diff --git a/checks/default.nix b/checks/default.nix
index 21ccf80..c89069f 100644
--- a/checks/default.nix
+++ b/checks/default.nix
@@ -26,7 +26,7 @@
build = _: nc: nc.config.system.build.toplevel;
in {
x86_64-linux = lib.mapAttrs build {
- inherit (self.nixosConfigurations) thinkpad mothership;
+ inherit (self.nixosConfigurations) picard;
};
aarch64-linux = {
inherit (self.nixosConfigurations) rock5b; #pbp;
diff --git a/flake.lock b/flake.lock
index 79e9249..fb30646 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,47 +20,24 @@
"type": "github"
}
},
- "alejandra": {
- "inputs": {
- "fenix": "fenix",
- "flakeCompat": "flakeCompat",
- "nixpkgs": [
- "nixpkgsUnstable"
- ]
- },
- "locked": {
- "lastModified": 1679679664,
- "narHash": "sha256-YSdHsJ73G7TEFzbmpZ2peuMefIa9/vNB2g+xdiyma3U=",
- "owner": "kamadorueda",
- "repo": "alejandra",
- "rev": "d00d03f0b45d2d1d6e0ae2d110c821b497d8fb09",
- "type": "github"
- },
- "original": {
- "owner": "kamadorueda",
- "repo": "alejandra",
- "type": "github"
- }
- },
"ccrEmacs": {
"inputs": {
- "emacs-overlay": "emacs-overlay",
"extra-package-agenix-el": "extra-package-agenix-el",
"extra-package-chatgpt": "extra-package-chatgpt",
"extra-package-combobulate": "extra-package-combobulate",
"extra-package-copilot": "extra-package-copilot",
- "extra-package-dracula-theme": "extra-package-dracula-theme",
"extra-package-indent-bars": "extra-package-indent-bars",
"extra-package-nix-ts-mode": "extra-package-nix-ts-mode",
+ "extra-package-notmuch-notify": "extra-package-notmuch-notify",
"flake-parts": "flake-parts",
- "nixpkgs": "nixpkgs_3"
+ "nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1697107555,
- "narHash": "sha256-AWLVyjzPcuvb8ZeHA4mdmuKp2qLxAYT5SO3TlPg7/Ks=",
+ "lastModified": 1701806849,
+ "narHash": "sha256-xt50GF8HQHv220EpncCvPzWwUo7OEtpLMtji6mmGbn4=",
"owner": "aciceri",
"repo": "emacs",
- "rev": "122a0b4e70513382ba7c251e0296c333096dbc3a",
+ "rev": "f4619e1a2bb981640d223096a9f1682fed8ea5a8",
"type": "github"
},
"original": {
@@ -69,69 +46,6 @@
"type": "github"
}
},
- "colmena": {
- "inputs": {
- "flake-compat": "flake-compat",
- "flake-utils": "flake-utils_2",
- "nixpkgs": [
- "nixpkgsUnstable"
- ],
- "stable": [
- "nixpkgsStable"
- ]
- },
- "locked": {
- "lastModified": 1675730932,
- "narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
- "owner": "zhaofengli",
- "repo": "colmena",
- "rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
- "type": "github"
- },
- "original": {
- "owner": "zhaofengli",
- "repo": "colmena",
- "type": "github"
- }
- },
- "comma": {
- "inputs": {
- "flake-compat": "flake-compat_2",
- "naersk": "naersk",
- "nixpkgs": "nixpkgs_4",
- "utils": "utils"
- },
- "locked": {
- "lastModified": 1678129879,
- "narHash": "sha256-OonKO7D6xuNf9S6SvxWYzZXNOfoUw5ZEymfC5UmZT7Y=",
- "owner": "nix-community",
- "repo": "comma",
- "rev": "87f7d49716271cb48fb46f939e9f272f202a3728",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "comma",
- "type": "github"
- }
- },
- "crane": {
- "flake": false,
- "locked": {
- "lastModified": 1681175776,
- "narHash": "sha256-7SsUy9114fryHAZ8p1L6G6YSu7jjz55FddEwa2U8XZc=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "445a3d222947632b5593112bb817850e8a9cf737",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "ref": "v0.12.1",
- "repo": "crane",
- "type": "github"
- }
- },
"darwin": {
"inputs": {
"nixpkgs": [
@@ -154,28 +68,6 @@
"type": "github"
}
},
- "deadnix": {
- "inputs": {
- "naersk": "naersk_2",
- "nixpkgs": [
- "nixpkgsUnstable"
- ],
- "utils": "utils_2"
- },
- "locked": {
- "lastModified": 1679999989,
- "narHash": "sha256-MADJl5GzavdX1CiXXBaoXqrD+aMUMZ8+bXTpqqWiPDw=",
- "owner": "astro",
- "repo": "deadnix",
- "rev": "a6d768c5d54e391b87d3d1eaea0d81703d2b5649",
- "type": "github"
- },
- "original": {
- "owner": "astro",
- "repo": "deadnix",
- "type": "github"
- }
- },
"devshell": {
"flake": false,
"locked": {
@@ -199,11 +91,11 @@
]
},
"locked": {
- "lastModified": 1684783210,
- "narHash": "sha256-hxRbwwBTu1G1u1EdI9nEo/n4HIsQIfNi+2BQ1nEoj/o=",
+ "lastModified": 1700927249,
+ "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
"owner": "nix-community",
"repo": "disko",
- "rev": "f0b9f374bb42fdcd57baa7d4448ac5d4788226bd",
+ "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
"type": "github"
},
"original": {
@@ -215,18 +107,18 @@
"dream2nix": {
"inputs": {
"devshell": "devshell",
- "flake-compat": "flake-compat_3",
+ "flake-compat": "flake-compat",
"flake-parts": "flake-parts_2",
"nix-unit": "nix-unit",
- "nixpkgs": "nixpkgs_5",
+ "nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
- "lastModified": 1697064937,
- "narHash": "sha256-yZ5OlQkPnNUDnEzUY/Su2gu52i1+w7h5HHK/kBk5oUg=",
+ "lastModified": 1699079794,
+ "narHash": "sha256-7qSVnJTrGgvNlogOmKpKkAaZMDs/0F5dOu9r9FtFql0=",
"owner": "nix-community",
"repo": "dream2nix",
- "rev": "1caf997f694c3144ed8fa6752c4af36d1e68851c",
+ "rev": "0ed0a765d6047b372b8c193417036d6fc681cc48",
"type": "github"
},
"original": {
@@ -235,132 +127,6 @@
"type": "github"
}
},
- "dream2nix_2": {
- "inputs": {
- "all-cabal-json": [
- "helix",
- "nci"
- ],
- "crane": "crane",
- "devshell": [
- "helix",
- "nci"
- ],
- "drv-parts": "drv-parts",
- "flake-compat": "flake-compat_4",
- "flake-parts": [
- "helix",
- "nci",
- "parts"
- ],
- "flake-utils-pre-commit": [
- "helix",
- "nci"
- ],
- "ghc-utils": [
- "helix",
- "nci"
- ],
- "gomod2nix": [
- "helix",
- "nci"
- ],
- "mach-nix": [
- "helix",
- "nci"
- ],
- "nix-pypi-fetcher": [
- "helix",
- "nci"
- ],
- "nixpkgs": [
- "helix",
- "nci",
- "nixpkgs"
- ],
- "nixpkgsV1": "nixpkgsV1",
- "poetry2nix": [
- "helix",
- "nci"
- ],
- "pre-commit-hooks": [
- "helix",
- "nci"
- ],
- "pruned-racket-catalog": [
- "helix",
- "nci"
- ]
- },
- "locked": {
- "lastModified": 1683212002,
- "narHash": "sha256-EObtqyQsv9v+inieRY5cvyCMCUI5zuU5qu+1axlJCPM=",
- "owner": "nix-community",
- "repo": "dream2nix",
- "rev": "fbfb09d2ab5ff761d822dd40b4a1def81651d096",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "dream2nix",
- "type": "github"
- }
- },
- "drv-parts": {
- "inputs": {
- "flake-compat": [
- "helix",
- "nci",
- "dream2nix",
- "flake-compat"
- ],
- "flake-parts": [
- "helix",
- "nci",
- "dream2nix",
- "flake-parts"
- ],
- "nixpkgs": [
- "helix",
- "nci",
- "dream2nix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1680698112,
- "narHash": "sha256-FgnobN/DvCjEsc0UAZEAdPLkL4IZi2ZMnu2K2bUaElc=",
- "owner": "davhau",
- "repo": "drv-parts",
- "rev": "e8c2ec1157dc1edb002989669a0dbd935f430201",
- "type": "github"
- },
- "original": {
- "owner": "davhau",
- "repo": "drv-parts",
- "type": "github"
- }
- },
- "emacs-overlay": {
- "inputs": {
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs_2",
- "nixpkgs-stable": "nixpkgs-stable"
- },
- "locked": {
- "lastModified": 1694602127,
- "narHash": "sha256-8lcpkk35COSkygePlvsOtSpR7tZx1SIgxdltZ0UZvXM=",
- "owner": "nix-community",
- "repo": "emacs-overlay",
- "rev": "b99f00b0bc835dd490b455c8df0bab2acc16021c",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "emacs-overlay",
- "type": "github"
- }
- },
"extra-package-agenix-el": {
"flake": false,
"locked": {
@@ -425,22 +191,6 @@
"type": "github"
}
},
- "extra-package-dracula-theme": {
- "flake": false,
- "locked": {
- "lastModified": 1695902551,
- "narHash": "sha256-uP3icMS0MP4j1Y7ivpMQZv0jLRh7CaRpG8NCn3vLnbE=",
- "owner": "aciceri",
- "repo": "dracula-emacs",
- "rev": "25c2623e65817b5902b7ef74d1e8bafafa9d5a48",
- "type": "github"
- },
- "original": {
- "owner": "aciceri",
- "repo": "dracula-emacs",
- "type": "github"
- }
- },
"extra-package-indent-bars": {
"flake": false,
"locked": {
@@ -474,6 +224,22 @@
"type": "github"
}
},
+ "extra-package-notmuch-notify": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1615303739,
+ "narHash": "sha256-7REFHQ5+cCK7EGIvs2CnoWu9a7WPxX4W6eFql2nNYP8=",
+ "owner": "firmart",
+ "repo": "notmuch-notify",
+ "rev": "c10012e38b0093bc3a304b90a30dd09c81b3eb75",
+ "type": "github"
+ },
+ "original": {
+ "owner": "firmart",
+ "repo": "notmuch-notify",
+ "type": "github"
+ }
+ },
"fan-control": {
"flake": false,
"locked": {
@@ -490,58 +256,14 @@
"type": "github"
}
},
- "fenix": {
- "inputs": {
- "nixpkgs": [
- "alejandra",
- "nixpkgs"
- ],
- "rust-analyzer-src": "rust-analyzer-src"
- },
- "locked": {
- "lastModified": 1668234453,
- "narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=",
- "owner": "nix-community",
- "repo": "fenix",
- "rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "fenix",
- "type": "github"
- }
- },
- "fenix_2": {
- "inputs": {
- "nixpkgs": [
- "statix",
- "nixpkgs"
- ],
- "rust-analyzer-src": "rust-analyzer-src_2"
- },
- "locked": {
- "lastModified": 1645251813,
- "narHash": "sha256-cQ66tGjnZclBCS3nD26mZ5fUH+3/HnysGffBiWXUSHk=",
- "owner": "nix-community",
- "repo": "fenix",
- "rev": "9892337b588c38ec59466a1c89befce464aae7f8",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "fenix",
- "type": "github"
- }
- },
"flake-compat": {
"flake": false,
"locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@@ -551,86 +273,6 @@
}
},
"flake-compat_2": {
- "flake": false,
- "locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_3": {
- "flake": false,
- "locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_4": {
- "flake": false,
- "locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_5": {
- "flake": false,
- "locked": {
- "lastModified": 1668681692,
- "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "009399224d5e398d03b22badca40a37ac85412a1",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_6": {
- "flake": false,
- "locked": {
- "lastModified": 1668681692,
- "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "009399224d5e398d03b22badca40a37ac85412a1",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -687,7 +329,7 @@
},
"flake-parts_3": {
"inputs": {
- "nixpkgs-lib": "nixpkgs-lib_4"
+ "nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1685662779,
@@ -726,25 +368,7 @@
},
"flake-parts_5": {
"inputs": {
- "nixpkgs-lib": "nixpkgs-lib_5"
- },
- "locked": {
- "lastModified": 1685662779,
- "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-parts_6": {
- "inputs": {
- "nixpkgs-lib": "nixpkgs-lib_6"
+ "nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1678379998,
@@ -764,39 +388,6 @@
"inputs": {
"systems": "systems"
},
- "locked": {
- "lastModified": 1694529238,
- "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
- "locked": {
- "lastModified": 1659877975,
- "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_3": {
- "inputs": {
- "systems": "systems_2"
- },
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
@@ -811,57 +402,7 @@
"type": "github"
}
},
- "flake-utils_4": {
- "inputs": {
- "systems": "systems_3"
- },
- "locked": {
- "lastModified": 1681202837,
- "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_5": {
- "inputs": {
- "systems": "systems_4"
- },
- "locked": {
- "lastModified": 1687709756,
- "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_6": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "id": "flake-utils",
- "type": "indirect"
- }
- },
- "flake-utils_7": {
+ "flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -876,22 +417,6 @@
"type": "github"
}
},
- "flakeCompat": {
- "flake": false,
- "locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
"flakeParts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
@@ -911,28 +436,6 @@
}
},
"gitignore": {
- "inputs": {
- "nixpkgs": [
- "nom",
- "pre-commit-hooks",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1660459072,
- "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "type": "github"
- }
- },
- "gitignore_2": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
@@ -969,32 +472,11 @@
"type": "github"
}
},
- "helix": {
- "inputs": {
- "nci": "nci",
- "nixpkgs": "nixpkgs_6",
- "parts": "parts_2",
- "rust-overlay": "rust-overlay"
- },
- "locked": {
- "lastModified": 1685289082,
- "narHash": "sha256-fryIaVSDYZAZWxlBQwldxGjINJnHh27DQRabOIx/oYI=",
- "owner": "helix-editor",
- "repo": "helix",
- "rev": "3334e7e4b2181590ddfa9aa72a19429b9b2381ea",
- "type": "github"
- },
- "original": {
- "owner": "helix-editor",
- "repo": "helix",
- "type": "github"
- }
- },
"hercules-ci-agent": {
"inputs": {
"flake-parts": "flake-parts_4",
"haskell-flake": "haskell-flake",
- "nixpkgs": "nixpkgs_7"
+ "nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1686721748,
@@ -1013,7 +495,7 @@
"inputs": {
"flake-parts": "flake-parts_3",
"hercules-ci-agent": "hercules-ci-agent",
- "nixpkgs": "nixpkgs_8"
+ "nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1686830987,
@@ -1057,11 +539,11 @@
]
},
"locked": {
- "lastModified": 1694585439,
- "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=",
+ "lastModified": 1701728041,
+ "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "a0ddf43b6268f1717afcda54133dea30435eb178",
+ "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github"
},
"original": {
@@ -1108,114 +590,6 @@
"type": "github"
}
},
- "mk-naked-shell": {
- "flake": false,
- "locked": {
- "lastModified": 1681286841,
- "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
- "owner": "yusdacra",
- "repo": "mk-naked-shell",
- "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
- "type": "github"
- },
- "original": {
- "owner": "yusdacra",
- "repo": "mk-naked-shell",
- "type": "github"
- }
- },
- "naersk": {
- "inputs": {
- "nixpkgs": [
- "comma",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1662220400,
- "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
- "owner": "nix-community",
- "repo": "naersk",
- "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "master",
- "repo": "naersk",
- "type": "github"
- }
- },
- "naersk_2": {
- "inputs": {
- "nixpkgs": [
- "deadnix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1671096816,
- "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
- "owner": "nix-community",
- "repo": "naersk",
- "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "master",
- "repo": "naersk",
- "type": "github"
- }
- },
- "nci": {
- "inputs": {
- "dream2nix": "dream2nix_2",
- "mk-naked-shell": "mk-naked-shell",
- "nixpkgs": [
- "helix",
- "nixpkgs"
- ],
- "parts": "parts",
- "rust-overlay": [
- "helix",
- "rust-overlay"
- ]
- },
- "locked": {
- "lastModified": 1683699050,
- "narHash": "sha256-UWKQpzVcSshB+sU2O8CCHjOSTQrNS7Kk9V3+UeBsJpg=",
- "owner": "yusdacra",
- "repo": "nix-cargo-integration",
- "rev": "ed27173cd1b223f598343ea3c15aacb1d140feac",
- "type": "github"
- },
- "original": {
- "owner": "yusdacra",
- "repo": "nix-cargo-integration",
- "type": "github"
- }
- },
- "nil": {
- "inputs": {
- "flake-utils": "flake-utils_5",
- "nixpkgs": "nixpkgs_9",
- "rust-overlay": "rust-overlay_2"
- },
- "locked": {
- "lastModified": 1691372739,
- "narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
- "owner": "oxalica",
- "repo": "nil",
- "rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "nil",
- "type": "github"
- }
- },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -1238,28 +612,6 @@
"type": "github"
}
},
- "nix-serve-ng": {
- "inputs": {
- "flake-compat": "flake-compat_5",
- "nixpkgs": [
- "nixpkgsUnstable"
- ],
- "utils": "utils_3"
- },
- "locked": {
- "lastModified": 1677512347,
- "narHash": "sha256-SoJJ3rMtDMfUzBSzuGMY538HDIj/s8bPf8CjIkpqY2w=",
- "owner": "aristanetworks",
- "repo": "nix-serve-ng",
- "rev": "dabf46d65d8e3be80fa2eacd229eb3e621add4bd",
- "type": "github"
- },
- "original": {
- "owner": "aristanetworks",
- "repo": "nix-serve-ng",
- "type": "github"
- }
- },
"nix-unit": {
"inputs": {
"flake-parts": [
@@ -1287,79 +639,6 @@
"type": "github"
}
},
- "nixd": {
- "inputs": {
- "flake-parts": "flake-parts_5",
- "nixpkgs": "nixpkgs_10"
- },
- "locked": {
- "lastModified": 1697038389,
- "narHash": "sha256-hbzFPXyQQxJObRdb+CsylUXii29UfFV7866WWgWYs6Y=",
- "owner": "nix-community",
- "repo": "nixd",
- "rev": "29904e121cc775e7caaf4fffa6bc7da09376a43b",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nixd",
- "type": "github"
- }
- },
- "nixlib": {
- "locked": {
- "lastModified": 1680397293,
- "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
- "owner": "nix-community",
- "repo": "nixpkgs.lib",
- "rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nixpkgs.lib",
- "type": "github"
- }
- },
- "nixos-generators": {
- "inputs": {
- "nixlib": "nixlib",
- "nixpkgs": [
- "nixpkgsUnstable"
- ]
- },
- "locked": {
- "lastModified": 1680764424,
- "narHash": "sha256-2tNAE9zWbAK3JvQnhlnB1uzHzhwbA9zF6A17CoTjnbk=",
- "owner": "nix-community",
- "repo": "nixos-generators",
- "rev": "15ae4065acbf414989a8677097804326fe7c0532",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nixos-generators",
- "type": "github"
- }
- },
- "nixos-vscode-server": {
- "inputs": {
- "nixpkgs": "nixpkgs_11"
- },
- "locked": {
- "lastModified": 1676501444,
- "narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=",
- "owner": "msteen",
- "repo": "nixos-vscode-server",
- "rev": "57f1716bc625d2892579294cc207956679e3d94c",
- "type": "github"
- },
- "original": {
- "owner": "msteen",
- "repo": "nixos-vscode-server",
- "type": "github"
- }
- },
"nixosHardware": {
"locked": {
"lastModified": 1697100850,
@@ -1446,11 +725,11 @@
"nixpkgs-lib_3": {
"locked": {
"dir": "lib",
- "lastModified": 1682879489,
- "narHash": "sha256-sASwo8gBt7JDnOOstnps90K1wxmVfyhsTPPNTGBPjjg=",
+ "lastModified": 1685564631,
+ "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "da45bf6ec7bbcc5d1e14d3795c025199f28e0de0",
+ "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
