diff --git a/SwarselSystems.org b/SwarselSystems.org index f51ce25..bf3e8f8 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1702,10 +1702,6 @@ A short overview over each input and what it does: This input per default provides a simple output =topologyPrivate = false;=. This is the value that is normally used in the config. When I export my setup to a topology diagram, there are some public IPs and domains that I want to obfuscate. When doing that, I can then override this input. - [[https://github.com/noctalia-dev/noctalia-shell][noctalia]] A flake that provides options for the desktop shell =noctalia-shell=. -- [[https://github.com/Swarsel/niritiling][niritiling]] - A flake that provides window tiling for niri -- [[https://github.com/Swarsel/noctoggle][noctoggle]] - A flake that toggles the noctalia-shell bar when Super is pressed #+begin_src nix :noweb yes :tangle flake.nix { @@ -1738,9 +1734,7 @@ A short overview over each input and what it does: smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; - nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy"; - # nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version - nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version + nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; @@ -1782,8 +1776,7 @@ A short overview over each input and what it does: systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; - # stylix.url = "github:danth/stylix"; - stylix.url = "github:Swarsel/stylix"; + stylix.url = "github:danth/stylix"; sops.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; @@ -1800,7 +1793,6 @@ A short overview over each input and what it does: flake-parts.url = "github:hercules-ci/flake-parts"; devshell.url = "github:numtide/devshell"; spicetify-nix.url = "github:Gerg-l/spicetify-nix"; - # spicetify-nix.url = "github:Swarsel/spicetify-nix"; niri-flake.url = "github:sodiboo/niri-flake"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; microvm.url = "github:astro/microvm.nix"; @@ -1809,8 +1801,6 @@ A short overview over each input and what it does: simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; pia.url = "github:Swarsel/pia.nix/custom"; - niritiling.url = "github:Swarsel/niritiling"; - noctoggle.url = "git+ssh://git@github.com/Swarsel/noctoggle.git?ref=main"; }; outputs = @@ -2037,11 +2027,7 @@ Concerning the =flake = _:= part: pkgsFor = lib.genAttrs (import systems) (system: import inputs.nixpkgs { inherit system; - overlays = [ - self.overlays.default - self.overlays.stables - self.overlays.modifications - ]; + overlays = [ self.overlays.default ]; config.allowUnfree = true; } ); @@ -2148,8 +2134,6 @@ More information on the actual packages build can be found in [[#h:64a5cc16-6b16 }; overlays = [ self.overlays.default - self.overlays.stables - self.overlays.modifications ]; }; inherit pkgs; @@ -2319,8 +2303,6 @@ The rest of the functions are used to build full NixOS systems as well as halfCo inputs.swarsel-nix.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default inputs.pia.nixosModules.default - inputs.niritiling.nixosModules.default - inputs.noctoggle.nixosModules.default (inputs.nixos-extra-modules + "/modules/guests") (inputs.nixos-extra-modules + "/modules/interface-naming.nix") "${self}/hosts/nixos/${arch}/${configName}" @@ -3155,37 +3137,27 @@ This defines some apps; they differ from normal packages in that they can be cal }; } #+end_src -** Overlays/Overrides +** Overlays :PROPERTIES: :CUSTOM_ID: h:7a059bd9-13f8-4005-b270-b41eeb6a4af2 :END: -In this section I define packages that I manually add to nixpkgs, or that I want to use in a modified way. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. This is done in a three step process. +In this section I define packages that I manually add to nixpkgs, or that I want to use in a modified way. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. -The first overlay stage is responsible for extending the base nixpkgs: +As such, I also define three additional local overlays: 1) =additions= These are for the aforementioned added packages. NOTE: The packages themselves are built in [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]]; here, we just add them to the overlay that we then use in the configuration. -2) =nixpkgs-stable-versions= - These are simply mirrors of other branches of nixpkgs (mostly past stable branches). Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways. Automatically fetches all inputs names =nixpkgs-= and adds them under the name in ==. They will be available under =pkgs.=. - -The second stage of overlays is responsible to replace packages in nixpkgs with stable versions. The benefit here is that I have a central place (this part of the config) where I can declare what needs to be stable - broken packages tend to be enduser packages, as packages with huge dependency chains will normally be caught earlier upstream if there is a failure (see [[#h:b562adaf-536c-4267-88a5-026d8a0cda61][Current issues]]). In effect, that means I can override package =xyz= right here, and then use =pkgs.xyz= in the rest of the config, whereas I would need to use =pkgs..xyz= if I were to only use =nixpkgs-stable-versions= from the first stage. - -Note that packages with bigger dependencies should NOT be added here. Such as: - -- chromium -- bluez -- pipewire - -As doing so will trigger enormous rebuilds of e.g. =electron=. - -The third stage takes care of further modifications that should be performed to the packages after they have been overridden in stages 1 and 2: These modifications are for packages that do not fit my usecase, meaning I need to perform modifications on them. +2) =modification= + These are for packages that are on nixpkgs, but do not fit my usecase, meaning I need to perform modifications on them. +3) =nixpkgs-stable-versions= + These are simply mirrors of other branches of nixpkgs (mostly past stable branches). Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways. Automatically fetches all inputs names =nixpkgs-= and adds them under the name in ==. As part of the modifications, I add some of my own library functions to be used alongside the functions provided by =nixpkgs= and =home-manager=. On the structure of overlays: as you notice, all of the attributes within overlays are functions which take =final= and =prev= as arguments. This is a convention (sometimes you also see =super= instead of =final=) that aims to tell you that =final= represents the =pkgs= set after it has gone over all modifications, while =prev= is the =pkgs= set before the current modification. - - So, in =additions=, the =final= set is the same as in =modifications=, but their =prev= sets differ. + - So, in =additions=, the =final= set is the same as in =modifications=, but their =prev= sets might differ (in this case, I believe they will be the same since all modifications are done at the same step). - This starts to make a difference when you use multiple overlays and have one overlay depend on the modifications in another overlay. - The =_= argument is used like in a number of other programing languages and signals that the argument is never actually used in the function. @@ -3196,164 +3168,99 @@ On the structure of overlays: as you notice, all of the attributes within overla inherit (self) outputs; inherit (outputs) lib; in - { - flake = _: + { + flake = _: { - overlays = let - nixpkgs-stable-versions = final: _: - let - nixpkgsInputs = - lib.filterAttrs - (name: _v: builtins.match "^nixpkgs-.*" name != null) - inputs; - - rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name; - - mkPkgs = src: - import src { - inherit (final.stdenv.hostPlatform) system; - config.allowUnfree = true; - }; - in - builtins.listToAttrs (map - (name: { - name = rename name; - value = mkPkgs nixpkgsInputs.${name}; - }) - (builtins.attrNames nixpkgsInputs)); - - in rec { - default = additions; - additions = final: prev: - let - additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } + overlays = { + default = final: prev: + let + additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } // { - swarsel-nix = import inputs.swarsel-nix { - pkgs = prev; - }; - zjstatus = inputs.zjstatus.packages.${prev.stdenv.hostPlatform.system}.default; + swarsel-nix = import inputs.swarsel-nix { + pkgs = prev; + }; + zjstatus = inputs.zjstatus.packages.${prev.system}.default; + }; + + modifications = final: prev: { + # vesktop = prev.vesktop.override { + # withSystemVencord = true; + # }; + + lib = prev.lib // { + swarselsystems = self.outputs.swarselsystemsLib; + hm = self.outputs.homeLib; }; - in - (additions final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.noctalia.overlays.default final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nix-index-database.overlays.nix-index final prev) - // (inputs.nixgl.overlay final prev) - // (inputs.nix-minecraft.overlay final prev) - // (inputs.nixos-extra-modules.overlays.default final prev); + firefox = prev.firefox.override { + nativeMessagingHosts = [ + prev.tridactyl-native + prev.browserpass + # prev.plasma5Packages.plasma-browser-integration + ]; + }; + isync = prev.isync.override { + withCyrusSaslXoauth2 = true; + }; - stables = final: prev: - let - mkUsePkgsFrom = pkgsFrom: names: - builtins.listToAttrs (map - (name: { - inherit name; - value = pkgsFrom.${name}; - }) - names); + mgba = final.swarsel-mgba; - from = let - stablePackages = nixpkgs-stable-versions final prev; - in key: - stablePackages.${key} or (throw "Missing nixpkgs input nixpkgs-${key}"); + retroarch = prev.retroarch.withCores (cores: with cores; [ + snes9x # snes + nestopia # nes + dosbox # dos + scummvm # scumm + vba-m # gb/a + mgba # gb/a + melonds # ds + dolphin # gc/wii + ]); - in - (mkUsePkgsFrom (from "dev") [ - # "swayosd" - "firezone-relay" - "firezone-server-web" - "firezone-server-api" - "firezone-server-domain" - ]) - // (mkUsePkgsFrom (from "stable24_05") [ - "awscli2" - ]) - // (mkUsePkgsFrom (from "stable24_11") [ - "python39" - "spotify" - "vieb" - ]) - // (mkUsePkgsFrom (from "stable25_05") [ - "steam-fhsenv-without-steam" - "transmission_3" - ]) - // (mkUsePkgsFrom (from "stable") [ - # "anki" - "azure-cli" - # "bat-extras.batgrep" - # "bluez" - "calibre" - # "chromium" - "dwarfs" - "gotenberg" - "khal" - "libreoffice" - "libreoffice-qt" - "nerd-fonts-symbols-only" - "noto-fonts" - "noto-fonts-cjk-sans" - "noto-fonts-color-emoji" - # "pipewire" - "podman" - "teams-for-linux" - # "vesktop" - "virtualbox" - ]); - - modifications = final: prev: - let - modifications = final: prev: { - # vesktop = prev.vesktop.override { - # withSystemVencord = true; - # }; - - lib = prev.lib // { - swarselsystems = self.outputs.swarselsystemsLib; - hm = self.outputs.homeLib; }; - firefox = prev.firefox.override { - nativeMessagingHosts = [ - prev.tridactyl-native - prev.browserpass - # prev.plasma5Packages.plasma-browser-integration - ]; - }; + nixpkgs-stable-versions = final: _: + let + nixpkgsInputs = + lib.filterAttrs + (name: _v: builtins.match "^nixpkgs-.*" name != null) + inputs; - isync = prev.isync.override { - withCyrusSaslXoauth2 = true; - }; + rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name; - mgba = final.swarsel-mgba; + mkPkgs = src: + import src { + inherit (final) system; + config.allowUnfree = true; + }; + in + builtins.listToAttrs (map + (name: { + name = rename name; + value = mkPkgs nixpkgsInputs.${name}; + }) + (builtins.attrNames nixpkgsInputs)); - noctalia-shell = prev.noctalia-shell.override { - calendarSupport = true; - }; - - retroarch = prev.retroarch.withCores (cores: with cores; [ - snes9x # snes - nestopia # nes - dosbox # dos - scummvm # scumm - vba-m # gb/a - mgba # gb/a - melonds # ds - dolphin # gc/wii - ]); - - }; - in - modifications final prev; + in + lib.recursiveUpdate + ( + (additions final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.noctalia.overlays.default final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nix-index-database.overlays.nix-index final prev) + // (inputs.nixgl.overlay final prev) + // (inputs.nix-minecraft.overlay final prev) + // (inputs.nixos-extra-modules.overlays.default final prev) + ) + (modifications final prev); }; }; - } + } #+end_src ** Installer images (iso, kexec) :PROPERTIES: @@ -3374,7 +3281,7 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat packages = { # nix build --print-out-paths --no-link .#live-iso live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs system; + inherit pkgs; specialArgs = { inherit self; }; modules = [ inputs.home-manager.nixosModules.home-manager @@ -3433,7 +3340,7 @@ Hence, what I instead do is to define another output =nixosConfigurationsMinimal :CUSTOM_ID: h:02cd20be-1ffa-4904-9d5a-da5a89ba1421 :END: -This section holds most of the relevant NixOS side of configuration. +This holds most of the NixOS side of configuration. ** Manual steps when setting up a new machine :PROPERTIES: @@ -3520,17 +3427,6 @@ In order to keep track of these changes, I gather them here in a similar style t #+begin_export html Currently, these adaptions are made to the configuration to account for bugs in upstream repos: -- 20260302: - - navidrome is having build issues and set to stable - - noto-fonts is having build issues and set to stable - - libreoffice-* is having build issues and set to stable - - also need to set services.gotenberg.libreoffice.package to stable -- 20260224: - - azure-cli is having build issues and set to stable - - dwarfs is having build issues and set to stable - - shortkeys is having build issues and disabled - - anki is having build issues and set to stable - - khal is having build issues and set to stable - 202501102: - flake: - emacs-overlay: @@ -3779,7 +3675,7 @@ This is a list of all physical machines that I maintain. :CUSTOM_ID: h:6c6e9261-dfa1-42d8-ab2a-8b7c227be6d9 :END: -My work machine. Built for more security, this is the gold standard of my configurations at the moment. Most of the client work configurations are in [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] and [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][home-manager/work]]. +My work machine. Built for more security, this is the gold standard of my configurations at the moment. ***** Main Configuration :PROPERTIES: @@ -3874,13 +3770,13 @@ My work machine. Built for more security, this is the gold standard of my config } #+end_src + ***** hardware-configuration :PROPERTIES: :CUSTOM_ID: h:25115a54-c634-4896-9a41-254064ce9fcc :END: =dcdebugmask= enums: https://docs.kernel.org/gpu/amdgpu/driver-core.html#c.DC_DEBUG_MASK -This system is built with support for arm emulation, so it can build configurations that are meant to run on most of my cloud hosts (even though the remote builders are a better fit for this). #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: @@ -3907,8 +3803,7 @@ This system is built with support for arm emulation, so it can build configurati # ''; boot = { - # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; - kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest; + kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; binfmt.emulatedSystems = [ "aarch64-linux" ]; initrd = { @@ -3976,8 +3871,6 @@ This system is built with support for arm emulation, so it can build configurati :CUSTOM_ID: h:e0da04c7-4199-44b0-b525-6cfc64072b45 :END: -This system uses an encrypted root that is however not impermanent. At some point I should reset this host, but this will probably not happen while I use this machine at work. - #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/disk-config.nix { disko.devices = { @@ -4067,7 +3960,7 @@ This system uses an encrypted root that is however not impermanent. At some poin :CUSTOM_ID: h:a320569e-7bf0-4552-9039-b2a8e0939a12 :END: -My personal laptop. Closely follows the =pyramid= config, but leaves out some security features that I consider a bother on my work machine. Contrary to =pyramid=, this uses a clean, impermanent setup. +My personal laptop. Closely follows the =pyramid= config, but leaves out some security features that I consider a bother on my work machine. ***** Main Configuration :PROPERTIES: @@ -4307,7 +4200,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :CUSTOM_ID: h:932ef6b0-4c14-4200-8e3f-2e208e748746 :END: -This used to be my main server (it is now replaced by [[#h:82bf7fb1-631b-4acd-966b-d0c71a9eb463][Summers (Server: ASUS Z10PA-D8)]]). Currently I use this host as a staging system for several services, and in the future this will be my IoT management system. +This is my main server that I run at home. It handles most tasks that require bigger amounts of storage than I can receive for free at OCI. Also it houses some data that I find too sensitive to hand over to Oracle. ***** Main Configuration :PROPERTIES: @@ -4432,8 +4325,6 @@ This used to be my main server (it is now replaced by [[#h:82bf7fb1-631b-4acd-96 :CUSTOM_ID: h:82bf7fb1-631b-4acd-966b-d0c71a9eb463 :END: -This is my current main server at home; all services except filesystem backups run in separate microvms (see [[#h:5e571d89-6590-4aa4-a5f4-5c871683d09b][Guests]]). Generally, all services that have any amount of significant data will be run on this server, and not on the Oracle Cloud instances. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:dc2233df-cd78-43cc-bb45-57568a83fb24 @@ -5706,8 +5597,6 @@ This is my current main server at home; all services except filesystem backups r :CUSTOM_ID: h:58c7563e-6954-42e6-a622-9d06523e8e24 :END: -This machine serves as my home router (see [[#h:b54f2bbb-0088-46b2-957d-fd8234b772c3][Router]]). It also provides an http proxy endpoint in my local network over DNS rewrites. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:624b3c6a-6e31-4734-a6ea-7c5b461a3429 @@ -6197,8 +6086,6 @@ My phone. I use only a minimal config for remote debugging here. :CUSTOM_ID: h:ced1795a-9884-4277-bcde-6f7b9b1cc2f0 :END: -This is my workstation locatated at my workplace - I use it as a remote builder and for testing things on ARM architecture. - #+begin_src nix-ts :tangle hosts/home/aarch64-linux/treehouse/default.nix { self, pkgs, ... }: { @@ -6244,16 +6131,18 @@ This is my workstation locatated at my workplace - I use it as a remote builder :CUSTOM_ID: h:4dc59747-9598-4029-aa7d-92bf186d6c06 :END: -My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk suffered a weird failure at some point where it became unable to be cloned, while still functioning. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished. +My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but was still functional. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished. -Nowadays, this section holds only hosts living in the cloud. For VM guests on physical hosts, see the =Guests= section under the corresponding hostname in [[#h:58dc6384-0d19-4f71-9043-4014bd033ba2][Physical hosts]]. +I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI: + - =MilkyWell=: cloud server used for very lightweight sync tasks of non-critical data + - =Moonside=: Proxy server + some lightweight services **** Moonside (OCI) :PROPERTIES: :CUSTOM_ID: h:f547ed16-5e6e-4744-9e33-af090e0a175b :END: -This machine used to be my proxy server, a functionality that is now provided by [[#h:19300583-322b-4e0b-b657-857fbf23dfa1][Twothreetunnel (OCI)]]; nowadays, I use it to run non-crucial services in the cloud - i.e. any service that does not use important private data. As an effect, this mostly holds some text and image sharing tools as well as a number of game servers. +This machine mainly acts as my proxy server to stand before my local machines. ***** Main Configuration :PROPERTIES: @@ -6536,8 +6425,6 @@ This machine used to be my proxy server, a functionality that is now provided by :CUSTOM_ID: h:90457194-6b97-4cd6-90bc-4f42d0d69f51 :END: -This machine acts as my build farm and nix binary cache. It also provides an S3 bucket that is meant to be used for the binary cache (however, it is ocasionally used to have a separate object storage). - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:cb78799c-d47a-43d4-88ad-d32fcc0abd0b @@ -6769,8 +6656,6 @@ This machine acts as my build farm and nix binary cache. It also provides an S3 :CUSTOM_ID: h:1888ded8-69dc-431f-bb39-5089a8e8b1f4 :END: -This machine is the authoritative DNS server for my domain and is responsible for pushing records to Hurricane Electric as well as Hetzner Cloud. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:0fe53305-52c3-4cc3-81fe-33408070165e @@ -6976,8 +6861,6 @@ This machine is the authoritative DNS server for my domain and is responsible fo :CUSTOM_ID: h:a6baab45-b608-4289-bc92-4454bb0856c6 :END: -This servers is an SSH bastion responsible for shielding my others cloud instances from unauthorized access. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:b58a57d9-7986-489e-a5e8-3ec4c2924b45 @@ -7193,8 +7076,6 @@ This servers is an SSH bastion responsible for shielding my others cloud instanc :CUSTOM_ID: h:19300583-322b-4e0b-b657-857fbf23dfa1 :END: -This host acts as my main http proxy for external access. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:7e66d04d-55c7-4195-b1ee-a013dac26217 @@ -7445,8 +7326,6 @@ This host acts as my main http proxy for external access. :CUSTOM_ID: h:81bc8746-b46b-4d29-87de-ddbd77788b43 :END: -This is my mailserver. Since I do not really want to trust Oracle Cloud with any important data, I am running this one on Hetzner. - ***** Main Configuration :PROPERTIES: :CUSTOM_ID: h:faee045f-a5dd-419a-b374-fc22518d4cd8 @@ -7671,9 +7550,6 @@ This is my mailserver. Since I do not really want to trust Oracle Cloud with any :PROPERTIES: :CUSTOM_ID: h:89ce533d-4856-4988-b456-0951d4453db8 :END: - -The machines listed here are not real hosts per se, but are rather used in some aspects of testing or deployment, i.e. these hosts do not exist permanently. - **** Toto (Physical/VM) :PROPERTIES: :CUSTOM_ID: h:6b495f0e-fc11-44c8-a9e8-83f3d95c8857 @@ -8070,8 +7946,6 @@ Steps to recover using live ISO: :CUSTOM_ID: h:e9fe580c-f1b2-4d7b-aaff-bbdf89a8c9f9 :END: -This is a specialized kexec image that I use to have disko available on RAM-limited machines, as the kexec provided directly by nixos-anywhere does not include it. Note that I had to strip most other stuff from this image, so this is not a good image for general deployment. - #+begin_src nix-ts :tangle install/kexec.nix { lib, pkgs, modulesPath, options, ... }: { @@ -8172,15 +8046,15 @@ This is a specialized kexec image that I use to have disko available on RAM-limi #+end_src -***** TODO Hotel (Demo Physical/VM) +**** Hotel (Demo Physical/VM) :PROPERTIES: :CUSTOM_ID: h:e1498bef-ec67-483d-bf02-76264e30be8e :END: -This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys). TODO: provide a public secret that can be used to test the environment +This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys). I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to run in a virtualized environment. I also enable =qemuGuest= for a smoother experience when testing on QEMU. -****** Main configuration +***** Main configuration :PROPERTIES: :CUSTOM_ID: h:9f1f3439-b0af-4dcd-a96f-b6aa7b6cd2ab :END: @@ -8252,7 +8126,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+end_src -****** disko +***** disko :PROPERTIES: :CUSTOM_ID: h:849e4233-ba40-4fec-acfe-0d76e1e4371b :END: @@ -8388,7 +8262,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru } #+end_src -****** NixOS dummy options configuration +***** NixOS dummy options configuration :PROPERTIES: :CUSTOM_ID: h:6f9c1a3b-452e-4944-86e8-cb17603cc3f9 :END: @@ -8399,7 +8273,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+end_src -****** home-manager dummy options configuration +***** home-manager dummy options configuration :PROPERTIES: :CUSTOM_ID: h:88ccb198-74b9-4269-8e22-af1277f44667 :END: @@ -8434,14 +8308,14 @@ Here we have NixOS options. All options are split into smaller files that are lo :CUSTOM_ID: h:1c1250cd-e9b4-4715-8d9f-eb09e64bfc7f :END: -These are system-level settings specific to NixOS machines. All settings that are required on all machines should go here. +These are system-level settings specific to NixOS machines. All settings that are required on all machines go here. **** Imports :PROPERTIES: :CUSTOM_ID: h:4acbe063-188b-42e7-b75c-b6d2e232e784 :END: -This section is for setting things that should be used on hosts that are using the default NixOS configuration. +This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix-ts :tangle modules/nixos/common/default.nix { lib, ... }: @@ -8461,17 +8335,6 @@ in :CUSTOM_ID: h:5c3027b4-ba66-445e-9c5f-c27e332c90e5 :END: -This section of code allows different =nixosConfigurations= (i.e. hosts) to "send" configuration to each other. That means host A can define in a module some configuration that should then be applied on host B. This is very useful for servers, where the full functionality may be split over multiple hosts. - -An example: - -[[#h:82bf7fb1-631b-4acd-966b-d0c71a9eb463][Summers (Server: ASUS Z10PA-D8)]] provides a service and loads a module. In that module I can then also define: - - nginx config for the internal proxy [[#h:90dc7f71-f9da-49ef-b273-edfab7daaa05][hintbooth-nginx]] - - nginx config for the external proxy [[#h:19300583-322b-4e0b-b657-857fbf23dfa1][Twothreetunnel (OCI)]] - - dns records to be published by [[#h:1888ded8-69dc-431f-bb39-5089a8e8b1f4][Stoicclub (OCI)]] - -Note that not all configuration can be sent by default, rather it has bo be defined in =forwardedOptions= below (otherwise we get an infinite recursion error). For options that do not take a submodule as argument, we need to define every last option we set by hand - see for example the =services.firezone.gateway= options below, where we redefine =[ "enable" "name" "apiUrl" "tokenFile" "package" "logLevel" ]=. - #+begin_src nix-ts :tangle modules/nixos/common/nodes.nix # adapted from https://github.com/oddlama/nix-config/blob/main/modules/distributed-config.nix { config, lib, nodes, ... }: @@ -8549,10 +8412,6 @@ Note that not all configuration can be sent by default, rather it has bo be defi :CUSTOM_ID: h:85c9b83f-40c3-4558-bb28-a37b6f8597b9 :END: -Since I am maintaining an infrastructure of moderate size, it is also useful to be able to have some mechanism of shared variables between configurations. For example, I have to reference the domain of my identity management system in some places across the config, which I can reference using =globals.services.kanidm.domain=. - -Do note that the below does not achieve anything on its own - as is, these would only be normal ("local") NixOS options. The real magic, as we have touched on before, happens in [[#h:af83893d-c0f9-4b45-b816-4849110d41b3][Globals]], where we then ingest the values here and expose them as a flake output. - #+begin_src nix-ts :tangle modules/nixos/common/globals.nix { lib, options, ... }: let @@ -8851,12 +8710,6 @@ Do note that the below does not achieve anything on its own - as is, these would :CUSTOM_ID: h:a8bbe15f-a7dd-4e6d-ba49-26206c38e9c8 :END: -If you have worked on a system using NixOS + home-manager as a submodule, you have probably noticed that it is a hassle to use sops-nix in the home-manager configuration - as least as long as you want to retain compatibility with home-manager only systems. You might have also noticed that the home-manager sops secrets take up a considerable amount of time. - -Hence, here I am mirroring all of the home-manager secrets that I use across the configuration. I would like to automate this process, but the only way I see for doing this would be by defining a dummy configuration that has these values set in the respective home-manager modules and copying that here, which seems brittle to me. - -In the respective modules that use home-manager secrets (for example [[#h:506d01fc-c20b-473a-ac78-bce4b53fe0e3][Mail]]) I then use an =optionalAttrs= that checks if we have a NixOS system and only includes the config if that is not the case in order to not import the same secret twice. - #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix { self, lib, config, globals, withHomeManager, ... }: let @@ -8889,8 +8742,6 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01 github-forge-token = { owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-work) { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; - }) // (lib.optionalAttrs (modules ? optional-noctalia) { - radicale-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; @@ -8914,8 +8765,6 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01 :CUSTOM_ID: h:e2e7444b-cb85-4719-b154-e5f37274d02d :END: -This is just some additional configuration that proliferates some [[#h:391e7712-fef3-4f13-a3ed-d36e228166fd][Topology]] node fields automatically from my own options. - #+begin_src nix-ts :tangle modules/nixos/common/topology.nix { lib, config, ... }: { @@ -9089,8 +8938,6 @@ A breakdown of the flags being set: nixpkgs = { overlays = [ outputs.overlays.default - outputs.overlays.stables - outputs.overlays.modifications ] ++ lib.optionals withHomeManager [ (final: prev: let @@ -9118,7 +8965,7 @@ A breakdown of the flags being set: :CUSTOM_ID: h:7f6d6908-4d02-4907-9c70-f802f4358520 :END: -We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = self= line (=inherit ...=). This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). +We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, arch, type, withHomeManager, ... }: @@ -9205,7 +9052,7 @@ For that reason, make sure that =sops-nix= is properly working before finishing description = "Leon S"; password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; - extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "input" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; }; }; @@ -9418,8 +9265,6 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system :CUSTOM_ID: h:a1311b07-2a8d-4c1f-addc-8572fc184e0d :END: -Here I set some general boot options, mostly enabling an emergency shell and some extra tools that would normally not be available in stage 1. Also I reduce the bootloaders default timeout because I do not really need that anymore ever since I have stopped to use specialisations. - #+begin_src nix-ts :tangle modules/nixos/common/boot.nix { lib, pkgs, config, globals, ... }: { @@ -9567,7 +9412,7 @@ This section is to be used for modules that are most likely only used on client :CUSTOM_ID: h:4acbe063-188b-42e7-b75c-b6d2e232e784 :END: -This section is for setting things that should be used on clients that are using the default NixOS configuration. +This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix-ts :tangle modules/nixos/client/default.nix { lib, ... }: @@ -9606,7 +9451,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh pcsc-tools pcscliteWithPolkit.out - # ledger packages ledger-live-desktop @@ -9727,7 +9571,7 @@ Next, we will setup some environment variables that need to be set on the system :CUSTOM_ID: h:e2d40df9-0026-4caa-8476-9dc2353055a1 :END: -Needed for control over system-wide privileges etc. Also I make sure that the root user has access to =SSH_AUTH_SOCK= (without this, root will not be able to read my =nix-secrets= repository, however, that does not matter anymore since I stopped using that solution) in order to be able to keep using the same agent upon escalation. +Needed for control over system-wide privileges etc. Also I make sure that the root user has access to =SSH_AUTH_SOCK= (without this, root will not be able to read my =nix-secrets= repository). #+begin_src nix-ts :tangle modules/nixos/client/polkit.nix { lib, config, minimal, ... }: @@ -9768,8 +9612,6 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason =a stop job is running for session 1 of user ...=. I do not want to wait that long and am confident no important data is lost by doing this. -Nowadays, it seems that this bug was fixed (I think it was caused by VirtualBox), but still, I keep these shorter timeouts just to be safe (or unsafe, depending on your viewpoint). - #+begin_src nix-ts :tangle modules/nixos/client/systemd.nix { lib, config, ... }: { @@ -9789,7 +9631,7 @@ Nowadays, it seems that this bug was fixed (I think it was caused by VirtualBox) :CUSTOM_ID: h:1fa7cf61-5c03-43a3-a7f0-3d6ee246b31b :END: -Enable OpenGL, Sound, Bluetooth, support for my custom keyboards and various other drivers. +Enable OpenGL, Sound, Bluetooth and various drivers. #+begin_src nix-ts :tangle modules/nixos/client/hardware.nix { pkgs, config, lib, ... }: @@ -9827,7 +9669,7 @@ Enable OpenGL, Sound, Bluetooth, support for my custom keyboards and various oth bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { enable = true; - package = pkgs.bluez; + package = pkgs.stable.bluez; powerOnBoot = true; settings = { General = { @@ -9847,7 +9689,7 @@ Enable OpenGL, Sound, Bluetooth, support for my custom keyboards and various oth :CUSTOM_ID: h:63f6773e-b321-4b1d-a206-3913658cf62d :END: -This is only used on systems not running Pipewire (none at the moment). +This is only used on systems not running Pipewire. #+begin_src nix-ts :tangle modules/nixos/client/pulseaudio.nix @@ -9868,7 +9710,7 @@ This is only used on systems not running Pipewire (none at the moment). :CUSTOM_ID: h:aa433f5e-a455-4414-b76b-0a2692fa06aa :END: -Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with =xdg-desktop-portal-wlr= when using [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]]. +Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with =xdg-desktop-portal-wlr=. #+begin_src nix-ts :tangle modules/nixos/client/pipewire.nix { lib, config, pkgs, ... }: @@ -9879,7 +9721,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w services.pipewire = { enable = true; - package = pkgs.pipewire; + package = pkgs.stable.pipewire; pulse.enable = true; jack.enable = true; audio.enable = true; @@ -10214,9 +10056,12 @@ Here I only enable =networkmanager= and a few default networks. The rest of the :CUSTOM_ID: h:d87d80fd-2ac7-4f29-b338-0518d06b4deb :END: -I use sops-nix to handle secrets that I want to have available on my machines at all times. For some reason validateSopsFiles needs to be turned off, probably because my age keys are not real age keys but just the host ssh keys being read in by =ssh-go-age=. The default sopsfile is the one that is available to all systems - if the secret in question is not in that file, we need to override =sopsFile= in the respective secret. - -Do note that we have to account for impermanent file systems here, otherwise system activation will fail because the secret files cannot be found. +I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine: +- `ssh-keygen -t ed25519 -C "NAME sops"` in .ssh directory (or wherever) - name e.g. "sops" +- cat ~/.ssh/sops.pub | ssh-to-age | wl-copy +- add the output to .sops.yaml +- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/public/NAME.pub +- update entry for sops.age.sshKeyPaths #+begin_src nix-ts :tangle modules/nixos/client/sops.nix { self, config, lib, ... }: @@ -10242,8 +10087,6 @@ Do note that we have to account for impermanent file systems here, otherwise sys :CUSTOM_ID: h:43aa6c7e-ef6a-4907-9d22-3e6fb5ba4c08 :END: -This defines all remote builds that I want to use on client machines. This includes the nixbuild.net machine as well as my own private builders. I can use these to perform x86_64 builds as well as aarch64. - #+begin_src nix-ts :tangle modules/nixos/client/remotebuild.nix { lib, config, globals, ... }: let @@ -10371,7 +10214,7 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w :CUSTOM_ID: h:2bbf5f31-246d-4738-925f-eca40681f7b6 :END: -Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances (its config is in a subsection) +Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. #+begin_src nix-ts :tangle modules/nixos/client/programs.nix { lib, config, ... }: @@ -10410,8 +10253,6 @@ Here I disable global completion to prevent redundant compinit calls and cache i #+end_src ***** nautilus -This enabled the right-click context menu entry in nautilus that allows to open a folder in a terminal - I never use this to be honest, but I feel like the file explorer would not be complete otherwise. - #+begin_src nix-ts :tangle modules/nixos/client/nautilus.nix { lib, config, ... }: { @@ -10429,8 +10270,6 @@ This enabled the right-click context menu entry in nautilus that allows to open :CUSTOM_ID: h:1e6d3d56-e415-43a2-8e80-3bad8062ecf8 :END: -This is the syncthing client configuration. Contrary to the [[#h:ad2787a2-7b1c-4326-aeff-9d8d6c3f591d][server syncthing config]], this sets all directories as send+receive (the servers only receive). Apart from that, I only really need to sync my Obsidian stuff and some Emacs files. - #+begin_src nix-ts :tangle modules/nixos/client/syncthing.nix { lib, config, pkgs, ... }: let @@ -10562,7 +10401,7 @@ Avahi is the service used for the network discovery. :CUSTOM_ID: h:f101daa2-604d-4553-99e2-f64b9c207f51 :END: -This is being set to allow myself to use all functions of nautilus in NixOS. +This is being set to allow myself to use all functions of nautilus in NixOS #+begin_src nix-ts :tangle modules/nixos/client/gvfs.nix { lib, config, ... }: @@ -10579,7 +10418,7 @@ This is being set to allow myself to use all functions of nautilus in NixOS. :CUSTOM_ID: h:08d213d5-a9f4-4309-8635-ba557b01dc7d :END: -This is a super-convenient configuration bit that lets my remap my =CAPS= key to =ESC= if pressed shortly, and =CTRL= if being held. Interception-tools can do many other things as well, but that is really all I need when I am typing on my laptops internal keyboard. +This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if pressed shortly, and =CTRL= if being held. #+begin_src nix-ts :tangle modules/nixos/client/interceptiontools.nix { lib, config, pkgs, ... }: @@ -10616,12 +10455,11 @@ This is a super-convenient configuration bit that lets my remap my =CAPS= key to } #+end_src -***** keyd: remap SUPER (not used) +***** keyd: remap SUPER :PROPERTIES: :CUSTOM_ID: h:6a0fb66c-dfda-47e9-87b2-8b02d58dd68b :END: -This is an unused service that can also be used to remap keybinds. I tried to use this in the past to implement the self-hiding topbar that I know from [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] in [[#h:06e77ca4-28ff-4cfd-bc60-b7fd848bfedb][Niri]]. That did not work. Still, it cannot hurt to keep this reference in here. #+begin_src nix-ts :tangle modules/nixos/client/keyd.nix { lib, config, ... }: @@ -10662,8 +10500,6 @@ This enables power profile management. The available modes are: Most of the time I am using =power-saver=, however, it is good to be able to choose. -This is also used by [[#h:385cc6c7-416c-4570-a5d3-bf8fb7c841e7][Noctalia-shell]] in order to set and get the profiles. - #+begin_src nix-ts :tangle modules/nixos/client/power-profiles-daemon.nix { lib, config, ... }: { @@ -10679,17 +10515,13 @@ This is also used by [[#h:385cc6c7-416c-4570-a5d3-bf8fb7c841e7][Noctalia-shell]] :CUSTOM_ID: h:5db15758-17d8-4bde-811d-d11ccdd3f3d3 :END: -[[#h:388e71be-f00a-4d45-ade1-218ce942057d][SwayOSD]] provides a neat visual overlay when changing the system volume or brightness. However, the libinput backend needs some fixing, which is done here. - -Nowadays, this is not used in favor of [[#h:96e05275-38df-401b-8809-d45d8f59e43c][Noctalia-shell]]. - #+begin_src nix-ts :tangle modules/nixos/client/swayosd.nix { lib, pkgs, config, ... }: { options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; config = lib.mkIf config.swarselmodules.swayosd { - environment.systemPackages = [ pkgs.swayosd ]; - services.udev.packages = [ pkgs.swayosd ]; + environment.systemPackages = [ pkgs.dev.swayosd ]; + services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; documentation = [ "https://github.com/ErikReider/SwayOSD" ]; @@ -10700,7 +10532,7 @@ Nowadays, this is not used in favor of [[#h:96e05275-38df-401b-8809-d45d8f59e43c serviceConfig = { Type = "dbus"; BusName = "org.erikreider.swayosd"; - ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + ExecStart = "${pkgs.dev.swayosd}/bin/swayosd-libinput-backend"; Restart = "on-failure"; }; }; @@ -10811,7 +10643,7 @@ This loads some udev rules that I need for my split keyboards. :CUSTOM_ID: h:eae45839-223a-4027-bce3-e26e092c9096 :END: -This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway/niri on system startup. Notably the default user login setting that is commented out here goes into the *system specific* settings, make sure to update it there.n +This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the *system specific* settings, make sure to update it there #+begin_src nix-ts :tangle modules/nixos/client/login.nix { lib, config, pkgs, ... }: @@ -10937,30 +10769,31 @@ When a program does not work, start with =nix-ldd =. This will tell you pipewire pixman speex - steam-fhsenv-without-steam + # stable.cc.cc + stable25_05.steam-fhsenv-without-steam systemd tbb vulkan-loader - libice - libsm - libx11 - libxscrnsaver - libxcomposite - libxcursor - libxdamage - libxext - libxfixes - libxft - libxi - libxinerama - libxmu - libxrandr - libxrender - libxt - libxtst - libxxf86vm - libxcb - libxshmfence + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXft + xorg.libXi + xorg.libXinerama + xorg.libXmu + xorg.libXrandr + xorg.libXrender + xorg.libXt + xorg.libXtst + xorg.libXxf86vm + xorg.libxcb + xorg.libxshmfence zlib ]; }; @@ -10973,7 +10806,7 @@ When a program does not work, start with =nix-ldd =. This will tell you :CUSTOM_ID: h:b751d77d-246c-4bd6-b689-3467d82bf9c3 :END: -This snippet is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet. +This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet. #+begin_src nix-ts :tangle modules/nixos/client/nvd-rebuild.nix { lib, config, pkgs, ... }: @@ -11052,9 +10885,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom :CUSTOM_ID: h:872d5f46-2ffd-4076-9a2c-98783dd29434 :END: -This allows me to use screen sharing on Wayland when using [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]]. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways. - -Nowadays, I only need to enable portals in general for use with [[#h:06e77ca4-28ff-4cfd-bc60-b7fd848bfedb][Niri]], which implements screensharing using gnome-portal (which allows for neat things like hiding shared windows based on =app_id=). +This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways. #+begin_src nix-ts :tangle modules/nixos/client/xdg-portal.nix { lib, config, ... }: @@ -11084,7 +10915,7 @@ Nowadays, I only need to enable portals in general for use with [[#h:06e77ca4-28 :CUSTOM_ID: h:1bef3914-a258-4585-b232-e0fbe9e7a9b5 :END: -I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS (which has not happened in a while, but you never know). It is always the goal to quickly get things working on NixOS, but this should usually prevent me from getting completely stuck. +I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck. #+begin_src nix-ts :tangle modules/nixos/client/distrobox.nix { lib, config, pkgs, ... }: @@ -11099,7 +10930,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve virtualisation.podman = { enable = true; dockerCompat = true; - package = pkgs.podman; + package = pkgs.stable.podman; }; }; } @@ -11109,7 +10940,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve :PROPERTIES: :CUSTOM_ID: h:cfc22f8d-251e-4636-98d6-a43cdb112b68 :END: -Adds the necessary tools to allow .appimage programs handling easily. +Adds the necessary tools to allow .appimage programs easily. #+begin_src nix-ts :tangle modules/nixos/client/appimage.nix { lib, config, ... }: @@ -11130,9 +10961,7 @@ Adds the necessary tools to allow .appimage programs handling easily. :CUSTOM_ID: h:a5a0d84e-c7b3-4164-a4c7-2e2d8ada69cd :END: -This turns off the display when the lid is closed. When we are docked it just turns it off, when using the laptop standalone it instead sends it to suspend. - -Notably we also make sure to handle the fingerprint sensor especially, because it can misfire or stop working on wakeup otherwise. +This turns off the display when the lid is closed. #+begin_src nix-ts :tangle modules/nixos/client/lid.nix { lib, config, ... }: @@ -11181,8 +11010,6 @@ Notably we also make sure to handle the fingerprint sensor especially, because i Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by [[https://gist.github.com/cafkafk][cafkafk]]. -Nowadays, I have replaced this with [[#h:385cc6c7-416c-4570-a5d3-bf8fb7c841e7][Noctalia-shell]]. - #+begin_src nix-ts :tangle modules/nixos/client/lowbattery.nix { pkgs, lib, config, ... }: { @@ -11224,7 +11051,7 @@ Nowadays, I have replaced this with [[#h:385cc6c7-416c-4570-a5d3-bf8fb7c841e7][N :CUSTOM_ID: h:fa8d9ec4-3e22-458a-9239-859cffe7f55c :END: -Auto login for the initial session. This basically skips the [[#h:eae45839-223a-4027-bce3-e26e092c9096][System Login (greetd)]] screen. +Auto login for the initial session. #+begin_src nix-ts :tangle modules/nixos/client/autologin.nix { lib, config, ... }: @@ -11247,7 +11074,7 @@ Auto login for the initial session. This basically skips the [[#h:eae45839-223a- :CUSTOM_ID: h:74f5961d-2881-4a42-b99f-94c8f70c8196 :END: -UWSM is a helper tool meant to help with chaining systemd services correctly. When starting/ending sessions using it, we can be sure that the corresponding services also start and end with it - this is not standard behaviour! +Auto login for the initial session. #+begin_src nix-ts :tangle modules/nixos/client/uwsm.nix { lib, config, pkgs, ... }: @@ -11316,7 +11143,6 @@ UWSM is a helper tool meant to help with chaining systemd services correctly. Wh :CUSTOM_ID: h:4d018a21-637b-4c7d-b9c9-7f1b95144a07 :END: -This is the VPN client that I use to access my internal network at home. #+begin_src nix-ts :tangle modules/nixos/client/firezone-client.nix { lib, config, ... }: @@ -11415,10 +11241,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in **** Persistent user/group IDs -When using microvms, I opted to use ZFS with it, and mount datasets into the microvms. That however means that we need to make sure that userids stay consistent between microvm reboots. This could be done by persisting =/var/lib/nixos=, but even then it would not be guaranteed that all UIDs/GIDs match up with the hypervising host, which would not be a big problem, but I like to keep it consistent anyways. - -With this, evaluation will fail if there are any users/groups that are not declaratively managed. - #+begin_src nix-ts :tangle modules/nixos/server/id.nix { lib, config, confLib, ... }: let @@ -11566,8 +11388,6 @@ This is a collection of packages that are useful for server-type hosts that do n :CUSTOM_ID: h:d6840d31-110c-465f-93fa-0306f755de28 :END: -Handles my main NFS share. User password setup is currently not declarative, I need to write a service for it at some point. - #+begin_src nix-ts :tangle modules/nixos/server/nfs.nix { lib, config, pkgs, globals, confLib, ... }: let @@ -11627,8 +11447,6 @@ Handles my main NFS share. User password setup is currently not declarative, I n :CUSTOM_ID: h:ebe3413f-ef12-4b22-9121-380d599d83ca :END: -This sets up acme which I use to generate certificates. Nowadays I no longer use cloudflare but acme-dns, which allows me to have my dns records spread out over multiple providers for redundancy. - #+begin_src nix-ts :tangle modules/nixos/server/acme.nix { self, pkgs, lib, config, globals, confLib, ... }: let @@ -11685,8 +11503,6 @@ This sets up acme which I use to generate certificates. Nowadays I no longer use :CUSTOM_ID: h:302468d2-106a-41c8-b2bc-9fdc40064a9c :END: -This is the general NGINX config usind on [[#h:19300583-322b-4e0b-b657-857fbf23dfa1][Twothreetunnel (OCI)]] and the [[#h:90dc7f71-f9da-49ef-b273-edfab7daaa05][Nginx]] guest on [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hintbooth (Router: HUNSN RM02)]]. The virtualhosts themselves are declared in the respective service modules. - #+begin_src nix-ts :tangle modules/nixos/server/nginx.nix { pkgs, lib, config, ... }: let @@ -11917,8 +11733,6 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :CUSTOM_ID: h:d858c65c-4ca8-4ee5-971b-1a4aa4ccaa57 :END: -Some extra config to harden the config on my ssh bastion host. It makes it so that logging in as the jump user is prohibited on that host, and forwardAgent is forbidden. - #+begin_src nix-ts :tangle modules/nixos/server/bastion.nix { self, lib, config, withHomeManager, confLib, ... }: { @@ -12137,15 +11951,15 @@ lspci -nn | grep -i 'network\|ethernet' From the last bracket you then find out the correct kernel module: -#+begin_src shell :exports both :results output +#+begin_src shell :exports both lspci -k -d 14c3:0616 #+end_src #+RESULTS: -: 04:00.0 Network controller: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter -: Subsystem: MEDIATEK Corp. Device e616 -: Kernel driver in use: mt7921e -: Kernel modules: mt7921e +| 04:00.0 | Network | controller: | MEDIATEK | Corp. | MT7922 | 802.11ax | PCI | Express | Wireless | Network | Adapter | +| | Subsystem: | MEDIATEK | Corp. | Device | e616 | | | | | | | +| | Kernel | driver | in | use: | mt7921e | | | | | | | +| | Kernel | modules: | mt7921e | | | | | | | | | A little note about the secrets part: @@ -12624,8 +12438,6 @@ In order to define a new wireguard interface, I have to: :CUSTOM_ID: h:475b0892-bdbd-4aa2-b68e-86a037f27b04 :END: -This literally just adds the btrfs parameters. - #+begin_src nix-ts :tangle modules/nixos/server/btrfs.nix { lib, config, ... }: { @@ -12941,10 +12753,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin :CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 :END: -Kavita is the service I use for my library management. It seems more tailored towards comics/graphic novels, but still I prefer its interface to what calibre offers. - #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix - { lib, config, globals, dns, confLib, ... }: + { self, lib, config, pkgs, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; @@ -12954,6 +12764,9 @@ Kavita is the service I use for my library management. It seems more tailored to { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { + environment.systemPackages = with pkgs; [ + calibre + ]; users = { persistentIds.kavita = confLib.mkIds 995; @@ -13013,8 +12826,6 @@ Kavita is the service I use for my library management. It seems more tailored to :CUSTOM_ID: h:e0d4c16e-ab64-48ac-9734-1ab62953ad4b :END: -My video streaming service of choice. In the past I used plex, but I prefer using jellyfin now, which looks more clean (and is not payment incentivised). - #+begin_src nix-ts :tangle modules/nixos/server/jellyfin.nix { pkgs, lib, config, globals, dns, confLib, ... }: let @@ -13093,8 +12904,6 @@ My video streaming service of choice. In the past I used plex, but I prefer usin :CUSTOM_ID: h:f347f3ad-5100-4c4f-8616-cfd7f8e14a72 :END: -My music streaming service. In the past I used subsonic and gonic, but I prefer the tag based management. Sadly the jukebox seems not to work on NixOS (TODO?) - #+begin_src nix-ts :tangle modules/nixos/server/navidrome.nix { pkgs, config, lib, globals, dns, confLib, ... }: let @@ -13180,6 +12989,7 @@ My music streaming service. In the past I used subsonic and gonic, but I prefer services.${serviceName} = { enable = true; + # openFirewall = true; settings = { LogLevel = "debug"; Address = "0.0.0.0"; @@ -13291,8 +13101,6 @@ My music streaming service. In the past I used subsonic and gonic, but I prefer :CUSTOM_ID: h:ec9c5a7d-ea8b-46d5-809c-163c917f5c41 :END: -Simple config for running spotifyd which allows me to remote play spotify songs on my speakers. - #+begin_src nix-ts :tangle modules/nixos/server/spotifyd.nix { lib, config, confLib, ... }: let @@ -13355,8 +13163,6 @@ Simple config for running spotifyd which allows me to remote play spotify songs :CUSTOM_ID: h:baa4149b-3788-4b05-87ec-0ee9d0726117 :END: -My jukebox replacement since the native one in [[#h:f347f3ad-5100-4c4f-8616-cfd7f8e14a72][navidrome]] does not work :) - #+begin_src nix-ts :tangle modules/nixos/server/mpd.nix { lib, config, pkgs, confLib, ... }: let @@ -13431,8 +13237,6 @@ My jukebox replacement since the native one in [[#h:f347f3ad-5100-4c4f-8616-cfd7 :CUSTOM_ID: h:ce6a4371-e44f-419a-be9e-e17c7abdaf3a :END: -Needed for audio and stuff. - #+begin_src nix-ts :tangle modules/nixos/server/pipewire.nix { lib, config, confLib, ... }: { @@ -13467,8 +13271,6 @@ Needed for audio and stuff. :CUSTOM_ID: h:6ca43d5a-8ba6-4cd1-96b9-f088f11662c0 :END: -Many services require a databasee, and I like to go with full postgres when giving the chance. Each host will usually run its own instance instead of maintaining a centralised one. - #+begin_src nix-ts :tangle modules/nixos/server/postgresql.nix { self, config, lib, pkgs, confLib, ... }: let @@ -13505,8 +13307,6 @@ Many services require a databasee, and I like to go with full postgres when givi :CUSTOM_ID: h:669e1715-7685-4157-8283-a1f8f39212eb :END: -Allows me to spin up containers for services that do not provide NixOS options. - #+begin_src nix-ts :tangle modules/nixos/server/podman.nix { config, lib, confLib, ... }: let @@ -13563,8 +13363,6 @@ Allows me to spin up containers for services that do not provide NixOS options. :CUSTOM_ID: h:1e68d84a-8f99-422f-89ac-78f664ac0013 :END: -My messenger of choice. I use this mainly to bridge messages of whatsapp/telegram/signal into it, which allows me to only use a single app for all of my communication needs. TODO: add synapse oidc - #+begin_src nix-ts :tangle modules/nixos/server/matrix.nix { lib, config, pkgs, globals, dns, confLib, ... }: let @@ -13963,8 +13761,6 @@ My messenger of choice. I use this mainly to bridge messages of whatsapp/telegra :CUSTOM_ID: h:d11ad8d5-25d7-4691-b319-61c16ccef715 :END: -My file server. I aim to decomission this as soon as I can, however, I need a replacement for the cospend plugin (a shared expense manager). - #+begin_src nix-ts :tangle modules/nixos/server/nextcloud.nix { pkgs, lib, config, globals, dns, confLib, ... }: let @@ -13973,7 +13769,7 @@ My file server. I aim to decomission this as soon as I can, however, I need a re inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; - nextcloudVersion = "33"; + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -14045,8 +13841,6 @@ My file server. I aim to decomission this as soon as I can, however, I need a re :CUSTOM_ID: h:33bad8ad-b362-4bf1-8a49-b9df92329aed :END: -My photo service. It does some cool things like face recognition automatically (locally). - #+begin_src nix-ts :tangle modules/nixos/server/immich.nix { lib, pkgs, config, globals, dns, confLib, ... }: let @@ -14155,140 +13949,139 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= gotenbergPort = 3002; kanidmDomain = globals.services.kanidm.domain; in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { - users = { - persistentIds = { - redis-paperless = confLib.mkIds 975; + users = { + persistentIds = { + redis-paperless = confLib.mkIds 975; + }; + users.${serviceUser} = { + extraGroups = [ "users" ]; + }; + }; + + sops.secrets = { + paperless-admin-pw = { inherit sopsFile; owner = serviceUser; }; + kanidm-paperless-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + }; + + # networking.firewall.allowedTCPPorts = [ servicePort ]; + + globals = { + networks = { + ${webProxyIf}.hosts = lib.mkIf isProxied { + ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; }; - users.${serviceUser} = { - extraGroups = [ "users" ]; + ${homeProxyIf}.hosts = lib.mkIf isHome { + ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; }; }; - - sops.secrets = { - paperless-admin-pw = { inherit sopsFile; owner = serviceUser; }; - kanidm-paperless-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - }; - - # networking.firewall.allowedTCPPorts = [ servicePort ]; - - globals = { - networks = { - ${webProxyIf}.hosts = lib.mkIf isProxied { - ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; - }; - ${homeProxyIf}.hosts = lib.mkIf isHome { - ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; - }; - }; - services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6 isHome serviceAddress; + services.${serviceName} = { + domain = serviceDomain; + inherit proxyAddress4 proxyAddress6 isHome serviceAddress; homeServiceAddress = lib.mkIf isHome homeServiceAddress; - }; }; + }; - environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { - directories = [ - { directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; } - { directory = "/var/lib/redis-${serviceName}"; user = "redis-${serviceUser}"; group = "redis-${serviceGroup}"; } - { directory = "/var/lib/private/tika"; } - { directory = "/var/cache/${serviceName}"; user = serviceUser; group = serviceGroup; } - { directory = "/var/cache/private/tika"; } - ]; - }; + environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { + directories = [ + { directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; } + { directory = "/var/lib/redis-${serviceName}"; user = "redis-${serviceUser}"; group = "redis-${serviceGroup}"; } + { directory = "/var/lib/private/tika"; } + { directory = "/var/cache/${serviceName}"; user = serviceUser; group = serviceGroup; } + { directory = "/var/cache/private/tika"; } + ]; + }; - services = { - ${serviceName} = { - enable = true; - mediaDir = "/storage/Documents/${serviceName}"; - dataDir = "/var/lib/${serviceName}"; - user = serviceUser; - port = servicePort; - passwordFile = config.sops.secrets.paperless-admin-pw.path; - address = "0.0.0.0"; - settings = { - PAPERLESS_OCR_LANGUAGE = "deu+eng"; - PAPERLESS_URL = "https://${serviceDomain}"; - PAPERLESS_OCR_USER_ARGS = builtins.toJSON { - optimize = 1; - invalidate_digital_signatures = true; - pdfa_image_compression = "lossless"; - }; - PAPERLESS_TIKA_ENABLED = "true"; - PAPERLESS_TIKA_ENDPOINT = "http://localhost:${builtins.toString tikaPort}"; - PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${builtins.toString gotenbergPort}"; - PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; - PAPERLESS_SOCIALACCOUNT_PROVIDERS = builtins.toJSON { - openid_connect = { - OAUTH_PKCE_ENABLED = "True"; - APPS = [ - rec { - provider_id = "kanidm"; - name = "Kanidm"; - client_id = "paperless"; - # secret will be added by paperless-web.service (see below) - #secret = ""; - settings.server_url = "https://${kanidmDomain}/oauth2/openid/${client_id}/.well-known/openid-configuration"; - } - ]; - }; + services = { + ${serviceName} = { + enable = true; + mediaDir = "/storage/Documents/${serviceName}"; + dataDir = "/var/lib/${serviceName}"; + user = serviceUser; + port = servicePort; + passwordFile = config.sops.secrets.paperless-admin-pw.path; + address = "0.0.0.0"; + settings = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "https://${serviceDomain}"; + PAPERLESS_OCR_USER_ARGS = builtins.toJSON { + optimize = 1; + invalidate_digital_signatures = true; + pdfa_image_compression = "lossless"; + }; + PAPERLESS_TIKA_ENABLED = "true"; + PAPERLESS_TIKA_ENDPOINT = "http://localhost:${builtins.toString tikaPort}"; + PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${builtins.toString gotenbergPort}"; + PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; + PAPERLESS_SOCIALACCOUNT_PROVIDERS = builtins.toJSON { + openid_connect = { + OAUTH_PKCE_ENABLED = "True"; + APPS = [ + rec { + provider_id = "kanidm"; + name = "Kanidm"; + client_id = "paperless"; + # secret will be added by paperless-web.service (see below) + #secret = ""; + settings.server_url = "https://${kanidmDomain}/oauth2/openid/${client_id}/.well-known/openid-configuration"; + } + ]; }; }; }; - - tika = { - enable = true; - port = tikaPort; - openFirewall = false; - listenAddress = "127.0.0.1"; - enableOcr = true; - }; - - gotenberg = { - enable = true; - package = pkgs.gotenberg; - libreoffice.package = pkgs.libreoffice; - port = gotenbergPort; - bindIP = "127.0.0.1"; - timeout = "600s"; - chromium.package = pkgs.chromium; - }; }; + tika = { + enable = true; + port = tikaPort; + openFirewall = false; + listenAddress = "127.0.0.1"; + enableOcr = true; + }; - # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS - systemd.services.paperless-web.script = lib.mkBefore '' - oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) + gotenberg = { + enable = true; + package = pkgs.stable.gotenberg; + port = gotenbergPort; + bindIP = "127.0.0.1"; + timeout = "600s"; + chromium.package = pkgs.stable.chromium; + }; + }; + + + # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS + systemd.services.paperless-web.script = lib.mkBefore '' + oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$( ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \ --compact-output \ --arg oidcSecret "$oidcSecret" '.openid_connect.APPS.[0].secret = $oidcSecret' ) - ''; + ''; - nodes = - let - extraConfigLoc = '' - proxy_connect_timeout 300; + nodes = + let + extraConfigLoc = '' + proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; - ''; - in - { - ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; }; - ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); - }; + ''; + in + { + ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { + "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; + }; + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; }; + ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); + }; - }; - } + }; + } #+end_src **** transmission @@ -14296,8 +14089,6 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :CUSTOM_ID: h:5afeb311-ab86-4029-be53-2160f6d836c3 :END: -I use this configuration for sailing. - #+begin_src nix-ts :tangle modules/nixos/server/transmission.nix { self, pkgs, lib, config, confLib, ... }: let @@ -14555,8 +14346,6 @@ I use this configuration for sailing. :CUSTOM_ID: h:ad2787a2-7b1c-4326-aeff-9d8d6c3f591d :END: -This is the server syncthings config, which makes sure that the servers nevers override client data. They also store more folders that the clients. - #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix { lib, config, globals, dns, confLib, ... }: let @@ -14938,9 +14727,7 @@ This section exposes several metrics that I use to check the health of my server analytics.reporting_enabled = false; users.allow_sign_up = false; security = { - # admin_password = "$__file{/run/secrets/grafana-admin-pw}"; - disable_initial_admin_creation = true; - secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}"; + admin_password = "$__file{/run/secrets/grafana-admin-pw}"; cookie_secure = true; disable_gravatar = true; }; @@ -15113,7 +14900,7 @@ This section exposes several metrics that I use to check the health of my server :CUSTOM_ID: h:23452a18-a0a1-4515-8612-ceb19bb5fc22 :END: -This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I do not use this however, as I actually prefer to build them using [[#h:59f9ba07-8f63-4317-8def-83855a2a2ac1][Hydra]]. +This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually. #+begin_src nix-ts :tangle modules/nixos/server/jenkins.nix { pkgs, lib, config, globals, dns, confLib, ... }: @@ -15166,7 +14953,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w } #+end_src -**** Emacs elfeed (RSS Server, unused) +**** Emacs elfeed (RSS Server) :PROPERTIES: :CUSTOM_ID: h:4e6824bc-c3db-485d-b543-4072e6283b62 :END: @@ -15344,8 +15131,6 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with :CUSTOM_ID: h:a9965660-4358-4b9a-8c46-d55f28598344 :END: -My selfhosted git solution. TODO: federate - #+begin_src nix-ts :tangle modules/nixos/server/forgejo.nix { lib, config, pkgs, globals, dns, confLib, ... }: let @@ -15513,8 +15298,6 @@ My selfhosted git solution. TODO: federate :CUSTOM_ID: h:cb3f6552-7751-4f9a-b4c7-8d8ba5b255c4 :END: -I am an extensive user of Anki, and this allows me to sync my collection on my own. - #+begin_src nix-ts :tangle modules/nixos/server/ankisync.nix { self, lib, config, globals, dns, confLib, ... }: let @@ -15632,89 +15415,89 @@ kanidm person credential create-reset-token else "${keyPathBase}"; in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { - users = { - persistentIds = { - kanidm = confLib.mkIds 984; - }; - users.${serviceUser} = { - group = serviceGroup; - isSystemUser = true; - }; - - groups.${serviceGroup} = { }; + users = { + persistentIds = { + kanidm = confLib.mkIds 984; + }; + users.${serviceUser} = { + group = serviceGroup; + isSystemUser = true; }; - sops = { - secrets = { - "kanidm-self-signed-crt" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-self-signed-key" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-idm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-immich" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-paperless" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-forgejo" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-grafana" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-nextcloud" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-freshrss" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-oauth2-proxy" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + groups.${serviceGroup} = { }; + }; + + sops = { + secrets = { + "kanidm-self-signed-crt" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-self-signed-key" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-idm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-immich" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-paperless" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-forgejo" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-grafana" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-nextcloud" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-freshrss" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-oauth2-proxy" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + }; + }; + + # networking.firewall.allowedTCPPorts = [ servicePort ]; + + globals = { + general.idmServer = config.node.name; + networks = { + ${webProxyIf}.hosts = lib.mkIf isProxied { + ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; + }; + ${homeProxyIf}.hosts = lib.mkIf isHome { + ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; }; }; + services.${serviceName} = { + domain = serviceDomain; + inherit proxyAddress4 proxyAddress6 isHome serviceAddress; + homeServiceAddress = lib.mkIf isHome homeServiceAddress; + }; + }; - # networking.firewall.allowedTCPPorts = [ servicePort ]; - - globals = { - general.idmServer = config.node.name; - networks = { - ${webProxyIf}.hosts = lib.mkIf isProxied { - ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; - }; - ${homeProxyIf}.hosts = lib.mkIf isHome { - ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; - }; - }; - services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6 isHome serviceAddress; - homeServiceAddress = lib.mkIf isHome homeServiceAddress; - }; + environment.persistence = { + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ + certPathBase + keyPathBase + ]; }; - environment.persistence = { - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ - certPathBase - keyPathBase - ]; - }; - - "/state" = lib.mkIf config.swarselsystems.isMicroVM { - directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }]; - }; + "/state" = lib.mkIf config.swarselsystems.isMicroVM { + directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }]; }; + }; - systemd.services = { - "generateSSLCert-${serviceName}" = - let - daysValid = 3650; - renewBeforeDays = 365; - in - { - before = [ "${serviceName}.service" ]; - requiredBy = [ "${serviceName}.service" ]; - after = [ "local-fs.target" ]; - requires = [ "local-fs.target" ]; + systemd.services = { + "generateSSLCert-${serviceName}" = + let + daysValid = 3650; + renewBeforeDays = 365; + in + { + before = [ "${serviceName}.service" ]; + requiredBy = [ "${serviceName}.service" ]; + after = [ "local-fs.target" ]; + requires = [ "local-fs.target" ]; - serviceConfig = { - Type = "oneshot"; - }; + serviceConfig = { + Type = "oneshot"; + }; - script = '' - set -eu + script = '' + set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} @@ -15748,270 +15531,265 @@ kanidm person credential create-reset-token chmod 0600 "${keyPath}" chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" fi - ''; - }; - kanidm = { - environment.KANIDM_TRUST_X_FORWARD_FOR = "true"; - serviceConfig.RestartSec = "30"; - }; + ''; }; + kanidm = { + environment.KANIDM_TRUST_X_FORWARD_FOR = "true"; + serviceConfig.RestartSec = "30"; + }; + }; - # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - # deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; - # }; - # system.activationScripts."generateSSLCert-${serviceName}" = - # let - # daysValid = 3650; - # renewBeforeDays = 365; - # in - # { - # text = '' - # set -eu + # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + # deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; + # }; + # system.activationScripts."generateSSLCert-${serviceName}" = + # let + # daysValid = 3650; + # renewBeforeDays = 365; + # in + # { + # text = '' + # set -eu - # ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} - # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} - # ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} - # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} + # ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} + # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} + # ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} + # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} - # need_gen=0 - # if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then - # need_gen=1 - # else - # enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" - # end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" - # now_epoch="$(${pkgs.coreutils}/bin/date +%s)" - # seconds_left=$(( end_epoch - now_epoch )) - # days_left=$(( seconds_left / 86400 )) - # if [ "$days_left" -lt ${toString renewBeforeDays} ]; then - # need_gen=1 - # fi - # fi + # need_gen=0 + # if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then + # need_gen=1 + # else + # enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" + # end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" + # now_epoch="$(${pkgs.coreutils}/bin/date +%s)" + # seconds_left=$(( end_epoch - now_epoch )) + # days_left=$(( seconds_left / 86400 )) + # if [ "$days_left" -lt ${toString renewBeforeDays} ]; then + # need_gen=1 + # fi + # fi - # if [ "$need_gen" -eq 1 ]; then - # ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \ - # -keyout "${keyPath}" \ - # -out "${certPath}" \ - # -subj "/CN=${serviceDomain}" \ - # -addext "subjectAltName=DNS:${serviceDomain}" + # if [ "$need_gen" -eq 1 ]; then + # ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \ + # -keyout "${keyPath}" \ + # -out "${certPath}" \ + # -subj "/CN=${serviceDomain}" \ + # -addext "subjectAltName=DNS:${serviceDomain}" - # chmod 0644 "${certPath}" - # chmod 0600 "${keyPath}" - # chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" - # fi - # ''; - # deps = [ - # "etc" - # (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - # ]; - # }; + # chmod 0644 "${certPath}" + # chmod 0600 "${keyPath}" + # chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" + # fi + # ''; + # deps = [ + # "etc" + # (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + # ]; + # }; - services = { - ${serviceName} = { - package = pkgs.kanidmWithSecretProvisioning_1_9; - server = { - enable = true; - settings = { - domain = serviceDomain; - origin = "https://${serviceDomain}"; - # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; - # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; - bindaddress = "0.0.0.0:${toString servicePort}"; - # trust_x_forward_for = true; - }; + services = { + ${serviceName} = { + package = pkgs.kanidmWithSecretProvisioning_1_8; + enableServer = true; + serverSettings = { + domain = serviceDomain; + origin = "https://${serviceDomain}"; + # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; + tls_chain = certPathBase; + # tls_key = config.sops.secrets.kanidm-self-signed-key.path; + tls_key = keyPathBase; + bindaddress = "0.0.0.0:${toString servicePort}"; + # trust_x_forward_for = true; + }; + enableClient = true; + clientSettings = { + uri = config.services.kanidm.serverSettings.origin; + verify_ca = true; + verify_hostnames = true; + }; + provision = { + enable = true; + adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; + idmAdminPasswordFile = config.sops.secrets.kanidm-idm-admin-pw.path; + groups = { + "immich.access" = { }; + "paperless.access" = { }; + "forgejo.access" = { }; + "forgejo.admins" = { }; + "grafana.access" = { }; + "grafana.editors" = { }; + "grafana.admins" = { }; + "grafana.server-admins" = { }; + "nextcloud.access" = { }; + "nextcloud.admins" = { }; + "navidrome.access" = { }; + "freshrss.access" = { }; + "firefly.access" = { }; + "radicale.access" = { }; + "slink.access" = { }; + "opkssh.access" = { }; + "adguardhome.access" = { }; }; - client = { - enable = true; - settings = { - uri = config.services.kanidm.server.settings.origin; - verify_ca = true; - verify_hostnames = true; - }; - }; - provision = { - enable = true; - adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; - idmAdminPasswordFile = config.sops.secrets.kanidm-idm-admin-pw.path; - groups = { - "immich.access" = { }; - "paperless.access" = { }; - "forgejo.access" = { }; - "forgejo.admins" = { }; - "grafana.access" = { }; - "grafana.editors" = { }; - "grafana.admins" = { }; - "grafana.server-admins" = { }; - "nextcloud.access" = { }; - "nextcloud.admins" = { }; - "navidrome.access" = { }; - "freshrss.access" = { }; - "firefly.access" = { }; - "radicale.access" = { }; - "slink.access" = { }; - "opkssh.access" = { }; - "adguardhome.access" = { }; - }; - inherit (config.repo.secrets.local) persons; + inherit (config.repo.secrets.local) persons; - systems = { - oauth2 = { - immich = { - displayName = "Immich"; - originUrl = [ - "https://${immichDomain}/auth/login" - "https://${immichDomain}/user-settings" - "app.immich:///oauth-callback" - "https://${immichDomain}/api/oauth/mobile-redirect" - ]; - originLanding = "https://${immichDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-immich.path; - preferShortUsername = true; - enableLegacyCrypto = true; # can use RS256 / HS256, not ES256 - scopeMaps."immich.access" = [ - "openid" - "email" - "profile" - ]; + systems = { + oauth2 = { + immich = { + displayName = "Immich"; + originUrl = [ + "https://${immichDomain}/auth/login" + "https://${immichDomain}/user-settings" + "app.immich:///oauth-callback" + "https://${immichDomain}/api/oauth/mobile-redirect" + ]; + originLanding = "https://${immichDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-immich.path; + preferShortUsername = true; + enableLegacyCrypto = true; # can use RS256 / HS256, not ES256 + scopeMaps."immich.access" = [ + "openid" + "email" + "profile" + ]; + }; + paperless = { + displayName = "Paperless"; + originUrl = "https://${paperlessDomain}/accounts/oidc/kanidm/login/callback/"; + originLanding = "https://${paperlessDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-paperless.path; + preferShortUsername = true; + scopeMaps."paperless.access" = [ + "openid" + "email" + "profile" + ]; + }; + forgejo = { + displayName = "Forgejo"; + originUrl = "https://${forgejoDomain}/user/oauth2/kanidm/callback"; + originLanding = "https://${forgejoDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-forgejo.path; + scopeMaps."forgejo.access" = [ + "openid" + "email" + "profile" + ]; + # XXX: PKCE is currently not supported by gitea/forgejo, + # see https://github.com/go-gitea/gitea/issues/21376. + allowInsecureClientDisablePkce = true; + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup."forgejo.admins" = [ "admin" ]; }; - paperless = { - displayName = "Paperless"; - originUrl = "https://${paperlessDomain}/accounts/oidc/kanidm/login/callback/"; - originLanding = "https://${paperlessDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-paperless.path; - preferShortUsername = true; - scopeMaps."paperless.access" = [ - "openid" - "email" - "profile" - ]; - }; - forgejo = { - displayName = "Forgejo"; - originUrl = "https://${forgejoDomain}/user/oauth2/kanidm/callback"; - originLanding = "https://${forgejoDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-forgejo.path; - scopeMaps."forgejo.access" = [ - "openid" - "email" - "profile" - ]; - # XXX: PKCE is currently not supported by gitea/forgejo, - # see https://github.com/go-gitea/gitea/issues/21376. - allowInsecureClientDisablePkce = true; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup."forgejo.admins" = [ "admin" ]; + }; + grafana = { + displayName = "Grafana"; + originUrl = "https://${grafanaDomain}/login/generic_oauth"; + originLanding = "https://${grafanaDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-grafana.path; + preferShortUsername = true; + scopeMaps."grafana.access" = [ + "openid" + "email" + "profile" + ]; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "grafana.editors" = [ "editor" ]; + "grafana.admins" = [ "admin" ]; + "grafana.server-admins" = [ "server_admin" ]; }; }; - grafana = { - displayName = "Grafana"; - originUrl = "https://${grafanaDomain}/login/generic_oauth"; - originLanding = "https://${grafanaDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-grafana.path; - preferShortUsername = true; - scopeMaps."grafana.access" = [ + }; + nextcloud = { + displayName = "Nextcloud"; + originUrl = " https://${nextcloudDomain}/apps/sociallogin/custom_oidc/kanidm"; + originLanding = "https://${nextcloudDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-nextcloud.path; + allowInsecureClientDisablePkce = true; + scopeMaps."nextcloud.access" = [ + "openid" + "email" + "profile" + ]; + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "nextcloud.admins" = [ "admin" ]; + }; + }; + }; + opkssh = { + displayName = "OPKSSH"; + originUrl = [ + "http://localhost:3000" + "http://localhost:3000/login-callback" + "http://localhost:10001/login-callback" + "http://localhost:11110/login-callback" + ]; + originLanding = "http://localhost:3000"; + public = true; + enableLocalhostRedirects = true; + scopeMaps."opkssh.access" = [ + "openid" + "email" + "profile" + ]; + }; + oauth2-proxy = { + displayName = "Oauth2-Proxy"; + originUrl = "https://${oauth2ProxyDomain}/oauth2/callback"; + originLanding = "https://${oauth2ProxyDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-oauth2-proxy.path; + scopeMaps = { + "freshrss.access" = [ "openid" "email" "profile" ]; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "grafana.editors" = [ "editor" ]; - "grafana.admins" = [ "admin" ]; - "grafana.server-admins" = [ "server_admin" ]; - }; - }; - }; - nextcloud = { - displayName = "Nextcloud"; - originUrl = " https://${nextcloudDomain}/apps/sociallogin/custom_oidc/kanidm"; - originLanding = "https://${nextcloudDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-nextcloud.path; - allowInsecureClientDisablePkce = true; - scopeMaps."nextcloud.access" = [ + "navidrome.access" = [ "openid" "email" "profile" ]; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "nextcloud.admins" = [ "admin" ]; - }; - }; - }; - opkssh = { - displayName = "OPKSSH"; - originUrl = [ - "http://localhost:3000" - "http://localhost:3000/login-callback" - "http://localhost:10001/login-callback" - "http://localhost:11110/login-callback" + "firefly.access" = [ + "openid" + "email" + "profile" ]; - originLanding = "http://localhost:3000"; - public = true; - enableLocalhostRedirects = true; - scopeMaps."opkssh.access" = [ + "radicale.access" = [ + "openid" + "email" + "profile" + ]; + "slink.access" = [ + "openid" + "email" + "profile" + ]; + "adguardhome.access" = [ "openid" "email" "profile" ]; }; - oauth2-proxy = { - displayName = "Oauth2-Proxy"; - originUrl = "https://${oauth2ProxyDomain}/oauth2/callback"; - originLanding = "https://${oauth2ProxyDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-oauth2-proxy.path; - scopeMaps = { - "freshrss.access" = [ - "openid" - "email" - "profile" - ]; - "navidrome.access" = [ - "openid" - "email" - "profile" - ]; - "firefly.access" = [ - "openid" - "email" - "profile" - ]; - "radicale.access" = [ - "openid" - "email" - "profile" - ]; - "slink.access" = [ - "openid" - "email" - "profile" - ]; - "adguardhome.access" = [ - "openid" - "email" - "profile" - ]; - }; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "freshrss.access" = [ "ttrss_access" ]; - "navidrome.access" = [ "navidrome_access" ]; - "firefly.access" = [ "firefly_access" ]; - "radicale.access" = [ "radicale_access" ]; - "slink.access" = [ "slink_access" ]; - "adguardhome.access" = [ "adguardhome_access" ]; - }; + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "freshrss.access" = [ "ttrss_access" ]; + "navidrome.access" = [ "navidrome_access" ]; + "firefly.access" = [ "firefly_access" ]; + "radicale.access" = [ "radicale_access" ]; + "slink.access" = [ "slink_access" ]; + "adguardhome.access" = [ "adguardhome_access" ]; }; }; }; @@ -16019,23 +15797,24 @@ kanidm person credential create-reset-token }; }; }; - - - nodes = let - extraConfig = '' - allow ${globals.networks.home-lan.vlans.services.cidrv4}; - allow ${globals.networks.home-lan.vlans.services.cidrv6}; - ''; - in { - ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; }; - ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; }; - }; - }; - } + + + nodes = let + extraConfig = '' + allow ${globals.networks.home-lan.vlans.services.cidrv4}; + allow ${globals.networks.home-lan.vlans.services.cidrv6}; + ''; + in { + ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { + "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; + }; + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; }; + ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; }; + }; + + }; + } #+end_src **** oauth2-proxy @@ -16043,8 +15822,6 @@ kanidm person credential create-reset-token :CUSTOM_ID: h:605f5974-e985-4572-b353-fd1d3ccbadae :END: -This can be used to add OIDC in a way to services that do not support it natively, by tacking it onto the corresponding NGINX service config. In here, it is enabled by setting the =oauth2.enable= option on the respective =virtualHost=. - #+begin_src nix-ts :tangle modules/nixos/server/oauth2-proxy.nix { lib, config, pkgs, globals, dns, confLib, ... }: @@ -16214,14 +15991,14 @@ This can be used to add OIDC in a way to services that do not support it nativel services = { ${serviceName} = { enable = true; - package = pkgs.update.oauth2-proxy; + package = pkgs.dev.oauth2-proxy; cookie = { domain = ".${mainDomain}"; secure = true; expire = "900m"; - secretFile = null; + secret = null; # set by service EnvironmentFile }; - clientSecretFile = null; + clientSecret = null; # set by service EnvironmentFile reverseProxy = true; httpAddress = "0.0.0.0:${builtins.toString servicePort}"; redirectURL = "https://${serviceDomain}/oauth2/callback"; @@ -16289,8 +16066,6 @@ This can be used to add OIDC in a way to services that do not support it nativel :CUSTOM_ID: h:4248e9eb-4b9f-4771-bbfb-7186ef7a8331 :END: -My expenses tracker. - #+begin_src nix-ts :tangle modules/nixos/server/firefly-iii.nix { lib, config, globals, dns, confLib, ... }: let @@ -16432,8 +16207,6 @@ My expenses tracker. :CUSTOM_ID: h:09c0fed3-b9c6-487f-a5f6-49be039e5fa2 :END: -My collection tracker. I am not too happy with its GUI, but the API is good, and I mostly use it to check what I have manually anyways. - #+begin_src nix-ts :tangle modules/nixos/server/koillection.nix { self, lib, config, globals, dns, confLib, ... }: let @@ -16587,8 +16360,6 @@ My collection tracker. I am not too happy with its GUI, but the API is good, and :CUSTOM_ID: h:27eac8b9-c202-4e45-9b80-42592f1e41c8 :END: -Used to sync shell history accross machines and have it backed up somewhere. - #+begin_src nix-ts :tangle modules/nixos/server/atuin.nix { lib, config, globals, dns, confLib, ... }: let @@ -16647,8 +16418,6 @@ Used to sync shell history accross machines and have it backed up somewhere. :CUSTOM_ID: h:c1ca2d28-51d2-45bd-83b5-05007ae94ae6 :END: -Selfhosted calendar and contacts. - #+begin_src nix-ts :tangle modules/nixos/server/radicale.nix { lib, config, globals, dns, confLib, ... }: let @@ -16775,8 +16544,6 @@ Selfhosted calendar and contacts. :CUSTOM_ID: h:f922e8d6-f6e8-4779-a7ad-4037229c9bf0 :END: -P2P filesharing similar to what you might know from wormhole(/-rs), but fully self-hosted. - #+begin_src nix-ts :tangle modules/nixos/server/croc.nix { self, lib, config, pkgs, dns, globals, confLib, ... }: let @@ -16860,8 +16627,6 @@ P2P filesharing similar to what you might know from wormhole(/-rs), but fully se :CUSTOM_ID: h:13071cc3-5cba-44b5-8b5b-2a27be22e021 :END: -Basically a selfhosted pastebin that also offers syntax highlighting. - #+begin_src nix-ts :tangle modules/nixos/server/microbin.nix { self, lib, config, dns, globals, confLib, ... }: let @@ -16997,8 +16762,6 @@ Basically a selfhosted pastebin that also offers syntax highlighting. :CUSTOM_ID: h:4ccdcd5c-a4dd-49e4-94e7-d81db970059c :END: -Self-hosted link shortener. - #+begin_src nix-ts :tangle modules/nixos/server/shlink.nix { self, lib, config, dns, globals, confLib, ... }: let @@ -17118,8 +16881,6 @@ Self-hosted link shortener. :CUSTOM_ID: h:e46c37ac-5610-4603-8afc-2f5f008fc14d :END: -Image sharing service similar to imgur. - Deployment notes: - enable user: =podman exec -it slink slink user:activate --email== - make user admin: =podman exec -it slink slink user:grant:role --email= ROLE_ADMIN= @@ -17256,8 +17017,6 @@ Deployment notes: :CUSTOM_ID: h:470f7ee3-3307-4949-b0fa-403171e3859a :END: -This is an asset management system. However, for my needs it is a bit too convoluted, so I use [[#h:5b4feb1b-e7a3-43f1-9930-8d00012742ad][Homebox (use db)]] instead. - #+begin_src nix-ts :tangle modules/nixos/server/snipe-it.nix { lib, config, globals, dns, confLib, ... }: let @@ -17331,8 +17090,6 @@ This is an asset management system. However, for my needs it is a bit too convol :CUSTOM_ID: h:5b4feb1b-e7a3-43f1-9930-8d00012742ad :END: -My asset manager. I use it to track tools, cables and boardgames mostly. - #+begin_src nix-ts :tangle modules/nixos/server/homebox.nix { self, lib, pkgs, config, globals, dns, confLib, ... }: let @@ -17407,8 +17164,6 @@ My asset manager. I use it to track tools, cables and boardgames mostly. :CUSTOM_ID: h:6e30509a-1320-4993-a9c7-70d28ef2906a :END: -Allows certificate based SSH logins easily. I use this to be able to quickly give people access to my server when needed (by giving them the permissions in [[#h:ee625136-29ab-4696-919f-7b0d0042f6dd][kanidm]]) - #+begin_src nix-ts :tangle modules/nixos/server/opkssh.nix { lib, config, globals, confLib, ... }: let @@ -17876,8 +17631,6 @@ or 2) use classic path addressing =aws s3 cp s3:///" - # ]; - # platforms = platforms.all; - # }; - # }) + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) ]; }; @@ -31137,39 +30738,11 @@ This script quickly generates a block in =.sops.yaml= for a guest host. inherit name; runtimeInputs = [ fzf ]; text = '' - cdr_had_errexit=0 - cdr_had_nounset=0 - cdr_had_pipefail=0 - - case $- in - *e*) cdr_had_errexit=1 ;; - esac - - case $- in - *u*) cdr_had_nounset=1 ;; - esac - - if set -o 2>/dev/null | grep -q '^pipefail[[:space:]]*on'; then - cdr_had_pipefail=1 - fi - - set +e - set +u - set +o pipefail 2>/dev/null || true - DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} FLAKE=${homeConfig.home.sessionVariables.FLAKE} - cdr_target="$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" - - if [ -n "$cdr_target" ]; then - cd "$cdr_target" || true - fi - - if [ "$cdr_had_errexit" -eq 1 ]; then set -e; else set +e; fi - if [ "$cdr_had_nounset" -eq 1 ]; then set -u; else set +u; fi - if [ "$cdr_had_pipefail" -eq 1 ]; then set -o pipefail; else set +o pipefail 2>/dev/null || true; fi + cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" ''; } @@ -31312,8 +30885,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a security = lib.mkDefault true; sops = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault false; # niri - swayosd = lib.mkDefault false; # niri + sway = lib.mkDefault true; + swayosd = lib.mkDefault true; syncthing = lib.mkDefault true; systemdTimeout = lib.mkDefault true; time = lib.mkDefault true; @@ -31387,9 +30960,48 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { - swarselprofiles.personal = true; swarselmodules = { - yubikey = false; + packages = lib.mkForce true; + general = lib.mkForce true; + home-manager = lib.mkForce true; + xserver = lib.mkForce true; + users = lib.mkForce true; + sops = lib.mkForce true; + env = lib.mkForce true; + security = lib.mkForce true; + systemdTimeout = lib.mkForce true; + hardware = lib.mkForce true; + pulseaudio = lib.mkForce true; + pipewire = lib.mkForce true; + network = lib.mkForce true; + time = lib.mkForce true; + stylix = lib.mkForce true; + programs = lib.mkForce true; + zsh = lib.mkForce true; + syncthing = lib.mkForce true; + blueman = lib.mkForce true; + networkDevices = lib.mkForce true; + gvfs = lib.mkForce true; + interceptionTools = lib.mkForce true; + swayosd = lib.mkForce true; + ppd = lib.mkForce true; + yubikey = lib.mkForce false; + ledger = lib.mkForce true; + keyboards = lib.mkForce true; + login = lib.mkForce true; + nix-ld = lib.mkForce true; + impermanence = lib.mkForce true; + nvd = lib.mkForce true; + gnome-keyring = lib.mkForce true; + sway = lib.mkForce true; + xdg-portal = lib.mkForce true; + distrobox = lib.mkForce true; + appimage = lib.mkForce true; + lid = lib.mkForce true; + lowBattery = lib.mkForce true; + lanzaboote = lib.mkForce true; + autologin = lib.mkForce true; + nftables = lib.mkDefault true; }; }; @@ -31530,8 +31142,8 @@ This holds modules that are to be used on most hosts. These are also the most im anki-tray = lib.mkDefault true; attic-store-push = lib.mkDefault true; atuin = lib.mkDefault true; - autotiling = lib.mkDefault false; # niri - batsignal = lib.mkDefault false; # niri + autotiling = lib.mkDefault true; + batsignal = lib.mkDefault true; blueman-applet = lib.mkDefault true; desktop = lib.mkDefault true; direnv = lib.mkDefault true; @@ -31543,18 +31155,17 @@ This holds modules that are to be used on most hosts. These are also the most im firefox = lib.mkDefault true; firezone-tray = lib.mkDefault true; fuzzel = lib.mkDefault true; - gammastep = lib.mkDefault false; # niri + gammastep = lib.mkDefault true; general = lib.mkDefault true; git = lib.mkDefault true; gnome-keyring = lib.mkDefault true; gpgagent = lib.mkDefault true; hexchat = lib.mkDefault true; - kanshi = lib.mkDefault false; # niri + kanshi = lib.mkDefault true; kdeconnect = lib.mkDefault true; kitty = lib.mkDefault true; - khal = lib.mkDefault true; mail = lib.mkDefault true; - mako = lib.mkDefault false; # niri + mako = lib.mkDefault true; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -31573,9 +31184,9 @@ This holds modules that are to be used on most hosts. These are also the most im ssh = lib.mkDefault true; starship = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault false; # niri + sway = lib.mkDefault true; swayidle = lib.mkDefault true; - swaylock = lib.mkDefault false; # niri + swaylock = lib.mkDefault true; swayosd = lib.mkDefault true; symlink = lib.mkDefault true; tmux = lib.mkDefault true; @@ -31667,15 +31278,41 @@ This holds modules that are to be used on most hosts. These are also the most im { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { - swarselprofiles.personal = true; swarselmodules = { + packages = lib.mkForce true; + ownpackages = lib.mkForce true; + general = lib.mkForce true; + nixgl = lib.mkForce true; + sops = lib.mkForce true; yubikey = lib.mkForce false; - ssh = lib.mkForce false; + ssh = lib.mkForce true; + stylix = lib.mkForce true; + desktop = lib.mkForce true; + symlink = lib.mkForce true; env = lib.mkForce false; + programs = lib.mkForce true; + nix-index = lib.mkForce true; + direnv = lib.mkForce true; + eza = lib.mkForce true; git = lib.mkForce false; + fuzzel = lib.mkForce true; + starship = lib.mkForce true; + kitty = lib.mkForce true; + zsh = lib.mkForce true; + zellij = lib.mkForce true; + tmux = lib.mkForce true; mail = lib.mkForce false; - emacs = lib.mkForce false; - obsidian = lib.mkForce false; + emacs = lib.mkForce true; + waybar = lib.mkForce true; + firefox = lib.mkForce true; + gnome-keyring = lib.mkForce true; + kdeconnect = lib.mkForce true; + mako = lib.mkForce true; + swayosd = lib.mkForce true; + yubikeytouch = lib.mkForce true; + sway = lib.mkForce true; + kanshi = lib.mkForce true; + gpgagent = lib.mkForce true; gammastep = lib.mkForce false; }; }; @@ -32138,30 +31775,17 @@ At work and when working on private projects, I often have to jump between sever We set a keybinding to this in [[#h:2b827c27-0de7-45ed-9d9e-6c511e2c6bb5][Custom Keybindings]]. #+begin_src emacs-lisp - (declare-function consult--read "consult") (defun swarsel/consult-magit-repos () (interactive) (require 'magit) - (let ((repos (magit-list-repos))) - (unless