XPw7Qdyf5+zvaarg5xf8i3q6vhYZSGpOGC/ZrRdJcNfo5Sw4gVzrTOD
-            M9IGoeoyWkCHrjKPjYf8fVW8dDgMsddaT/ub8jh9OcM5YA6mrbeAGyf135mOurLd
-            PCsu/tNAA1GLImgc/MYplkPsOfC0+7fJ9gCSirXyRgT6Eir1VJLL7wE0zrPYfqdX
-            NOXYKdHQxfhtk33XlnxNJ73cJVGtBXy3B2kkM2DBHxY2Zj8ysO48zSri280RVdJc
-            ARILzsczZMXmJVYuR/r103j+doR/kMVEeH+gwhTSyj3yOgP06Ychawx4m8QrjF93
-            FfpVVia8JmpXAymJ93fO1HCzpQgZwX+BuhjfGcUoa3kr+lJjzU4571CCI84=
-            =lNG0
-            -----END PGP MESSAGE-----
-          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/secrets/winters/secrets.yaml b/secrets/winters/secrets.yaml
index a418558..9c3883a 100644
--- a/secrets/winters/secrets.yaml
+++ b/secrets/winters/secrets.yaml
@@ -7,7 +7,7 @@ mautrix-telegram-hs-token: ENC[AES256_GCM,data:bsuGGKASj65MkSri1MbZDEppRlr5qXzdR
 mautrix-telegram-api-id: ENC[AES256_GCM,data:GLaYJupsuA==,iv:EZ7i3jregI2puUAQbbkUK7OWA9Dnk0GdXRQuF/crD0Y=,tag:FL86Xji+YEkBPIm7m6sStw==,type:str]
 mautrix-telegram-api-hash: ENC[AES256_GCM,data:vikwgZLPV7YBdKlzf8+LEUnNIMx950CfBMGXKOga2cs=,iv:16+qS4L1LEKyWQKC2+a9l4OugWLJou2I2t9oRfKjS24=,tag:zhjD2dyGkqfMQlAt/LTCzw==,type:str]
 #ENC[AES256_GCM,data:3ZJfIpB7,iv:bS0q1SvUfAX8s6/R1z9IWoJ1vIitIDc2lGZUjS6P+Ao=,tag:Hc1HVrtkT6gNceN87PF/YA==,type:comment]
-acme-dns-token: ENC[AES256_GCM,data:uSgEI33Pz8IsJMqtgNO5Q/HW1dRLMeGmXtJJNrbQ+PNVnAiTTRyS6Q==,iv:5ubDxwyDgEHxK/h50p2HK6S1+2TdfTUFH3yGv7/zcH4=,tag:P3b2b/h86TlgksjXB8Uccg==,type:str]
+acme-dns-token: ENC[AES256_GCM,data:QyOHnPFiNiOXBK41pr6XfG9KCWRysTxzW4cjuUesbGdFOOFi8W4lCQ==,iv:Iuc77X4t5V1xFPu2F1njo93l4oaciou7UfOLBm18gaM=,tag:+40ELYAGxaQfwiTKPPwI4w==,type:str]
 #ENC[AES256_GCM,data:ZbWnE+gcmtR47A==,iv:a/WxLMGb2Y+lenUfUk8c73o/QUB6ImBVRUkHQjfWoq8=,tag:7FHXVb7qBGSXv3oO5f2M1w==,type:comment]
 paperless-admin-pw: ENC[AES256_GCM,data:8s2WunvnlL0xE8XNN1Re6/9nBAM57AgM9g==,iv:Pol+RjNMKpNYCQWY0BZamRnob+MO/e/14jc8uArtDz4=,tag:FXRrlhR3DpZ+7lSlXb7wsw==,type:str]
 kanidm-paperless-client: ENC[AES256_GCM,data:1lpf9LzAZeAe0ZJiXPE6KRDZxhi24CQmoA==,iv:eZKA/2JJzojPDJc/I8V4tw9tA7zK9Y7wrpgLww7sigg=,tag:YjlH+hHdzJHqMBdkxTZVwQ==,type:str]
@@ -58,8 +58,8 @@ sops:
             MEZ1UWw3alF1WnJZMFZvMFBpbDFJZlUKGRnoEEgjgJ9SSblmldtY6d8MdAy01yxl
             qkvEIoXbL+ky2ira7EgjD0legThzCnmlXUlcSn3SpwbkAGgcfd2kWA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T17:45:19Z"
-    mac: ENC[AES256_GCM,data:lIdIP+Js+FzjJCoClGxqP1epl5fVkPzfJmOVauFNlXKRxx90/E3478oQHi/KbP7eFgPoy+0hAbMwnBmo/1tOKb2ky80/6IMEkbftiO7YZqy8opbSbCtj6ypOOwwPf5rgtXHn0LV+EtDQZzIBY6GhcERO6IQpFRAXeIkSGcpM3TE=,iv:sphhFBg1xgupLGQzRovea0wvsTolzfW/z+gjj9CyklM=,tag:bdo9FlPPYKdl87lsBsiEsQ==,type:str]
+    lastmodified: "2025-07-09T20:28:09Z"
+    mac: ENC[AES256_GCM,data:tLAljNEDR4Ab27OXVJhvDuGmfuxE/L9KSFsJGDo25Vs3P56/HnjrI77y+ytLuf2sK/OHup7jXnlwBWUDAfNWIQzUdjIBtr/OiggkPHgWhr4rH55ayLM1IfZU1ex6MPvliz2yi0nU6jqHXoSlBCqu+hdfyTQri1EmZ9Bh811YDqs=,iv:4VmwBcmQIjQ16mwxYjgud3OUjQE0rH0wN72sAXXs3to=,tag:OQNYvxLZg+0hapvUYsexuA==,type:str]
     pgp:
         - created_at: "2024-12-17T16:24:32Z"
           enc: |-
@@ -93,4 +93,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.2