"type": "github"
},
"original": {
@@ -1462,42 +741,6 @@
}
},
"nixpkgs-lib_4": {
- "locked": {
- "dir": "lib",
- "lastModified": 1685564631,
- "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
- "type": "github"
- },
- "original": {
- "dir": "lib",
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-lib_5": {
- "locked": {
- "dir": "lib",
- "lastModified": 1685564631,
- "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
- "type": "github"
- },
- "original": {
- "dir": "lib",
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-lib_6": {
"locked": {
"dir": "lib",
"lastModified": 1678375444,
@@ -1515,61 +758,29 @@
"type": "github"
}
},
- "nixpkgs-stable": {
- "locked": {
- "lastModified": 1694499547,
- "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-23.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable_2": {
- "locked": {
- "lastModified": 1671271954,
- "narHash": "sha256-cSvu+bnvN08sOlTBWbBrKaBHQZq8mvk8bgpt0ZJ2Snc=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "d513b448cc2a6da2c8803e3c197c9fc7e67b19e3",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-22.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nixpkgsStable": {
"locked": {
- "lastModified": 1689956312,
- "narHash": "sha256-NV9yamMhE5jgz+ZSM2IgXeYqOvmGIbIIJ+AFIhfD7Ek=",
+ "lastModified": 1701539137,
+ "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967",
+ "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.05",
+ "ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgsUnstable": {
"locked": {
- "lastModified": 1695644571,
- "narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
+ "lastModified": 1701436327,
+ "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "6500b4580c2a1f3d0f980d32d285739d8e156d92",
+ "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
"type": "github"
},
"original": {
@@ -1579,89 +790,13 @@
"type": "github"
}
},
- "nixpkgsV1": {
- "locked": {
- "lastModified": 1678500271,
- "narHash": "sha256-tRBLElf6f02HJGG0ZR7znMNFv/Uf7b2fFInpTHiHaSE=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "5eb98948b66de29f899c7fe27ae112a47964baf8",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-22.11",
- "type": "indirect"
- }
- },
- "nixpkgs_10": {
- "locked": {
- "lastModified": 1686398752,
- "narHash": "sha256-nGWNQVhSw4VSL+S0D0cbrNR9vs9Bq7rlYR+1K5f5j6w=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "a30520bf8eabf8a5c37889d661e67a2dbcaa59e6",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_11": {
- "locked": {
- "lastModified": 1672441588,
- "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "type": "indirect"
- }
- },
- "nixpkgs_12": {
- "locked": {
- "lastModified": 1675942811,
- "narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "724bfc0892363087709bd3a5a1666296759154b1",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-unstable",
- "type": "indirect"
- }
- },
- "nixpkgs_13": {
- "locked": {
- "lastModified": 1678470307,
- "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "0c4800d579af4ed98ecc47d464a5e7b0870c4b1f",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nixpkgs_2": {
"locked": {
- "lastModified": 1694422566,
- "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
+ "lastModified": 1698318101,
+ "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
+ "rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
"type": "github"
},
"original": {
@@ -1672,38 +807,6 @@
}
},
"nixpkgs_3": {
- "locked": {
- "lastModified": 1694422566,
- "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_4": {
- "locked": {
- "lastModified": 1663235518,
- "narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_5": {
"locked": {
"lastModified": 1696604326,
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
@@ -1718,23 +821,7 @@
"type": "indirect"
}
},
- "nixpkgs_6": {
- "locked": {
- "lastModified": 1683408522,
- "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_7": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1686501370,
"narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=",
@@ -1750,7 +837,7 @@
"type": "github"
}
},
- "nixpkgs_8": {
+ "nixpkgs_5": {
"locked": {
"lastModified": 1686804192,
"narHash": "sha256-+VyQUManoec9GcNAS10HM83DkvFuS8IB/efIfSbNU5A=",
@@ -1765,42 +852,22 @@
"type": "github"
}
},
- "nixpkgs_9": {
+ "nixpkgs_6": {
"locked": {
- "lastModified": 1690441914,
- "narHash": "sha256-Ac+kJQ5z9MDAMyzSc0i0zJDx2i3qi9NjlW5Lz285G/I=",
+ "lastModified": 1678470307,
+ "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "db8672b8d0a2593c2405aed0c1dfa64b2a2f428f",
+ "rev": "0c4800d579af4ed98ecc47d464a5e7b0870c4b1f",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
- "nom": {
- "inputs": {
- "flake-utils": "flake-utils_6",
- "nixpkgs": "nixpkgs_12",
- "pre-commit-hooks": "pre-commit-hooks_2"
- },
- "locked": {
- "lastModified": 1678485798,
- "narHash": "sha256-JbMEujzzzH9OQ8FSfJ9XP6j9wNoogB/ndj92ZFh9nhY=",
- "owner": "maralorn",
- "repo": "nix-output-monitor",
- "rev": "e6e9afee53969418954cd01b02b1cd56fdbf8ab7",
- "type": "github"
- },
- "original": {
- "owner": "maralorn",
- "repo": "nix-output-monitor",
- "type": "github"
- }
- },
"nur": {
"locked": {
"lastModified": 1693819787,
@@ -1832,49 +899,9 @@
"type": "gitlab"
}
},
- "parts": {
- "inputs": {
- "nixpkgs-lib": [
- "helix",
- "nci",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1683560683,
- "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "006c75898cf814ef9497252b022e91c946ba8e17",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "parts_2": {
- "inputs": {
- "nixpkgs-lib": "nixpkgs-lib_3"
- },
- "locked": {
- "lastModified": 1683560683,
- "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "006c75898cf814ef9497252b022e91c946ba8e17",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
"pre-commit-hooks": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils",
"nixpkgs": [
"dream2nix",
"nixpkgs"
@@ -1896,37 +923,9 @@
},
"pre-commit-hooks_2": {
"inputs": {
- "flake-compat": "flake-compat_6",
- "flake-utils": [
- "nom",
- "flake-utils"
- ],
+ "flake-compat": "flake-compat_2",
+ "flake-utils": "flake-utils_2",
"gitignore": "gitignore",
- "nixpkgs": [
- "nom",
- "nixpkgs"
- ],
- "nixpkgs-stable": "nixpkgs-stable_2"
- },
- "locked": {
- "lastModified": 1672050129,
- "narHash": "sha256-GBQMcvJUSwAVOpDjVKzB6D5mmHI7Y4nFw+04bnS9QrM=",
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "rev": "67d98f02443b9928bc77f1267741dcfdd3d7b65c",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "type": "github"
- }
- },
- "pre-commit-hooks_3": {
- "inputs": {
- "flake-compat": "flake-compat_7",
- "flake-utils": "flake-utils_7",
- "gitignore": "gitignore_2",
"nixpkgs": [
"nixpkgsUnstable"
],
@@ -1951,9 +950,9 @@
"rock5b": {
"inputs": {
"fan-control": "fan-control",
- "flake-parts": "flake-parts_6",
+ "flake-parts": "flake-parts_5",
"kernel-src": "kernel-src",
- "nixpkgs": "nixpkgs_13",
+ "nixpkgs": "nixpkgs_6",
"nixpkgs-kernel": "nixpkgs-kernel",
"panfork": "panfork",
"tow-boot": "tow-boot",
@@ -1976,136 +975,22 @@
"root": {
"inputs": {
"agenix": "agenix",
- "alejandra": "alejandra",
"ccrEmacs": "ccrEmacs",
- "colmena": "colmena",
- "comma": "comma",
- "deadnix": "deadnix",
"disko": "disko",
"dream2nix": "dream2nix",
"flakeParts": "flakeParts",
- "helix": "helix",
"hercules-ci-effects": "hercules-ci-effects",
"homeManager": "homeManager",
"homeManagerGitWorkspace": "homeManagerGitWorkspace",
- "nil": "nil",
- "nix-serve-ng": "nix-serve-ng",
- "nixd": "nixd",
- "nixos-generators": "nixos-generators",
- "nixos-vscode-server": "nixos-vscode-server",
"nixosHardware": "nixosHardware",
"nixpkgsStable": "nixpkgsStable",
"nixpkgsUnstable": "nixpkgsUnstable",
- "nom": "nom",
"nur": "nur",
- "pre-commit-hooks": "pre-commit-hooks_3",
+ "pre-commit-hooks": "pre-commit-hooks_2",
"rock5b": "rock5b",
- "statix": "statix",
"treefmt-nix": "treefmt-nix_3"
}
},
- "rust-analyzer-src": {
- "flake": false,
- "locked": {
- "lastModified": 1668182250,
- "narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=",
- "owner": "rust-lang",
- "repo": "rust-analyzer",
- "rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78",
- "type": "github"
- },
- "original": {
- "owner": "rust-lang",
- "ref": "nightly",
- "repo": "rust-analyzer",
- "type": "github"
- }
- },
- "rust-analyzer-src_2": {
- "flake": false,
- "locked": {
- "lastModified": 1645205556,
- "narHash": "sha256-e4lZW3qRyOEJ+vLKFQP7m2Dxh5P44NrnekZYLxlucww=",
- "owner": "rust-analyzer",
- "repo": "rust-analyzer",
- "rev": "acf5874b39f3dc5262317a6074d9fc7285081161",
- "type": "github"
- },
- "original": {
- "owner": "rust-analyzer",
- "ref": "nightly",
- "repo": "rust-analyzer",
- "type": "github"
- }
- },
- "rust-overlay": {
- "inputs": {
- "flake-utils": "flake-utils_4",
- "nixpkgs": [
- "helix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1683771545,
- "narHash": "sha256-we0GYcKTo2jRQGmUGrzQ9VH0OYAUsJMCsK8UkF+vZUA=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "c57e210faf68e5d5386f18f1b17ad8365d25e4ed",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "rust-overlay_2": {
- "inputs": {
- "flake-utils": [
- "nil",
- "flake-utils"
- ],
- "nixpkgs": [
- "nil",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1688783586,
- "narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "7a29283cc242c2486fc67f60b431ef708046d176",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "statix": {
- "inputs": {
- "fenix": "fenix_2",
- "nixpkgs": [
- "nixpkgsUnstable"
- ]
- },
- "locked": {
- "lastModified": 1676888642,
- "narHash": "sha256-C73LOMVVCkeL0jA5xN7klLEDEB4NkuiATEJY4A/tIyM=",
- "owner": "nerdypepper",
- "repo": "statix",
- "rev": "3c7136a23f444db252a556928c1489869ca3ab4e",
- "type": "github"
- },
- "original": {
- "owner": "nerdypepper",
- "repo": "statix",
- "type": "github"
- }
- },
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -2121,51 +1006,6 @@
"type": "github"
}
},
- "systems_2": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_3": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_4": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"tow-boot": {
"flake": false,
"locked": {
@@ -2245,51 +1085,6 @@
"repo": "treefmt-nix",
"type": "github"
}
- },
- "utils": {
- "locked": {
- "lastModified": 1659877975,
- "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "utils_2": {
- "locked": {
- "lastModified": 1678901627,
- "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "utils_3": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 72f78d1..5289748 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,7 +4,7 @@
inputs = {
flakeParts.url = "github:hercules-ci/flake-parts";
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
- nixpkgsStable.url = "github:NixOS/nixpkgs/nixos-23.05";
+ nixpkgsStable.url = "github:NixOS/nixpkgs/nixos-23.11";
nixosHardware.url = "github:NixOS/nixos-hardware";
homeManager = {
url = "github:nix-community/home-manager";
@@ -28,47 +28,13 @@
};
nur.url = "github:nix-community/NUR";
agenix.url = "github:ryantm/agenix";
- comma.url = "github:nix-community/comma";
rock5b.url = "github:aciceri/rock5b-nixos";
ccrEmacs.url = "github:aciceri/emacs";
# ccrEmacs.url = "/home/ccr/.config/emacs";
- colmena = {
- url = "github:zhaofengli/colmena";
- inputs = {
- nixpkgs.follows = "nixpkgsUnstable";
- stable.follows = "nixpkgsStable";
- };
- };
- nix-serve-ng = {
- url = "github:aristanetworks/nix-serve-ng";
- inputs.nixpkgs.follows = "nixpkgsUnstable";
- };
- nixos-generators = {
- url = "github:nix-community/nixos-generators";
- inputs.nixpkgs.follows = "nixpkgsUnstable";
- };
- # hydra.url = "github:NixOS/hydra";
- nixos-vscode-server.url = "github:msteen/nixos-vscode-server";
- helix.url = "github:helix-editor/helix";
- nil.url = "github:oxalica/nil";
- nixd.url = "github:nix-community/nixd";
- nom.url = "github:maralorn/nix-output-monitor";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgsUnstable";
};
- statix = {
- url = "github:nerdypepper/statix";
- inputs.nixpkgs.follows = "nixpkgsUnstable";
- };
- deadnix = {
- url = "github:astro/deadnix";
- inputs.nixpkgs.follows = "nixpkgsUnstable";
- };
- alejandra = {
- url = "github:kamadorueda/alejandra";
- inputs.nixpkgs.follows = "nixpkgsUnstable";
- };
hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects";
dream2nix.url = "github:nix-community/dream2nix";
};
diff --git a/hmModules/email/default.nix b/hmModules/email/default.nix
index 3b64fe5..d3b9d2a 100644
--- a/hmModules/email/default.nix
+++ b/hmModules/email/default.nix
@@ -3,28 +3,14 @@
secrets,
...
}: {
- # home.packages = with pkgs; [mu];
- # programs.mbsync.enable = true;
- # programs.msmtp.enable = true;
- # programs.notmuch = {
- # enable = true;
- # hooks = {
- # preNew = "mbsync --all";
- # };
- # };
- # services = {
- # mbsync = {
- # enable = false;
- # # FIXME this requires `pass` every 5 minutes that run `pinentry`
- # frequency = "*:0/15";
- # preExec = "${pkgs.isync}/bin/mbsync -Ha";
- # # First time run: mu init --maildir ~/.mail --my-address andrea.ciceri@autistici.org
- # # TODO Nixify this
- # postExec = "${pkgs.mu}/bin/mu index";
- # };
- # };
+ programs.mbsync.enable = true;
+ programs.msmtp.enable = true;
+ programs.notmuch = {
+ enable = true;
+ hooks.preNew = "mbsync --all";
+ };
+ services.mbsync.enable = true;
accounts.email = {
- # maildirBasePath = ".mail";
accounts.autistici = {
address = "andrea.ciceri@autistici.org";
gpg = {
@@ -35,12 +21,12 @@
host = "mail.autistici.org";
port = 993;
};
- # mbsync = {
- # enable = true;
- # create = "maildir";
- # };
- # msmtp.enable = true;
- # notmuch.enable = true;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ };
+ msmtp.enable = true;
+ notmuch.enable = true;
primary = true;
realName = "Andrea Ciceri";
signature = {
diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix
index 8218122..baf34b2 100644
--- a/hmModules/firefox/default.nix
+++ b/hmModules/firefox/default.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+ pkgs,
+ username,
+ ...
+}: {
programs.firefox = {
enable = true;
package =
@@ -9,19 +13,14 @@
})
.override {
cfg = {
- enableTridactylNative = true;
- enableBrowserpass = true;
- enableFXCastBridge = pkgs.system == "x86_64-linux";
+ nativeMessagingHosts.packages = [pkgs.trydactyl-native pkgs.fs-cast-bridge];
};
};
- profiles.ccr = {
+ profiles.${username} = {
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
privacy-badger
ublock-origin
tridactyl
- browserpass
- # bypass-paywalls-clean
- ghosttext # or edit-with-emacs?
];
settings = {
"browser.startup.homepage" = "https://google.it";
@@ -31,29 +30,15 @@
"general.useragent.locale" = "it-IT";
"browser.bookmarks.showMobileBookmarks" = true;
"browser.download.folderList" = 2;
- "browser.download.lastDir" = "/home/ccr/downloads/";
+ "browser.download.lastDir" = "/home/${username}/Downloads/";
"browser.shell.checkDefaultBrowser" = false;
};
search.force = true;
- search.default = "Google";
search.engines = {
"Searx" = {
urls = [
{
- template = "https://search.privatevoid.net/search";
- params = [
- {
- name = "q";
- value = "{searchTerms}";
- }
- ];
- }
- ];
- };
- "Google IT" = {
- urls = [
- {
- template = "https://www.google.it/search";
+ template = "https://search.aciceri.dev/search";
params = [
{
name = "q";
diff --git a/hmModules/git-workspace/default.nix b/hmModules/git-workspace/default.nix
index 56cdfe4..dd0de80 100644
--- a/hmModules/git-workspace/default.nix
+++ b/hmModules/git-workspace/default.nix
@@ -1,4 +1,8 @@
-{age, ...}: {
+{
+ age,
+ username,
+ ...
+}: {
services.git-workspace = {
enable = true;
frequency = "04:00:00";
@@ -9,7 +13,7 @@
{
provider = "github";
name = "aciceri";
- path = "/home/ccr/projects";
+ path = "/home/${username}/projects";
skips_forks = false;
}
];
@@ -19,7 +23,7 @@
{
provider = "github";
name = "mlabs-haskell";
- path = "/home/ccr/projects";
+ path = "/home/${username}/projects";
skip_forks = false;
}
];
@@ -29,7 +33,7 @@
{
provider = "github";
name = "EthereansOS";
- path = "/home/ccr/projects";
+ path = "/home/${username}/projects";
skip_forks = false;
}
];
diff --git a/hmModules/git/default.nix b/hmModules/git/default.nix
index edc5e09..291578e 100644
--- a/hmModules/git/default.nix
+++ b/hmModules/git/default.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: let
+{
+ pkgs,
+ username,
+ ...
+}: let
config = {
name = "Andrea Ciceri";
email = "andrea.ciceri@autistici.org";
@@ -15,7 +19,7 @@ in {
rebase.autostash = true;
github.user = "aciceri";
- user.signingKey = "/home/ccr/.ssh/id_rsa";
+ user.signingKey = "/home/${username}/.ssh/id_rsa";
gpg.format = "ssh";
commit.gpgsign = true;
@@ -24,14 +28,10 @@ in {
userName = config.name;
userEmail = config.email;
- # signing = {
- # signByDefault = true;
- # key = config.email;
- # };
extraConfig.url = {
"ssh://git@github.com/".insteadOf = "https://github.com/";
- # Workaround: https://github.com/rust-lang/cargo/issues/3381#issuecomment-1193730972
+ # Workaround for https://github.com/rust-lang/cargo/issues/3381#issuecomment-1193730972
"https://github.com/rust-lang/crates.io-index".insteadOf = "https://github.com/rust-lang/crates.io-index";
"https://github.com/RustSec/advisory-db".insteadOf = "https://github.com/RustSec/advisory-db";
};
@@ -53,6 +53,4 @@ in {
diff-so-fancy.enable = false;
};
-
- home.packages = with pkgs; [delta];
}
diff --git a/hmModules/helix/default.nix b/hmModules/helix/default.nix
index 0324ce8..6fa8ad9 100644
--- a/hmModules/helix/default.nix
+++ b/hmModules/helix/default.nix
@@ -1,8 +1,4 @@
{
- config,
- lib,
- ...