repos - (user-error "No repositories found in `magit-repository-directories'")) - (let ((repo - (if (or (fboundp 'consult--read) - (require 'consult nil t)) - (consult--read repos - :prompt "Magit repo: " - :require-match t - :history 'my/consult-magit-repos-history - :sort t) - (completing-read "Magit repo: " - repos - nil - t - nil - 'my/consult-magit-repos-history)))) - (when (and repo (> (length repo) 0)) - (magit-status repo))))) + (let* ((repos (magit-list-repos)) + (repo (consult--read repos + :prompt "Magit repo: " + :require-match t + :history 'my/consult-magit-repos-history + :sort t))) + (magit-status repo))) #+end_src **** org-mode: General setup diff --git a/files/emacs/init.el b/files/emacs/init.el index f1adba1..f613c31 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -162,30 +162,16 @@ create a new one." (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) -(declare-function consult--read "consult") - (defun swarsel/consult-magit-repos () (interactive) (require 'magit) - (let ((repos (magit-list-repos))) - (unless repos - (user-error "No repositories found in `magit-repository-directories'")) - (let ((repo - (if (or (fboundp 'consult--read) - (require 'consult nil t)) - (consult--read repos - :prompt "Magit repo: " - :require-match t - :history 'my/consult-magit-repos-history - :sort t) - (completing-read "Magit repo: " - repos - nil - t - nil - 'my/consult-magit-repos-history)))) - (when (and repo (> (length repo) 0)) - (magit-status repo))))) + (let* ((repos (magit-list-repos)) + (repo (consult--read repos + :prompt "Magit repo: " + :require-match t + :history 'my/consult-magit-repos-history + :sort t))) + (magit-status repo))) (defun swarsel/org-mode-setup () (variable-pitch-mode 1) diff --git a/flake.lock b/flake.lock index 6fff583..48c0b34 100644 --- a/flake.lock +++ b/flake.lock @@ -101,11 +101,11 @@ }, "crane": { "locked": { - "lastModified": 1771796463, - "narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=", + "lastModified": 1769287525, + "narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=", "owner": "ipetkov", "repo": "crane", - "rev": "3d3de3313e263e04894f284ac18177bd26169bad", + "rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21", "type": "github" }, "original": { @@ -116,7 +116,7 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos-extra-modules", @@ -250,11 +250,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1772420042, - "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -322,11 +322,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1772444130, - "narHash": "sha256-z0Qb935EOAxuQlMpL5FkM/cDERrHNNqNVvUG+f2M7d0=", + "lastModified": 1770111667, + "narHash": "sha256-jCWQIveEsr5IKgVnSlMVJCpymifY5pfqTaLJR1CBp0g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f99d61b5ee1831be80ef1369846493251f04a12f", + "rev": "3fe6048ddd9ee1bc0784bdab23da0f5e6911f73b", "type": "github" }, "original": { @@ -337,7 +337,7 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_15", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -389,15 +389,15 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -405,11 +405,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -435,22 +435,6 @@ } }, "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_6": { "flake": false, "locked": { "lastModified": 1696426674, @@ -466,50 +450,34 @@ "type": "github" } }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_7": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_9": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -518,24 +486,6 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, "locked": { "lastModified": 1769996383, "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", @@ -550,9 +500,9 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1765835352, @@ -568,9 +518,9 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1738453229, @@ -586,27 +536,9 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" - }, - "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_6": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_6" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1719994518, @@ -621,7 +553,7 @@ "type": "indirect" } }, - "flake-parts_7": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nur", @@ -642,7 +574,7 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -663,9 +595,9 @@ "type": "github" } }, - "flake-parts_9": { + "flake-parts_7": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_7" + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { "lastModified": 1759362264, @@ -802,64 +734,18 @@ "simple-nixos-mailserver", "flake-compat" ], - "gitignore": "gitignore_6", + "gitignore": "gitignore_4", "nixpkgs": [ "simple-nixos-mailserver", "nixpkgs" ] }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat_2", - "gitignore": "gitignore_2", - "nixpkgs": [ - "niritiling", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1771858127, - "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks-nix_2": { - "inputs": { - "flake-compat": "flake-compat_7", - "gitignore": "gitignore_4", - "nixpkgs": [ - "noctoggle", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1771858127, - "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -893,8 +779,8 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "niritiling", - "git-hooks-nix", + "nixos-extra-modules", + "pre-commit-hooks", "nixpkgs" ] }, @@ -915,7 +801,6 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "nixos-extra-modules", "pre-commit-hooks", "nixpkgs" ] @@ -935,49 +820,6 @@ } }, "gitignore_4": { - "inputs": { - "nixpkgs": [ - "noctoggle", - "git-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_5": { - "inputs": { - "nixpkgs": [ - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_6": { "inputs": { "nixpkgs": [ "simple-nixos-mailserver", @@ -1049,11 +891,11 @@ ] }, "locked": { - "lastModified": 1772380461, - "narHash": "sha256-O3ukj3Bb3V0Tiy/4LUfLlBpWypJ9P0JeUgsKl2nmZZY=", + "lastModified": 1769978395, + "narHash": "sha256-gj1yP3spUb1vGtaF5qPhshd2j0cg4xf51pklDsIm19Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "f140aa04d7d14f8a50ab27f3691b5766b17ae961", + "rev": "984708c34d3495a518e6ab6b8633469bbca2f77a", "type": "github" }, "original": { @@ -1177,11 +1019,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1772216104, - "narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=", + "lastModified": 1769949118, + "narHash": "sha256-Ue9kYZenqMw9yHGFnBpoWxQqhs2tlH/el4AxKVicXBE=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047", + "rev": "0be0641613a13323a61a6406c46b6f28b8894395", "type": "github" }, "original": { @@ -1196,11 +1038,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1772338235, - "narHash": "sha256-9XcwtSIL/c+pkC3SBNuxCJuSktFOBV1TLvvkhekyB8I=", + "lastModified": 1769907691, + "narHash": "sha256-9OwKfEJMR8cxwDqKoJywdWa0LIcMGYZitMSsvAjAsMs=", "owner": "astro", "repo": "microvm.nix", - "rev": "9d1ff9b53532908a5eba7707931c9093508b6b92", + "rev": "f9bf64e6e53ef21603cc65fd2d285c68184d0917", "type": "github" }, "original": { @@ -1280,11 +1122,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1772433239, - "narHash": "sha256-5pPusMALo7ZYEoW/iHUxK7rLk3Kg8sJ8Sdf7IcfK5HA=", + "lastModified": 1769980417, + "narHash": "sha256-BOxPHApuXJE0wFKaDK811u5Ihvn4gnsXhCABo0O/u/Q=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "c56af55f5563f7c7043ed45ed2566a69a638448d", + "rev": "ca6c544ca6a737bdb32676046bf98aca11f8f13d", "type": "github" }, "original": { @@ -1313,11 +1155,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1772207631, - "narHash": "sha256-Jkkg+KqshFO3CbTszVVpkKN2AOObYz+wMsM3ONo1z5g=", + "lastModified": 1769577126, + "narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=", "owner": "YaLTeR", "repo": "niri", - "rev": "e708f546153f74acf33eb183b3b2992587a701e5", + "rev": "f30db163b5748e8cf95c05aba77d0d3736f40543", "type": "github" }, "original": { @@ -1326,27 +1168,6 @@ "type": "github" } }, - "niritiling": { - "inputs": { - "flake-parts": "flake-parts_2", - "git-hooks-nix": "git-hooks-nix", - "nixpkgs": "nixpkgs_9", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1772501846, - "narHash": "sha256-8ENdwZocIcoBLVZdMkH0g3AioA/9eblpbNVSXrKvFdQ=", - "owner": "Swarsel", - "repo": "niritiling", - "rev": "6238840d8c85937e54c23fb8acf37c7274b9082d", - "type": "github" - }, - "original": { - "owner": "Swarsel", - "repo": "niritiling", - "type": "github" - } - }, "nix": { "flake": false, "locked": { @@ -1366,14 +1187,14 @@ }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1772379624, - "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", + "lastModified": 1768764703, + "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "52d061516108769656a8bd9c6e811c677ec5b462", + "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", "type": "github" }, "original": { @@ -1429,11 +1250,11 @@ ] }, "locked": { - "lastModified": 1772341813, - "narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -1444,16 +1265,16 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_11", + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_10", "systems": "systems" }, "locked": { - "lastModified": 1772334875, - "narHash": "sha256-AveYVY2plEJ62Br6iAd4fB5PDYyjJoTEmgdWRV3m+Vo=", + "lastModified": 1770000653, + "narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "a852ac73a4f9bf8270bdac90a72a28fef5df846b", + "rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1", "type": "github" }, "original": { @@ -1466,7 +1287,7 @@ "inputs": { "home-manager": "home-manager_3", "nix-formatter-pack": "nix-formatter-pack", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nmd": "nmd_2" @@ -1488,15 +1309,15 @@ }, "nix-topology": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_13" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1771963727, - "narHash": "sha256-gFyFAFYYoNsvd6heI0XtDMIa4pnykjwDljS7dQm45uE=", + "lastModified": 1769983422, + "narHash": "sha256-/zQdD8Aogh16eD5lgFokRMA0EYCm5uQITKCA90/01Oo=", "owner": "oddlama", "repo": "nix-topology", - "rev": "b493b9b970388d79129ce1a92a6b060c9305386f", + "rev": "20b5c5c698d45cc0f950889b3f6379ced5ce9c4a", "type": "github" }, "original": { @@ -1543,7 +1364,7 @@ "nixgl": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_14" + "nixpkgs": "nixpkgs_13" }, "locked": { "lastModified": 1762090880, @@ -1577,8 +1398,8 @@ "nixos-extra-modules": { "inputs": { "devshell": "devshell_2", - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_15", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_14", "nixt": "nixt", "pre-commit-hooks": "pre-commit-hooks" }, @@ -1620,11 +1441,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1769302137, + "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", "type": "github" }, "original": { @@ -1657,14 +1478,14 @@ "nixos-nftables-firewall": { "inputs": { "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_16" }, "locked": { - "lastModified": 1771368654, - "narHash": "sha256-k+O9zSfzT+hkY9Whk/6wczIxr9ULGUt//UvJDcH5jCo=", + "lastModified": 1715521768, + "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "904b533798d8236c129f5a85076c0af1e5cdf8a0", + "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", "type": "github" }, "original": { @@ -1725,11 +1546,11 @@ }, "nixpkgs-bisect": { "locked": { - "lastModified": 1772456869, - "narHash": "sha256-dpJZDTBrJsVk5OPclGEx9UEkd07TCebPXpaOtQgbgDo=", + "lastModified": 1770036759, + "narHash": "sha256-DJCFJPCTYWb+fVucckjAEvgd1Hjhe5stYT0vDPfMFpE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7b25dc29ae2eb0e095ed0f9e9f1e3c1beda2dedc", + "rev": "2b10a50ae3da5b008025eefa9a440d95559bccde", "type": "github" }, "original": { @@ -1789,37 +1610,22 @@ }, "nixpkgs-kernel": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", - "owner": "nixos", + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" }, "original": { - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", - "owner": "nixos", + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" } }, "nixpkgs-lib": { - "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_2": { "locked": { "lastModified": 1769909678, "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", @@ -1834,7 +1640,7 @@ "type": "github" } }, - "nixpkgs-lib_3": { + "nixpkgs-lib_2": { "locked": { "lastModified": 1765674936, "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", @@ -1849,7 +1655,7 @@ "type": "github" } }, - "nixpkgs-lib_4": { + "nixpkgs-lib_3": { "locked": { "lastModified": 1738452942, "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", @@ -1861,22 +1667,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, - "nixpkgs-lib_5": { - "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_6": { + "nixpkgs-lib_4": { "locked": { "lastModified": 1719876945, "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", @@ -1888,7 +1679,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, - "nixpkgs-lib_7": { + "nixpkgs-lib_5": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -1985,11 +1776,11 @@ }, "nixpkgs-stable25_11": { "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", + "lastModified": 1769900590, + "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", + "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", "type": "github" }, "original": { @@ -2001,11 +1792,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", + "lastModified": 1769900590, + "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", + "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", "type": "github" }, "original": { @@ -2017,11 +1808,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", + "lastModified": 1769900590, + "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", + "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", "type": "github" }, "original": { @@ -2031,39 +1822,7 @@ "type": "github" } }, - "nixpkgs-update": { - "locked": { - "lastModified": 1772366254, - "narHash": "sha256-BEyksEod87WtnABqiwpqEpRbkpnZcdgnja8hWLajF6w=", - "owner": "r-ryantm", - "repo": "nixpkgs", - "rev": "b11492b3f4f5d1b1fd2a0cf05c0ebf90412c1086", - "type": "github" - }, - "original": { - "owner": "r-ryantm", - "ref": "auto-update/oauth2-proxy", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_10": { - "locked": { - "lastModified": 1765934234, - "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -2079,7 +1838,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1708172716, "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", @@ -2094,7 +1853,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1766651565, "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", @@ -2110,7 +1869,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -2125,7 +1884,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { "lastModified": 1737885589, "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", @@ -2141,7 +1900,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_15": { "locked": { "lastModified": 1677063315, "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", @@ -2157,13 +1916,13 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_16": { "locked": { - "lastModified": 1771008912, - "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", - "owner": "NixOS", + "lastModified": 1692638711, + "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "rev": "91a22f76cd1716f9d0149e8a5c68424bb691de15", "type": "github" }, "original": { @@ -2173,55 +1932,23 @@ "type": "github" } }, + "nixpkgs_17": { + "locked": { + "lastModified": 1769789167, + "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_18": { - "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_19": { - "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1772173633, - "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_20": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -2237,13 +1964,13 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_19": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "lastModified": 1769789167, + "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", "type": "github" }, "original": { @@ -2253,7 +1980,23 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_2": { + "locked": { + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_20": { "locked": { "lastModified": 1767892417, "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", @@ -2269,13 +2012,45 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_21": { "locked": { - "lastModified": 1770073757, - "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", + "lastModified": 1764947035, + "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47472570b1e607482890801aeaf29bfb749884f6", + "rev": "a672be65651c80d3f592a89b3945466584a22069", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_22": { + "locked": { + "lastModified": 1764374374, + "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6a49303095abc094ee77dc243a9e351b642e8e75", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_23": { + "locked": { + "lastModified": 1769740369, + "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", "type": "github" }, "original": { @@ -2287,50 +2062,21 @@ }, "nixpkgs_24": { "locked": { - "lastModified": 1770650459, - "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_25": { - "locked": { - "lastModified": 1772173633, - "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_26": { - "locked": { - "lastModified": 1772198003, - "narHash": "sha256-UCaQQ8zmHUocQIgCl+53Jj6NuwqrVKtmv7obE9r6wnw=", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", - "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre955442.dd9b079222d4/nixexprs.tar.xz" - }, - "original": { - "type": "tarball", - "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" - } - }, - "nixpkgs_27": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -2346,7 +2092,7 @@ "type": "github" } }, - "nixpkgs_28": { + "nixpkgs_26": { "locked": { "lastModified": 1759733170, "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", @@ -2362,13 +2108,13 @@ "type": "github" } }, - "nixpkgs_29": { + "nixpkgs_27": { "locked": { - "lastModified": 1770107345, - "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -2378,23 +2124,7 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_30": { + "nixpkgs_28": { "locked": { "lastModified": 1742268799, "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", @@ -2410,7 +2140,7 @@ "type": "github" } }, - "nixpkgs_31": { + "nixpkgs_29": { "locked": { "lastModified": 1765934234, "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", @@ -2426,6 +2156,22 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_4": { "locked": { "lastModified": 1759652726, @@ -2460,11 +2206,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -2492,11 +2238,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "lastModified": 1769789167, + "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", "type": "github" }, "original": { @@ -2508,23 +2254,23 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1765934234, + "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixt": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" @@ -2604,66 +2350,22 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "noctalia-qs": "noctalia-qs" - }, - "locked": { - "lastModified": 1772453415, - "narHash": "sha256-8TCMSFCBZdutKryFKX72GOb/NWL9/vB5rswgWXV/EuM=", - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "rev": "8ebf2bf33220c62f3c5e937a318eceb25dd17228", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "type": "github" - } - }, - "noctalia-qs": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" ] }, "locked": { - "lastModified": 1772227064, - "narHash": "sha256-f821ZSoGpa/aXrWq0gPpea9qBnX8KDyavGKkptz2Mog=", + "lastModified": 1770217681, + "narHash": "sha256-gMJRIJiZFBe7Bwrwo2cz7YAxV0OiAVQMcmp8fY/YDPg=", "owner": "noctalia-dev", - "repo": "noctalia-qs", - "rev": "0741d27d2f7db567270f139c5d1684614ecf9863", + "repo": "noctalia-shell", + "rev": "91d07e9279aa9394427289f4b5dff959fbf779fb", "type": "github" }, "original": { "owner": "noctalia-dev", - "repo": "noctalia-qs", + "repo": "noctalia-shell", "type": "github" } }, - "noctoggle": { - "inputs": { - "flake-parts": "flake-parts_5", - "git-hooks-nix": "git-hooks-nix_2", - "nixpkgs": "nixpkgs_19", - "treefmt-nix": "treefmt-nix_2" - }, - "locked": { - "lastModified": 1772055992, - "narHash": "sha256-mruNKGSrxVJERkhMoFAIJv7McUu3LcdUkO1/sGu7nE4=", - "ref": "main", - "rev": "36f2784de08f8471a7227095c5c91d906f5614ba", - "revCount": 1, - "type": "git", - "url": "ssh://git@github.com/Swarsel/noctoggle.git" - }, - "original": { - "ref": "main", - "type": "git", - "url": "ssh://git@github.com/Swarsel/noctoggle.git" - } - }, "nosys": { "locked": { "lastModified": 1668010795, @@ -2681,8 +2383,8 @@ }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_6", - "nixpkgs": "nixpkgs_20" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1721304043, @@ -2700,15 +2402,15 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_21" + "flake-parts": "flake-parts_5", + "nixpkgs": "nixpkgs_19" }, "locked": { - "lastModified": 1772457611, - "narHash": "sha256-kqmCdDMGk7zn6c0Sh2T3peyWPCbotMVp0FoWS+I2ISs=", + "lastModified": 1770037177, + "narHash": "sha256-a94+hfIuDFmV1z/+/6M0+O8ZuJsjWzCr7XMS4Poesws=", "owner": "nix-community", "repo": "NUR", - "rev": "3b63a4c22748d5d0e9052c67f455cb138051ac33", + "rev": "b44e611bc73349f5ff9d85169f73de76d75cd6de", "type": "github" }, "original": { @@ -2859,14 +2561,14 @@ "pia": { "inputs": { "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_20" }, "locked": { - "lastModified": 1772467409, - "narHash": "sha256-nNLIwuo2Za2yZBsW2CHIrqHyJro8PArqBz4AwKemtQ0=", + "lastModified": 1769674747, + "narHash": "sha256-fj6i2Xay3Jz8MJHcPiJslsL+YHh2JzaJtWr7rA0ckgY=", "owner": "Swarsel", "repo": "pia.nix", - "rev": "54e821537aeba6a757c23e65e3ee2cdf0c4e9702", + "rev": "7b56baf2300e49bb05d7e24f2fcd5d8ce4a40143", "type": "github" }, "original": { @@ -2886,11 +2588,11 @@ ] }, "locked": { - "lastModified": 1771858127, - "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -2901,8 +2603,8 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_3", + "flake-compat": "flake-compat_5", + "gitignore": "gitignore_2", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" @@ -2924,16 +2626,16 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_8", - "gitignore": "gitignore_5", - "nixpkgs": "nixpkgs_23" + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_3", + "nixpkgs": "nixpkgs_21" }, "locked": { - "lastModified": 1772024342, - "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", + "lastModified": 1769939035, + "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", + "rev": "a8ca480175326551d6c4121498316261cbb5b260", "type": "github" }, "original": { @@ -2955,7 +2657,6 @@ "lanzaboote": "lanzaboote", "microvm": "microvm", "niri-flake": "niri-flake", - "niritiling": "niritiling", "nix-darwin": "nix-darwin", "nix-eval-jobs": "nix-eval-jobs", "nix-index-database": "nix-index-database", @@ -2968,7 +2669,7 @@ "nixos-hardware": "nixos-hardware", "nixos-images": "nixos-images", "nixos-nftables-firewall": "nixos-nftables-firewall", - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_17", "nixpkgs-bisect": "nixpkgs-bisect", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", @@ -2978,9 +2679,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11", "nixpkgs-stable25_05": "nixpkgs-stable25_05", "nixpkgs-stable25_11": "nixpkgs-stable25_11", - "nixpkgs-update": "nixpkgs-update", "noctalia": "noctalia", - "noctoggle": "noctoggle", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", "pia": "pia", @@ -2993,7 +2692,7 @@ "swarsel-nix": "swarsel-nix", "systems": "systems_7", "topologyPrivate": "topologyPrivate", - "treefmt-nix": "treefmt-nix_3", + "treefmt-nix": "treefmt-nix", "vbc-nix": "vbc-nix", "zjstatus": "zjstatus" } @@ -3023,11 +2722,11 @@ ] }, "locked": { - "lastModified": 1771988922, - "narHash": "sha256-Fc6FHXtfEkLtuVJzd0B6tFYMhmcPLuxr90rWfb/2jtQ=", + "lastModified": 1769309768, + "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f4443dc3f0b6c5e6b77d923156943ce816d1fcb9", + "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5", "type": "github" }, "original": { @@ -3109,16 +2808,16 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_7", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_24" + "nixpkgs": "nixpkgs_22" }, "locked": { - "lastModified": 1772064816, - "narHash": "sha256-ks1D9Rtmopd5F/8ENjEUJpSYYMxv603/v6TRen9Hq54=", + "lastModified": 1766321686, + "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "ea4dc17f4bc0f65eed082fa394509e4543072b56", + "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3", "type": "gitlab" }, "original": { @@ -3147,14 +2846,14 @@ }, "sops": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_23" }, "locked": { - "lastModified": 1772401007, - "narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=", + "lastModified": 1769921679, + "narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4", + "rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f", "type": "github" }, "original": { @@ -3181,15 +2880,15 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_26", + "nixpkgs": "nixpkgs_24", "systems": "systems_4" }, "locked": { - "lastModified": 1772494187, - "narHash": "sha256-6ksgNAFXVK+Cg/6ww7bB2nJUPZlnS75UwZC7G+L03EE=", + "lastModified": 1769986820, + "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", "owner": "Gerg-l", "repo": "spicetify-nix", - "rev": "915ab06b046d05613041780c575c62a32fe67cea", + "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", "type": "github" }, "original": { @@ -3283,9 +2982,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_8", + "flake-parts": "flake-parts_6", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_27", + "nixpkgs": "nixpkgs_25", "nur": "nur_2", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -3295,23 +2994,23 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1772019936, - "narHash": "sha256-KFfKOAKO3NUgK+Io7h9xdtgeKT8yM/+eDrFXT4XXMwg=", - "owner": "Swarsel", + "lastModified": 1769978605, + "narHash": "sha256-Vjniae6HHJCb9xZLeUOP15aRQXSZuKeeaZFM+gRDCgo=", + "owner": "danth", "repo": "stylix", - "rev": "a3026016be22b2b50c774451e515f640a8e14ae6", + "rev": "ce22070ec5ce6169a6841da31baea33ce930ed38", "type": "github" }, "original": { - "owner": "Swarsel", + "owner": "danth", "repo": "stylix", "type": "github" } }, "swarsel-nix": { "inputs": { - "flake-parts": "flake-parts_9", - "nixpkgs": "nixpkgs_28", + "flake-parts": "flake-parts_7", + "nixpkgs": "nixpkgs_26", "systems": "systems_6" }, "locked": { @@ -3558,56 +3257,14 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": [ - "niritiling", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_27" }, "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "lastModified": 1769691507, + "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "noctoggle", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": "nixpkgs_29" - }, - "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "type": "github" }, "original": { @@ -3618,15 +3275,15 @@ }, "vbc-nix": { "inputs": { - "nixpkgs": "nixpkgs_30", + "nixpkgs": "nixpkgs_28", "systems": "systems_8" }, "locked": { - "lastModified": 1772450324, - "narHash": "sha256-WVmVk/wBPq2MXKKOBdoRM0i+0o7Lx+mNQk5I/fUA1eo=", + "lastModified": 1742477270, + "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", "ref": "main", - "rev": "cf687d4f2b9a3dd69de99555f5511ede05254919", - "revCount": 7, + "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", + "revCount": 2, "type": "git", "url": "ssh://git@github.com/vbc-it/vbc-nix.git" }, @@ -3656,11 +3313,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1772429643, - "narHash": "sha256-M+bAeCCcjBnVk6w/4dIVvXvpJwOKnXjwi/lDbaN6Yws=", + "lastModified": 1769713942, + "narHash": "sha256-0BtCSO2qzYK/akRDsERqRVLknCYD3FYErc+szreSHUo=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "10f985b84cdbcc3bbf35b3e7e43d1b2a84fa9ce2", + "rev": "37ec78ee26e158b71f42e113e0e7dd9d5eb6bdb0", "type": "github" }, "original": { @@ -3696,15 +3353,15 @@ "inputs": { "crane": "crane_3", "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_31", + "nixpkgs": "nixpkgs_29", "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1771148613, - "narHash": "sha256-nLzdw8jskekSRrunxBDCA0NCHr/2aJjcXqZ1Fcqm5eY=", + "lastModified": 1766016463, + "narHash": "sha256-aWp608krMtk5I+c3GXyuHkb6ugah40cBI0R52fNqMiI=", "owner": "dj95", "repo": "zjstatus", - "rev": "7a039f56da80681408454d6e175fde3f54b9e592", + "rev": "9a4b88fdceee8eb2b8c28111c53e94254d61c994", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 04fbe8c..5edec40 100644 --- a/flake.nix +++ b/flake.nix @@ -28,9 +28,7 @@ smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; - nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy"; - # nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version - nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version + nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; @@ -72,8 +70,7 @@ systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; - # stylix.url = "github:danth/stylix"; - stylix.url = "github:Swarsel/stylix"; + stylix.url = "github:danth/stylix"; sops.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; @@ -90,7 +87,6 @@ flake-parts.url = "github:hercules-ci/flake-parts"; devshell.url = "github:numtide/devshell"; spicetify-nix.url = "github:Gerg-l/spicetify-nix"; - # spicetify-nix.url = "github:Swarsel/spicetify-nix"; niri-flake.url = "github:sodiboo/niri-flake"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; microvm.url = "github:astro/microvm.nix"; @@ -99,8 +95,6 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; pia.url = "github:Swarsel/pia.nix/custom"; - niritiling.url = "github:Swarsel/niritiling"; - noctoggle.url = "git+ssh://git@github.com/Swarsel/noctoggle.git?ref=main"; }; outputs = diff --git a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix index 02fb151..9b873c8 100644 --- a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix +++ b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix @@ -22,8 +22,7 @@ # ''; boot = { - # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; - kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest; + kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; binfmt.emulatedSystems = [ "aarch64-linux" ]; initrd = { diff --git a/modules/home/common/anki.nix b/modules/home/common/anki.nix index e757c2e..8b26ac6 100644 --- a/modules/home/common/anki.nix +++ b/modules/home/common/anki.nix @@ -10,7 +10,7 @@ in programs.anki = { enable = true; - package = pkgs.anki; + # # package = pkgs.anki; hideBottomBar = true; hideBottomBarMode = "always"; hideTopBar = true; @@ -18,7 +18,7 @@ in reduceMotion = true; spacebarRatesCard = true; # videoDriver = "opengl"; - profiles."User 1".sync = { + sync = { autoSync = false; # sync on profile close will delay system shutdown syncMedia = true; autoSyncMediaMinutes = 5; diff --git a/modules/home/common/khal.nix b/modules/home/common/khal.nix deleted file mode 100644 index 73ee4a0..0000000 --- a/modules/home/common/khal.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, pkgs, ... }: -let - moduleName = "khal"; -in -{ - options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings"; - config = lib.mkIf config.swarselmodules.${moduleName} { - programs.${moduleName} = { - enable = true; - package = pkgs.khal; - }; - }; - -} diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index 40cb0b9..bd1bed2 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -14,6 +14,7 @@ picard-tools audacity sox + # stable.feishin # does not work with oauth2-proxy calibre # printing @@ -31,7 +32,7 @@ (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) # browser - vieb + stable24_11.vieb mgba # utilities @@ -88,7 +89,7 @@ # element-desktop nicotine-plus - transmission_3 + stable25_05.transmission_3 mktorrent hugo @@ -149,7 +150,13 @@ slurp # the following packages are used (in some way) by waybar + # playerctl pavucontrol + # stable.pamixer + # gnome.gnome-clocks + # wlogout + # jdiskreport + # monitor #keychain qalculate-gtk diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index d363b9e..26f53d3 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -9,7 +9,8 @@ pkgs.bat-extras.batdiff pkgs.bat-extras.batman pkgs.bat-extras.batwatch - pkgs.bat-extras.batgrep + ] ++ [ + pkgs.stable.bat-extras.batgrep ]; # extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; }; @@ -87,9 +88,5 @@ ]; }; }; - - home.sessionVariables = { - _ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist"; - }; }; } diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index e8408a0..fc6ff86 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -61,8 +61,6 @@ in nixpkgs = lib.mkIf (!isNixos) { overlays = [ outputs.overlays.default - outputs.overlays.stables - outputs.overlays.modifications (final: prev: let additions = final: _: import "${self}/pkgs/config" { diff --git a/modules/home/common/swayosd.nix b/modules/home/common/swayosd.nix index 4d81e1a..b425eb5 100644 --- a/modules/home/common/swayosd.nix +++ b/modules/home/common/swayosd.nix @@ -5,7 +5,7 @@ systemd.user.services.swayosd = confLib.overrideTarget "sway-session.target"; services.swayosd = { enable = true; - package = pkgs.swayosd; + package = pkgs.dev.swayosd; topMargin = 0.5; }; }; diff --git a/modules/home/common/vesktop.nix b/modules/home/common/vesktop.nix index 27b14e4..772345c 100644 --- a/modules/home/common/vesktop.nix +++ b/modules/home/common/vesktop.nix @@ -7,7 +7,7 @@ in config = lib.mkIf config.swarselmodules.${moduleName} { programs.${moduleName} = { enable = true; - package = pkgs.vesktop; + package = pkgs.stable.vesktop; settings = { appBadge = false; arRPC = false; diff --git a/modules/home/optional/niri.nix b/modules/home/optional/niri.nix index 6d36f35..a144a3d 100644 --- a/modules/home/optional/niri.nix +++ b/modules/home/optional/niri.nix @@ -8,7 +8,6 @@ package = pkgs.niri-stable; # which package to use for niri validation settings = { gestures.hot-corners.enable = false; - hotkey-overlay.skip-at-startup = true; debug = { honor-xdg-activation-with-invalid-serial = [ ]; }; @@ -106,19 +105,17 @@ }; binds = with config.lib.niri.actions; let sh = spawn "sh" "-c"; + resizer = "niri-resize & sleep 0.05"; in { "Mod+Shift+t".action = toggle-window-rule-opacity; "Mod+m".action = focus-workspace-previous; "Mod+Shift+Space".action = toggle-window-floating; "Mod+Shift+f".action = fullscreen-window; - # "Mod+q".action = sh "${resizer} && niri msg action close-window"; - "Mod+q".action = sh "niri msg action close-window"; - # "Mod+f".action = sh "${resizer} && exec firefox"; - "Mod+f".action = sh "exec firefox"; + "Mod+q".action = sh "${resizer} && niri msg action close-window"; + "Mod+f".action = sh "${resizer} && exec firefox"; # "Mod+Space".action = spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; - # "Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle"; - "Mod+Space".action = sh "exec noctalia-shell ipc call launcher toggle"; + "Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle"; # "Mod+Space".action = sh "${resizer} & exec fuzzel"; "Mod+z".action = spawn "noctalia-shell" "ipc" "call" "bar" "toggle"; "Mod+Shift+c".action = spawn "qalculate-gtk"; @@ -133,16 +130,11 @@ "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - # "Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'"; - "Mod+e".action = sh "exec emacsclient -nquc -a emacs -e '(dashboard-open)'"; - # "Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'"; - "Mod+c".action = sh "exec emacsclient -ce '(org-capture)'"; - # "Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'"; - "Mod+t".action = sh "exec emacsclient -ce '(org-agenda)'"; - # "Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'"; - "Mod+Shift+m".action = sh "exec emacsclient -ce '(mu4e)'"; - # "Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'"; - "Mod+Shift+a".action = sh "exec emacsclient -ce '(swarsel/open-calendar)'"; + "Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'"; "Mod+a".action = spawn "swarselcheck-niri" "-s"; "Mod+x".action = spawn "swarselcheck-niri" "-k"; @@ -167,8 +159,7 @@ # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; # "Mod+r".action = "mode resize"; # "Mod+Return".action = "exec kitty"; - # "Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0"; - "Mod+Return".action = sh "exec kitty -o confirm_os_window_close=0"; + "Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0"; "XF86AudioRaiseVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "increase"; "XF86AudioLowerVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; "XF86AudioMute".action = spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; @@ -214,7 +205,7 @@ # { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } # { command = [ "noctalia-shell" ]; } # { argv = [ "pkill" "mako" ]; } - { argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" ]; } + { argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" "tray.target" ]; } ]; # workspaces = { # "01-Main" = { @@ -227,33 +218,5 @@ }; }; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - config.niri = { - default = [ - "gtk" - "gnome" - ]; - "org.freedesktop.impl.portal.Access" = [ "gtk" ]; - "org.freedesktop.impl.portal.Notification" = [ "gtk" ]; - "org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ]; - "org.freedesktop.impl.portal.FileChooser" = [ "gtk" ]; - "org.freedesktop.impl.portal.ScreenCast" = [ "xdg-desktop-portal-gnome" ]; - "org.freedesktop.impl.portal.Screenshot" = [ "xdg-desktop-portal-gnome" ]; - }; - extraPortals = [ - pkgs.gnome-keyring - pkgs.xdg-desktop-portal-gtk - pkgs.xdg-desktop-portal-gnome - ]; - }; - - swarselmodules.gnome-keyring = lib.swarselsystems.mkStrong true; - - home.packages = [ - pkgs.nirius - ]; - }; } diff --git a/modules/home/optional/noctalia.nix b/modules/home/optional/noctalia.nix index 4641ef8..01d0f39 100644 --- a/modules/home/optional/noctalia.nix +++ b/modules/home/optional/noctalia.nix @@ -1,13 +1,8 @@ -{ self, inputs, config, pkgs, lib, confLib, type, ... }: -let - inherit (confLib.getConfig.repo.secrets.common) caldavTasksEndpoint; - inherit (config.swarselsystems) xdgDir; -in +{ self, inputs, config, pkgs, lib, confLib, ... }: { imports = [ inputs.noctalia.homeModules.default ]; - options.swarselmodules.optional-noctalia = lib.swarselsystems.mkTrueOption; config = { systemd.user = { targets = { @@ -16,35 +11,24 @@ in }; tray = { Unit = { - Wants = [ "noctalia-init.service" ]; - After = [ - "noctalia-shell.service" - "noctalia-init.service" - ]; + After = [ "noctalia-init.service" ]; + PartOf = [ "noctalia-shell.service" ]; }; Install.WantedBy = [ "noctalia-shell.target" ]; }; }; services = { - noctalia-shell = { - Unit.PartOf = [ "noctalia-shell.target" ]; - Install.WantedBy = [ "noctalia-shell.target" ]; - }; + noctalia-shell = confLib.overrideTarget "noctalia-shell.target"; noctalia-init = { - Unit = { - Requires = [ "noctalia-shell.service" ]; - After = [ "noctalia-shell.service" ]; - }; - Service = { Type = "oneshot"; - ExecStart = "${pkgs.coreutils}/bin/sleep 3"; + ExecStart = "${pkgs.coreutils}/bin/sleep 15"; RemainAfterExit = true; }; Install = { - WantedBy = [ "tray.target" ]; + WantedBy = [ "noctalia-shell.target" ]; }; }; }; @@ -54,7 +38,7 @@ in fastfetch.enable = true; noctalia-shell = { enable = true; - package = pkgs.noctalia-shell; + package = pkgs.noctalia-shell.override { calendarSupport = true; }; systemd.enable = true; settings = { bar = { @@ -74,7 +58,7 @@ in frameRadius = 12; outerCorners = false; hideOnOverview = false; - displayMode = "non_exclusive"; + displayMode = "auto_hide"; autoHideDelay = 100; autoShowDelay = 300; screenOverrides = [ ]; @@ -123,7 +107,7 @@ in todos = [ ]; useCustomColors = false; }; - id = "plugin:ba7043:todo"; + id = "plugin:todo"; } ]; center = [ @@ -165,7 +149,7 @@ in showUnreadBadge = true; } { - id = "plugin:github-feed"; + id = "plugin:ba7043:github-feed"; } { id = "plugin:clipper"; @@ -191,7 +175,7 @@ in showPowerProfiles = true; } { - iconColor = "none"; + colorName = "primary"; id = "SessionMenu"; } { @@ -205,7 +189,7 @@ in } { colorizeDistroLogo = false; - colorizeSystemIcon = "none"; + colorizeSystemIcon = "primary"; customIconPath = "${self}/files/icons/swarsel.png"; enableColorization = true; icon = "noctalia"; @@ -338,12 +322,9 @@ in viewMode = "list"; showCategories = false; iconMode = "native"; - density = "compact"; - overviewLayer = false; showIconBackground = false; enableSettingsSearch = false; enableWindowsSearch = false; - enableSessionSearch = false; ignoreMouseInput = true; screenshotAnnotationTool = ""; }; @@ -453,49 +434,36 @@ in command = ""; countdownEnabled = true; enabled = true; - keybind = "L"; } { action = "suspend"; command = ""; countdownEnabled = true; enabled = true; - keybind = "S"; } { action = "hibernate"; command = ""; countdownEnabled = true; enabled = true; - keybind = "H"; } { action = "reboot"; command = ""; countdownEnabled = true; enabled = true; - keybind = "R"; } { action = "logout"; command = ""; countdownEnabled = true; enabled = true; - keybind = "U"; } { action = "shutdown"; command = ""; countdownEnabled = true; enabled = true; - keybind = "P"; - } - { - action = "rebootToUefi"; - command = ""; - countdownEnabled = true; - enabled = true; - keybind = "B"; } ]; }; @@ -582,7 +550,7 @@ in "unicode-picker" "screen-recorder" ]) // { - todo = { + github-feed = { enabled = true; sourceUrl = "https://github.com/Swarsel/noctalia-plugins"; }; @@ -593,28 +561,6 @@ in enableTodoIntegration = false; }; - todo = { - - caldavEnabled = true; - caldavUrl = caldavTasksEndpoint; - caldavUsername = config.swarselsystems.mainUser; - caldavPasswordType = "file"; - caldavPasswordCmd = ""; - caldavPasswordFile = confLib.getConfig.sops.secrets.radicale-token.path; - caldavSyncInterval = 300; - current_page_id = 1; - pages = [ - { - id = 0; - name = "General"; - } - { - id = 1; - name = "Work"; - } - ]; - }; - privacy-indicator = { hideInactive = true; iconSpacing = 4; @@ -652,8 +598,8 @@ in # my fork: showNotificationBadge = true; colorizationEnabled = true; - colorizationIcon = "None"; - colorizationBadge = "Primary"; + colorizationIcon = "Primary"; + colorizationBadge = "Tertiary"; colorizationBadgeText = "None"; defaultTab = 1; enableSystemNotifications = true; @@ -669,9 +615,5 @@ in }; }; }; - } // lib.optionalAttrs (type != "nixos") { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { - radicale-token = { path = "${xdgDir}/secrets/radicaleToken"; }; - }; }; } diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index e1f24fe..d59d082 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -11,7 +11,7 @@ in config = { home = { packages = with pkgs; [ - teams-for-linux + stable.teams-for-linux shellcheck dig docker @@ -21,12 +21,9 @@ in prometheus.cli tigervnc # openstackclient - step-cli - - vscode-fhs - copilot-cli - antigravity + vscode + dev.antigravity rustdesk-vbc ]; @@ -148,7 +145,7 @@ in programs = let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; + inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; in { openstackclient = { @@ -157,7 +154,7 @@ in }; awscli = { enable = true; - package = pkgs.awscli2; + package = pkgs.stable24_05.awscli2; # settings = { # "default" = { }; # "profile s3-imagebuilder-prod" = { }; @@ -169,8 +166,7 @@ in # }; # }; }; - # this is no longer needed since moving away from bitbucket - # git.settings.user.email = lib.mkForce gitMail; + git.settings.user.email = lib.mkForce gitMail; zsh = { shellAliases = { @@ -556,7 +552,7 @@ in }; Service = { - ExecStart = "${pkgs.