diff --git a/.github/README.md b/.github/README.md index 0661cc1..6a24483 100644 --- a/.github/README.md +++ b/.github/README.md @@ -66,7 +66,7 @@ nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u ``` - This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. + This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes. @@ -79,7 +79,7 @@ #### Remote deployment (recommended if you have at least one running system) - 0) Fork this repo, and write your own host config at `hosts/nixos///default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. + 0) Fork this repo, and write your own host config at `hosts/nixos//default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. 1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo) 2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured) 3) Run `swarsel-bootstrap -n -d ` on your existing system. @@ -153,21 +153,16 @@ | Name | Hardware | Use | |--------------------|-----------------------------------------------------|------------------------------------------------------| |πŸ’» **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | - |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | - |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| - |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | - |πŸ–₯️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | - |πŸ–₯️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | - |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | - |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | - |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | - |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | - |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | + |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal lapto | + |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS sandbox | + |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | + |πŸ–₯️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |πŸ–₯️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | |πŸ“± **magicant** | Samsung Galaxy Z Flip 6 | Phone | |πŸ’Ώ **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | + |🏠 **treehouse** | - | Reference configuration for a home-manager only host | ## General Nix tips & useful links diff --git a/.sops.yaml b/.sops.yaml index f828b47..a6adc63 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,6 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg @@ -21,7 +20,6 @@ creation_rules: - *swarsel age: - *winters - - *hintbooth - *bakery - *toto - *surface @@ -34,7 +32,6 @@ creation_rules: - *swarsel age: - *winters - - *hintbooth - *bakery - *toto - *surface @@ -47,97 +44,78 @@ creation_rules: - *swarsel age: - *nbl - - *hintbooth - *bakery - *toto - *surface - *winters - *moonside - - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *nbl - - path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - *nbl - - path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *nbl - - path_regex: secrets/moonside/secrets.yaml key_groups: - pgp: - *swarsel age: - *moonside - - path_regex: hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *moonside - - path_regex: secrets/bakery/secrets.yaml key_groups: - pgp: - *swarsel age: - *bakery - - path_regex: hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *bakery - - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - *winters - - path_regex: hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc + - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - - *winters - - *moonside - + - *nbl - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - *milkywell - - path_regex: hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc + - path_regex: hosts/nixos/pyramid/secrets/pii.nix.enc + key_groups: + - pgp: + - *swarsel + age: + - *nbl + - path_regex: hosts/nixos/winters/secrets/pii.nix.enc + key_groups: + - pgp: + - *swarsel + age: + - *winters + - *moonside + - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - *milkywell - - - path_regex: hosts/nixos/x86_64-linux/summers/secrets/ - key_groups: - - pgp: - - *swarsel - - - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/ + - path_regex: hosts/nixos/bakery/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - - *hintbooth - + - *bakery + - path_regex: hosts/nixos/moonside/secrets/pii.nix.enc + key_groups: + - pgp: + - *swarsel + age: + - *moonside - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: - pgp: diff --git a/SwarselSystems.org b/SwarselSystems.org index 5dd1d8c..38778b4 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -233,21 +233,16 @@ Here I give a brief overview over the hostmachines that I am using. This is held | Name | Hardware | Use | |--------------------|-----------------------------------------------------|------------------------------------------------------| |πŸ’» **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | - |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | - |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| - |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | - |πŸ–₯️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | - |πŸ–₯️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | - |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | - |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | - |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | - |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | - |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | + |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal lapto | + |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS sandbox | + |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | + |πŸ–₯️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |πŸ–₯️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | |πŸ“± **magicant** | Samsung Galaxy Z Flip 6 | Phone | |πŸ’Ώ **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | + |🏠 **treehouse** | - | Reference configuration for a home-manager only host | #+end_src ** Programs @@ -318,44 +313,6 @@ Here I give a brief overview over the hostmachines that I am using. This is held <> #+end_src -#+RESULTS: -#+begin_export html -These steps are required when setting up a normal NixOS host: - -- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): - - `systemd-cryptenroll --fido2-device=auto /dev/` - -If the new machine is a work machine, these steps are additionally needed: - -- setup the work VPN: - - using the laptop certificate `.pem` as User cert and private key (CA cert: none) - - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway` -- setup gpgsm for signing of mails using S/MIME: - - `gpgsm --import ~/Certificates/.p12` - - `gpgsm --import ~/Certificates/harica-root.pem` - - `gpgsm --import ~/Certificates/harica-intermediate.pem` - - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` - - trust the certificate and set passphrase -- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - - `pizauth auth ` - - `pizauth dump > ~/.pizauth.state` - -If the new machine is home-manager only, perform these steps: - -- (Optional) Install openssh-server -- Set hostname to the name specified in the home-manager configuration -- Install nix, either: - - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` - - (or installing nix freshly): - - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install - - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` -- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` -- For the first build: - 1) Clone dotfile repo & change into it - 2) `nix --extra-experimental-features 'nix-command flakes' develop` - 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace` -#+end_export - ** Current issues #+begin_src markdown :noweb yes :exports both :results html @@ -553,15 +510,10 @@ A short overview over each input and what it does: url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-extra-modules = { - url = "github:oddlama/nixos-extra-modules"; - inputs.nixpkgs.follows = "nixpkgs"; - }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = @@ -607,7 +559,7 @@ This file is used by [[https://github.com/shlevy/nix-plugins][nix-plugins]]. nix - [[https://github.com/AGWA/git-crypt][git-crypt]] - a separate repo containing my secrets - As for the second approach, I actually used this up to some point (see for example =7e11641: feat: add initial oauth2-proxy and freshrss oidc= as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration ([[#h:e1498bef-ec67-483d-bf02-76264e30be8e][Hotel (Demo Physical/VM)]]) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by [[https://oddlama.org/blog/evaluation-time-secrets-in-nix/][this blog article]] and large parts of it are adapted from [[https://github.com/oddlama/nix-config][oddlama's nix-config]]. + As for the second approach, I actually used this up to some point (see for example =7e11641: feat: add initial oauth2-proxy and freshrss oidc= as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration ([[#h:e1498bef-ec67-483d-bf02-76264e30be8e][ChaosTheatre (Demo Physical/VM)]]) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by [[https://oddlama.org/blog/evaluation-time-secrets-in-nix/][this blog article]] and large parts of it are adapted from [[https://github.com/oddlama/nix-config][oddlama's nix-config]]. The builtin that is added is a simple call to the =exec= function that calls a bash script. In order to keep some sanity, we are checking that we are actually calling it no an encryted nix file (even though there is no syntax check inside) and that the path given is a true nix path. Note that a string path will not be accepted, as that can have impurity implications. @@ -728,22 +680,6 @@ Concerning the =flake = _:= part: inherit (inputs.nixpkgs) lib; in rec { - cidrToSubnetMask = cidr: - let - prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); - bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; - octets = lib.genList - (i: - let - octetBits = lib.sublist (i * 8) 8 bits; - octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; - in - octetValue - ) 4; - subnetMask = lib.concatStringsSep "." (map toString octets); - in - subnetMask; - mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) @@ -795,9 +731,6 @@ Concerning the =flake = _:= part: inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); - - swarselsystemsLib = swarselsystems; - homeLib = self.outputs.lib; }; } #+end_src @@ -813,39 +746,14 @@ Other nix users can make use of these packages either by installing them directl More information on the actual packages build can be found in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. #+begin_src nix-ts :tangle nix/packages.nix -{ self, inputs, ... }: +{ self, ... }: { - imports = [ - ( - { lib, flake-parts-lib, ... }: - flake-parts-lib.mkTransposedPerSystemModule { - name = "pkgs"; - file = ./packages.nix; - option = lib.mkOption { - type = lib.types.unspecified; - }; - } - ) - ]; flake = _: let inherit (self.outputs) lib; in { - packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; }); - }; - - perSystem = { pkgs, system, ... }: - { - # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ - self.overlays.default - ]; - }; - inherit pkgs; + packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); }; } #+end_src @@ -866,7 +774,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { self, inputs, ... }: + { inputs, ... }: { flake = { config, lib, ... }: { @@ -875,8 +783,7 @@ Lastly, in order make this actually available to my configurations, i use the =i globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit (inputs.self.pkgs.x86_64-linux ) lib; # fuck - # inherit (self.outputs) lib; + inherit lib; inherit inputs; inherit (config) nodes; }; @@ -922,7 +829,6 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services - networks hosts user root @@ -960,16 +866,12 @@ The rest of the outputs either define or help define the actual configurations: flake = { config, ... }: let inherit (self) outputs; - inherit (outputs) lib homeLib; + inherit (outputs) lib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); - mkNixosHost = { minimal }: configName: arch: - inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs outputs self minimal configName homeLib; - inherit (config.pkgs.${arch}) lib; - inherit (config) globals nodes; - }; + mkNixosHost = { minimal }: configName: + lib.nixosSystem { + specialArgs = { inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; modules = [ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops @@ -984,8 +886,7 @@ The rest of the outputs either define or help define the actual configurations: inputs.niri-flake.nixosModules.niri inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm - (inputs.nixos-extra-modules + "/modules/guests") - "${self}/hosts/nixos/${arch}/${configName}" + "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" { @@ -993,8 +894,8 @@ The rest of the outputs either define or help define the actual configurations: microvm.guest.enable = lib.mkDefault false; node = { - name = lib.mkForce configName; - secretsDir = ../hosts/nixos/${arch}/${configName}/secrets; + name = configName; + secretsDir = ../hosts/nixos/${configName}/secrets; }; swarselprofiles = { @@ -1012,10 +913,10 @@ The rest of the outputs either define or help define the actual configurations: ]; }; - mkDarwinHost = { minimal }: configName: arch: + mkDarwinHost = { minimal }: configName: inputs.nix-darwin.lib.darwinSystem { specialArgs = { - inherit inputs lib outputs self minimal configName; + inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; modules = [ @@ -1026,106 +927,71 @@ The rest of the outputs either define or help define the actual configurations: # inputs.fw-fanctrl.nixosModules.default # inputs.nix-topology.nixosModules.default inputs.home-manager.darwinModules.home-manager - "${self}/hosts/darwin/${arch}/${configName}" + "${self}/hosts/darwin/${configName}" "${self}/modules/nixos/darwin" # needed for infrastructure "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { - node.name = lib.mkForce configName; - node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets; + node.name = configName; + node.secretsDir = ../hosts/darwin/${configName}/secrets; } ]; }; - mkHalfHost = configName: type: arch: - let - systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; - pkgs = lib.swarselsystems.pkgsFor.${arch}; - in - systemFunc { - inherit pkgs; - extraSpecialArgs = { - inherit inputs lib outputs self configName; - inherit (config) globals nodes; - minimal = false; - }; - modules = [ - inputs.stylix.homeModules.stylix - inputs.niri-flake.homeModules.niri - inputs.nix-index-database.homeModules.nix-index - # inputs.sops-nix.homeManagerModules.sops - inputs.spicetify-nix.homeManagerModules.default - inputs.swarsel-nix.homeModules.default - "${self}/hosts/${type}/${arch}/${configName}" - "${self}/profiles/home" - ]; - }; - - linuxArches = [ "x86_64-linux" "aarch64-linux" ]; - darwinArches = [ "x86_64-darwin" "aarch64-darwin" ]; - mkArches = type: if (type == "nixos") then linuxArches else if (type == "darwin") then darwinArches else linuxArches ++ darwinArches; - - readHostDirs = hostDir: - if builtins.pathExists hostDir then - builtins.attrNames - ( - lib.filterAttrs (_: type: type == "directory") - (builtins.readDir hostDir) - ) else [ ]; - - mkHalfHostsForArch = type: arch: - let - hostDir = "${self}/hosts/${type}/${arch}"; - hosts = readHostDirs hostDir; - in - lib.genAttrs hosts (host: mkHalfHost host type arch); - - mkHostsForArch = type: arch: minimal: - let - hostDir = "${self}/hosts/${type}/${arch}"; - hosts = readHostDirs hostDir; - in - if (type == "nixos") then - lib.genAttrs hosts (host: mkNixosHost { inherit minimal; } host arch) - else if (type == "darwin") then - lib.genAttrs hosts (host: mkDarwinHost { inherit minimal; } host arch) - else { }; - - mkConfigurationsPerArch = type: minimal: - let - arches = mkArches type; - toMake = if (minimal == null) then (arch: _: mkHalfHostsForArch type arch) else (arch: _: mkHostsForArch type arch minimal); - in - lib.concatMapAttrs toMake - (lib.listToAttrs (map (a: { name = a; value = { }; }) arches)); - - halfConfigurationsPerArch = type: mkConfigurationsPerArch type null; - configurationsPerArch = type: minimal: mkConfigurationsPerArch type minimal; + mkHalfHost = configName: type: pkgs: { + ${configName} = + let + systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; + in + systemFunc + { + inherit pkgs; + extraSpecialArgs = { + inherit inputs outputs lib self configName; + inherit (config) globals nodes; + minimal = false; + }; + modules = [ + inputs.stylix.homeModules.stylix + inputs.niri-flake.homeModules.niri + inputs.nix-index-database.homeModules.nix-index + # inputs.sops-nix.homeManagerModules.sops + inputs.spicetify-nix.homeManagerModules.default + inputs.swarsel-nix.homeModules.default + "${self}/hosts/${type}/${configName}" + "${self}/profiles/home" + ]; + }; + }; + mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); + nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); + darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in { - nixosConfigurations = configurationsPerArch "nixos" false; - nixosConfigurationsMinimal = configurationsPerArch "nixos" true; - darwinConfigurations = configurationsPerArch "darwin" false; - darwinConfigurationsMinimal = configurationsPerArch "darwin" true; - homeConfigurations = halfConfigurationsPerArch "home"; - nixOnDroidConfigurations = halfConfigurationsPerArch "android"; + nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { + minimal = false; + }); + nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { + minimal = true; + }); + darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = false; + }); + darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = true; + }); - guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( - _: node: - lib.flip lib.mapAttrs' (node.config.microvm.vms or { }) ( - guestName: guestDef: - lib.nameValuePair guestDef.nodeName node.config.microvm.vms.${guestName}.config - ) - ); + # TODO: Build these for all architectures + homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux // mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.aarch64-linux; + nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations - // config.darwinConfigurations - // config.guestConfigurations; + nodes = config.nixosConfigurations // config.darwinConfigurations; + }; } #+end_src @@ -1180,11 +1046,11 @@ Another note concerning [[https://flake.parts/][flake-parts]]: (mkConnection "milkywell" "wan") (mkConnection "magicant" "wifi") (mkConnection "toto" "bootstrapper") - (mkConnection "hotel" "demo host") + (mkConnection "chaostheatre" "demo host") ]; }; - hotel.interfaces."demo host" = { }; + chaostheatre.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; @@ -1356,7 +1222,7 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, config, system, ... }: + perSystem = { pkgs, system, ... }: { pre-commit = { check.enable = true; @@ -1378,7 +1244,6 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some nixpkgs-fmt.enable = true; statix.enable = true; trim-trailing-whitespace.enable = true; - treefmt.enable = true; destroyed-symlinks = { enable = true; @@ -1398,142 +1263,110 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some }; }; - devshells = { - deploy = - let - nix-version = "2_28"; - in { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - ]; + devshells.default = let + nix-version = "2_30"; + in { + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + pkgs.nixpkgs-fmt + self.packages.${system}.swarsel-build + self.packages.${system}.swarsel-deploy + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ + --append-flags '--flake .#$(hostname)' + ''; + }) + ]; - env = - [ - { - name = "NIX_CONFIG"; - value = '' - plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { - buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; - patches = (o.patches or []) ++ [./nix-plugins.patch]; - })}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - } - ]; - }; - default = - let - nix-version = "2_30"; - in + commands = [ { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - pkgs.nixpkgs-fmt - self.packages.${system}.swarsel-build - self.packages.${system}.swarsel-deploy - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ - --append-flags '--flake .#$(hostname)' - ''; - }) - ]; + package = pkgs.statix; + help = "Lint flake"; + } + { + package = pkgs.deadnix; + help = "Check flake for dead code"; + } + { + package = pkgs.nix-tree; + help = "Interactively browse dependency graphs of Nix derivations"; + } + { + package = pkgs.nvd; + help = "Diff two nix toplevels and show which packages were upgraded"; + } + { + package = pkgs.nix-diff; + help = "Explain why two Nix derivations differ"; + } + { + package = pkgs.nix-output-monitor; + help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; + name = "nom \"$@\""; + } + { + name = "hm"; + help = "Manage home-manager config"; + command = "home-manager \"$@\""; + } + { + name = "fmt"; + help = "Format flake"; + command = "nixpkgs-fmt --check \"$FLAKE\""; + } + { + name = "sd"; + help = "Build and deploy this nix config to nodes"; + command = "swarsel-deploy \"$@\""; + } + { + name = "sl"; + help = "Build and deploy a config to nodes"; + command = "swarsel-deploy \${1} switch"; + } + { + name = "sw"; + help = "Build and switch to the host's config locally"; + command = "swarsel-deploy $(hostname) switch"; + } + { + name = "bld"; + help = "Build a number of configurations"; + command = "swarsel-build \"$@\""; + } + { + name = "c"; + help = "Work with the flake git repository"; + command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; + } + ]; - commands = [ - { - package = pkgs.statix; - help = "Lint flake"; - } - { - package = pkgs.deadnix; - help = "Check flake for dead code"; - } - { - package = pkgs.nix-tree; - help = "Interactively browse dependency graphs of Nix derivations"; - } - { - package = pkgs.nvd; - help = "Diff two nix toplevels and show which packages were upgraded"; - } - { - package = pkgs.nix-diff; - help = "Explain why two Nix derivations differ"; - } - { - package = pkgs.nix-output-monitor; - help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; - name = "nom \"$@\""; - } - { - name = "hm"; - help = "Manage home-manager config"; - command = "home-manager \"$@\""; - } - { - name = "fmt"; - help = "Format flake"; - command = "nixpkgs-fmt --check \"$FLAKE\""; - } - { - name = "sd"; - help = "Build and deploy this nix config to nodes"; - command = "swarsel-deploy \"$@\""; - } - { - name = "sl"; - help = "Build and deploy a config to nodes"; - command = "swarsel-deploy \${1} switch"; - } - { - name = "sw"; - help = "Build and switch to the host's config locally"; - command = "swarsel-deploy $(hostname) switch"; - } - { - name = "bld"; - help = "Build a number of configurations"; - command = "swarsel-build \"$@\""; - } - { - name = "c"; - help = "Work with the flake git repository"; - command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; - } - ]; + devshell.startup.pre-commit-install.text = "pre-commit install"; - # devshell.startup.pre-commit-install.text = "pre-commit install"; - devshell.startup.pre-commit.text = config.pre-commit.installationScript; - - env = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - [ - { - name = "NIX_CONFIG"; - value = '' - plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - } - ]; + env = let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; }; + in [ + { + # Additionally configure nix-plugins with our extra builtins file. + # We need this for our repo secrets. + name = "NIX_CONFIG"; + value = '' + plugin-files = ${nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + } + ]; }; }; } @@ -1587,32 +1420,10 @@ Otherwise, I define the function =mkTemplates= here which builds a named attribu Defines a formatter that can be called using =nix flake format=. While a nice utility, I have stronger tools to perform this job. #+begin_src nix-ts :tangle nix/formatter.nix - { inputs, ... }: + _: { - imports = [ - inputs.treefmt-nix.flakeModule - ]; - perSystem = { pkgs, ... }: { - # formatter = pkgs.nixpkgs-fmt; - # formatter is set by treefmt to: - # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); - treefmt = { - projectRootFile = "flake.nix"; - programs = { - nixfmt = { - enable = true; - package = pkgs.nixpkgs-fmt; - }; - deadnix.enable = true; - statix.enable = true; - shellcheck.enable = true; - }; - settings.formatter.shellcheck.options = [ - "--shell" - "bash" - ]; - }; + formatter = pkgs.nixpkgs-fmt; }; } @@ -1725,7 +1536,7 @@ On the structure of overlays: as you notice, all of the attributes within overla overlays = { default = final: prev: let - additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } + additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; } // { swarsel-nix = import inputs.swarsel-nix { pkgs = prev; @@ -1738,11 +1549,6 @@ On the structure of overlays: as you notice, all of the attributes within overla # withSystemVencord = true; # }; - lib = prev.lib // { - swarselsystems = self.outputs.swarselsystemsLib; - hm = self.outputs.homeLib; - }; - firefox = prev.firefox.override { nativeMessagingHosts = [ prev.tridactyl-native @@ -1793,19 +1599,15 @@ On the structure of overlays: as you notice, all of the attributes within overla (builtins.attrNames nixpkgsInputs)); in - lib.recursiveUpdate - ( - (additions final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nixgl.overlay final prev) - // (inputs.nixos-extra-modules.overlays.default final prev) - ) - (modifications final prev); + (additions final prev) + // (modifications final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nixgl.overlay final prev); }; }; } @@ -2111,7 +1913,7 @@ My work machine. Built for more security, this is the gold standard of my config :PROPERTIES: :CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/default.nix +#+begin_src nix-ts :tangle hosts/nixos/pyramid/default.nix { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; @@ -2195,7 +1997,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:25115a54-c634-4896-9a41-254064ce9fcc :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/pyramid/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: { imports = @@ -2275,7 +2077,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:e0da04c7-4199-44b0-b525-6cfc64072b45 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/pyramid/disk-config.nix { disko.devices = { disk = { @@ -2369,7 +2171,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :PROPERTIES: :CUSTOM_ID: h:6f80d614-d76a-433b-8956-78d7b323b68c :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/default.nix +#+begin_src nix-ts :tangle hosts/nixos/bakery/default.nix { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; @@ -2435,7 +2237,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :CUSTOM_ID: h:bbba1646-fb5f-4d04-baf0-f606037a8b39 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/bakery/hardware-configuration.nix # Do not modify this file! It was generated by β€˜nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. @@ -2465,7 +2267,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :CUSTOM_ID: h:72444f85-7951-47c0-858f-b51d8299de8c :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/bakery/disk-config.nix { lib, pkgs, config, ... }: let type = "btrfs"; @@ -2590,7 +2392,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se } #+end_src -**** Winters (Server: ASRock J4105-ITX) +**** Winters (Server) :PROPERTIES: :CUSTOM_ID: h:932ef6b0-4c14-4200-8e3f-2e208e748746 :END: @@ -2601,8 +2403,8 @@ This is my main server that I run at home. It handles most tasks that require bi :PROPERTIES: :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix - { lib, minimal, ... }: +#+begin_src nix-ts :tangle hosts/nixos/winters/default.nix + { lib, config, minimal, ... }: { imports = [ @@ -2614,29 +2416,25 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; - # globals.networks.home.hosts.${config.node.name} = { - # ipv4 = config.repo.secrets.local.home-ipv4; - # mac = config.repo.secrets.local.home-mac; - # }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = "winters"; + firewall.enable = true; + enableIPv6 = false; + firewall.allowedTCPPorts = [ 80 443 ]; + }; swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = false; - isCrypted = false; + isSecureBoot = true; + isCrypted = true; isBtrfs = false; isLinux = true; isNixos = true; - server.garage = { - data_dir = [ - { - capacity = "200G"; - path = "/Vault/data/garage/main"; - } - ]; - }; }; } // lib.optionalAttrs (!minimal) { @@ -2646,7 +2444,6 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules.server = { - diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -2676,7 +2473,6 @@ This is my main server that I run at home. It handles most tasks that require bi # snipeit = lib.mkDefault false; homebox = lib.mkDefault true; opkssh = lib.mkDefault true; - garage = lib.mkDefault false; }; } @@ -2687,7 +2483,7 @@ This is my main server that I run at home. It handles most tasks that require bi :PROPERTIES: :CUSTOM_ID: h:0fdefb4f-ce53-4caf-89ed-5d79646f70f0 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/winters/hardware-configuration.nix { config, lib, modulesPath, ... }: { @@ -2734,489 +2530,6 @@ This is my main server that I run at home. It handles most tasks that require bi hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } #+end_src -**** Summers (Server: ASUS Z10PA-D8) - -***** Main Configuration -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { inputs, lib, config, minimal, nodes, globals, ... }: - { - - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - swarselsystems = { - info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; - flakePath = "/root/.dotfiles"; - isImpermanence = true; - isSecureBoot = true; - isCrypted = true; - isBtrfs = true; - isLinux = true; - isNixos = true; - withMicroVMs = false; - }; - - } // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = true; - }; - - swarselmodules = { - optional = { - microvmHost = true; - }; - server = { - diskEncryption = lib.mkForce false; # TODO: disable - nfs = false; - nginx = false; - kavita = false; - restic = false; - jellyfin = false; - navidrome = false; - spotifyd = false; - mpd = false; - postgresql = false; - matrix = false; - nextcloud = false; - immich = false; - paperless = false; - transmission = false; - syncthing = false; - grafana = false; - emacs = false; - freshrss = false; - jenkins = false; - kanidm = false; - firefly-iii = false; - koillection = false; - radicale = false; - atuin = false; - forgejo = false; - ankisync = false; - homebox = false; - opkssh = false; - garage = false; - }; - }; - - microvm.vms = - let - mkMicrovm = guestName: { - ${guestName} = { - backend = "microvm"; - autostart = true; - modules = [ - ./guests/${guestName}.nix - { - node.secretsDir = ./secrets/${guestName}; - } - ]; - microvm = { - system = "x86_64-linux"; - # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; - # interfaces.vlan-services = { }; - }; - specialArgs = { - inherit (config) nodes globals; - inherit lib; - inherit inputs minimal; - }; - }; - }; - in - lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) ( - { } - // mkMicrovm "guest1" - ); - - } - -#+end_src - -***** hardware-configuration -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/hardware-configuration.nix - { config, lib, modulesPath, ... }: - - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - - supportedFilesystems = [ "zfs" ]; - zfs.extraPools = [ "Vault" ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } -#+end_src -***** disko - -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/disk-config.nix - { lib, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } -#+end_src -***** Guests -****** Guest 1 -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix - { lib, minimal, ... }: - { - - swarselsystems = { - info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; - }; - - } // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = false; - }; - - swarselmodules = { - optional = { - microvmGuest = false; - }; - }; - - microvm = { - mem = 1024 * 4; - vcpu = 2; - }; - - } - -#+end_src - -**** Hintbooth (Router: HUNSN RM02) - -***** Main Configuration -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/default.nix - { lib, minimal, ... }: - { - - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - swarselsystems = { - info = "HUNSN RM02, 8GB RAM"; - flakePath = "/root/.dotfiles"; - isImpermanence = true; - isSecureBoot = true; - isCrypted = true; - isBtrfs = true; - isLinux = true; - isNixos = true; - rootDisk = "/dev/sda"; - swapSize = "8G"; - networkKernelModules = [ "igb" ]; - }; - - } // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = true; - router = false; - }; - - swarselmodules = { - server = { - nginx = lib.mkForce false; # we get this from the server profile - }; - }; - - } - -#+end_src - -***** hardware-configuration -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix - { config, lib, modulesPath, ... }: - - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } -#+end_src -***** disko - -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/disk-config.nix - { lib, config, ... }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } -#+end_src **** machpizza (MacBook Pro) :PROPERTIES: :CUSTOM_ID: h:28e1a7eb-356b-4015-83f7-9c552c8c0e9d @@ -3224,7 +2537,7 @@ This is my main server that I run at home. It handles most tasks that require bi A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed). -#+begin_src nix-ts :tangle hosts/darwin/x86_64-darwin/machpizza/default.nix +#+begin_src nix-ts :tangle hosts/darwin/machpizza/default.nix { lib, config, ... }: let inherit (config.repo.secrets.local) workUser; @@ -3257,7 +2570,7 @@ A Mac notebook that I have received from work. I use this machine for getting ac My phone. I use only a minimal config for remote debugging here. -#+begin_src nix-ts :tangle hosts/android/aarch64-linux/magicant/default.nix +#+begin_src nix-ts :tangle hosts/android/magicant/default.nix { pkgs, ... }: { environment = { @@ -3309,8 +2622,8 @@ My phone. I use only a minimal config for remote debugging here. **** Treehouse (DGX Spark) -#+begin_src nix-ts :tangle hosts/home/aarch64-linux/treehouse/default.nix - { self, ... }: +#+begin_src nix-ts :tangle hosts/home/treehouse/default.nix + { self, outputs, ... }: { imports = [ @@ -3320,6 +2633,12 @@ My phone. I use only a minimal config for remote debugging here. "${self}/modules/nixos/common/meta.nix" ]; + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; services.xcape = { enable = true; @@ -3360,6 +2679,207 @@ I have removed most of the machines from this section. What remains are some hos - =MilkyWell=: cloud server used for very lightweight sync tasks of non-critical data - =Moonside=: Proxy server + some lightweight services +**** MilkyWell (OCI) +:PROPERTIES: +:CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf +:END: + +For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. + + +***** Main configuration +:PROPERTIES: +:CUSTOM_ID: h:922105c3-a604-47d9-918b-db1803784c75 +:END: + +#+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix + { lib, minimal, ... }: + { + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + tmp.cleanOnBoot = true; + }; + + networking = { + nftables.enable = lib.mkForce false; + hostName = "milkywell"; + enableIPv6 = true; + domain = "subnet03112148.vcn03112148.oraclevcn.com"; + }; + + topology.self = { + icon = "devices.cloud-server"; + }; + + hardware = { + enableAllFirmware = lib.mkForce false; + }; + + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; + }; + + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; + }; + } + +#+end_src +***** hardware-configuration +:PROPERTIES: +:CUSTOM_ID: h:64dddedd-9b13-4b74-baf0-1d54d5a89d3b +:END: + +#+begin_src nix-ts :tangle hosts/nixos/milkywell/hardware-configuration.nix + { config, lib, modulesPath, ... }: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + } +#+end_src +***** disko +:PROPERTIES: +:CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d +:END: + +#+begin_src nix-ts :tangle hosts/nixos/milkywell/disk-config.nix + # NOTE: ... is needed because dikso passes diskoFile + { lib + , config + , ... + }: + let + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + "/home" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/home"; + mountOptions = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + "/log" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/var/log"; + mountOptions = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + "/swap" = lib.mkIf config.swarselsystems.isSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = config.swarselsystems.swapSize; + }; + }; + in + { + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = config.swarselsystems.rootDisk; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + root = { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + } + + +#+end_src **** Moonside (OCI) :PROPERTIES: :CUSTOM_ID: h:f547ed16-5e6e-4744-9e33-af090e0a175b @@ -3372,167 +2892,169 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:a8f20a56-ce92-43d8-8bfe-3edccebf2bf9 :END: -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/default.nix - { lib, config, minimal, ... }: - let - inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; - inherit (config.swarselsystems) sopsFile; - in - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; +#+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix + { lib, config, minimal, ... }: + let + inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; + inherit (config.swarselsystems) sopsFile; + in + { + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; - sops = { - age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; - secrets = { - wireguard-private-key = { inherit sopsFile; }; - wireguard-home-preshared-key = { inherit sopsFile; }; - }; - }; + sops = { + age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; + secrets = { + wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; + }; + }; - boot = { - loader.systemd-boot.enable = true; - tmp.cleanOnBoot = true; - }; + boot = { + loader.systemd-boot.enable = true; + tmp.cleanOnBoot = true; + }; - environment = { - etc."issue".text = "\4"; - }; + environment = { + etc."issue".text = "\4"; + }; - topology.self = { - icon = "devices.cloud-server"; - interfaces.wg = { - addresses = [ "192.168.3.4" ]; - renderer.hidePhysicalConnections = true; - virtual = true; - type = "wireguard"; - }; - }; + topology.self = { + icon = "devices.cloud-server"; + interfaces.wg = { + addresses = [ "192.168.3.4" ]; + renderer.hidePhysicalConnections = true; + virtual = true; + type = "wireguard"; + }; + }; - networking = { - domain = "subnet03291956.vcn03291956.oraclevcn.com"; - firewall = { - allowedTCPPorts = [ 8384 ]; - }; - wireguard = { - enable = true; - interfaces = { - home-vpn = { - privateKeyFile = config.sops.secrets.wireguard-private-key.path; - # ips = [ "192.168.3.4/32" ]; - ips = [ "192.168.178.201/24" ]; - peers = [ - { - # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; - publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; - presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; - name = "moonside"; - persistentKeepalive = 25; - # endpoint = "${config.repo.secrets.common.ipv4}:51820"; - endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; - # allowedIPs = [ - # "192.168.3.0/24" - # "192.168.1.0/24" - # ]; - allowedIPs = [ - "192.168.178.0/24" + networking = { + nftables.enable = lib.mkForce false; + hostName = "moonside"; + enableIPv6 = false; + domain = "subnet03291956.vcn03291956.oraclevcn.com"; + firewall = { + allowedTCPPorts = [ 80 443 8384 ]; + }; + wireguard = { + enable = true; + interfaces = { + home-vpn = { + privateKeyFile = config.sops.secrets.wireguard-private-key.path; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; + peers = [ + { + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; + name = "moonside"; + persistentKeepalive = 25; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; + allowedIPs = [ + "192.168.178.0/24" + ]; + } ]; - } - ]; + }; + }; }; }; - }; - }; - hardware = { - enableAllFirmware = lib.mkForce false; - }; + hardware = { + enableAllFirmware = lib.mkForce false; + }; - system.stateVersion = "23.11"; + system.stateVersion = "23.11"; - services.syncthing = { - dataDir = lib.mkForce "/sync"; - settings = { - devices = config.swarselsystems.syncthing.devices // { - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; + }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; + }; + }; }; }; - folders = { - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "pyramid" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + + swarselsystems = { + flakePath = "/root/.dotfiles"; + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; - }; - }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - syncthing = { - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - serviceIP = "localhost"; - }; - }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - oauth2-proxy = true; - croc = true; - microbin = true; - shlink = true; - slink = true; - syncthing = true; - diskEncryption = lib.mkForce false; - }; - } + swarselmodules.server = { + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; + }; + } #+end_src ***** hardware-configuration @@ -3540,7 +3062,7 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:f99c05ab-f047-4350-b80a-4c1ff55b91bf :END: -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/moonside/hardware-configuration.nix { lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; @@ -3562,7 +3084,7 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d :END: -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/moonside/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , config @@ -3704,7 +3226,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :PROPERTIES: :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/toto/default.nix +#+begin_src nix-ts :tangle hosts/nixos/toto/default.nix { self, lib, ... }: { @@ -3722,13 +3244,6 @@ This is a slim setup for developing base configuration. I do not track the hardw minimal = lib.mkForce true; }; - swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; - }; - swarselsystems = { info = "~SwarselSystems~ remote install helper"; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -3756,7 +3271,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/toto/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/toto/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , pkgs @@ -3903,32 +3418,36 @@ TODO: cleanup this mess { self, config, pkgs, lib, ... }: let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; - stateVersion = lib.mkDefault "23.05"; - homeFiles = { - ".bash_history" = { - text = '' - swarsel-install -n hotel - ''; - }; - }; in { config = { home-manager.users.root.home = { - inherit stateVersion; - file = homeFiles; + stateVersion = "23.05"; + file = { + ".bash_history" = { + text = '' + swarsel-install -n chaostheatre + ''; + }; + }; }; home-manager.users.swarsel = { home = { username = "swarsel"; homeDirectory = lib.mkDefault "/home/swarsel"; - inherit stateVersion; + stateVersion = lib.mkDefault "23.05"; keyboard.layout = "us"; sessionVariables = { FLAKE = "/home/swarsel/.dotfiles"; }; - file = homeFiles; + file = { + ".bash_history" = { + text = '' + swarsel-install -n chaostheatre + ''; + }; + }; }; }; @@ -3946,6 +3465,10 @@ TODO: cleanup this mess nix = { channel.enable = false; package = pkgs.nixVersions.nix_2_28; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${../nix/extra-builtins.nix} + # ''; extraOptions = '' plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { buildInputs = [config.nix.package pkgs.boost]; @@ -3997,7 +3520,6 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -4008,7 +3530,6 @@ TODO: cleanup this mess wireless.enable = false; # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networkmanager.enable = true; - usePredictableInterfaceNames = false; }; services.getty.autologinUser = lib.mkForce "root"; @@ -4035,8 +3556,6 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; - "swarsel-kernel-module" = "lspci -k -d"; }; system.activationScripts.cache = { @@ -4067,7 +3586,7 @@ TODO: cleanup this mess #+end_src -**** Hotel (Demo Physical/VM) +**** ChaosTheatre (Demo Physical/VM) :PROPERTIES: :CUSTOM_ID: h:e1498bef-ec67-483d-bf02-76264e30be8e :END: @@ -4080,67 +3599,60 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:9f1f3439-b0af-4dcd-a96f-b6aa7b6cd2ab :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { +#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/default.nix + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "hotel"; - firewall.enable = true; - }; + networking = { + hostName = "chaostheatre"; + firewall.enable = true; + }; - swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; - }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; - - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - hotel = true; - minimal = true; - }; - } + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + chaostheatre = true; + minimal = true; + }; + } #+end_src @@ -4150,7 +3662,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:849e4233-ba40-4fec-acfe-0d76e1e4371b :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , pkgs @@ -4286,7 +3798,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:6f9c1a3b-452e-4944-86e8-cb17603cc3f9 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/options.nix +#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/options.nix _: { } @@ -4297,7 +3809,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:88ccb198-74b9-4269-8e22-af1277f44667 :END: -#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/options-home.nix +#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/options-home.nix _: { } @@ -4432,91 +3944,6 @@ in mkOption types ; - - networkOptions = netSubmod: { - cidrv4 = mkOption { - type = types.nullOr types.net.cidrv4; - description = "The CIDRv4 of this network"; - default = null; - }; - - subnetMask4 = mkOption { - type = types.nullOr types.net.ipv4; - description = "The dotted decimal form of the subnet mask of this network"; - readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; - }; - - cidrv6 = mkOption { - type = types.nullOr types.net.cidrv6; - description = "The CIDRv6 of this network"; - default = null; - }; - - hosts = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (hostSubmod: { - options = { - id = mkOption { - type = types.int; - description = "The id of this host in the network"; - }; - - mac = mkOption { - type = types.nullOr types.net.mac; - description = "The MAC of the interface on this host that belongs to this network."; - default = null; - }; - - ipv4 = mkOption { - type = types.nullOr types.net.ipv4; - description = "The IPv4 of this host in this network"; - readOnly = true; - default = - if netSubmod.config.cidrv4 == null then - null - else - lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4; - }; - - ipv6 = mkOption { - type = types.nullOr types.net.ipv6; - description = "The IPv6 of this host in this network"; - readOnly = true; - default = - if netSubmod.config.cidrv6 == null then - null - else - lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6; - }; - - cidrv4 = mkOption { - type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part - description = "The IPv4 of this host in this network, including CIDR mask"; - readOnly = true; - default = - if netSubmod.config.cidrv4 == null then - null - else - lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4; - }; - - cidrv6 = mkOption { - type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part - description = "The IPv6 of this host in this network, including CIDR mask"; - readOnly = true; - default = - if netSubmod.config.cidrv6 == null then - null - else - lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6; - }; - }; - }) - ); - }; - }; in { options = { @@ -4552,44 +3979,12 @@ in ); }; - networks = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (netSubmod: { - options = networkOptions netSubmod // { - vlans = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (vlanNetSubmod: { - options = networkOptions vlanNetSubmod // { - id = mkOption { - type = types.ints.between 1 4094; - description = "The VLAN id"; - }; - - name = mkOption { - description = "The name of this VLAN"; - default = vlanNetSubmod.config._module.args.name; - type = types.str; - }; - }; - }) - ); - }; - }; - }) - ); - }; - hosts = mkOption { type = types.attrsOf ( types.submodule { options = { - defaultGateway4 = mkOption { - type = types.nullOr types.net.ipv4; - }; - defaultGateway6 = mkOption { - type = types.nullOr types.net.ipv6; + ipv4 = mkOption { + type = types.str; }; }; } @@ -4646,13 +4041,11 @@ in :END: #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix - { self, lib, config, globals, ... }: + { lib, config, globals, ... }: let inherit (config.swarselsystems) mainUser homeDir; inherit (config.repo.secrets.common.emacs) radicaleUser; modules = config.home-manager.users.${mainUser}.swarselmodules; - - certsSopsFile = self + /secrets/certs/secrets.yaml; in { config = lib.mkIf config.swarselsystems.withHomeManager { @@ -4672,8 +4065,6 @@ in github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.optional.work { - harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; @@ -4855,19 +4246,7 @@ A breakdown of the flags being set: system.stateVersion = lib.mkDefault "23.05"; nixpkgs = { - overlays = [ - outputs.overlays.default - (final: prev: - let - additions = final: _: import "${self}/pkgs/config" { - inherit self config lib; - pkgs = final; - homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; - }; - in - additions final prev - ) - ]; + overlays = [ outputs.overlays.default ]; config = { allowUnfree = true; }; @@ -4886,7 +4265,7 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }: + { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; config = lib.mkIf config.swarselmodules.home-manager { @@ -4895,7 +4274,6 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; - overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -4918,11 +4296,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the home.stateVersion = lib.mkDefault config.system.stateVersion; } ]; - extraSpecialArgs = { - inherit (inputs) self nixgl; - inherit inputs outputs globals nodes minimal configName; - lib = homeLib; - }; + extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; }; }; } @@ -5035,7 +4409,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I #+begin_src nix-ts :tangle modules/nixos/common/pii.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix - { config, inputs, lib, ... }: + { config, inputs, lib, minimal, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -5101,7 +4475,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true { + (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { common = ../../../secrets/repo/pii.nix.enc; }; }; @@ -6035,15 +5409,12 @@ Here I disable global completion to prevent redundant compinit calls and cache i let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; - servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; - systemService = true; - guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; @@ -6883,16 +6254,12 @@ Auto login for the initial session. xwayland-satellite-unstable ]; + niri-flake.cache.enable = true; programs.niri = { enable = true; package = pkgs.niri-unstable; # the actual niri that will be installed and used }; - } // { - niri-flake.cache.enable = true; - programs.niri = { - package = null; - }; }; } #+end_src @@ -6951,7 +6318,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } @@ -7073,60 +6439,9 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; - serviceUser = "nginx"; - serviceGroup = serviceUser; - - sslBasePath = "/etc/ssl"; - dhParamsPathBase = "${sslBasePath}/dhparams.pem"; - dhParamsPath = - if config.swarselsystems.isImpermanence then - "/persist/${dhParamsPathBase}" - else - "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - options.services.nginx = { - recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; - virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options.locations = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule (submod: { - options = { - recommendedSecurityHeaders = lib.mkOption { - type = lib.types.bool; - default = config.services.nginx.recommendedSecurityHeaders; - description = "Whether to add additional security headers to this location."; - }; - - X-Frame-Options = lib.mkOption { - type = lib.types.str; - default = "DENY"; - description = "The value to use for X-Frame-Options"; - }; - }; - config = lib.mkIf submod.config.recommendedSecurityHeaders { - extraConfig = lib.mkBefore '' - # Enable HTTP Strict Transport Security (HSTS) - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - - # Minimize information leaked to other domains - add_header Referrer-Policy "origin-when-cross-origin"; - - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "${submod.config.X-Frame-Options}"; - add_header X-Content-Type-Options "nosniff"; - ''; - }; - }) - ); - }; - } - ); - }; - }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -7139,68 +6454,24 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; - users.groups.acme.members = [ "nginx" ]; - security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; - reloadServices = [ "nginx" ]; - dnsPropagationCheck = true; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ dhParamsPathBase ]; - }; - services.nginx = { enable = true; - user = serviceUser; - group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedSecurityHeaders = true; - sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; - sslDhparam = dhParamsPathBase; - virtualHosts.fallback = { - default = true; - rejectSSL = true; - locations."/".extraConfig = '' - deny all; - ''; - }; + # virtualHosts are defined in the respective sections }; - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateDHParams" "users" "groups" ]; - }; - system.activationScripts."generateDHParams" = - { - text = '' - set -eu - - ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - - if [ ! -f "${dhParamsPathBase}" ]; then - ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 - chmod 0644 ${dhParamsPath} - chown ${serviceUser}:${serviceGroup} ${dhParamsPath} - fi - ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; - }; }; } #+end_src @@ -7247,205 +6518,6 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t } #+end_src -**** Network settings - - -#+begin_src nix-ts :tangle modules/nixos/server/network.nix - { lib, config, ... }: - { - options.swarselmodules.server.network = lib.mkEnableOption "enable server network config"; - config = lib.mkIf config.swarselmodules.server.network { - - globals.networks.home.hosts.${config.node.name} = { - inherit (config.repo.secrets.local.networking.networks.home) id; - mac = config.repo.secrets.local.networking.networks.home.mac or null; - }; - - globals.hosts.${config.node.name} = { - inherit (config.repo.secrets.local.networking) defaultGateway4; - }; - - networking = { - inherit (config.repo.secrets.local.networking) hostId; - hostName = config.node.name; - nftables.enable = lib.mkDefault false; - enableIPv6 = lib.mkDefault true; - firewall = { - enable = lib.mkDefault true; - }; - }; - - }; - } -#+end_src - -**** Disk encryption - -The hostkey can be generated with =ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key=. -Use =lspci -v | grep -iA8 'network\|ethernet'= to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach: - -Use =lspci -nn | grep -i network= to find out manufacturer info: - -#+begin_src shell :exports both -lspci -nn | grep -i 'network\|ethernet' -#+end_src - -#+RESULTS: -: 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] - -From the last bracket you then find out the correct kernel module: - -#+begin_src shell :exports both -lspci -k -d 14c3:0616 -#+end_src - -#+RESULTS: -| 04:00.0 | Network | controller: | MEDIATEK | Corp. | MT7922 | 802.11ax | PCI | Express | Wireless | Network | Adapter | -| | Subsystem: | MEDIATEK | Corp. | Device | e616 | | | | | | | -| | Kernel | driver | in | use: | mt7921e | | | | | | | -| | Kernel | modules: | mt7921e | | | | | | | | | - -#+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, pkgs, lib, config, globals, minimal, ... }: - let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - - hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - options.swarselsystems.networkKernelModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - - system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { - text = '' - [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} - ''; - deps = [ "users" ]; - }; - - environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { - files = [ hostKeyPath ]; - }; - - boot = lib.mkIf (config.swarselprofiles.server || minimal) { - kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ - "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" - ]; - initrd = { - availableKernelModules = config.swarselsystems.networkKernelModules; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; # avoid hostkey changed nag - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ hostKeyPath ]; - }; - # postCommands = '' - # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - # ''; - }; - systemd = { - initrdBin = with pkgs; [ - cryptsetup - ]; - services = { - unlock-luks = { - wantedBy = [ "initrd.target" ]; - after = [ "network.target" ]; - before = [ "systemd-cryptsetup@cryptroot.service" ]; - path = [ "/bin" ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - script = '' - echo "systemctl default" >> /root/.profile - ''; - }; - }; - }; - }; - }; - }; - - } -#+end_src - -**** Router - -#+begin_src nix-ts :tangle modules/nixos/server/router.nix - { lib, config, ... }: - let - serviceName = "router"; - in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - systemd.network = { - wait-online.anyInterface = true; - networks = { - "30-lan0" = { - matchConfig.Name = "lan0"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan1" = { - matchConfig.Name = "lan1"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan2" = { - matchConfig.Name = "lan2"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan3" = { - matchConfig.Name = "lan3"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "10-wan" = { - matchConfig.Name = "wan"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; - }; - # make routing on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - }; - }; - }; - } -#+end_src - **** kavita :PROPERTIES: :CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 @@ -7460,7 +6532,7 @@ lspci -k -d 14c3:0616 serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7532,7 +6604,7 @@ lspci -k -d 14c3:0616 serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7604,7 +6676,7 @@ lspci -k -d 14c3:0616 serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7640,27 +6712,6 @@ lspci -k -d 14c3:0616 globals.services.${serviceName}.domain = serviceDomain; - services.snapserver = { - enable = true; - settings = { - stream = { - port = 1704; - source = "pipe:///tmp/snapfifo?name=default"; - bind_to_address = "0.0.0.0"; - }; - }; - }; - - systemd.services = { - ${serviceName}.serviceConfig = { - PrivateDevices = lib.mkForce false; - PrivateUsers = lib.mkForce false; - RestrictRealtime = lib.mkForce false; - SystemCallFilter = lib.mkForce null; - RootDirectory = lib.mkForce null; - }; - }; - services.${serviceName} = { enable = true; openFirewall = true; @@ -7675,9 +6726,8 @@ lspci -k -d 14c3:0616 EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; - # MPVPath = ""; - # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f"; - # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log"; + MPVPath = "${pkgs.mpv}/bin/mpv"; + MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; ReverseProxyWhitelist = "0.0.0.0/0"; ReverseProxyUserHeader = "X-User"; Jukebox = { @@ -7958,7 +7008,7 @@ lspci -k -d 14c3:0616 serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -8316,9 +7366,7 @@ lspci -k -d 14c3:0616 serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - - nextcloudVersion = "32"; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8339,7 +7387,7 @@ lspci -k -d 14c3:0616 trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs."nextcloud${nextcloudVersion}"; + package = pkgs.nextcloud31; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -8347,7 +7395,7 @@ lspci -k -d 14c3:0616 configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { @@ -8398,7 +7446,7 @@ lspci -k -d 14c3:0616 serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8483,7 +7531,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -8811,7 +7859,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; specificServiceName = "syncthing-${configName}"; cfg = config.services.${serviceName}; @@ -9037,7 +8085,7 @@ This section exposes several metrics that I use to check the health of my server serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -9291,7 +8339,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -9386,7 +8434,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -9502,7 +8550,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -9666,7 +8714,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; ankiUser = globals.user.name; in @@ -9751,7 +8799,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/${syncthingIni.file} <<'EOF' - ${syncthingIni.content} - EOF - export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) - ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} - unset ${syncthingApiEnvVarName} - fi - ''; - - }; - - } -#+end_src - **** Sway :PROPERTIES: :CUSTOM_ID: h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20 @@ -16420,83 +14059,83 @@ Currently, I am too lazy to explain every option here, but most of it is very se in lib.recursiveUpdate { - "${modifier}+0" = "workspace 10:十"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Down" = "focus down"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Left" = "focus left"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Right" = "focus right"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + # "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Up" = "focus up"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+f" = "exec firefox"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+x" = "exec swarselcheck -k"; - # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; @@ -16933,12 +14572,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; - } // { - programs.niri = lib.mkIf (!config.swarselmodules.niri) { - package = null; - config = null; - settings = null; - }; }; } #+end_src @@ -16991,7 +14624,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = config.swarselsystems.sharescreen; + criteria = "eDP-2"; status = "enable"; scale = 1.0; } @@ -17063,7 +14696,7 @@ Settings that are needed for the gpg-agent. Also we are enabling emacs support f When setting up a new machine: -#+begin_src markdown :noweb-ref worksetup :exports both :results html +#+begin_src markdown :noweb-ref setup :exports both :results html - setup gpgsm for signing of mails using S/MIME: - `gpgsm --import ~/Certificates/.p12` - `gpgsm --import ~/Certificates/harica-root.pem` @@ -17913,46 +15546,38 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] When setting up a new machine: -#+begin_src markdown :noweb-ref worksetup :exports both :results html +#+begin_src markdown :noweb-ref setup :exports both :results html - setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - `pizauth auth ` - `pizauth dump > ~/.pizauth.state` #+end_src #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }: + { self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let - inherit (config.swarselsystems) homeDir mainUser; + inherit (config.swarselsystems) homeDir; inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses; inherit (nixosConfig.repo.secrets.local.work) mailAddress; - - certsSopsFile = self + /secrets/certs/secrets.yaml; in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; config = lib.mkIf config.swarselmodules.optional.work - ({ - home = { - packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - # rclone - libguestfs-with-appliance - prometheus.cli - tigervnc - # openstackclient + { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + # rclone + libguestfs-with-appliance + prometheus.cli + tigervnc + # openstackclient - vscode + vscode + ]; - rustdesk-vbc - ]; - sessionVariables = { - AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path; - }; - }; systemd.user.sessionVariables = { DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; } // lib.optionalAttrs (!config.swarselsystems.isPublic) { @@ -18035,23 +15660,6 @@ When setting up a new machine: # }; # }; - wayland.windowManager.sway = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; - in - { - config = { - keybindings = - let - inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; - "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; - }; - }; - }; - stylix = { targets.firefox.profileNames = let @@ -18574,16 +16182,7 @@ When setting up a new machine: }; }; - } // lib.optionalAttrs (inputs ? sops) { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { - harica-root-ca = { - sopsFile = certsSopsFile; - path = "${homeDir}/.aws/certs/harica-root.pem"; - owner = mainUser; - }; - }; - - }); + }; } @@ -18987,7 +16586,7 @@ In short, the options defined here are passed to the modules systems using =_mod } #+end_src -*** Packages +** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 :END: @@ -18996,25 +16595,23 @@ This is the central station for self-defined packages. These are all referenced Note: The structure of generating the packages was changed in commit =2cf03a3 refactor: package and module generation=. That commit can be checked out in order to see a simpler version of achieving the same thing. -*** Packages (flake) - -#+begin_src nix-ts :tangle pkgs/flake/default.nix +#+begin_src nix-ts :tangle pkgs/default.nix { self, lib, pkgs, ... }: let mkPackages = names: pkgs: builtins.listToAttrs (map (name: { inherit name; - value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; }; + value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; }; }) names); - packageNames = lib.swarselsystems.readNix "pkgs/flake"; + packageNames = lib.swarselsystems.readNix "pkgs"; in mkPackages packageNames pkgs #+end_src -**** pass-fuzzel +*** pass-fuzzel :PROPERTIES: :CUSTOM_ID: h:4fce458d-7c9c-4bcd-bd90-76b745fe5ce3 :END: @@ -19075,7 +16672,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w notify-send -u critical -a pass -t 1000 "Copied/Typed Password" #+end_src -#+begin_src nix-ts :tangle pkgs/flake/pass-fuzzel/default.nix +#+begin_src nix-ts :tangle pkgs/pass-fuzzel/default.nix { self, name, writeShellApplication, libnotify, pass, fuzzel, wtype }: writeShellApplication { inherit name; @@ -19085,33 +16682,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src -**** quickpass -#+begin_src shell :tangle files/scripts/quickpass.sh :mkdirp yes - shopt -s nullglob globstar - - notify-send "$(env | grep -E 'WAYLAND|SWAY')" - - password="$1" - - pass show "$password" | { - IFS= read -r pass - printf %s "$pass" - } | wtype - - - notify-send -u critical -a pass -t 1000 "Typed Password" -#+end_src - -#+begin_src nix-ts :tangle pkgs/flake/quickpass/default.nix - { self, name, writeShellApplication, libnotify, pass, wtype }: - writeShellApplication { - inherit name; - runtimeInputs = [ libnotify pass wtype ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; - } - -#+end_src - -**** cura5 +*** cura5 :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 :END: @@ -19119,7 +16690,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead. -#+begin_src nix-ts :tangle pkgs/flake/cura5/default.nix +#+begin_src nix-ts :tangle pkgs/cura5/default.nix # taken from https://github.com/NixOS/nixpkgs/issues/186570#issuecomment-1627797219 { appimageTools, fetchurl, writeScriptBin, pkgs, ... }: @@ -19152,7 +16723,7 @@ The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newe #+end_src -**** hm-specialisation +*** hm-specialisation :PROPERTIES: :CUSTOM_ID: h:e6612cff-0804-47ef-9f2b-d2cc6d81a896 :END: @@ -19160,7 +16731,7 @@ The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newe This script allows for quick git home-manager specialisation switching. -#+begin_src nix-ts :tangle pkgs/flake/hm-specialisation/default.nix +#+begin_src nix-ts :tangle pkgs/hm-specialisation/default.nix { name, writeShellApplication, fzf, findutils, home-manager, ... }: writeShellApplication { @@ -19176,7 +16747,7 @@ This script allows for quick git home-manager specialisation switching. #+end_src -**** cdw +*** cdw :PROPERTIES: :CUSTOM_ID: h:73b14c7a-5444-4fed-b7ac-d65542cdeda3 :END: @@ -19184,7 +16755,7 @@ This script allows for quick git home-manager specialisation switching. This script allows for quick git worktree switching. -#+begin_src nix-ts :tangle pkgs/flake/cdw/default.nix +#+begin_src nix-ts :tangle pkgs/cdw/default.nix { name, writeShellApplication, fzf, ... }: writeShellApplication { @@ -19198,14 +16769,14 @@ This script allows for quick git worktree switching. #+end_src -**** cdb +*** cdb :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: This script allows for quick git branch switching. -#+begin_src nix-ts :tangle pkgs/flake/cdb/default.nix +#+begin_src nix-ts :tangle pkgs/cdb/default.nix { name, writeShellApplication, fzf, ... }: writeShellApplication { @@ -19218,7 +16789,7 @@ This script allows for quick git branch switching. #+end_src -**** bak +*** bak :PROPERTIES: :CUSTOM_ID: h:03b1b77b-3ca8-4a8f-8e28-9f29004d96d3 :END: @@ -19226,7 +16797,7 @@ This script allows for quick git branch switching. This script lets me quickly backup files by appending =.bak= to the filename. -#+begin_src nix-ts :tangle pkgs/flake/bak/default.nix +#+begin_src nix-ts :tangle pkgs/bak/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -19239,7 +16810,7 @@ This script lets me quickly backup files by appending =.bak= to the filename. #+end_src -**** timer +*** timer :PROPERTIES: :CUSTOM_ID: h:3c72d263-411c-44f0-90ff-55f14d4d9d49 :END: @@ -19247,7 +16818,7 @@ This script lets me quickly backup files by appending =.bak= to the filename. This app starts a configuratble timer and uses TTS to say something once the timer runs out. -#+begin_src nix-ts :tangle pkgs/flake/timer/default.nix +#+begin_src nix-ts :tangle pkgs/timer/default.nix { name, writeShellApplication, speechd, ... }: writeShellApplication { @@ -19260,7 +16831,7 @@ This app starts a configuratble timer and uses TTS to say something once the tim #+end_src -**** e +*** e :PROPERTIES: :CUSTOM_ID: h:1834df06-9238-4efa-9af6-851dafe66c68 :END: @@ -19293,7 +16864,7 @@ This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm fi #+end_src -#+begin_src nix-ts :tangle pkgs/flake/e/default.nix +#+begin_src nix-ts :tangle pkgs/e/default.nix { self, name, writeShellApplication, emacs30-pgtk, sway, jq }: writeShellApplication { inherit name; @@ -19303,7 +16874,7 @@ This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm #+end_src -**** command-not-found +*** command-not-found :PROPERTIES: :CUSTOM_ID: h:10268005-a9cd-4a00-967c-cbe975c552fa :END: @@ -19347,7 +16918,7 @@ The normal =command-not-found.sh= uses the outdated =nix-shell= commands as sugg } #+end_src -**** swarselcheck +*** swarselcheck :PROPERTIES: :CUSTOM_ID: h:82f4f414-749b-4d5a-aaaa-6e3ec15fbc3d :END: @@ -19419,7 +16990,7 @@ This app checks for different apps that I keep around in the scratchpad for quic fi #+end_src -#+begin_src nix-ts :tangle pkgs/flake/swarselcheck/default.nix +#+begin_src nix-ts :tangle pkgs/swarselcheck/default.nix { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: writeShellApplication { inherit name; @@ -19429,7 +17000,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -**** swarselcheck-niri +*** swarselcheck-niri :PROPERTIES: :CUSTOM_ID: h:96da8360-2d23-4e86-9602-415fbdb972af :END: @@ -19473,7 +17044,7 @@ This app checks for different apps that I keep around in the scratchpad for quic fi #+end_src -#+begin_src nix-ts :tangle pkgs/flake/swarselcheck-niri/default.nix +#+begin_src nix-ts :tangle pkgs/swarselcheck-niri/default.nix { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: writeShellApplication { inherit name; @@ -19483,7 +17054,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -**** swarselzellij +*** swarselzellij :PROPERTIES: :CUSTOM_ID: h:564c102c-e335-4f17-a613-c5a436bb4864 :END: @@ -19499,7 +17070,7 @@ This app checks for different apps that I keep around in the scratchpad for quic exec kitty -o confirm_os_window_close=0 zellij #+end_src -#+begin_src nix-ts :tangle pkgs/flake/swarselzellij/default.nix +#+begin_src nix-ts :tangle pkgs/swarselzellij/default.nix { self, name, writeShellApplication, kitty }: writeShellApplication { inherit name; @@ -19509,7 +17080,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -**** waybarupdate +*** waybarupdate :PROPERTIES: :CUSTOM_ID: h:f93f66f9-6b8b-478e-b139-b2f382c1f25e :END: @@ -19543,7 +17114,7 @@ This scripts checks if there are uncommited changes in either my dotfile repo, m echo "$OUT" #+end_src -#+begin_src nix-ts :tangle pkgs/flake/waybarupdate/default.nix +#+begin_src nix-ts :tangle pkgs/waybarupdate/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -19553,7 +17124,7 @@ This scripts checks if there are uncommited changes in either my dotfile repo, m #+end_src -**** opacitytoggle +*** opacitytoggle :PROPERTIES: :CUSTOM_ID: h:a1d94db2-837a-40c4-bbd8-81ce847440ee :END: @@ -19568,7 +17139,7 @@ This app quickly toggles between 5% and 0% transparency. fi #+end_src -#+begin_src nix-ts :tangle pkgs/flake/opacitytoggle/default.nix +#+begin_src nix-ts :tangle pkgs/opacitytoggle/default.nix { self, name, writeShellApplication, sway }: writeShellApplication { inherit name; @@ -19577,7 +17148,7 @@ This app quickly toggles between 5% and 0% transparency. } #+end_src -**** fs-diff +*** fs-diff :PROPERTIES: :CUSTOM_ID: h:7c4e41b3-8c1e-4f71-87a6-30d40baed6a0 :END: @@ -19607,7 +17178,7 @@ This utility is used to compare the current state of the root directory with the done #+end_src -#+begin_src nix-ts :tangle pkgs/flake/fs-diff/default.nix +#+begin_src nix-ts :tangle pkgs/fs-diff/default.nix { self, name, writeShellApplication }: writeShellApplication { inherit name; @@ -19615,7 +17186,7 @@ This utility is used to compare the current state of the root directory with the } #+end_src -**** github-notifications +*** github-notifications :PROPERTIES: :CUSTOM_ID: h:a9398c4e-4d3b-4942-b03c-192f9c0517e5 :END: @@ -19623,7 +17194,7 @@ This utility is used to compare the current state of the root directory with the This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src nix-ts :tangle pkgs/flake/github-notifications/default.nix +#+begin_src nix-ts :tangle pkgs/github-notifications/default.nix { name, writeShellApplication, jq, ... }: writeShellApplication { @@ -19639,7 +17210,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -**** kanshare +*** kanshare :PROPERTIES: :CUSTOM_ID: h:3981cd16-00c0-4ea8-95e2-c6d8c04ec4e5 :END: @@ -19647,7 +17218,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src nix-ts :tangle pkgs/flake/kanshare/default.nix +#+begin_src nix-ts :tangle pkgs/kanshare/default.nix { name, writeShellApplication, wlr-randr, busybox, wl-mirror, mako, ... }: writeShellApplication { @@ -19661,7 +17232,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -**** swarsel-bootstrap +*** swarsel-bootstrap :PROPERTIES: :CUSTOM_ID: h:74db57ae-0bb9-4257-84be-eddbc85130dd :END: @@ -19674,7 +17245,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man target_hostname="" target_destination="" - target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -19690,7 +17260,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo "ARGS:" echo " -n specify target_hostname of the target host to deploy the nixos config on." echo " -d specify ip or url to the target host." - echo " -a specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -19773,10 +17342,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift target_destination=$1 ;; - -a) - shift - target_arch=$1 - ;; -u) shift target_user=$1 @@ -19797,11 +17362,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift done - if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then - red "error: target_arch, target_destination or target_hostname not set." - help_and_exit - fi - green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -19856,7 +17416,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man fi cd "$FLAKE" - rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ @@ -19894,13 +17453,8 @@ This program sets up a new NixOS host remotely. It also takes care of secret man green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" - mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" - $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix - # ------------------------ - # green "Generating hostkey for ssh initrd" - # $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" - # $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" - # $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" + mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" + $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -19965,7 +17519,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml - sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc + sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -20024,10 +17578,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push @@ -20043,7 +17597,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man | [ | Babel | evaluation | exited | with | code | 1 | ] | -#+begin_src nix-ts :tangle pkgs/flake/swarsel-bootstrap/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-bootstrap/default.nix { self, name, writeShellApplication, openssh }: writeShellApplication { inherit name; @@ -20052,7 +17606,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man } #+end_src -**** swarsel-rebuild +*** swarsel-rebuild :PROPERTIES: :CUSTOM_ID: h:1eabdc59-8832-44ca-a22b-11f848ab150a :END: @@ -20060,8 +17614,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man #+begin_src shell :tangle files/scripts/swarsel-rebuild.sh set -eo pipefail - target_config="hotel" - target_arch="" + target_config="chaostheatre" target_user="swarsel" function help_and_exit() { @@ -20071,11 +17624,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo "USAGE: $0 [OPTIONS]" echo echo "ARGS:" - echo " -n specify nixos config to build." - echo " Default: hotel" + echo " -n specify nixos config to build." + echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -20105,10 +17657,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift target_config=$1 ;; - -a) - shift - target_arch=$1 - ;; -u) shift target_user=$1 @@ -20122,11 +17670,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift done - if [[ $target_arch == "" ]]; then - red "error: target_arch not set." - help_and_exit - fi - cd /home/"$target_user" if [ ! -d /home/"$target_user"/.dotfiles ]; then @@ -20154,7 +17697,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/aarch64-linux/milkywell/default.nix + rm hosts/nixos/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix @@ -20162,8 +17705,8 @@ This program sets up a new NixOS host remotely. It also takes care of secret man else green "Valid SSH key found! Continuing with installation" fi - sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ - git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix + sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix green "Installing flake $target_config" sudo nixos-rebuild --show-trace --flake .