-}: {
programs.helix = {
enable = true;
settings = {
@@ -18,6 +14,4 @@
};
};
};
- # home.sessionVariables.EDITOR = lib.mkForce "${config.programs.helix.package}/bin/helix";
- # programs.nushell.environmentVariables.EDITOR = lib.mkForce config.home.sessionVariables.EDITOR;
}
diff --git a/hmModules/hyprland/default.nix b/hmModules/hyprland/default.nix
index 919a2f3..208fd5e 100644
--- a/hmModules/hyprland/default.nix
+++ b/hmModules/hyprland/default.nix
@@ -88,9 +88,7 @@ in {
}
}
- monitor = DP-2, 2560x1440, 1200x320, 1
- monitor = eDP-1, 1920x1080, 3760x230, 1
- # monitor = DP-1, 1920x1080, 0x0, 1, mirror, eDP-1
+ monitor = HDMI-A-1, 2560x1440, 0x0, 1
bindl=,switch:off:Lid Switch,exec,${switchMonitorScript} open
bindl=,switch:on:Lid Switch,exec,${switchMonitorScript} close
diff --git a/hmModules/hyprland/hyprpaper.nix b/hmModules/hyprland/hyprpaper.nix
index 87e7c6a..d6ab105 100644
--- a/hmModules/hyprland/hyprpaper.nix
+++ b/hmModules/hyprland/hyprpaper.nix
@@ -6,5 +6,6 @@ in {
wallpaper = eDP-1,${wallpaper}
wallpaper = DP-1,${wallpaper}
wallpaper = DP-2,${wallpaper}
+ wallpaper = HDMI-A-1,${wallpaper}
'';
}
diff --git a/hmModules/password-store/default.nix b/hmModules/password-store/default.nix
index adabccb..704f123 100644
--- a/hmModules/password-store/default.nix
+++ b/hmModules/password-store/default.nix
@@ -1,15 +1,13 @@
{
- config,
- lib,
pkgs,
+ username,
...
}: {
programs.password-store = {
enable = true;
settings = {
- PASSWORD_STORE_DIR = "/home/ccr/.password-store";
+ PASSWORD_STORE_DIR = "/home/${username}/.password-store";
};
- package = pkgs.pass.withExtensions (e: with e; [pass-otp]);
+ package = pkgs.pass.withExtensions (e: [e.pass-otp]);
};
- services.password-store-sync.enable = false; # FIXME this requires `pass` every 5 minutes that run `pinentry`
}
diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix
index a97150a..f733e28 100644
--- a/hmModules/shell/default.nix
+++ b/hmModules/shell/default.nix
@@ -119,7 +119,6 @@
'';
shellAliases = {
"cat" = "bat";
- "em" = "TERM=wezterm emacsclient -nw";
};
};
diff --git a/hmModules/wezterm/default.nix b/hmModules/wezterm/default.nix
index 09d066d..b6ad88b 100644
--- a/hmModules/wezterm/default.nix
+++ b/hmModules/wezterm/default.nix
@@ -3,6 +3,7 @@
enable = true;
extraConfig = ''
return {
+ enable_wayland = false; -- https://github.com/wez/wezterm/issues/4483
font = wezterm.font_with_fallback {
{
family = 'Iosevka Comfy',
diff --git a/hmModules/wine/default.nix b/hmModules/wine/default.nix
index f94940d..e1f674a 100644
--- a/hmModules/wine/default.nix
+++ b/hmModules/wine/default.nix
@@ -1,23 +1,6 @@
{pkgs, ...}: {
home.packages = with pkgs; [
- # ...
-
- # support both 32- and 64-bit applications
- # wineWowPackages.stable
-
- # support 32-bit only
- # wine
-
- # support 64-bit only
- # (wine.override { wineBuild = "wine64"; })
-
- # wine-staging (version with experimental features)
- # wineWowPackages.staging
-
- # winetricks (all versions)
winetricks
-
- # native wayland support (unstable)
wineWowPackages.waylandFull
];
}
diff --git a/hosts/default.nix b/hosts/default.nix
index 8b36c7b..4c95461 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -5,279 +5,89 @@
inputs,
...
}: {
- options.fleet = {
- hosts = lib.mkOption {
- description = "Host configuration";
- type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
- options = {
- name = lib.mkOption {
- description = "Host name";
- type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
- default = name;
- };
- system = lib.mkOption {
- description = "NixOS architecture (a.k.a. system)";
- type = lib.types.str;
- default = "x86_64-linux";
- };
- colmena = lib.mkOption {
- description = "Set colmena.<host>";
- type = lib.types.attrs;
- default = {};
- };
- secrets = lib.mkOption {
- description = "List of secrets names in the `secrets` folder";
- type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
- options = {
- owner = lib.mkOption {
- type = lib.types.str;
- default = "root";
- };
- group = lib.mkOption {
- type = lib.types.str;
- default = "root";
- };
- file = lib.mkOption {
- type = lib.types.path;
- default = "${self.outPath}/secrets/${name}.age";
- };
- mode = lib.mkOption {
- # TODO improve type
- type = lib.types.str;
- default = "0440";
- };
- };
- }));
- default = {};
- };
- enableHomeManager = lib.mkOption {
- description = "Enable home-manager module";
- type = lib.types.bool;
- default = true;
- };
- overlays = lib.mkOption {
- description = "Enabled Nixpkgs overlays";
- type = lib.types.listOf (lib.mkOptionType {
- name = "nixpkgs-overlay";
- description = "nixpkgs overlay";
- check = lib.isFunction;
- merge = lib.mergeOneOption;
- });
- default = [];
- };
- extraModules = lib.mkOption {
- description = "Extra NixOS modules";
- type = lib.types.listOf lib.types.deferredModule;
- default = [];
- };
- extraHmModules = lib.mkOption {
- description = "Extra home-manager modules";
- type = lib.types.listOf lib.types.deferredModule;
- default = [];
- };
- extraHmModulesUser = lib.mkOption {
- description = "User for which to import extraHmModulesUser";
- type = lib.types.str;
- default = "ccr";
- };
- };
- config.overlays = with inputs;
- [
- agenix.overlays.default
- comma.overlays.default
- helix.overlays.default
- nur.overlay
- ]
- ++ config.fleet.overlays;
- }));
- default = {};
- };
- _mkNixosConfiguration = lib.mkOption {
- description = "Function returning a proper NixOS configuration";
- type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
- internal = true;
- default = hostname: config:
- inputs.nixpkgsUnstable.lib.nixosSystem {
- inherit (config) system;
- modules =
- [
- ({lib, ...}: {
- networking.hostName = lib.mkForce hostname;
- nixpkgs.overlays = config.overlays;
- networking.hosts =
- lib.mapAttrs' (hostname: ip: {
- name = ip;
- value = ["${hostname}.fleet"];
- })
- (import "${self}/lib").ips;
- })
- "${self.outPath}/hosts/${hostname}"
- ]
- ++ (lib.optionals (config.secrets != []) [
- inputs.agenix.nixosModules.default
- ({lib, ...}: let
- allSecrets = lib.mapAttrs' (name: value: {
- name = lib.removeSuffix ".age" name;
- inherit value;
- }) (import "${self.outPath}/secrets");
- filteredSecrets =
- lib.filterAttrs
- (name: _: builtins.hasAttr name config.secrets)
- allSecrets;
- in {
- age.secrets =
- lib.mapAttrs' (name: _: {
- name = builtins.baseNameOf name;
- value = {
- inherit (config.secrets.${name}) owner group file mode;
- };
- })
- filteredSecrets;
- })
- ])
- ++ (lib.optionals config.enableHomeManager (let
- user = config.extraHmModulesUser;
- extraHmModules = config.extraHmModules;
- in [
- inputs.homeManager.nixosModule
- ({config, ...}: {
- home-manager.users."${user}" = {
- imports = extraHmModules;
- _module.args = {
- age = config.age or {};
- fleetFlake = self;
- };
- };
- })
- ]))
- ++ config.extraModules;
- specialArgs = {
- fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
- fleetHmModules = builtins.map (moduleName: "${self.outPath}/hmModules/${moduleName}");
- fleetFlake = self;
- };
- };
+ imports = [./module.nix];
+
+ fleet.hosts = {
+ # thinkpad = {
+ # extraModules = with inputs; [
+ # nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen
+ # buildbot-nix.nixosModules.buildbot-master
+ # buildbot-nix.nixosModules.buildbot-worker
+ # ];
+ # extraHmModules = with inputs; [
+ # ccrEmacs.hmModules.default
+ # {
+ # # TODO: remove after https://github.com/nix-community/home-manager/pull/3811
+ # imports = let
+ # hmModules = "${inputs.homeManagerGitWorkspace}/modules";
+ # in [
+ # "${hmModules}/services/git-workspace.nix"
+ # ];
+ # }
+ # ];
+ # overlays = [inputs.nil.overlays.default];
+ # secrets = {
+ # "thinkpad-wireguard-private-key" = {};
+ # "cachix-personal-token".owner = "ccr";
+ # "autistici-password".owner = "ccr";
+ # "git-workspace-tokens".owner = "ccr";
+ # "chatgpt-token".owner = "ccr";
+ # };
+ # };
+ # rock5b = {
+ # system = "aarch64-linux";
+ # extraModules = with inputs; [
+ # disko.nixosModules.disko
+ # rock5b.nixosModules.default
+ # ];
+ # secrets = {
+ # "rock5b-wireguard-private-key" = {};
+ # "hercules-ci-join-token".owner = "hercules-ci-agent";
+ # "hercules-ci-binary-caches".owner = "hercules-ci-agent";
+ # "cachix-personal-token".owner = "ccr";
+ # "home-planimetry".owner = "hass";
+ # "cloudflare-dyndns-api-token" = {};
+ # # "nextcloud-admin-pass".owner = "nextcloud";
+ # # "aws-credentials" = {};
+ # };
+ # colmena.deployment.buildOnTarget = true;
+ # };
+ # pbp = {
+ # system = "aarch64-linux";
+ # extraModules = with inputs; [
+ # nixosHardware.nixosModules.pine64-pinebook-pro
+ # disko.nixosModules.disko
+ # ];
+ # extraHmModules = [
+ # inputs.ccrEmacs.hmModules.default
+ # ];
+ # secrets = {
+ # "pbp-wireguard-private-key" = {};
+ # "cachix-personal-token".owner = "ccr";
+ # "chatgpt-token".owner = "ccr";
+ # };
+ # };
+
+ picard = {
+ extraModules = [
+ inputs.disko.nixosModules.disko
+ ];
+ extraHmModules = [
+ inputs.ccrEmacs.hmModules.default
+ "${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix"
+ ];
+ secrets = {
+ "chatgpt-token".owner = "ccr";
+ "cachix-personal-token".owner = "ccr";
+ "hercules-ci-join-token".owner = "hercules-ci-agent";
+ "hercules-ci-binary-caches".owner = "hercules-ci-agent";
+ "git-workspace-tokens".owner = "ccr";
+ };
};
};
- # TODO Add per host:
- # - apps to run as VMs
- # - checks
- # - deploy scripts (`nixos-rebuild`)
-
- config = {
- fleet.hosts = {
- thinkpad = {
- extraModules = with inputs; [
- nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen
- ];
- extraHmModules = with inputs; [
- ccrEmacs.hmModules.default
- {
- # TODO: remove after https://github.com/nix-community/home-manager/pull/3811
- imports = let
- hmModules = "${inputs.homeManagerGitWorkspace}/modules";
- in [
- "${hmModules}/services/git-workspace.nix"
- ];
- }
- ];
- overlays = [inputs.nil.overlays.default];
- secrets = {
- "thinkpad-wireguard-private-key" = {};
- "cachix-personal-token".owner = "ccr";
- "autistici-password".owner = "ccr";
- "git-workspace-tokens".owner = "ccr";
- "chatgpt-token".owner = "ccr";
- };
- };
- rock5b = {
- system = "aarch64-linux";
- extraModules = with inputs; [
- disko.nixosModules.disko
- rock5b.nixosModules.default
- ];
- secrets = {
- "rock5b-wireguard-private-key" = {};
- "hercules-ci-join-token".owner = "hercules-ci-agent";
- "hercules-ci-binary-caches".owner = "hercules-ci-agent";
- "cachix-personal-token".owner = "ccr";
- "home-planimetry".owner = "hass";
- # "nextcloud-admin-pass".owner = "nextcloud";
- # "aws-credentials" = {};
- };
- colmena.deployment.buildOnTarget = true;
- };
- pbp = {
- system = "aarch64-linux";
- extraModules = with inputs; [
- nixosHardware.nixosModules.pine64-pinebook-pro
- disko.nixosModules.disko
- ];
- extraHmModules = [
- inputs.ccrEmacs.hmModules.default
- ];
- secrets = {
- "pbp-wireguard-private-key" = {};
- "cachix-personal-token".owner = "ccr";
- "chatgpt-token".owner = "ccr";
- };
- };
- # hs = {};
- mothership = {
- extraModules = with inputs; [
- disko.nixosModules.disko
- # nix-serve-ng.nixosModules.default
- # hydra.nixosModules.hydra
- ];
- extraHmModules = [
- inputs.ccrEmacs.hmModules.default
- {
- # TODO: remove after https://github.com/nix-community/home-manager/pull/3811
- imports = let
- hmModules = "${inputs.homeManagerGitWorkspace}/modules";
- in [
- "${hmModules}/services/git-workspace.nix"
- ];
- }
- ];
- overlays = [inputs.nil.overlays.default];
- secrets = {
- "mothership-wireguard-private-key" = {};
- "cachix-personal-token".owner = "ccr";
- "git-workspace-tokens".owner = "ccr";
- "magit-forge-github-token".owner = "ccr";
- # "hydra-admin-password".owner = "root";
- # "hydra-github-token".group = "hydra";
- # "cache-private-key".owner = "nix-serve";
- "hercules-ci-join-token".owner = "hercules-ci-agent";
- "hercules-ci-binary-caches".owner = "hercules-ci-agent";
- # "minio-credentials".owner = "minio";
- # "aws-credentials" = {};
- "chatgpt-token".owner = "ccr";
- };
- };
- };
-
- flake.nixosConfigurations =
- lib.mapAttrs
- config.fleet._mkNixosConfiguration
- config.fleet.hosts;
-
- flake.colmena =
- {
- meta = {
- nixpkgs = inputs.nixpkgsUnstable.legacyPackages.x86_64-linux;
- nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) self.nixosConfigurations;
- nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) self.nixosConfigurations;
- };
- }
- // builtins.mapAttrs (name: host:
- lib.recursiveUpdate {
- imports = self.nixosConfigurations.${name}._module.args.modules;
- deployment.targetHost = "${name}.fleet";
- }
- host.colmena)
- config.fleet.hosts;
- };
+ flake.nixosConfigurations =
+ lib.mapAttrs
+ config.fleet._mkNixosConfiguration
+ config.fleet.hosts;
}
diff --git a/hosts/module.nix b/hosts/module.nix
new file mode 100644
index 0000000..e91daf5
--- /dev/null
+++ b/hosts/module.nix
@@ -0,0 +1,168 @@
+# TODO Add per host:
+# - apps to run as VMs
+# - checks
+# - deploy scripts (`nixos-rebuild`)
+{
+ self,
+ lib,
+ config,
+ inputs,
+ ...
+}: {
+ options.fleet = {
+ hosts = lib.mkOption {
+ description = "Host configuration";
+ type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
+ options = {
+ name = lib.mkOption {
+ description = "Host name";
+ type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
+ default = name;
+ };
+ system = lib.mkOption {
+ description = "NixOS architecture (a.k.a. system)";
+ type = lib.types.str;
+ default = "x86_64-linux";
+ };
+ colmena = lib.mkOption {
+ description = "Set colmena.<host>";
+ type = lib.types.attrs;
+ default = {};
+ };
+ secrets = lib.mkOption {
+ description = "List of secrets names in the `secrets` folder";
+ type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
+ options = {
+ owner = lib.mkOption {
+ type = lib.types.str;
+ default = "root";
+ };
+ group = lib.mkOption {
+ type = lib.types.str;
+ default = "root";
+ };
+ file = lib.mkOption {
+ type = lib.types.path;
+ default = "${self.outPath}/secrets/${name}.age";
+ };
+ mode = lib.mkOption {
+ # TODO improve type
+ type = lib.types.str;
+ default = "0440";
+ };
+ };
+ }));
+ default = {};
+ };
+ enableHomeManager = lib.mkOption {
+ description = "Enable home-manager module";
+ type = lib.types.bool;
+ default = true;
+ };
+ overlays = lib.mkOption {
+ description = "Enabled Nixpkgs overlays";
+ type = lib.types.listOf (lib.mkOptionType {
+ name = "nixpkgs-overlay";
+ description = "nixpkgs overlay";
+ check = lib.isFunction;
+ merge = lib.mergeOneOption;
+ });
+ default = [];
+ };
+ extraModules = lib.mkOption {
+ description = "Extra NixOS modules";
+ type = lib.types.listOf lib.types.deferredModule;
+ default = [];
+ };
+ extraHmModules = lib.mkOption {
+ description = "Extra home-manager modules";
+ type = lib.types.listOf lib.types.deferredModule;
+ default = [];
+ };
+ extraHmModulesUser = lib.mkOption {
+ description = "User for which to import extraHmModulesUser";
+ type = lib.types.str;
+ default = "ccr";
+ };
+ };
+ config.overlays = with inputs;
+ [
+ nur.overlay
+ ]
+ ++ config.fleet.overlays;
+ }));
+ default = {};
+ };
+ _mkNixosConfiguration = lib.mkOption {
+ description = "Function returning a proper NixOS configuration";
+ type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
+ internal = true;
+ default = hostname: config:
+ inputs.nixpkgsUnstable.lib.nixosSystem {
+ inherit (config) system;
+ modules =
+ [
+ ({lib, ...}: {
+ networking.hostName = lib.mkForce hostname;
+ nixpkgs.overlays = config.overlays;
+ networking.hosts =
+ lib.mapAttrs' (hostname: ip: {
+ name = ip;
+ value = ["${hostname}.fleet"];
+ })
+ (import "${self}/lib").ips;
+ })
+ "${self.outPath}/hosts/${hostname}"
+ ]
+ ++ (lib.optionals (config.secrets != []) [
+ inputs.agenix.nixosModules.default
+ ({lib, ...}: let
+ allSecrets = lib.mapAttrs' (name: value: {
+ name = lib.removeSuffix ".age" name;
+ inherit value;
+ }) (import "${self.outPath}/secrets");
+ filteredSecrets =
+ lib.filterAttrs
+ (name: _: builtins.hasAttr name config.secrets)
+ allSecrets;
+ in {
+ age.secrets =
+ lib.mapAttrs' (name: _: {
+ name = builtins.baseNameOf name;
+ value = {
+ inherit (config.secrets.${name}) owner group file mode;
+ };
+ })
+ filteredSecrets;
+ })
+ ])
+ ++ (lib.optionals config.enableHomeManager (let
+ user = config.extraHmModulesUser;
+ extraHmModules = config.extraHmModules;
+ in [
+ inputs.homeManager.nixosModule
+ ({
+ config,
+ pkgs,
+ ...
+ }: {
+ home-manager.users."${user}" = {
+ imports = extraHmModules;
+ _module.args = {
+ age = config.age or {};
+ fleetFlake = self;
+ pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system};
+ };
+ };
+ })
+ ]))
+ ++ config.extraModules;
+ specialArgs = {
+ fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
+ fleetHmModules = builtins.map (moduleName: "${self.outPath}/hmModules/${moduleName}");
+ fleetFlake = self;
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/mothership/default.nix b/hosts/mothership/default.nix
index e2116a8..ea4a2bb 100644
--- a/hosts/mothership/default.nix
+++ b/hosts/mothership/default.nix
@@ -22,7 +22,7 @@
"cgit"
"docker"
# "minio"
- "proxy"
+ "mothership-proxy"
"binfmt"
"xdg"
# "remote-xfce"
diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix
new file mode 100644
index 0000000..7c0ed4f
--- /dev/null
+++ b/hosts/picard/default.nix
@@ -0,0 +1,94 @@
+{
+ fleetModules,
+ lib,
+ config,
+ ...