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; + ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; }; }; diff --git a/modules/nixos/client/distrobox.nix b/modules/nixos/client/distrobox.nix index 4ec1203..d44fc7c 100644 --- a/modules/nixos/client/distrobox.nix +++ b/modules/nixos/client/distrobox.nix @@ -10,7 +10,7 @@ virtualisation.podman = { enable = true; dockerCompat = true; - package = pkgs.podman; + package = pkgs.stable.podman; }; }; } diff --git a/modules/nixos/client/hardware.nix b/modules/nixos/client/hardware.nix index 0273fed..fd69f7c 100644 --- a/modules/nixos/client/hardware.nix +++ b/modules/nixos/client/hardware.nix @@ -33,7 +33,7 @@ bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { enable = true; - package = pkgs.bluez; + package = pkgs.stable.bluez; powerOnBoot = true; settings = { General = { diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index 3e61505..ffbc6e7 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -82,30 +82,31 @@ pipewire pixman speex - steam-fhsenv-without-steam + # stable.cc.cc + stable25_05.steam-fhsenv-without-steam systemd tbb vulkan-loader - libice - libsm - libx11 - libxscrnsaver - libxcomposite - libxcursor - libxdamage - libxext - libxfixes - libxft - libxi - libxinerama - libxmu - libxrandr - libxrender - libxt - libxtst - libxxf86vm - libxcb - libxshmfence + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXft + xorg.libXi + xorg.libXinerama + xorg.libXmu + xorg.libXrandr + xorg.libXrender + xorg.libXt + xorg.libXtst + xorg.libXxf86vm + xorg.libxcb + xorg.libxshmfence zlib ]; }; diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index 1d9ee61..f52bfd4 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -16,7 +16,6 @@ pcsc-tools pcscliteWithPolkit.out - # ledger packages ledger-live-desktop diff --git a/modules/nixos/client/pipewire.nix b/modules/nixos/client/pipewire.nix index b8e742b..1f8ea4d 100644 --- a/modules/nixos/client/pipewire.nix +++ b/modules/nixos/client/pipewire.nix @@ -6,7 +6,7 @@ services.pipewire = { enable = true; - package = pkgs.pipewire; + package = pkgs.stable.pipewire; pulse.enable = true; jack.enable = true; audio.enable = true; diff --git a/modules/nixos/client/swayosd.nix b/modules/nixos/client/swayosd.nix index 9b306ef..c8d1caf 100644 --- a/modules/nixos/client/swayosd.nix +++ b/modules/nixos/client/swayosd.nix @@ -2,8 +2,8 @@ { options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; config = lib.mkIf config.swarselmodules.swayosd { - environment.systemPackages = [ pkgs.swayosd ]; - services.udev.packages = [ pkgs.swayosd ]; + environment.systemPackages = [ pkgs.dev.swayosd ]; + services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; documentation = [ "https://github.com/ErikReider/SwayOSD" ]; @@ -14,7 +14,7 @@ serviceConfig = { Type = "dbus"; BusName = "org.erikreider.swayosd"; - ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + ExecStart = "${pkgs.dev.swayosd}/bin/swayosd-libinput-backend"; Restart = "on-failure"; }; }; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index ef4d8a3..fd71be5 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -29,8 +29,6 @@ in github-forge-token = { owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-work) { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; - }) // (lib.optionalAttrs (modules ? optional-noctalia) { - radicale-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 0a120fe..a476389 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -122,8 +122,6 @@ in nixpkgs = { overlays = [ outputs.overlays.default - outputs.overlays.stables - outputs.overlays.modifications ] ++ lib.optionals withHomeManager [ (final: prev: let diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index cd5f8bb..be4d0b4 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -30,7 +30,7 @@ description = "Leon S"; password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; - extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "input" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; }; }; diff --git a/modules/nixos/darwin/default.nix b/modules/nixos/darwin/default.nix index 506eb99..43350b5 100644 --- a/modules/nixos/darwin/default.nix +++ b/modules/nixos/darwin/default.nix @@ -12,11 +12,7 @@ in nix.settings.experimental-features = "nix-command flakes"; nixpkgs = { hostPlatform = "x86_64-darwin"; - overlays = [ - outputs.overlays.default - outputs.overlays.stables - outputs.overlays.modifications - ]; + overlays = [ outputs.overlays.default ]; config = { allowUnfree = true; }; diff --git a/modules/nixos/optional/niri.nix b/modules/nixos/optional/niri.nix index b2d6f94..bf03b83 100644 --- a/modules/nixos/optional/niri.nix +++ b/modules/nixos/optional/niri.nix @@ -19,7 +19,6 @@ xwayland-satellite-unstable ]; - services.niritiling.enable = true; programs = { niri = { diff --git a/modules/nixos/optional/noctalia.nix b/modules/nixos/optional/noctalia.nix index c79aa8e..aa8fea6 100644 --- a/modules/nixos/optional/noctalia.nix +++ b/modules/nixos/optional/noctalia.nix @@ -11,16 +11,7 @@ services = { upower.enable = true; # needed for battery percentage gnome.evolution-data-server.enable = true; # needed for calendar integration - - noctoggle = { - enable = true; - # noctaliaPackage = pkgs.noctalia-shell; - }; - - }; - programs = { - gpu-screen-recorder.enable = true; - evolution.enable = true; }; + programs.gpu-screen-recorder.enable = true; }; } diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index 478afba..2d70471 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -8,7 +8,7 @@ enable = true; enableKvm = true; addNetworkInterface = lib.mkIf config.virtualisation.virtualbox.host.enableKvm false; - package = pkgs.virtualbox; + package = pkgs.stable.virtualbox; enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index b75c41e..61b224d 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -160,7 +160,7 @@ in environment.systemPackages = with pkgs; [ remmina # gp-onsaml-gui - python39 + stable24_11.python39 qemu packer gnumake diff --git a/modules/nixos/server/firezone.nix b/modules/nixos/server/firezone.nix index 857ff3d..65c0f7f 100644 --- a/modules/nixos/server/firezone.nix +++ b/modules/nixos/server/firezone.nix @@ -174,19 +174,19 @@ in domain = { settings.ERLANG_DISTRIBUTION_PORT = domainPort; - package = pkgs.firezone-server-domain; + package = pkgs.dev.firezone-server-domain; }; api = { externalUrl = "https://${serviceDomain}/api/"; address = "0.0.0.0"; port = apiPort; - package = pkgs.firezone-server-api; + package = pkgs.dev.firezone-server-api; }; web = { externalUrl = "https://${serviceDomain}/"; address = "0.0.0.0"; port = webPort; - package = pkgs.firezone-server-web; + package = pkgs.dev.firezone-server-web; }; }; @@ -199,7 +199,7 @@ in publicIpv4 = proxyAddress4; publicIpv6 = proxyAddress6; openFirewall = lib.mkIf (!isProxied) true; - package = pkgs.firezone-relay; + package = pkgs.dev.firezone-relay; }; }; # systemd.services.firezone-initialize = diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index c61b115..85bb5ff 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -110,7 +110,7 @@ in }; script = '' - set -eu + set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} @@ -205,27 +205,23 @@ in services = { ${serviceName} = { - package = pkgs.kanidmWithSecretProvisioning_1_9; - server = { - enable = true; - settings = { - domain = serviceDomain; - origin = "https://${serviceDomain}"; - # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; - # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; - bindaddress = "0.0.0.0:${toString servicePort}"; - # trust_x_forward_for = true; - }; + package = pkgs.kanidmWithSecretProvisioning_1_8; + enableServer = true; + serverSettings = { + domain = serviceDomain; + origin = "https://${serviceDomain}"; + # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; + tls_chain = certPathBase; + # tls_key = config.sops.secrets.kanidm-self-signed-key.path; + tls_key = keyPathBase; + bindaddress = "0.0.0.0:${toString servicePort}"; + # trust_x_forward_for = true; }; - client = { - enable = true; - settings = { - uri = config.services.kanidm.server.settings.origin; - verify_ca = true; - verify_hostnames = true; - }; + enableClient = true; + clientSettings = { + uri = config.services.kanidm.serverSettings.origin; + verify_ca = true; + verify_hostnames = true; }; provision = { enable = true; @@ -420,7 +416,7 @@ in nodes = let extraConfig = '' - allow ${globals.networks.home-lan.vlans.services.cidrv4}; + allow ${globals.networks.home-lan.vlans.services.cidrv4}; allow ${globals.networks.home-lan.vlans.services.cidrv6}; ''; in diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index b2d3d8f..b058077 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -1,4 +1,4 @@ -{ lib, config, globals, dns, confLib, ... }: +{ self, lib, config, pkgs, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; @@ -8,6 +8,9 @@ in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { + environment.systemPackages = with pkgs; [ + calibre + ]; users = { persistentIds.kavita = confLib.mkIds 995; diff --git a/modules/nixos/server/mailserver.nix b/modules/nixos/server/mailserver.nix index 255b60e..38996ea 100644 --- a/modules/nixos/server/mailserver.nix +++ b/modules/nixos/server/mailserver.nix @@ -1,7 +1,7 @@ { self, lib, config, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6; + inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6; inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules; inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3; baseDomain = globals.domains.main; @@ -127,7 +127,7 @@ in }; # the rest of the ports are managed by snm - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 servicePort ]; services.nginx = { virtualHosts = { @@ -158,8 +158,8 @@ in "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6; "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; }; - ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; }; + ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); }; }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index b47001f..95a634a 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -124,9 +124,7 @@ in analytics.reporting_enabled = false; users.allow_sign_up = false; security = { - # admin_password = "$__file{/run/secrets/grafana-admin-pw}"; - disable_initial_admin_creation = true; - secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}"; + admin_password = "$__file{/run/secrets/grafana-admin-pw}"; cookie_secure = true; disable_gravatar = true; }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index c2e9d29..0374395 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -82,6 +82,7 @@ in services.${serviceName} = { enable = true; + # openFirewall = true; settings = { LogLevel = "debug"; Address = "0.0.0.0"; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 9846c1d..0f84490 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -5,7 +5,7 @@ let inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; - nextcloudVersion = "33"; + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix index 2f2af41..bcb525c 100644 --- a/modules/nixos/server/oauth2-proxy.nix +++ b/modules/nixos/server/oauth2-proxy.nix @@ -165,14 +165,14 @@ in services = { ${serviceName} = { enable = true; - package = pkgs.update.oauth2-proxy; + package = pkgs.dev.oauth2-proxy; cookie = { domain = ".${mainDomain}"; secure = true; expire = "900m"; - secretFile = null; + secret = null; # set by service EnvironmentFile }; - clientSecretFile = null; + clientSecret = null; # set by service EnvironmentFile reverseProxy = true; httpAddress = "0.0.0.0:${builtins.toString servicePort}"; redirectURL = "https://${serviceDomain}/oauth2/callback"; diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 7baae06..ad1efa6 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -103,19 +103,18 @@ in gotenberg = { enable = true; - package = pkgs.gotenberg; - libreoffice.package = pkgs.libreoffice; + package = pkgs.stable.gotenberg; port = gotenbergPort; bindIP = "127.0.0.1"; timeout = "600s"; - chromium.package = pkgs.chromium; + chromium.package = pkgs.stable.chromium; }; }; # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS systemd.services.paperless-web.script = lib.mkBefore '' - oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) + oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$( ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \ --compact-output \ @@ -126,7 +125,7 @@ in nodes = let extraConfigLoc = '' - proxy_connect_timeout 300; + proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; diff --git a/modules/shared/vars.nix b/modules/shared/vars.nix index ce25ff7..94f9993 100644 --- a/modules/shared/vars.nix +++ b/modules/shared/vars.nix @@ -1,17 +1,14 @@ -{ self, pkgs, ... }: +{ self, lib, pkgs, ... }: { _module.args = { vars = rec { waylandSessionVariables = { - ANKI_WAYLAND = "1"; - MOZ_ENABLE_WAYLAND = "1"; - MOZ_WEBRENDER = "1"; - NIXOS_OZONE_WL = "1"; - OBSIDIAN_USE_WAYLAND = "1"; - QT_QPA_PLATFORM = "wayland-egl"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; SDL_VIDEODRIVER = "wayland"; - _JAVA_AWT_WM_NONREPARENTING = "1"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + QT_QPA_PLATFORM = "wayland-egl"; + ANKI_WAYLAND = "1"; + OBSIDIAN_USE_WAYLAND = "1"; + MOZ_ENABLE_WAYLAND = "1"; }; waylandExports = @@ -97,28 +94,28 @@ noscript # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - # (buildFirefoxXpiAddon { - # pname = "shortkeys"; - # version = "4.0.2"; - # addonId = "Shortkeys@Shortkeys.com"; - # url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - # sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - # meta = with lib; - # { - # description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - # mozPermissions = [ - # "tabs" - # "downloads" - # "clipboardWrite" - # "browsingData" - # "storage" - # "bookmarks" - # "sessions" - # "" - # ]; - # platforms = platforms.all; - # }; - # }) + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) ]; }; diff --git a/nix/hosts.nix b/nix/hosts.nix index 1668216..f1770a7 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -34,8 +34,6 @@ inputs.swarsel-nix.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default inputs.pia.nixosModules.default - inputs.niritiling.nixosModules.default - inputs.noctoggle.nixosModules.default (inputs.nixos-extra-modules + "/modules/guests") (inputs.nixos-extra-modules + "/modules/interface-naming.nix") "${self}/hosts/nixos/${arch}/${configName}" diff --git a/nix/iso.nix b/nix/iso.nix index 100d480..d2c993c 100644 --- a/nix/iso.nix +++ b/nix/iso.nix @@ -5,7 +5,7 @@ packages = { # nix build --print-out-paths --no-link .#live-iso live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs system; + inherit pkgs; specialArgs = { inherit self; }; modules = [ inputs.home-manager.nixosModules.home-manager diff --git a/nix/lib.nix b/nix/lib.nix index 8166951..c3f0338 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -49,11 +49,7 @@ let pkgsFor = lib.genAttrs (import systems) (system: import inputs.nixpkgs { inherit system; - overlays = [ - self.overlays.default - self.overlays.stables - self.overlays.modifications - ]; + overlays = [ self.overlays.default ]; config.allowUnfree = true; } ); diff --git a/nix/overlays.nix b/nix/overlays.nix index dff0d55..76e1e4b 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -6,162 +6,93 @@ in { flake = _: { - overlays = - let - nixpkgs-stable-versions = final: _: - let - nixpkgsInputs = - lib.filterAttrs - (name: _v: builtins.match "^nixpkgs-.*" name != null) - inputs; + overlays = { + default = final: prev: + let + additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } + // { + swarsel-nix = import inputs.swarsel-nix { + pkgs = prev; + }; + zjstatus = inputs.zjstatus.packages.${prev.system}.default; + }; - rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name; + modifications = final: prev: { + # vesktop = prev.vesktop.override { + # withSystemVencord = true; + # }; - mkPkgs = src: - import src { - inherit (final.stdenv.hostPlatform) system; - config.allowUnfree = true; - }; - in - builtins.listToAttrs (map - (name: { - name = rename name; - value = mkPkgs nixpkgsInputs.${name}; - }) - (builtins.attrNames nixpkgsInputs)); - - in - rec { - default = additions; - additions = final: prev: - let - additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } - // { - swarsel-nix = import inputs.swarsel-nix { - pkgs = prev; - }; - zjstatus = inputs.zjstatus.packages.${prev.stdenv.hostPlatform.system}.default; + lib = prev.lib // { + swarselsystems = self.outputs.swarselsystemsLib; + hm = self.outputs.homeLib; }; - in - (additions final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.noctalia.overlays.default final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nix-index-database.overlays.nix-index final prev) - // (inputs.nixgl.overlay final prev) - // (inputs.nix-minecraft.overlay final prev) - // (inputs.nixos-extra-modules.overlays.default final prev); - - - stables = final: prev: - let - mkUsePkgsFrom = pkgsFrom: names: - builtins.listToAttrs (map - (name: { - inherit name; - value = pkgsFrom.${name}; - }) - names); - - from = - let - stablePackages = nixpkgs-stable-versions final prev; - in - key: - stablePackages.${key} or (throw "Missing nixpkgs input nixpkgs-${key}"); - - in - (mkUsePkgsFrom (from "dev") [ - # "swayosd" - "firezone-relay" - "firezone-server-web" - "firezone-server-api" - "firezone-server-domain" - ]) - // (mkUsePkgsFrom (from "stable24_05") [ - "awscli2" - ]) - // (mkUsePkgsFrom (from "stable24_11") [ - "python39" - "spotify" - "vieb" - ]) - // (mkUsePkgsFrom (from "stable25_05") [ - "steam-fhsenv-without-steam" - "transmission_3" - ]) - // (mkUsePkgsFrom (from "stable") [ - # "anki" - "azure-cli" - # "bat-extras.batgrep" - # "bluez" - "calibre" - # "chromium" - "dwarfs" - "gotenberg" - "khal" - "libreoffice" - "libreoffice-qt" - "nerd-fonts-symbols-only" - "noto-fonts" - "noto-fonts-cjk-sans" - "noto-fonts-color-emoji" - # "pipewire" - "podman" - "teams-for-linux" - # "vesktop" - "virtualbox" - ]); - - modifications = final: prev: - let - modifications = final: prev: { - # vesktop = prev.vesktop.override { - # withSystemVencord = true; - # }; - - lib = prev.lib // { - swarselsystems = self.outputs.swarselsystemsLib; - hm = self.outputs.homeLib; - }; - - firefox = prev.firefox.override { - nativeMessagingHosts = [ - prev.tridactyl-native - prev.browserpass - # prev.plasma5Packages.plasma-browser-integration - ]; - }; - - isync = prev.isync.override { - withCyrusSaslXoauth2 = true; - }; - - mgba = final.swarsel-mgba; - - noctalia-shell = prev.noctalia-shell.override { - calendarSupport = true; - }; - - retroarch = prev.retroarch.withCores (cores: with cores; [ - snes9x # snes - nestopia # nes - dosbox # dos - scummvm # scumm - vba-m # gb/a - mgba # gb/a - melonds # ds - dolphin # gc/wii - ]); - + firefox = prev.firefox.override { + nativeMessagingHosts = [ + prev.tridactyl-native + prev.browserpass + # prev.plasma5Packages.plasma-browser-integration + ]; }; - in - modifications final prev; - }; + + isync = prev.isync.override { + withCyrusSaslXoauth2 = true; + }; + + mgba = final.swarsel-mgba; + + retroarch = prev.retroarch.withCores (cores: with cores; [ + snes9x # snes + nestopia # nes + dosbox # dos + scummvm # scumm + vba-m # gb/a + mgba # gb/a + melonds # ds + dolphin # gc/wii + ]); + + }; + + nixpkgs-stable-versions = final: _: + let + nixpkgsInputs = + lib.filterAttrs + (name: _v: builtins.match "^nixpkgs-.*" name != null) + inputs; + + rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name; + + mkPkgs = src: + import src { + inherit (final) system; + config.allowUnfree = true; + }; + in + builtins.listToAttrs (map + (name: { + name = rename name; + value = mkPkgs nixpkgsInputs.${name}; + }) + (builtins.attrNames nixpkgsInputs)); + + in + lib.recursiveUpdate + ( + (additions final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.noctalia.overlays.default final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nix-index-database.overlays.nix-index final prev) + // (inputs.nixgl.overlay final prev) + // (inputs.nix-minecraft.overlay final prev) + // (inputs.nixos-extra-modules.overlays.default final prev) + ) + (modifications final prev); + }; }; } diff --git a/nix/packages.nix b/nix/packages.nix index acddaa3..3707fb6 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -42,8 +42,6 @@ }; overlays = [ self.overlays.default - self.overlays.stables - self.overlays.modifications ]; }; inherit pkgs; diff --git a/pkgs/config/cdr/default.nix b/pkgs/config/cdr/default.nix index 13622cb..56b44df 100644 --- a/pkgs/config/cdr/default.nix +++ b/pkgs/config/cdr/default.nix @@ -4,38 +4,10 @@ writeShellApplication { inherit name; runtimeInputs = [ fzf ]; text = '' - cdr_had_errexit=0 - cdr_had_nounset=0 - cdr_had_pipefail=0 - - case $- in - *e*) cdr_had_errexit=1 ;; - esac - - case $- in - *u*) cdr_had_nounset=1 ;; - esac - - if set -o 2>/dev/null | grep -q '^pipefail[[:space:]]*on'; then - cdr_had_pipefail=1 - fi - - set +e - set +u - set +o pipefail 2>/dev/null || true - DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} FLAKE=${homeConfig.home.sessionVariables.FLAKE} - cdr_target="$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" - - if [ -n "$cdr_target" ]; then - cd "$cdr_target" || true - fi - - if [ "$cdr_had_errexit" -eq 1 ]; then set -e; else set +e; fi - if [ "$cdr_had_nounset" -eq 1 ]; then set -u; else set +u; fi - if [ "$cdr_had_pipefail" -eq 1 ]; then set -o pipefail; else set +o pipefail 2>/dev/null || true; fi + cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" ''; } diff --git a/profiles/home/hotel/default.nix b/profiles/home/hotel/default.nix index 8a81bcb..e6d7105 100644 --- a/profiles/home/hotel/default.nix +++ b/profiles/home/hotel/default.nix @@ -2,15 +2,41 @@ { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { - swarselprofiles.personal = true; swarselmodules = { + packages = lib.mkForce true; + ownpackages = lib.mkForce true; + general = lib.mkForce true; + nixgl = lib.mkForce true; + sops = lib.mkForce true; yubikey = lib.mkForce false; - ssh = lib.mkForce false; + ssh = lib.mkForce true; + stylix = lib.mkForce true; + desktop = lib.mkForce true; + symlink = lib.mkForce true; env = lib.mkForce false; + programs = lib.mkForce true; + nix-index = lib.mkForce true; + direnv = lib.mkForce true; + eza = lib.mkForce true; git = lib.mkForce false; + fuzzel = lib.mkForce true; + starship = lib.mkForce true; + kitty = lib.mkForce true; + zsh = lib.mkForce true; + zellij = lib.mkForce true; + tmux = lib.mkForce true; mail = lib.mkForce false; - emacs = lib.mkForce false; - obsidian = lib.mkForce false; + emacs = lib.mkForce true; + waybar = lib.mkForce true; + firefox = lib.mkForce true; + gnome-keyring = lib.mkForce true; + kdeconnect = lib.mkForce true; + mako = lib.mkForce true; + swayosd = lib.mkForce true; + yubikeytouch = lib.mkForce true; + sway = lib.mkForce true; + kanshi = lib.mkForce true; + gpgagent = lib.mkForce true; gammastep = lib.mkForce false; }; }; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 16dfec5..5ba1104 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -7,8 +7,8 @@ anki-tray = lib.mkDefault true; attic-store-push = lib.mkDefault true; atuin = lib.mkDefault true; - autotiling = lib.mkDefault false; # niri - batsignal = lib.mkDefault false; # niri + autotiling = lib.mkDefault true; + batsignal = lib.mkDefault true; blueman-applet = lib.mkDefault true; desktop = lib.mkDefault true; direnv = lib.mkDefault true; @@ -20,18 +20,17 @@ firefox = lib.mkDefault true; firezone-tray = lib.mkDefault true; fuzzel = lib.mkDefault true; - gammastep = lib.mkDefault false; # niri + gammastep = lib.mkDefault true; general = lib.mkDefault true; git = lib.mkDefault true; gnome-keyring = lib.mkDefault true; gpgagent = lib.mkDefault true; hexchat = lib.mkDefault true; - kanshi = lib.mkDefault false; # niri + kanshi = lib.mkDefault true; kdeconnect = lib.mkDefault true; kitty = lib.mkDefault true; - khal = lib.mkDefault true; mail = lib.mkDefault true; - mako = lib.mkDefault false; # niri + mako = lib.mkDefault true; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -50,9 +49,9 @@ ssh = lib.mkDefault true; starship = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault false; # niri + sway = lib.mkDefault true; swayidle = lib.mkDefault true; - swaylock = lib.mkDefault false; # niri + swaylock = lib.mkDefault true; swayosd = lib.mkDefault true; symlink = lib.mkDefault true; tmux = lib.mkDefault true; diff --git a/profiles/nixos/hotel/default.nix b/profiles/nixos/hotel/default.nix index 7759055..00952f4 100644 --- a/profiles/nixos/hotel/default.nix +++ b/profiles/nixos/hotel/default.nix @@ -2,9 +2,48 @@ { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { - swarselprofiles.personal = true; swarselmodules = { - yubikey = false; + packages = lib.mkForce true; + general = lib.mkForce true; + home-manager = lib.mkForce true; + xserver = lib.mkForce true; + users = lib.mkForce true; + sops = lib.mkForce true; + env = lib.mkForce true; + security = lib.mkForce true; + systemdTimeout = lib.mkForce true; + hardware = lib.mkForce true; + pulseaudio = lib.mkForce true; + pipewire = lib.mkForce true; + network = lib.mkForce true; + time = lib.mkForce true; + stylix = lib.mkForce true; + programs = lib.mkForce true; + zsh = lib.mkForce true; + syncthing = lib.mkForce true; + blueman = lib.mkForce true; + networkDevices = lib.mkForce true; + gvfs = lib.mkForce true; + interceptionTools = lib.mkForce true; + swayosd = lib.mkForce true; + ppd = lib.mkForce true; + yubikey = lib.mkForce false; + ledger = lib.mkForce true; + keyboards = lib.mkForce true; + login = lib.mkForce true; + nix-ld = lib.mkForce true; + impermanence = lib.mkForce true; + nvd = lib.mkForce true; + gnome-keyring = lib.mkForce true; + sway = lib.mkForce true; + xdg-portal = lib.mkForce true; + distrobox = lib.mkForce true; + appimage = lib.mkForce true; + lid = lib.mkForce true; + lowBattery = lib.mkForce true; + lanzaboote = lib.mkForce true; + autologin = lib.mkForce true; + nftables = lib.mkDefault true; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 4539a7c..04858c0 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -41,8 +41,8 @@ security = lib.mkDefault