#"$target_config" boot @@ -20172,7 +17715,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man -#+begin_src nix-ts :tangle pkgs/flake/swarsel-rebuild/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-rebuild/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20181,7 +17724,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man } #+end_src -**** swarsel-install +*** swarsel-install :PROPERTIES: :CUSTOM_ID: h:fbd8aaf2-9dca-4ca3-aca1-19d0d188a435 :END: @@ -20191,10 +17734,9 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+begin_src shell :tangle files/scripts/swarsel-install.sh set -eo pipefail - target_config="hotel" - target_hostname="hotel" + target_config="chaostheatre" + target_hostname="chaostheatre" target_user="swarsel" - target_arch="" persist_dir="" target_disk="/dev/vda" disk_encryption=0 @@ -20207,12 +17749,11 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f echo echo "ARGS:" echo " -n specify the nixos config to deploy." - echo " Default: hotel" + echo " Default: chaostheatre" echo " -d specify disk to install on." echo " Default: /dev/vda" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -20251,10 +17792,6 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f shift target_disk=$1 ;; - -a) - shift - target_arch=$1 - ;; -h | --help) help_and_exit ;; ,*) echo "Invalid option detected." @@ -20270,11 +17807,6 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } trap cleanup exit - if [[ $target_arch == "" || $target_hostname == "" ]]; then - red "error: target_arch or target_hostname not set." - help_and_exit - fi - green "~SwarselSystems~ local installer" cd /home/"$target_user" @@ -20354,7 +17886,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f fi green "Setting up disk ..." - if [[ $target_config == "hotel" ]]; then + if [[ $target_config == "chaostheatre" ]]; then sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" else sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks @@ -20364,9 +17896,9 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration ..." - sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ + sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ - git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" @@ -20386,7 +17918,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f -#+begin_src nix-ts :tangle pkgs/flake/swarsel-install/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-install/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20395,7 +17927,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -**** swarsel-postinstall +*** swarsel-postinstall :PROPERTIES: :CUSTOM_ID: h:c98a7615-e5da-4f47-8ed1-2b2ea65519e9 :END: @@ -20403,7 +17935,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+begin_src shell :tangle files/scripts/swarsel-postinstall.sh set -eo pipefail - target_config="hotel" + target_config="chaostheatre" target_user="swarsel" function help_and_exit() { @@ -20415,8 +17947,8 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f echo "ARGS:" echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." - echo " Default: hotel" - echo " Default: hotel" + echo " Default: chaostheatre" + echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." @@ -20477,7 +18009,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f -#+begin_src nix-ts :tangle pkgs/flake/swarsel-postinstall/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-postinstall/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20486,12 +18018,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -**** t2ts +*** t2ts :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -#+begin_src nix-ts :tangle pkgs/flake/t2ts/default.nix +#+begin_src nix-ts :tangle pkgs/t2ts/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20504,12 +18036,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -**** ts2t +*** ts2t :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -#+begin_src nix-ts :tangle pkgs/flake/ts2t/default.nix +#+begin_src nix-ts :tangle pkgs/ts2t/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20522,12 +18054,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -**** vershell +*** vershell :PROPERTIES: :CUSTOM_ID: h:7806b129-a4a5-4d10-af27-6cbeafbcb294 :END: -#+begin_src nix-ts :tangle pkgs/flake/vershell/default.nix +#+begin_src nix-ts :tangle pkgs/vershell/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20540,12 +18072,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -**** eontimer +*** eontimer :PROPERTIES: :CUSTOM_ID: h:9fda7829-09a4-4b8f-86f6-08b078ab2874 :END: -#+begin_src nix-ts :tangle pkgs/flake/eontimer/default.nix +#+begin_src nix-ts :tangle pkgs/eontimer/default.nix { lib , python3 , fetchFromGitHub @@ -20644,7 +18176,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -**** project +*** project :PROPERTIES: :CUSTOM_ID: h:154b6df4-dd50-4f60-9794-05a140d02994 :END: @@ -20659,7 +18191,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f direnv allow #+end_src -#+begin_src nix-ts :tangle pkgs/flake/project/default.nix +#+begin_src nix-ts :tangle pkgs/project/default.nix { self, name, writeShellApplication }: writeShellApplication { inherit name; @@ -20667,13 +18199,13 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -**** fhs +*** fhs :PROPERTIES: :CUSTOM_ID: h:36d6c17c-6d91-4297-b76d-9d7feab6c1a0 :END: -#+begin_src nix-ts :tangle pkgs/flake/fhs/default.nix +#+begin_src nix-ts :tangle pkgs/fhs/default.nix { name, pkgs, ... }: let base = pkgs.appimageTools.defaultFhsEnvArgs; @@ -20687,7 +18219,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f }) #+end_src -**** swarsel-displaypower +*** swarsel-displaypower :PROPERTIES: :CUSTOM_ID: h:814d5e7f-4b95-412d-b246-33f888514ec6 :END: @@ -20699,7 +18231,7 @@ A crude script to power on all displays that might be attached. Needed because s swaymsg "output * dpms on" > /dev/null 2>&1 || true #+end_src -#+begin_src nix-ts :tangle pkgs/flake/swarsel-displaypower/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-displaypower/default.nix { self, name, writeShellApplication, sway }: writeShellApplication { inherit name; @@ -20709,7 +18241,7 @@ A crude script to power on all displays that might be attached. Needed because s #+end_src -**** swarsel-mgba +*** swarsel-mgba :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 :END: @@ -20717,7 +18249,7 @@ A crude script to power on all displays that might be attached. Needed because s AppImage version of mgba in which the lua scripting works. -#+begin_src nix-ts :tangle pkgs/flake/swarsel-mgba/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-mgba/default.nix { appimageTools, fetchurl, ... }: let pname = "mgba"; @@ -20741,12 +18273,12 @@ AppImage version of mgba in which the lua scripting works. #+end_src -**** swarsel-deploy +*** swarsel-deploy :PROPERTIES: :CUSTOM_ID: h:c3362d4e-d3a8-43e8-9ef7-272b6de0572e :END: -#+begin_src nix-ts :tangle pkgs/flake/swarsel-deploy/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-deploy/default.nix # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix { name, bc, nix-output-monitor, writeShellApplication, ... }: writeShellApplication { @@ -20873,12 +18405,12 @@ AppImage version of mgba in which the lua scripting works. #+end_src -**** swarsel-build +*** swarsel-build :PROPERTIES: :CUSTOM_ID: h:c3362d4e-d3a8-43e8-9ef7-272b6de0572e :END: -#+begin_src nix-ts :tangle pkgs/flake/swarsel-build/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-build/default.nix { name, nix-output-monitor, writeShellApplication, ... }: writeShellApplication { runtimeInputs = [ nix-output-monitor ]; @@ -20897,14 +18429,14 @@ AppImage version of mgba in which the lua scripting works. #+end_src -**** swarsel-instantiate +*** swarsel-instantiate :PROPERTIES: :CUSTOM_ID: h:95ebfd13-1f6b-427f-950d-e30c1ed6f9fa :END: This is a convenience function that calls =nix-instantiate= with a number of flags that I need in order to evaluate nix expressions in org-src blocks. -#+begin_src nix-ts :tangle pkgs/flake/swarsel-instantiate/default.nix +#+begin_src nix-ts :tangle pkgs/swarsel-instantiate/default.nix { name, writeShellApplication, ... }: writeShellApplication { inherit name; @@ -20916,7 +18448,7 @@ This is a convenience function that calls =nix-instantiate= with a number of fla #+end_src -**** sshrm +*** sshrm :PROPERTIES: :CUSTOM_ID: h:02842543-caca-4d4c-a4d2-7ac749b5c136 :END: @@ -20937,7 +18469,7 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. fi #+end_src -#+begin_src nix-ts :tangle pkgs/flake/sshrm/default.nix +#+begin_src nix-ts :tangle pkgs/sshrm/default.nix { self, name, writeShellApplication, openssh }: writeShellApplication { inherit name; @@ -20945,11 +18477,11 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. text = builtins.readFile "${self}/files/scripts/${name}.sh"; } #+end_src -**** endme +*** endme Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session. -#+begin_src nix-ts :tangle pkgs/flake/endme/default.nix +#+begin_src nix-ts :tangle pkgs/endme/default.nix { name, writeShellApplication, ... }: writeShellApplication { inherit name; @@ -20962,12 +18494,12 @@ Sometimes my DE crashes after putting it to suspend - to be precise, it happens #+end_src -**** git-replace +*** git-replace This script allows for quick git replace of a string. -#+begin_src nix-ts :tangle pkgs/flake/git-replace/default.nix +#+begin_src nix-ts :tangle pkgs/git-replace/default.nix { name, writeShellApplication, git, gnugrep, findutils, ... }: writeShellApplication { @@ -21033,43 +18565,6 @@ This script allows for quick git replace of a string. } -#+end_src - -*** Packages (config) - -#+begin_src nix-ts :tangle pkgs/config/default.nix - { self, homeConfig, lib, pkgs, ... }: - let - mkPackages = names: pkgs: builtins.listToAttrs (map - (name: { - inherit name; - value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; }; - }) - names); - packageNames = lib.swarselsystems.readNix "pkgs/config"; - in - mkPackages packageNames pkgs -#+end_src - -**** cdr - - -#+begin_src nix-ts :tangle pkgs/config/cdr/default.nix - { name, homeConfig, writeShellApplication, fzf, ... }: - - writeShellApplication { - inherit name; - runtimeInputs = [ fzf ]; - text = '' - DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} - DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} - FLAKE=${homeConfig.home.sessionVariables.FLAKE} - - cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" - ''; - } - - #+end_src ** Profiles @@ -21131,7 +18626,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault false; network = lib.mkDefault true; networkDevices = lib.mkDefault true; - niri = lib.mkDefault false; + niri = lib.mkDefault true; nix-ld = lib.mkDefault true; nvd = lib.mkDefault true; packages = lib.mkDefault true; @@ -21197,7 +18692,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a server = { ssh = lib.mkDefault true; - diskEncryption = lib.mkDefault true; }; }; @@ -21232,16 +18726,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a } #+end_src -**** Hotel +**** Chaostheatre :PROPERTIES: :CUSTOM_ID: h:b79fbb59-9cf2-48eb-b469-2589223dda95 :END: -#+begin_src nix-ts :tangle profiles/nixos/hotel/default.nix :mkdirp yes +#+begin_src nix-ts :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; - config = lib.mkIf config.swarselprofiles.hotel { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { packages = lib.mkForce true; general = lib.mkForce true; @@ -21384,7 +18878,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; - lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -21396,8 +18889,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a boot = lib.mkDefault true; server = { general = lib.mkDefault true; - network = lib.mkDefault true; - diskEncryption = lib.mkDefault true; packages = lib.mkDefault true; ssh = lib.mkDefault true; nginx = lib.mkDefault true; @@ -21407,23 +18898,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a } -#+end_src -**** Router - -#+begin_src nix-ts :tangle profiles/nixos/router/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.router = lib.mkEnableOption "enable the router profile"; - config = lib.mkIf config.swarselprofiles.router { - swarselmodules = { - server = { - router = lib.mkDefault true; - }; - }; - }; - - } - #+end_src *** home-manager :PROPERTIES: @@ -21479,7 +18953,7 @@ This holds modules that are to be used on most hosts. These are also the most im kitty = lib.mkDefault true; mail = lib.mkDefault true; mako = lib.mkDefault true; - niri = lib.mkDefault false; + niri = lib.mkDefault true; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -21506,7 +18980,6 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; - syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true; @@ -21579,7 +19052,6 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; - syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; @@ -21637,16 +19109,16 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src -**** Hotel +**** Chaostheatre :PROPERTIES: :CUSTOM_ID: h:36a0209f-2c17-4808-a1d0-a9e1920c307a :END: -#+begin_src nix-ts :tangle profiles/home/hotel/default.nix :mkdirp yes +#+begin_src nix-ts :tangle profiles/home/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; - config = lib.mkIf config.swarselprofiles.hotel { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { packages = lib.mkForce true; ownpackages = lib.mkForce true; @@ -22213,22 +19685,6 @@ This function was found here: [[https://www.reddit.com/r/emacs/comments/re31i6/h (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) -#+end_src -**** Magit: List directories using vertico/consult - -#+begin_src emacs-lisp - - (defun swarsel/consult-magit-repos () - (interactive) - (require 'magit) - (let* ((repos (magit-list-repos)) - (repo (consult--read repos - :prompt "Magit repo: " - :require-match t - :history 'my/consult-magit-repos-history - :sort t))) - (magit-status repo))) - #+end_src **** org-mode: General setup :PROPERTIES: @@ -22433,7 +19889,6 @@ I also define some keybinds to some combinations directly. Those are used mostly "l" '(:ignore l :which-key "links") "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org") "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org") - "lr" '(swarsel/consult-magit-repos :which-key "List repos") "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org") "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project") "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos") @@ -22483,7 +19938,6 @@ I also define some keybinds to some combinations directly. Those are used mostly "C-c D" 'crux-duplicate-and-comment-current-line-or-region "" 'swarsel/last-buffer "M-\\" 'indent-region - "M-r" 'swarsel/consult-magit-repos "" 'yank "" 'kill-region "" 'kill-ring-save @@ -23788,14 +21242,6 @@ Recently I have grown fond of holding presentations using Emacs :) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) #+end_src - -**** Render markdown blocks as body to expand noweb blocks - -#+begin_src emacs-lisp -(defun org-babel-execute:markdown (body params) - "Just return BODY unchanged, allowing noweb expansion." - body) -#+end_src *** Nix Mode :PROPERTIES: :CUSTOM_ID: h:406c2ecc-0e3e-4d9f-9ae3-3eb1f8b87d1b @@ -23916,7 +21362,7 @@ This adds support for Terraform configuration files. I need this at work. (add-hook 'terraform-mode-hook #'outline-minor-mode) #+end_src -*** nix formatting +*** nixpkgs-fmt :PROPERTIES: :CUSTOM_ID: h:5ca7484b-b9d6-4023-88d1-a1e37d5df249 :END: @@ -24197,8 +21643,8 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. (use-package magit :config - (setq magit-repository-directories `((,swarsel-work-projects-directory . 3) - (,swarsel-private-projects-directory . 3) + (setq magit-repository-directories `((,swarsel-work-projects-directory . 1) + (,swarsel-private-projects-directory . 1) ("~/.dotfiles/" . 0))) :custom (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window @@ -25916,9 +23362,12 @@ This file defines a few workflows that I often need to run when working on my co update: nix flake update - iso CONFIG="live-iso": + iso: rm -rf result - nix build --print-out-paths .#live-iso + nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso + + iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": + nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -25929,9 +23378,6 @@ This file defines a few workflows that I often need to run when working on my co sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ - bootstrap DEST CONFIG ARCH="x86_64-linux": - nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" - #+end_src ** aspell.conf :PROPERTIES: @@ -25969,12 +23415,12 @@ index 3a0f90e..bb10f8b 100644 #include "nix-plugins-config.h" #+end_src -** Zellij layout swarsel.kdl.nix +** Zellij layout default.kdl.nix :PROPERTIES: :CUSTOM_ID: h:bed316c9-47ed-494f-8375-998ef1315d7b :END: -#+begin_src shell :tangle files/zellij/layouts/swarsel.kdl.nix +#+begin_src shell :tangle files/zellij/layouts/default.kdl.nix { config, pkgs }: let inherit (config.lib.stylix) colors; @@ -27519,7 +24965,7 @@ Here lies defined the readme for GitHub and Forgejo: nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u ``` - This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. + This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes. @@ -27532,7 +24978,7 @@ Here lies defined the readme for GitHub and Forgejo: #### Remote deployment (recommended if you have at least one running system) - 0) Fork this repo, and write your own host config at `hosts/nixos///default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. + 0) Fork this repo, and write your own host config at `hosts/nixos//default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. 1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo) 2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured) 3) Run `swarsel-bootstrap -n -d ` on your existing system. @@ -27767,7 +25213,7 @@ builtins.listToAttrs converts a list of name-value pairs into an attribute set. #+end_src #+RESULTS: -: { bakery = "directory"; hotel= "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; } +: { bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; } ** nixpkgs.lib.recursiveUpdate :PROPERTIES: :CUSTOM_ID: h:2227ba24-e3a1-40ba-8fb8-4cab5210692a diff --git a/files/emacs/init.el b/files/emacs/init.el index 5ada956..b947bff 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -162,17 +162,6 @@ create a new one." (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) -(defun swarsel/consult-magit-repos () - (interactive) - (require 'magit) - (let* ((repos (magit-list-repos)) - (repo (consult--read repos - :prompt "Magit repo: " - :require-match t - :history 'my/consult-magit-repos-history - :sort t))) - (magit-status repo))) - (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) @@ -283,7 +272,6 @@ create a new one." "l" '(:ignore l :which-key "links") "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org") "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org") - "lr" '(swarsel/consult-magit-repos :which-key "List repos") "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org") "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project") "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos") @@ -333,7 +321,6 @@ create a new one." "C-c D" 'crux-duplicate-and-comment-current-line-or-region "" 'swarsel/last-buffer "M-\\" 'indent-region - "M-r" 'swarsel/consult-magit-repos "" 'yank "" 'kill-region "" 'kill-ring-save @@ -1053,10 +1040,6 @@ create a new one." (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) -(defun org-babel-execute:markdown (body params) - "Just return BODY unchanged, allowing noweb expansion." - body) - (use-package nix-mode :after lsp-mode :ensure t @@ -1254,8 +1237,8 @@ create a new one." (use-package magit :config - (setq magit-repository-directories `((,swarsel-work-projects-directory . 3) - (,swarsel-private-projects-directory . 3) + (setq magit-repository-directories `((,swarsel-work-projects-directory . 1) + (,swarsel-private-projects-directory . 1) ("~/.dotfiles/" . 0))) :custom (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window diff --git a/files/scripts/quickpass.sh b/files/scripts/quickpass.sh deleted file mode 100644 index 3f95abf..0000000 --- a/files/scripts/quickpass.sh +++ /dev/null @@ -1,12 +0,0 @@ -shopt -s nullglob globstar - -notify-send "$(env | grep -E 'WAYLAND|SWAY')" - -password="$1" - -pass show "$password" | { - IFS= read -r pass - printf %s "$pass" -} | wtype - - -notify-send -u critical -a pass -t 1000 "Typed Password" diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index a59ae37..46ea715 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -3,7 +3,6 @@ set -eo pipefail target_hostname="" target_destination="" -target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -19,7 +18,6 @@ function help_and_exit() { echo "ARGS:" echo " -n specify target_hostname of the target host to deploy the nixos config on." echo " -d specify ip or url to the target host." - echo " -a specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -102,10 +100,6 @@ while [[ $# -gt 0 ]]; do shift target_destination=$1 ;; - -a) - shift - target_arch=$1 - ;; -u) shift target_user=$1 @@ -126,11 +120,6 @@ while [[ $# -gt 0 ]]; do shift done -if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then - red "error: target_arch, target_destination or target_hostname not set." - help_and_exit -fi - green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -185,7 +174,6 @@ if [ ! -d "$FLAKE" ]; then fi cd "$FLAKE" - rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ @@ -223,13 +211,8 @@ fi green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" -mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" -$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -# ------------------------ -# green "Generating hostkey for ssh initrd" -# $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" -# $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" -# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" +mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" +$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -294,7 +277,7 @@ if yes_or_no "Do you want to manually edit .sops.yaml now?"; then fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml -sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc +sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -353,10 +336,10 @@ fi green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push diff --git a/files/scripts/swarsel-install.sh b/files/scripts/swarsel-install.sh index 537145f..b70faf9 100644 --- a/files/scripts/swarsel-install.sh +++ b/files/scripts/swarsel-install.sh @@ -1,9 +1,8 @@ set -eo pipefail -target_config="hotel" -target_hostname="hotel" +target_config="chaostheatre" +target_hostname="chaostheatre" target_user="swarsel" -target_arch="" persist_dir="" target_disk="/dev/vda" disk_encryption=0 @@ -16,12 +15,11 @@ function help_and_exit() { echo echo "ARGS:" echo " -n specify the nixos config to deploy." - echo " Default: hotel" + echo " Default: chaostheatre" echo " -d specify disk to install on." echo " Default: /dev/vda" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -60,10 +58,6 @@ while [[ $# -gt 0 ]]; do shift target_disk=$1 ;; - -a) - shift - target_arch=$1 - ;; -h | --help) help_and_exit ;; *) echo "Invalid option detected." @@ -79,11 +73,6 @@ function cleanup() { } trap cleanup exit -if [[ $target_arch == "" || $target_hostname == "" ]]; then - red "error: target_arch or target_hostname not set." - help_and_exit -fi - green "~SwarselSystems~ local installer" cd /home/"$target_user" @@ -163,7 +152,7 @@ if [ "$disk_encryption" -eq 1 ]; then fi green "Setting up disk ..." -if [[ $target_config == "hotel" ]]; then +if [[ $target_config == "chaostheatre" ]]; then sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" else sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks @@ -173,9 +162,9 @@ sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration ..." -sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ +sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ -git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix +git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" diff --git a/files/scripts/swarsel-postinstall.sh b/files/scripts/swarsel-postinstall.sh index 448d3d8..1e98e65 100644 --- a/files/scripts/swarsel-postinstall.sh +++ b/files/scripts/swarsel-postinstall.sh @@ -1,6 +1,6 @@ set -eo pipefail -target_config="hotel" +target_config="chaostheatre" target_user="swarsel" function help_and_exit() { @@ -12,8 +12,8 @@ function help_and_exit() { echo "ARGS:" echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." - echo " Default: hotel" - echo " Default: hotel" + echo " Default: chaostheatre" + echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." diff --git a/files/scripts/swarsel-rebuild.sh b/files/scripts/swarsel-rebuild.sh index 0a725a1..7cfac1f 100644 --- a/files/scripts/swarsel-rebuild.sh +++ b/files/scripts/swarsel-rebuild.sh @@ -1,7 +1,6 @@ set -eo pipefail -target_config="hotel" -target_arch="" +target_config="chaostheatre" target_user="swarsel" function help_and_exit() { @@ -11,11 +10,10 @@ function help_and_exit() { echo "USAGE: $0 [OPTIONS]" echo echo "ARGS:" - echo " -n specify nixos config to build." - echo " Default: hotel" + echo " -n specify nixos config to build." + echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -45,10 +43,6 @@ while [[ $# -gt 0 ]]; do shift target_config=$1 ;; - -a) - shift - target_arch=$1 - ;; -u) shift target_user=$1 @@ -62,11 +56,6 @@ while [[ $# -gt 0 ]]; do shift done -if [[ $target_arch == "" ]]; then - red "error: target_arch not set." - help_and_exit -fi - cd /home/"$target_user" if [ ! -d /home/"$target_user"/.dotfiles ]; then @@ -94,7 +83,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/aarch64-linux/milkywell/default.nix + rm hosts/nixos/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix @@ -102,8 +91,8 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then else green "Valid SSH key found! Continuing with installation" fi -sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ -git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix +sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix green "Installing flake $target_config" sudo nixos-rebuild --show-trace --flake .#"$target_config" boot diff --git a/files/zellij/layouts/swarsel.kdl.nix b/files/zellij/layouts/default.kdl.nix similarity index 100% rename from files/zellij/layouts/swarsel.kdl.nix rename to files/zellij/layouts/default.kdl.nix diff --git a/flake.lock b/flake.lock index 2c8ba1c..b90a12e 100644 --- a/flake.lock +++ b/flake.lock @@ -538,21 +538,6 @@ "type": "github" } }, - "blank": { - "locked": { - "lastModified": 1625557891, - "narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=", - "owner": "divnix", - "repo": "blank", - "rev": "5a5d2684073d9f563072ed07c871d577a6c614a8", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "blank", - "type": "github" - } - }, "crane": { "locked": { "lastModified": 1754269165, @@ -600,11 +585,11 @@ }, "crane_12": { "locked": { - "lastModified": 1750266157, - "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -673,7 +658,7 @@ "type": "github" } }, - "crane_17": { + "crane_2": { "locked": { "lastModified": 1754269165, "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", @@ -688,33 +673,6 @@ "type": "github" } }, - "crane_2": { - "inputs": { - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_5", - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "paisano-mdbook-preprocessor", - "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1676162383, - "narHash": "sha256-krUCKdz7ebHlFYm/A7IbKDnj2ZmMMm3yIEQcooqm7+E=", - "owner": "ipetkov", - "repo": "crane", - "rev": "6fb400ec631b22ccdbc7090b38207f7fb5cfb5f2", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "crane_3": { "locked": { "lastModified": 1754269165, @@ -777,11 +735,11 @@ }, "crane_7": { "locked": { - "lastModified": 1754269165, - "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", "owner": "ipetkov", "repo": "crane", - "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", "type": "github" }, "original": { @@ -846,6 +804,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nix-topology", "nixpkgs" ] @@ -871,6 +830,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nixpkgs" ] }, @@ -895,6 +855,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nix-topology", "nixpkgs" ] @@ -921,6 +882,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nixpkgs" ] }, @@ -946,6 +908,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nix-topology", "nixpkgs" ] @@ -973,6 +936,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nixpkgs" ] }, @@ -991,60 +955,6 @@ } }, "devshell_16": { - "inputs": { - "nixpkgs": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nix-topology", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1728330715, - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", - "owner": "numtide", - "repo": "devshell", - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_17": { - "inputs": { - "nixpkgs": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_18": { "inputs": { "nixpkgs": [ "swarsel", @@ -1096,16 +1006,16 @@ "devshell_3": { "inputs": { "nixpkgs": [ - "nixos-extra-modules", + "swarsel", "nixpkgs" ] }, "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", "owner": "numtide", "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", "type": "github" }, "original": { @@ -1116,25 +1026,18 @@ }, "devshell_4": { "inputs": { - "flake-utils": [ - "nixos-extra-modules", - "nixt", - "std", - "flake-utils" - ], "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", + "swarsel", + "nix-topology", "nixpkgs" ] }, "locked": { - "lastModified": 1682700442, - "narHash": "sha256-qjaAAcCYgp1pBBG7mY9z95ODUBZMtUpf0Qp3Gt/Wha0=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "fb6673fe9fe4409e3f43ca86968261e970918a83", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -1146,6 +1049,7 @@ "devshell_5": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "nixpkgs" ] @@ -1167,6 +1071,7 @@ "devshell_6": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "nix-topology", "nixpkgs" @@ -1189,6 +1094,7 @@ "devshell_7": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "swarsel", "nixpkgs" @@ -1211,6 +1117,7 @@ "devshell_8": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "swarsel", "nix-topology", @@ -1237,6 +1144,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "nixpkgs" ] }, @@ -1442,38 +1350,6 @@ "type": "github" } }, - "dmerge": { - "inputs": { - "haumea": "haumea", - "namaka": "namaka", - "nixlib": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ], - "yants": [ - "nixos-extra-modules", - "nixt", - "std", - "yants" - ] - }, - "locked": { - "lastModified": 1684178600, - "narHash": "sha256-EtSQcCHRQUBBEj4vbYU0vgPUYiKP261ero5k1QfQ3Bc=", - "owner": "divnix", - "repo": "dmerge", - "rev": "ac9932f26325afac5baa59cf6478432d17762a4e", - "type": "github" - }, - "original": { - "owner": "divnix", - "ref": "0.2.0", - "repo": "dmerge", - "type": "github" - } - }, "emacs-overlay": { "inputs": { "nixpkgs": [ @@ -1672,25 +1548,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": "nixpkgs_4", - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1677306201, - "narHash": "sha256-VZ9x7qdTosFvVsrpgFHrtYfT6PU3yMIs7NRYn9ELapI=", - "owner": "nix-community", - "repo": "fenix", - "rev": "0923f0c162f65ae40261ec940406049726cfeab4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -1838,11 +1695,11 @@ "flake-compat_10": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -1854,11 +1711,11 @@ "flake-compat_11": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1870,11 +1727,11 @@ "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -1886,11 +1743,11 @@ "flake-compat_13": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1900,6 +1757,22 @@ } }, "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_15": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1915,7 +1788,7 @@ "type": "github" } }, - "flake-compat_15": { + "flake-compat_16": { "flake": false, "locked": { "lastModified": 1696426674, @@ -1931,7 +1804,7 @@ "type": "github" } }, - "flake-compat_16": { + "flake-compat_17": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1947,7 +1820,7 @@ "type": "github" } }, - "flake-compat_17": { + "flake-compat_18": { "flake": false, "locked": { "lastModified": 1733328505, @@ -1963,7 +1836,7 @@ "type": "github" } }, - "flake-compat_18": { + "flake-compat_19": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1979,22 +1852,6 @@ "type": "github" } }, - "flake-compat_19": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_2": { "flake": false, "locked": { @@ -2014,11 +1871,11 @@ "flake-compat_20": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -2030,11 +1887,11 @@ "flake-compat_21": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -2044,6 +1901,22 @@ } }, "flake-compat_22": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_23": { "flake": false, "locked": { "lastModified": 1747046372, @@ -2059,7 +1932,7 @@ "type": "github" } }, - "flake-compat_23": { + "flake-compat_24": { "flake": false, "locked": { "lastModified": 1696426674, @@ -2075,14 +1948,14 @@ "type": "github" } }, - "flake-compat_24": { + "flake-compat_25": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -2091,7 +1964,7 @@ "type": "github" } }, - "flake-compat_25": { + "flake-compat_26": { "flake": false, "locked": { "lastModified": 1733328505, @@ -2107,7 +1980,7 @@ "type": "github" } }, - "flake-compat_26": { + "flake-compat_27": { "flake": false, "locked": { "lastModified": 1747046372, @@ -2123,22 +1996,6 @@ "type": "github" } }, - "flake-compat_27": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_28": { "flake": false, "locked": { @@ -2158,11 +2015,11 @@ "flake-compat_29": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -2172,22 +2029,6 @@ } }, "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_30": { "flake": false, "locked": { "lastModified": 1747046372, @@ -2203,46 +2044,14 @@ "type": "github" } }, - "flake-compat_31": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_32": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -2350,28 +2159,6 @@ } }, "flake-parts_10": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_11": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2393,9 +2180,9 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_11": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_6" + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { "lastModified": 1759362264, @@ -2411,7 +2198,7 @@ "type": "github" } }, - "flake-parts_13": { + "flake-parts_12": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2434,9 +2221,9 @@ "type": "github" } }, - "flake-parts_14": { + "flake-parts_13": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_7" + "nixpkgs-lib": "nixpkgs-lib_6" }, "locked": { "lastModified": 1719994518, @@ -2451,7 +2238,7 @@ "type": "indirect" } }, - "flake-parts_15": { + "flake-parts_14": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2474,7 +2261,7 @@ "type": "github" } }, - "flake-parts_16": { + "flake-parts_15": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2497,25 +2284,25 @@ "type": "github" } }, + "flake-parts_16": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_7" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-parts_17": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_8" - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_18": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2539,9 +2326,9 @@ "type": "github" } }, - "flake-parts_19": { + "flake-parts_18": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_9" + "nixpkgs-lib": "nixpkgs-lib_8" }, "locked": { "lastModified": 1719994518, @@ -2556,6 +2343,30 @@ "type": "indirect" } }, + "flake-parts_19": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-parts_2": { "inputs": { "nixpkgs-lib": [ @@ -2583,16 +2394,16 @@ "swarsel", "swarsel", "swarsel", - "nur", + "stylix", "nixpkgs" ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -2603,13 +2414,7 @@ }, "flake-parts_21": { "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "stylix", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_9" }, "locked": { "lastModified": 1756770412, @@ -2626,24 +2431,6 @@ } }, "flake-parts_22": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_10" - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_23": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2668,9 +2455,9 @@ "type": "github" } }, - "flake-parts_24": { + "flake-parts_23": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_11" + "nixpkgs-lib": "nixpkgs-lib_10" }, "locked": { "lastModified": 1719994518, @@ -2685,7 +2472,7 @@ "type": "indirect" } }, - "flake-parts_25": { + "flake-parts_24": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2710,7 +2497,7 @@ "type": "github" } }, - "flake-parts_26": { + "flake-parts_25": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2735,9 +2522,9 @@ "type": "github" } }, - "flake-parts_27": { + "flake-parts_26": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_12" + "nixpkgs-lib": "nixpkgs-lib_11" }, "locked": { "lastModified": 1754487366, @@ -2753,7 +2540,7 @@ "type": "github" } }, - "flake-parts_28": { + "flake-parts_27": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2779,9 +2566,9 @@ "type": "github" } }, - "flake-parts_29": { + "flake-parts_28": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_13" + "nixpkgs-lib": "nixpkgs-lib_12" }, "locked": { "lastModified": 1719994518, @@ -2796,25 +2583,7 @@ "type": "indirect" } }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_30": { + "flake-parts_29": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2840,7 +2609,24 @@ "type": "github" } }, - "flake-parts_31": { + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_30": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2866,25 +2652,25 @@ "type": "github" } }, + "flake-parts_31": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_13" + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-parts_32": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_14" - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_33": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2911,9 +2697,9 @@ "type": "github" } }, - "flake-parts_34": { + "flake-parts_33": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_15" + "nixpkgs-lib": "nixpkgs-lib_14" }, "locked": { "lastModified": 1719994518, @@ -2928,7 +2714,7 @@ "type": "indirect" } }, - "flake-parts_35": { + "flake-parts_34": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2955,7 +2741,7 @@ "type": "github" } }, - "flake-parts_36": { + "flake-parts_35": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2982,9 +2768,9 @@ "type": "github" } }, - "flake-parts_37": { + "flake-parts_36": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_16" + "nixpkgs-lib": "nixpkgs-lib_15" }, "locked": { "lastModified": 1751413152, @@ -3000,7 +2786,7 @@ "type": "github" } }, - "flake-parts_38": { + "flake-parts_37": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -3028,9 +2814,9 @@ "type": "github" } }, - "flake-parts_39": { + "flake-parts_38": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_17" + "nixpkgs-lib": "nixpkgs-lib_16" }, "locked": { "lastModified": 1719994518, @@ -3045,52 +2831,56 @@ "type": "indirect" } }, - "flake-parts_4": { + "flake-parts_39": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { - "id": "flake-parts", - "type": "indirect" + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" } }, "flake-parts_40": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_41": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -3118,16 +2908,34 @@ "type": "github" } }, + "flake-parts_41": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_17" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-parts_42": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_18" }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -3159,11 +2967,11 @@ "nixpkgs-lib": "nixpkgs-lib_20" }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -3230,24 +3038,6 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_24" }, - "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_49": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_25" - }, "locked": { "lastModified": 1760948891, "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", @@ -3262,30 +3052,9 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_49": { "inputs": { - "nixpkgs-lib": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_50": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_26" + "nixpkgs-lib": "nixpkgs-lib_25" }, "locked": { "lastModified": 1759362264, @@ -3301,7 +3070,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -3322,9 +3091,9 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_6": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1759362264, @@ -3340,7 +3109,7 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -3362,9 +3131,9 @@ "type": "github" } }, - "flake-parts_9": { + "flake-parts_8": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1719994518, @@ -3379,6 +3148,28 @@ "type": "indirect" } }, + "flake-parts_9": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -3399,7 +3190,7 @@ }, "flake-utils_10": { "inputs": { - "systems": "systems_12" + "systems": "systems_16" }, "locked": { "lastModified": 1726560853, @@ -3417,7 +3208,7 @@ }, "flake-utils_11": { "inputs": { - "systems": "systems_13" + "systems": "systems_17" }, "locked": { "lastModified": 1731533236, @@ -3435,7 +3226,7 @@ }, "flake-utils_12": { "inputs": { - "systems": "systems_16" + "systems": "systems_20" }, "locked": { "lastModified": 1726560853, @@ -3453,7 +3244,7 @@ }, "flake-utils_13": { "inputs": { - "systems": "systems_17" + "systems": "systems_21" }, "locked": { "lastModified": 1731533236, @@ -3471,7 +3262,7 @@ }, "flake-utils_14": { "inputs": { - "systems": "systems_20" + "systems": "systems_24" }, "locked": { "lastModified": 1726560853, @@ -3489,7 +3280,7 @@ }, "flake-utils_15": { "inputs": { - "systems": "systems_21" + "systems": "systems_25" }, "locked": { "lastModified": 1731533236, @@ -3507,7 +3298,7 @@ }, "flake-utils_16": { "inputs": { - "systems": "systems_24" + "systems": "systems_28" }, "locked": { "lastModified": 1726560853, @@ -3525,7 +3316,7 @@ }, "flake-utils_17": { "inputs": { - "systems": "systems_25" + "systems": "systems_29" }, "locked": { "lastModified": 1731533236, @@ -3543,7 +3334,7 @@ }, "flake-utils_18": { "inputs": { - "systems": "systems_28" + "systems": "systems_31" }, "locked": { "lastModified": 1726560853, @@ -3561,7 +3352,7 @@ }, "flake-utils_19": { "inputs": { - "systems": "systems_29" + "systems": "systems_32" }, "locked": { "lastModified": 1731533236, @@ -3596,42 +3387,6 @@ } }, "flake-utils_20": { - "inputs": { - "systems": "systems_31" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_21": { - "inputs": { - "systems": "systems_32" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_22": { "inputs": { "systems": "systems_36" }, @@ -3649,7 +3404,7 @@ "type": "github" } }, - "flake-utils_23": { + "flake-utils_21": { "inputs": { "systems": "systems_39" }, @@ -3667,7 +3422,7 @@ "type": "github" } }, - "flake-utils_24": { + "flake-utils_22": { "inputs": { "systems": "systems_43" }, @@ -3685,7 +3440,7 @@ "type": "github" } }, - "flake-utils_25": { + "flake-utils_23": { "inputs": { "systems": "systems_47" }, @@ -3703,7 +3458,7 @@ "type": "github" } }, - "flake-utils_26": { + "flake-utils_24": { "inputs": { "systems": "systems_51" }, @@ -3721,7 +3476,7 @@ "type": "github" } }, - "flake-utils_27": { + "flake-utils_25": { "inputs": { "systems": "systems_56" }, @@ -3739,7 +3494,7 @@ "type": "github" } }, - "flake-utils_28": { + "flake-utils_26": { "inputs": { "systems": "systems_61" }, @@ -3757,7 +3512,7 @@ "type": "github" } }, - "flake-utils_29": { + "flake-utils_27": { "inputs": { "systems": "systems_66" }, @@ -3794,36 +3549,6 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { "inputs": { "systems": "systems_6" }, @@ -3841,7 +3566,7 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_5": { "inputs": { "systems": "systems_7" }, @@ -3859,7 +3584,7 @@ "type": "github" } }, - "flake-utils_8": { + "flake-utils_6": { "inputs": { "systems": "systems_8" }, @@ -3877,7 +3602,7 @@ "type": "github" } }, - "flake-utils_9": { + "flake-utils_7": { "inputs": { "systems": "systems_11" }, @@ -3895,6 +3620,42 @@ "type": "github" } }, + "flake-utils_8": { + "inputs": { + "systems": "systems_12" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "inputs": { + "systems": "systems_13" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -4025,7 +3786,7 @@ }, "fw-fanctrl": { "inputs": { - "flake-compat": "flake-compat_13", + "flake-compat": "flake-compat_10", "nixpkgs": [ "swarsel", "swarsel", @@ -4050,7 +3811,7 @@ }, "fw-fanctrl_2": { "inputs": { - "flake-compat": "flake-compat_17", + "flake-compat": "flake-compat_14", "nixpkgs": [ "swarsel", "swarsel", @@ -4076,7 +3837,7 @@ }, "fw-fanctrl_3": { "inputs": { - "flake-compat": "flake-compat_21", + "flake-compat": "flake-compat_18", "nixpkgs": [ "swarsel", "swarsel", @@ -4103,7 +3864,7 @@ }, "fw-fanctrl_4": { "inputs": { - "flake-compat": "flake-compat_25", + "flake-compat": "flake-compat_22", "nixpkgs": [ "swarsel", "swarsel", @@ -4131,7 +3892,7 @@ }, "fw-fanctrl_5": { "inputs": { - "flake-compat": "flake-compat_29", + "flake-compat": "flake-compat_26", "nixpkgs": [ "swarsel", "swarsel", @@ -4185,7 +3946,9 @@ "nixpkgs": [ "swarsel", "swarsel", - "pre-commit-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4209,8 +3972,8 @@ "swarsel", "swarsel", "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4234,7 +3997,6 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4259,7 +4021,9 @@ "swarsel", "swarsel", "swarsel", - "pre-commit-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4284,8 +4048,8 @@ "swarsel", "swarsel", "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4310,7 +4074,6 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4336,7 +4099,9 @@ "swarsel", "swarsel", "swarsel", - "pre-commit-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4362,8 +4127,8 @@ "swarsel", "swarsel", "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4389,7 +4154,6 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4416,7 +4180,9 @@ "swarsel", "swarsel", "swarsel", - "pre-commit-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4465,8 +4231,8 @@ "swarsel", "swarsel", "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4493,7 +4259,6 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4513,33 +4278,6 @@ } }, "gitignore_22": { - "inputs": { - "nixpkgs": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_23": { "inputs": { "nixpkgs": [ "swarsel", @@ -4568,7 +4306,7 @@ "type": "github" } }, - "gitignore_24": { + "gitignore_23": { "inputs": { "nixpkgs": [ "swarsel", @@ -4597,7 +4335,7 @@ "type": "github" } }, - "gitignore_25": { + "gitignore_24": { "inputs": { "nixpkgs": [ "swarsel", @@ -4628,7 +4366,6 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "nixos-extra-modules", "pre-commit-hooks", "nixpkgs" ] @@ -4648,27 +4385,6 @@ } }, "gitignore_4": { - "inputs": { - "nixpkgs": [ - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_5": { "inputs": { "nixpkgs": [ "swarsel", @@ -4691,7 +4407,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_5": { "inputs": { "nixpkgs": [ "swarsel", @@ -4714,11 +4430,35 @@ "type": "github" } }, + "gitignore_6": { + "inputs": { + "nixpkgs": [ + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gitignore_7": { "inputs": { "nixpkgs": [ "swarsel", - "pre-commit-hooks", + "swarsel", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4741,8 +4481,8 @@ "nixpkgs": [ "swarsel", "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "nix-topology", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4765,7 +4505,6 @@ "nixpkgs": [ "swarsel", "swarsel", - "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4920,30 +4659,6 @@ "type": "github" } }, - "haumea": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "dmerge", - "nixlib" - ] - }, - "locked": { - "lastModified": 1681176209, - "narHash": "sha256-bJLDun6esIyWtwRVXcsgzGbh4UKu8wJDrPgykqPyzmg=", - "owner": "nix-community", - "repo": "haumea", - "rev": "b915b66b27da3a595d77b139e945bb0a2fcac926", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "haumea", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -5450,29 +5165,6 @@ "type": "github" } }, - "incl": { - "inputs": { - "nixlib": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1669263024, - "narHash": "sha256-E/+23NKtxAqYG/0ydYgxlgarKnxmDbg6rCMWnOBqn9Q=", - "owner": "divnix", - "repo": "incl", - "rev": "ce7bebaee048e4cd7ebdb4cee7885e00c4e2abca", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "incl", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane", @@ -5498,12 +5190,12 @@ }, "lanzaboote_2": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_8", - "nixpkgs": "nixpkgs_10", + "crane": "crane_2", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_7", + "nixpkgs": "nixpkgs_9", "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1756744479, @@ -5521,12 +5213,12 @@ }, "lanzaboote_3": { "inputs": { - "crane": "crane_4", - "flake-compat": "flake-compat_10", - "flake-parts": "flake-parts_13", - "nixpkgs": "nixpkgs_18", + "crane": "crane_3", + "flake-compat": "flake-compat_7", + "flake-parts": "flake-parts_12", + "nixpkgs": "nixpkgs_17", "pre-commit-hooks-nix": "pre-commit-hooks-nix_3", - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1756744479, @@ -5544,12 +5236,12 @@ }, "lanzaboote_4": { "inputs": { - "crane": "crane_5", - "flake-compat": "flake-compat_14", - "flake-parts": "flake-parts_18", - "nixpkgs": "nixpkgs_26", + "crane": "crane_4", + "flake-compat": "flake-compat_11", + "flake-parts": "flake-parts_17", + "nixpkgs": "nixpkgs_25", "pre-commit-hooks-nix": "pre-commit-hooks-nix_4", - "rust-overlay": "rust-overlay_5" + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1756744479, @@ -5567,12 +5259,12 @@ }, "lanzaboote_5": { "inputs": { - "crane": "crane_6", - "flake-compat": "flake-compat_18", - "flake-parts": "flake-parts_23", - "nixpkgs": "nixpkgs_34", + "crane": "crane_5", + "flake-compat": "flake-compat_15", + "flake-parts": "flake-parts_22", + "nixpkgs": "nixpkgs_33", "pre-commit-hooks-nix": "pre-commit-hooks-nix_5", - "rust-overlay": "rust-overlay_6" + "rust-overlay": "rust-overlay_5" }, "locked": { "lastModified": 1756744479, @@ -5590,12 +5282,12 @@ }, "lanzaboote_6": { "inputs": { - "crane": "crane_7", - "flake-compat": "flake-compat_22", - "flake-parts": "flake-parts_28", - "nixpkgs": "nixpkgs_42", + "crane": "crane_6", + "flake-compat": "flake-compat_19", + "flake-parts": "flake-parts_27", + "nixpkgs": "nixpkgs_41", "pre-commit-hooks-nix": "pre-commit-hooks-nix_6", - "rust-overlay": "rust-overlay_7" + "rust-overlay": "rust-overlay_6" }, "locked": { "lastModified": 1754297745, @@ -5613,12 +5305,12 @@ }, "lanzaboote_7": { "inputs": { - "crane": "crane_8", - "flake-compat": "flake-compat_26", - "flake-parts": "flake-parts_33", - "nixpkgs": "nixpkgs_50", + "crane": "crane_7", + "flake-compat": "flake-compat_23", + "flake-parts": "flake-parts_32", + "nixpkgs": "nixpkgs_49", "pre-commit-hooks-nix": "pre-commit-hooks-nix_7", - "rust-overlay": "rust-overlay_8" + "rust-overlay": "rust-overlay_7" }, "locked": { "lastModified": 1751381593, @@ -5636,12 +5328,12 @@ }, "lanzaboote_8": { "inputs": { - "crane": "crane_9", - "flake-compat": "flake-compat_30", - "flake-parts": "flake-parts_38", - "nixpkgs": "nixpkgs_58", + "crane": "crane_8", + "flake-compat": "flake-compat_27", + "flake-parts": "flake-parts_37", + "nixpkgs": "nixpkgs_57", "pre-commit-hooks-nix": "pre-commit-hooks-nix_8", - "rust-overlay": "rust-overlay_9" + "rust-overlay": "rust-overlay_8" }, "locked": { "lastModified": 1751381593, @@ -5681,7 +5373,7 @@ }, "microvm_2": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_4", "nixpkgs": [ "swarsel", "nixpkgs" @@ -5704,7 +5396,7 @@ }, "microvm_3": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_7", "nixpkgs": [ "swarsel", "swarsel", @@ -5726,67 +5418,6 @@ "type": "github" } }, - "n2c": { - "inputs": { - "flake-utils": [ - "nixos-extra-modules", - "nixt", - "std", - "flake-utils" - ], - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1677330646, - "narHash": "sha256-hUYCwJneMjnxTvj30Fjow6UMJUITqHlpUGpXMPXUJsU=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "ebca8f58d450cae1a19c07701a5a8ae40afc9efc", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, - "namaka": { - "inputs": { - "haumea": [ - "nixos-extra-modules", - "nixt", - "std", - "dmerge", - "haumea" - ], - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "dmerge", - "nixlib" - ] - }, - "locked": { - "lastModified": 1683059428, - "narHash": "sha256-ZTMqleCWmuNWhZE375gtF1j1JRkaKEUFN1AM43e7h4Y=", - "owner": "nix-community", - "repo": "namaka", - "rev": "2deba2f416454aec770bc1cc7365e39c73e6b1d7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.1.1", - "repo": "namaka", - "type": "github" - } - }, "niri-flake": { "inputs": { "niri-stable": "niri-stable", @@ -6997,10 +6628,10 @@ }, "nix-topology_2": { "inputs": { - "devshell": "devshell_6", - "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_11", - "pre-commit-hooks": "pre-commit-hooks_4" + "devshell": "devshell_4", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_10", + "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { "lastModified": 1752093877, @@ -7018,10 +6649,10 @@ }, "nix-topology_3": { "inputs": { - "devshell": "devshell_8", - "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_19", - "pre-commit-hooks": "pre-commit-hooks_6" + "devshell": "devshell_6", + "flake-utils": "flake-utils_8", + "nixpkgs": "nixpkgs_18", + "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { "lastModified": 1752093877, @@ -7039,10 +6670,10 @@ }, "nix-topology_4": { "inputs": { - "devshell": "devshell_10", - "flake-utils": "flake-utils_12", - "nixpkgs": "nixpkgs_27", - "pre-commit-hooks": "pre-commit-hooks_8" + "devshell": "devshell_8", + "flake-utils": "flake-utils_10", + "nixpkgs": "nixpkgs_26", + "pre-commit-hooks": "pre-commit-hooks_7" }, "locked": { "lastModified": 1752093877, @@ -7060,10 +6691,10 @@ }, "nix-topology_5": { "inputs": { - "devshell": "devshell_12", - "flake-utils": "flake-utils_14", - "nixpkgs": "nixpkgs_35", - "pre-commit-hooks": "pre-commit-hooks_10" + "devshell": "devshell_10", + "flake-utils": "flake-utils_12", + "nixpkgs": "nixpkgs_34", + "pre-commit-hooks": "pre-commit-hooks_9" }, "locked": { "lastModified": 1752093877, @@ -7081,10 +6712,10 @@ }, "nix-topology_6": { "inputs": { - "devshell": "devshell_14", - "flake-utils": "flake-utils_16", - "nixpkgs": "nixpkgs_43", - "pre-commit-hooks": "pre-commit-hooks_12" + "devshell": "devshell_12", + "flake-utils": "flake-utils_14", + "nixpkgs": "nixpkgs_42", + "pre-commit-hooks": "pre-commit-hooks_11" }, "locked": { "lastModified": 1752093877, @@ -7102,10 +6733,10 @@ }, "nix-topology_7": { "inputs": { - "devshell": "devshell_16", - "flake-utils": "flake-utils_18", - "nixpkgs": "nixpkgs_51", - "pre-commit-hooks": "pre-commit-hooks_14" + "devshell": "devshell_14", + "flake-utils": "flake-utils_16", + "nixpkgs": "nixpkgs_50", + "pre-commit-hooks": "pre-commit-hooks_13" }, "locked": { "lastModified": 1744142264, @@ -7123,10 +6754,10 @@ }, "nix-topology_8": { "inputs": { - "devshell": "devshell_18", - "flake-utils": "flake-utils_20", - "nixpkgs": "nixpkgs_59", - "pre-commit-hooks": "pre-commit-hooks_16" + "devshell": "devshell_16", + "flake-utils": "flake-utils_18", + "nixpkgs": "nixpkgs_58", + "pre-commit-hooks": "pre-commit-hooks_15" }, "locked": { "lastModified": 1744142264, @@ -7142,41 +6773,6 @@ "type": "github" } }, - "nixago": { - "inputs": { - "flake-utils": [ - "nixos-extra-modules", - "nixt", - "std", - "flake-utils" - ], - "nixago-exts": [ - "nixos-extra-modules", - "nixt", - "std", - "blank" - ], - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1683210100, - "narHash": "sha256-bhGDOlkWtlhVECpoOog4fWiFJmLCpVEg09a40aTjCbw=", - "owner": "nix-community", - "repo": "nixago", - "rev": "1da60ad9412135f9ed7a004669fdcf3d378ec630", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixago", - "type": "github" - } - }, "nixgl": { "inputs": { "flake-utils": "flake-utils_3", @@ -7198,8 +6794,8 @@ }, "nixgl_2": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_12" + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1752054764, @@ -7217,8 +6813,8 @@ }, "nixgl_3": { "inputs": { - "flake-utils": "flake-utils_11", - "nixpkgs": "nixpkgs_20" + "flake-utils": "flake-utils_9", + "nixpkgs": "nixpkgs_19" }, "locked": { "lastModified": 1752054764, @@ -7236,8 +6832,8 @@ }, "nixgl_4": { "inputs": { - "flake-utils": "flake-utils_13", - "nixpkgs": "nixpkgs_28" + "flake-utils": "flake-utils_11", + "nixpkgs": "nixpkgs_27" }, "locked": { "lastModified": 1752054764, @@ -7255,8 +6851,8 @@ }, "nixgl_5": { "inputs": { - "flake-utils": "flake-utils_15", - "nixpkgs": "nixpkgs_36" + "flake-utils": "flake-utils_13", + "nixpkgs": "nixpkgs_35" }, "locked": { "lastModified": 1752054764, @@ -7274,8 +6870,8 @@ }, "nixgl_6": { "inputs": { - "flake-utils": "flake-utils_17", - "nixpkgs": "nixpkgs_44" + "flake-utils": "flake-utils_15", + "nixpkgs": "nixpkgs_43" }, "locked": { "lastModified": 1752054764, @@ -7293,8 +6889,8 @@ }, "nixgl_7": { "inputs": { - "flake-utils": "flake-utils_19", - "nixpkgs": "nixpkgs_52" + "flake-utils": "flake-utils_17", + "nixpkgs": "nixpkgs_51" }, "locked": { "lastModified": 1751696036, @@ -7312,8 +6908,8 @@ }, "nixgl_8": { "inputs": { - "flake-utils": "flake-utils_21", - "nixpkgs": "nixpkgs_60" + "flake-utils": "flake-utils_19", + "nixpkgs": "nixpkgs_59" }, "locked": { "lastModified": 1751696036, @@ -7449,30 +7045,6 @@ "type": "github" } }, - "nixos-extra-modules": { - "inputs": { - "devshell": "devshell_3", - "flake-parts": "flake-parts_3", - "nixpkgs": [ - "nixpkgs" - ], - "nixt": "nixt", - "pre-commit-hooks": "pre-commit-hooks_2" - }, - "locked": { - "lastModified": 1757854196, - "narHash": "sha256-RDr3/JTpRyXSR1OOg+wzdOUmDL1Ke05OLV/xctbuQOw=", - "owner": "oddlama", - "repo": "nixos-extra-modules", - "rev": "a584a970a05d0410dcb00e0ade684a0c0ce00c4b", - "type": "github" - }, - "original": { - "owner": "oddlama", - "repo": "nixos-extra-modules", - "type": "github" - } - }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -7815,11 +7387,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1762578095, - "narHash": "sha256-uW5Ff1H/lVvsKcNXtU7COQifqnRQ5i/YTEPGQwundNQ=", + "lastModified": 1761589965, + "narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "a99a76ccf7bfbb8c5d6129e6ff69413c6db55c1a", + "rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269", "type": "github" }, "original": { @@ -8349,6 +7921,114 @@ } }, "nixpkgs-lib_10": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_11": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_12": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_13": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_14": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_15": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_16": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_17": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_18": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8363,114 +8043,6 @@ "type": "github" } }, - "nixpkgs-lib_11": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_12": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_13": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_14": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_15": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_16": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_17": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_18": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-lib_19": { "locked": { "lastModified": 1754788789, @@ -8488,14 +8060,14 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "nixpkgs-lib_20": { @@ -8588,7 +8160,7 @@ "type": "github" } }, - "nixpkgs-lib_26": { + "nixpkgs-lib_3": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8603,73 +8175,46 @@ "type": "github" } }, - "nixpkgs-lib_3": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, "nixpkgs-lib_4": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "nixpkgs-lib_5": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-lib_6": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "nixpkgs-lib_7": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_8": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8684,7 +8229,7 @@ "type": "github" } }, - "nixpkgs-lib_9": { + "nixpkgs-lib_8": { "locked": { "lastModified": 1719876945, "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", @@ -8696,6 +8241,21 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, + "nixpkgs-lib_9": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1760139962, @@ -9321,22 +8881,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1754243818, - "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9352,7 +8896,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9367,7 +8911,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1760284886, "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", @@ -9383,7 +8927,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9399,7 +8943,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { "lastModified": 1760284886, "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", @@ -9415,7 +8959,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_15": { "locked": { "lastModified": 1760164275, "narHash": "sha256-gKl2Gtro/LNf8P+4L3S2RsZ0G390ccd5MyXYrTdMCFE=", @@ -9431,7 +8975,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_16": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -9447,7 +8991,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_17": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9463,7 +9007,7 @@ "type": "github" } }, - "nixpkgs_19": { + "nixpkgs_18": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9479,6 +9023,21 @@ "type": "github" } }, + "nixpkgs_19": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -9496,21 +9055,6 @@ } }, "nixpkgs_20": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_21": { "locked": { "lastModified": 1759381078, "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", @@ -9526,7 +9070,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_21": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9542,7 +9086,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_22": { "locked": { "lastModified": 1759381078, "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", @@ -9558,7 +9102,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_23": { "locked": { "lastModified": 1759570798, "narHash": "sha256-kbkzsUKYzKhuvMOuxt/aTwWU2mnrwoY964yN3Y4dE98=", @@ -9574,7 +9118,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_24": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -9590,7 +9134,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_25": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9606,7 +9150,7 @@ "type": "github" } }, - "nixpkgs_27": { + "nixpkgs_26": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9622,7 +9166,7 @@ "type": "github" } }, - "nixpkgs_28": { + "nixpkgs_27": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9637,7 +9181,7 @@ "type": "github" } }, - "nixpkgs_29": { + "nixpkgs_28": { "locked": { "lastModified": 1758427187, "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", @@ -9653,6 +9197,22 @@ "type": "github" } }, + "nixpkgs_29": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1746378225, @@ -9669,22 +9229,6 @@ } }, "nixpkgs_30": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_31": { "locked": { "lastModified": 1758427187, "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", @@ -9700,7 +9244,7 @@ "type": "github" } }, - "nixpkgs_32": { + "nixpkgs_31": { "locked": { "lastModified": 1758262103, "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", @@ -9716,7 +9260,7 @@ "type": "github" } }, - "nixpkgs_33": { + "nixpkgs_32": { "locked": { "lastModified": 1756819007, "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", @@ -9732,7 +9276,7 @@ "type": "github" } }, - "nixpkgs_34": { + "nixpkgs_33": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9748,7 +9292,7 @@ "type": "github" } }, - "nixpkgs_35": { + "nixpkgs_34": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9764,7 +9308,7 @@ "type": "github" } }, - "nixpkgs_36": { + "nixpkgs_35": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9779,7 +9323,7 @@ "type": "github" } }, - "nixpkgs_37": { + "nixpkgs_36": { "locked": { "lastModified": 1757745802, "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", @@ -9795,7 +9339,7 @@ "type": "github" } }, - "nixpkgs_38": { + "nixpkgs_37": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9811,7 +9355,7 @@ "type": "github" } }, - "nixpkgs_39": { + "nixpkgs_38": { "locked": { "lastModified": 1757745802, "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", @@ -9827,23 +9371,7 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_40": { + "nixpkgs_39": { "locked": { "lastModified": 1757746433, "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", @@ -9859,150 +9387,7 @@ "type": "github" } }, - "nixpkgs_41": { - "locked": { - "lastModified": 1756819007, - "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_42": { - "locked": { - "lastModified": 1754243818, - "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_43": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_44": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_45": { - "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_46": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_47": { - "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_48": { - "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_49": { - "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -10018,13 +9403,29 @@ "type": "github" } }, - "nixpkgs_50": { + "nixpkgs_40": { "locked": { - "lastModified": 1751203939, - "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "lastModified": 1756819007, + "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_41": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { @@ -10034,7 +9435,7 @@ "type": "github" } }, - "nixpkgs_51": { + "nixpkgs_42": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -10050,7 +9451,7 @@ "type": "github" } }, - "nixpkgs_52": { + "nixpkgs_43": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -10065,7 +9466,150 @@ "type": "github" } }, - "nixpkgs_53": { + "nixpkgs_44": { + "locked": { + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_45": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_46": { + "locked": { + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_47": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_48": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_49": { + "locked": { + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_50": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_51": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_52": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -10081,23 +9625,23 @@ "type": "github" } }, + "nixpkgs_53": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_54": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_55": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -10113,7 +9657,7 @@ "type": "github" } }, - "nixpkgs_56": { + "nixpkgs_55": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -10129,7 +9673,7 @@ "type": "github" } }, - "nixpkgs_57": { + "nixpkgs_56": { "locked": { "lastModified": 1748460289, "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", @@ -10145,7 +9689,7 @@ "type": "github" } }, - "nixpkgs_58": { + "nixpkgs_57": { "locked": { "lastModified": 1751203939, "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", @@ -10161,7 +9705,7 @@ "type": "github" } }, - "nixpkgs_59": { + "nixpkgs_58": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -10177,23 +9721,7 @@ "type": "github" } }, - "nixpkgs_6": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_60": { + "nixpkgs_59": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -10208,7 +9736,23 @@ "type": "github" } }, - "nixpkgs_61": { + "nixpkgs_6": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_60": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -10224,7 +9768,7 @@ "type": "github" } }, - "nixpkgs_62": { + "nixpkgs_61": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -10240,7 +9784,7 @@ "type": "github" } }, - "nixpkgs_63": { + "nixpkgs_62": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -10256,7 +9800,7 @@ "type": "github" } }, - "nixpkgs_64": { + "nixpkgs_63": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -10272,7 +9816,7 @@ "type": "github" } }, - "nixpkgs_65": { + "nixpkgs_64": { "locked": { "lastModified": 1748460289, "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", @@ -10288,6 +9832,22 @@ "type": "github" } }, + "nixpkgs_65": { + "locked": { + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_66": { "locked": { "lastModified": 1750865895, @@ -10305,22 +9865,6 @@ } }, "nixpkgs_67": { - "locked": { - "lastModified": 1750865895, - "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_68": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -10336,7 +9880,7 @@ "type": "github" } }, - "nixpkgs_69": { + "nixpkgs_68": { "locked": { "lastModified": 1750865895, "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", @@ -10352,23 +9896,7 @@ "type": "github" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_70": { + "nixpkgs_69": { "locked": { "lastModified": 1757745802, "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", @@ -10384,151 +9912,7 @@ "type": "github" } }, - "nixpkgs_71": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_72": { - "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_73": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_74": { - "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_75": { - "locked": { - "lastModified": 1759733170, - "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8913c168d1c56dc49a7718685968f38752171c3b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_76": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_77": { - "locked": { - "lastModified": 1760284886, - "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_78": { - "locked": { - "lastModified": 1759733170, - "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8913c168d1c56dc49a7718685968f38752171c3b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_79": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1760596604, "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", @@ -10544,13 +9928,29 @@ "type": "github" } }, - "nixpkgs_80": { + "nixpkgs_70": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_71": { + "locked": { + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -10560,7 +9960,39 @@ "type": "github" } }, - "nixpkgs_81": { + "nixpkgs_72": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_73": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_74": { "locked": { "lastModified": 1759733170, "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", @@ -10576,23 +10008,119 @@ "type": "github" } }, - "nixpkgs_82": { + "nixpkgs_75": { "locked": { - "lastModified": 1761236834, - "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", - "owner": "nixos", + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_83": { + "nixpkgs_76": { + "locked": { + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_77": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_78": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_79": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_80": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_81": { "locked": { "lastModified": 1754800730, "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", @@ -10610,44 +10138,20 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, - "nixt": { - "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": [ - "nixos-extra-modules", - "nixpkgs" - ], - "std": "std", - "std-data-collection": "std-data-collection" - }, - "locked": { - "lastModified": 1729273076, - "narHash": "sha256-h2Y+5bikSXS8MPYpxyZpd+VX9H5uuCS/csMMxZCoS3c=", - "owner": "nix-community", - "repo": "nixt", - "rev": "ad8863c9f9e5a166d663f2f1f0eef74ab913a883", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixt", - "type": "github" - } - }, "nmd": { "flake": false, "locked": { @@ -11108,25 +10612,10 @@ "type": "gitlab" } }, - "nosys": { - "locked": { - "lastModified": 1668010795, - "narHash": "sha256-JBDVBnos8g0toU7EhIIqQ1If5m/nyBqtHhL3sicdPwI=", - "owner": "divnix", - "repo": "nosys", - "rev": "feade0141487801c71ff55623b421ed535dbdefa", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "nosys", - "type": "github" - } - }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_6" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1721304043, @@ -11144,8 +10633,8 @@ }, "nswitch-rcm-nix_2": { "inputs": { - "flake-parts": "flake-parts_9", - "nixpkgs": "nixpkgs_14" + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_13" }, "locked": { "lastModified": 1721304043, @@ -11163,8 +10652,8 @@ }, "nswitch-rcm-nix_3": { "inputs": { - "flake-parts": "flake-parts_14", - "nixpkgs": "nixpkgs_22" + "flake-parts": "flake-parts_13", + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1721304043, @@ -11182,8 +10671,8 @@ }, "nswitch-rcm-nix_4": { "inputs": { - "flake-parts": "flake-parts_19", - "nixpkgs": "nixpkgs_30" + "flake-parts": "flake-parts_18", + "nixpkgs": "nixpkgs_29" }, "locked": { "lastModified": 1721304043, @@ -11201,8 +10690,8 @@ }, "nswitch-rcm-nix_5": { "inputs": { - "flake-parts": "flake-parts_24", - "nixpkgs": "nixpkgs_38" + "flake-parts": "flake-parts_23", + "nixpkgs": "nixpkgs_37" }, "locked": { "lastModified": 1721304043, @@ -11220,8 +10709,8 @@ }, "nswitch-rcm-nix_6": { "inputs": { - "flake-parts": "flake-parts_29", - "nixpkgs": "nixpkgs_46" + "flake-parts": "flake-parts_28", + "nixpkgs": "nixpkgs_45" }, "locked": { "lastModified": 1721304043, @@ -11239,8 +10728,8 @@ }, "nswitch-rcm-nix_7": { "inputs": { - "flake-parts": "flake-parts_34", - "nixpkgs": "nixpkgs_54" + "flake-parts": "flake-parts_33", + "nixpkgs": "nixpkgs_53" }, "locked": { "lastModified": 1721304043, @@ -11258,8 +10747,8 @@ }, "nswitch-rcm-nix_8": { "inputs": { - "flake-parts": "flake-parts_39", - "nixpkgs": "nixpkgs_62" + "flake-parts": "flake-parts_38", + "nixpkgs": "nixpkgs_61" }, "locked": { "lastModified": 1721304043, @@ -11277,8 +10766,8 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_7" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1762033460, @@ -11329,8 +10818,8 @@ }, "nur_11": { "inputs": { - "flake-parts": "flake-parts_30", - "nixpkgs": "nixpkgs_47" + "flake-parts": "flake-parts_29", + "nixpkgs": "nixpkgs_46" }, "locked": { "lastModified": 1754726338, @@ -11383,8 +10872,8 @@ }, "nur_13": { "inputs": { - "flake-parts": "flake-parts_35", - "nixpkgs": "nixpkgs_55" + "flake-parts": "flake-parts_34", + "nixpkgs": "nixpkgs_54" }, "locked": { "lastModified": 1751906969, @@ -11440,8 +10929,8 @@ }, "nur_15": { "inputs": { - "flake-parts": "flake-parts_40", - "nixpkgs": "nixpkgs_63" + "flake-parts": "flake-parts_39", + "nixpkgs": "nixpkgs_62" }, "locked": { "lastModified": 1751906969, @@ -11524,8 +11013,8 @@ }, "nur_3": { "inputs": { - "flake-parts": "flake-parts_10", - "nixpkgs": "nixpkgs_15" + "flake-parts": "flake-parts_9", + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1760434122, @@ -11570,8 +11059,8 @@ }, "nur_5": { "inputs": { - "flake-parts": "flake-parts_15", - "nixpkgs": "nixpkgs_23" + "flake-parts": "flake-parts_14", + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1759783224, @@ -11618,8 +11107,8 @@ }, "nur_7": { "inputs": { - "flake-parts": "flake-parts_20", - "nixpkgs": "nixpkgs_31" + "flake-parts": "flake-parts_19", + "nixpkgs": "nixpkgs_30" }, "locked": { "lastModified": 1758706012, @@ -11668,8 +11157,8 @@ }, "nur_9": { "inputs": { - "flake-parts": "flake-parts_25", - "nixpkgs": "nixpkgs_39" + "flake-parts": "flake-parts_24", + "nixpkgs": "nixpkgs_38" }, "locked": { "lastModified": 1757935448, @@ -11685,120 +11174,6 @@ "type": "github" } }, - "paisano": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ], - "nosys": "nosys", - "yants": [ - "nixos-extra-modules", - "nixt", - "std", - "yants" - ] - }, - "locked": { - "lastModified": 1678949904, - "narHash": "sha256-oAoF66hYYz1RPh3lEwb9/4e4iyBAfTbQKZRRQ8gP0Ds=", - "owner": "paisano-nix", - "repo": "core", - "rev": "88f2aff10a5064551d1d4cb86800d17084489ce3", - "type": "github" - }, - "original": { - "owner": "paisano-nix", - "repo": "core", - "type": "github" - } - }, - "paisano-actions": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "paisano-mdbook-preprocessor", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1677306424, - "narHash": "sha256-H9/dI2rGEbKo4KEisqbRPHFG2ajF8Tm111NPdKGIf28=", - "owner": "paisano-nix", - "repo": "actions", - "rev": "65ec4e080b3480167fc1a748c89a05901eea9a9b", - "type": "github" - }, - "original": { - "owner": "paisano-nix", - "repo": "actions", - "type": "github" - } - }, - "paisano-mdbook-preprocessor": { - "inputs": { - "crane": "crane_2", - "fenix": "fenix", - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ], - "paisano-actions": "paisano-actions", - "std": [ - "nixos-extra-modules", - "nixt", - "std" - ] - }, - "locked": { - "lastModified": 1680654400, - "narHash": "sha256-Qdpio+ldhUK3zfl22Mhf8HUULdUOJXDWDdO7MIK69OU=", - "owner": "paisano-nix", - "repo": "mdbook-paisano-preprocessor", - "rev": "11a8fc47f574f194a7ae7b8b98001f6143ba4cf1", - "type": "github" - }, - "original": { - "owner": "paisano-nix", - "repo": "mdbook-paisano-preprocessor", - "type": "github" - } - }, - "paisano-tui": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "blank" - ], - "std": [ - "nixos-extra-modules", - "nixt", - "std" - ] - }, - "locked": { - "lastModified": 1681847764, - "narHash": "sha256-mdd7PJW1BZvxy0cIKsPfAO+ohVl/V7heE5ZTAHzTdv8=", - "owner": "paisano-nix", - "repo": "tui", - "rev": "3096bad91cae73ab8ab3367d31f8a143d248a244", - "type": "github" - }, - "original": { - "owner": "paisano-nix", - "ref": "0.1.1", - "repo": "tui", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_2", @@ -11859,7 +11234,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_4", "nixpkgs": [ "swarsel", "lanzaboote", @@ -11888,7 +11263,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_8", + "gitignore": "gitignore_7", "nixpkgs": [ "swarsel", "swarsel", @@ -11919,7 +11294,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_11", + "gitignore": "gitignore_10", "nixpkgs": [ "swarsel", "swarsel", @@ -11952,7 +11327,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_14", + "gitignore": "gitignore_13", "nixpkgs": [ "swarsel", "swarsel", @@ -11987,7 +11362,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_17", + "gitignore": "gitignore_16", "nixpkgs": [ "swarsel", "swarsel", @@ -12024,7 +11399,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_20", + "gitignore": "gitignore_19", "nixpkgs": [ "swarsel", "swarsel", @@ -12063,7 +11438,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_23", + "gitignore": "gitignore_22", "nixpkgs": [ "swarsel", "swarsel", @@ -12092,43 +11467,8 @@ }, "pre-commit-hooks_10": { "inputs": { - "flake-compat": "flake-compat_19", + "flake-compat": "flake-compat_17", "gitignore": "gitignore_15", - "nixpkgs": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nix-topology", - "nixpkgs" - ], - "nixpkgs-stable": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nix-topology", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730797577, - "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_11": { - "inputs": { - "flake-compat": "flake-compat_20", - "gitignore": "gitignore_16", "nixpkgs": [ "swarsel", "swarsel", @@ -12151,10 +11491,10 @@ "type": "github" } }, - "pre-commit-hooks_12": { + "pre-commit-hooks_11": { "inputs": { - "flake-compat": "flake-compat_23", - "gitignore": "gitignore_18", + "flake-compat": "flake-compat_20", + "gitignore": "gitignore_17", "nixpkgs": [ "swarsel", "swarsel", @@ -12188,10 +11528,10 @@ "type": "github" } }, - "pre-commit-hooks_13": { + "pre-commit-hooks_12": { "inputs": { - "flake-compat": "flake-compat_24", - "gitignore": "gitignore_19", + "flake-compat": "flake-compat_21", + "gitignore": "gitignore_18", "nixpkgs": [ "swarsel", "swarsel", @@ -12215,10 +11555,10 @@ "type": "github" } }, - "pre-commit-hooks_14": { + "pre-commit-hooks_13": { "inputs": { - "flake-compat": "flake-compat_27", - "gitignore": "gitignore_21", + "flake-compat": "flake-compat_24", + "gitignore": "gitignore_20", "nixpkgs": [ "swarsel", "swarsel", @@ -12254,10 +11594,10 @@ "type": "github" } }, - "pre-commit-hooks_15": { + "pre-commit-hooks_14": { "inputs": { - "flake-compat": "flake-compat_28", - "gitignore": "gitignore_22", + "flake-compat": "flake-compat_25", + "gitignore": "gitignore_21", "nixpkgs": [ "swarsel", "swarsel", @@ -12282,10 +11622,10 @@ "type": "github" } }, - "pre-commit-hooks_16": { + "pre-commit-hooks_15": { "inputs": { - "flake-compat": "flake-compat_31", - "gitignore": "gitignore_24", + "flake-compat": "flake-compat_28", + "gitignore": "gitignore_23", "nixpkgs": [ "swarsel", "swarsel", @@ -12323,10 +11663,10 @@ "type": "github" } }, - "pre-commit-hooks_17": { + "pre-commit-hooks_16": { "inputs": { - "flake-compat": "flake-compat_32", - "gitignore": "gitignore_25", + "flake-compat": "flake-compat_29", + "gitignore": "gitignore_24", "nixpkgs": [ "swarsel", "swarsel", @@ -12354,31 +11694,8 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_3", "gitignore": "gitignore_3", - "nixpkgs": [ - "nixos-extra-modules", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_3": { - "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ] @@ -12397,10 +11714,10 @@ "type": "github" } }, - "pre-commit-hooks_4": { + "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_8", - "gitignore": "gitignore_6", + "flake-compat": "flake-compat_5", + "gitignore": "gitignore_5", "nixpkgs": [ "swarsel", "nix-topology", @@ -12426,10 +11743,10 @@ "type": "github" } }, - "pre-commit-hooks_5": { + "pre-commit-hooks_4": { "inputs": { - "flake-compat": "flake-compat_9", - "gitignore": "gitignore_7", + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_6", "nixpkgs": [ "swarsel", "nixpkgs" @@ -12449,10 +11766,10 @@ "type": "github" } }, - "pre-commit-hooks_6": { + "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_11", - "gitignore": "gitignore_9", + "flake-compat": "flake-compat_8", + "gitignore": "gitignore_8", "nixpkgs": [ "swarsel", "swarsel", @@ -12480,10 +11797,10 @@ "type": "github" } }, - "pre-commit-hooks_7": { + "pre-commit-hooks_6": { "inputs": { - "flake-compat": "flake-compat_12", - "gitignore": "gitignore_10", + "flake-compat": "flake-compat_9", + "gitignore": "gitignore_9", "nixpkgs": [ "swarsel", "swarsel", @@ -12504,10 +11821,10 @@ "type": "github" } }, - "pre-commit-hooks_8": { + "pre-commit-hooks_7": { "inputs": { - "flake-compat": "flake-compat_15", - "gitignore": "gitignore_12", + "flake-compat": "flake-compat_12", + "gitignore": "gitignore_11", "nixpkgs": [ "swarsel", "swarsel", @@ -12537,10 +11854,10 @@ "type": "github" } }, - "pre-commit-hooks_9": { + "pre-commit-hooks_8": { "inputs": { - "flake-compat": "flake-compat_16", - "gitignore": "gitignore_13", + "flake-compat": "flake-compat_13", + "gitignore": "gitignore_12", "nixpkgs": [ "swarsel", "swarsel", @@ -12562,6 +11879,41 @@ "type": "github" } }, + "pre-commit-hooks_9": { + "inputs": { + "flake-compat": "flake-compat_16", + "gitignore": "gitignore_14", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "devshell": "devshell", @@ -12578,10 +11930,9 @@ "nix-on-droid": "nix-on-droid", "nix-topology": "nix-topology", "nixgl": "nixgl", - "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", "nixpkgs-stable": "nixpkgs-stable_3", @@ -12590,7 +11941,7 @@ "nixpkgs-stable25_05": "nixpkgs-stable25_05", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks_3", + "pre-commit-hooks": "pre-commit-hooks_2", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", @@ -12598,28 +11949,10 @@ "swarsel-modules": "swarsel-modules_6", "swarsel-nix": "swarsel-nix_3", "systems": "systems_64", - "treefmt-nix": "treefmt-nix_3", "vbc-nix": "vbc-nix_8", "zjstatus": "zjstatus_8" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1677221702, - "narHash": "sha256-1M+58rC4eTCWNmmX0hQVZP20t3tfYNunl9D/PrGUyGE=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "f5401f620699b26ed9d47a1d2e838143a18dbe3b", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -12650,7 +11983,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "zjstatus", "nixpkgs" ] @@ -12677,7 +12009,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "zjstatus", "nixpkgs" ] @@ -12703,17 +12034,16 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "zjstatus", "nixpkgs" ] }, "locked": { - "lastModified": 1750905536, - "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", "type": "github" }, "original": { @@ -12728,7 +12058,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "zjstatus", "nixpkgs" ] @@ -12750,7 +12079,6 @@ "rust-overlay_14": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "swarsel", "zjstatus", @@ -12774,7 +12102,6 @@ "rust-overlay_15": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "zjstatus", "nixpkgs" @@ -12795,28 +12122,6 @@ } }, "rust-overlay_16": { - "inputs": { - "nixpkgs": [ - "swarsel", - "zjstatus", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754880555, - "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_17": { "inputs": { "nixpkgs": [ "zjstatus", @@ -12839,29 +12144,18 @@ }, "rust-overlay_2": { "inputs": { - "flake-utils": [ - "nixos-extra-modules", - "nixt", - "std", - "paisano-mdbook-preprocessor", - "crane", - "flake-utils" - ], "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "paisano-mdbook-preprocessor", - "crane", + "swarsel", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1675391458, - "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "type": "github" }, "original": { @@ -12873,6 +12167,7 @@ "rust-overlay_3": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "lanzaboote", "nixpkgs" @@ -12895,6 +12190,7 @@ "rust-overlay_4": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "swarsel", "lanzaboote", @@ -12921,6 +12217,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "lanzaboote", "nixpkgs" ] @@ -12946,6 +12243,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "lanzaboote", "nixpkgs" ] @@ -12972,16 +12270,17 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1754189623, - "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", "type": "github" }, "original": { @@ -12999,6 +12298,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "lanzaboote", "nixpkgs" ] @@ -13027,16 +12327,16 @@ "swarsel", "swarsel", "swarsel", - "lanzaboote", + "zjstatus", "nixpkgs" ] }, "locked": { - "lastModified": 1751165203, - "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", "type": "github" }, "original": { @@ -13175,7 +12475,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1760998189, @@ -13193,7 +12493,7 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1760393368, @@ -13211,7 +12511,7 @@ }, "sops-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_24" + "nixpkgs": "nixpkgs_23" }, "locked": { "lastModified": 1759635238, @@ -13229,7 +12529,7 @@ }, "sops-nix_4": { "inputs": { - "nixpkgs": "nixpkgs_32" + "nixpkgs": "nixpkgs_31" }, "locked": { "lastModified": 1758425756, @@ -13247,7 +12547,7 @@ }, "sops-nix_5": { "inputs": { - "nixpkgs": "nixpkgs_40" + "nixpkgs": "nixpkgs_39" }, "locked": { "lastModified": 1757847158, @@ -13265,7 +12565,7 @@ }, "sops-nix_6": { "inputs": { - "nixpkgs": "nixpkgs_48" + "nixpkgs": "nixpkgs_47" }, "locked": { "lastModified": 1754328224, @@ -13283,7 +12583,7 @@ }, "sops-nix_7": { "inputs": { - "nixpkgs": "nixpkgs_56" + "nixpkgs": "nixpkgs_55" }, "locked": { "lastModified": 1751606940, @@ -13301,7 +12601,7 @@ }, "sops-nix_8": { "inputs": { - "nixpkgs": "nixpkgs_64" + "nixpkgs": "nixpkgs_63" }, "locked": { "lastModified": 1751606940, @@ -13506,84 +12806,6 @@ "type": "github" } }, - "std": { - "inputs": { - "arion": [ - "nixos-extra-modules", - "nixt", - "std", - "blank" - ], - "blank": "blank", - "devshell": "devshell_4", - "dmerge": "dmerge", - "flake-utils": "flake-utils_4", - "incl": "incl", - "makes": [ - "nixos-extra-modules", - "nixt", - "std", - "blank" - ], - "microvm": [ - "nixos-extra-modules", - "nixt", - "std", - "blank" - ], - "n2c": "n2c", - "nixago": "nixago", - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "nixpkgs" - ], - "paisano": "paisano", - "paisano-mdbook-preprocessor": "paisano-mdbook-preprocessor", - "paisano-tui": "paisano-tui", - "yants": "yants" - }, - "locked": { - "lastModified": 1684180498, - "narHash": "sha256-kA58ms4yunOVPhe3r7V0IIKeWUV+vl4r2GTcfFfYW5o=", - "owner": "divnix", - "repo": "std", - "rev": "45b431ae09df98e046bcc8271aa209bdfc87444d", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "std", - "type": "github" - } - }, - "std-data-collection": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "nixpkgs" - ], - "std": [ - "nixos-extra-modules", - "nixt", - "std" - ] - }, - "locked": { - "lastModified": 1676163535, - "narHash": "sha256-xofkWLBqU4zj5vzJhWor2Z9CyPGKt7UGkTchsCT48Po=", - "owner": "divnix", - "repo": "std-data-collection", - "rev": "f713d81a6197e1b0854fb201cc7acde5ef9e93d4", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "std-data-collection", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -13591,9 +12813,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_5", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "nur": "nur_2", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -13623,9 +12845,9 @@ "base16-helix": "base16-helix_2", "base16-vim": "base16-vim_2", "firefox-gnome-theme": "firefox-gnome-theme_2", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_10", "gnome-shell": "gnome-shell_2", - "nixpkgs": "nixpkgs_17", + "nixpkgs": "nixpkgs_16", "nur": "nur_4", "systems": "systems_10", "tinted-foot": "tinted-foot_2", @@ -13655,9 +12877,9 @@ "base16-helix": "base16-helix_3", "base16-vim": "base16-vim_3", "firefox-gnome-theme": "firefox-gnome-theme_3", - "flake-parts": "flake-parts_16", + "flake-parts": "flake-parts_15", "gnome-shell": "gnome-shell_3", - "nixpkgs": "nixpkgs_25", + "nixpkgs": "nixpkgs_24", "nur": "nur_6", "systems": "systems_15", "tinted-foot": "tinted-foot_3", @@ -13687,9 +12909,9 @@ "base16-helix": "base16-helix_4", "base16-vim": "base16-vim_4", "firefox-gnome-theme": "firefox-gnome-theme_4", - "flake-parts": "flake-parts_21", + "flake-parts": "flake-parts_20", "gnome-shell": "gnome-shell_4", - "nixpkgs": "nixpkgs_33", + "nixpkgs": "nixpkgs_32", "nur": "nur_8", "systems": "systems_19", "tinted-foot": "tinted-foot_4", @@ -13719,9 +12941,9 @@ "base16-helix": "base16-helix_5", "base16-vim": "base16-vim_5", "firefox-gnome-theme": "firefox-gnome-theme_5", - "flake-parts": "flake-parts_26", + "flake-parts": "flake-parts_25", "gnome-shell": "gnome-shell_5", - "nixpkgs": "nixpkgs_41", + "nixpkgs": "nixpkgs_40", "nur": "nur_10", "systems": "systems_23", "tinted-foot": "tinted-foot_5", @@ -13751,9 +12973,9 @@ "base16-helix": "base16-helix_6", "base16-vim": "base16-vim_6", "firefox-gnome-theme": "firefox-gnome-theme_6", - "flake-parts": "flake-parts_31", + "flake-parts": "flake-parts_30", "gnome-shell": "gnome-shell_6", - "nixpkgs": "nixpkgs_49", + "nixpkgs": "nixpkgs_48", "nur": "nur_12", "systems": "systems_27", "tinted-foot": "tinted-foot_6", @@ -13783,9 +13005,9 @@ "base16-helix": "base16-helix_7", "base16-vim": "base16-vim_7", "firefox-gnome-theme": "firefox-gnome-theme_7", - "flake-parts": "flake-parts_36", + "flake-parts": "flake-parts_35", "gnome-shell": "gnome-shell_7", - "nixpkgs": "nixpkgs_57", + "nixpkgs": "nixpkgs_56", "nur": "nur_14", "systems": "systems_30", "tinted-foot": "tinted-foot_7", @@ -13815,9 +13037,9 @@ "base16-helix": "base16-helix_8", "base16-vim": "base16-vim_8", "firefox-gnome-theme": "firefox-gnome-theme_8", - "flake-parts": "flake-parts_41", + "flake-parts": "flake-parts_40", "gnome-shell": "gnome-shell_8", - "nixpkgs": "nixpkgs_65", + "nixpkgs": "nixpkgs_64", "nur": "nur_16", "systems": "systems_33", "tinted-foot": "tinted-foot_8", @@ -13842,10 +13064,10 @@ }, "swarsel": { "inputs": { - "devshell": "devshell_5", + "devshell": "devshell_3", "disko": "disko_2", "emacs-overlay": "emacs-overlay_2", - "flake-parts": "flake-parts_7", + "flake-parts": "flake-parts_6", "home-manager": "home-manager_3", "impermanence": "impermanence_2", "lanzaboote": "lanzaboote_2", @@ -13858,7 +13080,7 @@ "nixgl": "nixgl_2", "nixos-generators": "nixos-generators_2", "nixos-hardware": "nixos-hardware_2", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_12", "nixpkgs-dev": "nixpkgs-dev_2", "nixpkgs-kernel": "nixpkgs-kernel_2", "nixpkgs-stable": "nixpkgs-stable_6", @@ -13866,7 +13088,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_2", "nswitch-rcm-nix": "nswitch-rcm-nix_2", "nur": "nur_3", - "pre-commit-hooks": "pre-commit-hooks_5", + "pre-commit-hooks": "pre-commit-hooks_4", "sops-nix": "sops-nix_2", "spicetify-nix": "spicetify-nix_2", "stylix": "stylix_2", @@ -13893,8 +13115,8 @@ }, "swarsel-modules": { "inputs": { - "flake-parts": "flake-parts_42", - "nixpkgs": "nixpkgs_68", + "flake-parts": "flake-parts_41", + "nixpkgs": "nixpkgs_67", "systems": "systems_40" }, "locked": { @@ -13914,8 +13136,8 @@ }, "swarsel-modules_2": { "inputs": { - "flake-parts": "flake-parts_43", - "nixpkgs": "nixpkgs_70", + "flake-parts": "flake-parts_42", + "nixpkgs": "nixpkgs_69", "systems": "systems_44" }, "locked": { @@ -13935,8 +13157,8 @@ }, "swarsel-modules_3": { "inputs": { - "flake-parts": "flake-parts_44", - "nixpkgs": "nixpkgs_72", + "flake-parts": "flake-parts_43", + "nixpkgs": "nixpkgs_71", "systems": "systems_48" }, "locked": { @@ -13956,8 +13178,8 @@ }, "swarsel-modules_4": { "inputs": { - "flake-parts": "flake-parts_45", - "nixpkgs": "nixpkgs_74", + "flake-parts": "flake-parts_44", + "nixpkgs": "nixpkgs_73", "systems": "systems_52" }, "locked": { @@ -13977,8 +13199,8 @@ }, "swarsel-modules_5": { "inputs": { - "flake-parts": "flake-parts_47", - "nixpkgs": "nixpkgs_77", + "flake-parts": "flake-parts_46", + "nixpkgs": "nixpkgs_76", "systems": "systems_57" }, "locked": { @@ -13998,8 +13220,8 @@ }, "swarsel-modules_6": { "inputs": { - "flake-parts": "flake-parts_49", - "nixpkgs": "nixpkgs_80", + "flake-parts": "flake-parts_48", + "nixpkgs": "nixpkgs_79", "systems": "systems_62" }, "locked": { @@ -14019,8 +13241,8 @@ }, "swarsel-nix": { "inputs": { - "flake-parts": "flake-parts_46", - "nixpkgs": "nixpkgs_75", + "flake-parts": "flake-parts_45", + "nixpkgs": "nixpkgs_74", "systems": "systems_53" }, "locked": { @@ -14040,8 +13262,8 @@ }, "swarsel-nix_2": { "inputs": { - "flake-parts": "flake-parts_48", - "nixpkgs": "nixpkgs_78", + "flake-parts": "flake-parts_47", + "nixpkgs": "nixpkgs_77", "systems": "systems_58" }, "locked": { @@ -14061,8 +13283,8 @@ }, "swarsel-nix_3": { "inputs": { - "flake-parts": "flake-parts_50", - "nixpkgs": "nixpkgs_81", + "flake-parts": "flake-parts_49", + "nixpkgs": "nixpkgs_80", "systems": "systems_63" }, "locked": { @@ -14082,10 +13304,10 @@ }, "swarsel_2": { "inputs": { - "devshell": "devshell_7", + "devshell": "devshell_5", "disko": "disko_3", "emacs-overlay": "emacs-overlay_3", - "flake-parts": "flake-parts_12", + "flake-parts": "flake-parts_11", "home-manager": "home-manager_5", "impermanence": "impermanence_3", "lanzaboote": "lanzaboote_3", @@ -14098,7 +13320,7 @@ "nixgl": "nixgl_3", "nixos-generators": "nixos-generators_3", "nixos-hardware": "nixos-hardware_3", - "nixpkgs": "nixpkgs_21", + "nixpkgs": "nixpkgs_20", "nixpkgs-dev": "nixpkgs-dev_3", "nixpkgs-kernel": "nixpkgs-kernel_3", "nixpkgs-stable": "nixpkgs-stable_9", @@ -14106,7 +13328,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_3", "nswitch-rcm-nix": "nswitch-rcm-nix_3", "nur": "nur_5", - "pre-commit-hooks": "pre-commit-hooks_7", + "pre-commit-hooks": "pre-commit-hooks_6", "sops-nix": "sops-nix_3", "spicetify-nix": "spicetify-nix_3", "stylix": "stylix_3", @@ -14133,10 +13355,10 @@ }, "swarsel_3": { "inputs": { - "devshell": "devshell_9", + "devshell": "devshell_7", "disko": "disko_4", "emacs-overlay": "emacs-overlay_4", - "flake-parts": "flake-parts_17", + "flake-parts": "flake-parts_16", "fw-fanctrl": "fw-fanctrl", "home-manager": "home-manager_7", "impermanence": "impermanence_4", @@ -14149,7 +13371,7 @@ "nixgl": "nixgl_4", "nixos-generators": "nixos-generators_4", "nixos-hardware": "nixos-hardware_4", - "nixpkgs": "nixpkgs_29", + "nixpkgs": "nixpkgs_28", "nixpkgs-dev": "nixpkgs-dev_4", "nixpkgs-kernel": "nixpkgs-kernel_4", "nixpkgs-stable": "nixpkgs-stable_12", @@ -14157,7 +13379,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_4", "nswitch-rcm-nix": "nswitch-rcm-nix_4", "nur": "nur_7", - "pre-commit-hooks": "pre-commit-hooks_9", + "pre-commit-hooks": "pre-commit-hooks_8", "sops-nix": "sops-nix_4", "spicetify-nix": "spicetify-nix_4", "stylix": "stylix_4", @@ -14183,10 +13405,10 @@ }, "swarsel_4": { "inputs": { - "devshell": "devshell_11", + "devshell": "devshell_9", "disko": "disko_5", "emacs-overlay": "emacs-overlay_5", - "flake-parts": "flake-parts_22", + "flake-parts": "flake-parts_21", "fw-fanctrl": "fw-fanctrl_2", "home-manager": "home-manager_9", "impermanence": "impermanence_5", @@ -14199,7 +13421,7 @@ "nixgl": "nixgl_5", "nixos-generators": "nixos-generators_5", "nixos-hardware": "nixos-hardware_5", - "nixpkgs": "nixpkgs_37", + "nixpkgs": "nixpkgs_36", "nixpkgs-dev": "nixpkgs-dev_5", "nixpkgs-kernel": "nixpkgs-kernel_5", "nixpkgs-stable": "nixpkgs-stable_15", @@ -14207,7 +13429,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_5", "nswitch-rcm-nix": "nswitch-rcm-nix_5", "nur": "nur_9", - "pre-commit-hooks": "pre-commit-hooks_11", + "pre-commit-hooks": "pre-commit-hooks_10", "sops-nix": "sops-nix_5", "spicetify-nix": "spicetify-nix_5", "stylix": "stylix_5", @@ -14233,10 +13455,10 @@ }, "swarsel_5": { "inputs": { - "devshell": "devshell_13", + "devshell": "devshell_11", "disko": "disko_6", "emacs-overlay": "emacs-overlay_6", - "flake-parts": "flake-parts_27", + "flake-parts": "flake-parts_26", "fw-fanctrl": "fw-fanctrl_3", "home-manager": "home-manager_11", "impermanence": "impermanence_6", @@ -14249,7 +13471,7 @@ "nixgl": "nixgl_6", "nixos-generators": "nixos-generators_6", "nixos-hardware": "nixos-hardware_6", - "nixpkgs": "nixpkgs_45", + "nixpkgs": "nixpkgs_44", "nixpkgs-dev": "nixpkgs-dev_6", "nixpkgs-kernel": "nixpkgs-kernel_6", "nixpkgs-stable": "nixpkgs-stable_18", @@ -14257,7 +13479,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_6", "nswitch-rcm-nix": "nswitch-rcm-nix_6", "nur": "nur_11", - "pre-commit-hooks": "pre-commit-hooks_13", + "pre-commit-hooks": "pre-commit-hooks_12", "sops-nix": "sops-nix_6", "spicetify-nix": "spicetify-nix_6", "stylix": "stylix_6", @@ -14283,10 +13505,10 @@ }, "swarsel_6": { "inputs": { - "devshell": "devshell_15", + "devshell": "devshell_13", "disko": "disko_7", "emacs-overlay": "emacs-overlay_7", - "flake-parts": "flake-parts_32", + "flake-parts": "flake-parts_31", "fw-fanctrl": "fw-fanctrl_4", "home-manager": "home-manager_13", "impermanence": "impermanence_7", @@ -14298,7 +13520,7 @@ "nixgl": "nixgl_7", "nixos-generators": "nixos-generators_7", "nixos-hardware": "nixos-hardware_7", - "nixpkgs": "nixpkgs_53", + "nixpkgs": "nixpkgs_52", "nixpkgs-dev": "nixpkgs-dev_7", "nixpkgs-kernel": "nixpkgs-kernel_7", "nixpkgs-stable": "nixpkgs-stable_20", @@ -14306,7 +13528,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_7", "nswitch-rcm-nix": "nswitch-rcm-nix_7", "nur": "nur_13", - "pre-commit-hooks": "pre-commit-hooks_15", + "pre-commit-hooks": "pre-commit-hooks_14", "sops-nix": "sops-nix_7", "stylix": "stylix_7", "swarsel": "swarsel_7", @@ -14330,10 +13552,10 @@ }, "swarsel_7": { "inputs": { - "devshell": "devshell_17", + "devshell": "devshell_15", "disko": "disko_8", "emacs-overlay": "emacs-overlay_8", - "flake-parts": "flake-parts_37", + "flake-parts": "flake-parts_36", "fw-fanctrl": "fw-fanctrl_5", "home-manager": "home-manager_15", "impermanence": "impermanence_8", @@ -14345,7 +13567,7 @@ "nixgl": "nixgl_8", "nixos-generators": "nixos-generators_8", "nixos-hardware": "nixos-hardware_8", - "nixpkgs": "nixpkgs_61", + "nixpkgs": "nixpkgs_60", "nixpkgs-dev": "nixpkgs-dev_8", "nixpkgs-kernel": "nixpkgs-kernel_8", "nixpkgs-stable": "nixpkgs-stable_22", @@ -14353,7 +13575,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_8", "nswitch-rcm-nix": "nswitch-rcm-nix_8", "nur": "nur_15", - "pre-commit-hooks": "pre-commit-hooks_17", + "pre-commit-hooks": "pre-commit-hooks_16", "sops-nix": "sops-nix_8", "stylix": "stylix_8", "systems": "systems_34", @@ -16069,24 +15291,6 @@ "type": "github" } }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": "nixpkgs_82" - }, - "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "vbc-nix": { "inputs": { "nixpkgs": [ @@ -16489,35 +15693,12 @@ "type": "github" } }, - "yants": { - "inputs": { - "nixpkgs": [ - "nixos-extra-modules", - "nixt", - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667096281, - "narHash": "sha256-wRRec6ze0gJHmGn6m57/zhz/Kdvp9HS4Nl5fkQ+uIuA=", - "owner": "divnix", - "repo": "yants", - "rev": "d18f356ec25cb94dc9c275870c3a7927a10f8c3c", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "yants", - "type": "github" - } - }, "zjstatus": { "inputs": { - "crane": "crane_10", - "flake-utils": "flake-utils_22", - "nixpkgs": "nixpkgs_66", - "rust-overlay": "rust-overlay_10" + "crane": "crane_9", + "flake-utils": "flake-utils_20", + "nixpkgs": "nixpkgs_65", + "rust-overlay": "rust-overlay_9" }, "locked": { "lastModified": 1750957292, @@ -16535,10 +15716,10 @@ }, "zjstatus_2": { "inputs": { - "crane": "crane_11", - "flake-utils": "flake-utils_23", - "nixpkgs": "nixpkgs_67", - "rust-overlay": "rust-overlay_11" + "crane": "crane_10", + "flake-utils": "flake-utils_21", + "nixpkgs": "nixpkgs_66", + "rust-overlay": "rust-overlay_10" }, "locked": { "lastModified": 1750957292, @@ -16556,10 +15737,10 @@ }, "zjstatus_3": { "inputs": { - "crane": "crane_12", - "flake-utils": "flake-utils_24", - "nixpkgs": "nixpkgs_69", - "rust-overlay": "rust-overlay_12" + "crane": "crane_11", + "flake-utils": "flake-utils_22", + "nixpkgs": "nixpkgs_68", + "rust-overlay": "rust-overlay_11" }, "locked": { "lastModified": 1753722377, @@ -16577,10 +15758,10 @@ }, "zjstatus_4": { "inputs": { - "crane": "crane_13", - "flake-utils": "flake-utils_25", - "nixpkgs": "nixpkgs_71", - "rust-overlay": "rust-overlay_13" + "crane": "crane_12", + "flake-utils": "flake-utils_23", + "nixpkgs": "nixpkgs_70", + "rust-overlay": "rust-overlay_12" }, "locked": { "lastModified": 1757256304, @@ -16598,10 +15779,10 @@ }, "zjstatus_5": { "inputs": { - "crane": "crane_14", - "flake-utils": "flake-utils_26", - "nixpkgs": "nixpkgs_73", - "rust-overlay": "rust-overlay_14" + "crane": "crane_13", + "flake-utils": "flake-utils_24", + "nixpkgs": "nixpkgs_72", + "rust-overlay": "rust-overlay_13" }, "locked": { "lastModified": 1757256304, @@ -16619,10 +15800,10 @@ }, "zjstatus_6": { "inputs": { - "crane": "crane_15", - "flake-utils": "flake-utils_27", - "nixpkgs": "nixpkgs_76", - "rust-overlay": "rust-overlay_15" + "crane": "crane_14", + "flake-utils": "flake-utils_25", + "nixpkgs": "nixpkgs_75", + "rust-overlay": "rust-overlay_14" }, "locked": { "lastModified": 1757256304, @@ -16640,10 +15821,10 @@ }, "zjstatus_7": { "inputs": { - "crane": "crane_16", - "flake-utils": "flake-utils_28", - "nixpkgs": "nixpkgs_79", - "rust-overlay": "rust-overlay_16" + "crane": "crane_15", + "flake-utils": "flake-utils_26", + "nixpkgs": "nixpkgs_78", + "rust-overlay": "rust-overlay_15" }, "locked": { "lastModified": 1757256304, @@ -16661,10 +15842,10 @@ }, "zjstatus_8": { "inputs": { - "crane": "crane_17", - "flake-utils": "flake-utils_29", - "nixpkgs": "nixpkgs_83", - "rust-overlay": "rust-overlay_17" + "crane": "crane_16", + "flake-utils": "flake-utils_27", + "nixpkgs": "nixpkgs_81", + "rust-overlay": "rust-overlay_16" }, "locked": { "lastModified": 1761162625, diff --git a/flake.nix b/flake.nix index 363b431..543216f 100644 --- a/flake.nix +++ b/flake.nix @@ -94,15 +94,10 @@ url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-extra-modules = { - url = "github:oddlama/nixos-extra-modules"; - inputs.nixpkgs.follows = "nixpkgs"; - }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = diff --git a/hosts/android/aarch64-linux/magicant/default.nix b/hosts/android/magicant/default.nix similarity index 100% rename from hosts/android/aarch64-linux/magicant/default.nix rename to hosts/android/magicant/default.nix diff --git a/hosts/darwin/x86_64-darwin/machpizza/default.nix b/hosts/darwin/machpizza/default.nix similarity index 100% rename from hosts/darwin/x86_64-darwin/machpizza/default.nix rename to hosts/darwin/machpizza/default.nix diff --git a/hosts/darwin/x86_64-darwin/machpizza/secrets/pii.nix.enc b/hosts/darwin/machpizza/secrets/pii.nix.enc similarity index 100% rename from hosts/darwin/x86_64-darwin/machpizza/secrets/pii.nix.enc rename to hosts/darwin/machpizza/secrets/pii.nix.enc diff --git a/hosts/home/aarch64-linux/treehouse/default.nix b/hosts/home/treehouse/default.nix similarity index 82% rename from hosts/home/aarch64-linux/treehouse/default.nix rename to hosts/home/treehouse/default.nix index 459976e..ca98ce1 100644 --- a/hosts/home/aarch64-linux/treehouse/default.nix +++ b/hosts/home/treehouse/default.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, outputs, ... }: { imports = [ @@ -8,6 +8,12 @@ "${self}/modules/nixos/common/meta.nix" ]; + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; services.xcape = { enable = true; diff --git a/hosts/nixos/x86_64-linux/bakery/default.nix b/hosts/nixos/bakery/default.nix similarity index 100% rename from hosts/nixos/x86_64-linux/bakery/default.nix rename to hosts/nixos/bakery/default.nix diff --git a/hosts/nixos/x86_64-linux/bakery/disk-config.nix b/hosts/nixos/bakery/disk-config.nix similarity index 100% rename from hosts/nixos/x86_64-linux/bakery/disk-config.nix rename to hosts/nixos/bakery/disk-config.nix diff --git a/hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix b/hosts/nixos/bakery/hardware-configuration.nix similarity index 100% rename from hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix rename to hosts/nixos/bakery/hardware-configuration.nix diff --git a/hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc b/hosts/nixos/bakery/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc rename to hosts/nixos/bakery/secrets/pii.nix.enc diff --git a/hosts/nixos/x86_64-linux/hotel/default.nix b/hosts/nixos/chaostheatre/default.nix similarity index 85% rename from hosts/nixos/x86_64-linux/hotel/default.nix rename to hosts/nixos/chaostheatre/default.nix index 7d32053..d202a67 100644 --- a/hosts/nixos/x86_64-linux/hotel/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -25,17 +25,10 @@ in }; networking = { - hostName = "hotel"; + hostName = "chaostheatre"; firewall.enable = true; }; - swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; - }; - swarselsystems = { info = "~SwarselSystems~ demo host"; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -54,7 +47,7 @@ in } // lib.optionalAttrs (!minimal) { swarselprofiles = { - hotel = true; + chaostheatre = true; minimal = true; }; } diff --git a/hosts/nixos/x86_64-linux/hotel/disk-config.nix b/hosts/nixos/chaostheatre/disk-config.nix similarity index 100% rename from hosts/nixos/x86_64-linux/hotel/disk-config.nix rename to hosts/nixos/chaostheatre/disk-config.nix diff --git a/hosts/nixos/x86_64-linux/hotel/hardware-configuration.nix b/hosts/nixos/chaostheatre/hardware-configuration.nix similarity index 100% rename from hosts/nixos/x86_64-linux/hotel/hardware-configuration.nix rename to hosts/nixos/chaostheatre/hardware-configuration.nix diff --git a/hosts/nixos/x86_64-linux/hotel/options-home.nix b/hosts/nixos/chaostheatre/options-home.nix similarity index 100% rename from hosts/nixos/x86_64-linux/hotel/options-home.nix rename to hosts/nixos/chaostheatre/options-home.nix diff --git a/hosts/nixos/x86_64-linux/hotel/options.nix b/hosts/nixos/chaostheatre/options.nix similarity index 100% rename from hosts/nixos/x86_64-linux/hotel/options.nix rename to hosts/nixos/chaostheatre/options.nix diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix new file mode 100644 index 0000000..3dda192 --- /dev/null +++ b/hosts/nixos/milkywell/default.nix @@ -0,0 +1,50 @@ +{ lib, minimal, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + tmp.cleanOnBoot = true; + }; + + networking = { + nftables.enable = lib.mkForce false; + hostName = "milkywell"; + enableIPv6 = true; + domain = "subnet03112148.vcn03112148.oraclevcn.com"; + }; + + topology.self = { + icon = "devices.cloud-server"; + }; + + hardware = { + enableAllFirmware = lib.mkForce false; + }; + + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; + }; + +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; + }; +} diff --git a/hosts/nixos/x86_64-linux/hintbooth/disk-config.nix b/hosts/nixos/milkywell/disk-config.nix similarity index 65% rename from hosts/nixos/x86_64-linux/hintbooth/disk-config.nix rename to hosts/nixos/milkywell/disk-config.nix index a4b5089..4dac343 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/disk-config.nix +++ b/hosts/nixos/milkywell/disk-config.nix @@ -1,4 +1,8 @@ -{ lib, config, ... }: +# NOTE: ... is needed because dikso passes diskoFile +{ lib +, config +, ... +}: let type = "btrfs"; extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite @@ -70,7 +74,7 @@ in mountOptions = [ "defaults" ]; }; }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { + root = { size = "100%"; content = { inherit type subvolumes extraArgs; @@ -82,31 +86,6 @@ in ''; }; }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; }; }; }; diff --git a/hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix b/hosts/nixos/milkywell/hardware-configuration.nix similarity index 57% rename from hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix rename to hosts/nixos/milkywell/hardware-configuration.nix index 21725ec..7e5e589 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix +++ b/hosts/nixos/milkywell/hardware-configuration.nix @@ -1,14 +1,12 @@ -{ config, lib, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, modulesPath, ... }: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; boot = { - initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; @@ -17,8 +15,8 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/nixos/milkywell/secrets/pii.nix.enc b/hosts/nixos/milkywell/secrets/pii.nix.enc new file mode 100644 index 0000000..ee0fd44 --- /dev/null +++ b/hosts/nixos/milkywell/secrets/pii.nix.enc @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:4mDIWJ+WBn4c3US7Gby15hCtYYS6gYR1asm3SafO6/qyPKrcfKN42d2iIZEIPEq5yVj6OKt7ccFjQI2q3p8Dpb+HNYzHeGRcwBXKPL5hbVziP7Ik8pAYib7klUSmMelqOkc0aS1kyRyQzpvQoA6T7vNqEdm8kBR4SRs=,iv:7ZTbZh7TnCnfZ33g88Bsk3TISfhxz3+4cB1KiFucCMM=,tag:QgPChPUmZiB4AhH2xXturA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZWxybEZUcjlIdmtOS3Az\nbGt2czliWHBlUWNsNDA0cTJLeXdFOXE1NHh3CllaWGh1ZEZINDhPMUdCZUQ3Ritj\ncTdpRFRHaFdBa3NPWk40WjVlaTlrQmMKLS0tIEZnYkc3Z2hzZXV1eGlsaktyckVT\nbTIrZ3BvZDNkRGpoZ2ZncVlwZysxMW8KU0vsVA9gG63M1ecqk918QHh7P+MSbKaM\nRv/HVAvCzNcMFwPUC7zF0jN0FpAl7eNGkniUMCzGyXHty4anSDyt1g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-11T13:01:41Z", + "mac": "ENC[AES256_GCM,data:urkp4cEP8fzSvroewVTbVfFK4O03qKnd+Ch3ASJAo1xu++y+fuFFyRcvrY57xU32H+mK2ipSkl2FkeTYB2fNDpXzTIyCWGQPZ4i3doqmFkV1UPjjov8Cc/LY7eRQYj84pF9sFRMdAwtaUL3Kd4Ab45mO1fy7KYAW57zuUeZks/o=,iv:efnEEPHFu2EtRSyob3ozjHz4L1YHJ0AqzLb566pg5ZQ=,tag:VnrO5QFhdQFe9/7aJ9C/qw==,type:str]", + "pgp": [ + { + "created_at": "2025-06-11T12:59:00Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAvlrXaui4wqN1kgpfcZMf53RsJYbZp6//miZzas2xKVW3\nyvtubrrYBrHGPEnUuoHexsN4xiQ0zayOn+eLrbv5+8/jhjL6cxtv894+iHYcgkD7\nDc9M4f57Lf7qF9lGTo1pgPKRf2GbHbHfDgUjz5XcIUD0WAz0PCkGQqutP5daw7wV\nMo+fKm6yOxb+e89rlOUY26/LSy+5WMIoQ03tcWu92UZeVRvtEL2LIDQJ3+gCEBrL\nPI0SU84tIl1At1TkKhJkcZ9axn0vOc+LzhcdZ3K5AkAlvnx6/+KdFiVj7xQNQyfN\nJJs3U1HKDca0R6efTRveEoi5nWew2FPGmRfOD34DorokM46Ol0l1c4gL+2LjvPUj\ntEG3slBFoKYbPuj6GSA2H3U2LcgVbPtZggr7VN7d4bLiqT/PkUa2jjAcsqyb+Twc\ng9nmCiWFvrGR76dpvSdx6oO6O/etMcWT9A4fYMPStXcnT32N4q+qrV/+nFZm4BLp\nWvDYkgVWmiAwYTcwuAHS12yH9ymEQMRanSNyzRqjax+GVN70B5nNU5sn8Ch0ex7Q\n6qJZq1j+i/OtNITvnnCdOxefntM4UZzyeyqvU+rZx40KepyVD2XFWkp+9abev0iL\nVbJK5PmNRRxqLaRWxJu2f/Jb86hy60XjCcsWGxuo67ZReRWOHIuyQB15tr3DdReF\nAgwDC9FRLmchgYQBD/49wGPgfs1G4Y0qcAoqZWbdpbcqCwYEzlRK1DJdjFTtE8LO\n+IpA03seoy7qCAp3v86qg7YwjydA+vCJUk7FRFbLiesKDxS1ZRwZSWHuM/v46rj4\nJoTqOPjuJDzed8dFdl4082PrQ0z+dXjsK/ua6d6eQRw6JEgpTLbv7f6Ru4RyM93h\n3wUodncoqcyZ/Wy7qLKCy10CTaD/RRpVrKt18J0L17Qbevmap6tqRZI11GWBnb+R\nqChAvuBQnhN19+MxgJ9AC20SqUht2pBvUXAhWf9vEGoygWR2kXuxyxK2XYu26zXa\nBb33xNAd2BZ/zr7fDnwjROkhRJ0YWk4GqaUCfo3zmT/OtHUzoyIvi0um7obOPzUk\n6RJw3q3siiUXavvTvgJMhCySwzHLtrPGYzCiHfkQc555yRqoz1XrdZOoQyba288y\niMFVzrIp+jlN+shNfsumGIgtogiYl3yI+Ecib7ozwIXDyOmBfsGUFLZkleGXWoH+\n/ZU3stAVFsSzOVkw656NWgsAEnqP1T7TGBMP1vibDPNZBp9aExA+1XLyVbr7sFJG\nWT9ypYorj7hF3UW1Ep/1fmcYovXICieKPR8sLVdWrPxRXArezfoqMAFhxdw6y87n\nQUrOTy8XOwsERmMOWhcU54NgdU21MDI3/sgh20KznNUU1iIOPQgfeobJ0rR/htJe\nAYaaMHhkJvSkiuXBKJIaz125xQrKvwLpB+OsuezPhT5Qn4MZUEoUa5Ft1GhiDqWM\nSB8o70nlAcw0CFvNlsYRZdVY5FACj81B1H6JH5eNUx6f2FVhcO61kc60LJvzug==\n=zX1v\n-----END PGP MESSAGE-----", + "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/hosts/nixos/aarch64-linux/moonside/default.nix b/hosts/nixos/moonside/default.nix similarity index 90% rename from hosts/nixos/aarch64-linux/moonside/default.nix rename to hosts/nixos/moonside/default.nix index 692c684..323109f 100644 --- a/hosts/nixos/aarch64-linux/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -38,9 +38,12 @@ in }; networking = { + nftables.enable = lib.mkForce false; + hostName = "moonside"; + enableIPv6 = false; domain = "subnet03291956.vcn03291956.oraclevcn.com"; firewall = { - allowedTCPPorts = [ 8384 ]; + allowedTCPPorts = [ 80 443 8384 ]; }; wireguard = { enable = true; @@ -129,7 +132,7 @@ in swarselsystems = { flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; isCrypted = false; @@ -149,12 +152,11 @@ in }; swarselmodules.server = { - oauth2-proxy = true; - croc = true; - microbin = true; - shlink = true; - slink = true; - syncthing = true; - diskEncryption = lib.mkForce false; + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; } diff --git a/hosts/nixos/aarch64-linux/moonside/disk-config.nix b/hosts/nixos/moonside/disk-config.nix similarity index 100% rename from hosts/nixos/aarch64-linux/moonside/disk-config.nix rename to hosts/nixos/moonside/disk-config.nix diff --git a/hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix b/hosts/nixos/moonside/hardware-configuration.nix similarity index 100% rename from hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix rename to hosts/nixos/moonside/hardware-configuration.nix diff --git a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc b/hosts/nixos/moonside/secrets/pii.nix.enc similarity index 60% rename from hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc rename to hosts/nixos/moonside/secrets/pii.nix.enc index 086c4d7..05564b0 100644 --- a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc +++ b/hosts/nixos/moonside/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:RTj0FFJudZusWh2SuAPBHhpYEU20GmWbeZZSCG/vKCz83iUEJxpZ0lSDm71BN1Di7sz+VchcbWxkUjc+SV9paFOtuRKMPynW5n/HTyp/ub3y8oPUN4AjxiRnvfzh8Qxd/vnmxd6lSh2HxMlOqJURN0JY3D3g+tpHyTIvFUWef6HgzLNZCXDnP3HJzbIY53VPj9f+DsdxtFwU5OHkWd8gH2D4XuPPetN0Iv2HaR9+dvlVrbKEXgElgdENkU+ED78TFxvabk1hqPZqXhsfORF/5RpwF15ip5iSlVWPTwMdBREqCsHRiA+u5F9nwJ5C70U1wz39J40CJoa9oihIxyAmN3dktD0JuY0jiqyxwTRFZXYh7Ioe4CksaET0P7LbTa7+BpctgoBqvmnhM3ZDNcSZMNcCbtX98V30UqEPBoTn3kRYvg/1C1SycR96bVW/AiHMiIzD93dNw2gUWdyQX9xtHvgdxLo3U20pJhjMEcsk9V98H6lPiLp3lltrjAX35RsG5R629W8/WVOGoUQn9nX/y6m9VFKoUPf8/M7tvlxDT9A/QBQQvShdA4AM0K8mdNzb85ac5In+43gWDRXWQPPf72e5gL5nPIqPcZvAcoLHsYFH5ebr7VUaUbHm890jQDoNvtezZ1w9nRlZNGVTwdvwWB3rfzorzwCAKLhkFv6ATUYimP0tiHPOz0MxTQKXg12rtyPXbh8bwjhg0kdIlwljAYnYUKiX7SVSeYq7TQksQIiH83JwxCGrL4xjMWZhNkrg3KQUrEMHHaMbNCZvb5M2nMceBo6eA2zi5qYA9sLVnLTrlwx+3Wl7uFBv+9Z+8qvGg3adpGrtJTJjVf+cig01gzao5WrJtT9q4YD1tOHnWfBhwI9/3ny2A0WlyjlY/fS8WUiOmyhl/6N+ukdffzDZQOcTGf1QD0zO+9FYPqYhxr8eGKRHAB0R81Q5y+ORTLwXJ7EhRIK2f45FJisRIsiR+VTsI2cqy7n9HtubY8jQPxLMLnxuUqTu/OjtUMCcbJO8iqYDxWf6NlCZuTaLsQuUPWvO5uUelQpDmN6HhxSGKD9XG4M7/zCuCWNhKWoH0Z9xfw==,iv:Bs1fdmD4jbM/9hiPHxu+yENrVrwFsmhJ5J38W5+4PtM=,tag:UBpHq3ldgdVORaRxuswzVQ==,type:str]", + "data": "ENC[AES256_GCM,data:Wk3OGKwcuY72VLL+SBYXZUqxTQ8SlYroF4H81YDGMUZu6gt6ialXNvAsZSmYyFNh+3p+ejvzqMO5mxbvAI9tKAvbdamtfO4Pi3A+sNvJ9XSLE9iLAdfWeoT2qLqGPgkXI1SGDof+FP5yIb36C8Um9P4hE3zaE+UdJBk0qgzlc1Zlq2Pdg0TGU6wwJQkRhZIDun1wabeqGWjLrBqUa9VPfNB1El63q/1rhP5v3m6tI7dXt0SQArTtbPWkkHHYPehObG6Q5s4Cm2QrWGpbK+R6xe5F+nEv4+dOuSkZgOB2HsOjzenjp/slqoZTCJYnKT5IDkFQaj5G8YftySyNE/OguMW6atCgulSygwaeuFsnjMNxxsHssrTndNe22jpTTrh2Odp9BT7oRiZPPR8zj/Z3hpLYca24X4oSlZLD0PFEExQNir6V7eT0gH6Paj7wz2rYeYKB8focatLNAwug7L6lWxnr/pw8IXCrfx4ZHw7VYn4hf/KF4isrPju6XW0u2wuiIVlJfOUXZXONmJULB6biftgZapveIMy1oHaabyuIIxkKGParhSUfj6/8/qPVftVFYotdlAy9oNRpZ8JG8z8Sf34etu9Fi7uzcZySKU9e8cU43o6kAo+r39RHRDuhUmYP0ocN2bdlTAkhPoFccK2A1Qx+W/+EwQr55mb5NCH95AVh2QX0SwWgD79FV7EYGN7iVEc+duV5YH8Qy37f6ebehQy+mZGFqCZ5s7Cqy7ChypB476qDqh82qp4K5Uv2NwoF7TT9REzjU0cbRseFbC77AgEUNvfHpHvLBTsw5Y4963GefSKltNHxKROboBfLkaGFHNOlQ8sHIY+vd5Y=,iv:g9iNn/sH7CtxcT4SeI8/DFG8BPIIoseYTuprGEQPqJ8=,tag:SuV+seYm30JAMN7QbdDl9g==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-10T23:16:52Z", - "mac": "ENC[AES256_GCM,data:CuwVt8/XKRMUHs1rh7Yf4Bk5tWXqTz0HXUiEEjuLhj1TRuMWs6aTC1h9uTMoybP+FmjKeRTar1E8dgUmoheFUGaBFqxd1Kx/FmNeJVLhUOPgmT9XOIjEjTNnzOoaMsYvfhP+AnLKgx+CfOsLnLMOqdKEggx1t5jNfiI2rXqOdfI=,iv:4Mc3WcgMg3z99dERJk+EF4hPpgGZo4mfMt6X45zgp5I=,tag:MP0YDtR1Wq3088WVzXS+8A==,type:str]", + "lastmodified": "2025-07-08T00:23:59Z", + "mac": "ENC[AES256_GCM,data:Db2w9giZy+TyXp2hpMN1h7ZgBaJ4WiAN2P6IFaoXufOlxT2uwulbzDMYFoUm9jcdFc8zqnYCvttosJIzyjevY5up9gDarzTu+43XFrTxYqPdgRBzzvxSeXmKqDnngAvv/qOWfzt7TG1IzpyytHX/DEPHvPM9dWgut/1K6Eq94Hs=,iv:WoWAAjse1kyn9IGX4kqCl3zvq4kXEMkfTjAi2j5OCFs=,tag:xco/8fudn2kCLnFa8mUIsA==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:12:55Z", @@ -17,6 +17,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.10.2" } } diff --git a/hosts/nixos/x86_64-linux/pyramid/default.nix b/hosts/nixos/pyramid/default.nix similarity index 100% rename from hosts/nixos/x86_64-linux/pyramid/default.nix rename to hosts/nixos/pyramid/default.nix diff --git a/hosts/nixos/x86_64-linux/pyramid/disk-config.nix b/hosts/nixos/pyramid/disk-config.nix similarity index 100% rename from hosts/nixos/x86_64-linux/pyramid/disk-config.nix rename to hosts/nixos/pyramid/disk-config.nix diff --git a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix b/hosts/nixos/pyramid/hardware-configuration.nix similarity index 100% rename from hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix rename to hosts/nixos/pyramid/hardware-configuration.nix diff --git a/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc b/hosts/nixos/pyramid/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc rename to hosts/nixos/pyramid/secrets/pii.nix.enc diff --git a/hosts/nixos/x86_64-linux/toto/default.nix b/hosts/nixos/toto/default.nix similarity index 83% rename from hosts/nixos/x86_64-linux/toto/default.nix rename to hosts/nixos/toto/default.nix index 3d02f5b..9bb9e39 100644 --- a/hosts/nixos/x86_64-linux/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -15,13 +15,6 @@ minimal = lib.mkForce true; }; - swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; - }; - swarselsystems = { info = "~SwarselSystems~ remote install helper"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/hosts/nixos/x86_64-linux/toto/disk-config.nix b/hosts/nixos/toto/disk-config.nix similarity index 100% rename from hosts/nixos/x86_64-linux/toto/disk-config.nix rename to hosts/nixos/toto/disk-config.nix diff --git a/hosts/nixos/x86_64-linux/toto/hardware-configuration.nix b/hosts/nixos/toto/hardware-configuration.nix similarity index 100% rename from hosts/nixos/x86_64-linux/toto/hardware-configuration.nix rename to hosts/nixos/toto/hardware-configuration.nix diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/winters/default.nix similarity index 73% rename from hosts/nixos/x86_64-linux/winters/default.nix rename to hosts/nixos/winters/default.nix index b991df4..98d3bc5 100644 --- a/hosts/nixos/x86_64-linux/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,4 +1,4 @@ -{ lib, minimal, ... }: +{ lib, config, minimal, ... }: { imports = [ @@ -10,29 +10,25 @@ loader.efi.canTouchEfiVariables = true; }; - # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; - # globals.networks.home.hosts.${config.node.name} = { - # ipv4 = config.repo.secrets.local.home-ipv4; - # mac = config.repo.secrets.local.home-mac; - # }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = "winters"; + firewall.enable = true; + enableIPv6 = false; + firewall.allowedTCPPorts = [ 80 443 ]; + }; swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = false; - isCrypted = false; + isSecureBoot = true; + isCrypted = true; isBtrfs = false; isLinux = true; isNixos = true; - server.garage = { - data_dir = [ - { - capacity = "200G"; - path = "/Vault/data/garage/main"; - } - ]; - }; }; } // lib.optionalAttrs (!minimal) { @@ -42,7 +38,6 @@ }; swarselmodules.server = { - diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -72,7 +67,6 @@ # snipeit = lib.mkDefault false; homebox = lib.mkDefault true; opkssh = lib.mkDefault true; - garage = lib.mkDefault false; }; } diff --git a/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix b/hosts/nixos/winters/hardware-configuration.nix similarity index 100% rename from hosts/nixos/x86_64-linux/winters/hardware-configuration.nix rename to hosts/nixos/winters/hardware-configuration.nix diff --git a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc similarity index 58% rename from hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc rename to hosts/nixos/winters/secrets/pii.nix.enc index c7afa8c..053a465 100644 --- a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:umKGtD7jTa+ex3ADPs1zR2o9YU2j3y3zCEupCGOsdJyicM7u0efXDI0g755RdPeNJiB/z1DPy+mAkePPq/m93CCppTq0BYyt0JJw53/j3ghCMJj7N3wUVstMUB01jewDSUc7SLay0lkhMCWbrTKsR1pwnfFRAG8C3rWXQB2EkU9FViCo8VaOfEF6Cq9ev/r+SEepT85wvoMxxIg=,iv:bgJXEoj7nRUsi4fA+bYVYvJYavS+BoDuQt2SCrX/2W8=,tag:lmOjPU0J0Qf/vcnO0owTZg==,type:str]", + "data": "ENC[AES256_GCM,data:i8kqmycc80NLcOirK7D20hxsWWFGNMx5d1SDueaSTmymvTb0rNMFiRoLf44c9Bc5yBySg9zRNCJ8lyc1SZH5YAqIYGN8y4nzOTxyPxT1R+Igtzm49sBdp1dK6MVCW1/xIsjDE/niV19l9LTptN7neCIEuDjB22bSMRhfVOxOiSwd2FKBeH61XACFLAz3AuVC4a+FhqsBkmLOAg7SIG0xdsyi2tjuTOCiMci9eQk8q9XkmLQC3z6vBaIBxPErkIG/fyhNBYt0Hv+37b/TFVbBL9qnGK369Ln9EUm0IarInaq9haxE18DkI5bzlJH5hw4JNjMGFz8av6rOJT5oW52yPor1RBodwUtP6YDQCQsdINIbjmAM9C0HGBY31nyy07fVT+QDcNydjT1fEXLSJTseO5E/MrRCVBioorBpG+5kBBQhRMihGeT8htVGVQpiJC7peARRfSQTUqjNH/esWTPCk0xPOXgApgPIbXBIJFj4RiH2erzN1PKPpuGZfuqbEr63VXCp6t0jttZKDEEjob1ZJMKfiqRubaz+ycg/sxFb1p+l9O21ihW8jM9huiBpVTc+mHU0ENTSstC4uB5LG6HMqV9vmqrKP4OM13vifggpQ6K9VRXebpI/t4tdRETcwWIMo/LRCmhGO4o0+1tNG+ayVDVmY/ORJu/Nrl61TtmUXxGc74Vd1sea+60LuqDHdIEs06thxFLSCVXaxa70gTlQIlVSEJBz9yaAMm7Iw4CSvLbYTXrRg6P/jIZx7rGSyC7I/kFMAPsa2KYxUUkBNd8zSoHyf8paxbgocb3yNcMtHIyNYiOXaLgr56DasJKsXTdjnuic6PLBCd9+U9o9R4wdBw4CGHZ3+3P+LexImkK9InVTm3QD9gyWtgDe66jrQMJxicixtx6hKvP0P0nmjhE6UjhfMMYV2Qu7vx1APhE62KF9y+axIlKju4kYkRhC9BHi2FuZUCFkPiPd/RRWzBTuChnKud9TWTixBtzpBI39/5e3i8f55hcG0XkUT+rMolq/hCObIczq7M2TVrZK4vUGByHXi1Vljk+K2tUZLVGq+Vpa7JUfmyp/qdUBG5FFXBBLUmAA0yjR+XxTtuZ4+M7JdgoYlzXEN8AbyBTEfVps4HJVPfwWMZaXEWqc7fwSVNlkRpIGSkbF8+tzBd0M66FtjbC9hs1P/SwwUr/ZTwJW0D8EXDUOJo2VCGpGtzHZpg5wd7qPTKL20fLVrpdfKIMeBrPtpCkv2YAzSXClAMQqMJ1DtrFr9WNeTAv0ROwkfnGIYwFpDnK3Xy3Z9V1HlZY3K/UYybzb43Dvtl0qWcSmXxKWLK0rqe3r4sWKA/gpOi8UIyCssAv5At0JO2e0yBJv7tXi+WGNZIBEy559EYdnfHty2KZTR5M/PiP5t1PMbuzUkee3voybnAioCZfGsh5Ln04ZihUHbtbxocM4yieaqBd7nryO81b1ZARoZKbASaGMc7y65pgsA1MiNnbtGIZUwlNyg1q3iZxdtkG6qgG2vCY9Z6JNXXl6RoBmbDbCaIzvid8OXvK8z0z4t0BpYQCFVb3/sEAqweUnQffstEFB,iv:+cS1MmSlZWLdRt5Ey31y6WrDAudgjHxsUbfCBUK0/Sg=,tag:byOqNWWPQmlrDWQO1tRRJQ==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-10T01:10:33Z", - "mac": "ENC[AES256_GCM,data:4vPX9TdAGGBwzEc3W6pQj+BVKjp2kSAMB/L3QVXZbDHfvyKFWUOqwG8u8P7XDcuIrrpx65YuJp6zwexpJjg5zkU4favJt+uHD1wWC3TZcCpda6v3hGW3RduQAwVy+18JJ+PdSxHzrC4jmj+t/HIKp6Bt7qB0Z1ynrt/CdGIVxh0=,iv:zQQrl19jK823UynE3EXLgazehpWW5ltRCWKdnElVh5k=,tag:zIIgbyXSw6f6xW2CaVW88g==,type:str]", + "lastmodified": "2025-11-04T09:26:35Z", + "mac": "ENC[AES256_GCM,data:T8GqsMxfFB9s1EOeLHNzxoz23FCOnlNsBsbvMxiLq7a78xt5Xw3dVN/IWfkyiCDwfSjo+fVx2yEd5tP/B3fSN7S8WJNSe5ZywLpal/RlsCzv7ARvbVCaBx22S4az97JsR1qQUcGSvoiTH5e/0t2tBtimGJ1witbvbiGkTBp8taw=,iv:Qs26cjeMLtRhTDO91yfBo93wUKJ9zVfUbJ8o6myHGUo=,tag:FbT8emz6q1QnXdxoX6hsYQ==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/hosts/nixos/x86_64-linux/hintbooth/default.nix b/hosts/nixos/x86_64-linux/hintbooth/default.nix deleted file mode 100644 index dbb6c6b..0000000 --- a/hosts/nixos/x86_64-linux/hintbooth/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, minimal, ... }: -{ - - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - swarselsystems = { - info = "HUNSN RM02, 8GB RAM"; - flakePath = "/root/.dotfiles"; - isImpermanence = true; - isSecureBoot = true; - isCrypted = true; - isBtrfs = true; - isLinux = true; - isNixos = true; - rootDisk = "/dev/sda"; - swapSize = "8G"; - networkKernelModules = [ "igb" ]; - }; - -} // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = true; - router = false; - }; - - swarselmodules = { - server = { - nginx = lib.mkForce false; # we get this from the server profile - }; - }; - -} diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc deleted file mode 100644 index 46aaa21..0000000 --- a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:RwbQZyqU0OjA/wD3o0HppPWFjfHNAHsGF8DzdJrXZLlE5RPUigHWtMLcX+2bNd0DpS3r7WHCSyiu+mmg6GWFiE6wAOBU1Q19BpQ8k3oTt8sP3N4/5PfzYcXlHRfwxmB9/pv8YCi5+cOU5ExWiQ+kC767UbgPIC2ugUD6tkP14KkhW0EGgEhF3elBfOGrSHGgjltgIFMYm/WKZjM=,iv:EBpghMcCGd/wow68V3zoDfzwywDGwmlqn3btNHrfxbk=,tag:jvSZyRIQ7BmQdKc6YEBIZQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VHAxaWdiV1VlWEY2UktF\ncE96UHJnWGNpY0ZFUmZVSi9xSXpBMmI2S1VFCjB6cWtDTTJrNFhZRC9yUHRYdUpS\naytwOUJ4NTRxTmJmc0R0Wmh5dFVKbzQKLS0tIHQ2NUtqRjh6MVF6VHJFSHVFTFFD\nNWh0MDVjekFDUWZvTUZNK0Z4M0lJbVEKGZk1BvZsNTkIor5rTcpi2UE4W/BqNMWU\nIAe3irNN6p1si2zebrCEyiaJYuaVn7uYVwXcscJlNTfkr9szm8TjSA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-11-10T01:10:14Z", - "mac": "ENC[AES256_GCM,data:NSUKiOFGZyTb9U6e8cJoOJPAMfnk5iuw7pLK0JJzdwf4pI1aMSqjSDylQ5EqqbdFKZKRmaIjjHSpcJep6q0TRFA6wOznHWyv/UCECGwqZrS3EXgcQF5lZl7NVXPPSsMZgPReEVQcMtMivatPrfksEeCaam4WC/M+dqd2d2RrOXI=,iv:KnBNepDoaQeQ9MSrSN6dkrbS6YqkMYMpmXFd5v+oWoI=,tag:vPhsazyi8d3ugGoW8Z1Asg==,type:str]", - "pgp": [ - { - "created_at": "2025-11-11T17:51:27Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cwoYXkjChyIyDP0dmqquRMAv7AsLz2IVVKcdGzqKWR/z\nx7owbhfGFaNCU/x8TWs3mUFBNnLIUQmuSWUuI30VMmFVjXQ9sybCZUCk5oFLD53+\nVPPb/KsAO06it8T0NxAlsXqe7n9fz1P16mFpMx8N1yb5s+GYG/C3UGATwJTJQn8+\nwob0NHfN/6qsZP5PzMgKlUiqc3YF+eB71KTHNDmT3l5sGsoNi0erZwNZc4VA0zn8\nPsFYodW9Mya1XUanJvrYKo9eRfrlpaUKGzn6GVlMJsZU0gNpKZepMubbev3+B1GR\nn6V+ViYWd8U9UTatuHy+aRcwEZfpXq7uKTTTdihECjNkHYSfXmUF9mjq6u5U0Lck\nykhElFADx+YEBJuavQabvYGu8fJx9DfJseNVwIv0M6hqLdg2CNMUQ1l1Q9weizeZ\nxLjme1LTlCUinJGN07CE0J9qP8syWRJYD9seP9Qc/b1IY2D8dGdgOTzO8Fx8vI+M\nOV+Q3T0Chn/f0lw2Xzu40MphB3eamt5cq0JeLQuwQHjUml0rGpi7bIj8PxeAgMkX\nXFzSokYTHGRJz2UblLnITfMaVYcu9HYHXxXIsZliaRBs2AlscyCCSQFjnEAEywlo\n9kvh49sjWztb0yGqHRAxdmJ+Sm5fCqP0huaTMXkC3zy4h0oeJte36Us0VxKk1HqF\nAgwDC9FRLmchgYQBD/oCYXtBTr276kjOMWs3WqDYMLUDbWM8d6b86HYgYvtwQy0z\nXgASNtWQsMMyIEiReSqv2H9jtTTqbUK93ALW2X7GmEvUIvmW64g1AfHKhmPw//Li\nKMxtK6sFVS/WSEYoaZarkZDwOpNx3+BnriQEHiMi21vWxCqluZFSDdls0ca2oXvF\nK9GpBUD8v5+l2EWhq5+4nxHKrDx0g+mjtZPJPRsJ1u0tisdkhRXauOvRHEymZ3mX\nRTee3FNR1t6YpXY811lX9yemXkdsSB4pzKWNQgk6U7WDkGcVaGNw0R8pS7F3YnRE\nFSJhKnhb9Bd6CX/zEV+IwEgY1yPfiEMX0bvIrcEJYgUg618YQbQPushxVk10+c66\nZJ+99g06tdyt+u8E9GpoujnoRjRWsEqElkZntd66fPuDm99qx+RHlF/1Likp/nPL\n4oIknDJu8wwoIBCtoQcWyaiNCa0Fo/HR6txyOt6tTqpwhnDGJP9UfYlKWt07CFar\nQLgZfJbHhetjXoRHMAs+WargN8KV7QGMGbQdPE+VwlZI4bKRSipH+rdDn+v50FQG\ndvFd7WRnWmTaG2W3cOLFH4pWc2MPnnxj0IHDI3U9olcCyuWAF12yC1HYuFuWeG+K\nokxmS1T1E0jIP9u8NTJBmLdjC+6U5y1ZvSZlIWB12OzBEpP7jl8uOVbD/AR4GtJe\nAf4EdsxTBocS50aRxxAOq5t3kaoTu36n1dbGDfb8k10bsBiQb6zJ+xtNQgWxNEeO\nb6YGIyglD06Wmm6C5LOyQ46KIzuFXB8irMJexApopLwIZ+jCnn0Nb1mO6DXHUw==\n=kTmR\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix deleted file mode 100644 index ebc92ff..0000000 --- a/hosts/nixos/x86_64-linux/summers/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ inputs, lib, config, minimal, nodes, globals, ... }: -{ - - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - swarselsystems = { - info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; - flakePath = "/root/.dotfiles"; - isImpermanence = true; - isSecureBoot = true; - isCrypted = true; - isBtrfs = true; - isLinux = true; - isNixos = true; - withMicroVMs = false; - }; - -} // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = true; - }; - - swarselmodules = { - optional = { - microvmHost = true; - }; - server = { - diskEncryption = lib.mkForce false; # TODO: disable - nfs = false; - nginx = false; - kavita = false; - restic = false; - jellyfin = false; - navidrome = false; - spotifyd = false; - mpd = false; - postgresql = false; - matrix = false; - nextcloud = false; - immich = false; - paperless = false; - transmission = false; - syncthing = false; - grafana = false; - emacs = false; - freshrss = false; - jenkins = false; - kanidm = false; - firefly-iii = false; - koillection = false; - radicale = false; - atuin = false; - forgejo = false; - ankisync = false; - homebox = false; - opkssh = false; - garage = false; - }; - }; - - microvm.vms = - let - mkMicrovm = guestName: { - ${guestName} = { - backend = "microvm"; - autostart = true; - modules = [ - ./guests/${guestName}.nix - { - node.secretsDir = ./secrets/${guestName}; - } - ]; - microvm = { - system = "x86_64-linux"; - # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; - # interfaces.vlan-services = { }; - }; - specialArgs = { - inherit (config) nodes globals; - inherit lib; - inherit inputs minimal; - }; - }; - }; - in - lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) ( - { } - // mkMicrovm "guest1" - ); - -} diff --git a/hosts/nixos/x86_64-linux/summers/disk-config.nix b/hosts/nixos/x86_64-linux/summers/disk-config.nix deleted file mode 100644 index a4b5089..0000000 --- a/hosts/nixos/x86_64-linux/summers/disk-config.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ lib, config, ... }: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix b/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix deleted file mode 100644 index a08c95c..0000000 --- a/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, minimal, ... }: -{ - - swarselsystems = { - info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; - }; - -} // lib.optionalAttrs (!minimal) { - - swarselprofiles = { - server = false; - }; - - swarselmodules = { - optional = { - microvmGuest = false; - }; - }; - - microvm = { - mem = 1024 * 4; - vcpu = 2; - }; - -} diff --git a/hosts/nixos/x86_64-linux/summers/hardware-configuration.nix b/hosts/nixos/x86_64-linux/summers/hardware-configuration.nix deleted file mode 100644 index bef7987..0000000 --- a/hosts/nixos/x86_64-linux/summers/hardware-configuration.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - - supportedFilesystems = [ "zfs" ]; - zfs.extraPools = [ "Vault" ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc deleted file mode 100644 index 8605563..0000000 --- a/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc +++ /dev/null @@ -1,15 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:pGWiWA==,iv:sVpYJiphhvVPEo2MUMnpjlJmvf58/UJTTVVdU9dpqzM=,tag:2AsQRCyN9Pc/hnqviCo43g==,type:str]", - "sops": { - "lastmodified": "2025-11-06T12:11:19Z", - "mac": "ENC[AES256_GCM,data:NBAgy3MNd+p8Ih6v/JuxuMWgh0k9xj5Trg7mggBE/LrxfCZg+BpbhYcmAw/FW9Du5gq3Pcynnql3dqwKlzHEtkEOcI1MJSnBSWexgLxwEtRwbTJVOqEkCxby6dcQ4HWD1ZZnwa9Q7Cg1vcPD/yZuzVUH15mFHic7s5M5Xzdfu/w=,iv:tv8CFuXJ0iqh/Vho7vSoOpfhcGfCElMLWNvjxoE3fMg=,tag:pGP3CjKFFm0UuVgSCnn4RA==,type:str]", - "pgp": [ - { - "created_at": "2025-11-06T12:11:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwZd6dmNcZqOWY7Ro6DXCRAD2LJuzR0AA26cRRzPgTPcw\nOwvV+Nh3hBWcZb5qkjKysZKGlIxzs4f02dKI172vUyIWQ6P5skygOOOpbr9g5171\nY0XTrmemesSKNfoUhsMFMCbFUc4HUxkUK7zadLk1AiBUqZMIFtx/riFMUBS2qTpR\nuLWiebt1Dw+rwcR8rBNxXPbeclm7322YOQDLUk4sHfi0vTvn+3sfGkbJ+OcJckoD\ndjVhWFqGUAbbELoR8yHpb+Ps6RYjKRNFNros9Yx9zQ18512gxOpRSzm0MTkKFyrz\n1UYVcv4Oz4W/e4nh1z2/re5X3l/HFUzwBG6AUTrYVuRo580kkZvWYFxHT6R+goVC\n5dhkqZpowrGpDIE/C7hKLenFIcOl1Nw5wgJ4Y9EmfZzorUnjJqT1Et2b2GU0hxvY\nKny+fiDeCfNdLzJejSNNg1/whoVmHbw3Q2aBJP0NL3nmNvaykO8RSA8WmzvQa+MA\nXweflh5G9lXOdH2vwb6EelOXpxlTjI7K/43Nbw/SXf/e1FKYK5l6TscyGEcHpFux\ns4ufYkCqTgxdKZjKwh0vqbdmbPUOCe/jqBOz6s/L/sR1/+8c2iIs0JVZd1VJSvDu\nIdfDfQh4wmso8L0qpjWimmkf0Y9itLWZo/oyioIqjVQ9+Daj2mvMkbKcSa486b2F\nAgwDC9FRLmchgYQBD/9lVmkHkPz5pbJV5U0nL3h/xx0JSyt6YYtLDacW8fw135GT\nojHijHvJAd1MqbNv391LcsZ1jtnUawNf6GAkr649lRuEH/WhNitXq20Z/06v5lwt\nGDhPMMf5uh+Uwgjxbeg/PFeTKILS2VX0tjJ8yeos2jNMOrmmwIg74V6mJk03E85K\nId06e2qNjzWlESyWOCFkfLQfSOTajQWmGyil8vNglmjuZdzLSE8eL6nA0hePnfJW\nOwewWcXEzHeeJsaevKFBBDpimAqi3XbKasQbZNSSFlkmw0vzAWKw5mzcdTMseae1\nLafjem7uw2epr4HIhwCZ47pCFrKcbweZMuUY557SomIGmv93OvglnZC40AYkJuNU\nIAVwNc8W/pd+jyiHh6tMlXfQ5/n25AcylDcacxxalNcKI0emNC90TsFc6wDpLh5D\n+R6kJ7GK8tI5BwIwtGIQmFsRREKE1x+IYATtKwQskb0Rng/D6eqNEvs8pjD1nGO3\nfNTG9G8PgC07TXSKGcNGytZy/GNSW9mnFgDgoiqh29bgfoJfSTWWvwZlzFXdWm0c\nzOiV5JSDRLewaqzhsQ/etms7qJIccRD7WcvM82x7UF0VYGd92EVsZxsq2aSVlMob\nCsxNXxij3qqNHdFgUuYYDzFym3/zmmi2wltPOZl7qYMhZI9P6wCsvDpxlFv16tJc\nAaBkBf1oOnjDvJm5i62KCEcRUmphKOB6Odr9/VHkAtgjPdWCOyge7ktbcwgsPw8L\ndemiSrNAglDX9RnPST5ggShZWn1Ik2mFfocCapvGBi5Hj9I/4xG/oIKREYc=\n=Ty0h\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "version": "3.11.0" - } -} diff --git a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc deleted file mode 100644 index 0c94b81..0000000 --- a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:dwoz+/DxlUbk05hmg/EwtmUkuD759sQ4iVbjHqcPpY9y2l/gzuPSJT2CMI2GbZs5SKhtlqoqZ5jHG3LwcQjgulmYHB2ThJR4ALi7usJm08q0UfMirnm6mPxjnhdhJXdO6YQ4LaRyP81txSphrl28eJwp2efz3rkUp8nAA3keL6MLZsBkdOXujOJhpreTr1mprWTA6U8aRWFBW7Y1vWvxAH3dtQ03XhYXM88pY6k+HKMvcXSsiDhvwnxG/+UYvSIHcanmboCJDYbgXZECnIGsar7ZOmbsZ3GM6X37qPJpxNmUjc4OoRaJJCcn6saH8kOJkx2rxMyzgMryuGdBq4R/m2JsvDoCPDh+gKO+luCI+hH/iduxnDgYjZAQ2gv3Q14MGNe9nvPWVfiRXXzqRf/8vDXjpnD2FFKmMSqiCvPJHRL52uwO3R2zYUrUfQgDN0Jk6nII8B64l+l69Q8Mod1J5nEMwoUOihhOsjaz6TMIUo6b0GKvxZG04Noyd7S+KuxZe1BsrxSnn7REt6qyQKqAHnMYVXpBmOxOpzhAhOrBIOz6LuqHPzmooQukuBDH/Ej2rC5hLBAFW7mvHIcTqo9sJFbnT3lYYtwLSlHBE3R26vud9pG8K2SuVdy2MWJMpLscR48V9r3nAbWsXKXLZALW38z33/UMfzTJ4g4L7Eo/4E5RXlihyL5/p8ISsoQdf6Uj718pVPTToBRBbIEMOSoJ4ntPoVxQbcpdrGO9zrqqPeZWQSE1JM8anGeZVqeMEVmZJxIbfquX8eMKJrkTroa/9HysuIi0O311F/kntoCtDOYCd3mYPcT8UnZHW3wuG7lqYRd15i/eaMhj3z1eTWoZ40R8w+2TaQB+TjyoLoGGzHvyktI5UkYiaMwa2FoFz40tz5YdZ8aODLQhwJc1mv3Fm0VLudXm7NUcfc4tr35EKbDg1wKtUS13VMSHjbi8ANbTB3nBvpBsPKtD12BTqaP4Q0HJipdnDbcwas/MoG27rFO5+q8+cb82IgjSpCeekrIgUY1wsnOyR3j3ByITp8jfmCRMF1vjKifKr0pgREF1dW59VQ33TvUyjfveQV0ixeV+vM9QueQsUVFzeqYTagsPSM/Czx/UNo8hyG1ze0p+acoOb257Q/Um8nkj3iNPAzx3WN6IdjJkpN1Ldp1SvU5qd3o3DDcSw2ztz8usBkH91BrBaV9MYGH/FSM/HL2CfTZoZodP1VqKFi1Hl3pHHyPEagvoJp1ayUZqmymKu4x1wFxC5FMUXjWUwWZZx1PIOwOtf8pLqVd6FySJlwG/MA4Bfxcnc+eSZ1EYcuHU3ziGbtGiB0eqWXA0fhUwIHHUFnV7H8NoRaJnbDS+kviFdTQKvoF3OmymEwhaq/Oak0ZQk8NLHC7KTQ6xVCb7bBtLpkBdXFE3YB5ltXvEYvSL02qX9i6oBf8GRi4Tl+k6zca6QVJzHG4hU8Nh3cxXBmF2IIY4JiKy0YlsVXCg7OHEWMEl4qT09dAsrDcKQC205YRF7XO8AXimENFQM2Nr/moadk2SF3D2DuJEE2HnSBk4H2tVlMNns32MpTFBZwbf3JOIHJV9CFyVSjhjuNjVjMK4vVdpnEzhmnaKjDqMnuRGNZmrl6p8gKM26KlWcYpIclQkPxy1pY1iFINxGH4YEGdAztpx1YhBkQNkQT492InrPA/PE5XFStP4WsKsLW72lhSVgH8D27S76yGihXyaVXXfd0VF5Fx/gUnbd7fph4Vi1VtFonhfK+ctHg==,iv:aQoC+pr7OoTyTT0FE4MbENfzfJ0Beq1Lsz9G1jnFQPs=,tag:JuYmfDP2foCVDH8CwfL4fQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-11-10T01:10:47Z", - "mac": "ENC[AES256_GCM,data:2gKEGIYctY7g7mL7lay1T7XmxGdsRzz/dIC1p98zDTnIoBrq5mf5CV/FjAGi5jDsmEMoCSUTWFaT/0Wq3nmRC+OyjL3/Hsit+HJDBVbyf/mY+zs2UQd3KVYoxmpDeAJ1E9s8ygxEu5lJGzacWbJ9BggKUUnywXYfNg0fS7ntjUw=,iv:5xedOuJ3VFm4pEjXyVBM9Iwe5pK1dYP4nTRkk7exrvo=,tag:sEVygcLMqkI9CWQDjoaEqQ==,type:str]", - "pgp": [ - { - "created_at": "2025-08-24T23:36:17Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/index.html b/index.html index 73a386f..6583879 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configurationo @@ -209,8 +209,8 @@
  • 1.4. Hosts
  • 1.5. Programs
  • 1.6. Services
    • -
  • 1.7. Manual steps when setting up a new machine
    • -
  • 1.8. Current issues
    • +
  • 1.7. Manual steps when setting up a new machine
    • +
  • 1.8. Current issues
  • 2. flake.nix @@ -263,45 +263,33 @@
  • 3.1.2.2.3. disko
    • -
  • 3.1.2.3. Winters (Server: ASRock J4105-ITX) +
  • 3.1.2.3. Winters (Server)
    • -
  • 3.1.2.4. Summers (Server: ASUS Z10PA-D8) - -
    • -
  • 3.1.2.5. Hintbooth (Router: HUNSN RM02) - -
    • -
  • 3.1.2.6. machpizza (MacBook Pro)
    • -
  • 3.1.2.7. Magicant (Phone)
    • -
  • 3.1.2.8. Treehouse (DGX Spark)
    • +
  • 3.1.2.4. machpizza (MacBook Pro)
    • +
  • 3.1.2.5. Magicant (Phone)
    • +
  • 3.1.2.6. Treehouse (DGX Spark)
  • 3.1.3. Virtual hosts
  • 3.1.4. Utility hosts @@ -313,7 +301,7 @@
  • 3.1.4.2. TODO Drugstore (ISO installer config)
    • -
  • 3.1.4.3. Hotel (Demo Physical/VM) +
  • 3.1.4.3. ChaosTheatre (Demo Physical/VM)
  • 3.2.4. Darwin @@ -462,15 +445,15 @@
  • 3.2.5.8. Hibernation
  • 3.2.5.9. BTRFS
  • 3.2.5.10. work
    • -
  • 3.2.5.11. microvm-host
    • -
  • 3.2.5.12. microvm-guest
    • +
  • 3.2.5.11. microvm-host
    • +
  • 3.2.5.12. microvm-guest
  • 3.3. Home-manager
  • 3.3.3. Server @@ -574,81 +550,73 @@
  • 4.4.2. Nix Mode
    • @@ -769,7 +735,7 @@
  • 4.4.5. Ansible
  • 4.4.6. Dockerfile
  • 4.4.7. Terraform Mode
    • -
  • 4.4.8. nix formatting
    • +
  • 4.4.8. nixpkgs-fmt
  • 4.4.9. shfmt
  • 4.4.10. Markdown Mode @@ -1187,21 +1153,16 @@ Here I give a brief overview over the hostmachines that I am using. This is held 
    | Name               | Hardware                                            | Use                                                  |
 |--------------------|-----------------------------------------------------|------------------------------------------------------|
 |πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
-|πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
-|πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
-|🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
-|πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
-|πŸ–₯️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
-|πŸ–₯️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
-|☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
-|☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
-|☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
-|☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
-|☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
+|πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
+|πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
+|πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
+|πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+|πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
 |πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
 |πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
 |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
 |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
+|🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
    @@ -1258,20 +1219,12 @@ Here I give a brief overview over the hostmachines that I am using. This is held -
    -