+}: {
+ imports =
+ fleetModules [
+ "common"
+ "ssh"
+ "ccr"
+ "nix"
+ "networkmanager"
+ "bluetooth"
+ "dbus"
+ "docker"
+ "fonts"
+ "qmk-udev"
+ "mosh"
+ "udisks2"
+ "xdg"
+ "pipewire"
+ "nix-development"
+ "waydroid"
+ "virt-manager"
+ "ssh-initrd"
+ "hercules-ci"
+ ]
+ ++ [
+ ./disko.nix
+ ];
+
+ ccr = {
+ enable = true;
+ autologin = true;
+ modules = [
+ "git"
+ "git-workspace"
+ "helix"
+ "shell"
+ "element"
+ "emacs"
+ "firefox"
+ "gpg"
+ "mpv"
+ "password-store"
+ "slack"
+ "hyprland"
+ "udiskie"
+ "xdg"
+ "spotify"
+ "lutris"
+ "wine"
+ "cura"
+ ];
+ extraGroups = [];
+ };
+
+ boot.kernelParams = ["ip=dhcp"];
+ boot.initrd.kernelModules = ["amdgpu"];
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "ahci"
+ "usbhid"
+ "r8169"
+ ];
+ boot.kernelModules = ["kvm-amd"];
+
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.systemd-boot = {
+ enable = true;
+ configurationLimit = 20;
+ };
+
+ networking.hostId = "5b02e763";
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ hardware.enableRedistributableFirmware = lib.mkDefault true;
+
+ hardware.opengl = {
+ enable = true;
+ driSupport = true;
+ driSupport32Bit = true;
+ };
+
+ # TODO move away from here (how can the interface name be retrieved programmatically?)
+ networking.interfaces.enp11s0.wakeOnLan = {
+ enable = true;
+ policy = ["broadcast" "magic"];
+ };
+}
diff --git a/hosts/picard/disko.nix b/hosts/picard/disko.nix
new file mode 100644
index 0000000..b7f91f5
--- /dev/null
+++ b/hosts/picard/disko.nix
@@ -0,0 +1,72 @@
+{
+ disko.devices = {
+ disk = {
+ nvme = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ zfs = {
+ size = "100%";
+ content = {
+ type = "zfs";
+ pool = "zroot";
+ };
+ };
+ };
+ };
+ };
+ };
+ zpool = {
+ zroot = {
+ type = "zpool";
+ rootFsOptions = {
+ compression = "lz4";
+ acltype = "posixacl";
+ xattr = "sa";
+ "com.sun:auto-snapshot" = "true";
+ mountpoint = "none";
+ };
+ datasets = {
+ "root" = {
+ type = "zfs_fs";
+ options = {
+ mountpoint = "none";
+ encryption = "aes-256-gcm";
+ keyformat = "passphrase";
+ keylocation = "prompt";
+ };
+ };
+ "root/nixos" = {
+ type = "zfs_fs";
+ options.mountpoint = "/";
+ mountpoint = "/";
+ };
+ "root/home" = {
+ type = "zfs_fs";
+ options.mountpoint = "/home";
+ mountpoint = "/home";
+ };
+ "root/tmp" = {
+ type = "zfs_fs";
+ mountpoint = "/tmp";
+ options = {
+ mountpoint = "/tmp";
+ sync = "disabled";
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/rock5b/default.nix b/hosts/rock5b/default.nix
index 9f1ab79..9b73e5c 100644
--- a/hosts/rock5b/default.nix
+++ b/hosts/rock5b/default.nix
@@ -20,8 +20,13 @@
# "nextcloud"
"home-assistant"
# "immich"
- "adguard-home"
+ # "adguard-home"
# "mount-hetzner-box"
+ "cloudflare-dyndns"
+ "rock5b-proxy"
+ "invidious"
+ "searx"
+ "rock5b-samba"
]
++ [
./disko.nix
@@ -29,6 +34,8 @@
ccr.enable = true;
+ networking.firewall.enable = lib.mkForce false;
+
services.rock5b-fan-control.enable = true;
nixpkgs.hostPlatform = "aarch64-linux";
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index a8baf04..2285cb2 100644
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -33,6 +33,7 @@
"nix-development"
"clamav"
"waydroid"
+ "buildboot-nix"
# "gnome-keyring"
];
@@ -45,6 +46,7 @@
"digikam"
"discord"
"element"
+ "email"
# "nheko"
# "thunderbird"
# "aerc"
@@ -54,7 +56,7 @@
"gpg"
"gnome-keyring"
"helix"
- "mopidy"
+ # "mopidy"
"mpv"
"openscad"
"password-store"
@@ -79,7 +81,6 @@
];
packages = with pkgs; [
comma
- dolphin-emu-beta
sc-controller
libreoffice
];
@@ -218,4 +219,6 @@
Sunshine
KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
'';
+
+ services.teamviewer.enable = true;
}
diff --git a/hosts/thinkpad/zfs.nix b/hosts/thinkpad/zfs.nix
index c547d1a..dd64da1 100644
--- a/hosts/thinkpad/zfs.nix
+++ b/hosts/thinkpad/zfs.nix
@@ -1,6 +1,7 @@
{
config,
pkgs,
+ lib,
...
}: {
boot.supportedFilesystems = ["zfs"];
@@ -22,6 +23,7 @@
mount /boot/efi
'';
boot.loader.grub.extraInstallCommands = ''
+ export PATH=$PATH:${lib.makeBinPath [pkgs.coreutils]}
ESP_MIRROR=$(mktemp -d)
cp -r /boot/efi/EFI $ESP_MIRROR
for i in /boot/efis/*; do
diff --git a/lib/default.nix b/lib/default.nix
index f751fa9..de3d8a8 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -11,6 +11,7 @@
mothership = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlepPWHE9GvQIBcAQBQPd80oiePSPxGDnMdqpdEqx6I";
rock5b = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlpd0GhZv0NyDQBTJ130JfC5/r+PvdkHIOaGssm8cPG";
pbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFF05LScu9m5BXMlFAT1g+g/AkAi7kvq1dY6W3Rzqq3f";
+ picard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1+1z1IsLVJ6aGarMgzw3NbmFKcpYVgdUjl7xDsewxT";
};
};
ips = {
diff --git a/modules/adb/default.nix b/modules/adb/default.nix
index 3abb9bd..4ca3870 100644
--- a/modules/adb/default.nix
+++ b/modules/adb/default.nix
@@ -1,4 +1,4 @@
{
programs.adb.enable = true;
- users.users.ccr.extraGroups = ["adbusers"];
+ ccr.extraGroups = ["adbusers"];
}
diff --git a/modules/bluetooth/default.nix b/modules/bluetooth/default.nix
index 67c24ce..803215e 100644
--- a/modules/bluetooth/default.nix
+++ b/modules/bluetooth/default.nix
@@ -3,4 +3,5 @@
hardware.pulseaudio.enable = true;
hardware.bluetooth.enable = true;
services.dbus.packages = with pkgs; [blueman];
+ ccr.extraGroups = ["bluetooth"];
}
diff --git a/modules/ccr/default.nix b/modules/ccr/default.nix
index cf781f8..b226b3d 100644
--- a/modules/ccr/default.nix
+++ b/modules/ccr/default.nix
@@ -5,55 +5,74 @@
fleetHmModules,
fleetFlake,
...
-}: {
+}: let
+ cfg = config.ccr;
+ inherit (lib) types;
+in {
options.ccr = {
- enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
+ enable = lib.mkEnableOption "ccr";
+
+ username = lib.mkOption {
+ type = types.str;
+ default = "ccr";
+ };
+
+ description = lib.mkOption {
+ type = types.str;
+ default = "Andrea Ciceri";
+ };
+
+ shell = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.fish;
};
modules = lib.mkOption {
- type = with lib.types; listOf str;
+ type = types.listOf types.str;
default = [];
};
packages = lib.mkOption {
- type = with lib.types; listOf package;
+ type = types.listOf types.package;
default = [];
};
autologin = lib.mkOption {
- type = lib.types.bool;
+ type = types.bool;
default = false;
};
authorizedKeys = lib.mkOption {
- type = with lib.types; listOf str;
+ type = types.listOf types.str;
default = builtins.attrValues (import "${fleetFlake}/lib").keys.users;
};
hashedPassword = lib.mkOption {
- type = lib.types.str;
+ type = types.str;
default = "$6$JGOefuRk7kL$fK9.5DFnLLoW08GL4eKRyf958jyZdw//hLMaz4pp28jJuSFb24H6R3dgt1.sMs0huPY85rludSw4dnQJG5xSw1"; # mkpasswd -m sha-512
};
extraGroups = lib.mkOption {
- type = with lib.types; listOf str;
- default = ["wheel" "fuse" "networkmanager" "dialout"];
+ type = types.listOf types.str;
+ default = {};
+ };
+
+ extraModules = lib.mkOption {
+ type = types.listOf types.deferredModule;
+ default = [];
};
};
- config = lib.mkIf config.ccr.enable {
- ccr.extraGroups = ["wheel" "fuse" "networkmanager" "dialout"];
+ config = lib.mkIf cfg.enable {
+ # FIXME shouldn't set these groups by default
+ ccr.extraGroups = ["wheel" "fuse" "video" "dialout" "systemd-journal" "camera"];
ccr.modules = ["shell" "git" "nix-index"];
- users.users.ccr = {
+ users.users.${cfg.username} = {
+ inherit (config.ccr) hashedPassword extraGroups description;
uid = 1000;
- inherit (config.ccr) hashedPassword;
- description = "Andrea Ciceri";
isNormalUser = true;
- inherit (config.ccr) extraGroups;
- shell = pkgs.fish;
+ shell = cfg.shell;
openssh.authorizedKeys.keys = config.ccr.authorizedKeys;
};
@@ -61,22 +80,24 @@
services.getty.autologinUser =
if config.ccr.autologin
- then "ccr"
+ then cfg.username
else null;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
- home-manager.users.ccr = {
+ home-manager.users.${cfg.username} = {
imports =
- fleetHmModules config.ccr.modules
+ fleetHmModules cfg.modules
++ [
{
_module.args = {
inherit (config.age) secrets;
+ inherit (cfg) username;
};
}
- ];
- home.packages = config.ccr.packages;
+ ]
+ ++ cfg.extraModules;
+ home.packages = cfg.packages;
home.stateVersion = config.system.stateVersion;
};
};
diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix
new file mode 100644
index 0000000..34e43fa
--- /dev/null
+++ b/modules/cloudflare-dyndns/default.nix
@@ -0,0 +1,15 @@
+{config, ...}: {
+ services.cloudflare-dyndns = {
+ enable = true;
+ ipv4 = true;
+ ipv6 = true;
+ domains = [
+ "sevenofnix.aciceri.dev"
+ "home.aciceri.dev"
+ "torrent.aciceri.dev"
+ "search.aciceri.dev"
+ "invidious.aciceri.dev"
+ ];
+ apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
+ };
+}
diff --git a/modules/common/default.nix b/modules/common/default.nix
index 70590c0..eec7be5 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -7,13 +7,10 @@
"nix"
];
+ hardware.i2c.enable = true;
system.stateVersion = lib.mkForce "22.11";
time.timeZone = lib.mkDefault "Europe/Rome";
- networking.useDHCP = lib.mkDefault true;
users.mutableUsers = false;
- # TODO remove
- users.users.root.password = "password";
i18n.defaultLocale = "en_US.UTF-8";
-
- nixpkgs.config.allowUnfree = true;
+ nixpkgs.config.allowUnfree = true; # Forgive me Mr. Stallman :(
}
diff --git a/modules/dbus/default.nix b/modules/dbus/default.nix
index 62036c9..b481548 100644
--- a/modules/dbus/default.nix
+++ b/modules/dbus/default.nix
@@ -1,4 +1,4 @@
{pkgs, ...}: {
- services.dbus.packages = with pkgs; [dconf];
+ services.dbus.packages = [pkgs.dconf];
programs.dconf.enable = true;
}
diff --git a/modules/docker/default.nix b/modules/docker/default.nix
index b349dcf..b4bb0e1 100644
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@@ -1,14 +1,13 @@
{
- config,
- lib,
pkgs,
+ config,
...
}: {
- virtualisation.docker.enable = true;
virtualisation.podman.enable = true;
- users.users.ccr.extraGroups = ["docker"];
+ users.users.${config.ccr.username}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
docker-compose
podman-compose
];
+ ccr.extraGroups = ["docker"];
}
diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix
index fdda365..a0f9bed 100644
--- a/modules/fonts/default.nix
+++ b/modules/fonts/default.nix
@@ -1,6 +1,6 @@
{pkgs, ...}: {
fonts = {
- fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols iosevka iosevka-comfy.comfy emacs-all-the-icons-fonts nerdfonts joypixels etBook];
+ packages = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols iosevka iosevka-comfy.comfy emacs-all-the-icons-fonts nerdfonts joypixels etBook];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
diff --git a/modules/fprintd/default.nix b/modules/fprintd/default.nix
index 1b0c84f..0f9822b 100644
--- a/modules/fprintd/default.nix
+++ b/modules/fprintd/default.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{
services.fprintd = {
enable = false; # temporarily disable
};
diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix
index 558b941..3824207 100644
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@@ -69,7 +69,7 @@ in {
default_config = {};
http = {
use_x_forwarded_for = true;
- trusted_proxies = ["10.100.0.1"];
+ trusted_proxies = ["127.0.0.1" "::1"];
};
# ffmpeg = {};
# camera = [
diff --git a/modules/invidious/default.nix b/modules/invidious/default.nix
new file mode 100644
index 0000000..f4f4627
--- /dev/null
+++ b/modules/invidious/default.nix
@@ -0,0 +1,3 @@
+{
+ services.invidious.enable = true;
+}
diff --git a/modules/proxy/default.nix b/modules/mothership-proxy/default.nix
similarity index 88%
rename from modules/proxy/default.nix
rename to modules/mothership-proxy/default.nix
index 3e8eaab..bf9bef4 100644
--- a/modules/proxy/default.nix
+++ b/modules/mothership-proxy/default.nix
@@ -1,13 +1,6 @@
{config, ...}: {
imports = [../nginx-base];
services.nginx.virtualHosts = {
- "bubbleupnp.mothership.aciceri.dev" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://rock5b.fleet:58050";
- };
- };
"home.aciceri.dev" = {
forceSSL = true;
enableACME = true;
@@ -27,6 +20,14 @@
proxyPass = "http://rock5b.fleet:9091";
};
};
+ "sevenofnix.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://thinkpad.fleet:8010";
+ proxyWebsockets = true;
+ };
+ };
"photos.aciceri.dev" = {
forceSSL = true;
enableACME = true;
diff --git a/modules/networkmanager/default.nix b/modules/networkmanager/default.nix
new file mode 100644
index 0000000..c5e2c48
--- /dev/null
+++ b/modules/networkmanager/default.nix
@@ -0,0 +1,5 @@
+{lib, ...}: {
+ networking.networkmanager.enable = true;
+ ccr.extraGroups = ["networkmanager"];
+ networking.useDHCP = lib.mkDefault true;
+}
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index a8daa6a..69561d9 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -1,7 +1,6 @@
{
config,
lib,
- pkgs,
fleetFlake,
...
}: {
@@ -12,61 +11,47 @@
auto-optimise-store = true;
trusted-users = [
"root"
- "ccr"
+ config.ccr.username
"@wheel"
];
netrc-file = "/etc/nix/netrc";
- # Disabled all the substituters, this should be managed at flakes level
- # trusted-public-keys = [
- # "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
- # "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
- # "aciceri-fleet.cachix.org-1:e1AodrwmzRWy0eQi3lUY71M41fp9Sq+UpuKKv705xsI="
- # "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
- # ];
- # substituters = [
- # "https://cache.iog.io"
- # "https://mlabs.cachix.org"
- # "https://aciceri-fleet.cachix.org"
- # "https://nix-community.cachix.org"
- # ];
};
extraOptions = ''
experimental-features = nix-command flakes ca-derivations
+ builders-use-substitutes = true
'';
gc = {
automatic = true;
dates = "weekly";
- options = "--delete-older-than 30d";
+ options = "--delete-older-than 180d";
};
- # buildMachines = [
- # {
- # hostName = "rock5b.fleet";
- # system = "aarch64-linux";
- # maxJobs = 6;
- # speedFactor = 1;
- # supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
- # mandatoryFeatures = [];
- # # sshKey = "/var/lib/hydra/queue-runner/.ssh/id_rsa";
- # sshUser = "root";
- # }
- # ];
- distributedBuilds = true;
-
registry = lib.mkForce {
nixpkgs.to = {
type = "path";
path = fleetFlake.inputs.nixpkgsUnstable;
};
+ nixpkgsUnstable.to = {
+ type = "path";
+ path = fleetFlake.inputs.nixpkgsUnstable;
+ };
+ nixpkgsStable.to = {
+ type = "path";
+ path = fleetFlake.inputs.nixpkgsStable;
+ };
n.to = {
type = "path";
path = fleetFlake.inputs.nixpkgsUnstable;
};
nixfleet.to = {
type = "path";
- path = "/home/ccr/projects/aciceri/nixfleet";
+ path = "/home/${config.ccr.username}/projects/aciceri/nixfleet";
+ };
+ fleet.to = {
+ type = "path";
+ path = "/home/${config.ccr.username}/projects/aciceri/nixfleet";
};
};
};
diff --git a/modules/pipewire/default.nix b/modules/pipewire/default.nix
new file mode 100644
index 0000000..334c6ea
--- /dev/null
+++ b/modules/pipewire/default.nix
@@ -0,0 +1,3 @@
+{
+ services.pipewire.enable = true;
+}
diff --git a/modules/rock5b-proxy/default.nix b/modules/rock5b-proxy/default.nix
new file mode 100644
index 0000000..4d62c9b
--- /dev/null
+++ b/modules/rock5b-proxy/default.nix
@@ -0,0 +1,98 @@
+{config, ...}: {
+ imports = [../nginx-base];
+ services.nginx.virtualHosts = {
+ localhost.listen = [{addr = "127.0.0.1";}];
+ "home.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
+ proxyWebsockets = true;
+ };
+ extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ '';
+ };
+ "torrent.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${builtins.toString config.services.transmission.settings.rpc-port}";
+ };
+ };
+ "search.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8888";
+ };
+ };
+ "invidious.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${builtins.toString config.services.invidious.port}";
+ };
+ };
+ "sevenofnix.aciceri.dev" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://10.1.1.2:${builtins.toString config.services.buildbot-master.port}";
+ proxyWebsockets = true;
+ };
+ };
+ };
+
+ # services.oauth2_proxy = {
+ # enable = true;
+ # provider = "oidc";
+ # reverseProxy = true;
+ # # replaces following options with .keyFile
+
+ # clientID = "shouldThisBePrivate?";
+ # clientSecret = "thisShouldBePrivate";
+ # cookie.secret = "thisShouldBePrivate00000";
+
+ # email.domains = [ "*" ];
+ # extraConfig = {
+ # # custom-sign-in-logo = "${../../lib/mlabs-logo.svg}";
+ # # scope = "user:email";
+ # # banner = "MLabs Status";
+ # # whitelist-domain = ".status.staging.mlabs.city";
+ # oidc-issuer-url = "http://127.0.0.1:5556/dex";
+ # };
+ # # redirectURL = "https://status.staging.mlabs.city/oauth2/callback";
+ # # keyFile = config.age.secrets.status-oauth2-secrets.path;
+ # # cookie.domain = ".status.staging.mlabs.city";
+ # nginx = {
+ # virtualHosts = [
+ # "search.aciceri.dev"
+ # ];
+ # };
+ # };
+
+ # services.dex = {
+ # enable = true;
+ # settings = {
+ # issuer = "http://127.0.0.1:5556/dex";
+ # storage = {
+ # type = "postgres";
+ # config.host = "/var/run/postgresql";
+ # };
+ # web = {
+ # http = "127.0.0.1:5556";
+ # };
+ # enablePasswordDB = true;
+ # staticClients = [
+ # {
+ # # id = "oidcclient";
+ # # name = "client";
+ # # redirecturis = [ "https://login.aciceri.dev/callback" ];
+ # # secretfile = "/etc/dex/oidcclient"; # the content of `secretfile` will be written into to the config as `secret`.