true; sops = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault false; # niri - swayosd = lib.mkDefault false; # niri + sway = lib.mkDefault true; + swayosd = lib.mkDefault true; syncthing = lib.mkDefault true; systemdTimeout = lib.mkDefault true; time = lib.mkDefault true; diff --git a/secrets/repo/common.yaml b/secrets/repo/common.yaml index 536dedd..353b941 100644 --- a/secrets/repo/common.yaml +++ b/secrets/repo/common.yaml @@ -31,8 +31,6 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab #ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment] anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str] anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str] -#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment] -radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str] #ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment] attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str] #ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment] @@ -355,8 +353,8 @@ sops: OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm /RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-26T10:38:07Z" - mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str] + lastmodified: "2025-12-23T01:11:36Z" + mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str] pgp: - created_at: "2026-01-12T22:05:05Z" enc: |- @@ -390,4 +388,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.12.0 + version: 3.11.0 diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index c0a80f7..28718d0 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:8ROtPL0Sy/k8bps+bhGLZJoUrnYPF8oNzAO8b2livFuK0C5iuk0RlRqlNi5DOhBcY2GEfG2KT+6hxVTYaHFFpmDUbetj1NqAk1BbdkJxWE9pK5n746om681ObjjZOmlzutMYnj7t4FBOaDkPj70rYx3K6fpppPjtixHgWlkDeKpgN7ng3CyLXNTpOkZenrdAUqrePYwE8uKCUBPP8mNbJygDSaigZryfwaHk7XZ5oBP+QSbcI6e3T1BqbjSHfMa0ZqC8i82EbmmZoGbDM+s6lmqoWIyUDtnRxeAX0qcTlPB6PieK9Xq64aeEaZSUVrhyX5jNW09SiXrJ6V4LvBEdIBzz03UkTtFzWh8VtYGiP6TIBjQm1HaTInAE4YCiYgoEJfiqVv8qxp7XWaBCFtD7YTviEcqFEwYuKRFN91ICAaHdGCIDRWYQTxaOqdL+GX8SbhE6q421Ry+vx347ofXICMKGkYPB6xpSv8efBDC7t9fXnQPIyHUHdsGylZdiZdPuHUG9Cen+sxvuEBsi4LQMqbIGXFep+/NloWprtbTS4ZlqeyWEEHWwtLuJNalF8UPc44ETUDjEo3VNJvKBPeGYozQbEfftcXcbVuDhAXQLjTdacSTLwmI4cnFXF7dfmgLlaNAu3tirzxQs+ZcZMsD+jBUGX9b4h+KwQt/pSSq1cnpG5+nl8A3LMsYAvJZ/bm/IZmsSStM0afTW2Zf3ng2WKnrpoT7p0sYm0gkaaqY11oLyR1FqEZxl+nMj9HNaic8voTQgDY6nPESa8LTCvD25lt3rqeW/x29qYqontpQIqht2/y4KMaUWkw8wH6nK+wWnP2r9x6NYZvRyQ9jHiHtcv3ypnhhD/kV2ld03EbsWaqaN/plBKxKyGI1DnlYbf64Y5JaNOkLJfHy5XgH227AbgdBIC1dxH4tV/VWb/3p9t+vPXXI9jPsjegalXrS8MhwDMnodQQdwu9gjmhToPUiLvg0oL6AoKD3zbs0+gqA5u6O4DdI+5Fu7rN/T71FFB+PkPsh7jWgR87/2O+oxqMIXEy3gadk0CkEvOoyR258nRyUGFU1XXXHfibWe1v5+kCkxkYmgplOwr+ID8++zgTQ2elTAsPDQO4VxBKpOKHm4suUK7ljIHVr/NuA5JHdnmrqdhBngkESRDBaCAcypv3UVbgh86JAD5k2E5Wj7/o78wKz49m533KNd66lNzXTqNBiwW+hhy/DW22G8lsfL2cw+mwi8p28TKmXsTWPYbRtRSmVhc/swzy1/X3/N/hY8ylo7dOjftSPe/Ilp2cBeUKVAwQWn3AcuorMe5rKyj5qKSf5TyoO5eLm50hbRtJ+YzoPG8He9lSz+rdC3cAFry753sJgzvZm2cUcRwe1+LRSVPiqSodoYjn55YzmTpF5YhYU2tdNvBTi3L5aZo4hcoIyDy9/DQueEQyAV+6alIPpKTwQENrnLWH296GKYmZV+bO5JJOCHucrTweJ8BMGDcfFqPQM+u/yIBwYqLWJYD/q9zgqG6siQeqkNMP4jthmk2g0LY93sTpdfgGMOMhaQpE3gcwxKpvkLZ836nt7PU8brI7QTG77U8yZtLS8vEv98scey2YbrlVQYoNUn5SrBRdXJ2m+TlxU4zqetD0ksxDBJO7MR5IeW6575XlS6ql744XyX8NqLq2VhjQd2eScXWRxWkHLzmSjasLtHUui9jpFRv5LzMNbBtzZlkZ3bKQAehPBIWxjiAHb4kWCa+2gJHoTh+dg7kmBaqvQkZGJThnL4aBbxtdTWPEFnOSNMWHLHk0MsLK5jmaQzo8VMO28cDBy+wXRjFb25dlCC6pm74upw5CFiiWyKX0v0gvIsHD35gNNOA5qIEkaI58ENlRCvj4VrFtufWfdR1L6YorTp1Q3RSXaeo/rh/1hLqdxQ1xIhCjk2IfCkV/Lw/uY0b2gwzx5dupOKJBnaP1nQpt0Mkloc/p3IR9uAiTjbggIBJtlAFVG+71MWiHPUU2UcklrQqz1HWyGL5vFT1RTxU2H76E67yziZLTpKwzI0LWpNLRH7wLiMLl8Ax24kCm3N+KuryDqG+BrU2Z4cww1IYb9LCPl1DoW1JnEmT4JLQQvMC9D5VkEhHXJu79AYY+LAWHtjii6qnw1kPf3euBLYrptriiqE4OUiMdOK87vgcuqLriGI3APjeUoKYTgskuSThiQZuLyfn0ttCLHywVzpexXa1mAzHIGUSRxxNc3NiLabtMefUPfzghSMarN/M8lEyxZGyPt3+qonqUCUg9HiULznsuw3fHbAG1GaQGNFZTC2Hxx9PanPCahrN6MHNqVCQuUvkHPogGkoSetGJzNCLxVt1LHMa3vW9LMHnQbjyp+14Gdpls1VvA48NvmjFPxH4+JnRAh+r/JnUfqJTwtTDmwsEFfxcrvdrxSTGe9GsNMCnA2/4aw89aeTwc3TzhkcmNHaDOt57Ry+4Sw2Zh/oefqP/E7a27NtBSGblhcs5I/RCeWgvpq26qdV+PMaFobavD+VSK1RU4W7os2xeWZApD2HkcJQOgIW8YykO+mCWfziNTcuRVY2llOFFHUgmEvLOSp4roJTNiWrfwY1gK7ieT/fXILlYh8BzdQb3c1q6F140rwdVOvHs3FlU/uRQlWzI0Ym6F3WX1b8Jytyp8pVIYFJnaE4astzTMpam6pXDpC8rlILulgzdxZom9h+Sy2dUtMKbvWSd6GyMi+gotheqNfQdEkBOaamQ0b/mcbB0g417eWi2NQ/u/MsIfjbzEGryVLpOMHhb8JXpMiB/ektIhsLxL9Kw+GZuckP/DpaBQjeXybWnDUIcVdJlH4bc3SroTPLFeDb49YzE9huj8a12+lbDDHH9NqqUlJ3HkHnWIdZ6TsANliBO9wK0wDPoqW2AbjtNhYUIIr7iSio2nMzFw9hi1qofts+a4CiGDo/35nsZJLffqlVv/ofPTo2Ndz+WLLlLydszUwvHkV+3I9JZBgpoloDnIdvF93VFSZ7nhTRP7Ho8fIvNTN5qFwnCl4DIKeYh2R24cyKhdjbiIJnzCQZMV8cmAoN3S1TTnKkzQxFXHeZ65zzPFBR1IUPJseM9l/devHCOku1ORllEqNh/VNJzGn2kdSyUVzrnqnb70mbJ/v6HEsgUBkmC3eQk/7yFIAc9y3KOPCKmn29i7xcC1w4sn+gq5FP4/qizZ7J7qfL4eEY6BOM/fHp91EqA5Ce4QNYHEUEcp9yjQtD3mPnfzdlGEsEQUVokmMrlKHDLJ6yX45lRB8x5b+ZJbMiB5slMKiEByIgjXdKESy0pIH1gIuNmrrqs+4uy5FhlU464qL9VQ67AJ/9hUvKZKWnWV4dze3nB8nLiVXKJmzlKjSZSKOkEdhrUSw4OHGN0ZMvksmMjFrWAxSDp681EGcLsWQYm0PXolAG8+w3VPrk3ryYZUjY5h6ig7Gf2coDVIfEXGjGotMZFDwzDYY/6mDJ36B8YcT9EXlpzijiY3ofMtregalTKmbXf3q57vM+s28FLktFlt9tZ5tajOjjU+w7CTrt9+NxGiH1MJemHPjNj9LqQfBZSzb02OWoydBSvVPtQdeKk8adeBloDtA/uG43DLz1cdASdjeB9hxIk/P6f1+KXh8/IZK2eaV8e/RCpUS6yYj1Mpkn4wbwaFU6nPqUEMNnpXwZim7XUa6NEijB1fUYqByGEXGyE/kOcaZFvTmfHvrjlFxlRO7klmPGmrR/ypdADV7wzFCCgJIs97QVo4W3BFy/5IJ0QYCbW8M0nUD0TxHh1XYn3nA0TY6FIdUwzIyxTMzvbwujJjxgU5QbKlQk23D0u6J6if3uwgNEptqCMfM2G4EyGiJl8OMrmN8wwahTwOCuR1svzw/ZwnRVcdoo55weYof7V12qJj7Wmyz9JwXFqtzc0e4D148gSnNvENJEsLmOOSZ/jxBNDG08RALf9gFrdsEDjc8T0QLlT19r4AI/lYmDMHLjMrHNRK07wxyeLUQUOO4aqR+vBaEh45OoegtfyVSKFw34IQYd7VHpJ7Oh8trEe21QBiy43jeWPW/DZNb7UeWa6GVQxHWqEUWpjqSJKECp6+SLvtR7WPgirgEPREHdn9Q4P/hIOIDG3/6BK+o52Zb+gxpdfVlIk7RpmAQHqlI9bI8UWzHKQIbaZNWMOItcXJmGk5DH+rtFEy9po9/aCK9hTWd8jWO/4hkPfj+3iIz5JvXy6exgp3Sj5M5qLWqVMBNPLXXjJpc/cJn15nYpv3NdDpjeOZY3J6XzcMrXM3MSPXayXrZQz7AtebPBNLd/MaYxW0ftCHx85rVh7VnTXUfqcBUfyF0vDMST5r5i98JDmhTm48m2MCdg5wDfZcti4veEaPChBDSsKxWDbLp9fIgoRinlWa0xCe/epMHkkYcKlo6bF9jrTnnAqcRYks+YJm/WdQcUoDzZkwvivUHDxtKcl2kNfV1mMPjzyFvFeRslyhOKjqGLZt2E5vLSMehMgQfAd/LYdlN1thEwRTbZBl36vkfWCMq/3wX5R5sH01AqyZxCOaL8y7fIa0ua4UWjSAwqIItj/HmnpQ8GawFWxP6GyWBw17IpHoDgcBHC209fEhmTqIlZd2wum8fd40TNMJnLI4HRb0xMds+au81KurckhIiPj9pJ/S26n3qNkgT2BpfVBF1ef6eOkbio6lL4Jv4D+BzXZVGG8LfNGDn26J+DiuhIaJ07pe8GtH1RSSKoSnPQDqG4YzOeMMKoxDH+3qNgHt5xi9RxrzgTAY0nZQ0oTuaq80pkQtBe0QwqXzx+UkPpQe1MjkP7gEtg/9SqAc0PsJU67kZbSQBpj1n5KB+dI39ZVqYYnX/ESZjSVwRKwvxRdnO20nYTN3gLBMs9IJGS2Pv/w+jqc7bHkAERk6lHXDjp7M/ZBH+vCgwZzCg85re+Oe2WSuoyQx4wcDo1R6z8V3L47xAOsBmLq+Q3JHh323loT65wsmFq2Kf3mrwvb3H1I79oIpZmiVGxjPsqIKuUJfqMOxJfndANfCGffSMSGeQEu/WidLElOsKi/uuzN0lLHe7iZ9D2po50a1KDvhKqxOzmX2vxBuMJ2d8CVgVHT5rEN91NT0L9ls7xxKOqLcG3MOv8rPkUDjCJ4jg8GV8XEd3tXkrjKfpORE2IbY6NRvcdY8/qVhymAOanVO7LINkDKHnwtuZUh8sJhQQZ4GYfhYePY+okjwAnVzWO1H8b1Qnz43YMhN3Dp1hUU+kRs+ek6uTUQHb6+LvSRJp/oZGLEZqNiwJv/OnGqNWDnnw6/O2ruvUFryK3RRtHPfycLHgyYuRQxxMoBSDtAx2xYg6JX0I1gwhSAssi1MXRacigEO7jLmGGEJaB4iQQKY1UZUtHmh3f6nFk6ADGIU29iuC5t7PqKQ1Kbw/c9QS9bP+bGtA8wInM+TzAYPSXIMoAKQAA6ldLnSo0SLfYgqiv8ClEdu0Maqh+5z4Z7H1qdCj64ytkGL1F8NoVVELeqt26DmJyzETJL1LpX1laM17hXJYQHe8LSpOgIHOxifV70cW/KSpcBvKaQxe4v5JOugBd4H+P+GZbC0/3cZ24gQYFsBDmg4/MRGFrmG83C4qWskGvpXvYEf1j/QpmrEIvdMOLayb9+FvZioTzZJSr8n5MBnuuCNtS83XAfJJ2+QWL6CT06NmaueK4AXVBFj8Rxqe50dP6pjBjeIX8q1Gq4O4trtmgZZ0JIHeeghO4xA/SfrKFu4q37MoKC+N2bz6cjAVZmtcYXSK0pymVy3uCzxsE5JUI42aXceXgRg6mcod39QrEBuIP9MqJVzQ2CAk+ytR3RDxBQKk//GwkNHjdT4t38gMMBr6r4hKgFk91KznHa/F4X3Ro2+Vj6TGzflmx1KKfhqmjy6xQ0AhfE+GlJZTHgUgTNU2g7UjDrrhbLCTdCwyQFAQWdzx5Ha+IVgiX4Lj07qLToJOixtVkWb1FHaDtJKGrG0DRvfVkAg4BQ+OvNr3xWnlMsgp8p6fH5Ba2GIRTtJrux9qb4plITNGrwoypNmvWTY3aoMcTy6zzyGlfV5X96ijqQiR148Rx79zcLnjx5u/oKvPso2KxOtO6wtHP7LDWicv8OBGcqrU5E2LvdXI80bUzN6+3XRqPkb7Hl0xCcq3NUuSbpVb7ocuGFJKIReLykdIrLNQi9DMwaqgEiq/+dbi0jbZ8RP4sDvUAuucXmVq9kOtCQVXZ3i4L0I6TyKclOoUPy5KkKArS4AgeX5iwNLKkLkoPIoN5MNqZGH+4TF3M0LTvAidMYqBgQ4fivDKQsLj4mY3sio38xo0qmpkGvzkaSmynJx9mGuL425Sz//FuWtqKaQENUxvN3VsPIFkIaxpu11P3Dlccfu7N5gbMq6132l4fTZKqDcvlPKxZVbdkxP+xl43xzIrwqPgW/gIGOIF1lmG9UT9f5qqLIIn73lRqRLIuPeBkFRujmju8DhVN72YexNfe9aJYDM+0mvwV798enmxKkP0JFDBaUwIeZyQwYT4oPAmzjU4X0eXse/JHOL5d4cAcsYJFAcKFJMtRraxDVKWgcSS7YsZzKxZ/K5jGy2aWFvdq3a/i/lG0m56ZVR3KH8uv4aa+AbSY7RHGnjx0gaCOiS1nDMklWgxOsNuUXuB5QxHQwGYvjT+Ugs0Yx44THZ+S/idzSeQVemOY79uKc3D0UvChVe1JJFKo/CMdqCP8eyGWUX8XTU26D2FGPzYwrddceEeOrlSu3TUmX0Zc+sW6LK+6gWGEe2WXpbbuP27rxqym/480IaJS3S8pMJmKtfW2uCKQ1HswXtUAvTmCFQQ3fvwH9L1Sjz/dA6pFRwWotjP0UZck5lOr9Y0Wp19axxjMY5ElsAwpbKfBAgSsOEath/0Ied5Wov6DhHdgVvHhKc12lbQbyPGPOdKARnt/0t4akVurVdIWQ4WtX1LutJ1d6A+LSIya63Xsi+A7ftR4KKbcsyzJ+Tr4tWdWK1hvVBV6DQxQ4wsLS2c5m90hDS4+sQhy6s2pr5bmZyD79Yh6VsFWLTGM21oDPDkSNQmr+MrPj6MXo2byNHHYWGzioTZvUypBvSZJrNk6414xO1mgNHdmFbXgs+aOs6MEJ7KrSoMN66YXTo2Se90zpuaYqNlUD0S0kIdXAlVd9Or+tOay//5juciG0YPZBoU6NnUt1Z9VipHPxh9XbIZbzLMDC2oeCk40cjvWLvTDUh0G75vrjD/VP2Q6XIuJTyyUbKaiUfHb6tzdxR0dv1YolPo1Vnsza2nvd9YyyHGfSTGHc0+jJMm6kHdayDYplFVORM5ZVGphFoOnngO8orBLDwxZZkUF1i3mbYrK1Aul0enNJWdMbT4tSxsSZW/YpeZFS8YF7V9H85ky3EwEUFzf+OdQ3pL6mkRsNWlMVDGU+P3hNmhZOjIn/zkW4T0yq9i9mFSJCyjoRsBfvJt2OiocS6QnHXh5TyqdGmdL8n7gtLAQkKd7JpmpQST2coroaVIQwBVJTfNvymBDqvM+EGF/+uj5prVAKIs5xuLXXh7rYpordG+snsj9QGUhxFAqAWa9WzG+gTJfxBiDvS4N4ebt1/2VnSDxsrj6LwxjM0T4b/LhZ4uESWKBHr8qxM4DdQ1c3XtNY6uZrjY8GpFBqOq9OUlTUEHKrpUnVPrBsCkA8EiitC1deHwbZyQ116fT7o1RVY9dLLjmhPxiAqO7SliDafCBSw4iwHZUlKtTSdszPrygLGjW+/Xbln8gMNxP/3UkCN8dhd3Ktt+DXWqBASYG44l/NyDd8HJLtpK6OgFVRKjoKBW6YhL7Knif9kM+TF/q9vNbdTvTIG94/FE4Iefx8JwQcgT2nWx7Z4hCOIRe1Gcbx2FTOe5AbV+xrrXjPFXP2uj/rHJImumkSabZ0tDiUdM4ILIuo2ht/0EUZZlk01GyXji2WSuqSPZpDERY+q4D2Myf/XNzmefIIUnn/rHt1HBXgkJN+OywuJDmNA1aV0uTABYG4wygUaOCqZtyDZviYP+ApLYn1bunjaNPkBP9Gw7kIGP4yoqtbD24Zp1+g8LKB8N3H3OPtkIDUhzGP4cvAtpm1ncWfitengtMLIY4Iads9oUG925CCUpesL0G+fHqNLDS0NOXvHXkkCFVRfqoxHiszfTJtS4Us5Hy8T2jqJrLYl/vJur62t6fUKAQdowpvha7/Z6azG9jEHdAkWmBU4qxtwrd6yDoWbeveqgo9EHoYx5Qf251aRSutSWTqtB/q9XFy77GsPTKwxy3/JeGPUfmyNFa6wNqOaqBC4JXpYvDSUVKBfBkhkW0fBm2kHrtzkHqoYALM3YECwKK5L2c1cn0lh+7f5YAS27wW6aEX4qkvBrgRT0S/wHGydtDQjbhwAPTbpkH0a6n/t4Tmv4mhPeO1rRimiYLzfzE5JtkJWSRFQB7+J6fKam6bzR22dt55bBUPtm4IPYBuYD0Uz9pCmmi1ZljTQZHFuri4qv+6QqLGX3KoQdYrVRtz3VavXEN/nzjIEegEEirgXr77mKzzjhB9y5DItSosW2Y6rQYtXLZo7oFaK9C5acSD2DFZkcBAhfcYCqhlyGAGXFdebG2lqlqY28mPlRH7eIyZK9mMMolz3bg/jacuinCTybcsZMWU/HN+pq99w+8vj6nwXRpDbYnb2iDCXD31yAKwYLb732rR+kGOkjZf7544mgxQbdIAG/kwK+5sv+oOYgN8avL/XDv0Q30rQUaQG0hfdg+mUAJfZwHfJ55KXL0LHY9IYlBatZh7LovU7Fsklm4H1WhHdHguFoUrsr6ZPDGadSclfcYlD1VhTNdCQwKSxUqP+3UjbOmLx04skBr3sEsYRdr8JQFURjXcOcHj1QA01VQV9fYCS4pmcczd1NNcHPKk4uliqMEELhtDwGj7iaGAushi/U6dZey4Voq9JXOv9G4Rd+lbKUBnTDNqx0zXZaEiSnh19egbRvUjy+dWSNHPiDlMlAx3HGlZ9PmIxj4CJL81fFUfIQUq+Jhw7Tx5rM+QZdZ/W99jg2HF7Lx4GwdP8FBo6qZEFuGRo7yEmJg4Pc7ltzVCy7C0pYeVucFSpUwNwtpvB6r3z4ATo44ge1wsaT71A28vCJcvynXQ/PEjsitnq6iDbPSFXfd1AI3ivnZw62vwF1Y15c/jr2MUHcUQmqKw9mmU3VClxIHcDQGKiNVQ4bY4vNjsrYxQrRWz1aYS2NnIi6qHgXBad59tF1ZGfW6fS6zB9xl6mW+Wa+cz4O7SGxO+oawGoHHEIGBUQSPCZIPp2feyMUuAMR9vKfr2Vkxdn4BdZNkJLrbiBNYj0pLFFG2arGDGVE9+VCvc8AwEZ60xhQ1XZ60/u63UGvlGoH7Bj0kCmlszOiaWjmAbHihb91YCzmZqhMxC1OckM5X3pJfsHQ1eWERv9ZMPODr+VzN9ZOiFRbaPzAoi7yBXTcHF5F/UGwrukf0MsdOWS8xJw537v1QPbdjlVkID88LNgaWPevAM09zqLRgPC+onZb3SdRJPcKscIJ4cvRGPwpAl5vbbs90lY4NhP6as5rsmVECVAhWqMn00b2aozdDpnfxyj7s7m+RiPEG08QxQUx95OUBcTfJfb/hUmpXoTR4st8dTBCsjXwoQOpFam558iri4QYcULuOPw/LZCK0s5etlF+OFqPL9hXs3Q9IteyYmfRanJnMYD37kwa5Aa27Y69X/1ghtJpAjVLVbhjN40cGJVG5MOUfzp8FvfdXV12CsJLTNmIqja1ZE9jiBYXjWujcbsDbr2hyj5Q7utEgUgFkKnryQPSjm0KFMbw/C6Ax9T7c03kRJWKwQI9FLVV9blFf0locklqwHFitpuFjTPpgzyVfM1Bg3aE6p4Pg991bHVWVu/tRmkyjcaZCVEhQCu66enP7aRlNaNucnr62LAb/HmUR0gu8auytQtAJ4vN/VT1j5pukpwG1ZSDp+cze8AZ28cntU879hAYazOE2BQ6T9l4ILeVAsyZG+6P6xRl/pIrGkEz19XzNWPb/z3EuTf0ynYrAH/hN8ua3OZIUzYiTJGOqbVwOvI4virlFUJoGVjYe9fe1rIWBJYKVqPNuoyiJfV53I26WfLBJColMPwGshpTYaJ3oDFLt+rNRjSd/BV1G08G7H8b8oSxXjOjLChtEsi/+SqhCZV0U9f4f0hOWXdRMABNdy3tM5FZKvQ+dhC16aHOnU2eiB2NJFVkQEGAhybaScXDG0KYw3Q==,iv:N2G9kKRYjlzEgb9C0YHcxEK//0mPGDiFR2aejDvIOOk=,tag:riaKsVBUIm796ft4wd6+ZA==,type:str]", + "data": "ENC[AES256_GCM,data:Eqs7gGYCuy/iov/MHj0j5xV1qlikWscrHotmtIxn//B44VPsN9WKyJMQRfAT/iLeexzRaOiveyJPt36L/BnZWEUQ3pnFn6G0pGvMD98qSqoxaR3WPZ/lI71Okf+MenTthZzWI/hdc13pa83rX/lchv2YKcyy4mHyVb/+ochLpYRLEgRXG6+Pc2D1t090A1nHsC67HNwW4BPgtgYEr3DBRVyoji+H/q7q1h3BVZ12wPpScqR7A+f8RRuuKmUOHkGtf0vO0JFvW0ulz2DS12LvmnBCaFO2MKd+aD9nnOa1iQpr9Pg9Shp92oeXdOZ53xEfNCFaNWKLygUF4+ApG/CGb0xhUL5VQ3aYlOLoYrbiO0T4F7IQzT6R7JTHT7F2Ox72PdhXCIYE3ZZcKFkpmjaGkiExiMlFuIHoa6HziK/WFiCmjBOzavuh0lJgzgFDBuMygIlIALNtmPW0xJCzv2lhGJDprCq87zX4oIWFYX3wEqgt5PTMBJjRRM5XNZgC9MPpYx3cD6zC6dMkjv+WZZcqGaD9dZSxVDMuwhgaSDhneYuGTqjeYMsmRIBQ5c7p9EK55quDxwiDySpNH9QxBzGwmJEWiM2XbGHRmLHkqmD+t+BeK54Vd1os6aziivnOM8+2aAt0PI92dWTsAKbwot0EeEXsPsymM2X2936fIbg+Ut+abM8Eb1OJdEvMSSu0Gxw2hVTS0ErJ7kN0gDhyd2eGhQJrF+s/EmUdneIOqVw+7KHOJ6SsyZdE0ZA2hRvqiwyDIEkafTsN2nZ3fVoBc2aMVjl8fIUAp5x0ZMnR6PHI6Fk5yEJk3Qi5dgIVEl051/2AbiPHtd96+wkzFLZ26xzfYK3kwQSPrPGwpt3VHXJDo0UXr5SoWmcVpRwGCnQw1Qw1IIrp82/FC3Emjpf3G8KdFHKHv+2TTXm8qw/d+Iw1ovzgRqYcmDMePARxmvfCaTn+Tvn64070pyUGMPuLxr3EWG6DeKCei2z5IGV3CiUit+p1iWygESv7WI38gVGwA8JNvT2AMs8zVAQNSU/sOG9VO0pRwDMUOGYNCUkxaZpV4+XQIk92neEZqBPhvkYKOeSeHlZ5N7LPpq0YtwFTu2GNN3ssSgJmW2iPIwX0Xcxb6BQ9YzSzVbqci8rR8NeK1abtWhobdp6quYnygWRYwhMR4DF3t2MC/P2OZ25higDWpm5emDCa0lrpXtfrK6WO1IMEq1ZCCPFzo6CthL4zrHvX5ZD7iQZE5zERCCHOIkaRfI2UXGnwHmXSFnu1pCDwhiOEUbkvEw6mzpK6qq2ztUEhHfUDy//8cFh50PHlU4S0V35m6VqaEAX86p2RQDMbFcS4O5niOmTI2dQqVQFylyvUqRTPELo6nHWjDvBfVp0MCmZd5D7ZmLogDGsRi8T/WxoEGcAph5R3RnUEQenY/HOttYWcrmJeU6TRMC2sNNKtPkgYtvHZevFqWDF9m+KC4n5LwOR3z7avGpHuQEaCvMbQwfDhAEDHP9Awe3so67yDEKZoOZR88rvuee/1sbmUsAOXDTeipAKR1JqEKPgesi/6716Uezcu2cZz+R7WSv8OsxRgoXNswdN23F+C/w0oHyS/jbWoLZmpfWcprS4EmgUwUjEcGgrR3jy5cYBiuwtc8OhnHDEEfnd0b/V1iZKfFHewhyKFnOV94kcU+oFAweWZMrzS7F4FwY57UQ5DX83NDiT0SpQ69mS06GTtsz8nccUbrBm2v3lXW4tbIbccEEB7SdDmRx7uoRN5hAMLemw5gsJzK80zTZd9fYP89HH7QZ7jDKCPJUfVwqDbze3bWEUgmU9wUlES/BDBXB37pLXk3aTYqTUtsb6YsLcmw2aZEwNN5W9xsHtRcYx/sVZKPDxH9CVE0I890uism3sjOnOG+e8a5pp1O5ngkMs//y7vJ/wn/z/0kqx/ucuqEGvFaZ/dXjnUfCDbu4X2dcN6crmawykkEsKe4/hAuPBHBP4ld5H3NmWlvZMw5ZCo6VHffWi3UGZFqinLkeD62fS4iaCzIldfV2i6ltfBvVSw5cxwo8DD4l2C1Nb72bdI4vuVo86tZ89U+WlLd90OIeOzGFf7XEYRLFI6mCAkwJ1O1xG+sVtQDsPE0FphXc9Cr3CvcVjEU2JobrZuJqZiG5qKo4zSYwaH4nHUawo53lINnZlkAik4E0IGYLofAWwPOZ4yXpV+x92RRFrBmAUWYRpZggbATZwURnDy0H5DXjUmUHAQZbOiMWTapY3oKqFVROULjLmsU/0AULRNSIddcP1HTLFc2d9pb5rniauZ5VRnDSYmnVhUALAkwbCfZg0lcVNKr2YFNchYSFBdlzIR7GSZIGK5LlQ9yLW+tcy/lXN1lj7wG3oxay3QKcus5ZLmA/kFDRxSfV814eoQxBwW+mtAo63OzOdoKJd8Wd97gLZVBYOrmtEj7+nzeWIdocG5TCJ8f/B+oMtaRXcCaFNeov1qIg4JSju5og3u1Qd/ccufeQhvzkG0oAGjUswOp5U9TBxmjUFXPbLsUycXm2VjNIYJr0X6hKh9hTOGWiybLQOuyHvRk2b0L51nmLcLsE68diSk/mKc0hiSMt6nTbF6E8jdwcoDEqd3JwkgtSNzGxF/0PGRntoaIKB/60+o3e0p+0g9a0f10no+8wvjvGxrQMHRjIeCqeJ5sN4+gnpRcWB9bDgWdHgpSB/UtJDO+URDdDayIwF6JZFqwvrOj2WQZhfLFhaC1q0rV8X1zjIYNifGItS6fugPvboJuovK9UyGU1V7GbzT7m//dwzQEtHDePbRNw5rZStkgOp543uxOc4Uw1uvh2sipynZIpGHbAekae+N/x+Q0014U8fWp4ALxeMQZBIzCg7HUSvJj8o9X0zBbHBsSWro+yEC3kiigjTdl64yGm1cunpOZPBs4i2U/CYZW4Ny+IMqspdG2IEKmYWlvSEz00k+zslq2JFJsZEwDlL83Ws2ZeU54eeftlYHWFVpbjfugO4dWVCDO/nGKjAldva1MvniABLf2kv3m0JuQPPH8in/MLpCd82wgFaFLGVB70gGvpplKsj3E1Hx2uQ6xt2FCLIUyFyxbwxo8iX+HAASOsDmIaSIu1QSviy2zZ2o1hO5YrAeaUVr2as9fVUuOGnDXT65OqyEUYUhVMf32QX/5XnYDoBoj88wl3q8Jqw4MCv4oypUbTseZDmx3pIoumaWnir6m3b46yEBYR/F7rJ9h8Cy1w0xe/ayJmd8tVvImGdI3i47B/SbbdbCkoLVuvNRE7dij1u17v+YvkJKWnF11K4aRDHWPKavDh4XeWjBgZeKTTMAWFqUbgJZ25IwUlvmvFRhY4s160IssWP7iIAa/3z+zAa0b5xoNp16XvZV1s2a2XkkrE9AxJ8WdCD7Ai4qCbDUaLkZt2RH8qmxZCKZK1H/oBeZHHIkN/HjTWFYS2SIZs9PAFCKWJR0+ThXJdHv5YnZ9BsWiO/iE24k6COsZdoXODwkTG6QiNQEZEJKozJmrBwE9Y+15nGTgb1YoN37LYe+T36kk9aC2Dxn0ktLihDyCqubgbVV16C/9Xq7bvhrKODyknDNhYGVysA9xzqzNjjyS1YoP8m7sIHj4vokXmfb9DIrOmE0Q5qGveAv9larXwbwj0K5SOqqpfe7OwQOYTRse2TlenZ9GENN18aS6APBi66u8uOb0a0nQoUE4j+/PjzybMmKSH+J9rXI+Y2vvG8XqyhIYY+YuiajKjkN/t7AGF/nZ3Y66ei9H4KZwsl8MtJT4Vnqe116XxsIO9dR7sTq0MxIMyabYmFIhPxUdnf+sXneVttaINCacuYrxXakLRPW6yAoqgaUcehmkR+TgSBr4138rC9hRzXVz4WsL3VgtceHTUNugnHfrjsrJJvvepDi2/BA3rkblA0TiSpOnGrLgXZIRA1FRFPd74cZIQ3Z2jK9OAXyBuAQpM1I0JrX5/YVWn22luDQcyD90JLzSRQPB/kZ0KA6ifR7AcVYrk9LdWWgr5dAxJZn4mniJs8DycDSlba6mkKOeCLiEeZGLrRXSnzkebNZxR+cnQwRRTZRP+w0yS07cGuangHf6PsBBpIx5eShyGdtnRM+xTQcJtnjXgE/pVnpXsU4CgXUbuVBhdnevSpP8s+sCFdXxMSxdPeSwtDahwn13OnQb5a+aHhG9+N+R8UkzC9drld+YmLhtbTgMzklHIUDQ+CRfjvBf91g+y3TAjF2SEPnfbLXdCIRmESbakdqP8MWRNVwTt18yLDwmrLqvvQ+FJ7YLZ9I73ID0mCfyELZ112Ti7rlhcAfWBQKhCl/JFzPmlXO2GbqPEhbX2zP9igJgrWNw7hinsnR5YP0jXypxyPW7/btxxPBQSzF6rweFUclwfyxdZ7K3J05EEYrzsvRRb1EuGh4UoVwUiazifzbYaiqB9eRXeU66VTRcHW8RMQdLiiNfTTDe6uPWGbk2y59Vv/wXccQ+zXfq4IMz10UmhnT0aNLSBH4M8J073bjyADlsekn7NEWCtN9BNI7wQlnePK9PPrUR5AOQqeZ3JBMeESovDA/YcPjiMfZMvgUcRj4SXdsGDiPkKuRtFQC8SdznaZRJsd/WGGVyLVKo4sMk3z3G/rT+acWJzSFYF9L/2F3WAo2OF9AbTWoLkjyR3hrE3xh0qBBWljAQjE9nWcdKOJbqX5tS0ewDYcK3fn7fx8Qpzf1QugXj+rv7T8rrTa2dgcdd8mjayD8l/4nCXQQnoNC3rncg95faPofIwsQFJSBp8EaSFtNKvewqEfhok67fjECaR6DkJ97b35yFbJ4maObyzYtpkTCq2k/r83cFl51TOpy8SreruUmZIvE5xlIzv1MOos0Uain6mZ04s3VKgn+/af71YP7KZDO36R9cZc5VZ/Z9ZHdYMqbFi/iCriEwBKsF5cDA5rz4sH7qe3vKJCRBgelmL3AWCynw4BmPw8gEu/aZYXnSDfcLitbMkHuKKDnnGk0iihH5QksJiVTDDcnGDacLCTlJ2JV29DiUc9deXrRz1rjHMpdgLLxkkTRdu/U8LNETk4Se2zVgQuSzT2Z6LPB9R0HiljDH0MclRJNiM0aLHQPXgEB/tbHWzw5ltUtOrVzrHtNFl6linnWt/tCRWFHAK9fllTbozDiIWNJMrr0+laCr6/YUjCGay3FLjBEyzAIl+qhMryIhYURqWSWSnUl0UYeMgkryBbFBBnCjYzKk8eu+bR4ilzzA83PgyJW59nuslMfGLEKBcIJ6Lk5LioNUdyQym/mwoQlK94LbfMMCe1Xk6mhifvank+jXnsFs4y8Fjkk4/q+bIec41jJHLo+EOlWTCFs2kdvh/dR+Q1g9DwBFiUHJC9/Le0AbDsdxoO+P2D8ZcPEVD2VyiMJa9BPeetpApzJo0ykgpiA46j0JP9boBH9xvS8Vumet6Maa+KrOdrl0dfwcTrdqaPreeHTfUXur23ljIdzyrwxVSr4gpqDFN5QsfuypltjRRG2UKal6C2a3dJe+gq7g4xvqXJQrCQuC91qSpmQGxG8bdP86e0Hg1feZ96lM6wCGnivtNHkDq3e8O5be0a0SVopIDWZuUMzMBTpXEe8dATmKZpaAtiJ6Trg9BXDtsMWG9cSQ0uNk7PwnFjwmjG1pov1nClQ+TR3M9DJrrUs9Tnemf1sYNypFNF6bRy+wq2dDgl+JIIAMun7XMY4Tgn3u+gfEcrsrBqBVlxQo8FTM3RFb2jrM3YjEY2LeqlVRnQ5BKj0eHJTUXbmMBiZV4ijq/o8I/oVRlkqy9MOxsM48TgK0DZyAx1adOmaFHZx5NJagcfHbanzUN+qjqJeO1LL2z4K0w8bxcz3WlidJtuv/ii8M7rzeHNQmC5qFgkHMuAJ/k/KTg4uxRy6UFRQsBAbUgZi2iXe8Ca3RN3Rg9/sY7U5v1SrRV+9tNa9iiisVoxDYv1GYdsRbtIly6uyhfw6Vzxe1RzA+PtlWtDUXkBj9cm8l/UvhZ8j2ZLVstno/fOjc+zyNUSZekHriZSrKrcYJHJrKx/o7CTAr2jMRHBac3fstypc+t5xRVW5afDHbdgDVsEna7dXZIogG47yacmlDP6Wtra9SiJjJbIsT48dGMs/cBPJ0LAb0l2d6jFXU8nUdNBovULuSGsENeVdSEkZ1eEcVg3duSEAllX9x0ArJVCjqRa49qQyBesbePHhVrkAFRdMB4OijJsNPPOOI69OrX4YRrUZzzcjcEUPHQwSgGwzZQRnuS7UAwq68Hq3kpm7OXjgyBaziG4/QxeGPESlMXUZHQCUnFI5aHooQGnWbtMlgwtKZQC5Vt45vJUTfMRQmvbPhQsmeOF04U3J2gilsdoeEU+0iZ4ogZkbA3u8eMDSWniNCjq0J2OV+ru2PQ/+BVbY3asURfOKe9YO3LKGzkFZqkIGE7KeowgLUUGOEEVIT/DS2iITuLTsM1hXlzDTmofzXl3LTJmV4i2PO/QFRD/lKoJJSjd+Gv/nOaFogieIryn2w6QmGbceSYm+sLpz1ZNiWdgJqLhS44JXjaL9Gx7i19arf2MpbLt8+IbnLnmY239VDLMUXyxzspPFtOPosd45ufodT7BCqEvEXiWHbqinEWX2bXqVGhe3i8fBZoyrBrsFTDHBKbKrKaDKZ2jz/4tcMGWoLJ2WZ3gGmQyhNxxcDndzTg2xN1K8INPns5oiSpBWy8/7K1xOlVcfZsvKHxcDaDUtCDmj4Ha7DXqEWTyXKLv+BkVBgoATw02FhjCbSmyBGsE4LvuS6GyIAXBjIx3chrKg7jKga3VbeGaoHwbvn0j3+PTvuU2/48gdnJJhDHTYOjXiKVJyEdeQA0xIGtNaocSIvV9c1/qAizcMLfViwGdSGdLYX9pG+i2tbKqq0g+SXY+QZSg0et+NIprghiEIfDyWqN/loGkHVZmeFGC6SCEss6coYwQKFR9mPGzeACIf8LIg0N1J8yFTn4S6GHonoIfYATQ4z8e2aT4CrREDFX06gwi03uATZHisjni2Le1sAbzQ/03I6p7lbFaS6OrYM3copQvdcNRde+n19Kp8rqo8JIPQzecprz4xETVjb3HuK1Pza+IYVCwaFvz407TgqAQ4A04Gdv/q/D8pRIoa/IN1tEnZ5y2XPLFS+LA/AExZCwQAZ8dDV2Pf1mxRsE754Z6n+m7BH1bLXmiPp2o3sjRfY1gjedxEHhSCJotGodD46tFdLdcItVyIdsARvBzUCrB9cHiSvx9NuxE55UTk6lD5ORHv7VPgplu0WBV3fXx6FVbZX8d5aq1yhBc2dalrntmHrtq4DAaf4tUQp1N0vsRJQiIKG9WNWpWnk2lsN5UueEJjFIVCNDVcAkqBLtyMTG1JOnPvHEdsLPMQdk6TKmb/t1jLuGOew3iGdZN1YQFV1TV371YEGgW4dTul4pPlEqUn7HzO12wZzeAZh0izA7oC0tscoOXo70hBql06KU1IGtyIs/5+VgpliVLsXj0f9W1CVZFapS21PhPM8iHa1opoQ6kXcsoFUdfxBOubn+YqBSbV5HvJbYP2Iwhhe/xYKLTpfhzLTJZoFoHFpqpKTn4iepNokCwx7p4x0DHRXl8gdxUWi842neBOVcRE+HzuOMghb5GlBP8UOjLfLXcJiGyHxbSt5AlkBTlPLMT8Pm4Qqk/wa4MkYRl3fzCmfM/CoFq+Sut73KnWowHLxEzAfQ+j9R0s3H4w8S95cenjl5yivpBJQFpHZFAxTxHFfbfBe6NxsHDUY5Zx6Lhhfgn1q+2hC2i6w5v3zXKWVpB8RpXL5tUGOE7C6Uy42AawRx0RuG7I8zOOf/Iuo8YY6hetZDxeQbI6fZ5+CHeWar8Kq9WDXWJVpy1ZYk3WxYISH1q52hYSuUcjr055e5dkn/XXHmwNSyfX2upq9Of9GKn4QGxvzdPoUyBusLrRJmc0Wgl9ajXpg4FRisog5cprprtj8sddEXKNV41P+3TNE4/QjE0QIIZUReqjefMTFeQSy+g22v6Y6nTkjBcam7ySmi1OL4d2hcJnsxuF4F2IbRB77FfEWVmoUXgQALiI7xUtd44pV3xABxDkTMkZoX6bD+zrO5rv1QKzykRvI5z9jWMgineJSEUtPgGkG6BvYvrI47JDdkEC4UcXpofGiC25gcUwHTmF6LDsc95qY+B/svuDgbc4L98+UXVaACHO+fGhDOnihWi4T7LQhE/XMH9XK72RdwumtSZcGWRRgzeBwYk9ZQpOoQhsw0V/oC+2FAinK4a4KPwnnmfm9h2TXQN4+gs/sEfEt7iJ0UzY2cUrClnYQv/4zW/P4tj4rLBo2ctVH8kbFs7xLDFbPSrORI3VrAAaBz6OIbGJOc9EQMq4Al9nJhCbpqRsdx1SJCFtKBw8Jo9fS/VLQFw3qXTRojNgKB78CmIef0XlBplGhDadZprBW/bqML1cOgSV3+veBqMj+YdvxuGOlOBkrh4D+YTTymnEFyFTgZNSlYJZYDCDUK7HD9H3ivJo+mm05EzUcQDq8G5AY7Cyzc3KSoC4Mm9e9TGwmbieg7v1cn63nk9/FPrQ9oA8Mk4wt28vSGsbTLHit9uItJvToZMFjU78hQs4AWl1540l84PER9BFY2RJ3BLUqaRkexOa5QKEq/bmZPH3/Q09NZgrgb3y/LeC4QTow8xNttQrHkH9rda2MrjQNmx/ORZEATuyAlI52FCI8tnsQo9nx6ozMc56d6/VMoh/DCJn7fwE8XdrfW9JZPnuYYcyCjFDS4TdVqf+AlD3rUzWE5jVDtejKvGL3DbgPMfhI5oTlyoX1SPm1BqGZYADBQdtsF/Rbgdgg3RuV2nscbPgEjuuIk3UQGRGi5tdRe078LGV+wU8rKZaNZW7/gCW9qn/eZD4PTgNO3G0HWbh1RuOm55PknVKZQJEcap7rgKUJNptVuB3xq9Mu88Z3Z6H/u/4tFImiDlBwAFwAIbgAMuWeS9mrc7zvXuwdRYJlnjZ4UUeYCZruc+IcnvNQU6fRa6eiEkMQQFNOUhAjnqd0ZPJwBnQwg05RqnZ9GWl7m4XoxErEYlydzUQukxZ28hubkbuWiYzIMB5/VX4weUS+izuqglJV3MiXDVHZUtjiZdHOrUGIzpsb38VsIHmCKcbeD9EcCLLZmXLKkEQ+KtHmtn+W/4bTrXw6jFozsekbZHWv1jyLgkGXyfXK/5sbDFD43ZJwl2yLBgPhJN6Kd+5XxeinQmhm7WvwOLRqwtLn/M6+K/VuFX90DDXaKxs1ZkWdJzXEbyYaiszbjX+VzqUlF8vp2Us60lU4KtWImSQy5+swuYbba3y89mwtOHRhvwK71StvF/ugkQD7wnF78yYgyjfgV/BEK5loCUb5EnkkJtyHYuomKvJDd0/dOfHzzaW2p2+IWO146EW9VjsSzDVfqQ/Nrj+PD/CPg49txt1MHCa4oEWOTcPyz89IXAqyyCY20PtjqJ5raU5UBy5CuqOlH6RRIDcXDzexq6vjIizHFBC9JTXbg0fskqOFlk9x8/D3W15L8PBJsaz3CttOEXhuw408WwGzlY4EDKWJeFgMHA6lGcxxkPnJ290WpPl7lVRXQKDxPyxlSflmKuoduvBV8bUlgQ9eP5fhwcNJA7A+trEYwIAHctJV6QtXo04mm76bZw2ZsBX+29TdbyTkznHyuyA6hcy4pSiudmZsPYUhxSMEpHJ+Ksvf2kEph91acH1wy87jpn6tFr5iuP+c572ScB/4ywjhLHBUkgGRYLeDxbzs5UCB56YauLZCnCu9/gLuSpyfzfWBNBac9sZgA1M/byOqBhZDxGoqwm9YbU9zE54tM3aXJrnqrBR3QQPTnCFJfn7GiO+SMTuqYbgRU0mHhHecT7iF8YoiFAUOuNi4/tTfNcyE0wc6uVQa/fjPbpXQ0hGRtSJBqZcOhAhMmLXg7LJjBNsp2mEe6VVFZ36G5ZmuMJ0DqwGMNuSWlQye/iJnSFc+ER9oLCqgALvjF1wqk4BOudUOFjcDI+CVTtVEeG5uum4cq+OQEN2UVj317GkU6Vj6GkQf7tkTsHRv4d3o961+rCpYfDT8CwKZC4yTP+bPisJowz8KmU+LkbP2nQ=,iv:oqiozntlZYeny0E4IoTfavXZuDMs8cKzeiMlxcNbFiM=,tag:gAX9pe7rmiJYhBFpLFVtYw==,type:str]", "sops": { "age": [ { @@ -143,8 +143,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpYWx1Yy9aNEpnbTdnMmR4\nK1hNTXkrSUVMaE9wR2xTbFVwYzJVVnpQZ1dJCnlKQ2FMa20wUy9nVlFTVmI3WEdu\nMDdIUjVjRCtBVXJzOEVLWHNFTWNkNjgKLS0tIDZiNkVzSzFRa2J6bTFIcFRMemRQ\nOFdPb0xEV2pVVUdsdmFNNGQ5d3hOc2sKeR3NUDYRGDCywMfylXpbo+FOPdtNKkKA\nVffrmB7VKnL+jhKOCjgYeLpSzAQFa3L8QZ9R1xYHa/AmlnEk3IMEBw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-02-26T10:37:56Z", - "mac": "ENC[AES256_GCM,data:b0uFWyegt9+44xGMbSkWZeQetdv3fcsUWZAHZoQfTHdFZVwOTHq3SpAjTm05I7BLS3ea1PibO0sreJBHO5W/jQXRlliQsn/SODCgIIQnbeRUHj1e1jeJmvPnL1fChufa52tQJmXT0RryatMMU+VSzuprUwE8NVlcRc76fJJ/EU0=,iv:HVhjsDfA2+QonsgElN+LBf12Za4Uo31IBNkRS+VOJxM=,tag:91BOs/2iAFUEEARI9+5zAA==,type:str]", + "lastmodified": "2026-02-06T21:14:11Z", + "mac": "ENC[AES256_GCM,data:7wpdf7B03R8F3Mj2zNApsTX4EDxiuxOHGg+BvnI4Vdg920b02dpvcsP1wkhr1EIew4dR6yxjk14Y69szRRdIqlfgQJF5WXTjsxaU/WuJYwOyylf4uOBZt/l2oiDl1/TsIq+vKNn6NgiHV1/PhYXBz5y2GxAcM1KIc9aBxD6b+G4=,iv:I/qa1KZ93a9gJXxRTjUtBRi7f7LiPvhZXgMBq9Eik/4=,tag:P0VtDXxBG2W7y6xUb2ehig==,type:str]", "pgp": [ { "created_at": "2026-01-12T22:05:07Z", @@ -153,6 +153,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.12.0" + "version": "3.11.0" } }