    1.7. Manual steps when setting up a new machine

    +
    +

    1.7. Manual steps when setting up a new machine

    These steps are required when setting up a normal NixOS host:
 
-- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`):
-  - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`
-
-If the new machine is a work machine, these steps are additionally needed:
-
-- setup the work VPN:
-  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
-  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
 - setup gpgsm for signing of mails using S/MIME:
   - `gpgsm --import ~/Certificates/<certname>.p12`
   - `gpgsm --import ~/Certificates/harica-root.pem`
@@ -1281,9 +1234,18 @@ If the new machine is a work machine, these steps are additionally needed:
 - setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`):
   - `pizauth auth <account name, e.g. 'work'>`
   - `pizauth dump > ~/.pizauth.state`
+- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`):
+  - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`
+
+If the new machine is a work machine, these steps are additionally needed:
+
+- setup the work VPN:
+  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
+  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
 
 If the new machine is home-manager only, perform these steps:
 
+
 - (Optional) Install openssh-server
 - Set hostname to the name specified in the home-manager configuration
 - Install nix, either:
@@ -1296,47 +1258,13 @@ If the new machine is home-manager only, perform these steps:
   1) Clone dotfile repo & change into it
   2) `nix --extra-experimental-features 'nix-command flakes' develop`
   3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
+
    - -These steps are required when setting up a normal NixOS host: - -- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): - - `systemd-cryptenroll --fido2-device=auto /dev/` - -If the new machine is a work machine, these steps are additionally needed: - -- setup the work VPN: - - using the laptop certificate `.pem` as User cert and private key (CA cert: none) - - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway` -- setup gpgsm for signing of mails using S/MIME: - - `gpgsm --import ~/Certificates/.p12` - - `gpgsm --import ~/Certificates/harica-root.pem` - - `gpgsm --import ~/Certificates/harica-intermediate.pem` - - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` - - trust the certificate and set passphrase -- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - - `pizauth auth ` - - `pizauth dump > ~/.pizauth.state` - -If the new machine is home-manager only, perform these steps: - -- (Optional) Install openssh-server -- Set hostname to the name specified in the home-manager configuration -- Install nix, either: - - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` - - (or installing nix freshly): - - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install - - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` -- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` -- For the first build: - 1) Clone dotfile repo & change into it - 2) `nix --extra-experimental-features 'nix-command flakes' develop` - 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
    -
    -

    1.8. Current issues

    +
    +

    1.8. Current issues

    Currently, these adaptions are made to the configuration to account for bugs in upstream repos:
@@ -1361,27 +1289,6 @@ If the new machine is home-manager only, perform these steps:
       - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    - -Currently, these adaptions are made to the configuration to account for bugs in upstream repos: - -- 202501102: - - flake: - - emacs-overlay: - - : version pinned because emacsclient is currently broken on latest - - niri-flake: - - currently not using the sugared version of screenshot-[,window], as it is currently broken - - home-manager: - - emacs-tramp: - - using stable version in extraPackages (broken in unstable) - - :ensure nil in emacs tramp settings to use package in extraPackages - - emacs-calfwL - - pinned to version not in nixpkgs (is in latest emacs-overlay, but that is broken) - - vesktop: - - running stable version (broken in unstable) - - batgrep: - - running stable version (broken in unstable) - - swayosd: - - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    @@ -1529,8 +1436,8 @@ This provides devshell support for flake-parts
    • swarsel-modules.url = "github:Swarsel/swarsel-modules/main"; swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; home-manager = { - # url = "github:nix-community/home-manager"; - url = "github:Swarsel/home-manager/main"; + url = "github:nix-community/home-manager"; + # url = "github:Swarsel/home-manager/main"; inputs.nixpkgs.follows = "nixpkgs"; }; swarsel.url = "github:Swarsel/.dotfiles"; @@ -1602,15 +1509,10 @@ This provides devshell support for flake-parts url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-extra-modules = { - url = "github:oddlama/nixos-extra-modules"; - inputs.nixpkgs.follows = "nixpkgs"; - }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = @@ -1663,7 +1565,7 @@ a separate repo containing my secrets

    -As for the second approach, I actually used this up to some point (see for example 7e11641: feat: add initial oauth2-proxy and freshrss oidc as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration (Hotel (Demo Physical/VM)) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by this blog article and large parts of it are adapted from oddlama's nix-config. +As for the second approach, I actually used this up to some point (see for example 7e11641: feat: add initial oauth2-proxy and freshrss oidc as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration (ChaosTheatre (Demo Physical/VM)) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by this blog article and large parts of it are adapted from oddlama's nix-config.

    @@ -1815,22 +1717,6 @@ let inherit (inputs.nixpkgs) lib; in rec { - cidrToSubnetMask = cidr: - let - prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); - bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; - octets = lib.genList - (i: - let - octetBits = lib.sublist (i * 8) 8 bits; - octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; - in - octetValue - ) 4; - subnetMask = lib.concatStringsSep "." (map toString octets); - in - subnetMask; - mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) @@ -1882,9 +1768,6 @@ in inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); - - swarselsystemsLib = swarselsystems; - homeLib = self.outputs.lib; }; } @@ -1907,39 +1790,14 @@ More information on the actual packages build can be found in -
    { self, inputs, ... }:
+
    { self, ... }:
 {
-  imports = [
-    (
-      { lib, flake-parts-lib, ... }:
-      flake-parts-lib.mkTransposedPerSystemModule {
-        name = "pkgs";
-        file = ./packages.nix;
-        option = lib.mkOption {
-          type = lib.types.unspecified;
-        };
-      }
-    )
-  ];
   flake = _:
     let
       inherit (self.outputs) lib;
     in
     {
-      packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; });
-    };
-
-  perSystem = { pkgs, system, ... }:
-    {
-      # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters
-      _module.args.pkgs = import inputs.nixpkgs {
-        inherit system;
-        config.allowUnfree = true;
-        overlays = [
-          self.overlays.default
-        ];
-      };
-      inherit pkgs;
+      packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; });
     };
 }
 
    
@@ -1969,7 +1827,7 @@ Lastly, in order make this actually available to my configurations, i use the 
 
    # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix
-{ self, inputs, ... }:
+{ inputs, ... }:
 {
   flake = { config, lib, ... }:
     {
@@ -1978,8 +1836,7 @@ Lastly, in order make this actually available to my configurations, i use the 
@@ -2299,11 +2115,11 @@ Another note concerning flake-parts:
               (mkConnection "milkywell" "wan")
               (mkConnection "magicant" "wifi")
               (mkConnection "toto" "bootstrapper")
-              (mkConnection "hotel" "demo host")
+              (mkConnection "chaostheatre" "demo host")
             ];
           };
 
-          hotel.interfaces."demo host" = { };
+          chaostheatre.interfaces."demo host" = { };
           toto.interfaces."bootstrapper" = { };
           milkywell.interfaces.wan = { };
           moonside.interfaces.wan = { };
@@ -2481,7 +2297,7 @@ Lastly, in the perSystem attribute set, we see that it is actually
     inputs.pre-commit-hooks.flakeModule
   ];
 
-  perSystem = { pkgs, config, system, ... }:
+  perSystem = { pkgs, system, ... }:
     {
       pre-commit = {
         check.enable = true;
@@ -2503,7 +2319,6 @@ Lastly, in the perSystem attribute set, we see that it is actually
             nixpkgs-fmt.enable = true;
             statix.enable = true;
             trim-trailing-whitespace.enable = true;
-            treefmt.enable = true;
 
             destroyed-symlinks = {
               enable = true;
@@ -2523,142 +2338,110 @@ Lastly, in the perSystem attribute set, we see that it is actually
         };
       };
 
-      devshells = {
-        deploy =
-          let
-            nix-version = "2_28";
-          in {
-          packages = [
-            (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}")
-            pkgs.git
-            pkgs.just
-            pkgs.age
-            pkgs.ssh-to-age
-            pkgs.sops
-          ];
+      devshells.default = let
+        nix-version = "2_30";
+      in {
+        packages = [
+          (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
+          pkgs.git
+          pkgs.just
+          pkgs.age
+          pkgs.ssh-to-age
+          pkgs.sops
+          pkgs.nixpkgs-fmt
+          self.packages.${system}.swarsel-build
+          self.packages.${system}.swarsel-deploy
+          (pkgs.symlinkJoin {
+            name = "home-manager";
+            buildInputs = [ pkgs.makeWrapper ];
+            paths = [ pkgs.home-manager ];
+            postBuild = ''
+              wrapProgram $out/bin/home-manager \
+              --append-flags '--flake .#$(hostname)'
+              '';
+          })
+        ];
 
-          env =
-            [
-              {
-                name = "NIX_CONFIG";
-                value = ''
-                  plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: {
-                    buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost];
-                    patches = (o.patches or []) ++ [./nix-plugins.patch];
-                  })}/lib/nix/plugins
-                  extra-builtins-file = ${self + /nix/extra-builtins.nix}
-                '';
-              }
-            ];
-        };
-        default =
-          let
-            nix-version = "2_30";
-          in
+        commands = [
           {
-            packages = [
-              (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
-              pkgs.git
-              pkgs.just
-              pkgs.age
-              pkgs.ssh-to-age
-              pkgs.sops
-              pkgs.nixpkgs-fmt
-              self.packages.${system}.swarsel-build
-              self.packages.${system}.swarsel-deploy
-              (pkgs.symlinkJoin {
-                name = "home-manager";
-                buildInputs = [ pkgs.makeWrapper ];
-                paths = [ pkgs.home-manager ];
-                postBuild = ''
-                  wrapProgram $out/bin/home-manager \
-                  --append-flags '--flake .#$(hostname)'
-                '';
-              })
-            ];
+            package = pkgs.statix;
+            help = "Lint flake";
+          }
+          {
+            package = pkgs.deadnix;
+            help = "Check flake for dead code";
+          }
+          {
+            package = pkgs.nix-tree;
+            help = "Interactively browse dependency graphs of Nix derivations";
+          }
+          {
+            package = pkgs.nvd;
+            help = "Diff two nix toplevels and show which packages were upgraded";
+          }
+          {
+            package = pkgs.nix-diff;
+            help = "Explain why two Nix derivations differ";
+          }
+          {
+            package = pkgs.nix-output-monitor;
+            help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
+            name = "nom \"$@\"";
+          }
+          {
+            name = "hm";
+            help = "Manage home-manager config";
+            command = "home-manager \"$@\"";
+          }
+          {
+            name = "fmt";
+            help = "Format flake";
+            command = "nixpkgs-fmt --check \"$FLAKE\"";
+          }
+          {
+            name = "sd";
+            help = "Build and deploy this nix config to nodes";
+            command = "swarsel-deploy \"$@\"";
+          }
+          {
+            name = "sl";
+            help = "Build and deploy a config to nodes";
+            command = "swarsel-deploy \${1} switch";
+          }
+          {
+            name = "sw";
+            help = "Build and switch to the host's config locally";
+            command = "swarsel-deploy $(hostname) switch";
+          }
+          {
+            name = "bld";
+            help = "Build a number of configurations";
+            command = "swarsel-build \"$@\"";
+          }
+          {
+            name = "c";
+            help = "Work with the flake git repository";
+            command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
+          }
+        ];
 
-            commands = [
-              {
-                package = pkgs.statix;
-                help = "Lint flake";
-              }
-              {
-                package = pkgs.deadnix;
-                help = "Check flake for dead code";
-              }
-              {
-                package = pkgs.nix-tree;
-                help = "Interactively browse dependency graphs of Nix derivations";
-              }
-              {
-                package = pkgs.nvd;
-                help = "Diff two nix toplevels and show which packages were upgraded";
-              }
-              {
-                package = pkgs.nix-diff;
-                help = "Explain why two Nix derivations differ";
-              }
-              {
-                package = pkgs.nix-output-monitor;
-                help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
-                name = "nom \"$@\"";
-              }
-              {
-                name = "hm";
-                help = "Manage home-manager config";
-                command = "home-manager \"$@\"";
-              }
-              {
-                name = "fmt";
-                help = "Format flake";
-                command = "nixpkgs-fmt --check \"$FLAKE\"";
-              }
-              {
-                name = "sd";
-                help = "Build and deploy this nix config to nodes";
-                command = "swarsel-deploy \"$@\"";
-              }
-              {
-                name = "sl";
-                help = "Build and deploy a config to nodes";
-                command = "swarsel-deploy \${1} switch";
-              }
-              {
-                name = "sw";
-                help = "Build and switch to the host's config locally";
-                command = "swarsel-deploy $(hostname) switch";
-              }
-              {
-                name = "bld";
-                help = "Build a number of configurations";
-                command = "swarsel-build \"$@\"";
-              }
-              {
-                name = "c";
-                help = "Work with the flake git repository";
-                command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
-              }
-            ];
+        devshell.startup.pre-commit-install.text = "pre-commit install";
 
-            # devshell.startup.pre-commit-install.text = "pre-commit install";
-            devshell.startup.pre-commit.text = config.pre-commit.installationScript;
-
-            env =
-              let
-                nix-plugins = pkgs.nix-plugins.override {
-                  nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
-                };
-              in
-              [
-                {
-                  name = "NIX_CONFIG";
-                  value = ''
-                    plugin-files = ${nix-plugins}/lib/nix/plugins
-                    extra-builtins-file = ${self + /nix/extra-builtins.nix}
-                  '';
-                }
-              ];
+        env = let
+          nix-plugins = pkgs.nix-plugins.override {
+            nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
           };
+        in [
+          {
+            # Additionally configure nix-plugins with our extra builtins file.
+            # We need this for our repo secrets.
+            name = "NIX_CONFIG";
+            value = ''
+              plugin-files = ${nix-plugins}/lib/nix/plugins
+              extra-builtins-file = ${self + /nix/extra-builtins.nix}
+            '';
+          }
+        ];
       };
     };
 }
@@ -2721,32 +2504,10 @@ Defines a formatter that can be called using nix flake format. Whil
 
    
 
 
    
-
    { inputs, ... }:
+
    _:
 {
-  imports = [
-    inputs.treefmt-nix.flakeModule
-  ];
-
   perSystem = { pkgs, ... }: {
-    # formatter = pkgs.nixpkgs-fmt;
-    # formatter is set by treefmt to:
-    # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper);
-    treefmt = {
-      projectRootFile = "flake.nix";
-      programs = {
-        nixfmt = {
-          enable = true;
-          package = pkgs.nixpkgs-fmt;
-        };
-        deadnix.enable = true;
-        statix.enable = true;
-        shellcheck.enable = true;
-      };
-      settings.formatter.shellcheck.options = [
-        "--shell"
-        "bash"
-      ];
-    };
+    formatter = pkgs.nixpkgs-fmt;
   };
 }
 
@@ -2888,7 +2649,7 @@ in
       overlays = {
         default = final: prev:
           let
-            additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
+            additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; }
               // {
               swarsel-nix = import inputs.swarsel-nix {
                 pkgs = prev;
@@ -2901,11 +2662,6 @@ in
               #   withSystemVencord = true;
               # };
 
-              lib = prev.lib // {
-                swarselsystems = self.outputs.swarselsystemsLib;
-                hm = self.outputs.homeLib;
-              };
-
               firefox = prev.firefox.override {
                 nativeMessagingHosts = [
                   prev.tridactyl-native
@@ -2956,19 +2712,15 @@ in
                 (builtins.attrNames nixpkgsInputs));
 
           in
-          lib.recursiveUpdate
-            (
-              (additions final prev)
-              // (nixpkgs-stable-versions final prev)
-              // (inputs.niri-flake.overlays.niri final prev)
-              // (inputs.vbc-nix.overlays.default final prev)
-              // (inputs.nur.overlays.default final prev)
-              // (inputs.emacs-overlay.overlay final prev)
-              // (inputs.nix-topology.overlays.default final prev)
-              // (inputs.nixgl.overlay final prev)
-              // (inputs.nixos-extra-modules.overlays.default final prev)
-            )
-            (modifications final prev);
+          (additions final prev)
+          // (modifications final prev)
+          // (nixpkgs-stable-versions final prev)
+          // (inputs.niri-flake.overlays.niri final prev)
+          // (inputs.vbc-nix.overlays.default final prev)
+          // (inputs.nur.overlays.default final prev)
+          // (inputs.emacs-overlay.overlay final prev)
+          // (inputs.nix-topology.overlays.default final prev)
+          // (inputs.nixgl.overlay final prev);
       };
     };
 }
@@ -3793,7 +3545,7 @@ in
 
    
 
 
    
-
    3.1.2.3. Winters (Server: ASRock J4105-ITX)
    
+
    3.1.2.3. Winters (Server)
    
 
    
 
    
 This is my main server that I run at home. It handles most tasks that require bigger amounts of storage than I can receive for free at OCI. Also it houses some data that I find too sensitive to hand over to Oracle.
@@ -3803,7 +3555,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    3.1.2.3.1. Main Configuration
    
 
    
 
    
-
    { lib, minimal, ... }:
+
    { lib, config, minimal, ... }:
 {
 
   imports = [
@@ -3815,29 +3567,25 @@ This is my main server that I run at home. It handles most tasks that require bi
     loader.efi.canTouchEfiVariables = true;
   };
 
-  # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4;
-  # globals.networks.home.hosts.${config.node.name} = {
-  #   ipv4 = config.repo.secrets.local.home-ipv4;
-  #   mac = config.repo.secrets.local.home-mac;
-  # };
+  globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4;
+
+  networking = {
+    inherit (config.repo.secrets.local) hostId;
+    hostName = "winters";
+    firewall.enable = true;
+    enableIPv6 = false;
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
 
   swarselsystems = {
     info = "ASRock J4105-ITX, 32GB RAM";
     flakePath = "/root/.dotfiles";
     isImpermanence = false;
-    isSecureBoot = false;
-    isCrypted = false;
+    isSecureBoot = true;
+    isCrypted = true;
     isBtrfs = false;
     isLinux = true;
     isNixos = true;
-    server.garage = {
-      data_dir = [
-        {
-          capacity = "200G";
-          path = "/Vault/data/garage/main";
-        }
-      ];
-    };
   };
 
 } // lib.optionalAttrs (!minimal) {
@@ -3847,7 +3595,6 @@ This is my main server that I run at home. It handles most tasks that require bi
   };
 
   swarselmodules.server = {
-    diskEncryption = lib.mkForce false;
     nfs = lib.mkDefault true;
     nginx = lib.mkDefault true;
     kavita = lib.mkDefault true;
@@ -3876,8 +3623,6 @@ This is my main server that I run at home. It handles most tasks that require bi
     ankisync = lib.mkDefault true;
     # snipeit = lib.mkDefault false;
     homebox = lib.mkDefault true;
-    opkssh = lib.mkDefault true;
-    garage = lib.mkDefault false;
   };
 
 }
@@ -3940,531 +3685,8 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    
 
    
 
    
-
    
-
    3.1.2.4. Summers (Server: ASUS Z10PA-D8)
    
-
    
-
    
-
    
-
    3.1.2.4.1. Main Configuration
    
-
    
-
    
-
    { inputs, lib, config, minimal, nodes, globals, ... }:
-{
-
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-  ];
-
-  boot = {
-    loader.systemd-boot.enable = true;
-    loader.efi.canTouchEfiVariables = true;
-  };
-
-  swarselsystems = {
-    info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
-    flakePath = "/root/.dotfiles";
-    isImpermanence = true;
-    isSecureBoot = true;
-    isCrypted = true;
-    isBtrfs = true;
-    isLinux = true;
-    isNixos = true;
-    withMicroVMs = false;
-  };
-
-} // lib.optionalAttrs (!minimal) {
-
-  swarselprofiles = {
-    server = true;
-  };
-
-  swarselmodules = {
-    optional = {
-      microvmHost = true;
-    };
-    server = {
-      diskEncryption = lib.mkForce false; # TODO: disable
-      nfs = false;
-      nginx = false;
-      kavita = false;
-      restic = false;
-      jellyfin = false;
-      navidrome = false;
-      spotifyd = false;
-      mpd = false;
-      postgresql = false;
-      matrix = false;
-      nextcloud = false;
-      immich = false;
-      paperless = false;
-      transmission = false;
-      syncthing = false;
-      grafana = false;
-      emacs = false;
-      freshrss = false;
-      jenkins = false;
-      kanidm = false;
-      firefly-iii = false;
-      koillection = false;
-      radicale = false;
-      atuin = false;
-      forgejo = false;
-      ankisync = false;
-      homebox = false;
-      opkssh = false;
-      garage = false;
-    };
-  };
-
-  microvm.vms =
-    let
-      mkMicrovm = guestName: {
-        ${guestName} = {
-          backend = "microvm";
-          autostart = true;
-          modules = [
-            ./guests/${guestName}.nix
-            {
-              node.secretsDir = ./secrets/${guestName};
-            }
-          ];
-          microvm = {
-            system = "x86_64-linux";
-            # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
-            # interfaces.vlan-services = { };
-          };
-          specialArgs = {
-            inherit (config) nodes globals;
-            inherit lib;
-            inherit inputs minimal;
-          };
-        };
-      };
-    in
-    lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
-      { }
-      // mkMicrovm "guest1"
-    );
-
-}
-
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.4.2. hardware-configuration
    
-
    
-
    
-
    { config, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot = {
-    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
-    initrd.kernelModules = [ ];
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
-
-    supportedFilesystems = [ "zfs" ];
-    zfs.extraPools = [ "Vault" ];
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.4.3. disko
    
-
    
-
    
-
    { lib, config, ... }:
-let
-  type = "btrfs";
-  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
-  subvolumes = {
-    "/root" = {
-      mountpoint = "/";
-      mountOptions = [
-        "subvol=root"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/home";
-      mountOptions = [
-        "subvol=home"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/persist";
-      mountOptions = [
-        "subvol=persist"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/var/log";
-      mountOptions = [
-        "subvol=log"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/nix" = {
-      mountpoint = "/nix";
-      mountOptions = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/swap" = lib.mkIf config.swarselsystems.isSwap {
-      mountpoint = "/.swapvol";
-      swap.swapfile.size = config.swarselsystems.swapSize;
-    };
-  };
-in
-{
-  disko.devices = {
-    disk = {
-      disk0 = {
-        type = "disk";
-        device = config.swarselsystems.rootDisk;
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              priority = 1;
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "defaults" ];
-              };
-            };
-            root = lib.mkIf (!config.swarselsystems.isCrypted) {
-              size = "100%";
-              content = {
-                inherit type subvolumes extraArgs;
-                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                  MNTPOINT=$(mktemp -d)
-                  mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
-                  trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                  btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                '';
-              };
-            };
-            luks = lib.mkIf config.swarselsystems.isCrypted {
-              size = "100%";
-              content = {
-                type = "luks";
-                name = "cryptroot";
-                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                settings = {
-                  allowDiscards = true;
-                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                  crypttabExtraOpts = [
-                    "fido2-device=auto"
-                    "token-timeout=10"
-                  ];
-                };
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                    MNTPOINT=$(mktemp -d)
-                    mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
-                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-}
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.4.4. Guests
    
-
    
-
    
-
    
-3.1.2.4.4.1. Guest 1
-
    
-
    
-
    { lib, minimal, ... }:
-{
-
-  swarselsystems = {
-    info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
-  };
-
-} // lib.optionalAttrs (!minimal) {
-
-  swarselprofiles = {
-    server = false;
-  };
-
-  swarselmodules = {
-    optional = {
-      microvmGuest = false;
-    };
-  };
-
-  microvm = {
-    mem = 1024 * 4;
-    vcpu = 2;
-  };
-
-}
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.5. Hintbooth (Router: HUNSN RM02)
    
-
    
-
    
-
    
-
    3.1.2.5.1. Main Configuration
    
-
    
-
    
-
    { lib, minimal,  ... }:
-{
-
-  imports = [
-    ./hardware-configuration.nix
-    ./disk-config.nix
-  ];
-
-  swarselsystems = {
-    info = "HUNSN RM02, 8GB RAM";
-    flakePath = "/root/.dotfiles";
-    isImpermanence = true;
-    isSecureBoot = true;
-    isCrypted = true;
-    isBtrfs = true;
-    isLinux = true;
-    isNixos = true;
-    rootDisk = "/dev/sda";
-    swapSize = "8G";
-    networkKernelModules = [ "igb" ];
-  };
-
-} // lib.optionalAttrs (!minimal) {
-
-  swarselprofiles = {
-    server = true;
-    router = false;
-  };
-
-  swarselmodules = {
-    server = {
-      nginx = lib.mkForce false; # we get this from the server profile
-    };
-  };
-
-}
-
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.5.2. hardware-configuration
    
-
    
-
    
-
    { config, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot = {
-    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
-    initrd.kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.5.3. disko
    
-
    
-
    
-
    { lib, config, ... }:
-let
-  type = "btrfs";
-  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
-  subvolumes = {
-    "/root" = {
-      mountpoint = "/";
-      mountOptions = [
-        "subvol=root"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/home";
-      mountOptions = [
-        "subvol=home"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/persist";
-      mountOptions = [
-        "subvol=persist"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
-      mountpoint = "/var/log";
-      mountOptions = [
-        "subvol=log"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/nix" = {
-      mountpoint = "/nix";
-      mountOptions = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-      ];
-    };
-    "/swap" = lib.mkIf config.swarselsystems.isSwap {
-      mountpoint = "/.swapvol";
-      swap.swapfile.size = config.swarselsystems.swapSize;
-    };
-  };
-in
-{
-  disko.devices = {
-    disk = {
-      disk0 = {
-        type = "disk";
-        device = config.swarselsystems.rootDisk;
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              priority = 1;
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "defaults" ];
-              };
-            };
-            root = lib.mkIf (!config.swarselsystems.isCrypted) {
-              size = "100%";
-              content = {
-                inherit type subvolumes extraArgs;
-                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                  MNTPOINT=$(mktemp -d)
-                  mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
-                  trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                  btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                '';
-              };
-            };
-            luks = lib.mkIf config.swarselsystems.isCrypted {
-              size = "100%";
-              content = {
-                type = "luks";
-                name = "cryptroot";
-                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                settings = {
-                  allowDiscards = true;
-                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                  crypttabExtraOpts = [
-                    "fido2-device=auto"
-                    "token-timeout=10"
-                  ];
-                };
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
-                    MNTPOINT=$(mktemp -d)
-                    mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
-                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
-                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-}
-
    
-
    
-
    
-
    
-
    
 
    
-
    3.1.2.6. machpizza (MacBook Pro)
    
+
    3.1.2.4. machpizza (MacBook Pro)
    
 
    
 
    
 A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed).
@@ -4499,7 +3721,7 @@ in
 
    
 
    
 
    
-
    3.1.2.7. Magicant (Phone)
    
+
    3.1.2.5. Magicant (Phone)
    
 
    
 
    
 My phone. I use only a minimal config for remote debugging here.
@@ -4557,11 +3779,11 @@ My phone. I use only a minimal config for remote debugging here.
 