+ # }
+ # ];
+ # };
+ # };
+}
diff --git a/modules/rock5b-samba/default.nix b/modules/rock5b-samba/default.nix
new file mode 100644
index 0000000..e33b2b7
--- /dev/null
+++ b/modules/rock5b-samba/default.nix
@@ -0,0 +1,42 @@
+{
+ services = {
+ samba-wsdd = {
+ enable = true;
+ workgroup = "WORKGROUP";
+ hostname = "rock5b";
+ discovery = true;
+ };
+
+ samba = {
+ enable = true;
+ securityType = "user";
+ extraConfig = ''
+ workgroup = WORKGROUP
+ server string = rock5b
+ netbios name = rock5b
+ security = user
+ map to guest = bad user
+ vfs objects = recycle
+ recycle:repository = .recycle
+ recycle:keeptree = yes
+ recycle:versions = yes
+ '';
+ shares = {
+ torrent = {
+ path = "/mnt/hd/torrent";
+ comment = "torrent";
+ "force user" = "ccr";
+ browseable = "yes";
+ writeable = "yes";
+ "guest ok" = "yes";
+ "read only" = "no";
+ };
+ };
+ };
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [139 445];
+ allowedUDPPorts = [138];
+ };
+}
diff --git a/modules/searx/default.nix b/modules/searx/default.nix
new file mode 100644
index 0000000..8d18188
--- /dev/null
+++ b/modules/searx/default.nix
@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+ services.searx = {
+ enable = true;
+ package = pkgs.searxng;
+ settings = {
+ server.secret_key = "secret";
+ search.formats = ["html" "json"];
+ };
+ };
+}
diff --git a/modules/ssh-initrd/default.nix b/modules/ssh-initrd/default.nix
new file mode 100644
index 0000000..f1c4f9a
--- /dev/null
+++ b/modules/ssh-initrd/default.nix
@@ -0,0 +1,24 @@
+{config, ...}: {
+ # For unlocking the disk connect using ssh and type
+ # systemctl start initrd-nixos-activation
+ boot.initrd = {
+ network = {
+ enable = true;
+ ssh = {
+ enable = true;
+ ignoreEmptyHostKeys = true;
+ extraConfig = ''
+ HostKey /ssh_initrd_host_ed25519_key
+ '';
+ };
+ };
+ systemd = {
+ enable = true;
+ storePaths = ["${config.programs.ssh.package}/bin/ssh-keygen"];
+ services.sshd.preStart = ''
+ ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key
+ chmod 600 /ssh_initrd_host_ed25519_key
+ '';
+ };
+ };
+}
diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix
index 76e0048..fd5bba7 100644
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -5,11 +5,9 @@
fail2ban = {
enable = true;
maxretry = 10;
- ignoreIP = [
- "88.198.49.106"
- "10.100.0.1/24"
- ];
};
};
+
+ # This makes sense only because I'm the only user for these machines
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (with (import "${fleetFlake}/lib"); keys.users // keys.hosts);
}
diff --git a/modules/virt-manager/default.nix b/modules/virt-manager/default.nix
new file mode 100644
index 0000000..08097fe
--- /dev/null
+++ b/modules/virt-manager/default.nix
@@ -0,0 +1,6 @@
+{config, ...}: {
+ programs.virt-manager.enable = true;
+ virtualisation.libvirtd.enable = true;
+ users.users."${config.ccr.username}".extraGroups = ["libvirtd"];
+ virtualisation.libvirtd.qemu.swtpm.enable = true;
+}
diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix
index f8b2728..0a602d2 100644
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@@ -6,6 +6,7 @@
networking.firewall = {
allowedUDPPorts = [51820];
};
+ networking.firewall.trustedInterfaces = ["wg0"];
networking.wireguard.interfaces = {
wg0 = {
ips = ["${(import "${fleetFlake}/lib").ips."${config.networking.hostName}"}/32"];
diff --git a/modules/xdg/default.nix b/modules/xdg/default.nix
index a7988cf..5631915 100644
--- a/modules/xdg/default.nix
+++ b/modules/xdg/default.nix
@@ -3,14 +3,13 @@
portal = {
enable = true;
extraPortals = with pkgs; [
- xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
+ xdg-desktop-portal-hyprland
];
+ config.common.default = "*";
};
};
- services.pipewire.enable = true;
-
environment.sessionVariables = {
GTK_USE_PORTAL = "1";
};
diff --git a/packages/default.nix b/packages/default.nix
index 3d0e2c4..d551653 100644
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -18,14 +18,7 @@
type = lib.types.listOf overlayType;
default = with inputs; [
agenix.overlays.default
- comma.overlays.default
nur.overlay
- deadnix.overlays.default
- statix.overlays.default
- nil.overlays.default
- nixd.overlays.default
- alejandra.overlays.default
- colmena.overlays.default
(final: _: {
inherit (disko.packages.${final.system}) disko;
inherit (self.packages.${final.system}) deploy;
@@ -53,6 +46,8 @@
value = pkgs.callPackage "${self}/packages/${name}" {
pkgsStable = inputs.nixpkgsStable.legacyPackages.${system};
dream2nix = inputs.dream2nix;
+ projectRoot = self.outPath;
+ packagePath = "packages/${name}";
};
})
(lib.filterAttrs
diff --git a/packages/llm-workflow-engine/default.nix b/packages/llm-workflow-engine/default.nix
index cb0a724..73b916a 100644
--- a/packages/llm-workflow-engine/default.nix
+++ b/packages/llm-workflow-engine/default.nix
@@ -1,6 +1,8 @@
{
pkgs,
dream2nix,
+ projectRoot,
+ packagePath,
fetchFromGitHub,
...
}: let
@@ -24,9 +26,8 @@
version = "0.18.2";
paths = {
- projectRoot = ./.;
- projectRootFile = "flake.nix";
- package = ./.;
+ inherit projectRoot;
+ package = packagePath;
};
mkDerivation = {
diff --git a/packages/llm-workflow-engine/lock.json b/packages/llm-workflow-engine/lock.json
index ac667fa..de7b9b2 100644
--- a/packages/llm-workflow-engine/lock.json
+++ b/packages/llm-workflow-engine/lock.json
@@ -2,9 +2,9 @@
"fetchPipMetadata": {
"sources": {
"aiohttp": {
- "sha256": "df72ac063b97837a80d80dec8d54c241af059cc9bb42c4de68bd5b61ceb37caa",
+ "sha256": "5ed1c46fb119f1b59304b5ec89f834f07124cd23ae5b74288e364477641060ff",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/3e/f6/fcda07dd1e72260989f0b22dde999ecfe80daa744f23ca167083683399bc/aiohttp-3.8.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/4c/b8/5c5efbb1d3cb1da3612b8e309e8e31b602ee9c5cca8e41961db385fc9d00/aiohttp-3.8.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "3.8.5"
},
"aiosignal": {
@@ -62,9 +62,9 @@
"version": "2023.7.22"
},
"cffi": {
- "sha256": "e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614",
+ "sha256": "7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/c9/7c/43d81bdd5a915923c3bad5bb4bff401ea00ccc8e28433fb6083d2e3bf58e/cffi-1.16.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/9b/89/a31c81e36bbb793581d8bba4406a8aac4ba84b2559301c44eef81f4cf5df/cffi-1.16.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "1.16.0"
},
"chardet": {
@@ -74,9 +74,9 @@
"version": "5.2.0"
},
"charset-normalizer": {
- "sha256": "193cbc708ea3aca45e7221ae58f0fd63f933753a9bfb498a3b474878f12caaad",
+ "sha256": "246de67b99b6851627d945db38147d1b209a899311b1305dd84916f2b88526c6",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/a4/65/057bf29660aae6ade0816457f8db4e749e5c0bfa2366eb5f67db9912fa4c/charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/bc/85/ef25d4ba14c7653c3020a1c6e1a7413e6791ef36a0ac177efa605fc2c737/charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "3.2.0"
},
"colorclass": {
@@ -152,15 +152,15 @@
"version": "0.45.0"
},
"frozenlist": {
- "sha256": "6918d49b1f90821e93069682c06ffde41829c346c66b721e65a5c62b4bab0300",
+ "sha256": "261b9f5d17cac914531331ff1b1d452125bf5daa05faf73b71d935485b0c510b",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/1e/28/74b8b6451c89c070d34e753d8b65a1e4ce508a6808b18529f36e8c0e2184/frozenlist-1.4.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/e6/7e/74b176a5580e1a41da326d07cf47a0032923fb3eeec9afbd92bb5c6457df/frozenlist-1.4.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "1.4.0"
},
"greenlet": {
- "sha256": "d75209eed723105f9596807495d58d10b3470fa6732dd6756595e89925ce2470",
+ "sha256": "3a06ad5312349fec0ab944664b01d26f8d1f05009566339ac6f63f56589bc1a2",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/6e/11/a1f1af20b6a1a8069bc75012569d030acb89fd7ef70f888b6af2f85accc6/greenlet-2.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/86/8d/3a18311306830f6db5f5676a1cb8082c8943bfa6c928b40006e5358170fc/greenlet-2.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "2.0.2"
},
"idna": {
@@ -200,9 +200,9 @@
"version": "1.1.5"
},
"lxml": {
- "sha256": "cd47b4a0d41d2afa3e58e5bf1f62069255aa2fd6ff5ee41604418ca925911d76",
+ "sha256": "d73d8ecf8ecf10a3bd007f2192725a34bd62898e8da27eb9d32a58084f93962b",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/3c/d2/11533f0bc47ff4d828a20cfb702f3453fe714bd5b475fcdc8cec6e6b7dcf/lxml-4.9.3-cp310-cp310-manylinux_2_28_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/ed/62/ffc30348ae141f69f9f23b65ba769db7ca209856c9a9b3406279e0ea24de/lxml-4.9.3-cp311-cp311-manylinux_2_28_x86_64.whl",
"version": "4.9.3"
},
"mako": {
@@ -218,9 +218,9 @@
"version": "3.0.0"
},
"markupsafe": {
- "sha256": "65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52",
+ "sha256": "bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/12/b3/d9ed2c0971e1435b8a62354b18d3060b66c8cb1d368399ec0b9baa7c0ee5/MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/fe/21/2eff1de472ca6c99ec3993eab11308787b9879af9ca8bbceb4868cf4f2ca/MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "2.1.3"
},
"marshmallow": {
@@ -242,9 +242,9 @@
"version": "5.1.1"
},
"multidict": {
- "sha256": "36c63aaa167f6c6b04ef2c85704e93af16c11d20de1d133e39de6a0e84582a93",
+ "sha256": "11bdf3f5e1518b24530b8241529d2050014c884cf18b6fc69c0c2b30ca248710",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/56/b5/ac112889bfc68e6cf4eda1e4325789b166c51c6cd29d5633e28fb2c2f966/multidict-6.0.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/9d/5a/34bd606569178ad8a931ea4d59cda926b046cfa4c01b0191c2e04cfd44c2/multidict-6.0.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "6.0.4"
},
"mypy-extensions": {
@@ -260,15 +260,15 @@
"version": "0.3.0"
},
"numexpr": {
- "sha256": "cb2f473fdfd09d17db3038e34818d05b6bc561a36785aa927d6c0e06bccc9911",
+ "sha256": "11121b14ee3179bade92e823f25f1b94e18716d33845db5081973331188c3338",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/2d/03/de1341ec86bbdf1e4a7ad34d95af4762be8a3efab01d5f96922f1228da3e/numexpr-2.8.7-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/6a/3e/fa33d67bc4f5ee05f5bc2ce65fd1a796211f0b759cec3f60ded2763013b9/numexpr-2.8.7-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "2.8.7"
},
"numpy": {
- "sha256": "767254ad364991ccfc4d81b8152912e53e103ec192d1bb4ea6b1f5a7117040be",
+ "sha256": "e062aa24638bb5018b7841977c360d2f5917268d125c833a686b7cbabbec496c",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/9b/5a/f265a1ba3641d16b5480a217a6aed08cceef09cd173b568cd5351053472a/numpy-1.26.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/c4/36/161e2f8110f8c49e59f6107bd6da4257d30aff9f06373d0471811f73dcc5/numpy-1.26.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "1.26.0"
},
"olefile": {
@@ -314,9 +314,9 @@
"version": "20221105"
},
"pillow": {
- "sha256": "85ec677246533e27770b0de5cf0f9d6e4ec0c212a1f89dfc941b64b21226009d",
+ "sha256": "8d935f924bbab8f0a9a28404422da8af4904e36d5c33fc6f677e4c4485515625",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/25/6b/d3c35d207c9c0b6c2f855420f62e64ef43d348e8c797ad1c32b9f2106a19/Pillow-9.5.0-cp310-cp310-manylinux_2_28_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/3d/59/e6bd2c3715ace343d9739276ceed79657fe116923238d102cf731ab463dd/Pillow-9.5.0-cp311-cp311-manylinux_2_28_x86_64.whl",
"version": "9.5.0"
},
"prompt-toolkit": {
@@ -332,9 +332,9 @@
"version": "2.21"
},
"pydantic": {
- "sha256": "1740068fd8e2ef6eb27a20e5651df000978edce6da6803c2bef0bc74540f9548",
+ "sha256": "e31647d85a2013d926ce60b84f9dd5300d44535a9941fe825dc349ae1f760df9",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/e0/2f/d6f17f8385d718233bcae893d27525443d41201c938b68a4af3d591a33e4/pydantic-1.10.13-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/d2/16/2edfe3e52de9d46fee81d9b9ace90fd7a49a86e7a36d7fc280183f77515a/pydantic-1.10.13-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "1.10.13"
},
"pydantic-computed": {
@@ -374,9 +374,9 @@
"version": "0.6.22"
},
"pyyaml": {
- "sha256": "ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515",
+ "sha256": "d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/29/61/bf33c6c85c55bc45a29eee3195848ff2d518d84735eb0e2d8cb42e0d285e/PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/7b/5e/efd033ab7199a0b2044dab3b9f7a4f6670e6a52c089de572e928d2873b06/PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "6.0.1"
},
"red-black-tree-mod": {
@@ -386,9 +386,9 @@
"version": "1.20"
},
"regex": {
- "sha256": "551ad543fa19e94943c5b2cebc54c73353ffff08228ee5f3376bd27b3d5b9800",
+ "sha256": "14dc6f2d88192a67d708341f3085df6a4f5a0c7b03dec08d763ca2cd86e9f559",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/d1/df/460ca6171a8494fcf37af43f52f6fac23e38784bb4a26563f6fa01ef6faf/regex-2023.8.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/2c/8d/3a99825e156744b85b031c1ea966051b85422d13972ed7cd2cd440e0c6c4/regex-2023.8.8-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "2023.8.8"
},
"requests": {
@@ -440,9 +440,9 @@
"version": "3.10.0"
},
"sqlalchemy": {
- "sha256": "7ca38746eac23dd7c20bec9278d2058c7ad662b2f1576e4c3dbfcd7c00cc48fa",
+ "sha256": "44ac5c89b6896f4740e7091f4a0ff2e62881da80c239dd9408f84f75a293dae9",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/99/f4/5c7868896285b0d95b6b3f0310850c6cf50b965569417c2959d2bd6a115d/SQLAlchemy-2.0.21-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/54/c2/c51f040038859732f781f25907e01ee980987d24fa0747884e6073363a14/SQLAlchemy-2.0.21-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "2.0.21"
},
"tenacity": {
@@ -459,9 +459,9 @@
"version": "1.7.0"
},
"tiktoken": {
- "sha256": "e4c73d47bdc1a3f1f66ffa019af0386c48effdc6e8797e5e76875f6388ff72e9",
+ "sha256": "426e7def5f3f23645dada816be119fa61e587dfb4755de250e136b47a045c365",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/f4/2e/0adf6e264b996e263b1c57cad6560ffd5492a69beb9fd779ed0463d486bc/tiktoken-0.5.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/94/2f/0cc8fb3436d421d8fa2da370aca0283201f1b99e88a0f6e742bd8eef397d/tiktoken-0.5.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "0.5.1"
},
"tqdm": {
@@ -513,9 +513,9 @@
"version": "3.1.5"
},
"yarl": {
- "sha256": "891c0e3ec5ec881541f6c5113d8df0315ce5440e244a716b95f2525b7b9f3608",
+ "sha256": "159d81f22d7a43e6eabc36d7194cb53f2f15f498dbbfa8edc8a3239350f59fe7",
"type": "url",
- "url": "https://files.pythonhosted.org/packages/c9/d4/a5280faa1b8e9ad3a52ddc4c9aea94dd718f9c55f1e10cfb14580f5ebb45/yarl-1.9.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
+ "url": "https://files.pythonhosted.org/packages/ee/8d/55467943a172b97c1b5d9569433c1a70f86f1f9b0f1c6574285f8ad02fc2/yarl-1.9.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"version": "1.9.2"
}
},
@@ -600,7 +600,6 @@
],
"langchain": [
"aiohttp",
- "async-timeout",
"dataclasses-json",
"langsmith",
"numexpr",
@@ -748,5 +747,5 @@
}
}
},
- "invalidationHash": "b3b6f67a971aa3a6e3bd95ecfa314757128c8d889d0bdeecb79b6792531f1818"
+ "invalidationHash": "7af0c6dd72cba5fb9fa7e4fae080dbcda28fe3cbc3f5ac8115ba305ab4e81156"
}
\ No newline at end of file
diff --git a/secrets/autistici-password.age b/secrets/autistici-password.age
index 042b490..7a43f66 100644
--- a/secrets/autistici-password.age
+++ b/secrets/autistici-password.age
@@ -1,31 +1,32 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-aS9Ti/0v9SdXOtvJmfC+nqUpHnvKAmoqQBX4PfsYvdyVNyehILsvLtITFTZu8paw
-9gHWs31+i0cEKEZb7O+ei76qwT3o8fH+jFwVsytC9+f8f2Q+0y/K383w2f5AFLNL
-+xj9BtU3/p3A6aPjewMDChhx7WAfUS+zHStgSv3ne2lOS2oa6C7FqBCoWkyOLKQF
-fzNaNSGj5A0CpzO29e/ww5R26DZfm4Wpd5c9ZevQWdVK5QYW/Ro8t3kAmIp4VE4N
-7PnIfp5Ebl+WnxD8prfr53bqmhDLkjEF7QcShWQH3FtISDu9IliDRU1MiItRBUP1
-vKUG8CEiDACzoCXQVph8R0jSe8NEoKhYBEBj8T66s/Mi+vFTYEfMZUC6qbr4Xrhm
-y5z0C8BgZDejzdsRmSaNr4MgXj/zajmyhCIKg/gbbuovnuM+qFmuKNEoa6unUnvE
-Q7zhn5bUeeM8nUMGWb692+NoM3hJmoAY25yYXhb/YuNaJKSwdPJan9Ua/Qvk+rGD
-mXVPYGG8bYf0vssI6lQ8fWS3b/cvbIDUZ3NWW/NY8H4ng2joBHx9z59iu9zyvV57
-/K9dtyvWo1Ya77NcypiZlBL5MSTCKeBKhRJPieBkYaWxm1sq9g04O/EQS1UOsyAQ
-kPKllVtTiWqSLOciw4AfqvjIOZxp/ZhqS6M+d+Aa0tQ
+Gh0leGCwMkwOqTla53XrKRsIQ4pRabbqpK69bqKy6V0WVxDwSqc5hFchE23+rbWw
+2MZ6PMWntA+G8PwZ0d3Ypv0+neLhq9s9EowzLGPV8QkVjoWUumhKT0PkQXE2Ibr+
+hA2B1n9w+0LU8FWOP9IWNEcV1RJoq3g6a8wC8+7mCdQHUGxmMSTMrn/NBpafgZ8O
+TUHVE+JZxHH5ubuQWR4txcEKTo5O/vA8aNwM7XYBZTb1zUkiZkeU8oy7AGNkqQy/
+jwGwAZSGaZ1qZwMNHHa3efytYQq8/y9xHR+WhhPBmsGQGZvR80rvyjEWVTngpAoL
+KjTgVK6DC1et4cZTK3qL9YBnb2p/iKSYw92Gy/byqQMzjZvsLpCZnxRN5dMHLJCQ
+eeaH9iKYTXWm9eexKj81/K6f+3BK8h545oeS/9SZSzBLPE+8Ax+6WpR70DQKxoMf
+7NEfAMLQmYSbpB8hLJdnx0EnmjrzaKIuU3UDG93gaTj02haEe1uftJr4cklYiD4T
+6Ed/c1n0lgsMw6+0HDKY3e/1jgAy81JZY7tc/O95VZXwI7LATqLzmCq4/EpSakll
+w941XiQn0UQVu4+QdrFFiucZYzGCrXns7hdQa8j3+UnJPnDrRn0ywdqhboQguJ0m
+NamG0DmKbVNlKFHTMtCAzoJA8XiXVtsFCD0DA6mCg2A
-> ssh-rsa QHr3/A
-AjIIyAKoy5b2Qs4c5T+sP85pWk5trHHEOYXTehLv2seBspny7o0f/Q3oJPRfCx3J
-BFhDmWE3iXknprSEiaOu6bmUB5XtkmQcs/JMPh5wDgMe/Xu6uLvpelVuxdaI/K1O
-yqU1DKY9EBUWUTscUofzoGg7nO7yPvOYkzDei578bMo3tDTkwiPkFDuSgWkKjlsq
-R+JDG8nhbGb/70FH6YFYAqAb+JcKkI5qpPvC9Uzgtv7F0AS3+DPhxRA5eOx920HI
-zEaGdSMxbcJCzN+/1K1Q4olQu6HQAC0tEWgZqbqNEnLHp/bUTSoF1IFWDSREn/iE
-7xp6+ObmWh+XRFof/AW3H/YCvkd8La0d51Coo2rgKHd8Py//rJgcAYpd1b1ZXfXe
-2FBG6VVO/Ysjksz1/cNpjuYXvldSGejszPCuJ67KMEIgkvSX2cdPUu+98HGRAQCN
-Awj9ahybqFUuBySAkqGYD93yovWWS8yTIKJ80qCWMeEYANEc9mOWso8ANOgR2T+A
-76rltP+jU3Eh1dlmT+/VAJUixhBK2r9OPmI1eQru1z+Ccr5OzX4ButQZatfEISC8
-cPYX5pkWkAchU75k1deOZj/3ErMRkZZCEDKHGez1q5PaOsTgqnnesIRRp71FVxza
-wG/cKo/FOJtv/wr6jDMUiWMYf4D3pfEfTMzIaoq5ABQ
--> ssh-ed25519 GVMLQg 2r++M77tFpBoc+CBj1tMhFcxj6jkIlEkE+zTd1uUs0c
-9uoJGBOWr6mH0brInDOkfQenNf43ELaIl5HcmicV2L4
--> |Mk0]-grease ]^Tr
-I6N2f7msrKzeNxvWZw4MLWpoWJY06HVxgN8nYqr7k+mLoeBf
---- 4wowM7vo2hhlH0YW6rH2gMstxiWSD93M5lUPK7pNoYo
-��S�x�@�-F(��y�?�)����-���Կچ�>��R���2�.
\ No newline at end of file
+UzI15HwKuQw+mDMnchKybYlb2yddnSXJ9BuRmocuNaD9TTi3DukWNT63QlPVsemO
+bMXd+lKYDrncGm5JiVsfCcPQTVmKPOlBZWeQqqV/aGozgEo8DpxCgMJqjIjsQhNY
+PF08BCoLEpaK2NQdDscXRhKvMB9hU7cdKkA2fVIGJ1K3h53EvehIcp8bdM4YqjVy
+6vXAKEOwTe8fidZDJ8AeQeQii94tCKeeS9L7SfNfukiLC9dH4bHNVH5nTQL02NY5
+6GKUcp1LHbFZCjYPQJ8m067625TPKkPaLEqMTmsyS1py4oX3gW1g77/e7ceiACTj
+G9NS/MZLc5IJB5q54A8AvqBWkZLqK5K3Vfwmclwa1CkzkvJCx4JVuX2HR3WjyNgS
+biT5mRu8wFzdmPGl2KwKU9vJuwPJIqFGEL8c/C/pk3scnfj25Lgotes+CvEjeblD
+rT+O3v9U5YZ1tM8i2z1h+d5Bouq1UVm4x5A6h2llUgSE5KNoPr0txaiwUCZj19Xb
+2VUJL2HuJvwyB44yS9d+QQiap+9Zhb5gV6uxbf7m+EJcVDS8/K2tv4hi0Y8ghWyF
+f7H9RVF7EGoyE8NjdR45fTzraf0CUvsD3TNNS+xWugf9WlZN2wSv+iIJ2CbwTZKh
+uDiCJr4JyCBEVpC9NZpZEpCcF5AZw+4DCtOhBkFWGfM
+-> ssh-ed25519 GVMLQg 4rHsfVEOaan8wjl1CLoh/T7snu+p4j/AQpHmBauRp18
+KFMhuAJ22muuCPtDIkFjpnTggbB/ehS8oc151ITA4M8
+-> ~,4kT(-grease a_> sE
+JisIrZsTiXCFTG89naOuCiWA4NWW6cxEQunfhdL5wwgXCg0F1G74pnTdTF1kRjun
+5ODv+6l4bx0
+--- i7QnCQWxCbq0WAHP3v98FdtGCPJF+FS9vZzEKtQxOqw
+��'%���+#���-�Q�X�H��@jQ3]'�� �B��ӂ��-f�
\ No newline at end of file
diff --git a/secrets/aws-credentials.age b/secrets/aws-credentials.age
index 132c762..ec64fe7 100644
Binary files a/secrets/aws-credentials.age and b/secrets/aws-credentials.age differ
diff --git a/secrets/cache-private-key.age b/secrets/cache-private-key.age
index 7e36b7d..815c94d 100644
--- a/secrets/cache-private-key.age
+++ b/secrets/cache-private-key.age
@@ -1,33 +1,34 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-TmvWn7orYJaNAyKdQuewLNrtebcKvnUp8gcC3T1fcuwEc21I3D1pq4S8la7vk6qs
-HogakEgRVu3zbcHA/97JRZZrehm8WQ/DjI4NduUl0VkCcnp4QsESVaKCBKiAxOwa
-bZ1UhNJroKGYh8358HS2ijgxvvaKzV2snxUrsnb/jrr3DO1oNg6WOmXRG/MceqMk
-+3/0jg5rTL2vCkrrKEgAxmDvYuMyK7PKDVx8Acjkk2JgOEwoXOzINzlu+TRvhDJb
-ZJTW5u6EYZjPDQVRF8lqox99wnkaw+PnlcjunJH4GnheC/K4+ueEy9W/gYt+pm/+
-ytWycU8zJOgee6Ru3cHuDHQzqmdnGhNJsn4OVQ0+Mqix82eTVR2NqrU5H7bw6e17
-V9FnDF8oKU8Kd/CyIuYGv+PVDOA8Xxl3whrS7N1kMtqnn9tGieinbA4Afpha5tPv
-OB+7S+ExsO1K1h3dJjmQSlD2ikWtdBUnXaivnNAhEKFj+Nsr+9X+XF+qX48TziUJ
-0QlYwUxs4+nDjDIbIBhXKIQf4LekOtfI+pTYZORnDk7apH040m8KsOrdN8VcvWQ3
-k/JcrqYxYKfL9CmMx0oHuAWg+qknJzpvGk1X5u6MPuq/qERZC9IvUuNLz5uy7Vvw
-S7/HYnqlz/iJuHdho9MJFh3VN/VcDvD4UYeWfvqdhjc
+FM5clIWm/SZVtZWaPjSHWhqcK5ReSA9kP82WzYKNmyGBAW06ZzYYO4iju/4HVaAw
+q28y+mOJY6JPkhClNGvIfRFITPSTULvxEkZOhlPmQ5wOpahvpKtBepQU5KVzGzuV
+qjuFSiLDZ5i3FC5NXlnXeD4C1pA1L9ccKF3L0xqEfzER1S5wGzIpY86EfeYuPwZe
+kMYkKcXrnh0TjLrwXH/VA2Py7sDd45tVf2rMMYv1lCJCpGNMzp+OhTcySeT1SbOZ
+fL8DphIu6nYr28gnEoXQOYklcukVL8Py1yFRpDle6K0/c72DMp8gtfLy7p2ENQBl
+Dxm56/ZJnFqvWWu4rkre3jlZ1H78QwKvduNKkjRPiT3zWM/KMtT3JObnPwsLj2lu
+sj4KdoGwSaR8YPw4qS7dtf0i0ztUpt7EaXF//21qG1t5fI9sTLqChvhST6hWeaWl
+vdr0lGS+3zYM78DjIchXzy3kOWZHbANiuOulConGp7BIGKJhGS8yJD6Z7naVGGfY
+2GiphUohgDEesatuE3/QMELsZmuTztYaR8NQxuue6R+hEiea0eCwYN8jHI3v43NM
+PgImhq0Yp97Sak3/0yG8ezSdcCJ9AKt+ScCwkDBDIg5fFSoMPj/eZLNPvGK2tWUm
+FYmCwXUG8pb02qDzg26JlDJPu4B4Jkfe2GXCYJrewko
-> ssh-rsa QHr3/A
-cdoTXvV5UCBkt/ht5CaxOweUZFllPZMrweMBEXlfgtavgJB2NhHsoQe6FTf/O1hX
-HyYTKpE3EA9SfjEZIyaahGrmi5j1sz+KWD8zVkEADoULM0Y3k57M3yz9mWA9YLSR
-H9hte3vseqQ9/uJwS+RlNRoimzoqeeXa+Sf8firSagwdFnaZwRk+qMQXJyeTIWIJ
-reYRHia3BI85E1YA/Znq9IYZ8r/4J6yN1JtfcbCkPsesoOf0+l8ilG4hGuvQHuhd
-4IminfF4QNVKii0ePoKltdlUTT/HciGKzZbUFC8iC/azW6mXcYtotsGvCpHJnkpK
-XBLq06s0c6FKd4/zgyvK4Eshq4se410PMUFq5awj2j64J1mU2BL8Aj4iWcddo0G0
-9gppn8zQmgvwVAAhpD8LNDz1DpVpmZvGNoYRGqI0SMxOBsRSWlQQvZG5TwOJm15v
-+CBdyVe6yJC42m5lhNgwhCnHNYXle9QE9gadB6ardNTG2kMrC2LfYL7jYnMI6HZy
-Pf6hgCiMtuqHCDRGEsa1bnSRYu7D5edFeolx2NA+6UQ9abUY0YA21lJzduLXJwAs
-EOZ5H8O0ZtD194h6Kd41I/xtpuvSGzkK2LYnYe1BYD/yWBD3q4xRuYn2yVQlxYj+
-/875uVa0SCifU57Z+IHHArKwbJj9thpSVz7cwkW6JeY
--> ssh-ed25519 q+UPnA tN88kSc8LRqVpXAkIzp3KWbSS0T1wTUco+D25wwUHDo
-t81EY5m7h37mqYrl0H+llakO/On8iqAFPxAkeJ2JrOk
--> so-grease [)&pY^ .MX8"~n0 ED(Z6W
-AIL61IYE4FXiv0IRWeFpLyHcGtL2Do8aAq2nmXvWxhzsXR7/bdTiHiV4VduU/hrn
-+Z6KT69seMi6tMpIKy50r/4mZ7+FGb1NrGNFZX4832ZU
---- oRil5Z4drCQPYqMHhnV8lF/PiJMiIKnUgsejqgII58I
-%,��V����Y!�g
*��Ɗa��S�����y=�d�3d k&�����g�v�UZJ'�J��&S��q?Ni��f*ܷ���bA�)
-��'D�H=n��BC1ppMr<K���'�>
�{���7g-:s� �W�q3�����+��j�.�e��-V��|
\ No newline at end of file
+mqZ0oOXQI4+lX4TfjmQl6k/ng41X+Cs3wFcE+SrhHlr/OKpSCPwKVUt4CTC6vEXy
+xPHQfw6zKi3Z5O1MHd1Y/+i4PfyyXBiDbdLuJtg0mT2ulwj6g5fIsOgONk6KbGYt
+3Y4Db0KcenfGrH+Yxpi8KMSO33smpoSI3ywqhWfBXaetF2rkNWHupf56hsEKxj7n
+DZF4AbyLIm0WrFQaBLtLZPt9rk92cY242YNyXHGayBOiPvp9Y0TIrogcaDY6KmUO
+bEXjKDF6yduj3HJ/B/QVj4u+xpy3aWqP/pN5brC43XlnG7pUzWxAY9EuciIDfIsH
++VEAg2Y4bIxa+5qimNslhNP5R8de0DuHEda4WEr97jGklnvj3j3Ff/4s/SEn6IXA
+GuAABYXlsxhFM86kcQNtGh6oCFzoDF03u2sSrI2S5ntg275QhbL9btyBQiJIVbiH
+etG+efEtumuhRw60ygirA8wUaLssLLfGhUocq0Lax6/SlCRVtDm0rip9FQIeesT0
+ZGoHqvdEizbAviG5qp1A5bh1cCr0VzPWNP4MSpb+Fs4k9bZttPJb32NsbD9uREab
+5mEXMmEX9QpBxhBJbNFaxfLPSQ8jNP8/siBsuvxwvy5BGwhDEsR86CUzP3WFOFXu
+KnfzBn1DbwNhrpCqiiI6ROP2Co2vmIWe0l9D718mHRI
+-> ssh-ed25519 q+UPnA v1/eUkeuoMdt4UKbWYVJkH3A7XIgLaj9uZ/hQhljQW8
+RfKYL2+ixPSRwmAA1dbTBLyIHJJqy4UwHYDjB9uyTiU
+-> -Q4-grease
+/Ikxwi4xyEJd6OUW70MDxwtmRBGaccx+yfgizKRkyHvJ7xG7JbNgDLUah2lEUYTu
+equZ6jpqbqnQqoDbr1CvrTVhKXVfBWONE6B4
+--- ejgbOviO+63Je17DM7LrFpoerdoNAkDZKI3UxsczYic
+��O2�v���R��:�^(��9K�6�����J�l�͙����u�G؟� ������d�����>%{�t�+��G�c�8�������ॲ
+e�r�W�~F�gn���}��y�2?~
+R-�pz��oY��U5�~�D��8}�v��fX�8L
\ No newline at end of file
diff --git a/secrets/cachix-personal-token.age b/secrets/cachix-personal-token.age
index 91b3b37..f6d0e83 100644
Binary files a/secrets/cachix-personal-token.age and b/secrets/cachix-personal-token.age differ
diff --git a/secrets/chatgpt-token.age b/secrets/chatgpt-token.age
index 7fe0d8c..3158bf1 100644
Binary files a/secrets/chatgpt-token.age and b/secrets/chatgpt-token.age differ
diff --git a/secrets/cloudflare-dyndns-api-token.age b/secrets/cloudflare-dyndns-api-token.age
new file mode 100644
index 0000000..01507d6
Binary files /dev/null and b/secrets/cloudflare-dyndns-api-token.age differ
diff --git a/secrets/default.nix b/secrets/default.nix
index caa4e58..bd58f39 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -3,20 +3,21 @@ let
in
with keys.hosts;
with keys.users; {
- "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad rock5b pbp];
+ "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad rock5b pbp picard];
"magit-forge-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad];
- "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad];
+ "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad picard];
"hydra-admin-password.age".publicKeys = [ccr-ssh ccr-gpg mothership];
"hydra-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership];
"cache-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership];
"autistici-password.age".publicKeys = [ccr-ssh ccr-gpg thinkpad];
- "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b];
- "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b];
+ "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
+ "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
"minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership];
"aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b];
"nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg rock5b];
"home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg rock5b];
- "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg thinkpad mothership];
+ "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg thinkpad mothership picard];
+ "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg rock5b];
# WireGuard
"thinkpad-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg thinkpad];
diff --git a/secrets/git-workspace-tokens.age b/secrets/git-workspace-tokens.age
index 2dca570..bf2e744 100644
Binary files a/secrets/git-workspace-tokens.age and b/secrets/git-workspace-tokens.age differ
diff --git a/secrets/hercules-ci-binary-caches.age b/secrets/hercules-ci-binary-caches.age
index 15c666f..f9d6186 100644
--- a/secrets/hercules-ci-binary-caches.age
+++ b/secrets/hercules-ci-binary-caches.age
@@ -1,35 +1,37 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-V2hZsL5V2EUNURZUsV6sz5pe7424sQD1hPrx+afkHtdln0DuDNyAWil3vD+WzT/b
-pjBPiL+j+NAIUr78MLTXjUL/lBzGaW0r4+6sisnPPLkxJDl0jyMQC2JkPRlw4qi8
-pjSskAIy0ijMYHFSJte8nIv7aHUoFbWPO+4MTXPtU9VL2Ezkvs93OcHxTER20Qyf
-t2WheCoADIdAow7PFWzP4wmDGG3+WTksvAAee6xPQRjw/5k2iZejFkdi99aLlGlZ
-clhoEHhGJ8ZqEj5DAQTZBicexaEcz1Qx2om8CfEwoaR2iZmhnGV2PqZ3Burskp/X
-LWJID1eRG5SaSKDg0AtqdQv1GUYixQq6wt7AAftj3X7YLFocHWq5uQfttV0sM1Wk
-7l1A2WFd+p7LBzQqqTqYfAqCgP8TFVmNds+99ElTSSZaajX/qnIQ+KjobCM+Rzxu
-Jl7XXr5lb3hKEcyVpao1Q5CusXhAPxn5EipHF9jN9wPJjpMqw0252MqOaOaevwmA
-tuEZ3aNYKsT0TWVqx/mBe8VgzNXWeCl/j5c+62bhfOpcoamj2yHAyxx3Iyph0nnj
-w+2MASWpV6YaK+V+zyZYAOn4N7JuHPv0ty3p6PbQ8TeGvD0HjoZBHrk/n7Od1a7o
-mBWqcELxIF2A5eEmB6suk4znzy/kiJNsVpU4X4KAsr4
+pIudzcWvMeCDGMBOvmL+eBGVp+SXyKzXRI0AUHbq+5Vk4IIVF3mllHSUhh3D1BbA
+iT3omkCmDGw1iToLHA2nrJEHa52uYttQamsgg2PZAc5pB/Sw39Pl5FUG1OHj1q5d
+TW4dmQdwdeV0Mt9d17G3aQRYpa85M+2OH+7xPTruqj3A/LL/DKZWfk2acSEK9hxa
+kB/JR9z0Df8z7hsU34dtWnm9MycytpFdRxixPD1G9bsIgEMeGLbk+hQ4e5SQGpon
+R7sAMK0k1EC7owT7r7AA/namKyMJGM4mELjPnPdChFrcxqc6gVLzfJhIPZAXFdAZ
+a5fEY2cmVhmTVQ3XOLUiPFKvwJ8jk4+RsWnNRLrGK725D36187HjfiyoHc7lO8tL
+3EklUmNtPsjolWpxXPkIGChQ8HY5ndexcsmCivffDJXJrD07BNENHdzqXPhIaMbi
+YEum85pLmxmODIhd4go8MA8jJG7SCiBreNLxYZazzWz+dWISCqYqthusSXbhYqEQ
+8DNNJ6B9gYlIv0wmSXgG+sJxR5rJoZhCrtoFNVaegrD2BYRPuL5sVrqSDR3MFDig
+hqPt4/+SasSh0GSNxaOl13ZUOAUuR+YuEpScfGfksB/+5CRJL5zC69xwaPvPza7Y
+3GX6NoLmKnDX43oRiNWHH/AX/seOuOVCStWnjpWNAQg
-> ssh-rsa QHr3/A
-XU7aK44KXhlKNmAwqGJMniwcnmbhG37/MmKkyqO4waD8fsYjlkaYIpE4tZknyBsQ
-kgEWuKDJP6mspMh/6GrT9RnCJ1jb3j7TKA+tDJ6h9Z9adiJZwJqZV2ERww2PuCA1
-kyR9zS6qEQz2xesvKVO+w+wu5+ING/N/K/bvzzFHcLJTy1ro5DRF+wcu7U5uKIkU
-p10fq/cY8BTJ8AxMjuBeKw5XDhq9kxufmkK27TpwF72xZxhnO8VWT01Jn285pbPt