    
 
    
 
    
-
    
-
    3.1.2.8. Treehouse (DGX Spark)
    
-
    
+
    
+
    3.1.2.6. Treehouse (DGX Spark)
    
+
    
 
    
-
    { self, ... }:
+
    { self, outputs, ... }:
 {
 
   imports = [
@@ -4571,6 +3793,12 @@ My phone. I use only a minimal config for remote debugging here.
     "${self}/modules/nixos/common/meta.nix"
   ];
 
+  nixpkgs = {
+    overlays = [ outputs.overlays.default ];
+    config = {
+      allowUnfree = true;
+    };
+  };
 
   services.xcape = {
     enable = true;
@@ -4618,15 +3846,219 @@ I have removed most of the machines from this section. What remains are some hos
 
  • Moonside: Proxy server + some lightweight services
    • 
 
 
    
+
    
+
    3.1.3.1. MilkyWell (OCI)
    
+
    
+
    
+For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
+
    
+
    
+
    
+
    3.1.3.1.1. Main configuration
    
+
    
+
    
+
    { lib, minimal, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    tmp.cleanOnBoot = true;
+  };
+
+  networking = {
+    nftables.enable = lib.mkForce false;
+    hostName = "milkywell";
+    enableIPv6 = true;
+    domain = "subnet03112148.vcn03112148.oraclevcn.com";
+  };
+
+  topology.self = {
+    icon = "devices.cloud-server";
+  };
+
+  hardware = {
+    enableAllFirmware = lib.mkForce false;
+  };
+
+  swarselsystems = {
+    info = "VM.Standard.E2.1.Micro";
+    isImpermanence = true;
+    isSecureBoot = false;
+    isCrypted = true;
+    isSwap = true;
+    rootDisk = "/dev/sda";
+    swapSize = "4G";
+    isBtrfs = true;
+    isLinux = true;
+    isNixos = true;
+  };
+
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    server = true;
+  };
+
+  swarselmodules.server = {
+    forgejo = lib.mkDefault false;
+    ankisync = lib.mkDefault false;
+  };
+}
+
+
    
+
    
+
    
+
    
+
    
+
    3.1.3.1.2. hardware-configuration
    
+
    
+
    
+
    { config, lib, modulesPath, ... }: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
+
    
+
    
+
    
+
    
+
    
+
    3.1.3.1.3. disko
    
+
    
+
    
+
    # NOTE: ... is needed because dikso passes diskoFile
+{ lib
+, config
+, ...
+}:
+let
+  type = "btrfs";
+  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
+  subvolumes = {
+    "/root" = {
+      mountpoint = "/";
+      mountOptions = [
+        "subvol=root"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/home";
+      mountOptions = [
+        "subvol=home"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/persist";
+      mountOptions = [
+        "subvol=persist"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/var/log";
+      mountOptions = [
+        "subvol=log"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/nix" = {
+      mountpoint = "/nix";
+      mountOptions = [
+        "subvol=nix"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/swap" = lib.mkIf config.swarselsystems.isSwap {
+      mountpoint = "/.swapvol";
+      swap.swapfile.size = config.swarselsystems.swapSize;
+    };
+  };
+in
+{
+  disko.devices = {
+    disk = {
+      disk0 = {
+        type = "disk";
+        device = config.swarselsystems.rootDisk;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                inherit type subvolumes extraArgs;
+                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                  MNTPOINT=$(mktemp -d)
+                  mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
+                  trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                  btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                '';
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+}
+
+
+
    
+
    
+
    
+
    
+
    
 
    
-
    3.1.3.1. Moonside (OCI)
    
+
    3.1.3.2. Moonside (OCI)
    
 
    
 
    
 This machine mainly acts as my proxy server to stand before my local machines.
 
    
 
    
 
    
-
    3.1.3.1.1. Main Configuration
    
+
    3.1.3.2.1. Main Configuration
    
 
    
 
    
 
    { lib, config, minimal, ... }:
@@ -4669,9 +4101,12 @@ in
   };
 
   networking = {
+    nftables.enable = lib.mkForce false;
+    hostName = "moonside";
+    enableIPv6 = false;
     domain = "subnet03291956.vcn03291956.oraclevcn.com";
     firewall = {
-      allowedTCPPorts = [ 8384 ];
+      allowedTCPPorts = [ 80 443 8384 ];
     };
     wireguard = {
       enable = true;
@@ -4760,7 +4195,7 @@ in
 
   swarselsystems = {
     flakePath = "/root/.dotfiles";
-    info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM";
+    info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
     isImpermanence = true;
     isSecureBoot = false;
     isCrypted = false;
@@ -4780,13 +4215,12 @@ in
   };
 
   swarselmodules.server = {
-    oauth2-proxy = true;
-    croc = true;
-    microbin = true;
-    shlink = true;
-    slink = true;
-    syncthing = true;
-    diskEncryption = lib.mkForce false;
+    oauth2-proxy = lib.mkDefault true;
+    croc = lib.mkDefault true;
+    microbin = lib.mkDefault true;
+    shlink = lib.mkDefault true;
+    slink = lib.mkDefault true;
+    syncthing = lib.mkDefault true;
   };
 }
 
@@ -4795,7 +4229,7 @@ in
 
    
 
    
 
    
-
    3.1.3.1.2. hardware-configuration
    
+
    3.1.3.2.2. hardware-configuration
    
 
    
 
    
 
    { lib, modulesPath, ... }:
@@ -4818,7 +4252,7 @@ in
 
    
 
    
 
    
-
    3.1.3.1.3. disko
    
+
    3.1.3.2.3. disko
    
 
    
 
    
 
    # NOTE: ... is needed because dikso passes diskoFile
@@ -4984,13 +4418,6 @@ This is a slim setup for developing base configuration. I do not track the hardw
     minimal = lib.mkForce true;
   };
 
-  swarselmodules = {
-    server = {
-      network = lib.mkForce false;
-      diskEncryption = lib.mkForce false;
-    };
-  };
-
   swarselsystems = {
     info = "~SwarselSystems~ remote install helper";
     wallpaper = self + /files/wallpaper/lenovowp.png;
@@ -5173,32 +4600,36 @@ TODO: cleanup this mess
 
    { self, config, pkgs, lib, ... }:
 let
   pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
-  stateVersion = lib.mkDefault "23.05";
-      homeFiles = {
-        ".bash_history" = {
-          text = ''
-            swarsel-install -n hotel
-          '';
-        };
-      };
 in
 {
 
   config = {
     home-manager.users.root.home = {
-      inherit stateVersion;
-      file = homeFiles;
+      stateVersion = "23.05";
+      file = {
+        ".bash_history" = {
+          text = ''
+            swarsel-install -n chaostheatre
+          '';
+        };
+      };
     };
     home-manager.users.swarsel = {
       home = {
         username = "swarsel";
         homeDirectory = lib.mkDefault "/home/swarsel";
-        inherit stateVersion;
+        stateVersion = lib.mkDefault "23.05";
         keyboard.layout = "us";
         sessionVariables = {
           FLAKE = "/home/swarsel/.dotfiles";
         };
-        file = homeFiles;
+        file = {
+          ".bash_history" = {
+            text = ''
+              swarsel-install -n chaostheatre
+            '';
+          };
+        };
       };
     };
 
@@ -5216,6 +4647,10 @@ in
     nix = {
       channel.enable = false;
       package = pkgs.nixVersions.nix_2_28;
+      # extraOptions = ''
+      #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
+      #   extra-builtins-file = ${../nix/extra-builtins.nix}
+      # '';
       extraOptions = ''
         plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
           buildInputs = [config.nix.package pkgs.boost];
@@ -5267,7 +4702,6 @@ in
     environment.etc."issue".text = ''
       ~SwarselSystems~
       IP of primary interface: \4
-      These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0}
       The Password for all users & root is 'setup'.
       Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
       Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
@@ -5278,7 +4712,6 @@ in
       wireless.enable = false;
       # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
       networkmanager.enable = true;
-      usePredictableInterfaceNames = false;
     };
 
     services.getty.autologinUser = lib.mkForce "root";
@@ -5305,8 +4738,6 @@ in
 
     programs.bash.shellAliases = {
       "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
-      "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'";
-      "swarsel-kernel-module" = "lspci -k -d";
     };
 
     system.activationScripts.cache = {
@@ -5340,7 +4771,7 @@ in
 
    
 
    
 
    
-
    3.1.4.3. Hotel (Demo Physical/VM)
    
+
    3.1.4.3. ChaosTheatre (Demo Physical/VM)
    
 
    
 
    
 This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys).
@@ -5381,17 +4812,10 @@ in
   };
 
   networking = {
-    hostName = "hotel";
+    hostName = "chaostheatre";
     firewall.enable = true;
   };
 
-  swarselmodules = {
-    server = {
-      network = lib.mkForce false;
-      diskEncryption = lib.mkForce false;
-    };
-  };
-
   swarselsystems = {
     info = "~SwarselSystems~ demo host";
     wallpaper = self + /files/wallpaper/lenovowp.png;
@@ -5410,7 +4834,7 @@ in
 
 } // lib.optionalAttrs (!minimal) {
   swarselprofiles = {
-    hotel = true;
+    chaostheatre = true;
     minimal = true;
   };
 }
@@ -5711,91 +5135,6 @@ let
     mkOption
     types
     ;
-
-  networkOptions = netSubmod: {
-    cidrv4 = mkOption {
-      type = types.nullOr types.net.cidrv4;
-      description = "The CIDRv4 of this network";
-      default = null;
-    };
-
-    subnetMask4 = mkOption {
-      type = types.nullOr types.net.ipv4;
-      description = "The dotted decimal form of the subnet mask of this network";
-      readOnly = true;
-      default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4;
-    };
-
-    cidrv6 = mkOption {
-      type = types.nullOr types.net.cidrv6;
-      description = "The CIDRv6 of this network";
-      default = null;
-    };
-
-    hosts = mkOption {
-      default = { };
-      type = types.attrsOf (
-        types.submodule (hostSubmod: {
-          options = {
-            id = mkOption {
-              type = types.int;
-              description = "The id of this host in the network";
-            };
-
-            mac = mkOption {
-              type = types.nullOr types.net.mac;
-              description = "The MAC of the interface on this host that belongs to this network.";
-              default = null;
-            };
-
-            ipv4 = mkOption {
-              type = types.nullOr types.net.ipv4;
-              description = "The IPv4 of this host in this network";
-              readOnly = true;
-              default =
-                if netSubmod.config.cidrv4 == null then
-                  null
-                else
-                  lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4;
-            };
-
-            ipv6 = mkOption {
-              type = types.nullOr types.net.ipv6;
-              description = "The IPv6 of this host in this network";
-              readOnly = true;
-              default =
-                if netSubmod.config.cidrv6 == null then
-                  null
-                else
-                  lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6;
-            };
-
-            cidrv4 = mkOption {
-              type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part
-              description = "The IPv4 of this host in this network, including CIDR mask";
-              readOnly = true;
-              default =
-                if netSubmod.config.cidrv4 == null then
-                  null
-                else
-                  lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4;
-            };
-
-            cidrv6 = mkOption {
-              type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part
-              description = "The IPv6 of this host in this network, including CIDR mask";
-              readOnly = true;
-              default =
-                if netSubmod.config.cidrv6 == null then
-                  null
-                else
-                  lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6;
-            };
-          };
-        })
-      );
-    };
-  };
 in
 {
   options = {
@@ -5831,44 +5170,12 @@ in
             );
           };
 
-          networks = mkOption {
-            default = { };
-            type = types.attrsOf (
-              types.submodule (netSubmod: {
-                options = networkOptions netSubmod // {
-                  vlans = mkOption {
-                    default = { };
-                    type = types.attrsOf (
-                      types.submodule (vlanNetSubmod: {
-                        options = networkOptions vlanNetSubmod // {
-                          id = mkOption {
-                            type = types.ints.between 1 4094;
-                            description = "The VLAN id";
-                          };
-
-                          name = mkOption {
-                            description = "The name of this VLAN";
-                            default = vlanNetSubmod.config._module.args.name;
-                            type = types.str;
-                          };
-                        };
-                      })
-                    );
-                  };
-                };
-              })
-            );
-          };
-
           hosts = mkOption {
             type = types.attrsOf (
               types.submodule {
                 options = {
-                  defaultGateway4 = mkOption {
-                    type = types.nullOr types.net.ipv4;
-                  };
-                  defaultGateway6 = mkOption {
-                    type = types.nullOr types.net.ipv6;
+                  ipv4 = mkOption {
+                    type = types.str;
                   };
                 };
               }
@@ -5924,13 +5231,11 @@ in
 
    3.2.1.5. Expose home-manager sops secrets in NixOS (automatically active)
    
 
    
 
    
-
    { self, lib, config, globals, ... }:
+
    { lib, config, globals, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir;
   inherit (config.repo.secrets.common.emacs) radicaleUser;
   modules = config.home-manager.users.${mainUser}.swarselmodules;
-
-  certsSopsFile = self + /secrets/certs/secrets.yaml;
 in
 {
   config = lib.mkIf config.swarselsystems.withHomeManager {
@@ -5950,8 +5255,6 @@ in
         github-nixpkgs-review-token = { owner = mainUser; };
       }) // (lib.optionalAttrs modules.emacs {
         emacs-radicale-pw = { owner = mainUser; };
-      }) // (lib.optionalAttrs modules.optional.work {
-        harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
       }) // (lib.optionalAttrs modules.anki {
         anki-user = { owner = mainUser; };
         anki-pw = { owner = mainUser; };
@@ -6145,19 +5448,7 @@ in
         system.stateVersion = lib.mkDefault "23.05";
 
         nixpkgs = {
-          overlays = [
-            outputs.overlays.default
-            (final: prev:
-              let
-                additions = final: _: import "${self}/pkgs/config" {
-                  inherit self config lib;
-                  pkgs = final;
-                  homeConfig = config.home-manager.users.${config.swarselsystems.mainUser};
-                };
-              in
-              additions final prev
-            )
-          ];
+          overlays = [ outputs.overlays.default ];
           config = {
             allowUnfree = true;
           };
@@ -6178,7 +5469,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
 
    
 
 
    
-
    { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
+
    { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }:
 {
   options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
   config = lib.mkIf config.swarselmodules.home-manager {
@@ -6187,7 +5478,6 @@ We enable the use of home-manager as a NixoS module. A nice trick h
       useUserPackages = true;
       verbose = true;
       backupFileExtension = "hm-bak";
-      overwriteBackup = true;
       users.${config.swarselsystems.mainUser}.imports = [
         inputs.nix-index-database.homeModules.nix-index
         inputs.sops-nix.homeManagerModules.sops
@@ -6210,11 +5500,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
           home.stateVersion = lib.mkDefault config.system.stateVersion;
         }
       ];
-      extraSpecialArgs = {
-        inherit (inputs) self nixgl;
-        inherit inputs outputs globals nodes minimal configName;
-        lib = homeLib;
-      };
+      extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; };
     };
   };
 }
@@ -6337,7 +5623,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I
 
 
    
 
    # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
-{ config, inputs, lib, ... }:
+{ config, inputs, lib, minimal, ... }:
 let
   # If the given expression is a bare set, it will be wrapped in a function,
   # so that the imported file can always be applied to the inputs, similar to
@@ -6403,7 +5689,7 @@ in
       let
         local = config.node.secretsDir + "/pii.nix.enc";
       in
-      (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true {
+      (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) {
         common = ../../../secrets/repo/pii.nix.enc;
       };
   };
@@ -7375,15 +6661,12 @@ Here I disable global completion to prevent redundant compinit calls and cache i
 let
   inherit (config.swarselsystems) mainUser homeDir;
   devices = config.swarselsystems.syncthing.syncDevices;
-  servicePort = 8384;
 in
 {
   options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config";
   config = lib.mkIf config.swarselmodules.syncthing {
     services.syncthing = {
       enable = true;
-      systemService = true;
-      guiAddress = "127.0.0.1:${builtins.toString servicePort}";
       package = pkgs.syncthing;
       user = mainUser;
       dataDir = homeDir;
@@ -8284,16 +7567,12 @@ in
       xwayland-satellite-unstable
     ];
 
+    niri-flake.cache.enable = true;
 
     programs.niri = {
       enable = true;
       package = pkgs.niri-unstable; # the actual niri that will be installed and used
     };
-  } // {
-    niri-flake.cache.enable = true;
-    programs.niri = {
-      package = null;
-    };
   };
 }
 
    
@@ -8361,7 +7640,6 @@ in
     environment.shellAliases = lib.recursiveUpdate
       {
         nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
-        ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
         nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
         ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
       }
@@ -8483,60 +7761,9 @@ let
   inherit (config.repo.secrets.common) dnsProvider;
   inherit (config.repo.secrets.common.mail) address3;
 
-  serviceUser = "nginx";
-  serviceGroup = serviceUser;
-
-  sslBasePath = "/etc/ssl";
-  dhParamsPathBase = "${sslBasePath}/dhparams.pem";
-  dhParamsPath =
-    if config.swarselsystems.isImpermanence then
-      "/persist/${dhParamsPathBase}"
-    else
-      "${dhParamsPathBase}";
 in
 {
   options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server";
-  options.services.nginx = {
-    recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block.";
-    virtualHosts = lib.mkOption {
-      type = lib.types.attrsOf (
-        lib.types.submodule {
-          options.locations = lib.mkOption {
-            type = lib.types.attrsOf (
-              lib.types.submodule (submod: {
-                options = {
-                  recommendedSecurityHeaders = lib.mkOption {
-                    type = lib.types.bool;
-                    default = config.services.nginx.recommendedSecurityHeaders;
-                    description = "Whether to add additional security headers to this location.";
-                  };
-
-                  X-Frame-Options = lib.mkOption {
-                    type = lib.types.str;
-                    default = "DENY";
-                    description = "The value to use for X-Frame-Options";
-                  };
-                };
-                config = lib.mkIf submod.config.recommendedSecurityHeaders {
-                  extraConfig = lib.mkBefore ''
-                    # Enable HTTP Strict Transport Security (HSTS)
-                    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
-
-                    # Minimize information leaked to other domains
-                    add_header Referrer-Policy "origin-when-cross-origin";
-
-                    add_header X-XSS-Protection "1; mode=block";
-                    add_header X-Frame-Options "${submod.config.X-Frame-Options}";
-                    add_header X-Content-Type-Options "nosniff";
-                  '';
-                };
-              })
-            );
-          };
-        }
-      );
-    };
-  };
   config = lib.mkIf config.swarselmodules.server.nginx {
     environment.systemPackages = with pkgs; [
       lego
@@ -8549,68 +7776,24 @@ in
       '';
     };
 
-    users.groups.acme.members = [ "nginx" ];
-
     security.acme = {
       acceptTerms = true;
       defaults = {
         inherit dnsProvider;
         email = address3;
         environmentFile = "${config.sops.templates."certs.secret".path}";
-        reloadServices = [ "nginx" ];
-        dnsPropagationCheck = true;
       };
     };
 
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-    environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      files = [ dhParamsPathBase ];
-    };
-
     services.nginx = {
       enable = true;
-      user = serviceUser;
-      group = serviceGroup;
       statusPage = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
-      recommendedBrotliSettings = true;
-      recommendedSecurityHeaders = true;
-      sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL";
-      sslDhparam = dhParamsPathBase;
-      virtualHosts.fallback = {
-        default = true;
-        rejectSSL = true;
-        locations."/".extraConfig = ''
-          deny all;
-        '';
-      };
+      # virtualHosts are defined in the respective sections
     };
-    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-      deps = [ "generateDHParams" "users" "groups" ];
-    };
-    system.activationScripts."generateDHParams" =
-      {
-        text = ''
-          set -eu
-
-          ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}
-          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
-
-          if [ ! -f "${dhParamsPathBase}" ]; then
-            ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
-            chmod 0644 ${dhParamsPath}
-            chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
-          fi
-        '';
-        deps = [
-          "etc"
-          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-        ];
-      };
   };
 }
 
    
@@ -8661,374 +7844,8 @@ Here I am forcing startWhenNeeded to false so that the value will n
 
    
 
    
 
    
-
    
-
    3.2.3.7. Network settings
    
-
    
-
    
-
    { lib, config, ... }:
-{
-  options.swarselmodules.server.network = lib.mkEnableOption "enable server network config";
-  config = lib.mkIf config.swarselmodules.server.network {
-
-    globals.networks.home.hosts.${config.node.name} = {
-      inherit (config.repo.secrets.local.networking.networks.home) id;
-      mac = config.repo.secrets.local.networking.networks.home.mac or null;
-    };
-
-    globals.hosts.${config.node.name} = {
-      inherit (config.repo.secrets.local.networking) defaultGateway4;
-    };
-
-    networking = {
-      inherit (config.repo.secrets.local.networking) hostId;
-      hostName = config.node.name;
-      nftables.enable = lib.mkDefault false;
-      enableIPv6 = lib.mkDefault true;
-      firewall = {
-        enable = lib.mkDefault true;
-      };
-    };
-
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.8. Disk encryption
    
-
    
-
    
-The hostkey can be generated with ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key.
-Use lspci -v | grep -iA8 'network\|ethernet' to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach:
-
    
-
-
    
-Use lspci -nn | grep -i network to find out manufacturer info:
-
    
-
-
    
-
    lspci -nn | grep -i 'network\|ethernet'
-
    
-
    
-
-
-
-
---
--
--
--
--
--
--
--
--
--
--
--
--
--
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
    















    04:00.0Networkcontroller[0280]:MEDIATEKCorp.MT7922802.11axPCIExpressWirelessNetworkAdapter[14c3:0616]
    6a:00.0Ethernetcontroller[0200]:IntelCorporationI210GigabitNetworkConnection[8086:1533](rev03) 
    
-
-
    
-From the last bracket you then find out the correct kernel module:
-
    
-
-
    
-
    lspci -k -d 14c3:0616
-
    
-
    
-
-
-
-
---
--
--
--
--
--
--
--
--
--
--
--
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
    













    04:00.0Networkcontroller:MEDIATEKCorp.MT7922802.11axPCIExpressWirelessNetworkAdapter
     Subsystem:MEDIATEKCorp.Devicee616      
     Kerneldriverinuse:mt7921e      
     Kernelmodules:mt7921e        
    
-
-
    
-
    { self, pkgs, lib, config, globals, minimal, ... }:
-let
-  localIp = globals.networks.home.hosts.${config.node.name}.ipv4;
-  subnetMask = globals.networks.home.subnetMask4;
-  gatewayIp = globals.hosts.${config.node.name}.defaultGateway4;
-
-  hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key";
-in
-{
-  options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config";
-  options.swarselsystems.networkKernelModules = lib.mkOption {
-    type = lib.types.listOf lib.types.str;
-    default = [ ];
-  };
-  config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) {
-
-    system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) {
-      text = ''
-        [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath}
-      '';
-      deps = [ "users" ];
-    };
-
-    environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) {
-      files = [ hostKeyPath ];
-    };
-
-    boot = lib.mkIf (config.swarselprofiles.server || minimal) {
-      kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [
-        "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none"
-      ];
-      initrd = {
-        availableKernelModules = config.swarselsystems.networkKernelModules;
-        network = {
-          enable = true;
-          udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
-          flushBeforeStage2 = true;
-          ssh = {
-            enable = true;
-            port = 2222; # avoid hostkey changed nag
-            authorizedKeyFiles = [
-              (self + /secrets/keys/ssh/yubikey.pub)
-              (self + /secrets/keys/ssh/magicant.pub)
-            ];
-            hostKeys = [ hostKeyPath ];
-          };
-          # postCommands = ''
-          #   echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
-          # '';
-        };
-        systemd = {
-          initrdBin = with pkgs; [
-            cryptsetup
-          ];
-          services = {
-            unlock-luks = {
-              wantedBy = [ "initrd.target" ];
-              after = [ "network.target" ];
-              before = [ "systemd-cryptsetup@cryptroot.service" ];
-              path = [ "/bin" ];
-
-              serviceConfig = {
-                Type = "oneshot";
-                RemainAfterExit = true;
-              };
-
-              script = ''
-                echo "systemctl default" >> /root/.profile
-              '';
-            };
-          };
-        };
-      };
-    };
-  };
-
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.9. Router
    
-
    
-
    
-
    { lib, config, ... }:
-let
-  serviceName = "router";
-in
-{
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    systemd.network = {
-      wait-online.anyInterface = true;
-      networks = {
-        "30-lan0" = {
-          matchConfig.Name = "lan0";
-          linkConfig.RequiredForOnline = "enslaved";
-          networkConfig = {
-            ConfigureWithoutCarrier = true;
-          };
-        };
-        "30-lan1" = {
-          matchConfig.Name = "lan1";
-          linkConfig.RequiredForOnline = "enslaved";
-          networkConfig = {
-            ConfigureWithoutCarrier = true;
-          };
-        };
-        "30-lan2" = {
-          matchConfig.Name = "lan2";
-          linkConfig.RequiredForOnline = "enslaved";
-          networkConfig = {
-            ConfigureWithoutCarrier = true;
-          };
-        };
-        "30-lan3" = {
-          matchConfig.Name = "lan3";
-          linkConfig.RequiredForOnline = "enslaved";
-          networkConfig = {
-            ConfigureWithoutCarrier = true;
-          };
-        };
-        "10-wan" = {
-          matchConfig.Name = "wan";
-          networkConfig = {
-            # start a DHCP Client for IPv4 Addressing/Routing
-            DHCP = "ipv4";
-            DNSOverTLS = true;
-            DNSSEC = true;
-            IPv6PrivacyExtensions = false;
-            IPForward = true;
-          };
-          # make routing on this interface a dependency for network-online.target
-          linkConfig.RequiredForOnline = "routable";
-    };
-  };
-};
-  };
-}
-
    
-
    
-
    
-
    
 
    
-
    3.2.3.10. kavita
    
+
    3.2.3.7. kavita
    
 
    
 
    
 
    { self, lib, config, pkgs, globals, ... }:
@@ -9039,7 +7856,7 @@ let
   serviceName = "kavita";
   serviceUser = "kavita";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9102,7 +7919,7 @@ in
 
    
 
    
 
    
-
    3.2.3.11. jellyfin
    
+
    3.2.3.8. jellyfin
    
 
    
 
    
 
    { pkgs, lib, config, globals, ... }:
@@ -9111,7 +7928,7 @@ let
   serviceName = "jellyfin";
   serviceUser = "jellyfin";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9173,7 +7990,7 @@ in
 
    
 
    
 
    
-
    3.2.3.12. navidrome
    
+
    3.2.3.9. navidrome
    
 
    
 
    
 
    { pkgs, config, lib, globals, ... }:
@@ -9183,7 +8000,7 @@ let
   serviceUser = "navidrome";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9219,27 +8036,6 @@ in
 
     globals.services.${serviceName}.domain = serviceDomain;
 
-    services.snapserver = {
-      enable = true;
-      settings = {
-        stream = {
-          port = 1704;
-          source = "pipe:///tmp/snapfifo?name=default";
-          bind_to_address = "0.0.0.0";
-        };
-      };
-    };
-
-    systemd.services = {
-      ${serviceName}.serviceConfig = {
-        PrivateDevices = lib.mkForce false;
-        PrivateUsers = lib.mkForce false;
-        RestrictRealtime = lib.mkForce false;
-        SystemCallFilter = lib.mkForce null;
-        RootDirectory = lib.mkForce null;
-      };
-    };
-
     services.${serviceName} = {
       enable = true;
       openFirewall = true;
@@ -9254,9 +8050,8 @@ in
         EnableTranscodingConfig = true;
         Scanner.GroupAlbumReleases = true;
         ScanSchedule = "@every 24h";
-        # MPVPath = "";
-        # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f";
-        # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log";
+        MPVPath = "${pkgs.mpv}/bin/mpv";
+        MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
         ReverseProxyWhitelist = "0.0.0.0/0";
         ReverseProxyUserHeader = "X-User";
         Jukebox = {
@@ -9340,7 +8135,7 @@ in
 
    
 
    
 
    
-
    3.2.3.13. spotifyd
    
+
    3.2.3.10. spotifyd
    
 
    
 
    
 
    { lib, config, ... }:
@@ -9399,7 +8194,7 @@ in
 
    
 
    
 
    
-
    3.2.3.14. mpd
    
+
    3.2.3.11. mpd
    
 
    
 
    
 
    { self, lib, config, pkgs, ... }:
@@ -9473,7 +8268,7 @@ in
 
    
 
    
 
    
-
    3.2.3.15. pipewire
    
+
    3.2.3.12. pipewire
    
 
    
 
    
 
    { lib, config, ... }:
@@ -9501,7 +8296,7 @@ in
 
    
 
    
 
    
-
    3.2.3.16. postgresql
    
+
    3.2.3.13. postgresql
    
 
    
 
    
 
    { config, lib, pkgs, ... }:
@@ -9526,7 +8321,7 @@ in
 
    
 
    
 
    
-
    3.2.3.17. matrix
    
+
    3.2.3.14. matrix
    
 
    
 
    
 
    { lib, config, pkgs, globals, ... }:
@@ -9537,7 +8332,7 @@ let
   serviceName = "matrix";
   serviceDomain = config.repo.secrets.common.services.domains.matrix;
   serviceUser = "matrix-synapse";
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   federationPort = 8448;
   whatsappPort = 29318;
@@ -9882,7 +8677,7 @@ in
 
    
 
    
 
    
-
    3.2.3.18. nextcloud
    
+
    3.2.3.15. nextcloud
    
 
    
 
    
 
    { pkgs, lib, config, globals, ... }:
@@ -9895,9 +8690,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "nextcloud";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
-
-  nextcloudVersion = "32";
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9918,7 +8711,7 @@ in
           trusted_proxies = [ "0.0.0.0" ];
           overwriteprotocol = "https";
         };
-        package = pkgs."nextcloud${nextcloudVersion}";
+        package = pkgs.nextcloud31;
         hostName = serviceDomain;
         home = "/Vault/data/${serviceName}";
         datadir = "/Vault/data/${serviceName}";
@@ -9926,7 +8719,7 @@ in
         configureRedis = true;
         maxUploadSize = "4G";
         extraApps = {
-          inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin;
+          inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin;
         };
         extraAppsEnable = true;
         config = {
@@ -9968,7 +8761,7 @@ in
 
    
 
    
 
    
-
    3.2.3.19. immich
    
+
    3.2.3.16. immich
    
 
    
 
    
 
    { lib, pkgs, config, globals, ... }:
@@ -9977,7 +8770,7 @@ let
   serviceUser = "immich";
   serviceName = "immich";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10046,7 +8839,7 @@ in
 
    
 
    
 
    
-
    3.2.3.20. paperless (tika, gotenberg)
    
+
    3.2.3.17. paperless (tika, gotenberg)
    
 
    
 
    
 This is my personal document management system. It automatically pulls documents from several sources, the only manual step for physical documents is to put them in my scanner and use email delivery.
@@ -10066,7 +8859,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "paperless";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   tikaPort = 9998;
   gotenbergPort = 3002;
@@ -10193,7 +8986,7 @@ in
 
    
 
    
 
    
-
    3.2.3.21. transmission
    
+
    3.2.3.18. transmission
    
 
    
 
    
 
    { self, pkgs, lib, config, ... }:
@@ -10382,7 +9175,7 @@ in
 
    
 
    
 
    
-
    3.2.3.22. syncthing
    
+
    3.2.3.19. syncthing
    
 
    
 
    
 
    { lib, config, configName, globals, ... }:
@@ -10394,7 +9187,7 @@ let
   serviceUser = "syncthing";
   serviceGroup = serviceUser;
   serviceName = "syncthing";
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
   specificServiceName = "syncthing-${configName}";
 
   cfg = config.services.${serviceName};
@@ -10535,7 +9328,7 @@ in
 
    
 
    
 
    
-
    3.2.3.23. restic
    
+
    3.2.3.20. restic
    
 
    
 
    
 This manages backups for my pictures and obsidian files.
@@ -10610,7 +9403,7 @@ in
 
    
 
    
 
    
-
    3.2.3.24. monitoring (Grafana, Prometheus)
    
+
    3.2.3.21. monitoring (Grafana, Prometheus)
    
 
    
 
    
 This section exposes several metrics that I use to check the health of my server. I need to expand on the exporters section at some point, but for now I have everything I need.
@@ -10624,7 +9417,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "grafana";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   prometheusPort = 9090;
   prometheusUser = "prometheus";
@@ -10868,7 +9661,7 @@ in
 
    
 
    
 
    
-
    3.2.3.25. Jenkins
    
+
    3.2.3.22. Jenkins
    
 
    
 
    
 This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually.
@@ -10880,7 +9673,7 @@ let
   servicePort = 8088;
   serviceName = "jenkins";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10927,7 +9720,7 @@ in
 
    
 
    
 
    
-
    3.2.3.26. Emacs elfeed (RSS Server)
    
+
    3.2.3.23. Emacs elfeed (RSS Server)
    
 
    
 
    
 This was an approach of hosting an RSS server from within emacs. That would have been useful as it would have allowed me to allow my feeds from any device. However, it proved impossible to do bidirectional syncing, so I abandoned this configuration in favor of FreshRSS.
@@ -10959,7 +9752,7 @@ in
 
    
 
    
 
    
-
    3.2.3.27. FreshRSS
    
+
    3.2.3.24. FreshRSS
    
 
    
 
    
 FreshRSS is a more 'classical' RSS aggregator that I can just host as a distinct service. This also has its upsides because I jave more control over the state this way.
@@ -10985,7 +9778,7 @@ let
   serviceUser = "freshrss";
   serviceGroup = serviceName;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   inherit (config.swarselsystems) sopsFile;
 in
@@ -11089,7 +9882,7 @@ in
 
    
 
    
 
    
-
    3.2.3.28. forgejo (git server)
    
+
    3.2.3.25. forgejo (git server)
    
 
    
 
    
 
    { lib, config, pkgs, globals, ... }:
@@ -11101,7 +9894,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "forgejo";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   kanidmDomain = globals.services.kanidm.domain;
 in
@@ -11255,7 +10048,7 @@ in
 
    
 
    
 
    
-
    3.2.3.29. Anki Sync Server
    
+
    3.2.3.26. Anki Sync Server
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -11265,7 +10058,7 @@ let
   servicePort = 27701;
   serviceName = "ankisync";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   ankiUser = globals.user.name;
 in
@@ -11330,7 +10123,7 @@ in
 
    
 
    
 
    
-
    3.2.3.30. kanidm
    
+
    3.2.3.27. kanidm
    
 
    
 
    
 The forgejo configuration is a little broken and will show a 500 error when signing in through kanidm. However, when pressing back and refreshing the page, I am logged in. Currently I cannot be bothered to fix this.
@@ -11356,7 +10149,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "kanidm";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
   immichDomain = globals.services.immich.domain;
@@ -11368,18 +10161,8 @@ let
   certBase = "/etc/ssl";
   certsDir = "${certBase}/certs";
   privateDir = "${certBase}/private";
-  certPathBase = "${certsDir}/${serviceName}.crt";
-  certPath =
-    if config.swarselsystems.isImpermanence then
-      "/persist${certPathBase}"
-    else
-      "${certPathBase}";
-  keyPathBase = "${privateDir}/${serviceName}.key";
-  keyPath =
-    if config.swarselsystems.isImpermanence then
-      "/persist${keyPathBase}"
-    else
-      "${keyPathBase}";
+  certPath = "${certsDir}/${serviceName}.crt";
+  keyPath = "${privateDir}/${serviceName}.key";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11412,16 +10195,6 @@ in
 
     globals.services.${serviceName}.domain = serviceDomain;
 
-    environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
-      files = [
-        certPathBase
-        keyPathBase
-      ];
-    };
-
-    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
-      deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
-    };
     system.activationScripts."generateSSLCert-${serviceName}" =
       let
         daysValid = 3650;
@@ -11432,15 +10205,13 @@ in
           set -eu
 
           ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
-          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
           ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir}
-          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
 
           need_gen=0
-          if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
+          if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then
             need_gen=1
           else
-            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
+            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)"
             end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
             now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
             seconds_left=$(( end_epoch - now_epoch ))
@@ -11462,10 +10233,7 @@ in
             chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
           fi
         '';
-        deps = [
-          "etc"
-          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
-        ];
+        deps = [ "etc" ];
       };
 
     services = {
@@ -11476,9 +10244,9 @@ in
           domain = serviceDomain;
           origin = "https://${serviceDomain}";
           # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
-          tls_chain = certPathBase;
+          tls_chain = certPath;
           # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
-          tls_key = keyPathBase;
+          tls_key = keyPath;
           bindaddress = "0.0.0.0:${toString servicePort}";
           trust_x_forward_for = true;
         };
@@ -11508,7 +10276,6 @@ in
             "firefly.access" = { };
             "radicale.access" = { };
             "slink.access" = { };
-            "opkssh.access" = { };
           };
 
           inherit (config.repo.secrets.local) persons;
@@ -11603,23 +10370,6 @@ in
                   };
                 };
               };
-              opkssh = {
-                displayName = "OPKSSH";
-                originUrl = [
-                  "http://localhost:3000"
-                  "http://localhost:3000/login-callback"
-                  "http://localhost:10001/login-callback"
-                  "http://localhost:11110/login-callback"
-                ];
-                originLanding = "http://localhost:3000";
-                public = true;
-                enableLocalhostRedirects = true;
-                scopeMaps."opkssh.access" = [
-                  "openid"
-                  "email"
-                  "profile"
-                ];
-              };
               oauth2-proxy = {
                 displayName = "Oauth2-Proxy";
                 originUrl = "https://${oauth2ProxyDomain}/oauth2/callback";
@@ -11705,7 +10455,7 @@ in
 
    
 
    
 
    
-
    3.2.3.31. oauth2-proxy
    
+
    3.2.3.28. oauth2-proxy
    
 
    
 
    
 
    { lib, config, globals, ... }:
@@ -11937,7 +10687,7 @@ in
 
    
 
    
 
    
-
    3.2.3.32. Firefly-III
    
+
    3.2.3.29. Firefly-III
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -11947,7 +10697,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "firefly-iii";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   nginxGroup = "nginx";
 
@@ -12057,7 +10807,7 @@ in
 
    
 
    
 
    
-
    3.2.3.33. Koillection
    
+
    3.2.3.30. Koillection
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -12068,7 +10818,7 @@ let
   servicePort = 2282;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
   serviceDir = "/Vault/data/koillection";
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
@@ -12199,7 +10949,7 @@ in
 
    
 
    
 
    
-
    3.2.3.34. Atuin
    
+
    3.2.3.31. Atuin
    
 
    
 
    
 
    { lib, config, globals, ... }:
@@ -12207,7 +10957,7 @@ let
   servicePort = 8888;
   serviceName = "atuin";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -12257,7 +11007,7 @@ in
 
    
 
    
 
    
-
    3.2.3.35. Radicale
    
+
    3.2.3.32. Radicale
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -12269,7 +11019,7 @@ let
   serviceUser = "radicale";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   cfg = config.services.${serviceName};
 in
@@ -12338,15 +11088,9 @@ in
       };
     };
 
-    systemd.tmpfiles.settings."10-radicale" = {
-      "${cfg.settings.storage.filesystem_folder}" = {
-        d = {
-          group = serviceGroup;
-          user = serviceUser;
-          mode = "0750";
-        };
-      };
-    };
+    systemd.tmpfiles.rules = [
+      "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -"
+    ];
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -12384,7 +11128,7 @@ in
 
    
 
    
 
    
-
    3.2.3.36. croc
    
+
    3.2.3.33. croc
    
 
    
 
    
 
    { self, lib, config, pkgs, ... }:
@@ -12460,7 +11204,7 @@ in
 
    
 
    
 
    
-
    3.2.3.37. microbin
    
+
    3.2.3.34. microbin
    
 
    
 
    
 
    { self, lib, config, ... }:
@@ -12599,7 +11343,7 @@ in
 
    
 
    
 
    
-
    3.2.3.38. shlink
    
+
    3.2.3.35. shlink
    
 
    
 
    
 
    { self, lib, config, ... }:
@@ -12652,25 +11396,13 @@ in
       ];
     };
 
-    systemd.tmpfiles.settings."11-shlink" = builtins.listToAttrs (
-      map
-        (path: {
-          name = "${serviceDir}/${path}";
-          value = {
-            d = {
-              group = "root";
-              user = "1001";
-              mode = "0750";
-            };
-          };
-        }) [
-        "data"
-        "data/cache"
-        "data/locks"
-        "data/log"
-        "data/proxies"
-      ]
-    );
+    systemd.tmpfiles.rules = [
+      "d ${serviceDir}/data 0750 1001 root - -"
+      "d ${serviceDir}/data/cache 0750 1001 root - -"
+      "d ${serviceDir}/data/locks 0750 1001 root - -"
+      "d ${serviceDir}/data/log 0750 1001 root - -"
+      "d ${serviceDir}/data/proxies 0750 1001 root - -"
+    ];
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -12714,7 +11446,7 @@ in
 
    
 
    
 
    
-
    3.2.3.39. slink
    
+
    3.2.3.36. slink
    
 
    
 
    
 Deployment notes:
@@ -12757,22 +11489,10 @@ in
       ];
     };
 
-    systemd.tmpfiles.settings."12-slink" = builtins.listToAttrs (
-      map
-        (path: {
-          name = "${serviceDir}/${path}";
-          value = {
-            d = {
-              group = "root";
-              user = "root";
-              mode = "0750";
-            };
-          };
-        }) [
-        "var/data"
-        "images"
-      ]
-    );
+    systemd.tmpfiles.rules = [
+      "d ${serviceDir}/var/data 0750 root root - -"
+      "d ${serviceDir}/images   0750 root root - -"
+    ];
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -12822,7 +11542,7 @@ in
 
    
 
    
 
    
-
    3.2.3.40. Snipe-IT
    
+
    3.2.3.37. Snipe-IT
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -12836,7 +11556,7 @@ let
   serviceUser = "snipeit";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 
   mysqlPort = 3306;
 in
@@ -12901,7 +11621,7 @@ in
 
    
 
    
 
    
-
    3.2.3.41. Homebox
    
+
    3.2.3.38. Homebox
    
 
    
 
    
 
    { lib, pkgs, config, globals, ... }:
@@ -12909,7 +11629,7 @@ let
   servicePort = 7745;
   serviceName = "homebox";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -12962,166 +11682,6 @@ in
 
    
 
    
 
    
-
    
-
    3.2.3.42. OPKSSH
    
-
    
-
    
-
    { lib, config, globals, ... }:
-let
-  serviceName = "opkssh";
-  serviceUser = "opksshuser";
-  serviceGroup = serviceUser;
-
-  kanidmDomain = globals.services.kanidm.domain;
-
-  inherit (config.swarselsystems) mainUser;
-  inherit (config.repo.secrets.local) persons;
-in
-{
-  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    services.${serviceName} = {
-      enable = true;
-      user = serviceUser;
-      group = serviceGroup;
-      providers = {
-        kanidm = {
-          lifetime = "oidc";
-          issuer = "https://${kanidmDomain}/oauth2/openid/${serviceName}";
-          clientId = serviceName;
-        };
-      };
-      authorizations = [
-        {
-          user = mainUser;
-          principal = builtins.head persons.${mainUser}.mailAddresses;
-          inherit (config.services.opkssh.providers.kanidm) issuer;
-        }
-      ];
-    };
-
-  };
-
-}
-
    
-
    
-
    
-
    
-
    
-
    3.2.3.43. Garage
    
-
    
-
    
-Generate the admin token using openssl rand -base64 32.
-Generate the rpc token using openssl rand -hex 32.
-
    
-
-
    
-
    { self, lib, pkgs, config, configName, globals, ... }:
-let
-  sopsFile = self + /secrets/${configName}/secrets2.yaml;
-
-  serviceName = "garage";
-  servicePort = 3900;
-  serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}";
-  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
-
-  cfg = config.services.${serviceName};
-  metadata_dir = "/var/lib/garage/meta";
-in
-{
-  options = {
-    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
-    swarselsystems.server.${serviceName} = {
-      data_dir = lib.mkOption {
-        type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs);
-        default = "/var/lib/garage/data";
-      };
-    };
-  };
-  config = lib.mkIf config.swarselmodules.server.${serviceName} {
-
-    sops = {
-      secrets.garage-admin-token = { inherit sopsFile; };
-      secrets.garage-rpc-secret = { inherit sopsFile; };
-    };
-
-    environment = {
-      persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
-        { directory = metadata_dir; }
-      ];
-      systemPackages = [
-        cfg.package
-      ];
-    };
-
-    systemd.services.${serviceName}.serviceConfig = {
-      DynamicUser = false;
-      ProtectHome = lib.mkForce false;
-    };
-
-    services.${serviceName} = {
-      enable = true;
-      package = pkgs.garage_2;
-      settings = {
-        inherit (config.swarselsystems.${serviceName}) data_dir;
-        inherit metadata_dir;
-        db_engine = "lmdb";
-        block_size = "1MiB";
-        use_local_tz = false;
-
-        replication_factor = 2; # Number of copies of data
-
-        rpc_bind_addr = "[::]:3901";
-        rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317";
-        rpc_secret_file = config.sops.secrets.garage-rpc-secret.path;
-
-        s3_api = {
-          s3_region = "swarsel";
-          api_bind_addr = "0.0.0.0:${builtins.toString servicePort}";
-          root_domain = ".s3.garage.localhost";
-        };
-
-        admin = {
-          api_bind_addr = "0.0.0.0:3903";
-          admin_token_file = config.sops.secrets.garage-admin-token.path;
-        };
-
-        k2v_api = {
-          api_bind_addr = "[::]:3904";
-        };
-      };
-    };
-
-    nodes.moonside.services.nginx = {
-      upstreams = {
-        ${serviceName} = {
-          servers = {
-            "${serviceAddress}:${builtins.toString servicePort}" = { };
-          };
-        };
-      };
-      virtualHosts = {
-        "${serviceDomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          acmeRoot = null;
-          oauth2.enable = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${serviceName}";
-            };
-          };
-        };
-      };
-    };
-
-  };
-}
-
    
-
    
-
    
-
    
 
    
 
    
 
    3.2.4. Darwin
    
@@ -13501,10 +12061,6 @@ When setting up a new machine:
 
    
 
 
-- setup the work VPN:
-  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
-  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
-
 
    
 
    { self, lib, pkgs, config, configName, ... }:
 let
@@ -13744,8 +12300,8 @@ in
 
    
 
 
-
    
-
    3.2.5.11. microvm-host
    
+
    
+
    3.2.5.11. microvm-host
    
 
    
 
    
 Some standard options that should be set for every microvm host.
@@ -13754,26 +12310,25 @@ Some standard options that should be set for every microvm host.
 
    
 
    { lib, config, ... }:
 {
-  options = {
-    swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
-  };
-    # imports = [
-    #   inputs.microvm.nixosModules.host
-    # ];
+  options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
+  # imports = [
+  #   inputs.microvm.nixosModules.host
+  # ];
 
-  config = lib.mkIf (config.guests != {}) {
+  config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) {
 
     microvm = {
       hypervisor = lib.mkDefault "qemu";
     };
   };
+
 }
 
    
 
    
 
    
 
    
-
    
-
    3.2.5.12. microvm-guest
    
+
    
+
    3.2.5.12. microvm-guest
    
 
    
 
    
 Some standard options that should be set vor every microvm guest. We set the default
@@ -13790,6 +12345,58 @@ Some standard options that should be set vor every microvm guest. We set the def
   # ];
   config = lib.mkIf config.swarselmodules.optional.microvmGuest
     {
+      # imports = [
+      #   inputs.microvm.nixosModules.microvm
+
+      #   "${self}/profiles/nixos"
+      #   "${self}/modules/nixos"
+      # ];
+
+      boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ];
+
+      node.name = config;
+      documentation.enable = lib.mkForce false;
+
+      microvm = {
+        guest.enable = lib.mkForce true;
+        hypervisor = lib.mkDefault "qemu";
+        mem = lib.mkDefault 1024 * 4;
+        vcpu = lib.mkDefault 4;
+        optimize.enable = false;
+        writableStoreOverlay = "/nix/.rw-store";
+
+        # interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces (
+        #   _: { mac, hostLink, ...}:
+        #   {
+        #     type = "macvtap";
+        #     id = "vm-${replaceStrings [ ":" ] [ "" ] mac}";
+        #     inherit mac;
+        #     macvtap = {
+        #       link = hostLink;
+        #       mode = "bridge";
+        #     };
+        #   }
+        # );
+        shares =
+          [
+            {
+              source = "/nix/store";
+              mountPoint = "/nix/.ro-store";
+              tag = "ro-store";
+              proto = "virtiofs";
+            }
+          ];
+      };
+      # systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces (
+      #   name:
+      #   { mac, ... }:
+      #   {
+      #     "10-${name}".matchConfig = mkForce {
+      #       MACAddress = mac;
+      #     };
+      #   }
+      # );
+
     };
 }
 
@@ -13818,15 +12425,16 @@ in
    -
    -

    3.3.1. Steps to setup/upgrade home-manager only

    +
    +

    3.3.1. Steps to setup/upgrade home-manager only

    Steps to get a home-manager only setup up and running:

    -
    - (Optional) Install openssh-server
+
    +- (Optional) Install openssh-server
 - Set hostname to the name specified in the home-manager configuration
 - Install nix, either:
   - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '<nixpkgs>' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy`
@@ -13838,21 +12446,9 @@ Steps to get a home-manager only setup up and running:
   1) Clone dotfile repo & change into it
   2) `nix --extra-experimental-features 'nix-command flakes' develop`
   3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
+
    - -- (Optional) Install openssh-server -- Set hostname to the name specified in the home-manager configuration -- Install nix, either: - - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` - - (or installing nix freshly): - - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install - - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` -- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` -- For the first build: - 1) Clone dotfile repo & change into it - 2) `nix --extra-experimental-features 'nix-command flakes' develop` - 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
    @@ -13910,7 +12506,7 @@ Again, we adapt nix to our needs, enable the home-manager command f

    -
    { self, outputs, lib, pkgs, config, ... }:
+
    { self, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser flakePath isNixos isLinux;
 in
@@ -13934,7 +12530,7 @@ in
             };
           in
           ''
-                  plugin-files = ${nix-plugins}/lib/nix/plugins
+            plugin-files = ${nix-plugins}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '';
         settings = {
@@ -13959,24 +12555,7 @@ in
         };
       };
 
-      nixpkgs = lib.mkIf (!isNixos) {
-        overlays = [
-          outputs.overlays.default
-          (final: prev:
-            let
-              additions = final: _: import "${self}/pkgs/config" {
-                inherit self config lib;
-                pkgs = final;
-                homeConfig = config;
-              };
-            in
-            additions final prev
-          )
-        ];
-        config = {
-          allowUnfree = true;
-        };
-      };
+      nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null);
 
       programs = {
         # home-manager.enable = lib.mkIf (!isNixos) true;
@@ -14007,7 +12586,7 @@ in
             buildInputs = [ pkgs.makeWrapper ];
             paths = [ pkgs.home-manager ];
             postBuild = ''
-                  wrapProgram $out/bin/home-manager \
+              wrapProgram $out/bin/home-manager \
               --append-flags '--flake ${flakePath}#$(hostname)'
             '';
           })
@@ -14116,9 +12695,6 @@ This holds packages that I can use as provided, or with small modifications (as
       simple-scan
       cura-appimage
 
-      # ssh login using idm
-      opkssh
-
       # dict
       (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
 
@@ -14302,7 +12878,6 @@ This is just a separate container for derivations defined in 
 
 
    
-
    { lib, config, nixosConfig ? config, ... }:
+
    { lib, config, ... }:
 {
   options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
   config = lib.mkIf config.swarselmodules.ssh {
@@ -14436,7 +13013,43 @@ It is very convenient to have SSH aliases in place for machines that I use. This
           controlPath = "~/.ssh/master-%r@%n:%p";
           controlPersist = "no";
         };
-      } // nixosConfig.repo.secrets.common.ssh.hosts;
+        "pfsense" = {
+          hostname = "192.168.1.1";
+          user = "root";
+        };
+        "bakery" = {
+          hostname = "192.168.1.136";
+          user = "root";
+        };
+        "dgx" = {
+          hostname = "192.168.48.200";
+          user = "swarsel";
+        };
+        "winters" = {
+          hostname = "192.168.178.24";
+          user = "root";
+        };
+        "minecraft" = {
+          hostname = "130.61.119.129";
+          user = "opc";
+        };
+        "milkywell" = {
+          hostname = "193.122.53.173";
+          user = "root";
+        };
+        "moonside" = {
+          hostname = "130.61.238.239";
+          user = "root";
+        };
+        "songdiver" = {
+          hostname = "89.168.100.65";
+          user = "ubuntu";
+        };
+        "pkv" = {
+          hostname = "46.232.248.161";
+          user = "root";
+        };
+      };
     };
   };
 }
@@ -14841,8 +13454,8 @@ nix-index provides a way to find out which packages are provided by which deriva
    -
    -
    3.3.2.15. nix-your-shell
    +
    +
    3.3.2.15. nix-your-shell
    { lib, config, ... }:
@@ -15211,23 +13824,11 @@ The theme is handled by stylix.
   config = lib.mkIf config.swarselmodules.kitty {
     programs.kitty = {
       enable = true;
-      keybindings = let
-        bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key));
-      in bindWithModifier {
-        "page_up" = "scroll_page_up";
-        "up" = "scroll_page_up";
-        "page_down" = "scroll_page_down";
-        "down" = "scroll_page_down";
-        "w" = "no_op";
-      };
+      keybindings = { };
       settings = {
-        cursor_blink_interval = 0;
-        disable_ligatures = "cursor";
+        scrollback_lines = 10000;
         enable_audio_bell = false;
         notify_on_cmd_finish = "always 20";
-        open_url_with = "xdg-open";
-        scrollback_lines = 100000;
-        scrollback_pager_history_size = 512;
       };
     };
   };
@@ -15306,7 +13907,6 @@ in
             hg = "history | grep";
             hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
             nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
-            ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
             nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
             ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
             magit = "emacsclient -nc -e \"(magit-status)\"";
@@ -15318,8 +13918,7 @@ in
             hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
             youtube-dl = "yt-dlp";
             cat-orig = "cat";
-            # cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
-            cdr = "source cdr";
+            cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
             nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
             nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
             nix-ldd-locate = "nix-locate --minimal --top-level -w ";
@@ -15426,13 +14025,9 @@ in
    -
    -
    3.3.2.25. zellij
    -
    -
    -
    -
    3.3.2.25.1. Main config
    -
    +
    +
    3.3.2.25. zellij
    +
    { self, lib, config, pkgs, ... }:
 {
@@ -15441,43 +14036,6 @@ in
     programs.zellij = {
       enable = true;
       enableZshIntegration = true;
-      settings = {
-        pane_frames = false;
-        simplified_ui = false;
-        default_shell = "zsh";
-        copy_on_select = true;
-        on_force_close = "detach";
-        show_startup_tips = false;
-        support_kitty_keyboard_protocol = true;
-        default_layout = "swarsel";
-        layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts";
-        theme_dir = "${config.home.homeDirectory}/.config/zellij/themes";
-        scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines;
-        session_serialization = true;
-
-        copy_command =
-          if pkgs.stdenv.hostPlatform.isLinux then
-              "wl-copy"
-          else if pkgs.stdenv.hostPlatform.isDarwin then
-              "pbcopy"
-          else
-              "";
-        ui.pane_frames = {
-            rounded_corners = true;
-            hide_session_name = true;
-        };
-        plugins = {
-          tab-bar.path = "tab-bar";
-          status-bar.path = "status-bar";
-          strider.path = "strider";
-          compact-bar.path = "compact-bar";
-          # configuration.path = "configuration";
-          # filepicker.path = "strider";
-          # plugin-manager.path = "plugin-manager";
-          # session-manager.path = "session-manager";
-          # welcome-screen.path = "session-manager";
-        };
-      };
     };
 
     home.packages = with pkgs; [
@@ -15485,8 +14043,8 @@ in
     ];
 
     xdg.configFile = {
-      # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; };
-      "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; };
+      "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; };
+      "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; };
     };
   };
 
@@ -15495,1159 +14053,6 @@ in
    -
    -
    3.3.2.25.2. Keybinds
    -
    -
    -
    { lib, config, ... }:
-{
-  config = lib.mkIf config.swarselmodules.zellij {
-    programs.zellij = {
-      settings.keybinds = {
-        _props.clear-defaults = true;
-
-        locked = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl g" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-          ];
-        };
-
-        pane = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl p" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [{ MoveFocus._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [{ MoveFocus._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [{ MoveFocus._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [{ MoveFocus._args = [ "right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [{ MoveFocus._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [{ MoveFocus._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [{ MoveFocus._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [{ MoveFocus._args = [ "right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "d" ];
-                _children = [
-                  { NewPane._args = [ "down" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "e" ];
-                _children = [
-                  { TogglePaneEmbedOrFloating = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "f" ];
-                _children = [
-                  { ToggleFocusFullscreen = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "n" ];
-                _children = [
-                  { NewPane = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "p" ];
-                _children = [{ SwitchFocus = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "f12" ];
-                _children = [
-                  { ToggleFloatingPanes = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        tab = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl t" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [{ GoToPreviousTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [{ GoToNextTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [{ GoToPreviousTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [{ GoToNextTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "1" ];
-                _children = [
-                  { GoToTab._args = [ 1 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "2" ];
-                _children = [
-                  { GoToTab._args = [ 2 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "3" ];
-                _children = [
-                  { GoToTab._args = [ 3 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "4" ];
-                _children = [
-                  { GoToTab._args = [ 4 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "5" ];
-                _children = [
-                  { GoToTab._args = [ 5 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "6" ];
-                _children = [
-                  { GoToTab._args = [ 6 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "7" ];
-                _children = [
-                  { GoToTab._args = [ 7 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "8" ];
-                _children = [
-                  { GoToTab._args = [ 8 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "9" ];
-                _children = [
-                  { GoToTab._args = [ 9 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [{ GoToPreviousTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [{ GoToNextTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [{ GoToPreviousTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [{ GoToNextTab = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "n" ];
-                _children = [
-                  { NewTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "r" ];
-                _children = [
-                  { SwitchToMode._args = [ "renametab" ]; }
-                  { TabNameInput._args = [ 0 ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "s" ];
-                _children = [
-                  { ToggleActiveSyncTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "x" ];
-                _children = [
-                  { CloseTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        resize = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl n" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [{ Resize._args = [ "Increase left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [{ Resize._args = [ "Increase down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [{ Resize._args = [ "Increase up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [{ Resize._args = [ "Increase right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "+" ];
-                _children = [{ Resize._args = [ "Increase" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "-" ];
-                _children = [{ Resize._args = [ "Decrease" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "=" ];
-                _children = [{ Resize._args = [ "Increase" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "H" ];
-                _children = [{ Resize._args = [ "Decrease left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "J" ];
-                _children = [{ Resize._args = [ "Decrease down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "K" ];
-                _children = [{ Resize._args = [ "Decrease up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "L" ];
-                _children = [{ Resize._args = [ "Decrease right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [{ Resize._args = [ "Increase left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [{ Resize._args = [ "Increase down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [{ Resize._args = [ "Increase up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [{ Resize._args = [ "Increase right" ]; }];
-              };
-            }
-          ];
-        };
-
-        move = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl h" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [{ MovePane._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [{ MovePane._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [{ MovePane._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [{ MovePane._args = [ "right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [{ MovePane._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [{ MovePane._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [{ MovePane._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [{ MovePane._args = [ "right" ]; }];
-              };
-            }
-          ];
-        };
-
-        scroll = {
-          _children = [
-            {
-              bind = {
-                _args = [ "e" ];
-                _children = [
-                  { EditScrollback = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "s" ];
-                _children = [
-                  { SwitchToMode._args = [ "entersearch" ]; }
-                  { SearchInput._args = [ 0 ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        search = {
-          _children = [
-            {
-              bind = {
-                _args = [ "c" ];
-                _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "n" ];
-                _children = [{ Search._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "o" ];
-                _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "p" ];
-                _children = [{ Search._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "w" ];
-                _children = [{ SearchToggleOption._args = [ "Wrap" ]; }];
-              };
-            }
-          ];
-        };
-
-        session = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl o" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "c" ];
-                _children = [
-                  {
-                    LaunchOrFocusPlugin._args = [ "configuration" ];
-                    LaunchOrFocusPlugin._children = [
-                      { floating._args = [ true ]; }
-                      { move_to_focused_tab._args = [ true ]; }
-                    ];
-                  }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "p" ];
-                _children = [
-                  {
-                    LaunchOrFocusPlugin._args = [ "plugin-manager" ];
-                    LaunchOrFocusPlugin._children = [
-                      { floating._args = [ true ]; }
-                      { move_to_focused_tab._args = [ true ]; }
-                    ];
-                  }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "w" ];
-                _children = [
-                  {
-                    LaunchOrFocusPlugin._args = [ "session-manager" ];
-                    LaunchOrFocusPlugin._children = [
-                      { floating._args = [ true ]; }
-                      { move_to_focused_tab._args = [ true ]; }
-                    ];
-                  }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Alt left" ];
-                _children = [{ MoveFocusOrTab._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt down" ];
-                _children = [{ MoveFocus._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt up" ];
-                _children = [{ MoveFocus._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt right" ];
-                _children = [{ MoveFocusOrTab._args = [ "right" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt +" ];
-                _children = [{ Resize._args = [ "Increase" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt -" ];
-                _children = [{ Resize._args = [ "Decrease" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt =" ];
-                _children = [{ Resize._args = [ "Increase" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt r" ];
-                _children = [
-                  {
-                    WriteChars._args = [ "source cdr" ];
-                  }
-                  {
-                    WriteChars._args = [ "\n" ];
-                  }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt f" ];
-                _children = [{ ToggleFloatingPanes = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl g" ];
-                _children = [{ SwitchToMode._args = [ "locked" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt h" ];
-                _children = [{ MoveFocusOrTab._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt i" ];
-                _children = [{ MoveTab._args = [ "left" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt j" ];
-                _children = [{ MoveFocus._args = [ "down" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt k" ];
-                _children = [{ MoveFocus._args = [ "up" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt p" ];
-                _children = [{ NewPane = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Alt n" ];
-                _children = [{ NewTab = { }; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"move\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl h" ];
-                _children = [{ SwitchToMode._args = [ "move" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"session\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl o" ];
-                _children = [{ SwitchToMode._args = [ "session" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl b" ];
-                _children = [{ SwitchToMode._args = [ "tmux" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"scroll\" \"search\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl s" ];
-                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"tab\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl t" ];
-                _children = [{ SwitchToMode._args = [ "tab" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"pane\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl p" ];
-                _children = [{ SwitchToMode._args = [ "pane" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"locked\" \"resize\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl n" ];
-                _children = [{ SwitchToMode._args = [ "resize" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"normal\" \"locked\" \"entersearch\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "enter" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "esc" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-          ];
-        };
-
-        "shared_among \"pane\" \"tmux\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "x" ];
-                _children = [
-                  { CloseFocus = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        "shared_among \"scroll\" \"search\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "PageDown" ];
-                _children = [{ PageScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "PageUp" ];
-                _children = [{ PageScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [{ PageScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [{ ScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [{ ScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [{ PageScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl b" ];
-                _children = [{ PageScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl c" ];
-                _children = [
-                  { ScrollToBottom = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "d" ];
-                _children = [{ HalfPageScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl f" ];
-                _children = [{ PageScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [{ PageScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [{ ScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [{ ScrollUp = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [{ PageScrollDown = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl s" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "u" ];
-                _children = [{ HalfPageScrollUp = { }; }];
-              };
-            }
-          ];
-        };
-
-        entersearch = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl c" ];
-                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "esc" ];
-                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "enter" ];
-                _children = [{ SwitchToMode._args = [ "search" ]; }];
-              };
-            }
-          ];
-        };
-
-        renametab = {
-          _children = [
-            {
-              bind = {
-                _args = [ "esc" ];
-                _children = [
-                  { UndoRenameTab = { }; }
-                  { SwitchToMode._args = [ "tab" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        "shared_among \"renametab\" \"renamepane\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "Ctrl c" ];
-                _children = [{ SwitchToMode._args = [ "normal" ]; }];
-              };
-            }
-          ];
-        };
-
-        renamepane = {
-          _children = [
-            {
-              bind = {
-                _args = [ "esc" ];
-                _children = [
-                  { UndoRenamePane = { }; }
-                  { SwitchToMode._args = [ "pane" ]; }
-                ];
-              };
-            }
-          ];
-        };
-
-        "shared_among \"session\" \"tmux\"" = {
-          _children = [
-            {
-              bind = {
-                _args = [ "d" ];
-                _children = [{ Detach = { }; }];
-              };
-            }
-          ];
-        };
-
-        tmux = {
-          _children = [
-            {
-              bind = {
-                _args = [ "left" ];
-                _children = [
-                  { MoveFocus._args = [ "left" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "down" ];
-                _children = [
-                  { MoveFocus._args = [ "down" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "up" ];
-                _children = [
-                  { MoveFocus._args = [ "up" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "right" ];
-                _children = [
-                  { MoveFocus._args = [ "right" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "space" ];
-                _children = [{ NextSwapLayout = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "\"" ];
-                _children = [
-                  { NewPane._args = [ "down" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "%" ];
-                _children = [
-                  { NewPane._args = [ "right" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "," ];
-                _children = [{ SwitchToMode._args = [ "renametab" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "[" ];
-                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "Ctrl b" ];
-                _children = [
-                  { Write._args = [ 2 ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "c" ];
-                _children = [
-                  { NewTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "h" ];
-                _children = [
-                  { MoveFocus._args = [ "left" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "j" ];
-                _children = [
-                  { MoveFocus._args = [ "down" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "k" ];
-                _children = [
-                  { MoveFocus._args = [ "up" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "l" ];
-                _children = [
-                  { MoveFocus._args = [ "right" ]; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "n" ];
-                _children = [
-                  { GoToNextTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "o" ];
-                _children = [{ FocusNextPane = { }; }];
-              };
-            }
-            {
-              bind = {
-                _args = [ "p" ];
-                _children = [
-                  { GoToPreviousTab = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-            {
-              bind = {
-                _args = [ "z" ];
-                _children = [
-                  { ToggleFocusFullscreen = { }; }
-                  { SwitchToMode._args = [ "normal" ]; }
-                ];
-              };
-            }
-          ];
-        };
-      };
-    };
-  };
-
-}
-
    -
    -
    -
    -
    3.3.2.26. tmux
    @@ -16975,7 +14380,7 @@ Lastly, I am defining some more packages here that the parser has problems findi 
    { self, lib, config, pkgs, globals, inputs, ... }:
 let
-  inherit (config.swarselsystems) homeDir mainUser isPublic isNixos;
+  inherit (config.swarselsystems) homeDir isPublic isNixos;
   inherit (config.repo.secrets.common.emacs) radicaleUser;
 in
 {
@@ -16984,31 +14389,6 @@ in
     # needed for elfeed
     # enable emacs overlay for bleeding edge features
     # also read init.el file and install use-package packages
-
-    home.activation.setupEmacsOrgFiles =
-      lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-        set -eu
-
-        if [ ! -d ${homeDir}/Org ]; then
-          ${pkgs.coreutils}/bin/install -d -m 0755 ${homeDir}/Org
-          ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org
-        fi
-
-        # create dummy files to make Emacs calendar work
-        # these have low modified dates and should be marked as sync-conflicts
-        for file in "Tasks" "Archive" "Journal"; do
-          if [ ! -f ${homeDir}/Org/"$file".org ]; then
-            ${pkgs.coreutils}/bin/touch --time=access --time=modify -t 197001010000.00 ${homeDir}/Org/"$file".org
-            ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org/"$file".org
-          fi
-        done
-
-        # when the configuration is build again, these sync-conflicts will be cleaned up
-        for file in $(find ${homeDir}/Org/ -name "*sync-conflict*"); do
-          ${pkgs.coreutils}/bin/rm "$file"
-        done
-      '';
-
     programs.emacs = {
       enable = true;
       package = pkgs.emacsWithPackagesFromUsePackage {
@@ -17800,8 +15180,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.6. blueman-applet
    +
    +
    3.3.2.31.6. blueman-applet
    { lib, config, ... }:
@@ -17815,8 +15195,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.7. network-manager-applet
    +
    +
    3.3.2.31.7. network-manager-applet
    { lib, config, ... }:
@@ -17831,8 +15211,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.8. obsidian service for tray
    +
    +
    3.3.2.31.8. obsidian service for tray
    { lib, config, ... }:
@@ -17866,8 +15246,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.9. anki service for tray
    +
    +
    3.3.2.31.9. anki service for tray

    Sets up a systemd user service for anki that does not stall the shutdown process. Note that the outcommented ExecStart does not work because the home-manager anki package builds a separate anki package that - I think - cannot be referenced as no such expression exists in the module. @@ -17914,8 +15294,8 @@ Sets up a systemd user service for anki that does not stall the shutdown process

    -
    -
    3.3.2.31.10. element service for tray
    +
    +
    3.3.2.31.10. element service for tray
    { lib, config, pkgs, ... }:
@@ -17949,8 +15329,8 @@ Sets up a systemd user service for anki that does not stall the shutdown process
    -
    -
    3.3.2.31.11. vesktop service for tray
    +
    +
    3.3.2.31.11. vesktop service for tray
    { lib, config, pkgs, ... }:
@@ -17979,134 +15359,6 @@ Sets up a systemd user service for anki that does not stall the shutdown process
     };
   };
 
-}
-
    -
    -
    -
    -
    -
    3.3.2.31.12. syncthing service for tray
    -
    -
    -
    { lib, config, pkgs, ... }:
-{
-  options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray";
-  config = lib.mkIf config.swarselmodules.syncthing-tray {
-
-    home.activation.setupSyncthingIni =
-      let
-        syncthingApiEnvVarName = "SYNCTHING_API_KEY";
-        syncthingIni = {
-          file = "${config.home.homeDirectory}/.config/syncthingtray.ini";
-          content = ''
-            [General]
-            v=2.0.2
-
-            [qt]
-            customfont=false
-            customicontheme=false
-            customlocale=false
-            custompalette=false
-            customstylesheet=false
-            customwidgetstyle=false
-            font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1"
-            icontheme=hicolor
-            iconthemepath=
-            locale=en_US
-            palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)"
-            plugindir=
-            stylesheetpath=
-            trpath=
-            widgetstyle=
-
-            [startup]
-            considerForReconnect=false
-            considerLauncherForReconnect=false
-            showButton=false
-            showLauncherButton=false
-            stopOnMetered=false
-            stopServiceOnMetered=false
-            syncthingArgs="serve --no-browser --logflags=3"
-            syncthingAutostart=false
-            syncthingPath=syncthing
-            syncthingUnit=syncthing.service
-            systemUnit=false
-            useLibSyncthing=false
-
-            [tray]
-            connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName})
-            connections\1\authEnabled=falsex
-            connections\1\autoConnect=true
-            connections\1\devStatsPollInterval=60000
-            connections\1\diskEventLimit=200
-            connections\1\errorsPollInterval=30000
-            connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem
-            connections\1\label=Primary instance
-            connections\1\localPath=
-            connections\1\longPollingTimeout=0
-            connections\1\password=
-            connections\1\pauseOnMetered=false
-            connections\1\reconnectInterval=30000
-            connections\1\requestTimeout=0
-            connections\1\statusComputionFlags=123
-            connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress}
-            connections\1\trafficPollInterval=5000
-            connections\1\userName=
-            connections\size=1
-            dbusNotifications=true
-            distinguishTrayIcons=false
-            frameStyle=16
-            ignoreInavailabilityAfterStart=15
-            notifyOnDisconnect=true
-            notifyOnErrors=true
-            notifyOnLauncherErrors=true
-            notifyOnLocalSyncComplete=false
-            notifyOnNewDeviceConnects=false
-            notifyOnNewDirectoryShared=false
-            notifyOnRemoteSyncComplete=false
-            positioning\assumedIconPos=@Point(0 0)
-            positioning\useAssumedIconPosition=false
-            positioning\useCursorPos=true
-            preferIconsFromTheme=false
-            showDownloads=false
-            showSyncthingNotifications=true
-            showTabTexts=true
-            showTraffic=true
-            statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff"
-            statusIconsRenderSize=@Size(32 32)
-            statusIconsStrokeWidth=0
-            tabPos=1
-            trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff"
-            trayIconsRenderSize=@Size(32 32)
-            trayIconsStrokeWidth=0
-            trayMenuSize=@Size(575 475)
-            usePaletteForStatusIcons=false
-            usePaletteForTrayIcons=false
-            windowType=0
-
-            [webview]
-            customCommand=
-            disabled=false
-            mode=0
-
-          '';
-        };
-      in
-      lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-        set -eu
-
-        if [ ! -f ${syncthingIni.file} ]; then
-        cat >${syncthingIni.file} <<'EOF'
-        ${syncthingIni.content}
-        EOF
-        export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key)
-        ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file}
-        unset ${syncthingApiEnvVarName}
-        fi
-      '';
-
-  };
-
 }
    @@ -18252,83 +15504,83 @@ Currently, I am too lazy to explain every option here, but most of it is very se in lib.recursiveUpdate { - "${modifier}+0" = "workspace 10:十"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Down" = "focus down"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Left" = "focus left"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Right" = "focus right"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + # "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Up" = "focus up"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+f" = "exec firefox"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+x" = "exec swarselcheck -k"; - # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; @@ -18765,12 +16017,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; - } // { - programs.niri = lib.mkIf (!config.swarselmodules.niri) { - package = null; - config = null; - settings = null; - }; }; } @@ -18822,7 +16068,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = config.swarselsystems.sharescreen; + criteria = "eDP-2"; status = "enable"; scale = 1.0; } @@ -18908,13 +16154,6 @@ When setting up a new machine:
    -- setup gpgsm for signing of mails using S/MIME: - - `gpgsm --import ~/Certificates/.p12` - - `gpgsm --import ~/Certificates/harica-root.pem` - - `gpgsm --import ~/Certificates/harica-intermediate.pem` - - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` - - trust the certificate and set passphrase - 
    { self, lib, config, pkgs, ... }:
 let
@@ -18955,15 +16194,9 @@ in
     };
 
     # assure correct permissions
-    systemd.user.tmpfiles.settings."30-gpgagent".rules = {
-      "${homeDir}/.gnupg" = {
-        d = {
-          group = "users";
-          user = mainUser;
-          mode = "0700";
-        };
-      };
-    };
+    systemd.user.tmpfiles.rules = [
+      "d ${homeDir}/.gnupg 700 ${mainUser} users"
+    ];
   };
 
 }
@@ -19028,8 +16261,8 @@ in
    -
    -
    3.3.2.38. Obsidian
    +
    +
    3.3.2.38. Obsidian
    { lib, config, pkgs, nixosConfig ? config, ... }:
@@ -19189,8 +16422,8 @@ in
    -
    -
    3.3.2.39. Anki
    +
    +
    3.3.2.39. Anki
    { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
@@ -19263,8 +16496,8 @@ in
    -
    -
    3.3.2.40. Element-desktop
    +
    +
    3.3.2.40. Element-desktop
    { lib, config, ... }:
@@ -19300,8 +16533,8 @@ in
    -
    -
    3.3.2.41. Hexchat
    +
    +
    3.3.2.41. Hexchat
    { lib, config, nixosConfig ? config, ... }:
@@ -19325,8 +16558,8 @@ in
    -
    -
    3.3.2.42. obs-studio
    +
    +
    3.3.2.42. obs-studio
    { lib, config, ... }:
@@ -19346,8 +16579,8 @@ in
    -
    -
    3.3.2.43. spotify-player
    +
    +
    3.3.2.43. spotify-player
    { lib, config, ... }:
@@ -19367,8 +16600,8 @@ in
    -
    -
    3.3.2.44. vesktop
    +
    +
    3.3.2.44. vesktop
    { lib, pkgs, config, ... }:
@@ -19455,8 +16688,8 @@ in
    -
    -
    3.3.2.45. batsignal
    +
    +
    3.3.2.45. batsignal
    { lib, config, ... }:
@@ -19488,8 +16721,8 @@ in
    -
    -
    3.3.2.46. autotiling
    +
    +
    3.3.2.46. autotiling
    { lib, config, ... }:
@@ -19510,8 +16743,8 @@ in
    -
    -
    3.3.2.47. swayidle
    +
    +
    3.3.2.47. swayidle
    { lib, config, pkgs, ... }:
@@ -19552,8 +16785,8 @@ in
    -
    -
    3.3.2.48. swaylock
    +
    +
    3.3.2.48. swaylock
    { lib, config, pkgs, ... }:
@@ -19576,44 +16809,6 @@ in
     };
   };
 
-}
-
    -
    -
    -
    -
    -
    3.3.2.49. opkssh
    -
    -
    -
    { lib, config, ... }:
-let
-  moduleName = "opkssh";
-in
-{
-  options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
-  config = lib.mkIf config.swarselmodules.${moduleName} {
-    programs.${moduleName} = {
-      enable = true;
-      settings = {
-        default_provider = "kanidm";
-
-        providers = [
-          {
-            alias = "kanidm";
-            issuer = "https://sso.swarsel.win/oauth2/openid/opkssh";
-            client_id = "opkssh";
-            scopes = "openid email profile";
-            redirect_uris = [
-              "http://localhost:3000/login-callback"
-              "http://localhost:10001/login-callback"
-              "http://localhost:11110/login-callback"
-            ];
-          }
-        ];
-      };
-    };
-  };
-
 }
    @@ -19814,44 +17009,32 @@ When setting up a new machine:
    -- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - - `pizauth auth ` - - `pizauth dump > ~/.pizauth.state` -
    -
    { self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }:
+
    { self, config, pkgs, lib, vars, nixosConfig ? config, ... }:
 let
-  inherit (config.swarselsystems) homeDir mainUser;
+  inherit (config.swarselsystems) homeDir;
   inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses;
   inherit (nixosConfig.repo.secrets.local.work) mailAddress;
-
-  certsSopsFile = self + /secrets/certs/secrets.yaml;
 in
 {
   options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
   config = lib.mkIf config.swarselmodules.optional.work
-    ({
-      home = {
-        packages = with pkgs; [
-          stable.teams-for-linux
-          shellcheck
-          dig
-          docker
-          postman
-          # rclone
-          libguestfs-with-appliance
-          prometheus.cli
-          tigervnc
-          # openstackclient
+    {
+      home.packages = with pkgs; [
+        stable.teams-for-linux
+        shellcheck
+        dig
+        docker
+        postman
+        # rclone
+        libguestfs-with-appliance
+        prometheus.cli
+        tigervnc
+        # openstackclient
 
-          vscode
+        vscode
+      ];
 
-          rustdesk-vbc
-        ];
-        sessionVariables = {
-          AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path;
-        };
-      };
       systemd.user.sessionVariables = {
         DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
       } // lib.optionalAttrs (!config.swarselsystems.isPublic) {
@@ -19934,23 +17117,6 @@ in
       #   };
       # };
 
-      wayland.windowManager.sway =
-        let
-          inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress;
-        in
-        {
-          config = {
-            keybindings =
-              let
-                inherit (config.wayland.windowManager.sway.config) modifier;
-              in
-              {
-                "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}";
-                "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}";
-              };
-          };
-        };
-
       stylix = {
         targets.firefox.profileNames =
           let
@@ -20473,16 +17639,7 @@ in
         };
 
       };
-    } // lib.optionalAttrs (inputs ? sops) {
-      sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
-        harica-root-ca = {
-          sopsFile = certsSopsFile;
-          path = "${homeDir}/.aws/certs/harica-root.pem";
-          owner = mainUser;
-        };
-      };
-
-    });
+    };
 
 }
 
@@ -20907,9 +18064,10 @@ In short, the options defined here are passed to the modules systems using
    -
    -

    3.4.3. Packages

    -
    +
    +
    +

    3.5. Packages

    +

    This is the central station for self-defined packages. These are all referenced in default.nix. Wherever possible, I am keeping the shell version of these scripts in this file as well and then read it using builtin.readFile in the NixOS configurations. This lets me keep full control in this one file but also keep the separate files uncluttered.

    @@ -20917,21 +18075,17 @@ This is the central station for self-defined packages. These are all referenced

    Note: The structure of generating the packages was changed in commit 2cf03a3 refactor: package and module generation. That commit can be checked out in order to see a simpler version of achieving the same thing.

    -
    -
    -
    -

    3.4.4. Packages (flake)

    -
    + 
    { self, lib, pkgs, ... }:
 let
   mkPackages = names: pkgs: builtins.listToAttrs (map
     (name: {
       inherit name;
-      value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; };
+      value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; };
     })
     names);
-  packageNames = lib.swarselsystems.readNix "pkgs/flake";
+  packageNames = lib.swarselsystems.readNix "pkgs";
 in
 mkPackages packageNames pkgs
 
@@ -20939,9 +18093,9 @@ mkPackages packageNames pkgs
    -
    -
    3.4.4.1. pass-fuzzel
    -
    +
    +

    3.5.1. pass-fuzzel

    +

    This app allows me, in conjunction with my Yubikey, to quickly enter passwords when the need arises. Normal and TOTP passwords are supported, and they can either be printed directly or copied to the clipboard.

    @@ -21013,40 +18167,9 @@ writeShellApplication {
    -
    -
    3.4.4.2. quickpass
    -
    -
    -
    shopt -s nullglob globstar
-
-notify-send "$(env | grep -E 'WAYLAND|SWAY')"
-
-password="$1"
-
-pass show "$password" | {
-    IFS= read -r pass
-    printf %s "$pass"
-} | wtype -
-
-notify-send -u critical -a pass -t 1000 "Typed Password"
-
    -
    - -
    -
    { self, name, writeShellApplication, libnotify, pass, wtype }:
-writeShellApplication {
-  inherit name;
-  runtimeInputs = [ libnotify pass wtype ];
-  text = builtins.readFile "${self}/files/scripts/${name}.sh";
-}
-
-
    -
    -
    -
    -
    -
    3.4.4.3. cura5
    -
    +
    +

    3.5.2. cura5

    +

    The version of cura used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead.

    @@ -21087,9 +18210,9 @@ writeScriptBin "cura" ''
    -
    -
    3.4.4.4. hm-specialisation
    -
    +
    +

    3.5.3. hm-specialisation

    +

    This script allows for quick git home-manager specialisation switching.

    @@ -21113,9 +18236,9 @@ writeShellApplication {
    -
    -
    3.4.4.5. cdw
    -
    +
    +

    3.5.4. cdw

    +

    This script allows for quick git worktree switching.

    @@ -21137,9 +18260,9 @@ writeShellApplication {
    -
    -
    3.4.4.6. cdb
    -
    +
    +

    3.5.5. cdb

    +

    This script allows for quick git branch switching.

    @@ -21159,9 +18282,9 @@ writeShellApplication {
    -
    -
    3.4.4.7. bak
    -
    +
    +

    3.5.6. bak

    +

    This script lets me quickly backup files by appending .bak to the filename.

    @@ -21182,9 +18305,9 @@ writeShellApplication {
    -
    -
    3.4.4.8. timer
    -
    +
    +

    3.5.7. timer

    +

    This app starts a configuratble timer and uses TTS to say something once the timer runs out.

    @@ -21205,9 +18328,9 @@ writeShellApplication {
    -
    -
    3.4.4.9. e
    -
    +
    +

    3.5.8. e

    +

    This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm scratchpad window that I sometimes use for calling a command quickly, in case it is on the screen. After emacs closes, the kittyterm window is then shown again if it was visible earlier.

    @@ -21251,9 +18374,9 @@ writeShellApplication {
    -
    -
    3.4.4.10. command-not-found
    -
    +
    +

    3.5.9. command-not-found

    +

    The normal command-not-found.sh uses the outdated nix-shell commands as suggestions. This version supplies me with the more modern nixpkgs#<name> version.

    @@ -21297,9 +18420,9 @@ command_not_found_handler() {
    -
    -
    3.4.4.11. swarselcheck
    -
    +
    +

    3.5.10. swarselcheck

    +

    This app checks for different apps that I keep around in the scratchpad for quick viewing and hiding (messengers and music players mostly) and then behaves like the kittyterm hider that I described in e.

    @@ -21382,9 +18505,9 @@ writeShellApplication {
    -
    -
    3.4.4.12. swarselcheck-niri
    -
    +
    +

    3.5.11. swarselcheck-niri

    +
    while :; do
     case ${1:-} in
@@ -21437,9 +18560,9 @@ writeShellApplication {
    -
    -
    3.4.4.13. swarselzellij
    -
    +
    +

    3.5.12. swarselzellij

    +
    # KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
 
@@ -21464,9 +18587,9 @@ writeShellApplication {
    -
    -
    3.4.4.14. waybarupdate
    -
    +
    +

    3.5.13. waybarupdate

    +

    This scripts checks if there are uncommited changes in either my dotfile repo, my university repo, or my passfile repo. In that case a warning will be shown in waybar.

    @@ -21511,9 +18634,9 @@ writeShellApplication {
    -
    -
    3.4.4.15. opacitytoggle
    -
    +
    +

    3.5.14. opacitytoggle

    +

    This app quickly toggles between 5% and 0% transparency.

    @@ -21538,9 +18661,9 @@ writeShellApplication {
    -
    -
    3.4.4.16. fs-diff
    -
    +
    +

    3.5.15. fs-diff

    +

    This utility is used to compare the current state of the root directory with the blanket state that is stored in /root-blank (the snapshot that is restored on each reboot of an impermanence machine). Using this, I can find files that I will lose once I reboot - if there are important files in that list, I can then easily add them to the persist options.

    @@ -21579,9 +18702,9 @@ writeShellApplication {
    -
    -
    3.4.4.17. github-notifications
    -
    +
    +

    3.5.16. github-notifications

    +

    This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.

    @@ -21605,9 +18728,9 @@ writeShellApplication {
    -
    -
    3.4.4.18. kanshare
    -
    +
    +

    3.5.17. kanshare

    +

    This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.

    @@ -21629,9 +18752,9 @@ writeShellApplication {
    -
    -
    3.4.4.19. swarsel-bootstrap
    -
    +
    +

    3.5.18. swarsel-bootstrap

    +

    This program sets up a new NixOS host remotely. It also takes care of secret management on the new host.

    @@ -21642,7 +18765,6 @@ set -eo pipefail target_hostname="" target_destination="" -target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -21658,7 +18780,6 @@ function help_and_exit() { echo "ARGS:" echo " -n <target_hostname> specify target_hostname of the target host to deploy the nixos config on." echo " -d <target_destination> specify ip or url to the target host." - echo " -a <targeit_arch> specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -21741,10 +18862,6 @@ while [[ $# -gt 0 ]]; do shift target_destination=$1 ;; - -a) - shift - target_arch=$1 - ;; -u) shift target_user=$1 @@ -21765,11 +18882,6 @@ while [[ $# -gt 0 ]]; do shift done -if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then - red "error: target_arch, target_destination or target_hostname not set." - help_and_exit -fi - green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -21824,7 +18936,6 @@ if [ ! -d "$FLAKE" ]; then fi cd "$FLAKE" - rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ @@ -21862,13 +18973,8 @@ fi green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" -mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" -$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -# ------------------------ -# green "Generating hostkey for ssh initrd" -# $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" -# $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" -# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" +mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" +$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -21933,7 +19039,7 @@ if yes_or_no "Do you want to manually edit .sops.yaml now?"; then fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml -sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc +sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -21992,10 +19098,10 @@ fi green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push @@ -22019,14 +19125,13 @@ writeShellApplication {
    -
    -
    3.4.4.20. swarsel-rebuild
    -
    +
    +

    3.5.19. swarsel-rebuild

    +
    set -eo pipefail
 
-target_config="hotel"
-target_arch=""
+target_config="chaostheatre"
 target_user="swarsel"
 
 function help_and_exit() {
@@ -22036,11 +19141,10 @@ function help_and_exit() {
     echo "USAGE: $0 [OPTIONS]"
     echo
     echo "ARGS:"
-    echo "  -n <target_config>                      specify nixos config to build."
-    echo "                                          Default: hotel"
+    echo "  -n <target_config>                       specify nixos config to build."
+    echo "                                          Default: chaostheatre"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
-    echo "  -a <target_arch>                        specify target architecture."
     echo "  -h | --help                             Print this help."
     exit 0
 }
@@ -22070,10 +19174,6 @@ while [[ $# -gt 0 ]]; do
         shift
         target_config=$1
         ;;
-    -a)
-        shift
-        target_arch=$1
-        ;;
     -u)
         shift
         target_user=$1
@@ -22087,11 +19187,6 @@ while [[ $# -gt 0 ]]; do
     shift
 done
 
-if [[ $target_arch == "" ]]; then
-    red "error: target_arch not set."
-    help_and_exit
-fi
-
 cd /home/"$target_user"
 
 if [ ! -d /home/"$target_user"/.dotfiles ]; then
@@ -22119,7 +19214,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
     rm modules/home/common/mail.nix
     rm modules/home/common/yubikey.nix
     rm modules/nixos/server/restic.nix
-    rm hosts/nixos/aarch64-linux/milkywell/default.nix
+    rm hosts/nixos/milkywell/default.nix
     rm -rf modules/nixos/server
     rm -rf modules/home/server
     nix flake update vbc-nix
@@ -22127,8 +19222,8 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
 else
     green "Valid SSH key found! Continuing with installation"
 fi
-sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/
-git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix
+sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
+git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
 
 green "Installing flake $target_config"
 sudo nixos-rebuild --show-trace --flake .#"$target_config" boot
@@ -22149,9 +19244,9 @@ writeShellApplication {
    -
    -
    3.4.4.21. swarsel-install
    -
    +
    +

    3.5.20. swarsel-install

    +

    Autoformatting always puts the EOF with indentation, which makes shfmt check fail. When editing this block, unindent them manually.

    @@ -22159,10 +19254,9 @@ Autoformatting always puts the EOF with indentation, which makes sh 
    set -eo pipefail
 
-target_config="hotel"
-target_hostname="hotel"
+target_config="chaostheatre"
+target_hostname="chaostheatre"
 target_user="swarsel"
-target_arch=""
 persist_dir=""
 target_disk="/dev/vda"
 disk_encryption=0
@@ -22175,12 +19269,11 @@ function help_and_exit() {
     echo
     echo "ARGS:"
     echo "  -n <target_config>                      specify the nixos config to deploy."
-    echo "                                          Default: hotel"
+    echo "                                          Default: chaostheatre"
     echo "  -d <target_disk>                        specify disk to install on."
     echo "                                          Default: /dev/vda"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
-    echo "  -a <target_arch>                        specify target architecture."
     echo "  -h | --help                             Print this help."
     exit 0
 }
@@ -22219,10 +19312,6 @@ while [[ $# -gt 0 ]]; do
         shift
         target_disk=$1
         ;;
-    -a)
-        shift
-        target_arch=$1
-        ;;
     -h | --help) help_and_exit ;;
     *)
         echo "Invalid option detected."
@@ -22238,11 +19327,6 @@ function cleanup() {
 }
 trap cleanup exit
 
-if [[ $target_arch == "" || $target_hostname == "" ]]; then
-    red "error: target_arch or target_hostname not set."
-    help_and_exit
-fi
-
 green "~SwarselSystems~ local installer"
 
 cd /home/"$target_user"
@@ -22322,7 +19406,7 @@ if [ "$disk_encryption" -eq 1 ]; then
 fi
 
 green "Setting up disk ..."
-if [[ $target_config == "hotel" ]]; then
+if [[ $target_config == "chaostheatre" ]]; then
     sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk"
 else
     sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks
@@ -22332,9 +19416,9 @@ sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user
 sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user"
 
 green "Generating hardware configuration ..."
-sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/
+sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
 
-git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix
+git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
 sudo mkdir -p /root/.local/share/nix/
 printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null
 green "Installing flake $target_config"
@@ -22362,13 +19446,13 @@ writeShellApplication {
    -
    -
    3.4.4.22. swarsel-postinstall
    -
    +
    +

    3.5.21. swarsel-postinstall

    +
    set -eo pipefail
 
-target_config="hotel"
+target_config="chaostheatre"
 target_user="swarsel"
 
 function help_and_exit() {
@@ -22380,8 +19464,8 @@ function help_and_exit() {
     echo "ARGS:"
     echo "  -d <disk>                               specify disk to install on."
     echo "  -n <target_config>                      specify the nixos config to deploy."
-    echo "                                          Default: hotel"
-    echo "                                          Default: hotel"
+    echo "                                          Default: chaostheatre"
+    echo "                                          Default: chaostheatre"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
     echo "  -h | --help                             Print this help."
@@ -22454,9 +19538,9 @@ writeShellApplication {
    -
    -
    3.4.4.23. t2ts
    -
    +
    +

    3.5.22. t2ts

    +
    { name, writeShellApplication, ... }:
 
@@ -22472,9 +19556,9 @@ writeShellApplication {
    -
    -
    3.4.4.24. ts2t
    -
    +
    +

    3.5.23. ts2t

    +
    { name, writeShellApplication, ... }:
 
@@ -22490,9 +19574,9 @@ writeShellApplication {
    -
    -
    3.4.4.25. vershell
    -
    +
    +

    3.5.24. vershell

    +
    { name, writeShellApplication, ... }:
 
@@ -22508,9 +19592,9 @@ writeShellApplication {
    -
    -
    3.4.4.26. eontimer
    -
    +
    +

    3.5.25. eontimer

    +
    { lib
 , python3
@@ -22612,9 +19696,9 @@ python3.pkgs.buildPythonApplication rec {
    -
    -
    3.4.4.27. project
    -
    +
    +

    3.5.26. project

    +
    set -euo pipefail
 
@@ -22636,9 +19720,9 @@ writeShellApplication {
    -
    -
    3.4.4.28. fhs
    -
    +
    +

    3.5.27. fhs

    +
    { name, pkgs, ... }:
 let
@@ -22655,9 +19739,9 @@ pkgs.buildFHSEnv (base // {
    -
    -
    3.4.4.29. swarsel-displaypower
    -
    +
    +

    3.5.28. swarsel-displaypower

    +

    A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.

    @@ -22680,9 +19764,9 @@ writeShellApplication {
    -
    -
    3.4.4.30. swarsel-mgba
    -
    +
    +

    3.5.29. swarsel-mgba

    +

    AppImage version of mgba in which the lua scripting works.

    @@ -22714,9 +19798,9 @@ appimageTools.wrapType2 {
    -
    -
    3.4.4.31. swarsel-deploy
    -
    +
    +

    3.5.30. swarsel-deploy

    +
    # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix
 { name, bc, nix-output-monitor, writeShellApplication, ... }:
@@ -22846,9 +19930,9 @@ writeShellApplication {
    -
    -
    3.4.4.32. swarsel-build
    -
    +
    +

    3.5.31. swarsel-build

    +
    { name, nix-output-monitor, writeShellApplication, ... }:
 writeShellApplication {
@@ -22870,9 +19954,9 @@ writeShellApplication {
    -
    -
    3.4.4.33. swarsel-instantiate
    -
    +
    +

    3.5.32. swarsel-instantiate

    +

    This is a convenience function that calls nix-instantiate with a number of flags that I need in order to evaluate nix expressions in org-src blocks.

    @@ -22891,9 +19975,9 @@ writeShellApplication {
    -
    -
    3.4.4.34. sshrm
    -
    +
    +

    3.5.33. sshrm

    +

    This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.

    @@ -22924,9 +20008,9 @@ writeShellApplication {
    -
    -
    3.4.4.35. endme
    -
    +
    +

    3.5.34. endme

    +

    Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session.

    @@ -22946,9 +20030,9 @@ writeShellApplication {
    -
    -
    3.4.4.36. git-replace
    -
    +
    +

    3.5.35. git-replace

    +

    This script allows for quick git replace of a string.

    @@ -23025,51 +20109,8 @@ writeShellApplication {
    -
    -

    3.4.5. Packages (config)

    -
    -
    -
    { self, homeConfig, lib, pkgs, ... }:
-let
-  mkPackages = names: pkgs: builtins.listToAttrs (map
-    (name: {
-      inherit name;
-      value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; };
-    })
-    names);
-  packageNames = lib.swarselsystems.readNix "pkgs/config";
-in
-mkPackages packageNames pkgs
-
    -
    -
    -
    -
    3.4.5.1. cdr
    -
    -
    -
    { name, homeConfig, writeShellApplication, fzf, ... }:
-
-writeShellApplication {
-  inherit name;
-  runtimeInputs = [ fzf ];
-  text = ''
-    DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""}
-    DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV}
-    FLAKE=${homeConfig.home.sessionVariables.FLAKE}
-
-    cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
-  '';
-}
-
-
-
    -
    -
    -
    -
    -
    -

    3.5. Profiles

    +

    3.6. Profiles

    In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines. @@ -23080,7 +20121,7 @@ Note: The structure of generating the packages was changed in commit 2cf03

    -

    3.5.1. NixOS

    +

    3.6.1. NixOS

    Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS. @@ -23098,7 +20139,7 @@ in

    -
    3.5.1.1. Personal
    +
    3.6.1.1. Personal
    { lib, config, ... }:
@@ -23129,7 +20170,7 @@ in
       lowBattery = lib.mkDefault false;
       network = lib.mkDefault true;
       networkDevices = lib.mkDefault true;
-      niri = lib.mkDefault false;
+      niri = lib.mkDefault true;
       nix-ld = lib.mkDefault true;
       nvd = lib.mkDefault true;
       packages = lib.mkDefault true;
@@ -23169,7 +20210,7 @@ in
    -
    3.5.1.2. Minimal
    +
    3.6.1.2. Minimal
    { lib, config, ... }:
@@ -23195,7 +20236,6 @@ in
 
       server = {
         ssh = lib.mkDefault true;
-        diskEncryption = lib.mkDefault true;
       };
     };
 
@@ -23207,9 +20247,9 @@ in
    -
    -
    3.5.1.3. Optionals
    -
    +
    +
    3.6.1.3. Optionals
    +
    { lib, config, ... }:
 {
@@ -23237,13 +20277,13 @@ in
    -
    3.5.1.4. Hotel
    +
    3.6.1.4. Chaostheatre
    { lib, config, ... }:
 {
-  options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
-  config = lib.mkIf config.swarselprofiles.hotel {
+  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselprofiles.chaostheatre {
     swarselmodules = {
       packages = lib.mkForce true;
       general = lib.mkForce true;
@@ -23296,7 +20336,7 @@ in
    -
    3.5.1.5. Work
    +
    3.6.1.5. Work
    { lib, config, ... }:
@@ -23323,7 +20363,7 @@ in
    -
    3.5.1.6. Uni
    +
    3.6.1.6. Uni
    { lib, config, ... }:
@@ -23350,7 +20390,7 @@ in
    -
    3.5.1.7. Framework
    +
    3.6.1.7. Framework
    { lib, config, ... }:
@@ -23377,7 +20417,7 @@ in
    -
    3.5.1.8. Server
    +
    3.6.1.8. Server
    { lib, config, ... }:
@@ -23386,7 +20426,6 @@ in
   config = lib.mkIf config.swarselprofiles.server {
     swarselmodules = {
         general = lib.mkDefault true;
-        lanzaboote = lib.mkDefault true;
         pii = lib.mkDefault true;
         home-manager = lib.mkDefault true;
         xserver = lib.mkDefault true;
@@ -23398,8 +20437,6 @@ in
         boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
-          network = lib.mkDefault true;
-          diskEncryption = lib.mkDefault true;
           packages = lib.mkDefault true;
           ssh = lib.mkDefault true;
           nginx = lib.mkDefault true;
@@ -23409,34 +20446,13 @@ in
 
 }
 
-
    -
    -
    -
    -
    -
    3.5.1.9. Router
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.router = lib.mkEnableOption "enable the router profile";
-  config = lib.mkIf config.swarselprofiles.router {
-    swarselmodules = {
-        server = {
-          router = lib.mkDefault true;
-        };
-      };
-  };
-
-}
-
    -

    3.5.2. home-manager

    +

    3.6.2. home-manager

    This holds modules that are to be used on most hosts. These are also the most important options to configure, as these allow me easy access to monitor, keyboard, and other setups. @@ -23454,7 +20470,7 @@ in

    -
    3.5.2.1. Personal
    +
    3.6.2.1. Personal
    { lib, config, ... }:
@@ -23488,7 +20504,7 @@ in
       kitty = lib.mkDefault true;
       mail = lib.mkDefault true;
       mako = lib.mkDefault true;
-      niri = lib.mkDefault false;
+      niri = lib.mkDefault true;
       nix-index = lib.mkDefault true;
       nixgl = lib.mkDefault true;
       nix-your-shell = lib.mkDefault true;
@@ -23496,7 +20512,6 @@ in
       obs-studio = lib.mkDefault true;
       obsidian = lib.mkDefault true;
       obsidian-tray = lib.mkDefault true;
-      opkssh = lib.mkDefault true;
       ownpackages = lib.mkDefault true;
       packages = lib.mkDefault true;
       passwordstore = lib.mkDefault true;
@@ -23515,7 +20530,6 @@ in
       tmux = lib.mkDefault true;
       vesktop = lib.mkDefault true;
       vesktop-tray = lib.mkDefault true;
-      syncthing-tray = lib.mkDefault true;
       waybar = lib.mkDefault true;
       yubikey = lib.mkDefault false;
       yubikeytouch = lib.mkDefault true;
@@ -23530,9 +20544,9 @@ in
    -
    -
    3.5.2.2. DGX Spark
    -
    +
    +
    3.6.2.2. DGX Spark
    +
    { lib, config, ... }:
 {
@@ -23591,7 +20605,6 @@ in
       tmux = lib.mkDefault true;
       vesktop = lib.mkDefault false;
       vesktop-tray = lib.mkDefault false;
-      syncthing-tray = lib.mkDefault false;
       waybar = lib.mkDefault false;
       yubikey = lib.mkDefault false;
       yubikeytouch = lib.mkDefault false;
@@ -23607,7 +20620,7 @@ in
    -
    3.5.2.3. Optionals
    +
    3.6.2.3. Optionals
    { lib, config, ... }:
@@ -23629,7 +20642,7 @@ in
    -
    3.5.2.4. Minimal
    +
    3.6.2.4. Minimal
    { lib, config, ... }:
@@ -23652,13 +20665,13 @@ in
    -
    3.5.2.5. Hotel
    +
    3.6.2.5. Chaostheatre
    { lib, config, ... }:
 {
-  options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
-  config = lib.mkIf config.swarselprofiles.hotel {
+  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+  config = lib.mkIf config.swarselprofiles.chaostheatre {
     swarselmodules = {
       packages = lib.mkForce true;
       ownpackages = lib.mkForce true;
@@ -23705,7 +20718,7 @@ in
    -
    3.5.2.6. toto
    +
    3.6.2.6. toto
    { lib, config, ... }:
@@ -23728,7 +20741,7 @@ in
    -
    3.5.2.7. Work
    +
    3.6.2.7. Work
    { lib, config, ... }:
@@ -23749,7 +20762,7 @@ in
    -
    3.5.2.8. Uni
    +
    3.6.2.8. Uni
    { lib, config, ... }:
@@ -23770,7 +20783,7 @@ in
    -
    3.5.2.9. Framework
    +
    3.6.2.9. Framework
    { lib, config, ... }:
@@ -23792,7 +20805,7 @@ in
    -
    3.5.2.10. Local Server
    +
    3.6.2.10. Local Server
    { lib, config, ... }:
@@ -24296,32 +21309,12 @@ This function was found here: 
-
    4.2.1.9. Magit: List directories using vertico/consult
    
-
    
-
    
-
    -(defun swarsel/consult-magit-repos ()
-  (interactive)
-  (require 'magit)
-  (let* ((repos (magit-list-repos))
-         (repo  (consult--read repos
-                               :prompt "Magit repo: "
-                               :require-match t
-                               :history 'my/consult-magit-repos-history
-                               :sort t)))
-    (magit-status repo)))
-
    -
    4.2.1.10. org-mode: General setup
    +
    4.2.1.9. org-mode: General setup

    Sets up the basic settings that I want to have active in org-mode buffers. @@ -24343,7 +21336,7 @@ Used here: General org-mode

    -
    4.2.1.11. org-mode: Visual-fill column
    +
    4.2.1.10. org-mode: Visual-fill column

    This function sets the width of buffers in org-mode. @@ -24365,7 +21358,7 @@ Used in: Centered org-mode Buf

    -
    4.2.1.12. org-mode: Upon-save actions (Auto-tangle, export to html, formatting)
    +
    4.2.1.11. org-mode: Upon-save actions (Auto-tangle, export to html, formatting)

    This section handles everything that shoudld happen when I save SwarselSystems.org. It: @@ -24407,7 +21400,7 @@ We set a hook that runs everytime we save the file. It would be a bit more effic

    -
    4.2.1.13. org-mode: Fold current heading
    +
    4.2.1.12. org-mode: Fold current heading

    Normally emacs cycles between three states: @@ -24438,7 +21431,7 @@ However, I want to be able to fold a single heading consistently.

    -
    4.2.1.14. corfu: Do not interrupt navigation
    +
    4.2.1.13. corfu: Do not interrupt navigation

    These three functions allow me to keep using the normal navigation keys even when a corfu completion pops up. @@ -24471,7 +21464,7 @@ These functions are used here:

    -
    4.2.1.15. Disable garbage collection while minibuffer is active
    +
    4.2.1.14. Disable garbage collection while minibuffer is active
    @@ -24550,7 +21543,6 @@ I also define some keybinds to some combinations directly. Those are used mostly
     "l"  '(:ignore l :which-key "links")
     "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org")
     "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org")
-    "lr" '(swarsel/consult-magit-repos :which-key "List repos")
     "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org")
     "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project")
     "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos")
@@ -24600,7 +21592,6 @@ I also define some keybinds to some combinations directly. Those are used mostly
  "C-c D" 'crux-duplicate-and-comment-current-line-or-region
  "<DUMMY-m>" 'swarsel/last-buffer
  "M-\\" 'indent-region
- "M-r" 'swarsel/consult-magit-repos
  "<Paste>" 'yank
  "<Cut>" 'kill-region
  "<Copy>" 'kill-ring-save
@@ -26054,17 +23045,6 @@ Recently I have grown fond of holding presentations using Emacs :)
 (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end)
 (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
 
-
    -
    -
    -
    -
    -
    4.4.1.11. Render markdown blocks as body to expand noweb blocks
    -
    -
    -
    (defun org-babel-execute:markdown (body params)
-  "Just return BODY unchanged, allowing noweb expansion."
-  body)
    @@ -26206,7 +23186,7 @@ This adds support for Terraform configuration files. I need this at work.
    -

    4.4.8. nix formatting

    +

    4.4.8. nixpkgs-fmt

    Adds functions for formatting nix code. @@ -26505,8 +23485,8 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. 

     (use-package magit
   :config
-  (setq magit-repository-directories `((,swarsel-work-projects-directory  . 3)
-                                       (,swarsel-private-projects-directory . 3)
+  (setq magit-repository-directories `((,swarsel-work-projects-directory  . 1)
+                                       (,swarsel-private-projects-directory . 1)
                                        ("~/.dotfiles/" . 0)))
   :custom
   (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window
@@ -27275,8 +24255,8 @@ This adds the simple utility of sending desktop notifications whenever a new mai
    -
    -
    4.4.39.3. Work: Signing Mails (S/MIME, smime)
    +
    +
    4.4.39.3. Work: Signing Mails (S/MIME, smime)

    Used to automatically sign messages sent from my work email address using S/MIME certificate. @@ -27560,8 +24540,8 @@ Also see `prot-window-delete-popup-frame'." command) This sections is no longer used really. An introduction can be found in Structure of this file under the historical note. The little noweb-ref blocks that I still use are found in Hosts and Services.

    -
    -

    5.1. General steps when setting up a new machine

    +
    +

    5.1. General steps when setting up a new machine

    These general steps are needed when setting up a new machine and do not fit into another block well: @@ -27572,13 +24552,10 @@ These general steps are needed when setting up a new machine and do not fit into - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`

    - -- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): - - `systemd-cryptenroll --fido2-device=auto /dev/`
    -
    -

    5.2. Current patches and fixes

    +
    +

    5.2. Current patches and fixes

    These are current deviations from the standard settings that I take while some things are broken upstream @@ -27605,25 +24582,6 @@ These are current deviations from the standard settings that I take while some t - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)

    - -- 202501102: - - flake: - - emacs-overlay: - - : version pinned because emacsclient is currently broken on latest - - niri-flake: - - currently not using the sugared version of screenshot-[,window], as it is currently broken - - home-manager: - - emacs-tramp: - - using stable version in extraPackages (broken in unstable) - - :ensure nil in emacs tramp settings to use package in extraPackages - - emacs-calfwL - - pinned to version not in nixpkgs (is in latest emacs-overlay, but that is broken) - - vesktop: - - running stable version (broken in unstable) - - batgrep: - - running stable version (broken in unstable) - - swayosd: - - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    @@ -28372,9 +25330,12 @@ check-trace: update: nix flake update -iso CONFIG="live-iso": +iso: rm -rf result - nix build --print-out-paths .#live-iso + nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso + +iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": + nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -28385,9 +25346,6 @@ dd DRIVE ISO: sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ -bootstrap DEST CONFIG ARCH="x86_64-linux": - nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" -
    @@ -28431,7 +25389,7 @@ index 3a0f90e..bb10f8b 100644
    -