-9SO8Mt1sbWAhloN5C6psi5GWQjBO+K3+HA4LaO0trPwXpfBcG3GQ0Xn2yPxuPKKa
-RcjxBQCBwMaHSK+xwmDZjoJzyBVg7xi2e7QapVMFy9hWM/lgGKiHAo8Kzfww7qY4
-GTE2oZogSkwxq7T4i5YCOjK0YX3MDguqHWfE70Rs7OQ7Nh8CXhGkYj9mbKFCMkoT
-mIsg+4eMt/Th3WCugHrPslPv+NidJaVqAzXdQ/+M62JrbGw7jZdH3MroEsHJ/Hdb
-+dBKSOgYPQ0Q4FmPtOvToReU9SVdUJS47/fFVTsbK67pEUBiyf8kPUTHJvBCCEBC
-qeDV9t6+5rHVXX34edYz3aFoSPDBGAudvaTCLEt46uT4Bq0qc7211KCRiIew1HbA
-HlsI/Q6SGZQir3LNJDFB786UusOcLjrHPMZMifglhSc
--> ssh-ed25519 q+UPnA P7HFhjs8rzPoeHGmprpuKXqv14bf5s6PHiyF5n8UiR8
-BTchCbQJcBpH62D1ZpDIKFrDHp+RYQpWUPjfWu8SRJE
--> ssh-ed25519 OgJHCw vQYQeTrvXLlbxWuzPlrhzMAipw5kBvHoohG9sy/g1iQ
-TY2ooJ8+LvBTsNsfcHvx6NG/hQx4F/pHGDAJLjLRRJg
--> h^1tYt-grease yB=&. x|
-GOaqRdZIdtwHtpl4MmuNgj2oOXVW4U5mi6wdPxxcshLOOzFxmBoHj7sDsWW/nVWv
-02x5
---- K8sQGrxU/xSSsQ7psXtaZK6XmwIaOLG/kEj+jri27XU
-�g-�(�J��Me3?ݼ����
-�W�#�a+��s�����
\ No newline at end of file
+b/M47E06dpdPaPZy7UtnVeP3g6MJyZfD3vDcfHi+i0FahZS7dioKJV5FTyyMVZFE
+B38UPY8a2E70XIlXBJIJIhHRJNCNAipsXtTBiTyy0zD0kMFxC840MfDEvTd7o+KH
+FtuJvwGmu3jCKN48DksNSkPscrqIwK9s3JB1xIBmeujR8mIB2nDPgzDJj6a8ytkb
+pMTD8KzryzQ+KOWk0VFDUnnsNEtQZlG3tRyT80qs6an+W4Y2c95BZxy2vhwleRSA
+eulNOXQWYoUNE5m4Ys2oZ62WOJMT/2bGCaPDVQVrDHICN5595GZzenXtrr0YBXGm
+dqu4JQIKL/BNT/Rb/MQcb2vkegJojbYtS6SFERqkQP9tlzdEFARrYtxOgLQfN95t
+EG97j8hNWpjj+pR3CRN/lRcTUgFn4hS2BgM+pd22Zu+Gd0tZoaYjDDXXALcaJdOS
+X6cOqZKBsl7v6HAFcS6md6Vaf8yilWMAHJH4sNSTF2aw1EDxPNKK/ok64m6qx6j4
+dXhfYdVrzvDlv0Y6TNtITL9nEZ+ic4AHczlcjhJOIaH8r0rEhj9PvSHAM+vN5Ugn
+NW6AywsFlK6rAGmDBhEIroG7WB3VLSRSMy4kVl/G9xaOoZu0Duwt7FYU+v/OO0nD
+D+AQyjJ3ruA7BXtYhRuB/jWUyEzlGBY34wlsUmu0dZo
+-> ssh-ed25519 q+UPnA l/ncevAF4GZQtBf8X8djN7QqDogFs4UjvAKXgRtUrSA
+ThTG2uLnuinFWc0ASNTY9JifZLi6FwUq3iv7CvYqwT0
+-> ssh-ed25519 OgJHCw brwV1nNAOY/0FVruei9pyOteQI6VrU9sgWw+CFgLNDY
+yRRVbBGo/a/H7lJ73ZrWXuN4cvorrBA5go7hrKWEWCM
+-> ssh-ed25519 /WmILg 8TKQoc9aaA99BLdq/ejYh9aSOZ3t7schbCgQ7tQRh3Q
+ILEIUSHAPRE6vt/psFPfrunRC9UrotWrZ/RIBGk/Tzg
+-> W-grease 9/2L _j
+XnecaYinknI47Hwwlw3iyPdULdIliiB9s8PP5kbDrJFMY/A/KHElYIe/tWkV0o2Z
+HrQV+l53L+6tZ6GEs3wt6bFUM39mx+nj9lqHiM63MxKyNGDm2pZYmw
+--- mQ1yc2y65CJo0siCJwqqer2wkhYDVK1tbhiNfA/SNsw
+6����S2���x�������d���<PU����Y
+'k$�
\ No newline at end of file
diff --git a/secrets/hercules-ci-join-token.age b/secrets/hercules-ci-join-token.age
index a7faaf8..05b4054 100644
Binary files a/secrets/hercules-ci-join-token.age and b/secrets/hercules-ci-join-token.age differ
diff --git a/secrets/home-planimetry.age b/secrets/home-planimetry.age
index 4f3a4f2..cec6946 100644
Binary files a/secrets/home-planimetry.age and b/secrets/home-planimetry.age differ
diff --git a/secrets/hydra-admin-password.age b/secrets/hydra-admin-password.age
index 2900976..0eea6b4 100644
--- a/secrets/hydra-admin-password.age
+++ b/secrets/hydra-admin-password.age
@@ -1,32 +1,31 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-FHdI55lBKPWpfa1nazpLNP2X15IQ6DxUCHHNZqjpmpUdZyV4nO+KYcaiUsrksHWm
-cFnlJQ6z7TGI81SR89eah+BmhfhkPJSLkgNMp62bMs+o4oLpYigYStRBpOjNj/EX
-J0e4Hq3YBirYyQam431/6KifuFkvxKQSeZGYMoPUqbDvNdIw/98M/QOVHfdWLzU9
-F8lF8hr6JbXdB7NvTTA+dMfm9rT1RDUuVJNbNMlPAfwftP1uuQ5356JMrZ4LfwO5
-tU5rGEXM90d6pG2O64iFZD5TwcAs9BQd3JFgZUsnpBVS678Jrd1TNYTYKtlCbSpc
-N7W7TXLlHLwrlyVhQ1jy56v3p2u1LTUxMqUZFgF0Ygi/MtoqiC3Y6N8wDB+unPDy
-nfUIifEJXOM4wcUpzZxHhruibd8MwUK+gALZSLivJvxBCJ7C2lzijCvvYh6s0R09
-7gNFRlma97Km1Xx40Gjdnjr8LfZy8Ti5gd7nVMbwb9R3OQO35GfwejHdXycyuoZZ
-xHik+7ttivbF+sjlLQ3mxGKI0efAfooLdOkO4xTCZILKLMD8E4tfI2qRA2kpOf0B
-4jhMmMo4dwfyfHkcQlS+hyyljXr1JHuZEA4wTfXDD48RVeIiytaAUkRBsWYKGH1V
-FUCoD4iUKB1ERLUoe9GOoxtNxlLNyN9nIh3maBcSut8
+L1cSJCAuifjtAo8Zl314goNZN4gVXpJNcMschToZ+82lRCufU9vKAgLja3Nct9aW
+khKy6QRVBl01ZUf3RVaN0d14ePIAwc/8pTbDlpAj37mMJhv2zqjCKqFT17SZCgJM
+kksVMq0T4RNOhEcap7hLCghGdHggNBTHppqkVfoFClEBCwzaPdKiSLEUYowUMbrD
++67m1voF6UzWIpBmn+PM8Hb+L04ln5tNpSFyxaC3lmBY6p/kIYSSToeJ9hTZxIS2
+QwXun2THO/CGw6dgcRvgH9YZaEl4QG2kGF6cYsGW88d+lJJwFvuUiOMntYBu8F2x
+EaCxxNh7yJaFbXpjEZRCILPhThIJPawNLe/ZYqbh0bAMUQbyaujHcasOED79JS6A
+vVFtp2RdF7kpxp8/rSFr309tklVnmLGCdk3K645vn62oJmNmi/RAdzC8tfjubOSW
+d1BsWpazRzJAoTff8ys5ZUXdONx5wzh9gomS5zvadYlHmm88PPL1QSFNWynbHOw0
+vIR9mRMUlj34cDr15UzIBsPDGBWRw1pLWHra6ReQ3M4nTIQpyuG5ql6XasSAt4wb
+YArO3ZoHXT1DchNyriAfr6S3jBzebBEr1hQM26aW0zfFUSwP9jRMvfMnhYir3pfS
+Ny0wp4v2QwlHOddEaKdhk47XpLSKB2ttJt4CMtUUysw
-> ssh-rsa QHr3/A
-ndR4+Jg8KOTNQHbYTEgRQVDyPQnG31SKePhRcPONCbQGbge9Qb4DWxCxrOxW+mmR
-axAZAn1xOCJPKj+O9ugVh0Wcph+ejBPX185JUdT98/gB84khZuxxIbPj70Ui+BjA
-GchWkcZaffpmEytdO/sf012JhgwEZvcFKYyLmLIXPV6DMNNDYZu+lHuqCTHX4nIn
-9ZeqE6Jzct/12dzP/Ki7Qk/scTr4yMlg+2NU0sXvcx/pC0//ww7TNdNbeElZU+26
-177cr8DFoKh2Amrcj6Uc55LkIkRkKubSI7rP1VQe4NiJv6HrVSrUbRUz0+XRg4g/
-oaCravQ/M1KEsNJLwiy3dH8/IRiy+91yTJpy/RdHHYp49N3SYjRIK+0MAn/v2DDY
-wpNqR1kqNDxTIus7olNWaJ8yV07rlBSZpqoyDlM3E7mV011jQUqHDKJCH8tQ+rfs
-gZve3R7RUPn0YXa83F3YRdm8bg6xHvHPKlO1URD5P1ZQHPWCPxOQ0KrH5ZzlgpNJ
-wlTyHSXfqfw4c/yeHOFPfpg3HZdg52Tzyint6XqfRQD6AXbqA8L5TJBFNGpelf+6
-P+TKpVVOuOUVzo4pZxu5KoVyHhFbvl4B+DFI/hXGELYQC4ONi5coi0h7DcCk2UtU
-PNZV2gGtOpPrGOIeEaDC6OAuUkxYae1J04yU5Hj2pOU
--> ssh-ed25519 q+UPnA BdC5QON4rq3PlOFtkBAfKNojgEf2BCG/dBhSbrTZdTQ
-GmQuSUjdP43NAAMte58tLaP+WHq6qiJg/72AQU4u0rE
--> c&-grease _L<OD{|. 9h?^t f;~
-42PCNtDbN8/nXBqcFnC2rsWq1RZs69YfIAADmlOLnA/8udHwoVaaBIaxvSy4DM9v
-At+NO79T9nFcmFceo3O4hHQ
---- bgUK8r4meLjZbso6SgsYKLBM7OXBTH3id00+6mX4ui8
-?��e�\j��~�۾��/}
6/��f����6Q��m�J�e\���
\ No newline at end of file
+mdnSOUzP0BZ4/Yl0DuSGQxOqVtDnBXFiazrHVYIE5gTVeLGTQ/6pAA6c1w81lhwV
+f0Fc1VudcZuvPDWuKsLzopaqHVkhc869RTWVJd3cNM+09r3XMQXP35Ci9OWG2xqL
+1xDFp4sHnKGAJDl7W2Q18XbOSfl17iphldrYA7w2UHBDtSjrcUNt5FY9GPfyTnh/
+Lxyz/C/XKw4oagmCSPCCieJPiBM0xF/VnFEo01bCzJM5xK8WIzeUTUlWsvm7RtSM
+iwzu4fd82ki3oZcxIAnPPwq8IaDF2wVDMUve9KRTwVwj8ei//iQnuQ24xsHfYHVl
+zKBS0rUTA3WvPjEGYwDRjILBk9IaGmZ2Id1K0KcaYTqlHI26mpzITJjhhq4vKqdY
+lIlGEbeZAqh3/LKRyJKyUAagqTcnlzInVPR+VElWWjgR1V/krqw8yUl+vG70Pxdg
+AXZCbiAkxZfJ0UIuHb/2ribZjSMryNHotMRlNVaWRPg5QOaGeZlN7jIORdJE3TK2
+GXyiV5d8Ij/MzjZeKRV90G39SY2JRX4yoVcwPRNbwjjXqP8KDsGjh8TbTP68Dtm6
+ybiO7rh1MTnAd7zRG3vavky/E0vvJmUdQVU4sKzJC2Kd/BcLM0XwJA3KgQi7v5aL
+VnP2cyrYYJiJtH2A2oZg0pMLj07pzWjOEeiK+atiusE
+-> ssh-ed25519 q+UPnA 94Gwdb3vLJXqJPgZwbgWqOfi14MvNzI1Lcenmn8T2Gw
+qinCcI4Vf0AasldKYBdwSdXIrB3aqUCTcSVesq146C8
+-> '=Y5L-grease nA6!27L *c4}=l<? %v
+gE4V2aTts4Aeq09UKHuw
+--- OGoNu2O4zMtlp1b1+KeaVFHTlJCEcC6bUBdAj3GF8yc
+"�������
��133â>B!��E_/�D�RK�-���]���n�
\ No newline at end of file
diff --git a/secrets/hydra-github-token.age b/secrets/hydra-github-token.age
index efd9080..d741a82 100644
Binary files a/secrets/hydra-github-token.age and b/secrets/hydra-github-token.age differ
diff --git a/secrets/magit-forge-github-token.age b/secrets/magit-forge-github-token.age
index d938074..7fbdc27 100644
--- a/secrets/magit-forge-github-token.age
+++ b/secrets/magit-forge-github-token.age
@@ -1,34 +1,33 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-hDnwQqzQ+uptsDWja/YWKNt4qiSbrDL9ouiEnpKSYQB5Urw+DUd4al1O62gD+bJi
-7Ubl29uTthuhvHJ8RGkL29ShbWFM44FZnV5YgLEmoa9flTTcmqyiv0wEY7R9vFdQ
-QlNusq6zw+ddxtYJvZMNFkbidkjt9sZ0zlX1ynPS6grV2wBnMtvHpb3Tkyn18MJW
-YAFJUaD9wFU7eNWH2o9XKyE1iudtkvVg98jXOFt/m2PAAml8LmBPb9T29DR16zNt
-yyT9Ak5DVb3YyfkXwVAk6AcUQKqTmxwNApciyLvt7zmIVJOHuOwD5lfpTpyWNTMz
-pY1rrWm8yBL58tnoher+i3Jsb2eNXEW24+HP2VzJpY1UQ6/C173BvUU842P5erMZ
-jpy+ix9BWlDU7W7to8xPpaZ8cvqpBGpZhvqZdssIr6BGdHCQQaucEpRlrYPPiDyU
-MyGSbZDN2cU7qAa/Si2N/yzPVQIaOwgEoLCXdHnLCL29kDoZZEdq7ymskPwY7kGf
-Yz28fp2Oe803itZHGXsmDIFefIXTUlyfU7EE3plC5idmLMOvM68aRcRL6UXXd34W
-FZw+iYfETOzcyIt8VFIkYNA3BcyPCSATE6xrbV1/nMF4LvNhu4wqCrQgDjZbU8Hu
-JfLzpqobEwSMh3u3Xyut04x7hKqe1KuHDtPTa2PWgdo
+cj/Iky8CB32qj1+9i6iMD9a0hEJZa6SdMAlFNYOqV2DQs3LvPCzhTQeBisLCB+Ux
+3E006kmWlk/s5QhsMZXCtUHHeaLOX/7jOGe7wSUqp57rbcf1wcfsmUNXdL25JVbH
++zIDQA0o0f8MxoZF0Gy3ddYMKXQDGQB+Y28eRe6b863ppq7tkfAIh9NUyrivP/h7
+slGWk+lHsXwN8P5tB5Z1rX1wcWhAO/cMmnN8R3723TE8ZVu4/9XCSAbkSm7UGN3l
+CRXcWimX03O6Pal4TPFt1EenZiWGO7ZbYn0743Y9T29GRcAgg12PfRRpPDzbathX
+zLSxoV6XYV/s/j4nkyk+YiL9lpfdZPKN1V77fipCrqMN4SLucKAix8QNdD9BwaUP
+dx1HapdMRHM5lj9EyWYPa+dSH1wbHTEPsRJuP5mVwDoLvEbeuh8dwWdGdpWiDN1x
+0elInu1AL5lzIYf9sUVA7soriv2aSVgSpmVJcwCf6OoX5clm+lwovw/Mbtb5LoOV
+RD54p3NfB96ffL3+9sVG5o7gcTdoO3yEmlzfSuuVq1Ha8yXyViLYsN9uo8Ra4ZGP
+WyNSLO9cqWIpqvf/D0wZyunosK/ffRlMggDYNgVU7TZt43iXkbnzobjQHieCY7TP
+to/oiOhJxYD8PGy4ErdxYqVX4NjO9YLIunBbcUcf69o
-> ssh-rsa QHr3/A
-dls4yMUJb4pPrPYrQvtW4LbLEVdbuSNZ2E+N58nSfIgepVq8MfX5MX+ehcIULwnQ
-uwY15/wH5I2jBCSaJwK5HJdq4lnVpTbvggsH5fvYopcKKFZE2xHo4uGabqAjen8I
-pKd3eKlASbKiyjyJAKLlmeqm2diY3FR8nnbU+/en1ZkLE0v5aX0sVh4weH3K7i1a
-D73p9wB69FwzhLZ5yenBd0TeXne8kCR23kXz+kdAbzdzoB0/uzafn5+lwkFyS5L2
-o+zO1sKml2BtpjbrEXQmekhmtk39C510bO9Ra7Blah7NlrDUNxIX5DgJHKCDO/OZ
-9IPoUU5MrFbAiZmo/W6RB8+USNV72KCidEZmuwzpGJhZIqpJqAeqam3MQ8aZsX7D
-wxPUh0lXUuQ/mRZWj39YQf+jhs1prKqUNTlWsMcEGp9LoUu9oIPUgfpp8jWoTnX2
-ObX3G2UQlqqCAea36gG8XqI/fKzxF3463xyrgR6LOwdZvJEIHxJF7jYFz7GxI3OX
-DQ8eqLvEv+AICLujlfgkpKa8XOQTdyWAdUNYBVsJe0ktKKud22/ZIdIF5By0Goll
-zs91Z2KfFOb4AcPiclxEYBvDMDtpS7FPlWTZ369UI6pZ/21/XQlWZnqTzY7fw7mx
-Ja0lB5rg423xcDPJ6EwGDR//nGQaAPseTHDlZOI9Yrg
--> ssh-ed25519 q+UPnA 65lL377SASnqr9+zRJStGaT9pR3KBXsfd5JqBFDYXEE
-1k2wrNfKuyN5ftCZK43ryAEMZ7w7r4O4HX/oePySEHs
--> ssh-ed25519 GVMLQg dEQCA/OH1bdlxy291HF/9fssVfbhpB16SNhGbHo1hBQ
-OZRec4iya52T4Mgrf/ohjG21+GqEqV6TjrbqhLi0sVM
--> 4S5C5-grease
-ifXfPk9kYuYEwTnwymgBYPrk290Ybh83sDp/uRYwYY1zEkFrPMsrXsYB0Y5X2v1J
-dzwsfcAkIJdkf9+zL0aq5FHh
---- t3eNoQ23LPk/vfksvAl3mzWvheBBEUf6JajlySyVZ1Y
-A��2X��z����x�.P�*�R��gzT\^�Q~*�(�G�_�� ���Na��)�l�����d7B�p�t:����d�
\ No newline at end of file
+PmxkiaGbBIhxCg6ZweCCoZzGln813FFNVDn87ayNDu783perZF+J/Q+jXq/fJ/mi
+HhFxnaN1hsywh39ch5sMV2FN9g4EjsUnCy1/04yq0ioGAh76D20f6/bq/68DDZS+
+KtJrMsm3a3JJ2dzdcvnTNCOHLaHzGinb1WsFMnv5rmcmGomQi4nsJ338x9Ad3WbY