    6.8. Zellij layout swarsel.kdl.nix

    +

    6.8. Zellij layout default.kdl.nix

    { config, pkgs }:
@@ -29996,7 +26954,7 @@ Here lies defined the readme for GitHub and Forgejo:
   nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u <YOUR_USERNAME>
   ```
 
-  This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
+  This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
   Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes.
   </details>
 
@@ -30009,7 +26967,7 @@ Here lies defined the readme for GitHub and Forgejo:
 
   #### Remote deployment (recommended if you have at least one running system)
 
-  0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_ARCHITECTURE>/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
+  0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
   1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo)
   2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured)
   3) Run `swarsel-bootstrap -n <CONFIGURATION_NAME> -d <TARGET_IP>` on your existing system.
@@ -30083,21 +27041,16 @@ Here lies defined the readme for GitHub and Forgejo:
   | Name               | Hardware                                            | Use                                                  |
   |--------------------|-----------------------------------------------------|------------------------------------------------------|
   |πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
-  |πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
-  |πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
-  |🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
-  |πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
-  |πŸ–₯️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
-  |πŸ–₯️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
-  |☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
-  |☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
-  |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
-  |☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
-  |☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
+  |πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
+  |πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
+  |πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
+  |πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+  |πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
   |πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
   |πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
   |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
   |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
+  |🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
   </details>
 
   ## General Nix tips & useful links
@@ -30314,7 +27267,7 @@ builtins.listToAttrs converts a list of name-value pairs into an attribute set.
 
    -{ aarch64-linux = "directory"; x86_64-linux = "directory"; }
+{ bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; }
    @@ -30562,7 +27515,7 @@ similarly, there exists an version that starts from the right.

    Author: Leon SchwarzΓ€ugl

    -

    Created: 2025-11-19 Mi 15:22

    +

    Created: 2025-11-03 Mo 17:12

    Validate

    diff --git a/install/installer-config.nix b/install/installer-config.nix index 435fd70..91e0034 100644 --- a/install/installer-config.nix +++ b/install/installer-config.nix @@ -1,32 +1,36 @@ { self, config, pkgs, lib, ... }: let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; - stateVersion = lib.mkDefault "23.05"; - homeFiles = { - ".bash_history" = { - text = '' - swarsel-install -n hotel - ''; - }; - }; in { config = { home-manager.users.root.home = { - inherit stateVersion; - file = homeFiles; + stateVersion = "23.05"; + file = { + ".bash_history" = { + text = '' + swarsel-install -n chaostheatre + ''; + }; + }; }; home-manager.users.swarsel = { home = { username = "swarsel"; homeDirectory = lib.mkDefault "/home/swarsel"; - inherit stateVersion; + stateVersion = lib.mkDefault "23.05"; keyboard.layout = "us"; sessionVariables = { FLAKE = "/home/swarsel/.dotfiles"; }; - file = homeFiles; + file = { + ".bash_history" = { + text = '' + swarsel-install -n chaostheatre + ''; + }; + }; }; }; @@ -44,6 +48,10 @@ in nix = { channel.enable = false; package = pkgs.nixVersions.nix_2_28; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${../nix/extra-builtins.nix} + # ''; extraOptions = '' plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { buildInputs = [config.nix.package pkgs.boost]; @@ -95,7 +103,6 @@ in environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -106,7 +113,6 @@ in wireless.enable = false; # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networkmanager.enable = true; - usePredictableInterfaceNames = false; }; services.getty.autologinUser = lib.mkForce "root"; @@ -133,8 +139,6 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; - "swarsel-kernel-module" = "lspci -k -d"; }; system.activationScripts.cache = { diff --git a/justfile b/justfile index b13d397..f2f9f7f 100644 --- a/justfile +++ b/justfile @@ -10,9 +10,12 @@ check-trace: update: nix flake update -iso CONFIG="live-iso": +iso: rm -rf result - nix build --print-out-paths .#live-iso + nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso + +iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": + nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -22,6 +25,3 @@ dd DRIVE ISO: sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ - -bootstrap DEST CONFIG ARCH="x86_64-linux": - nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 8efebe1..302ba29 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -7,7 +7,6 @@ pass-fuzzel cdw cdb - cdr bak timer e @@ -32,6 +31,8 @@ sshrm endme git-replace + + rustdesk-vbc ]; }; } diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 4fe4d82..95512fa 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,6 +1,6 @@ { self, lib, config, pkgs, globals, inputs, ... }: let - inherit (config.swarselsystems) homeDir mainUser isPublic isNixos; + inherit (config.swarselsystems) homeDir isPublic isNixos; inherit (config.repo.secrets.common.emacs) radicaleUser; in { @@ -9,31 +9,6 @@ in # needed for elfeed # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages - - home.activation.setupEmacsOrgFiles = - lib.hm.dag.entryAfter [ "writeBoundary" ] '' - set -eu - - if [ ! -d ${homeDir}/Org ]; then - ${pkgs.coreutils}/bin/install -d -m 0755 ${homeDir}/Org - ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org - fi - - # create dummy files to make Emacs calendar work - # these have low modified dates and should be marked as sync-conflicts - for file in "Tasks" "Archive" "Journal"; do - if [ ! -f ${homeDir}/Org/"$file".org ]; then - ${pkgs.coreutils}/bin/touch --time=access --time=modify -t 197001010000.00 ${homeDir}/Org/"$file".org - ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org/"$file".org - fi - done - - # when the configuration is build again, these sync-conflicts will be cleaned up - for file in $(find ${homeDir}/Org/ -name "*sync-conflict*"); do - ${pkgs.coreutils}/bin/rm "$file" - done - ''; - programs.emacs = { enable = true; package = pkgs.emacsWithPackagesFromUsePackage { diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 770d95a..d2a0488 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -39,7 +39,7 @@ exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = config.swarselsystems.sharescreen; + criteria = "eDP-2"; status = "enable"; scale = 1.0; } diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2778a54..2b57e93 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -4,25 +4,11 @@ config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = - let - bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); - in - bindWithModifier { - "page_up" = "scroll_page_up"; - "up" = "scroll_page_up"; - "page_down" = "scroll_page_down"; - "down" = "scroll_page_down"; - "w" = "no_op"; - }; + keybindings = { }; settings = { - cursor_blink_interval = 0; - disable_ligatures = "cursor"; + scrollback_lines = 10000; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; - open_url_with = "xdg-open"; - scrollback_lines = 100000; - scrollback_pager_history_size = 512; }; }; }; diff --git a/modules/home/common/niri.nix b/modules/home/common/niri.nix index 699881f..6e3814a 100644 --- a/modules/home/common/niri.nix +++ b/modules/home/common/niri.nix @@ -1,213 +1,206 @@ { config, pkgs, lib, vars, ... }: { options.swarselmodules.niri = lib.mkEnableOption "niri settings"; - config = lib.mkIf config.swarselmodules.niri - { + config = lib.mkIf config.swarselmodules.niri { - programs.niri = { - package = pkgs.niri-unstable; # which package to use for niri validation - settings = { - xwayland-satellite = { - enable = true; - path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; - }; - prefer-no-csd = true; - layer-rules = [ - { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } - { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } - ]; - window-rules = [ - { - matches = [{ app-id = ".*"; }]; - opacity = 0.95; - default-column-width = { proportion = 0.5; }; - shadow = { - enable = true; - draw-behind-window = true; - }; - geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; - } - { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } - { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } - { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } - { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } - { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } - { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } - { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } - { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } - { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } - { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } - { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } - { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } - { matches = [{ title = "^Add$"; }]; open-floating = true; } - { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } - { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } - { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - ]; - environment = { - DISPLAY = ":0"; - } // vars.waylandSessionVariables; - screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; - input = { - mod-key = "Super"; - keyboard = { - xkb = { - layout = "us"; - variant = "altgr-intl"; - }; - }; - mouse = { - natural-scroll = false; - }; - touchpad = { - enable = true; - tap = true; - tap-button-map = "left-right-middle"; - natural-scroll = true; - scroll-method = "two-finger"; - click-method = "clickfinger"; - disabled-on-external-mouse = true; - drag = true; - drag-lock = false; - dwt = true; - dwtp = true; - }; - }; - cursor = { - hide-after-inactive-ms = 2000; - hide-when-typing = true; - }; - layout = { - background-color = "transparent"; - border = { - enable = true; - width = 1; - }; - focus-ring = { - enable = false; - }; - gaps = 5; - }; - binds = with config.lib.niri.actions; let - sh = spawn "sh" "-c"; - in + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } + { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } + ]; + window-rules = [ { - - # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+Shift+t".action = toggle-window-rule-opacity; - # "Mod+Escape".action = "mode $exit"; - "Mod+m".action = focus-workspace-previous; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Shift+f".action = toggle-windowed-fullscreen; - "Mod+q".action = close-window; - "Mod+f".action = spawn "firefox"; - "Mod+Space".action = spawn "fuzzel"; - "Mod+Shift+c".action = spawn "qalculate-gtk"; - "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; - "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; - "Mod+h".action = sh ''hyprpicker | wl-copy''; - # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; - # "Mod+s".action = screenshot { show-pointer = false; }; - "Mod+s".action.screenshot = { show-pointer = false; }; - # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; - "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; - # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - - "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; - "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; - "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; - "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; - "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; - - "Mod+a".action = spawn "swarselcheck-niri" "-s"; - "Mod+x".action = spawn "swarselcheck-niri" "-k"; - "Mod+d".action = spawn "swarselcheck-niri" "-d"; - "Mod+w".action = spawn "swarselcheck-niri" "-e"; - - "Mod+p".action = spawn "pass-fuzzel"; - "Mod+o".action = spawn "pass-fuzzel" "--otp"; - "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; - "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; - - "Mod+Left".action = focus-column-or-monitor-left; - "Mod+Right".action = focus-column-or-monitor-right; - "Mod+Down".action = focus-window-or-workspace-down; - "Mod+Up".action = focus-window-or-workspace-up; - "Mod+Shift+Left".action = move-column-left; - "Mod+Shift+Right".action = move-column-right; - "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; - "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; - # "Mod+Ctrl+Shift+c".action = "reload"; - # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; - # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - # "Mod+r".action = "mode resize"; - # "Mod+Return".action = "exec kitty"; - "Mod+Return".action = spawn "swarselzellij"; - "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; - "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; - "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; - "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; - "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; - "XF86Display".action = spawn "wl-mirror" "eDP-1"; - "Mod+Escape".action = spawn "wlogout"; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+0".action = focus-workspace 0; - - "Mod+Shift+1".action = move-column-to-index 1; - "Mod+Shift+2".action = move-column-to-index 2; - "Mod+Shift+3".action = move-column-to-index 3; - "Mod+Shift+4".action = move-column-to-index 4; - "Mod+Shift+5".action = move-column-to-index 5; - "Mod+Shift+6".action = move-column-to-index 6; - "Mod+Shift+7".action = move-column-to-index 7; - "Mod+Shift+8".action = move-column-to-index 8; - "Mod+Shift+9".action = move-column-to-index 9; - "Mod+Shift+0".action = move-column-to-index 0; - }; - spawn-at-startup = [ - # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } - # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } - # { command = [ "anki" ]; } - # { command = [ "obsidian" ]; } - # { command = [ "nm-applet" ]; } - { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } - ]; - workspaces = { - # "01-Main" = { - # name = "Scratchpad"; - # }; - "99-Scratchpad" = { - name = "ο‹’"; + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { + enable = true; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; + }; + }; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; + }; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; + }; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + # "Mod+s".action = screenshot { show-pointer = false; }; + "Mod+s".action.screenshot = { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; + }; + spawn-at-startup = [ + # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + # { command = [ "anki" ]; } + # { command = [ "obsidian" ]; } + # { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = "ο‹’"; }; }; }; - - } // { - programs.niri = lib.mkIf (!config.swarselmodules.niri) { - package = null; - config = null; - settings = null; }; + }; } diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 3793cbc..7b1ba8d 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -1,4 +1,4 @@ -{ self, outputs, lib, pkgs, config, ... }: +{ self, lib, pkgs, config, ... }: let inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; in @@ -22,7 +22,7 @@ in }; in '' - plugin-files = ${nix-plugins}/lib/nix/plugins + plugin-files = ${nix-plugins}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} ''; settings = { @@ -47,24 +47,7 @@ in }; }; - nixpkgs = lib.mkIf (!isNixos) { - overlays = [ - outputs.overlays.default - (final: prev: - let - additions = final: _: import "${self}/pkgs/config" { - inherit self config lib; - pkgs = final; - homeConfig = config; - }; - in - additions final prev - ) - ]; - config = { - allowUnfree = true; - }; - }; + nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); programs = { # home-manager.enable = lib.mkIf (!isNixos) true; @@ -95,7 +78,7 @@ in buildInputs = [ pkgs.makeWrapper ]; paths = [ pkgs.home-manager ]; postBuild = '' - wrapProgram $out/bin/home-manager \ + wrapProgram $out/bin/home-manager \ --append-flags '--flake ${flakePath}#$(hostname)' ''; }) diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index 562f68a..c5fac9b 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig ? config, ... }: +{ lib, config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -22,7 +22,43 @@ controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - } // nixosConfig.repo.secrets.common.ssh.hosts; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "bakery" = { + hostname = "192.168.1.136"; + user = "root"; + }; + "dgx" = { + hostname = "192.168.48.200"; + user = "swarsel"; + }; + "winters" = { + hostname = "192.168.178.24"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "milkywell" = { + hostname = "193.122.53.173"; + user = "root"; + }; + "moonside" = { + hostname = "130.61.238.239"; + user = "root"; + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + }; }; }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 12ebb83..7f24286 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -125,83 +125,83 @@ in in lib.recursiveUpdate { - "${modifier}+0" = "workspace 10:十"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Down" = "focus down"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Left" = "focus left"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Right" = "focus right"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + # "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Up" = "focus up"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+f" = "exec firefox"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+x" = "exec swarselcheck -k"; - # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; diff --git a/modules/home/common/syncthing-tray.nix b/modules/home/common/syncthing-tray.nix deleted file mode 100644 index e0b5898..0000000 --- a/modules/home/common/syncthing-tray.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray"; - config = lib.mkIf config.swarselmodules.syncthing-tray { - - home.activation.setupSyncthingIni = - let - syncthingApiEnvVarName = "SYNCTHING_API_KEY"; - syncthingIni = { - file = "${config.home.homeDirectory}/.config/syncthingtray.ini"; - content = '' - [General] - v=2.0.2 - - [qt] - customfont=false - customicontheme=false - customlocale=false - custompalette=false - customstylesheet=false - customwidgetstyle=false - font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1" - icontheme=hicolor - iconthemepath= - locale=en_US - palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)" - plugindir= - stylesheetpath= - trpath= - widgetstyle= - - [startup] - considerForReconnect=false - considerLauncherForReconnect=false - showButton=false - showLauncherButton=false - stopOnMetered=false - stopServiceOnMetered=false - syncthingArgs="serve --no-browser --logflags=3" - syncthingAutostart=false - syncthingPath=syncthing - syncthingUnit=syncthing.service - systemUnit=false - useLibSyncthing=false - - [tray] - connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName}) - connections\1\authEnabled=falsex - connections\1\autoConnect=true - connections\1\devStatsPollInterval=60000 - connections\1\diskEventLimit=200 - connections\1\errorsPollInterval=30000 - connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem - connections\1\label=Primary instance - connections\1\localPath= - connections\1\longPollingTimeout=0 - connections\1\password= - connections\1\pauseOnMetered=false - connections\1\reconnectInterval=30000 - connections\1\requestTimeout=0 - connections\1\statusComputionFlags=123 - connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress} - connections\1\trafficPollInterval=5000 - connections\1\userName= - connections\size=1 - dbusNotifications=true - distinguishTrayIcons=false - frameStyle=16 - ignoreInavailabilityAfterStart=15 - notifyOnDisconnect=true - notifyOnErrors=true - notifyOnLauncherErrors=true - notifyOnLocalSyncComplete=false - notifyOnNewDeviceConnects=false - notifyOnNewDirectoryShared=false - notifyOnRemoteSyncComplete=false - positioning\assumedIconPos=@Point(0 0) - positioning\useAssumedIconPosition=false - positioning\useCursorPos=true - preferIconsFromTheme=false - showDownloads=false - showSyncthingNotifications=true - showTabTexts=true - showTraffic=true - statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" - statusIconsRenderSize=@Size(32 32) - statusIconsStrokeWidth=0 - tabPos=1 - trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" - trayIconsRenderSize=@Size(32 32) - trayIconsStrokeWidth=0 - trayMenuSize=@Size(575 475) - usePaletteForStatusIcons=false - usePaletteForTrayIcons=false - windowType=0 - - [webview] - customCommand= - disabled=false - mode=0 - - ''; - }; - in - lib.hm.dag.entryAfter [ "writeBoundary" ] '' - set -eu - - if [ ! -f ${syncthingIni.file} ]; then - cat >${syncthingIni.file} <<'EOF' - ${syncthingIni.content} - EOF - export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) - ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} - unset ${syncthingApiEnvVarName} - fi - ''; - - }; - -} diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix deleted file mode 100644 index 80d28c5..0000000 --- a/modules/home/common/zellij-keybinds.nix +++ /dev/null @@ -1,1144 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf config.swarselmodules.zellij { - programs.zellij = { - settings.keybinds = { - _props.clear-defaults = true; - - locked = { - _children = [ - { - bind = { - _args = [ "Ctrl g" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - pane = { - _children = [ - { - bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "d" ]; - _children = [ - { NewPane._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "e" ]; - _children = [ - { TogglePaneEmbedOrFloating = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "f" ]; - _children = [ - { ToggleFocusFullscreen = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { NewPane = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ SwitchFocus = { }; }]; - }; - } - { - bind = { - _args = [ "f12" ]; - _children = [ - { ToggleFloatingPanes = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - tab = { - _children = [ - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "1" ]; - _children = [ - { GoToTab._args = [ 1 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "2" ]; - _children = [ - { GoToTab._args = [ 2 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "3" ]; - _children = [ - { GoToTab._args = [ 3 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "4" ]; - _children = [ - { GoToTab._args = [ 4 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "5" ]; - _children = [ - { GoToTab._args = [ 5 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "6" ]; - _children = [ - { GoToTab._args = [ 6 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "7" ]; - _children = [ - { GoToTab._args = [ 7 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "8" ]; - _children = [ - { GoToTab._args = [ 8 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "9" ]; - _children = [ - { GoToTab._args = [ 9 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { NewTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "r" ]; - _children = [ - { SwitchToMode._args = [ "renametab" ]; } - { TabNameInput._args = [ 0 ]; } - ]; - }; - } - { - bind = { - _args = [ "s" ]; - _children = [ - { ToggleActiveSyncTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "x" ]; - _children = [ - { CloseTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - resize = { - _children = [ - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ Resize._args = [ "Increase left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ Resize._args = [ "Increase down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ Resize._args = [ "Increase up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ Resize._args = [ "Increase right" ]; }]; - }; - } - { - bind = { - _args = [ "+" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "-" ]; - _children = [{ Resize._args = [ "Decrease" ]; }]; - }; - } - { - bind = { - _args = [ "=" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "H" ]; - _children = [{ Resize._args = [ "Decrease left" ]; }]; - }; - } - { - bind = { - _args = [ "J" ]; - _children = [{ Resize._args = [ "Decrease down" ]; }]; - }; - } - { - bind = { - _args = [ "K" ]; - _children = [{ Resize._args = [ "Decrease up" ]; }]; - }; - } - { - bind = { - _args = [ "L" ]; - _children = [{ Resize._args = [ "Decrease right" ]; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ Resize._args = [ "Increase left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ Resize._args = [ "Increase down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ Resize._args = [ "Increase up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ Resize._args = [ "Increase right" ]; }]; - }; - } - ]; - }; - - move = { - _children = [ - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ MovePane._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ MovePane._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ MovePane._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ MovePane._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ MovePane._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MovePane._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MovePane._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MovePane._args = [ "right" ]; }]; - }; - } - ]; - }; - - scroll = { - _children = [ - { - bind = { - _args = [ "e" ]; - _children = [ - { EditScrollback = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "s" ]; - _children = [ - { SwitchToMode._args = [ "entersearch" ]; } - { SearchInput._args = [ 0 ]; } - ]; - }; - } - ]; - }; - - search = { - _children = [ - { - bind = { - _args = [ "c" ]; - _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [{ Search._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "o" ]; - _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ Search._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "w" ]; - _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; - }; - } - ]; - }; - - session = { - _children = [ - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "c" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "configuration" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "plugin-manager" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "w" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "session-manager" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - "shared_except \"locked\"" = { - _children = [ - { - bind = { - _args = [ "Alt left" ]; - _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt down" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "Alt up" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "Alt right" ]; - _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Alt +" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "Alt -" ]; - _children = [{ Resize._args = [ "Decrease" ]; }]; - }; - } - { - bind = { - _args = [ "Alt =" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "Alt r" ]; - _children = [ - { - WriteChars._args = [ "source cdr" ]; - } - { - WriteChars._args = [ "\n" ]; - } - ]; - }; - } - { - bind = { - _args = [ "Alt f" ]; - _children = [{ ToggleFloatingPanes = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl g" ]; - _children = [{ SwitchToMode._args = [ "locked" ]; }]; - }; - } - { - bind = { - _args = [ "Alt h" ]; - _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt i" ]; - _children = [{ MoveTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "Alt k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "Alt p" ]; - _children = [{ NewPane = { }; }]; - }; - } - { - bind = { - _args = [ "Alt n" ]; - _children = [{ NewTab = { }; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"move\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "move" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"session\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "session" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl b" ]; - _children = [{ SwitchToMode._args = [ "tmux" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"scroll\" \"search\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl s" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"tab\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "tab" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"pane\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "pane" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"resize\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "resize" ]; }]; - }; - } - ]; - }; - - "shared_except \"normal\" \"locked\" \"entersearch\"" = { - _children = [ - { - bind = { - _args = [ "enter" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - "shared_among \"pane\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "x" ]; - _children = [ - { CloseFocus = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"scroll\" \"search\"" = { - _children = [ - { - bind = { - _args = [ "PageDown" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "PageUp" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ ScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ ScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl b" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl c" ]; - _children = [ - { ScrollToBottom = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "d" ]; - _children = [{ HalfPageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl f" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ ScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ ScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl s" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "u" ]; - _children = [{ HalfPageScrollUp = { }; }]; - }; - } - ]; - }; - - entersearch = { - _children = [ - { - bind = { - _args = [ "Ctrl c" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "esc" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "enter" ]; - _children = [{ SwitchToMode._args = [ "search" ]; }]; - }; - } - ]; - }; - - renametab = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [ - { UndoRenameTab = { }; } - { SwitchToMode._args = [ "tab" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"renametab\" \"renamepane\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl c" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - renamepane = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [ - { UndoRenamePane = { }; } - { SwitchToMode._args = [ "pane" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"session\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "d" ]; - _children = [{ Detach = { }; }]; - }; - } - ]; - }; - - tmux = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [ - { MoveFocus._args = [ "left" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [ - { MoveFocus._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [ - { MoveFocus._args = [ "up" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [ - { MoveFocus._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "space" ]; - _children = [{ NextSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "\"" ]; - _children = [ - { NewPane._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "%" ]; - _children = [ - { NewPane._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "," ]; - _children = [{ SwitchToMode._args = [ "renametab" ]; }]; - }; - } - { - bind = { - _args = [ "[" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl b" ]; - _children = [ - { Write._args = [ 2 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "c" ]; - _children = [ - { NewTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [ - { MoveFocus._args = [ "left" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [ - { MoveFocus._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [ - { MoveFocus._args = [ "up" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [ - { MoveFocus._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { GoToNextTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "o" ]; - _children = [{ FocusNextPane = { }; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [ - { GoToPreviousTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "z" ]; - _children = [ - { ToggleFocusFullscreen = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - }; - }; - }; - -} diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index a33a646..92d4507 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -5,43 +5,6 @@ programs.zellij = { enable = true; enableZshIntegration = true; - settings = { - pane_frames = false; - simplified_ui = false; - default_shell = "zsh"; - copy_on_select = true; - on_force_close = "detach"; - show_startup_tips = false; - support_kitty_keyboard_protocol = true; - default_layout = "swarsel"; - layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; - theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; - scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; - session_serialization = true; - - copy_command = - if pkgs.stdenv.hostPlatform.isLinux then - "wl-copy" - else if pkgs.stdenv.hostPlatform.isDarwin then - "pbcopy" - else - ""; - ui.pane_frames = { - rounded_corners = true; - hide_session_name = true; - }; - plugins = { - tab-bar.path = "tab-bar"; - status-bar.path = "status-bar"; - strider.path = "strider"; - compact-bar.path = "compact-bar"; - # configuration.path = "configuration"; - # filepicker.path = "strider"; - # plugin-manager.path = "plugin-manager"; - # session-manager.path = "session-manager"; - # welcome-screen.path = "session-manager"; - }; - }; }; home.packages = with pkgs; [ @@ -49,8 +12,8 @@ ]; xdg.configFile = { - # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; + "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; }; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index 30aa13c..b941eb1 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -23,7 +23,6 @@ in hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; @@ -35,8 +34,7 @@ in hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; youtube-dl = "yt-dlp"; cat-orig = "cat"; - # cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; - cdr = "source cdr"; + cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd-locate = "nix-locate --minimal --top-level -w "; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 006638a..3e8c36e 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,36 +1,28 @@ -{ self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }: +{ self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let - inherit (config.swarselsystems) homeDir mainUser; + inherit (config.swarselsystems) homeDir; inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses; inherit (nixosConfig.repo.secrets.local.work) mailAddress; - - certsSopsFile = self + /secrets/certs/secrets.yaml; in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; config = lib.mkIf config.swarselmodules.optional.work - ({ - home = { - packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - # rclone - libguestfs-with-appliance - prometheus.cli - tigervnc - # openstackclient + { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + # rclone + libguestfs-with-appliance + prometheus.cli + tigervnc + # openstackclient - vscode + vscode + ]; - rustdesk-vbc - ]; - sessionVariables = { - AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path; - }; - }; systemd.user.sessionVariables = { DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; } // lib.optionalAttrs (!config.swarselsystems.isPublic) { @@ -113,23 +105,6 @@ in # }; # }; - wayland.windowManager.sway = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; - in - { - config = { - keybindings = - let - inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; - "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; - }; - }; - }; - stylix = { targets.firefox.profileNames = let @@ -652,15 +627,6 @@ in }; }; - } // lib.optionalAttrs (inputs ? sops) { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { - harica-root-ca = { - sopsFile = certsSopsFile; - path = "${homeDir}/.aws/certs/harica-root.pem"; - owner = mainUser; - }; - }; - - }); + }; } diff --git a/modules/nixos/client/niri.nix b/modules/nixos/client/niri.nix index 4724319..2ea4472 100644 --- a/modules/nixos/client/niri.nix +++ b/modules/nixos/client/niri.nix @@ -4,27 +4,22 @@ let in { options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; - config = lib.mkIf config.swarselmodules.${moduleName} - { + config = lib.mkIf config.swarselmodules.${moduleName} { - environment.systemPackages = with pkgs; [ - wl-clipboard - wayland-utils - libsecret - cage - gamescope - xwayland-satellite-unstable - ]; + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; - - programs.niri = { - enable = true; - package = pkgs.niri-unstable; # the actual niri that will be installed and used - }; - } // { niri-flake.cache.enable = true; + programs.niri = { - package = null; + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used }; }; } diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 407379d..4d53550 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -2,15 +2,12 @@ let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; - servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; - systemService = true; - guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index c33aa95..c42e7ae 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -4,91 +4,6 @@ let mkOption types ; - - networkOptions = netSubmod: { - cidrv4 = mkOption { - type = types.nullOr types.net.cidrv4; - description = "The CIDRv4 of this network"; - default = null; - }; - - subnetMask4 = mkOption { - type = types.nullOr types.net.ipv4; - description = "The dotted decimal form of the subnet mask of this network"; - readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; - }; - - cidrv6 = mkOption { - type = types.nullOr types.net.cidrv6; - description = "The CIDRv6 of this network"; - default = null; - }; - - hosts = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (hostSubmod: { - options = { - id = mkOption { - type = types.int; - description = "The id of this host in the network"; - }; - - mac = mkOption { - type = types.nullOr types.net.mac; - description = "The MAC of the interface on this host that belongs to this network."; - default = null; - }; - - ipv4 = mkOption { - type = types.nullOr types.net.ipv4; - description = "The IPv4 of this host in this network"; - readOnly = true; - default = - if netSubmod.config.cidrv4 == null then - null - else - lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4; - }; - - ipv6 = mkOption { - type = types.nullOr types.net.ipv6; - description = "The IPv6 of this host in this network"; - readOnly = true; - default = - if netSubmod.config.cidrv6 == null then - null - else - lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6; - }; - - cidrv4 = mkOption { - type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part - description = "The IPv4 of this host in this network, including CIDR mask"; - readOnly = true; - default = - if netSubmod.config.cidrv4 == null then - null - else - lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4; - }; - - cidrv6 = mkOption { - type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part - description = "The IPv6 of this host in this network, including CIDR mask"; - readOnly = true; - default = - if netSubmod.config.cidrv6 == null then - null - else - lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6; - }; - }; - }) - ); - }; - }; in { options = { @@ -124,44 +39,12 @@ in ); }; - networks = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (netSubmod: { - options = networkOptions netSubmod // { - vlans = mkOption { - default = { }; - type = types.attrsOf ( - types.submodule (vlanNetSubmod: { - options = networkOptions vlanNetSubmod // { - id = mkOption { - type = types.ints.between 1 4094; - description = "The VLAN id"; - }; - - name = mkOption { - description = "The name of this VLAN"; - default = vlanNetSubmod.config._module.args.name; - type = types.str; - }; - }; - }) - ); - }; - }; - }) - ); - }; - hosts = mkOption { type = types.attrsOf ( types.submodule { options = { - defaultGateway4 = mkOption { - type = types.nullOr types.net.ipv4; - }; - defaultGateway6 = mkOption { - type = types.nullOr types.net.ipv6; + ipv4 = mkOption { + type = types.str; }; }; } diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index fd2db03..7c2a3e1 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -1,10 +1,8 @@ -{ self, lib, config, globals, ... }: +{ lib, config, globals, ... }: let inherit (config.swarselsystems) mainUser homeDir; inherit (config.repo.secrets.common.emacs) radicaleUser; modules = config.home-manager.users.${mainUser}.swarselmodules; - - certsSopsFile = self + /secrets/certs/secrets.yaml; in { config = lib.mkIf config.swarselsystems.withHomeManager { @@ -24,8 +22,6 @@ in github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.optional.work { - harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 3b2d332..38eea3c 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,4 +1,4 @@ -{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; config = lib.mkIf config.swarselmodules.home-manager { @@ -7,7 +7,6 @@ useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; - overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -30,11 +29,7 @@ home.stateVersion = lib.mkDefault config.system.stateVersion; } ]; - extraSpecialArgs = { - inherit (inputs) self nixgl; - inherit inputs outputs globals nodes minimal configName; - lib = homeLib; - }; + extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; }; }; } diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index b39de85..26b31d0 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -1,5 +1,5 @@ # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix -{ config, inputs, lib, ... }: +{ config, inputs, lib, minimal, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -65,7 +65,7 @@ in let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true { + (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { common = ../../../secrets/repo/pii.nix.enc; }; }; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index cdcf3a2..5539de5 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -107,19 +107,7 @@ in system.stateVersion = lib.mkDefault "23.05"; nixpkgs = { - overlays = [ - outputs.overlays.default - (final: prev: - let - additions = final: _: import "${self}/pkgs/config" { - inherit self config lib; - pkgs = final; - homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; - }; - in - additions final prev - ) - ]; + overlays = [ outputs.overlays.default ]; config = { allowUnfree = true; }; diff --git a/modules/nixos/optional/microvm-guest.nix b/modules/nixos/optional/microvm-guest.nix index 8650fbc..2eed2f8 100644 --- a/modules/nixos/optional/microvm-guest.nix +++ b/modules/nixos/optional/microvm-guest.nix @@ -7,5 +7,58 @@ # "${self}/modules/nixos" # ]; config = lib.mkIf config.swarselmodules.optional.microvmGuest - { }; + { + # imports = [ + # inputs.microvm.nixosModules.microvm + + # "${self}/profiles/nixos" + # "${self}/modules/nixos" + # ]; + + boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ]; + + node.name = config; + documentation.enable = lib.mkForce false; + + microvm = { + guest.enable = lib.mkForce true; + hypervisor = lib.mkDefault "qemu"; + mem = lib.mkDefault 1024 * 4; + vcpu = lib.mkDefault 4; + optimize.enable = false; + writableStoreOverlay = "/nix/.rw-store"; + + # interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces ( + # _: { mac, hostLink, ...}: + # { + # type = "macvtap"; + # id = "vm-${replaceStrings [ ":" ] [ "" ] mac}"; + # inherit mac; + # macvtap = { + # link = hostLink; + # mode = "bridge"; + # }; + # } + # ); + shares = + [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + }; + # systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces ( + # name: + # { mac, ... }: + # { + # "10-${name}".matchConfig = mkForce { + # MACAddress = mac; + # }; + # } + # ); + + }; } diff --git a/modules/nixos/optional/microvm-host.nix b/modules/nixos/optional/microvm-host.nix index 97a9059..73dac40 100644 --- a/modules/nixos/optional/microvm-host.nix +++ b/modules/nixos/optional/microvm-host.nix @@ -1,16 +1,15 @@ { lib, config, ... }: { - options = { - swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; - }; + options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; # imports = [ # inputs.microvm.nixosModules.host # ]; - config = lib.mkIf (config.guests != { }) { + config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) { microvm = { hypervisor = lib.mkDefault "qemu"; }; }; + } diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index b845ad7..0447dea 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -5,7 +5,7 @@ let servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; ankiUser = globals.user.name; in diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index d355e6f..38fe352 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -3,7 +3,7 @@ let servicePort = 8888; serviceName = "atuin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix deleted file mode 100644 index c1531dd..0000000 --- a/modules/nixos/server/disk-encrypt.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ self, pkgs, lib, config, globals, minimal, ... }: -let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - - hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; -in -{ - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - options.swarselsystems.networkKernelModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - - system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { - text = '' - [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} - ''; - deps = [ "users" ]; - }; - - environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { - files = [ hostKeyPath ]; - }; - - boot = lib.mkIf (config.swarselprofiles.server || minimal) { - kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ - "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" - ]; - initrd = { - availableKernelModules = config.swarselsystems.networkKernelModules; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; # avoid hostkey changed nag - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ hostKeyPath ]; - }; - # postCommands = '' - # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - # ''; - }; - systemd = { - initrdBin = with pkgs; [ - cryptsetup - ]; - services = { - unlock-luks = { - wantedBy = [ "initrd.target" ]; - after = [ "network.target" ]; - before = [ "systemd-cryptsetup@cryptroot.service" ]; - path = [ "/bin" ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - script = '' - echo "systemctl default" >> /root/.profile - ''; - }; - }; - }; - }; - }; - }; - -} diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index c0acad1..37aa48a 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -5,7 +5,7 @@ let serviceGroup = serviceUser; serviceName = "firefly-iii"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; nginxGroup = "nginx"; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index a674078..886c6aa 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -7,7 +7,7 @@ let serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; kanidmDomain = globals.services.kanidm.domain; in diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 0375e64..8e94add 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -5,7 +5,7 @@ let serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; inherit (config.swarselsystems) sopsFile; in diff --git a/modules/nixos/server/garage.nix b/modules/nixos/server/garage.nix deleted file mode 100644 index d537552..0000000 --- a/modules/nixos/server/garage.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ self, lib, pkgs, config, configName, globals, ... }: -let - sopsFile = self + /secrets/${configName}/secrets2.yaml; - - serviceName = "garage"; - servicePort = 3900; - serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - - cfg = config.services.${serviceName}; - metadata_dir = "/var/lib/garage/meta"; -in -{ - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - swarselsystems.server.${serviceName} = { - data_dir = lib.mkOption { - type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs); - default = "/var/lib/garage/data"; - }; - }; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - sops = { - secrets.garage-admin-token = { inherit sopsFile; }; - secrets.garage-rpc-secret = { inherit sopsFile; }; - }; - - environment = { - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = metadata_dir; } - ]; - systemPackages = [ - cfg.package - ]; - }; - - systemd.services.${serviceName}.serviceConfig = { - DynamicUser = false; - ProtectHome = lib.mkForce false; - }; - - services.${serviceName} = { - enable = true; - package = pkgs.garage_2; - settings = { - inherit (config.swarselsystems.${serviceName}) data_dir; - inherit metadata_dir; - db_engine = "lmdb"; - block_size = "1MiB"; - use_local_tz = false; - - replication_factor = 2; # Number of copies of data - - rpc_bind_addr = "[::]:3901"; - rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317"; - rpc_secret_file = config.sops.secrets.garage-rpc-secret.path; - - s3_api = { - s3_region = "swarsel"; - api_bind_addr = "0.0.0.0:${builtins.toString servicePort}"; - root_domain = ".s3.garage.localhost"; - }; - - admin = { - api_bind_addr = "0.0.0.0:3903"; - admin_token_file = config.sops.secrets.garage-admin-token.path; - }; - - k2v_api = { - api_bind_addr = "[::]:3904"; - }; - }; - }; - - nodes.moonside.services.nginx = { - upstreams = { - ${serviceName} = { - servers = { - "${serviceAddress}:${builtins.toString servicePort}" = { }; - }; - }; - }; - virtualHosts = { - "${serviceDomain}" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - oauth2.enable = false; - locations = { - "/" = { - proxyPass = "http://${serviceName}"; - }; - }; - }; - }; - }; - - }; -} diff --git a/modules/nixos/server/homebox.nix b/modules/nixos/server/homebox.nix index c1b62ab..56adac9 100644 --- a/modules/nixos/server/homebox.nix +++ b/modules/nixos/server/homebox.nix @@ -3,7 +3,7 @@ let servicePort = 7745; serviceName = "homebox"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index cefa330..e3bc4a0 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -4,7 +4,7 @@ let serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 552f8bf..420bbb6 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -4,7 +4,7 @@ let serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index 808bcef..91d94f0 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -3,7 +3,7 @@ let servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 16ea0bd..79b1983 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -8,7 +8,7 @@ let serviceGroup = serviceUser; serviceName = "kanidm"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; oauth2ProxyDomain = globals.services.oauth2Proxy.domain; immichDomain = globals.services.immich.domain; @@ -20,18 +20,8 @@ let certBase = "/etc/ssl"; certsDir = "${certBase}/certs"; privateDir = "${certBase}/private"; - certPathBase = "${certsDir}/${serviceName}.crt"; - certPath = - if config.swarselsystems.isImpermanence then - "/persist${certPathBase}" - else - "${certPathBase}"; - keyPathBase = "${privateDir}/${serviceName}.key"; - keyPath = - if config.swarselsystems.isImpermanence then - "/persist${keyPathBase}" - else - "${keyPathBase}"; + certPath = "${certsDir}/${serviceName}.crt"; + keyPath = "${privateDir}/${serviceName}.key"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -64,16 +54,6 @@ in globals.services.${serviceName}.domain = serviceDomain; - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ - certPathBase - keyPathBase - ]; - }; - - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; - }; system.activationScripts."generateSSLCert-${serviceName}" = let daysValid = 3650; @@ -84,15 +64,13 @@ in set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} need_gen=0 - if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then + if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then need_gen=1 else - enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" + enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)" end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" now_epoch="$(${pkgs.coreutils}/bin/date +%s)" seconds_left=$(( end_epoch - now_epoch )) @@ -114,10 +92,7 @@ in chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" fi ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; + deps = [ "etc" ]; }; services = { @@ -128,9 +103,9 @@ in domain = serviceDomain; origin = "https://${serviceDomain}"; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; + tls_chain = certPath; # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; + tls_key = keyPath; bindaddress = "0.0.0.0:${toString servicePort}"; trust_x_forward_for = true; }; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index dfa915e..c93be62 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -6,7 +6,7 @@ let serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index eb45709..08da2d1 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -6,7 +6,7 @@ let servicePort = 2282; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceDir = "/Vault/data/koillection"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres postgresPort = config.services.postgresql.settings.port; # 5432 diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index ba18600..24f4530 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -6,7 +6,7 @@ let serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; federationPort = 8448; whatsappPort = 29318; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index d1ee714..758e63d 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -5,7 +5,7 @@ let serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index 34b245a..f66fa14 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -5,7 +5,7 @@ let serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -41,27 +41,6 @@ in globals.services.${serviceName}.domain = serviceDomain; - services.snapserver = { - enable = true; - settings = { - stream = { - port = 1704; - source = "pipe:///tmp/snapfifo?name=default"; - bind_to_address = "0.0.0.0"; - }; - }; - }; - - systemd.services = { - ${serviceName}.serviceConfig = { - PrivateDevices = lib.mkForce false; - PrivateUsers = lib.mkForce false; - RestrictRealtime = lib.mkForce false; - SystemCallFilter = lib.mkForce null; - RootDirectory = lib.mkForce null; - }; - }; - services.${serviceName} = { enable = true; openFirewall = true; @@ -76,9 +55,8 @@ in EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; - # MPVPath = ""; - # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f"; - # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log"; + MPVPath = "${pkgs.mpv}/bin/mpv"; + MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; ReverseProxyWhitelist = "0.0.0.0/0"; ReverseProxyUserHeader = "X-User"; Jukebox = { diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix deleted file mode 100644 index 661e76b..0000000 --- a/modules/nixos/server/network.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselmodules.server.network = lib.mkEnableOption "enable server network config"; - config = lib.mkIf config.swarselmodules.server.network { - - globals.networks.home.hosts.${config.node.name} = { - inherit (config.repo.secrets.local.networking.networks.home) id; - mac = config.repo.secrets.local.networking.networks.home.mac or null; - }; - - globals.hosts.${config.node.name} = { - inherit (config.repo.secrets.local.networking) defaultGateway4; - }; - - networking = { - inherit (config.repo.secrets.local.networking) hostId; - hostName = config.node.name; - nftables.enable = lib.mkDefault false; - enableIPv6 = lib.mkDefault true; - firewall = { - enable = lib.mkDefault true; - }; - }; - - }; -} diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index c2d5af0..36765d2 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -8,9 +8,7 @@ let serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - - nextcloudVersion = "32"; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -31,7 +29,7 @@ in trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs."nextcloud${nextcloudVersion}"; + package = pkgs.nextcloud31; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -39,7 +37,7 @@ in configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index cfe9330..bccbcc0 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -3,60 +3,9 @@ let inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; - serviceUser = "nginx"; - serviceGroup = serviceUser; - - sslBasePath = "/etc/ssl"; - dhParamsPathBase = "${sslBasePath}/dhparams.pem"; - dhParamsPath = - if config.swarselsystems.isImpermanence then - "/persist/${dhParamsPathBase}" - else - "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - options.services.nginx = { - recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; - virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options.locations = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule (submod: { - options = { - recommendedSecurityHeaders = lib.mkOption { - type = lib.types.bool; - default = config.services.nginx.recommendedSecurityHeaders; - description = "Whether to add additional security headers to this location."; - }; - - X-Frame-Options = lib.mkOption { - type = lib.types.str; - default = "DENY"; - description = "The value to use for X-Frame-Options"; - }; - }; - config = lib.mkIf submod.config.recommendedSecurityHeaders { - extraConfig = lib.mkBefore '' - # Enable HTTP Strict Transport Security (HSTS) - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - - # Minimize information leaked to other domains - add_header Referrer-Policy "origin-when-cross-origin"; - - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "${submod.config.X-Frame-Options}"; - add_header X-Content-Type-Options "nosniff"; - ''; - }; - }) - ); - }; - } - ); - }; - }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -69,67 +18,23 @@ in ''; }; - users.groups.acme.members = [ "nginx" ]; - security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; - reloadServices = [ "nginx" ]; - dnsPropagationCheck = true; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ dhParamsPathBase ]; - }; - services.nginx = { enable = true; - user = serviceUser; - group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedSecurityHeaders = true; - sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; - sslDhparam = dhParamsPathBase; - virtualHosts.fallback = { - default = true; - rejectSSL = true; - locations."/".extraConfig = '' - deny all; - ''; - }; + # virtualHosts are defined in the respective sections }; - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateDHParams" "users" "groups" ]; - }; - system.activationScripts."generateDHParams" = - { - text = '' - set -eu - - ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - - if [ ! -f "${dhParamsPathBase}" ]; then - ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 - chmod 0644 ${dhParamsPath} - chown ${serviceUser}:${serviceGroup} ${dhParamsPath} - fi - ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; - }; }; } diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 005bdab..ca813b1 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -7,7 +7,7 @@ let serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; tikaPort = 9998; gotenbergPort = 3002; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 411a3e6..7ad9fe2 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -7,7 +7,7 @@ let serviceUser = "radicale"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; cfg = config.services.${serviceName}; in diff --git a/modules/nixos/server/router.nix b/modules/nixos/server/router.nix deleted file mode 100644 index fb8112a..0000000 --- a/modules/nixos/server/router.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ lib, config, ... }: -let - serviceName = "router"; -in -{ - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - systemd.network = { - wait-online.anyInterface = true; - networks = { - "30-lan0" = { - matchConfig.Name = "lan0"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan1" = { - matchConfig.Name = "lan1"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan2" = { - matchConfig.Name = "lan2"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "30-lan3" = { - matchConfig.Name = "lan3"; - linkConfig.RequiredForOnline = "enslaved"; - networkConfig = { - ConfigureWithoutCarrier = true; - }; - }; - "10-wan" = { - matchConfig.Name = "wan"; - networkConfig = { - # start a DHCP Client for IPv4 Addressing/Routing - DHCP = "ipv4"; - DNSOverTLS = true; - DNSSEC = true; - IPv6PrivacyExtensions = false; - IPForward = true; - }; - # make routing on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - }; - }; - }; -} diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 37354db..00ee47e 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -16,7 +16,6 @@ in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix index 4c61caa..527eaa2 100644 --- a/modules/nixos/server/shlink.nix +++ b/modules/nixos/server/shlink.nix @@ -60,11 +60,11 @@ in }; }; }) [ - "data" - "data/cache" - "data/locks" - "data/log" - "data/proxies" + "${serviceDir}/data" + "${serviceDir}/data/cache" + "${serviceDir}/data/locks" + "${serviceDir}/data/log" + "${serviceDir}/data/proxies" ] ); diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix index 1d92892..4f54b8a 100644 --- a/modules/nixos/server/slink.nix +++ b/modules/nixos/server/slink.nix @@ -41,8 +41,8 @@ in }; }; }) [ - "var/data" - "images" + "${serviceDir}/var/data" + "${serviceDir}/images" ] ); diff --git a/modules/nixos/server/snipe-it.nix b/modules/nixos/server/snipe-it.nix index 3ae183e..b7a9edd 100644 --- a/modules/nixos/server/snipe-it.nix +++ b/modules/nixos/server/snipe-it.nix @@ -9,7 +9,7 @@ let serviceUser = "snipeit"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; mysqlPort = 3306; in diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 6eb61c6..6d1ac78 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -7,7 +7,7 @@ let serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + serviceAddress = globals.hosts.winters.ipv4; specificServiceName = "syncthing-${configName}"; cfg = config.services.${serviceName}; diff --git a/nix/devshell.nix b/nix/devshell.nix index 8d8274c..2969bcf 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -5,7 +5,7 @@ inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, config, system, ... }: + perSystem = { pkgs, system, ... }: { pre-commit = { check.enable = true; @@ -27,7 +27,6 @@ nixpkgs-fmt.enable = true; statix.enable = true; trim-trailing-whitespace.enable = true; - treefmt.enable = true; destroyed-symlinks = { enable = true; @@ -47,143 +46,114 @@ }; }; - devshells = { - deploy = - let - nix-version = "2_28"; - in - { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - ]; + devshells.default = + let + nix-version = "2_30"; + in + { + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + pkgs.nixpkgs-fmt + self.packages.${system}.swarsel-build + self.packages.${system}.swarsel-deploy + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ + --append-flags '--flake .#$(hostname)' + ''; + }) + ]; - env = - [ - { - name = "NIX_CONFIG"; - value = '' - plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { - buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; - patches = (o.patches or []) ++ [./nix-plugins.patch]; - })}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - } - ]; - }; - default = - let - nix-version = "2_30"; - in - { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - pkgs.nixpkgs-fmt - self.packages.${system}.swarsel-build - self.packages.${system}.swarsel-deploy - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ - --append-flags '--flake .#$(hostname)' + commands = [ + { + package = pkgs.statix; + help = "Lint flake"; + } + { + package = pkgs.deadnix; + help = "Check flake for dead code"; + } + { + package = pkgs.nix-tree; + help = "Interactively browse dependency graphs of Nix derivations"; + } + { + package = pkgs.nvd; + help = "Diff two nix toplevels and show which packages were upgraded"; + } + { + package = pkgs.nix-diff; + help = "Explain why two Nix derivations differ"; + } + { + package = pkgs.nix-output-monitor; + help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; + name = "nom \"$@\""; + } + { + name = "hm"; + help = "Manage home-manager config"; + command = "home-manager \"$@\""; + } + { + name = "fmt"; + help = "Format flake"; + command = "nixpkgs-fmt --check \"$FLAKE\""; + } + { + name = "sd"; + help = "Build and deploy this nix config to nodes"; + command = "swarsel-deploy \"$@\""; + } + { + name = "sl"; + help = "Build and deploy a config to nodes"; + command = "swarsel-deploy \${1} switch"; + } + { + name = "sw"; + help = "Build and switch to the host's config locally"; + command = "swarsel-deploy $(hostname) switch"; + } + { + name = "bld"; + help = "Build a number of configurations"; + command = "swarsel-build \"$@\""; + } + { + name = "c"; + help = "Work with the flake git repository"; + command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; + } + ]; + + devshell.startup.pre-commit-install.text = "pre-commit install"; + + env = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + [ + { + # Additionally configure nix-plugins with our extra builtins file. + # We need this for our repo secrets. + name = "NIX_CONFIG"; + value = '' + plugin-files = ${nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} ''; - }) - ]; - - commands = [ - { - package = pkgs.statix; - help = "Lint flake"; - } - { - package = pkgs.deadnix; - help = "Check flake for dead code"; - } - { - package = pkgs.nix-tree; - help = "Interactively browse dependency graphs of Nix derivations"; - } - { - package = pkgs.nvd; - help = "Diff two nix toplevels and show which packages were upgraded"; - } - { - package = pkgs.nix-diff; - help = "Explain why two Nix derivations differ"; - } - { - package = pkgs.nix-output-monitor; - help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; - name = "nom \"$@\""; - } - { - name = "hm"; - help = "Manage home-manager config"; - command = "home-manager \"$@\""; - } - { - name = "fmt"; - help = "Format flake"; - command = "nixpkgs-fmt --check \"$FLAKE\""; - } - { - name = "sd"; - help = "Build and deploy this nix config to nodes"; - command = "swarsel-deploy \"$@\""; - } - { - name = "sl"; - help = "Build and deploy a config to nodes"; - command = "swarsel-deploy \${1} switch"; - } - { - name = "sw"; - help = "Build and switch to the host's config locally"; - command = "swarsel-deploy $(hostname) switch"; - } - { - name = "bld"; - help = "Build a number of configurations"; - command = "swarsel-build \"$@\""; - } - { - name = "c"; - help = "Work with the flake git repository"; - command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; } ]; - - # devshell.startup.pre-commit-install.text = "pre-commit install"; - devshell.startup.pre-commit.text = config.pre-commit.installationScript; - - env = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - [ - { - name = "NIX_CONFIG"; - value = '' - plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - } - ]; - }; - }; + }; }; } diff --git a/nix/formatter.nix b/nix/formatter.nix index cf3ce6a..c00f3f2 100644 --- a/nix/formatter.nix +++ b/nix/formatter.nix @@ -1,28 +1,6 @@ -{ inputs, ... }: +_: { - imports = [ - inputs.treefmt-nix.flakeModule - ]; - perSystem = { pkgs, ... }: { - # formatter = pkgs.nixpkgs-fmt; - # formatter is set by treefmt to: - # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); - treefmt = { - projectRootFile = "flake.nix"; - programs = { - nixfmt = { - enable = true; - package = pkgs.nixpkgs-fmt; - }; - deadnix.enable = true; - statix.enable = true; - shellcheck.enable = true; - }; - settings.formatter.shellcheck.options = [ - "--shell" - "bash" - ]; - }; + formatter = pkgs.nixpkgs-fmt; }; } diff --git a/nix/globals.nix b/nix/globals.nix index 912f24c..1b534d3 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -1,5 +1,5 @@ # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix -{ self, inputs, ... }: +{ inputs, ... }: { flake = { config, lib, ... }: { @@ -8,8 +8,7 @@ globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck - # inherit (self.outputs) lib; + inherit lib; inherit inputs; inherit (config) nodes; }; @@ -55,7 +54,6 @@ inherit (globalsSystem.config.globals) domains services - networks hosts user root diff --git a/nix/hosts.nix b/nix/hosts.nix index 2c99f41..0310acf 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -3,16 +3,12 @@ flake = { config, ... }: let inherit (self) outputs; - inherit (outputs) lib homeLib; + inherit (outputs) lib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); - mkNixosHost = { minimal }: configName: arch: - inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs outputs self minimal configName homeLib; - inherit (config.pkgs.${arch}) lib; - inherit (config) globals nodes; - }; + mkNixosHost = { minimal }: configName: + lib.nixosSystem { + specialArgs = { inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; modules = [ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops @@ -27,8 +23,7 @@ inputs.niri-flake.nixosModules.niri inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm - (inputs.nixos-extra-modules + "/modules/guests") - "${self}/hosts/nixos/${arch}/${configName}" + "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" { @@ -36,8 +31,8 @@ microvm.guest.enable = lib.mkDefault false; node = { - name = lib.mkForce configName; - secretsDir = ../hosts/nixos/${arch}/${configName}/secrets; + name = configName; + secretsDir = ../hosts/nixos/${configName}/secrets; }; swarselprofiles = { @@ -55,10 +50,10 @@ ]; }; - mkDarwinHost = { minimal }: configName: arch: + mkDarwinHost = { minimal }: configName: inputs.nix-darwin.lib.darwinSystem { specialArgs = { - inherit inputs lib outputs self minimal configName; + inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; modules = [ @@ -69,105 +64,70 @@ # inputs.fw-fanctrl.nixosModules.default # inputs.nix-topology.nixosModules.default inputs.home-manager.darwinModules.home-manager - "${self}/hosts/darwin/${arch}/${configName}" + "${self}/hosts/darwin/${configName}" "${self}/modules/nixos/darwin" # needed for infrastructure "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { - node.name = lib.mkForce configName; - node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets; + node.name = configName; + node.secretsDir = ../hosts/darwin/${configName}/secrets; } ]; }; - mkHalfHost = configName: type: arch: - let - systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; - pkgs = lib.swarselsystems.pkgsFor.${arch}; - in - systemFunc { - inherit pkgs; - extraSpecialArgs = { - inherit inputs lib outputs self configName; - inherit (config) globals nodes; - minimal = false; - }; - modules = [ - inputs.stylix.homeModules.stylix - inputs.niri-flake.homeModules.niri - inputs.nix-index-database.homeModules.nix-index - # inputs.sops-nix.homeManagerModules.sops - inputs.spicetify-nix.homeManagerModules.default - inputs.swarsel-nix.homeModules.default - "${self}/hosts/${type}/${arch}/${configName}" - "${self}/profiles/home" - ]; - }; - - linuxArches = [ "x86_64-linux" "aarch64-linux" ]; - darwinArches = [ "x86_64-darwin" "aarch64-darwin" ]; - mkArches = type: if (type == "nixos") then linuxArches else if (type == "darwin") then darwinArches else linuxArches ++ darwinArches; - - readHostDirs = hostDir: - if builtins.pathExists hostDir then - builtins.attrNames - ( - lib.filterAttrs (_: type: type == "directory") - (builtins.readDir hostDir) - ) else [ ]; - - mkHalfHostsForArch = type: arch: - let - hostDir = "${self}/hosts/${type}/${arch}"; - hosts = readHostDirs hostDir; - in - lib.genAttrs hosts (host: mkHalfHost host type arch); - - mkHostsForArch = type: arch: minimal: - let - hostDir = "${self}/hosts/${type}/${arch}"; - hosts = readHostDirs hostDir; - in - if (type == "nixos") then - lib.genAttrs hosts (host: mkNixosHost { inherit minimal; } host arch) - else if (type == "darwin") then - lib.genAttrs hosts (host: mkDarwinHost { inherit minimal; } host arch) - else { }; - - mkConfigurationsPerArch = type: minimal: - let - arches = mkArches type; - toMake = if (minimal == null) then (arch: _: mkHalfHostsForArch type arch) else (arch: _: mkHostsForArch type arch minimal); - in - lib.concatMapAttrs toMake - (lib.listToAttrs (map (a: { name = a; value = { }; }) arches)); - - halfConfigurationsPerArch = type: mkConfigurationsPerArch type null; - configurationsPerArch = type: minimal: mkConfigurationsPerArch type minimal; + mkHalfHost = configName: type: pkgs: { + ${configName} = + let + systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; + in + systemFunc + { + inherit pkgs; + extraSpecialArgs = { + inherit inputs outputs lib self configName; + inherit (config) globals nodes; + minimal = false; + }; + modules = [ + inputs.stylix.homeModules.stylix + inputs.niri-flake.homeModules.niri + inputs.nix-index-database.homeModules.nix-index + # inputs.sops-nix.homeManagerModules.sops + inputs.spicetify-nix.homeManagerModules.default + inputs.swarsel-nix.homeModules.default + "${self}/hosts/${type}/${configName}" + "${self}/profiles/home" + ]; + }; + }; + mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); + nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); + darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in { - nixosConfigurations = configurationsPerArch "nixos" false; - nixosConfigurationsMinimal = configurationsPerArch "nixos" true; - darwinConfigurations = configurationsPerArch "darwin" false; - darwinConfigurationsMinimal = configurationsPerArch "darwin" true; - homeConfigurations = halfConfigurationsPerArch "home"; - nixOnDroidConfigurations = halfConfigurationsPerArch "android"; + nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { + minimal = false; + }); + nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { + minimal = true; + }); + darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = false; + }); + darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = true; + }); - guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( - _: node: - lib.flip lib.mapAttrs' (node.config.microvm.vms or { }) ( - guestName: guestDef: - lib.nameValuePair guestDef.nodeName node.config.microvm.vms.${guestName}.config - ) - ); + # TODO: Build these for all architectures + homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux // mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.aarch64-linux; + nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations - // config.darwinConfigurations - // config.guestConfigurations; + nodes = config.nixosConfigurations // config.darwinConfigurations; + }; } diff --git a/nix/lib.nix b/nix/lib.nix index c41db61..c12117e 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -6,22 +6,6 @@ let inherit (inputs.nixpkgs) lib; in rec { - cidrToSubnetMask = cidr: - let - prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); - bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; - octets = lib.genList - (i: - let - octetBits = lib.sublist (i * 8) 8 bits; - octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; - in - octetValue - ) 4; - subnetMask = lib.concatStringsSep "." (map toString octets); - in - subnetMask; - mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) @@ -73,8 +57,5 @@ in inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); - - swarselsystemsLib = swarselsystems; - homeLib = self.outputs.lib; }; } diff --git a/nix/overlays.nix b/nix/overlays.nix index 1f8fdc2..fd98db0 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -9,7 +9,7 @@ in overlays = { default = final: prev: let - additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } + additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; } // { swarsel-nix = import inputs.swarsel-nix { pkgs = prev; @@ -22,11 +22,6 @@ in # withSystemVencord = true; # }; - lib = prev.lib // { - swarselsystems = self.outputs.swarselsystemsLib; - hm = self.outputs.homeLib; - }; - firefox = prev.firefox.override { nativeMessagingHosts = [ prev.tridactyl-native @@ -77,19 +72,15 @@ in (builtins.attrNames nixpkgsInputs)); in - lib.recursiveUpdate - ( - (additions final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nixgl.overlay final prev) - // (inputs.nixos-extra-modules.overlays.default final prev) - ) - (modifications final prev); + (additions final prev) + // (modifications final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nixgl.overlay final prev); }; }; } diff --git a/nix/packages.nix b/nix/packages.nix index 2f2f525..9b1bade 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -1,35 +1,10 @@ -{ self, inputs, ... }: +{ self, ... }: { - imports = [ - ( - { lib, flake-parts-lib, ... }: - flake-parts-lib.mkTransposedPerSystemModule { - name = "pkgs"; - file = ./packages.nix; - option = lib.mkOption { - type = lib.types.unspecified; - }; - } - ) - ]; flake = _: let inherit (self.outputs) lib; in { - packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; }); - }; - - perSystem = { pkgs, system, ... }: - { - # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ - self.overlays.default - ]; - }; - inherit pkgs; + packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); }; } diff --git a/nix/topology.nix b/nix/topology.nix index 372616c..9b69f5b 100644 --- a/nix/topology.nix +++ b/nix/topology.nix @@ -37,11 +37,11 @@ (mkConnection "milkywell" "wan") (mkConnection "magicant" "wifi") (mkConnection "toto" "bootstrapper") - (mkConnection "hotel" "demo host") + (mkConnection "chaostheatre" "demo host") ]; }; - hotel.interfaces."demo host" = { }; + chaostheatre.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; diff --git a/pkgs/flake/bak/default.nix b/pkgs/bak/default.nix similarity index 100% rename from pkgs/flake/bak/default.nix rename to pkgs/bak/default.nix diff --git a/pkgs/flake/cdb/default.nix b/pkgs/cdb/default.nix similarity index 100% rename from pkgs/flake/cdb/default.nix rename to pkgs/cdb/default.nix diff --git a/pkgs/flake/cdw/default.nix b/pkgs/cdw/default.nix similarity index 100% rename from pkgs/flake/cdw/default.nix rename to pkgs/cdw/default.nix diff --git a/pkgs/config/cdr/default.nix b/pkgs/config/cdr/default.nix deleted file mode 100644 index 56b44df..0000000 --- a/pkgs/config/cdr/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ name, homeConfig, writeShellApplication, fzf, ... }: - -writeShellApplication { - inherit name; - runtimeInputs = [ fzf ]; - text = '' - DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} - DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} - FLAKE=${homeConfig.home.sessionVariables.FLAKE} - - cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" - ''; -} diff --git a/pkgs/config/default.nix b/pkgs/config/default.nix deleted file mode 100644 index 668619b..0000000 --- a/pkgs/config/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ self, homeConfig, lib, pkgs, ... }: -let - mkPackages = names: pkgs: builtins.listToAttrs (map - (name: { - inherit name; - value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; }; - }) - names); - packageNames = lib.swarselsystems.readNix "pkgs/config"; -in -mkPackages packageNames pkgs diff --git a/pkgs/flake/cura5/default.nix b/pkgs/cura5/default.nix similarity index 100% rename from pkgs/flake/cura5/default.nix rename to pkgs/cura5/default.nix diff --git a/pkgs/flake/default.nix b/pkgs/default.nix similarity index 54% rename from pkgs/flake/default.nix rename to pkgs/default.nix index 2bc3808..4301f59 100644 --- a/pkgs/flake/default.nix +++ b/pkgs/default.nix @@ -3,9 +3,9 @@ let mkPackages = names: pkgs: builtins.listToAttrs (map (name: { inherit name; - value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; }; + value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; }; }) names); - packageNames = lib.swarselsystems.readNix "pkgs/flake"; + packageNames = lib.swarselsystems.readNix "pkgs"; in mkPackages packageNames pkgs diff --git a/pkgs/flake/e/default.nix b/pkgs/e/default.nix similarity index 100% rename from pkgs/flake/e/default.nix rename to pkgs/e/default.nix diff --git a/pkgs/flake/endme/default.nix b/pkgs/endme/default.nix similarity index 100% rename from pkgs/flake/endme/default.nix rename to pkgs/endme/default.nix diff --git a/pkgs/flake/eontimer/default.nix b/pkgs/eontimer/default.nix similarity index 100% rename from pkgs/flake/eontimer/default.nix rename to pkgs/eontimer/default.nix diff --git a/pkgs/flake/fhs/default.nix b/pkgs/fhs/default.nix similarity index 100% rename from pkgs/flake/fhs/default.nix rename to pkgs/fhs/default.nix diff --git a/pkgs/flake/quickpass/default.nix b/pkgs/flake/quickpass/default.nix deleted file mode 100644 index c13b8c0..0000000 --- a/pkgs/flake/quickpass/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, name, writeShellApplication, libnotify, pass, wtype }: -writeShellApplication { - inherit name; - runtimeInputs = [ libnotify pass wtype ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; -} diff --git a/pkgs/flake/fs-diff/default.nix b/pkgs/fs-diff/default.nix similarity index 100% rename from pkgs/flake/fs-diff/default.nix rename to pkgs/fs-diff/default.nix diff --git a/pkgs/fullscreen/default.nix b/pkgs/fullscreen/default.nix new file mode 100644 index 0000000..ca6080c --- /dev/null +++ b/pkgs/fullscreen/default.nix @@ -0,0 +1,10 @@ +{ name, writeShellApplication, sway, ... }: + +writeShellApplication { + inherit name; + runtimeInputs = [ sway ]; + text = '' + swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' + swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' + ''; +} diff --git a/pkgs/flake/git-replace/default.nix b/pkgs/git-replace/default.nix similarity index 100% rename from pkgs/flake/git-replace/default.nix rename to pkgs/git-replace/default.nix diff --git a/pkgs/flake/github-notifications/default.nix b/pkgs/github-notifications/default.nix similarity index 100% rename from pkgs/flake/github-notifications/default.nix rename to pkgs/github-notifications/default.nix diff --git a/pkgs/flake/hm-specialisation/default.nix b/pkgs/hm-specialisation/default.nix similarity index 100% rename from pkgs/flake/hm-specialisation/default.nix rename to pkgs/hm-specialisation/default.nix diff --git a/pkgs/flake/kanshare/default.nix b/pkgs/kanshare/default.nix similarity index 100% rename from pkgs/flake/kanshare/default.nix rename to pkgs/kanshare/default.nix diff --git a/pkgs/flake/opacitytoggle/default.nix b/pkgs/opacitytoggle/default.nix similarity index 100% rename from pkgs/flake/opacitytoggle/default.nix rename to pkgs/opacitytoggle/default.nix diff --git a/pkgs/flake/pass-fuzzel/default.nix b/pkgs/pass-fuzzel/default.nix similarity index 100% rename from pkgs/flake/pass-fuzzel/default.nix rename to pkgs/pass-fuzzel/default.nix diff --git a/pkgs/flake/project/default.nix b/pkgs/project/default.nix similarity index 100% rename from pkgs/flake/project/default.nix rename to pkgs/project/default.nix diff --git a/pkgs/flake/sshrm/default.nix b/pkgs/sshrm/default.nix similarity index 100% rename from pkgs/flake/sshrm/default.nix rename to pkgs/sshrm/default.nix diff --git a/pkgs/flake/swarsel-bootstrap/default.nix b/pkgs/swarsel-bootstrap/default.nix similarity index 100% rename from pkgs/flake/swarsel-bootstrap/default.nix rename to pkgs/swarsel-bootstrap/default.nix diff --git a/pkgs/flake/swarsel-build/default.nix b/pkgs/swarsel-build/default.nix similarity index 100% rename from pkgs/flake/swarsel-build/default.nix rename to pkgs/swarsel-build/default.nix diff --git a/pkgs/flake/swarsel-deploy/default.nix b/pkgs/swarsel-deploy/default.nix similarity index 100% rename from pkgs/flake/swarsel-deploy/default.nix rename to pkgs/swarsel-deploy/default.nix diff --git a/pkgs/flake/swarsel-displaypower/default.nix b/pkgs/swarsel-displaypower/default.nix similarity index 100% rename from pkgs/flake/swarsel-displaypower/default.nix rename to pkgs/swarsel-displaypower/default.nix diff --git a/pkgs/flake/swarsel-install/default.nix b/pkgs/swarsel-install/default.nix similarity index 100% rename from pkgs/flake/swarsel-install/default.nix rename to pkgs/swarsel-install/default.nix diff --git a/pkgs/flake/swarsel-instantiate/default.nix b/pkgs/swarsel-instantiate/default.nix similarity index 100% rename from pkgs/flake/swarsel-instantiate/default.nix rename to pkgs/swarsel-instantiate/default.nix diff --git a/pkgs/flake/swarsel-mgba/default.nix b/pkgs/swarsel-mgba/default.nix similarity index 100% rename from pkgs/flake/swarsel-mgba/default.nix rename to pkgs/swarsel-mgba/default.nix diff --git a/pkgs/flake/swarsel-postinstall/default.nix b/pkgs/swarsel-postinstall/default.nix similarity index 100% rename from pkgs/flake/swarsel-postinstall/default.nix rename to pkgs/swarsel-postinstall/default.nix diff --git a/pkgs/flake/swarsel-rebuild/default.nix b/pkgs/swarsel-rebuild/default.nix similarity index 100% rename from pkgs/flake/swarsel-rebuild/default.nix rename to pkgs/swarsel-rebuild/default.nix diff --git a/pkgs/flake/swarselcheck-niri/default.nix b/pkgs/swarselcheck-niri/default.nix similarity index 100% rename from pkgs/flake/swarselcheck-niri/default.nix rename to pkgs/swarselcheck-niri/default.nix diff --git a/pkgs/flake/swarselcheck/default.nix b/pkgs/swarselcheck/default.nix similarity index 100% rename from pkgs/flake/swarselcheck/default.nix rename to pkgs/swarselcheck/default.nix diff --git a/pkgs/flake/swarselzellij/default.nix b/pkgs/swarselzellij/default.nix similarity index 100% rename from pkgs/flake/swarselzellij/default.nix rename to pkgs/swarselzellij/default.nix diff --git a/pkgs/flake/t2ts/default.nix b/pkgs/t2ts/default.nix similarity index 100% rename from pkgs/flake/t2ts/default.nix rename to pkgs/t2ts/default.nix diff --git a/pkgs/flake/timer/default.nix b/pkgs/timer/default.nix similarity index 100% rename from pkgs/flake/timer/default.nix rename to pkgs/timer/default.nix diff --git a/pkgs/flake/ts2t/default.nix b/pkgs/ts2t/default.nix similarity index 100% rename from pkgs/flake/ts2t/default.nix rename to pkgs/ts2t/default.nix diff --git a/pkgs/flake/vershell/default.nix b/pkgs/vershell/default.nix similarity index 100% rename from pkgs/flake/vershell/default.nix rename to pkgs/vershell/default.nix diff --git a/pkgs/flake/waybarupdate/default.nix b/pkgs/waybarupdate/default.nix similarity index 100% rename from pkgs/flake/waybarupdate/default.nix rename to pkgs/waybarupdate/default.nix diff --git a/profiles/home/dgxspark/default.nix b/profiles/home/dgxspark/default.nix index a0d261a..ace298c 100644 --- a/profiles/home/dgxspark/default.nix +++ b/profiles/home/dgxspark/default.nix @@ -55,7 +55,6 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; - syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; diff --git a/profiles/home/hotel/default.nix b/profiles/home/hotel/default.nix deleted file mode 100644 index e6d7105..0000000 --- a/profiles/home/hotel/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; - config = lib.mkIf config.swarselprofiles.hotel { - swarselmodules = { - packages = lib.mkForce true; - ownpackages = lib.mkForce true; - general = lib.mkForce true; - nixgl = lib.mkForce true; - sops = lib.mkForce true; - yubikey = lib.mkForce false; - ssh = lib.mkForce true; - stylix = lib.mkForce true; - desktop = lib.mkForce true; - symlink = lib.mkForce true; - env = lib.mkForce false; - programs = lib.mkForce true; - nix-index = lib.mkForce true; - direnv = lib.mkForce true; - eza = lib.mkForce true; - git = lib.mkForce false; - fuzzel = lib.mkForce true; - starship = lib.mkForce true; - kitty = lib.mkForce true; - zsh = lib.mkForce true; - zellij = lib.mkForce true; - tmux = lib.mkForce true; - mail = lib.mkForce false; - emacs = lib.mkForce true; - waybar = lib.mkForce true; - firefox = lib.mkForce true; - gnome-keyring = lib.mkForce true; - kdeconnect = lib.mkForce true; - mako = lib.mkForce true; - swayosd = lib.mkForce true; - yubikeytouch = lib.mkForce true; - sway = lib.mkForce true; - kanshi = lib.mkForce true; - gpgagent = lib.mkForce true; - gammastep = lib.mkForce false; - }; - }; - -} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index e04e2af..ec37f9d 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -29,7 +29,7 @@ kitty = lib.mkDefault true; mail = lib.mkDefault true; mako = lib.mkDefault true; - niri = lib.mkDefault false; + niri = lib.mkDefault true; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -56,7 +56,6 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; - syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true; diff --git a/profiles/nixos/hotel/default.nix b/profiles/nixos/hotel/default.nix deleted file mode 100644 index 7ff8794..0000000 --- a/profiles/nixos/hotel/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; - config = lib.mkIf config.swarselprofiles.hotel { - swarselmodules = { - packages = lib.mkForce true; - general = lib.mkForce true; - home-manager = lib.mkForce true; - xserver = lib.mkForce true; - users = lib.mkForce true; - sops = lib.mkForce true; - env = lib.mkForce true; - security = lib.mkForce true; - systemdTimeout = lib.mkForce true; - hardware = lib.mkForce true; - pulseaudio = lib.mkForce true; - pipewire = lib.mkForce true; - network = lib.mkForce true; - time = lib.mkForce true; - stylix = lib.mkForce true; - programs = lib.mkForce true; - zsh = lib.mkForce true; - syncthing = lib.mkForce true; - blueman = lib.mkForce true; - networkDevices = lib.mkForce true; - gvfs = lib.mkForce true; - interceptionTools = lib.mkForce true; - swayosd = lib.mkForce true; - ppd = lib.mkForce true; - yubikey = lib.mkForce false; - ledger = lib.mkForce true; - keyboards = lib.mkForce true; - login = lib.mkForce true; - nix-ld = lib.mkForce true; - impermanence = lib.mkForce true; - nvd = lib.mkForce true; - gnome-keyring = lib.mkForce true; - sway = lib.mkForce true; - xdg-portal = lib.mkForce true; - distrobox = lib.mkForce true; - appimage = lib.mkForce true; - lid = lib.mkForce true; - lowBattery = lib.mkForce true; - lanzaboote = lib.mkForce true; - autologin = lib.mkForce true; - }; - - }; - -} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 31bb1af..c73b619 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,7 +4,6 @@ config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; - lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16,8 +15,6 @@ boot = lib.mkDefault true; server = { general = lib.mkDefault true; - network = lib.mkDefault true; - diskEncryption = lib.mkDefault true; packages = lib.mkDefault true; ssh = lib.mkDefault true; nginx = lib.mkDefault true; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index c233faa..a224336 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -21,7 +21,6 @@ server = { ssh = lib.mkDefault true; - diskEncryption = lib.mkDefault true; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 1d8f99a..1dadd06 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -26,7 +26,7 @@ lowBattery = lib.mkDefault false; network = lib.mkDefault true; networkDevices = lib.mkDefault true; - niri = lib.mkDefault false; + niri = lib.mkDefault true; nix-ld = lib.mkDefault true; nvd = lib.mkDefault true; packages = lib.mkDefault true; diff --git a/profiles/nixos/router/default.nix b/profiles/nixos/router/default.nix deleted file mode 100644 index 256cfa0..0000000 --- a/profiles/nixos/router/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.router = lib.mkEnableOption "enable the router profile"; - config = lib.mkIf config.swarselprofiles.router { - swarselmodules = { - server = { - router = lib.mkDefault true; - }; - }; - }; - -} diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 6564dea..3f54024 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -2,105 +2,95 @@ pia-vpn1-crl-pem: ENC[AES256_GCM,data:vIngU8HivUQpJLZyOVTeBTmlaDxfPnyTfPakYk7aEf pia-vpn1-ca-pem: ENC[AES256_GCM,data:bRFLqNnqUqvmvo/Cs1rk5m7FzFGsZKvN/btQGC0/zS8BejOztFGL7yPaWsUVXSjxRsIEbWc2JWKzFP5AZXozDvK6vH9BWV0j/4FJBN38w87+Tr0a8U5XbGVWqEm8dr3OoCo7jRi1HkASpLtjRbL3hSSLWjCBfnd7FUyCemLR5+c6tlRuAL0ubk6N3FQYbUtfWQEDLu75TGND2EWo2CMzqfRZinFigIBQZuNCMKrRJm8cLbaAcPqy95wCtH3vPanMzdG2n2jrCt7gqTWn6tmNQH7L+RYJzpfFxoK6bOxBt2iyvyPp7nTCEMt8YZvz6Salk/V0aYnIXT4gbKVmpsdnPrwggYogLWP//dAycUjC0eF16zUkB17+Lj5zvuiEr7l+VfVZ6zt+LIo3adacdxU9vR4C6izyTJq5lVbAUYKFHxN8OMS0ZM5twtsUBmoIysyUQhE6xzMDHv9PJiK6A7BDFQ+PjzJcYWeBhGCr68Fj1flcHQEZxSuqbvFdwllhJiLAsO/TlqMf5IRIDGS1H9ouiEPuZ/VpD4JrjhW6QsUF2ALqDD9IuDQVQ464kqtVZdD/tQawF0zcoBNYI/YDKjgbI/sw3IrBpOuvdVHFq0Ea26igdupRZSzuLb/OSJ0G1nKnirs6gPlMw8rlvI1p8cSrSUSFlp+BBU2kV+GD9S5cXsQYfuuFJquPM62QQo/GvlBKZ1Vbz1fr+WzLxTyoz8m0VsduPuSnRx3IUcrVvs/MOmwcylbnTpZ1nmRjZ2dy0Ev7XDLeCbi3i1gnHPKAqQaA+tNo8EmkaxBqO7nfFulUZwaooKBGwy7AxjiCD2FBKYJm+5WUqXYXCDGpA9UxPtagCkEljETRulO1tyKWuP50QiYKaXk1Y0Z8SY8PZkNHpEjlCee6Nb0VBkmusIVFFoc5D7bO0TYqq9nqgrsFUTPHOhHHyCewwcTHZcISAK3Bi9AUWYwFAQUopwFDCE5rkM2Rcfo0khW+1fd7EPQysk3HJn81KnV06jc9AcOGJQkWxGfBOsBROuXJmiCZzF5jg4AK2fEjvvPm2f1S6IbIPoTyMk79eBDAZJsbS61uvRd46Ik4IhPFmgM4wcraNEzegSnaDiIgZA+bYO1t14TD/ctOGHeGt12lqWkkqcKyL9MTOuuW32sNSWsL4MWHGYmS89RrJXYalG0ql9WKEJit8UXwTkNxDZ6XHvLGMkaJBVKgaU48Mf/ejgAoqwgob7fG0cxV/YPUnVhS5ODdZ89tjxeSeQWJULmLxK0Tq3znCqQYhHS4dKXCDOXo0P7ZoA0ludVF87QLPe5V6cccPTvnEBHKDTEhBzkkS2smbz/MLacOBexkW2ypPlNgAsiyqThrdZC4O0GpX80TmNHQy4kfqcAQ30jmN5Ay4muFjAunJvWIqBZBZ7bHUR6exvjng3tU7hmzoykJ/1ful11C59ydvOkpMdERBNbtoh9xBxSe645+H6iYrESsBfRNMzdEg5FppGM2KRLQPD27c5ywQxAvjf6e6PClkmF81FlvD3FrUoQYZBmGGYLZRtKm4Dk7rk7JxvIzVpcSH5DBhlStyVH6EAG/R/3AvGbXdGcAPK3pS6DBSur6CZh86/75HOv3/CfQQj2bkmAmtMOX+x83U8ts5sINJjq8dcsU1m9RfAgasw+OFVsqYGLfJita1kYmYIvPHQlAZuuFUrm6PPFZ73Mz+u9rkpGxEGPZ2N35naULBkX0Tn8EpTaPJgyua914Yrd5foQhtD/SvfFp4TaVAQ2XsrJpHWs92oyZipmAYonB8UoifKxwBPa6dB/E7nmzZfL9+FS+3QVvDBDvI7FNLS+90TCWY949N7Luc6EPt2NVxwXpSUI4YmB4WDpAnbvO1+9U5VToXe000DClv6N3HI54lLsm2sSNZCDAJVW8it+dKQXB+SSmwExoeamcWlEpMRTIL1kcJu16CTVXtwuEmaLNiianl/XaLSDBvXynAbqaZqjtwpTSggiuIsFU8NvofflucU2IohYJRExfser8tCWBJ7+/YznNI4zH0OByIsOfys202LfIV4DYhGITgYlCZYzeR5/egxZ7Ge0ezEW/pDaUCsqyHrx8Qj+iFuTEZtBR0/sVT34sEx0QmPmcRE+jBIZkFQ/2nt2OdRgqhl66ArbAL06S7d0VD+I+fc4Z6jFhmeDg4ROYe5Zo+4vD/WBl2bPKK2sjB80IkrnJ0f/JmT/TajeRU2d1+l9cEXzz2+pxWT0SQ7MrNIVzOuyatelvSLgzdI5bRgc4Hs4nsAvb18M+joC/CgjAw8Cf1EdqnRo9k97IhhWuglx/wVYL8XLQnSLzBzv8lUXthRIJ0EaNtp8LlAkEqQAyXGpuctRO8aSjZ3WRqudGCDQ9awwgCaxPDyLILqkNlUjqr5phuk1prSPruixFFkKT3XzT57kv9CVMTEqIH/q1ukNJC353VIFUF9RhmRMiBFKUy3Cpy7vp0YVSnq+HF0pR9xttGN2gbQ6QdeB2ZpeCbfFEOdp5nFNTKpRMGNBq6CCIF5KoZA8jdneYYzTZ5b6zkCAR8Hf1hkppDnRbZhHa4SIMO9WDCv0b7o6SFkVqtTJlTJzavcLXizMf2D/lgVBmCbqrGOBYiyOhkQvIpSLBhyUmyLu6WtET51lkc/DmLhaN4MKXdKF1PQw3UblH1wtRrng/4cYo56ftgXD7m2YMqDYevNZ11pkR,iv:bIQdKQPSsaR7cY6mfTZdqQTowEcga4H9yzNANHKcNEw=,tag:oto4R2yeumVxKoPy+U2eKQ==,type:str] kanidm-self-signed-crt: ENC[AES256_GCM,data:1+dM8NdsKcuqlCAbQBF7+gnVbeKbc6Gtr9AaBId/ehJjHDkHm4Ptg2pVSvkapjJE5TKTAOWF17lRuKgVpCfPxATBUu6RCrvnJHRcUyQiS9wuGRAlQBWICv2ygtfx6ODGaBuLEzAulxGHT69UG7IgB7XH6bPPqTNDPKduRw35KMYMpCsH/9kVpIAWp5r0hCDL9zGUnBrGyclpdwDtbowW0j5qOoCYrcj2OvQMzr9gNvOLKiIaEBnXV95WkSUbt9RSrE476Ib4uH3aXtoWkkGeZTEiFXAhf8cqVV2xP2tpJWEgl781L9Gno6D7r3A/doF8wA9GSByS4IdOJqUpEHK1+6Txl0WrkK/h9LEqHrIaTgyzz35wMXlVeBFYFsmrmZZCZHsIaPhHRoAJxfzxrz/kThBsfhaH8G5QiiRtn8DZynopSPSj5XEsN8tZvWARfiNvNLEH9RKZgtyodoxIc6+jGCQl2Pg2oKP7YWb7Xza/zVN8ZKF2dpHzPrrxUObu275Tte9PiOXKvHVSlcBZsqom6Cd8WaI0Cwsd46sZUo0nV1FBAPyYAf329D1yauwF0S+SsHR+wQxo7pAigVjTpp3CwwiKUBhf4Pnov646+idXZNbPpAHDkhuaQM1JXkxo8EFYR13lIYvlSnPC8YwzSYHyMhV9h7GZKwUwC8988Jn1vxA1Iju7s2biJMndWT0z4522iMx6Quy7Imn78Pq4V5gYanuaDiDOJyD8na18l3BNdU8+Y+8d0hM55FlquypeR+fdp9DhGQToQb6RJzMFVurvtQIvDJzyciNbx/ha+OthI1IflhiCICNhIG4vZp5RCGLNj0ZL/nV/F9wC/JxUSIiTNSpqpI1cRfCDlKooWHLryNj73I0GfeliZFNNAoQHw506bOZD4dIOi6MleqqGOPEopKS+7c8mVTIGEXARtW1UTa40zYri8q/WIV4QkiaMBMCv8giLy3CiTPucmjOlV94KjVMU/ZnEO6BPnMWGJ2MuEzF8i27DvEH3hDdrCiRvCLwyd5xdSoVL1xv41LqhBLS0kUT8pJW3zuSAYw1IGhB201X+qvEtWa+3V19VoF9oHyBh4mwvYtJxaCq1LTVfwrw8xg0pDYP8uIpbHYIClovcZ2OtVVlIZGOKeCRrOKLClbA0cS0ZrEF0S5LO3cTwLyUlHC0GrMsZzwW2JH3mShxTvTrU4ryVaYObW0nqymeCUYZn5mxVCq3Hl2MwEX0cmB6NWAweLzDc9ngiu3w07bO2czgXZjREZrPvbQ+CFmfP6XFiguTCF0qdQJ4g31oGyDWbuK1tl/mpmnnUc02/BfZkpKB7q5FY6Ig0PsvwAyuHuARAo8uBPaNFPJp1rfkmNRZ1gIb2pL0KWG6+QQt0aoZ6/f4DSsUDKlnkTyUtSGqrwg3RJA9dBeOKkikfWtbOB6tOnA4PLnxXyEzw+s4cc3H03jxRsP72TF2qVrSJLSKYpD/Gm3ULdhqWlOO42fMAowh8Dx5w6mlXHBBxtigVfZy0Fu1Y+4lB7OnPpvCGPjX22FJlgb7cIufX2ksNGOwOV+sysI8zgJCNRRrol4vTHNsVnp1B++64Z7MYjVX7mIdffzKY4jdV8RgqJLHavn1d+dKG5NxkzPXOJtrTemZfGbuSWROEjH6MdcF45NgwCY3eakWMazeo0pGJWaBIMixN2J/XzMWhEgopO4+zrp7fDV36lqV2MUySOeRZsXFOHejxTG+OHTTa00RZxsZzvzpVzQqN5hhVeQPUCLwPurJdYnuYs7hr8leQOAVxLglqs/OnbhaCWyMKRDkqPx1baY45ytCdmp8IBCzFrIbbAvRA72xUNwHCKGf4RY9QhsyrFTltyRBVPaVG0LJhVxMbtf25gYgSyooPANcUm4BI5EvdFAJx1i9xnfGzgh/JEx8eZic7Cu9xryUbuL0n95HocJAmRu0+MTUuiFlMxIfnvB1K6I3J6KJIojd+6FMCb5k8QRESCR6TK3PtsuCpBj9oJF8g/rMfKeX8reSZn1aBtI7XHqKGxk2I7lYh5wqa07nIKQkB5FRcNUJ/tQQt+mUZDxW27ELX6Oh3JLZysSMw+Y08mT/1AwF+kqA5aHjpAxUBwQQfcn+WUxu9usNE6HdXjrrrSuIVWS9m0BloIUt/MIOPHiRYNW9wx5A5SJwdLSN0G2r9VD/2a7YguXjtDSCLxiVTzoKodhXir/U868CvCprhYZrFT8po3GeNOOb5psrNpaFeI6uWJzoNn0fren9fD+eZk+HFgZVi5aT6CNy9fYYtDv16vyapSTowmmcn3OjtTeSOe2oHfkfe4TeP1BMNx8263jmCeYLipPm+mGyHHnb3cBHWgDZX3QfMlVoFKUm9p+aDiKoA6YFqmy1+9r7EvZ9QCQ66UIxMYt7e5wL4P8ukmttG90GQFNKNA86OMd4nOrtsl4c+PNCbYRxYf0qyc0ad2wyyReHvwDKOoIRSbwkVTxZrSTZA0wXW2y7ddW3K1Ld2+qBSPtIYHTHM5w==,iv:LIuJpGoxOCBX73ZyjIUl9mYVA0wcRdue8EJyfqQzcK0=,tag:5W2UVbOH3Lma99lVxDdkNw==,type:str] kanidm-self-signed-key: ENC[AES256_GCM,data:IIi2LK13Tskk7V6jALsVYOYKgNobhUlmai1z9PwohkUUbXYpmvaB8yu56lssUb/xX9cdFHghDM8YHhS0FOe44ugDexisZRXhyxWIenGRRTJM99/RWEO4Ew04ZFWAMrCUFdDHuSThNhaLyuEm291cp0iA05W9Z/G7i3ymKlqE8Wg6HkcaxkuSek10S74SYAABbfrz/8KfZQdfN1fl8i+0UD8/n42XpT1wU45CldZfDuRjOmsRaDwDDgXageFhsN2oJuZQjA3060sMom+/DUDHPam3eYYKE9ulNcrPhJKFzB0r5RJYnLZEY+wtiYI6YMZs2x5aXAvuh+dmjD8rVWTQb9ZuuJlMvVv0PInORojMs/LyJNsxC/Rv48wY8lCIkalfAVa8TkGiptiX02kNELOsWlBuPzawynzNi6tFRn0gHQl1wSrjOJi9oPRiiV5Ru1ufmDCivHOoJlDoPZ9fqTnMf14tdUPAlSRgAho9d6yke0t0/7y0QIEQClOMaUF+xdJ+pJxXY4puesCPcw9f7R068tFNINNz42xCvSEP2VgSEa2lvFs7Uw0OKf6QZ+cFxuM85CWPE/58kShKLz0GNo1t509+sZC9aazbpsvTMacedo+m+D9aiPiX4dmkT0VK75JXlX5WEUkFL/p8ZVQ/z3m1yvtXv56iPO0mgvGHHAPy2i8khfa1hqwnFO+Z2JiG2Bcydf2I7fW3rBOQZbBINd5YVMm8qN3f7notptLP4GY+vAWm67+FwdF/YFVVseXmqipGvhjx7bw07WasBC6Cscaw3FDRDEx3LYckdfEO928Edq3G2G+Wme5uYwzvHB9fqW3w9UoFS9j5cYumbbFjPCsQUK5PZmKa4hhg4eFnn0jcUTl7/rs213iFsHWxHmzOgVlo2iIkc1eDlKGvdJRY+zqOPnwJiiqxbE3P8kpH5FObmEqY57+eUT/g1bEaqFRYEH6Wq3kONujQrTZipCyor9ai4+bYhGI4SdxEpA6eQfcyFljofNiTbDAfURjvGtLkvY1pUpimyafoYU1EIOuB+aBlIR9XE7baiX7PnidSWqhMqS5ua/eLSYmRgFAxWmpyMNPXbMj/7CL7MSaDZvIvbyXW5nHm+RzjFYU7HzP6nl0WeURUsnvY9maYJOVPsN/1p/vrQ1ezTXFGhPmiHX1K4NunVZ8bGo7bU7OO7T3e+xcrkGjZQIlZA7FpLrYwF3kIwy1WdSOUIKF4EKNvmmJr+yYq2Mkaw6dd4hua+50hGzePGYrnYBJHYTeQhhjXd+uU30bFJ7y+WmABts4oJCEoU8wScgZ3Cds0ZKu5lCgxxBGcz4P3oMagSct400WiMHZ0VQIHb1V4+prjhVJVm5hcxgfVXFEJOA44zkmD/XIsqla2CFEpL9AEoIPyBOZFY+RUnLZ/oPVGJzVfL4XvDdji0Wcvaw7FpKu5KUYs1vxloVDsMpNUJNK4snvB63ppitm7uYF5sVD+1rLAWIs8SdT+zo7bq5mUFUBSS9ZypAKQbdcprqn4myZ62CFHJbgyAxwX0fnPcvn3YBJmCuZBm9+zCNuFr1fYOhcwY+YLiXuel1UeEfmFjTU4EDiELY34EUdhxh/PqTirvBtU7JEdeOZXInHSqILOqzWsfQ4Qp6pTDQum4Qt2aRWWg0ls4b4ublXrTaz0gKoQlfyRNQN1F6d6+dYU6O4If8VRBs5TKnJ2GxJaky2XCJW7AdtnOy3XdDv+avKwFJ1yDp1rwi9iVTUI9djmJohEBCiXDEp3gzHBtNoReZV0Fo435whb4jA3NmoJEvyZpaDSQm+lF46glxDye7dvsp6WsFL9vOLiYcED/RrlRBQpI63eVRBCslNT/4tQVSiYzxnLnDpMyVmXPIBmcV3fe94on1Uvn0J1r5Jvl8GPKuZ5BZ8rqN/psxoKVuBToUTJJZu+78T+sT1cPsn0S3rOCZp+sWn0fZ64NQzaxgH8M6G5epBj8ZDY2SSbLNUa0Gj93lPoYOYWVUIUROcKuhgbWw7JFgWIe6c+jF8yQ/BOJigLr2mLeIterVlXyILZbQEm0AkV+bu9nt0QUDWiRL4h80BVu0jycgTksCyy7zRrz09fzkjrWuFmPZ0rEr3E0dJCV5uZeF7P/GKuvLTdwwn8Imb9r6oNFhCdBvVeGD2V4XzJxzf0kem45aAYwWWSMELPCzHTSvxUMUjo6tzvILeuLYrr8ztE9pim7ZIOA9xKTfQ5LF9XTBpYTfC2+aSmPNnfxnR0gbniLPb/XYur7iGM658WwPkh+1I+VaSyUBWl4HitQGa5q5T/bfSDMe+SxczcsGibIA24iCUwCSVo/jrhcGaGVVVldTFQ+nj5jD1hMVsuzvKe4MyTyHvubjYgjK39qXmLX2NInvgz7FfVLwwPzEh5LDmK3Nl46aHqRISK95BH2PusnP1z0HA+375fVsoIxmbQT7QRbovsmIf2vEU/6EB32DeyLjRIe/2lmTsfBgpm0ju7tRRNMHe61YZBC8Ed6QuTKvHp5bFmXntMQUAoRqyQQe4XFzCHago8guAdV1UkPMcFdZxN8L2D96EXKO3dpF4+6fnCo/c/yQ5+sMhwzzJYE/gV1gOJkyraxJofjUCr6+tzF99HM7x5YFzkJGhtpHtnLGXRwml7wlKH45o0MIXrNmeE6lIX29lw0wMPyq1WYF3tZ63csRzXw8HS6/zukFKM2D6r5sOz1D8zZ3AamEkQm4axsiz45pxgzwxq8uCi4kU14vFr5QOQ0n/DYr5KSUVmsSHokCfyf769NDTRhE6SZDTEjx9mJ0uzB7VAKXI+pKUd9gJhLJcsrjVF+HoDIhoYY8h9Llm+lfhKmiS/eqmo0CbPzwYQM9LljL1V7L7ydel3wxcOrRWISQF5j52KhIT4TiVQKciCH3cvgXJzJGpnjMZzeuhHEvyFhWeLmfqCGqSq74j8alwGrPPy389ofw3lQ7Lkh3F4obz2YYoFfs+6ZhFA1kKNNbf191qskiIJFbYvaKbnASfGa7iw/W0VnC7/unNswozb+q9ur3L47ZeusPUD6ZJfAqxyabmCRpCFkfpuGgxnprzB6wECD5GLp02SnZUqRS++jXoKrMBaLtj2wnyPO8m+V5BZHaqWSUzc7yDN808ttxTCHBITQds62rDqmRhvxceT6NmWrt+ztM369M2k9WNp7BcfcExVdtdfmq0nt9Ykox0IisJKyVn5k7By4WEz3rGdIkFLPTN2SGlSs63olEFd9MYM/JePFIUicnZ7fQAh87ZwYnlzbmD7KwolcM3s+B4y+dYyjpUPAcyF6qcc7Z+6Jh+Kqr6WKl3b6K726xe7XJYpYgw3pwSigzdidknDNNicu0wHRll/BpZJ2VJkes8OBpJIun2Z0WTe6aG8b3tbwMfRG4aleoImJGwWDKZQ6o4aVR0awZifVaJ4/xgX2bjPCPVY5nOEh13aNzUW1itKw20dDIb1I5fSaRP0YLVX5uHpzGFbcLW+nySTibuRph8EeYF0yrVjuoO+KPvr7InAA7zENCmJsDjkjnd9g+WR4wm73oE68/wpBCtlFGXxuhLP5RfdM7zEzK83iQksq4Eaa/xd/lV8qBAG63wolgk3spL9ZSJwe/5lHafM7aKznKuSPU8gz3X8dMeeCKEffXUQCcsBVacNKL4EVPz6KdjZQixUkOG0JDCFcAU3YfquS9SwvfbiO7x6d7rv0kQqMEexx6j+UYV5udTyPkmfz4IEvqsmU2zjIvgUEqeM2t8+I4V7PW676gbbDfQJiRqTrKhiPw7/ZDtPwxOPOKUwT3UMaOZ7i/6gLucdivJMMWAe799tK24ZQQS4ELI1xsKiRRidB7vHOMIkCYj5QdZbLqFSyR3bCLq/EolmMDWnA0yKCsY3UtrCaYVdpaNKDM0bdMhNuXXypy8wJdFr2C4juB1kUYyAA/LTskZYbyQV80b+vq8dKc5W3b5Q13Chm/wGRlisBmi8NhYXtJL8j72L/3K82bbwhHc+VLwmffxYq/zl0XZrMc/ZlLhoKHOGEDMe33SXhRDOUxchDTsblSnbybvW6EGs2IZqp1IYi3YtWkfoo2qHvnVa1OgNlpaAs7vMZ95wmvWJO3SDIJpAkGufDcgi8MPw1AyU2BLFI2PAcY9/x83jPtimVTJ2yTysC3eBZFaYPyaK0xWlAVtk+FR6oN5CvZwu/zKLNd73VOZAL2/4cMZq9PB598MLIrY+Ear2oFoINzLqv0NxUIaX/380P2327ZoUBpb5kSxyI/oAge1PjgnmV+FiInNom49YoehMRDNSCEk9n5gFghcX8VmM6DRemXKIZlj46ZXz9b1os3gc79BiHLY2OyazwP7xQGJO7/kcNJLI/wzPuVHDdqPcI3sk+IU=,iv:p7TGpmls39IYix0rHgeeV+ngkQkXybrUtKQCOF+M8rk=,tag:lNmUlYzd/zxvCfpk50TXTw==,type:str] -harica-root-ca: ENC[AES256_GCM,data:Q81ku0Cpn+taKbgSb6JntZjGblSHO7mzNIGqiHzsUrEpT7fZ7dCBTtHrOv5vQCz3W7k8u2HEEyrJBIgTdaECBTENp/rRwXBh3BCj78taxK+iweF86Ty/BnhWd3POLoYVIJcdG6Yn/oJtoFPqVLb94zzmx1yRXs3mgiItPoWjhIZFe7myQkxGCkPvAU+sJhMCkj+nQ/ZmEOQSgv7kQhhNrNAWidYRcW+vOb2gj+6na4Vw9yIA13zXWX8NQ+4El62UOJ+WPpmVbwl4MOxffKnETYFFRnkpGb9cTL4Cfujs2nFpyJzqA/GwrbOvbbCevMZf+78M3LUtFSk5+tnhE+J3qwnq3ADey3Pcya6VrJJJSVQw4cue92aKP3dGFF3lb59HO9KEqEBIZ+xMSEcqmZcfvBaAFqNeCqw9h2lNFsK/0Yz5Fx+uJXr6BOS8Mt5fZ2SKSKoUpm/Y0qaloEwnqs/KGTA1BBjhwjtO8NjcD8HM3FWkjP2/atR57jKMe35Rz9LTysb6N0ntotK67wEM52Vp4gliIcPlOzNA3LREaVcycRqW8OHvTHiW2SRe0sDVz9hzBCJirNGAGY+qMZHuXMQoKxySmj6GvvtEiptSt1UmDqgcwAbz5ki6DTYM96ZoEH6AtH1tG7tHcuZ6EfT+hMQPLY9wpTMATEWMYOFUfPY+u4cEnvJbQPdQMNN5mxOfsqu+2rhomekTDzPDqSdmPdjOAqHZHSvZ2n6x9pb1ChIcpWbLkB6I6NtSZ1LnVJl0KlaID35396gJ2nkTlCmBHaeIs9q+RvsDGOS898iONh6mvBBVj0l69sKRTa9XS/gJPoBwLX7WSNRls9MQGgzXo0CbmmnsqNnSZVtmITNMX5xaum/rU/Ej+3UBdVbH19McqbQ0sJVTAyqJgtJyNu5M4ktrueJK4wz+Ik4DryBB+23VrRFb3RoeBTa00oqWqwFDphsvx/OWdJ2D04hb0ITCYtg8rV0e52AO2evqL5o/1NUJdyq79QvXKSRYPPmuTsCfR7uCG9Le9gibqPhubCawJWwA0m5K/B39Rrnphu2/2KFn8CSS6rct5vr4vqYdYdfbv+qhcstkoQaYvu8StLHrtmXs6P0ySFAatBnzTuHlIk0IhmcZCTULp1OeDTpZyPH/fILLp/fE6TcdASCrWijSWN2mzAq/vp+Gz0AHXn7n0MVeMOkUvvmi6K+6dLgY8AmL8ceFamWg4TsxWxPNNeZiHlQmMD4jbQ/uR33iaXrstu2g5CfB9XEt3HRw5ZnulVHDrpHY9rECi/PtgpkbrwD8f8sBuaDzfEsBpbWGOUrFBHzdDKQmHltor3WmYJAdflSeJ9P0X3WuVuL3iEues8HWkTOk8SqiKgMKTwpJsg9uUm86hm4to0vaVG9C4Qkyvcs79MAHLMT16Ujg9pmm3xQsFKFvr8LrbfbxdOPWRvbLPLCnaULG9mi20pixtTcnIv1kx7AZ5d8pxwJBRcCaWZtpV0PIWIDjDMY3mxB1wHzjfonS/ZQ4nOuF5pNL5HxlfxLW7eRbqbc3+gJIJOeVSVNY/xwRVmBN6c+n9+nFrgp0geBJjG2h5hQ3TyyVn6iuWeT3+XB8+F97/76Jj6mbQdxAkQ+e7NLxDpEsBmOaXHOhP851nWiAgIIYYeKcMbjNiTdHghjWndEEEf/flrV84mZtgEcKwR01yC4+FiTPceI0yNcIx99yoFb8G72u6f5KiH/fsbYV0otraEEmmMQcMpH3s3OgFjkVQQz0i6WETJHMjz8L1Sb8/iUm3nIt9W+y0xEftSeoJAJ3n5hGp0gayC+XV1pcDDRCVryBrMYzBhYBcrfYuiL6KaGrHGm2nfkhosDEVFcyA1D4xqXhC6Mndy6Uv4AMYBKAMq0opgkdqMDe5jAlmFyd/xSEZk8ySNlD+d64AZqETTc+MgZ1sh4dMNEeN5H9A291kTJIbRXzUP6GbP14lW3z1Meq0WxH0ijsDJHdHwu8u8LPu0D8m3FVHR4kWn0eLrYrYaGyRW0rfvdMvc3rVOGwGR/7e4P1py7/7q3TS2/6ZoHJDNptPF7K0XBbapSNjFBCpo/QT22vo3eBmw3WvG/CLPk7yAc47EmT64YP7zvvNaA9JcQWlx3r5oWT7lhYvgP3tcUFlWXXOcV4EN8CeAB7fOF3T2vU7HxM5CC+mBYFXydSh4a/yK40aR7C7HMLpNGDIZaLPk6GxsQbCrsqcAqc+BitSAUiTZ90cgAQf+V8iadZPLb/xYUnqhT8EwWrNB2af7PSX8oM6Ot8zXLaTfnxsQmq11FeNyUHxU32UhjnC0JsdXzL6i57VlLs0iWqkoHZO4ICtezkXbOeWapZGSecWdXlY+/4CURQDV8owqppos9GIEBBDr1IiXy6V5EoMW1cphEWIL+EqHCD7puYijvVMI9FjJwsJN5lpz556FaNIcB5tQXqeQ0GNpIxJkOmR6tLBH6BokbXoVq+atWVa56O2hegXmltc2LSZrWTaTEI1MAmR3hSxd0wcIOEPAj1ZHYTLLxo4HUa4Ks/lpgxWUYKAIzrVxo5YSRgm29P5ZOqt72DaqZe7PePoR6OPhzFJCe3SYlQ2Ofxcn4ArH7N5u1pwkomFJAgv7cEGNm8jZs+hZdx43fdu2bB8as8S7xGAQEYEMtFjb28TMgLT/RSZfTmjnWC04Ktf0E1oO9u7L+PrQ==,iv:0FTPt+bXgzOngxxFqoP1Sg12j0BMk4pJj5JIsHWPIuQ=,tag:tigFlF0LxzG8Za5+kbG4fA==,type:str] sops: age: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH - TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm - NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw - anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI - Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr - WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3 - NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv - S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX - SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 + cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H + RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz + cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 + oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR - VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE - WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1 - dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/ - gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh + bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu + S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH + M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl + puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU - RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ - TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU - MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F - UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV + cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP + L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 + dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 + s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu - cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj - VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ - UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P - wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 + Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 + SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs + NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY + Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== -----END AGE ENCRYPTED FILE----- - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy - VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq - L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4 - aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5 - a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 + a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi + SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh + Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP + vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy - cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx - T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91 - bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 - OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH + ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx + SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 + bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi + RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-19T14:09:27Z" - mac: ENC[AES256_GCM,data:tZ6QzVPivueZiC9Qfb3KNZAv02QatgHRNnlM+Y0iV4BZkYoBjxeDojutizvAMwUarnubUdk5I6m2OZK1mvVDZKXyI6zALX4JMeT2xYQWRHYzHpOygLhhGwTFVhV+0C4jN+eJFF2cNf9lu7NuZI9ylZSOY8I3YKUl+l0l3CkXUl4=,iv:JSGOUq+j9T/NXspn70dfu0J4ISV6vVFZUe/Z1CirrJk=,tag:Hm9N55f9qMc056nSTR1piw==,type:str] + lastmodified: "2025-07-05T11:01:02Z" + mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] pgp: - - created_at: "2025-11-11T17:51:25Z" + - created_at: "2025-07-10T23:51:25Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1 - 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu - AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn - dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD - 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p - 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763 - wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5 - zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH - HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr - hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0 - NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF - AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU - zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6 - H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm - +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT - iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD - Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm - kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq - eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r - tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ - RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5 - FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc - AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0 - YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc= - =R1dw + hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf + skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC + Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H + 6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX + Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK + XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI + ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu + wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK + jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG + 5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt + GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF + AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA + 4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T + ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ + panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ + 7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 + mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ + 3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 + Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 + RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE + yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs + YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc + Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 + Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= + =Enyz -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.10.2 diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index 52b8c15..f11e9d5 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -34,107 +34,98 @@ sops: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz - THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4 - ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F - T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh - EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ - YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO - UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z - Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF - MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 + TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j + d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx + cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl + H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl - ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz - aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr - QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9 - c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 + YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo + eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa + b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC + voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5 - cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n - ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo - cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH - rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 + ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm + WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV + czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl + hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s - YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ - d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D - RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP - OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y + RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 + YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ + cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR + 14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== -----END AGE ENCRYPTED FILE----- - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r - cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr - RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK - RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0 - MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL + N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR + VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF + cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn + l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== -----END AGE ENCRYPTED FILE----- - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj - bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX - T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj - ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn - /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX + Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq + UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK + amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 + v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr - RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0 - ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz - Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ - X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV + amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI + dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 + SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP + wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-03T15:12:52Z" mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] pgp: - - created_at: "2025-11-11T17:51:26Z" + - created_at: "2025-07-10T23:51:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw - OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9 - brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf - G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ - KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8 - nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu - cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D - 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi - 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio - 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j - GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF - AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD - PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+ - ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi - R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J - I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy - EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/ - 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN - fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL - yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k - PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl - XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B - u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH - +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z - =s+4A + hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz + rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm + 3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV + pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO + ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 + rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f + IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 + cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT + QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ + ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd + 0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF + AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl + IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 + 4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx + 6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P + QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs + m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP + X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc + emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe + ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p + yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT + xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je + AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA + IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== + =jNoq -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc index d6641b4..64a35db 100644 --- a/secrets/repo/globals.nix.enc +++ b/secrets/repo/globals.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:1nK/JO8sa+N6EXpyIHBnRapOXYbtM38jnNCf/j0wIOG+0uJvQEFc1e9gIFvuvmPUpUjh6XMuEKNxvLTjFlaLiypOX3yJVTn2fiyOWSm244wcye0GRPe+RWIi+1kEPrFDBEG2JFB+9iGSx0Vf2NfBPgaVFnr4Z2TTGH/kvxiTV6KYucWQNHh+jvVKZ6vAsCP2pFWp2yhpov9l5Tj6MwyK7E46Gn7DmCAtlZcA64Nht+99Zrrfuq8byan6w8RMFR830GJvdMAAD/Vsz/6aGQfHhpJwl4L8/4WwvhQq/DuU1umI1Q7r7FosXbos6g8wTWuM3ccD7V//tFDeVkaMKJzkLkQt0JbyzansijadTYjo0I1w15iH2nySBSIrsOJauBcw3XaP6NfAC3fN1lh/fDaj5HWud5v2ginWRfJNYalfMvTkXm2E5m8SXjanGJL1bHBle4TwEDNPT8+LFIJm8gf57rQRcRlh,iv:W3xvnTblM4Aa0dzDKiWqHM6B5zmu5ddk3D4tYAVNBiY=,tag:KelbYP9xbTmDaWiPrkS+Mw==,type:str]", + "data": "ENC[AES256_GCM,data:8qexHpKJg6o1Fb9H50I3H25UOpNFs2sQl2hd3B2hdJRTjc96aVgTgI838Fnn7G6mFBpHqP0SFCU0/CP6SKqbhJ6SucrfpQN/RqZlSCxmuZi3sqv3voNd7/5JzY0D/5XUTfzHkeEA34HS0GcNLLY7m+QskfJdqGSMB5P++88xCNETqv+sRPVegm1ZGttj+tttesLkAcIU0556WiQhyIcpR4ZiO75NWRFerOmb4LxADR+bwBfesfGUfjflsqOSJll17N9SECSWE7o75Ojn+yde/EznK+zQlsCYvPp90d2xU6dpdRNtp9jrjvXvEVCmcwjIqIKXqurc2CU=,iv:xBYgbmjHwhbH+7WR5MLVysrChxr6rERo6WZuu07sUS0=,tag:vMoMu9mrrGRTA3oO2wsnWw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-09T22:41:57Z", - "mac": "ENC[AES256_GCM,data:iHmgHvT3yn5ayimvO+miRA3dA/0o4juBvBzWIXwtZyt5gSI4oJizMbRaX5coVJgeDdPsYaiQFqSnEPrPmrMIR16jdmscQLvz7X1gtdanMP++5q13jWOkiUHPC2nZy47M+36bzC2P/BHqKE782ERTGnD70VZO4a1lOa7pB32NutY=,iv:oOn9x/xf5g82GXdZ9fDxgEiUScXXfzSdEZccqFQLF4w=,tag:iEhx2Hm0yP6G/1w6cIgHIg==,type:str]", + "lastmodified": "2025-07-22T17:19:04Z", + "mac": "ENC[AES256_GCM,data:r1h9ouXb8o8Vk3/l3SX6hxbPApMn4BcCIs52Jhv9s9RYURMGb9qqPipbX7yFIYDBMka2qJJ0BneJz2EI60nTxx+QqATImR2oot2U6iONrelgs+AL3We//xpHOVHSxQ9XMmeEOcVqXEU3u843jV1RElxarRCwB9yM6IWTPx2qNzA=,iv:bS571Ddgz6Fbhyxy2bL/087ZTD7egcvPoLXD9uF8aN0=,tag:HJBI6G6ivRHhJMXYrNhIKw==,type:str]", "pgp": [ { "created_at": "2025-07-02T12:10:18Z", @@ -37,6 +37,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.10.2" } } diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 48ee1ff..85d15f6 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]", + "data": "ENC[AES256_GCM,data:FMhv0WezQAH1OX7F2WlgdAEn54aAZtCXyFNP+8CboukwlL1+VzzcsjQK7/KJqXiHfIFHfn7N0P/y8tk2P+A2Ucbl1NYxj5IgfL7ohAACDhAVkofCM5CD4KcE1DoL4Ja56K6qkjlAi/t7NRv6tUYIr+NZqr2g70F0RQbgF1dkdpxW1JUNmreF5CnXDYtqz6+iMpekNXkj+wt/Zc9lQ/zW1fP4IH0C64SG+lFucpseOwP3YhvjFpzyT/11+uiStc6l2r+luNT8eJsaCYmcSqK5+1lJglIph1k4H+Xy1ccRHHeesy9+ySaGBP3h5uY9+JOdYe5fO9SYZt0cKO4Oic32Yq+uZ0Ldu0hPzDN4MMHsBP6lYidSXqs/kVgxEbPJ7T0RnQmFCVDhWE346HquZBfrGuxBOu2ifkxAFVHJyGaItOk2wlxcPDbU0P+t584CXlVIdGRS/mvW4xxXBCVlEi+QM8a4JcM7y1RJZV6S6R1DGC1nXgdscpcRGIfp6BcKPmSB2vZO8rx2qOMdUPS0FEOEVnHsvnwczGZHJuq6WjxvLNnzBH4gZtc30OKimlxXhQA6qyjupH7P65ayiFt9vvT/fFnYZr9aABc2xbSmqyJZS1wfvl5JMQWnUayigxfzYMdxuMC9+8SCykqXmy7hDlJeBBobSxdQUVhHAprY/sn+FOBzK5ZYb0wsavXI9w9sUSdQiU4XIxDb/FXJgs89FZ8p+uWQ1vFglF6XYR299LScIN7CsvLyGdk1idr08WCc92+9DSnSv9onM1UGD6IkSjMB3SoexuGa6Kj5yi5qyAOtvmMl8NwJn8Xh+gEE+FSUi+GAhh+aLvNbiIVPPmNXgI2+slUn6bzGDLk3NQMMeQ+JrX/SdT7q9Awxe9jtdsej4CGINrrTYKHsaPocVQkK6wpiQh8XbvxKoOV3UU3x9ouEVUjHrN06UbXWFXQSjEz5QXdtjpyTqxi6AaoL8M/yFTL4uB2ahPZ8bC17ZVq9eXwUtHIyKwClbTHTzlkJzr7lR7I1zWLtZIKy0pr8Si5DEkIuT7YCo5w5Pa3Z9DCkdAAL2t7TNTdrQo3H/iid7YKupfCeQxYYf836toX1Ff7jTCLtTEbfk3fOcbpu4uD0geWx4vI6V5lolJJ950ETnx+pq8EFVEk5D6VSfGo+Hl9c2xZ9UraYo9I0HzSSe12FSEVF/anKMVhBZGxdIxqCQQuu/FSNhkaFpmYpcEgodmFGQbAY0OworSg9ZnFWVMgQ33T/cna9Ene4AZ93DJaNrlzT8Jk0QIqCQjIIiZwUqPxABk0epNMLMZzZBJ/8nwN28YU5/pp4c+53RYPjMD4NlC/P+JXMxF+bidSOSYHb4Ucs1vIRljDSWumb46ZXoV+4sCBSdG0LjNVLkyx9P2vYhcw5G1KduSrUMY9VVOePcVQGYfsWjyi0nLyWadu9UUASafUwkOo2JoEjIdKWqg3zQRYIMr0GYp0Kf1EGVTPRPOApnbyLezDQsSnSZzakcJ1qDSFyLjlBMwoE5Rmndp+TS5kUEQaNeJQb56tTbDLWxlpgCoDgtfL5q+gjuVsjwkvUA9o9usBF+hndDl/fzs/ajR9q8V+hBS4j1AQROFRQhQv7vYdGA+Q3z18nTBheY2MgzpGBUwOEFuJJ+ndPANtVC7EIMz/rwKg7g777cwYLHyiJG1Rtj+45w1DmktS7sIyD0/RUt7ApF/v6PeMY+lVjXCKUfgNDaeiHQzKQpCF4+O4CThKa7Tg0keKI4fuJMoFEqZcfEr1TVEFg8AKcBzqdHMyUeUDyLIf2Sp7GJQXTbNA7TlCI5iABJ9McCK01RMqf/1Ew6NJfNDp1yjMd3NpozvAvMXIunmjUjKHzraW+gw/+z4XCq9ifALcKes3Y1R/tQmVfymnMGGoB3bErSIRIDA47IeR5OnrNVwrTM+l2Ew6jFBoWXH6pfaPj6SkdNgOEPp1mHlHf/x9YDBp2ZmtLAG3vlf4bXk0PQhNIb4bm71WyqqFiYwrI82o0Q+UocSxo/lNnLuvO3OxL1P9tp7OPi8kiB7G/D65qvE653xgXmo1OLk+RBJjhqSxBrPJTNbEcPhp36xjg4QtE9alC0XvzKaGUR9GawD6ZEmgE5payDSRXMPD1ZHx8dxr4wdJmxYFpwXFH8UheiKk2dhoGLkMoIempdsmteyaBh+qbeomXaq0+ihHAHkCtzQOc83cr5OS1tmcU1LbsHQ6ZMfBtpig/yWUdpGzFFTPPVKKx2+bWOkOW44IfkLsnAVjo0fvofnL6wuFBKVVF0bfQmlWBheR/VeVrwEjbxTfVOqRmBsliBSxzr5A5FsK5LGfzsyll/8IegLuE+412Kj3EZLVx3c+xq15oAh66/5JaiZ2C69azvb3gPr5NryLFqW0a5gxw1o3SiOA/L5mgzhqvFpf2+dfXLebahVpAYCpP+XLbYTuDiIbCJouUxBMWZgsmaIcwrGKecixLa0LtESsfLSi7F7jk37OlrOaR1gW0PHhYDfmXq0fqHPulthCWEbm76xSCbuLc9L5FI4Kc648WkxXXR8388mv4xIFAURcorse7DObygZSOx+BW8zynUs7NexXnT9OGa9vTB0OTWadOGXNSIL3LNCmoGNtxjfMCfl+CgAWFQxC2OkajkLxu2g0Ff9eEBNUQGrs8EzMB4wKPDHvtnNrezq0NMFsA7NDyl24taCXZ9jNtk6wsq2mWPW+BjvmlwK5Q8VgMXGLhxDXn4322s5NXDZc2GrafflDgAz8cdMWD1kwj7I+V1YRR4BjXikON3ZeDc3IkvW/ZPbIklr1IfAz5dZ6/pxo1TOHbfkxeS1/xW4+QnCBNznoxMH8QpPnm35Ch++Hl5raSegQ1iDGcGaTu7cG3f3E9sAI8J/x9xzps0kybF1B9ngyvLP+Y+sQ6plqaiWhrAtOtSvQIuZwIqJ6CLTVvGGN0CJVxWz/GU2cxL4ierNmSmni9MroSWz6U+M5K9P2rAQdskIwv0pcZ/esk0C/IHRZEs4DbaFBTVJoPk/8eMKBhxXmomAOm7SFRTp6LMD7OrD/ext2S4cWXbcnXY7WX4+R2GT4yCIo0au3/CLX6znK0o4ml8dH6FzClJCiWL9pc3tFbCh5iCiIGaCXFZmAM3NStD8XLKvqatFxgmK9I2jSN98eSSMU8MexiRtTttzza/7Nqj3/3nCM1Qw4sIEC+a8TWjHJeE/6tJ9JyAHEYZuhE9P3AbECwa7nIQB5NbKF/IDrHUN+fw7mKEPMgbMBQ1ITWg8Glmb2trzms2WlxIm071j+9jYEs/F/n9/mzX6/iyCRegmXUhN9rcPr34GQiw4uLrWKnRhHMQNwOMPVOG6MgPm9+eYBExY7Avl/Evscidd6uewc/+z1soTNIh0qjWS5R5ubgET+Y1G6B68dVrqLE9rA9Z3yIfcp8q/mal+qlkiSv9Vx8285CcM1H2nmXN40zGO3Ad9kVwsgzoHknIW9woUNly9GZeeSx6m5GCqAR7RFsNh6G0xYE7gtWoNs5xhGOyY7Dp+6XhYUPJQJF/kJkKmfFr/0nzXDjCqC2Fdc+OO5ao2nMod3uXFFUZBZzms0+RM0fcTwDLdaEkTw2q63ik4yRcBL7k5uMb7YTeZTitKFmaqPfq9DNgs+hItzDDAUBiJxbww40Z7O1kByg5J2PHU0Z0QJR5pXdMIwakLsKBIWZ7vVWGTmiPM46uRQSrdmjLUVCpanXk4OnRp2JA/Enhe76eASIN0rmHNLAPgzY5H8uhdAnlZ83RZ9qacOgQbjQ9s+rvUl+LpbxnZOolWcVnGUHZj/u11AVIz4VS6AB4g2rFpxSpt0welvuvngshOW+qpzIiw1k0oXsX4WkvxG4s7dwlfAUuYpJCU92EtSkF3z8qBSG35J6k156nXul/zIrxsYv8iuj7Oc5YwceqPhWNaysdRfueEgarfTdJiLisKqeWB8JTEFLDQCHDrbT8krWbbxe1e948grStUpx86BhQIB9bY3lleGgb8J3NNbU1qIltoVwxegECm2CyoA5NHJG5pLaaYBRlWlQC/VZMoo385DQL3k/Vsrn31qdNc50aPisQnqrKbqCdIcdG26VnXkJC9gyhHefzXwu+VkvJJ4eGBmRZF+eB7enzyjHaqjLXJJuk2drsDzWnuAGGA8Ys1KN/mJY4tF741Ba8rZmr/4BcPPRzR47PDOtBQsaI7RsdX+DoVsdgX6P8b3iVIuEm3DHjZlaeQDqFqrp/Q9gHEAjUmpa+zAk1wZ1XU5fw8YiKj3xP+/9pQ5QHqU+IkeZK7306b7rywI7PJf32QOfaSFPBiPI1NhQsBRoVbR5VKNiwK9nKA6fhxiWjvHqcCI8+MoxWhXbq2TwSfQLg91+NwzAUaH61xR1dQw55UAAUS0HfoZTSKqyyIffTNvF6ulRJITMtr6h1q0N8cVdZln0zTBT2k8uMvt5z5RFc58XpRhm8FXXx9LYtlMSdshVhYYyqepMOnhn/4UU25aqQ6swVmsyoJgFYM9ABXbMlFIGVivGEptHDEA5EFhfb6uPUHFmMKkT4rV4Uy8h0h2P8vEitCRZLW/VM3t14/2CN7IT5EQqmKyei+CdKHXiqJlb+Oi7bAATLiroIRoRdF9Ydp1nDRgU6XMxfv+60o2Cxkal2lSmM9YsCByLXY0Zefen0TNca/wndhuRkSJ/GVu2+E6OZtx9zfC0I/GDV4g8TfK3GLGINXBwifOrTcPTyaRgGmAO7OmhNES1pgEvebbeTJipVvq6PCGzVMARsQMF10eHvZQpgMjSq0mSSyccW4BF7PVF4013hgZuT3ZzHHN8zPUyRPifqyLYc3grL0ZOrY6zM+HWM0WvtE3T0u7psdxdxkqHWIxaCnbn3w8H/pqjBb5f6xWjC0auzM6lPtJ6zZ28TBuwSm2ovcOpeGVUx0iYMGLrRty6Iu02,iv:0rzvTEH041voxTfHnSlAfQx7SyBvcY6fUQxbmfqyGmA=,tag:CmyhGqlyXqI5o2H3T+otpw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-12T21:23:26Z", - "mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]", + "lastmodified": "2025-10-21T17:52:25Z", + "mac": "ENC[AES256_GCM,data:SNsmzPknGzx9H7baoKo8gKSac/86sW5em3MKyhYFUxfRhZEtkUwkzz6KwDgZ4YCBzUlLrToiLUICA6KPnkXDHhKBh+8dyyVlB8ISU3gDbozjwRNA78oatLlA4h5sa5RADLha9j7Fr9euy4rcrCmk6jpL26RmsiFZhzaAxhkal4s=,iv:hmRyoG9tW5Wl9AKxWDW4Hv9Qvb5zlM4Ktrk0Q8jsVxg=,tag:ofsjndQpjLmnCMvz1NTsCA==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", diff --git a/secrets/winters/secrets2.yaml b/secrets/winters/secrets2.yaml index 00ea63e..18deb9d 100644 --- a/secrets/winters/secrets2.yaml +++ b/secrets/winters/secrets2.yaml @@ -4,9 +4,6 @@ radicale-user: ENC[AES256_GCM,data:2G+WXxw6jrnPXsI=,iv:bUEhBDrdTt+O/4TXMkhmqnzfk prometheus-admin-hash: ENC[AES256_GCM,data:dUmTW6W419TzF8dLGcgRLlbLBg9puzgznNCrrAuNOIuhXCBrqaJdtyIVFCsnrDSEh1ZdMfGki4UERZcf,iv:XIlb65V6yhrKSU7AbRs6k1ISljZjWnAm1dPTCONwDJI=,tag:UkdDTywivitSxYR902uM5A==,type:str] snipe-it-appkey: ENC[AES256_GCM,data:VWEGKbCD5P3uxeyMVtK9a7BcVjXlXSEsJxfLEwkHz8l5o0Xq9lTbTpsfOoc=,iv:3nq+xuuujjevWdmk3SdBai/EWXwL4F3Kv4M3yc/faIM=,tag:/cNC/EKR1NWQhJrh46meCw==,type:str] snipe-it-db-password: ENC[AES256_GCM,data:O+LgX+XyJEaF+1oYcjyMpUab7AD7tWK3LBd+7VJOKq/Mz+k=,iv:yJgwlG/ln5BdwW2c62UJLIkrCWakKvj64LMQsjTIwJI=,tag:yw0rC1GJo+KMn1wXRdJomA==,type:str] -#ENC[AES256_GCM,data:jGvWDKbVKA==,iv:N4cMopsUPOfymKpMD7oB04VtS0cUX9yNNqwyWEdyMi4=,tag:L4PMmMcM1NCc8LPG6GJLMQ==,type:comment] -garage-admin-token: ENC[AES256_GCM,data:2N2kqXt7kraqMQEkDuNQN3SRiL2WKRA959Uc7HAdSlZcC2Ft06YUb+Elktw=,iv:dhAZoQBhvK07+wBpMEsI73YN2oX9dMthV3SaDWZgea4=,tag:0Pu0BDEYU9WYQQ1hJr8qFQ==,type:str] -garage-rpc-secret: ENC[AES256_GCM,data:s8qGCm8WM/pvX7wZJyenohMAHnNWrumUxyJvst194h2XPfpLBbKVZwZ5t4zkwqh0yJNgLqE+2ekwCxa/xKqemQ==,iv:zUo/x2LWS7b2E2kZHDfa6lAwxAcuNir5a+mg+ASDarE=,tag:XgBh3ajVDy0vWccX8yZXSg==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -18,8 +15,8 @@ sops: ZWxwbGs1bTNzdXVNSzhpNWVESGJlUzQKzZr3cYBF6s5ihgW/6CreOKWvQpqITrFX pW6gwbRbxaxDPRRdfn8qswcezxq5AwOk9drbOH+qgcwL2owRGxEhcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-05T14:55:44Z" - mac: ENC[AES256_GCM,data:nyz3jp/qV8bwgx0q6c7RmXtzdmwVrt8C6FU36qtzUm8tPlAd1K7MmgxRKFi85NqOu3XPII2OkwhNPRBOJuQOoXGfo27odfZl4riQ+any4GNarDZ5deZ54+kjgqyvP70dsm/tiZgZ8Fjwat4iLV+mqJYMS4OBl5krr5ocU+LY1pU=,iv:l56tIBgMog4HSxP9Fb4pWSD/z5FaPlHRkUYqlkhydzc=,tag:IT++kT0EncDzEEX4DdjW3g==,type:str] + lastmodified: "2025-08-24T13:27:33Z" + mac: ENC[AES256_GCM,data:1Eqt/uwVuGlihw04FMxrRDDSHMkEqeueEz3yFFpFcKCnOa2VAE2dlTr3a72NPHgLHGnKZvEwJBDq7kwxvB9vtE4360AdfCMd7tpoLCzO9W475nSsYk2En1uQIuZDwuPEg0DHF8+qeBfPerky2mLE7vM/zLdlJQGVRI/0+scLPVo=,iv:8A72UAeUdIZOZtwj5NK+SulnCqAUhe0CsLXLUubmGs4=,tag:sg5vntLuvL9Jx2J33soE9Q==,type:str] pgp: - created_at: "2025-06-28T23:22:37Z" enc: |- @@ -53,4 +50,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.10.2