+KoeDMBhCgZCQilGLSNxtSfGU57L6ZVyRv91B06uKcPSLd/P7WnUeEBxBWiDtC03q
+RxDgXIed+MlfYQkSs0AZ/7eNWC5olAe5UJoItbOmdzzyKCvmvuFOyzMpO7a56aLf
+zpAMggvxXFhiGalvpC7ANQp3R3kI3iyFoNCt7Ee9zIagl1ip8ydR1sA+wyyJb5oW
+f+tVd0v1614VDg2lVCL0FqMtp4/R80lWK0PMfpLlOXjLeoS3uZ2/Ux4nRxt1Ine9
+4Gyz6s/7j6EeU1xFXkN4RF4YPwaV1G0qxAeE53bWuCXnTs3Ei4IXgHWqm9pCre/W
+Y7TDkepumvzJUGMTwYyoN7Tss6lDhojcEZqbna0M7NcC3uTqjy6a9rMWmtKWCV2w
+Fpc0DzHA/gn40CrKGW7PKMPCkT9nGHmpCMxCO8L4UAbd3EZKwnGbkupeEUD4Ovps
+gOsEG7ZFK2tBYWkb5hKHAHsShp852MET+uloCJO38kI
+-> ssh-ed25519 q+UPnA zlWIiF2CJCTMAI6i3JAiDZcIXYoXFCD4b6tOmutD8w0
+jcWTGOHZqQYS40AHc52HHvOtRGRTM+fAJ1e7KczM+3s
+-> ssh-ed25519 GVMLQg oSGbFsJIvpXFhNGOE8vJ82HafTIFm+3FKUqbqyBDMEU
+0J86gnb2g094MM6DPP6LbxnsW5yyKuIS8q1euB5iFJo
+-> E%*-grease q)+8FfM
+zM8yh+Aepwaehxiw78d+p0IAnbi+CPOjJCzbgKwCs9jP2cls1+4B
+--- BFu9OhpbWLGTX9QNTetLEpQcaJkgXa9OCrLIUNuURHg
+���ӬƇ���_�E�"��2��aR�4m��j�kXxAF�U:�`������)#�o��ߊy��$����{���p�>��n�
\ No newline at end of file
diff --git a/secrets/minio-credentials.age b/secrets/minio-credentials.age
index 4d1d6e3..d6a8dec 100644
--- a/secrets/minio-credentials.age
+++ b/secrets/minio-credentials.age
@@ -1,31 +1,31 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-oqBMmNmDeWMJrfn2OpLmKGEPtwTq7G//cBtz1SwLYZ5ziJnjnRv4MsKSdkzmKqXI
-4/FYxOJVx4dTa1nrZVcPlGhxDwqpU4ujW7GI5d0ppdrEkY1c+pdfY9zACp3qlu7Z
-4ZoUMVnTt2Kd16GusjvN4V3+sbIGRmsLAxMxg2T9cF4cLOPoGyuAEdkdckPGnvy6
-7nqNqFdcclbTuokc7euq3rw0ra88Pvv9Xk/jvj1BR8A1JEU3/lTSbBINt5A601km
-pvDUh4Ak83sFJ0U2B3C3hMWgP6hQ9YCfEjEVKi5nrm5q0q3vZ1wamvMLd93qqPIx
-1MGeAmvfrL0QjhF33/tcuZk1cOjQToKmKh8v+0EGVcZ883QImJMWBk+42nQW+dCh
-hcAhZWIu5gbEGybnvUhyMgym+qMzp80Lgpc6v+1Ylrkyjp0qwzOyOGxKTZxN1xf+
-PVawONSr+eL2UFD9bYB0jhdnNYKghaUIHLOc13yTKeM72OIwab5z0hIyKuqNL2ru
-yCYj22XJCs6pgSmCYDcVrnn1qpWhQl9t7emnAckPauqkVtTw70/owx3WP1Ut1SaO
-58x/ZSj73aDa5TNmBMNbpGm48WDn6xTI6sAi1fpQDgzIEFvmmJMf09vYoZbZiNf9
-u7ZPndNA36PIDgjMsVaIQW3lcKq1etEwDVAlIqofUjc
+akRJLZBpnYKOJS89dkx6Mk9IdkmaVmqzOMNWfBCubl7okR7H4RfQG3k7CSaSqmCK
+5FRCqiRbZoCBjVIFERFfDjJ8YvPqhRC6rH+50838J7n4A7VsHpFfmazRQWGw4J6h
+IbN7a1ae1yOnm5wBM67ulUyzuDAD4Sc8XNRAaEjrmKEjfVJl1uJA1u3lRBNO61eG
+4EKd4BgvkeTNZQsurdeqkdhZf2XuKxJhAgzQPev03uDQmKCv/JiBFztgTJt5IFsd
+4XcBhUyf8Cxd5R7OnCkzJPikWrWEc+G8Tpqr4WTA2M5QIShOYYA+rtdmw9lHakJG
+ANbH1s6ojk5uXhG/l7J7gD0RNscCxJZplOFUZmoIbBr43HHT82FLN/wHlOW9Xbla
+TjaQb5shwG7LlX31uKpe98je/jekXUzhnBPH62y/2clx4WbduT1q5QIQqdqXzTbE
+5ZfsAKsywPY0gHFROUXR3IUDudVBpuPiYzlwIyhoatNwkSgXBd/xT50hQJ8ZJFvy
+Rfg9olUC1S3cqj3HjGxael1fheGKJ5Mma6nshKLkOqskMrihnoUY6s6z8pKmxKU0
+1TszvrVUu310mcUKnZD9rHWzUkvSLSP4BO100Yo0vkyByMYUZebW8u7A+1pY0V6u
+9JYI8X0uEWbdnt2VyDTKULu1wfhJWiNzkn328vUfyWY
-> ssh-rsa QHr3/A
-t2d2CHMfa/Q6NMd8vvT+s8+O3zEhWjLPW0K0tnOUv+E8SK4TU2S0Jyj+uYSVDtED
-UR41J8bYuLAJ2Yrm/rj7hFZNUY4Sa4B1raZtHAF+G7wkIQNNoDH2IjZegzphIper
-/zoqpHDw/5mIJ9h2roZAfUyVtY1mVeGzDWJZ30/8+AlQkHaT9NlcYLA507LowDaV
-qZOG9HVtJEVaeBgJE0RdJ9NgtmdMXMJi4XAeKY2IXKcyEXdznmGaMqaqymNDm3Bg
-v6D5fCN2CQiCahhHTj2jFL0iHfojsY1O4U+rpfHRVSsRG1gfbdUCMJ26yz5g4k1y
-DUlcTl45P29d4EWzpqHCGyjQQeWRrL+Nizz6HnxutH86zKgs+V7+ehrqNL0+H+63
-VYg3NOgTxvyvNd8lWf2yH2kuIY1G5wc1k0ZTWJ8HgAhlScU/qVQSjd+43TwGXu9R
-tTsOfFoBkGT60F8XJe/LJe5UQ1eaJMF0B4ZDFWMYG90TrsGCvYYqTKCDCa5NWIeO
-JXze0PNFIviAR3eWFTkKtNn+MeNGNaF+SkupDkfAiXbWXvHoOw6x+ieAFyOgYFrb
-APV0OOL8S5rBvgeemmr2OsxXoJShbZTFIEdkfJQSCwGkmKTuupI6JfEf0bjSsk8d
-EmsYABmV1kk9ihrxE3Du+f1NS24/wFlCPy+ihsji5Ao
--> ssh-ed25519 q+UPnA wWMw2+bnm7/W3N4fAzk9uOky+5eNO1vd+6FcfCMdEg0
-cXGMteYw2Z8ZHCger/MgkC9Y1fShkftAx64Tt+wf3Kk
--> b<h1w8h*-grease B?2
-+VfNymUiwE6KSEVipg44lBSLPQtFu1Pe+uV+x4UMGmEx
---- JYZ8HuDQpdU0u0T4zXYFR/1uKom1bkRAlEoFyniHLtM
-��=����G�B�V�if�}q�loU;��#�m��X<6��h�_�9G���9�R'�̰����xa�2�㊥�FN���H��ac�֝�L�z�4�C
\ No newline at end of file
+Id8/pMuEM3XYK3K/EjFNm/uoOMegVk8Jszq2vkBJkGcBP+RazAu09KOvAN05dogu
+6NyhcpS+mdFQpLVypg9oRo1wPfi57+xdxVx5Fe5wiz3HZJKgNgnwmr6Kw5c7L33Y
+7SWcALwPa136naVRjIXdSZeLy5V2V3KAegGfQ+o2AZ43wAkKOYZcSxr8C6lmDbxV
+7Ar3U4f2A8/e4v/DOT2Is02e5aEjShshLLXHDSBYUWk32IosMHhcTR+mOiNHVmwD
+B5JYVKX4o4MBwZB1NO2ttXo7masF8WDyKNitMRd3UmqAhD6MyR/6vZLSXpX445Nl
+pBVYZC3kJa0XjUTeXFAXYi1wOSVeiLMv49sgY8Rj4QiyAF5MmD2Okqo9NiB/n5QT
+i2NlVmmH5hEdgc2kMfwSul2pfx/RJ7pDjyZKcgcKPS0UfJPsNcUZ2knmNaKDS5N2
+jCNcLPtYI7S1hPaWyBzcug+WmJ1Sa9t2XFSZ6XUioXhlupb+dN9D07nUZSMXhYNh
+zrxwfQhTreIo1JIVfhT4TtobQO3egOpqwRLqYQ89mx9w4fF5log9KBG6dUbp/F11
+wkZwF+m+ETeWIE7NJNIXllkCT3KwDWRtXHEd/xuGnXMfXkbj3icLfWA3tLvmn8IH
+0+gFnJUWQsR1w2JGDYuM2FoJIrkWx1uUPgx8uIrt420
+-> ssh-ed25519 q+UPnA LpPQyr5i+emmN3Y14C0my6COJSFYxfwLJ/sVN3WtVV8
+UY8DH5UXXAMTl6oqAo29Y9ByCzmWhaOOIgaAgeKUSIQ
+-> /|$)Y3-grease fjTe K[M4l87/ jwCK%DK: fQb*`.Y
+MtqTRCytB3fFDuj4iSvoDeB5DVc8
+--- jZ9P7IQqQ+Co2y7+ngM2OnWRLBOSZlTsWc0XCLkM93s
+����P^W���:7E��P���gj[�p�ȿ�v�U���.��]��X��5`�����|�'q�Vt�J$�5��H�^zn�P�Xϰ�$�6�W�b�
\ No newline at end of file
diff --git a/secrets/mothership-wireguard-private-key.age b/secrets/mothership-wireguard-private-key.age
index 5b93c6b..b50fe9f 100644
Binary files a/secrets/mothership-wireguard-private-key.age and b/secrets/mothership-wireguard-private-key.age differ
diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age
index 01240f5..91dfe9b 100644
--- a/secrets/nextcloud-admin-pass.age
+++ b/secrets/nextcloud-admin-pass.age
@@ -1,31 +1,32 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
-oydkeCda2TCzArA5zfB1J29tsofcd9x180RkMUzYC8hvH52JiIgI6230AdUA39sT
-FNTGQCOHl8Y05TfHmSWGXtw3UwCP/kPpR6M2zdH2pjVHTJzRfepPQg095rWdYP0G
-NINxappjAOyVMMjwt7urI2phNq9SLBTc3bbBdE816ccvchUg1VXc0E4WkZaRNyjp
-1oeVn/gR8yUEbxHRs3EiXsJ00YYe3X7BwYf263eudpup0tHb6dSWJSRNFFxntJbA
-JvNX6gZPe3WnRtudktE98lvw2exnKm8u9geeJ825QAESQA8HZ309kAS5NYvhZdSS
-vX/RR13b0511blAic53GyUeEWUUB3fA8Qdo3GIc+omTZ5qSplKAsjjBfyAmD2RuY
-ov/vivyc/CoEQtjFtDmvLWI19NFDO72AzAxUrPmmblI0lM2022muG8BQoy35BQTa
-zyqmgBrKfASw/e0detceNPeEcgWJvQr0sSNakFVwoqEUk4W9YYz3NS3iyhDQyGVw
-kNw/0UytDYokhk3RnE+Z+xFzMQUJCS1K4NAO8cMrMwM4NmTUlNxPbGdHUJD4tvpC
-mcjEUncrl7pJBJ+7AZ+64tC3GNQM72wp9vPENzw+seArgIR8yL6m9nFVWSfPYfqz
-+TxF0Gr1x/nOET4jdlbUAbip5flwWaJYigcJbAaIrxA
+aJuyARF6DxtmBwrVRygnBESG3lowiWgxt4Fuk2EjngnQGEfPF/VwIzg8Cht6Q2CP
+BUnofodxysQ7gfe1Sw89ta5DBrLwFwIZz5LUPekdem4YMJ2wf4FRzJyQiKW6Vd8n
+o7GO/eOxo8PJhJ3qVKTw7ZgE10phhQmeEsFFFv61blR5KRPEsmFQidMKZ7ip0EMM
+cY0P04epT0EsbEfaqnkHro3i/VDFCwM8Htk+GejoUNOG+Q0Qq1LlDxDrXrBU8pTc
+2gODuVIiHDMOI1zYHA8rEGCa3kiGejqpIUiPkAAiy9fDGdX7fFLQa44TzGsc+Voy
+X2Vd2IbR4j5p/3cYmN/ouSr1DmWzb+lVR/OQrSsActiYjRFcHXMoveUVEOY3MOKz
+qCZRljzMxPXB/n9zv+cXS2R7FwZv453/uvT/vwuIofGEHEjse6aTZwkfly652qg7
+jd2Xr5y1KRZxXfCfN7XRdcsOyBBWiWbZzn8vI4UGEN77BMAmEu+WkDh2VjMRyvmU
+aGKm3DrzlpUdfTUXizGTEGBHzRXD7ebLVfXHBEZeu8ATwyMfUtkDKB3hFdjCcmuH
+Wy7RbtHqfoPBFDdZPQFXxZsBfyH+8M5ZhNBTX9ZbCNVeAOvTnZEO8+67oAMuJdrF
+nppcIsQl2rM43JwiIVeacq4+G6MvFQp59f7VeDnDzLQ
-> ssh-rsa QHr3/A
-TeumQg/mKgPxyGp3J9QnV4yQQxdkf/scau3bmOJafGJElT58uQnYDIZafwcO14Ix
-vvVPvnkTH+yXJdysm6oNfBzr6cV9e/I5FDBwFl7Q+z1GkZ2f11CgszdLpDVOBTux
-tc158KJdSKANSGgJ8pikP4gnLadYxewmVfVC5zCx2xuSY7SNUZ3STixbZuF/eRJ5
-rfYQilYGsH3empx7PQ2rbS4LQiKFu9w2H0FHmtOhzaVMf6bmmnB6IZ2SOEhqUvdc
-y2HTja9rxmAllnCkbWijPJT/xfuD02txbkAgl8Tg9VmiwuUKV/QxQMvsadZGcdQw
-eEJ7MrcD9CO8EXc+SSnImtvWS9m4v+QEPcNBl3Rs01Yhu4LrLoXlgE/ZCNsWMZAx
-3b3qPn69mLjGfUqn3lmUDiRNfVV6uD/K8SRUUOK7q7x5cTCygs1XWS2xUCkGV91U
-2F9dHHNQRQ7FB9QzuVADRCTeX5Qj54GQbVddsduJFH6moYiTo3TpNkWlg9Z2FPoa
-oRSgsJ5as25oRp7MZyrbPJIiIXZ/yVXI5MzKmxkVNlwQtQYnc618F4v3n9P24DdR
-uRNKnYmVgSbexgoXjuhE9ZpGpU9BCZm9UUP323XanWCWGQRbZpPxGvZ+lZgtTtqd
-YikOEj69pw78fP4gOCrIO6pPsvsfgiAfA7ce5LjLNVg
--> ssh-ed25519 OgJHCw AasGFP6CTch//oLhqphGiR+13XRzDI9BsNp5F2mUCwc
-pu6jS6b+vwhuwlOdMmykX6F+vt0lHr8GG3gZwR86VrQ
--> 4-grease Z}-t\"i "1{0; %4XUV{ yuP}3'
-H6qmbf6GvJiy6JNC6zMTzZI+9t8DktDsGKo
---- +Gz7VBCIWqSGLtGcRd4LUzE18v5eFapd4wJtIWDqtqk
-����g5��1��y��~����l�(Էȟ��$�ʐ��a<�/91
\ No newline at end of file
+MObBANiTnRF8tImMqgHPxLBubBOJ7w5109T2aU5etYM79CKuIFrTYhHTOZbaTuMp
+r42OkhEohJlWTPY4/122SQDdYfUjHUmCQe8QJRKJEPjWVHxFOHxA0F/WxM3p4560
+2zWZ/BHNm78of1kvQ+KF7TJF/TYHS3qkljWqhVLEZLMG3D9qX7yQ75yNarevEcyx
+FsR8IBIxxKpyl0ZCy/elzmV28CYVBliCqfNdXQ4MZiU3AA6uMJ3YjvJ7SUAqXB2Y
+ZtZYGpBDtMElbTSCFZ669zfqX/1Uz9uMLgvAdFS36bO6oOYnk9U3MK7tmnUdXKlU
+ZzbfWGkAjRRJ+DmICgo1GTbXoQAKmfjaKIeLZbxS3YS8rIhWkbraeJG6nFGj2LL4
+bwR6iOiwH9tdchy3lJGC3T7ARCEnddh6THTBpJP/3RDroY+9EvV56/O+dbnEtxa1
+4EyotXitgkuE/iDSIiLpYGEVIC3ENWqjYBdaob3KbZDUp31VJkKprwpBxJz/NWCy
+EMYU3pR3rBAFWZstQigKY6pPoQjBO8IYS1eoAsBNS7KsPBbD7PhMA8OZmjsL63R8
+5ONMUBai05Jda2jLAF5bww6GT7IjHq46zxkermjcr+uP2EaZVhRMIYnisxoolzbZ
+LCUY/EUmM5Qkdd9dJYg47UUQDHRd/okSUqAuGjoZCvw
+-> ssh-ed25519 OgJHCw lFJ/N1ngRnQoRik7R/cgYu9TLAw1dsCL7DZWlVVRGw0
+TsxsqnBliw9DcQKuzhz7dnsSSg3uaFgNYxntzdKJMto
+-> qRf-grease
+jJ10w3tHtFHX5MNZUPKdULgUx8hBr5Piiw3ZSHJg1C3Ghrjsq+1O2CRFt6yfiCJO
+YexR7ZU9
+--- V6P2RwkyRhs+kIs+5RvfgvqcTbmTpqP0jB6KmVvXE7c
+)�R�ڇ,�Oև��*�����u��䠂��K+QE}��Ը�+�!
\ No newline at end of file
diff --git a/secrets/pbp-wireguard-private-key.age b/secrets/pbp-wireguard-private-key.age
index e97dc0a..ddee393 100644
Binary files a/secrets/pbp-wireguard-private-key.age and b/secrets/pbp-wireguard-private-key.age differ
diff --git a/secrets/rock5b-wireguard-private-key.age b/secrets/rock5b-wireguard-private-key.age
index f8813a9..85db7d1 100644
Binary files a/secrets/rock5b-wireguard-private-key.age and b/secrets/rock5b-wireguard-private-key.age differ
diff --git a/secrets/thinkpad-wireguard-private-key.age b/secrets/thinkpad-wireguard-private-key.age
index 7d5f83f..73b5e96 100644
Binary files a/secrets/thinkpad-wireguard-private-key.age and b/secrets/thinkpad-wireguard-private-key.age differ
diff --git a/shell/default.nix b/shell/default.nix
index a439fb8..1744da6 100644
--- a/shell/default.nix
+++ b/shell/default.nix
@@ -15,6 +15,7 @@
disko
deploy
colmena
+ nixos-anywhere
];
shellHook = ''
export RULES="$(git rev-parse --show-toplevel)/secrets/default.nix";