flake.lock: Update

Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/a894f2811e1ee8d10c50560551e50d6ab3c392ba' (2025-05-26) → 'github:nix-community/disko/58d6e5a83fff9982d57e0a0a994d4e5c0af441e4' (2025-06-02) • Updated input 'dream2nix': 'github:nix-community/dream2nix/6fd6d9188f32efd1e1656b3c3e63a67f9df7b636' (2025-05-19) → 'github:nix-community/dream2nix/e92dacdc57acaa6b2ae79592c1a62c2340931410' (2025-06-02) • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/0fba546d9aa235fc726fe9c8c3bb703e918c14c4' (2025-05-27) → 'github:nix-community/emacs-overlay/78278b770d2c83657657da569544cf20eccee0ef' (2025-06-03) • Updated input 'emacs-overlay/nixpkgs': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) → 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31) • Updated input 'emacs-overlay/nixpkgs-stable': 'github:NixOS/nixpkgs/f09dede81861f3a83f7f06641ead34f02f37597f' (2025-05-23) → 'github:NixOS/nixpkgs/78d9f40fd6941a1543ffc3ed358e19c69961d3c1' (2025-06-01) • Updated input 'flakeParts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) → 'github:hercules-ci/flake-parts/49f0870db23e8c1ca0b5259734a02cd9e1e371a1' (2025-06-01) • Updated input 'flakeParts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30) → 'github:nix-community/nixpkgs.lib/656a64127e9d791a334452c6b6606d17539476e2' (2025-06-01) • Updated input 'homeManager': 'github:nix-community/home-manager/f5b12be834874f7661db4ced969a621ab2d57971' (2025-05-28) → 'github:nix-community/home-manager/cb809ec1ff15cf3237c6592af9bbc7e4d983e98c' (2025-06-03) • Updated input 'lix': 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=fda93021ca8bf43de1e43c223b439b41c3990e4c' (2025-05-27) → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=019b17f4e93c098f99a9bc691be1f1c4df026c7d' (2025-06-02) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/11f2d9ea49c3e964315215d6baa73a8d42672f06' (2025-05-22) → 'github:NixOS/nixos-hardware/fc7c4714125cfaa19b048e8aaf86b9c53e04d853' (2025-06-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) → 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31)
Fix typo
2025-06-03 09:42:50 +00:00 · 2025-05-29 15:45:05 +02:00 · 2025-05-29 15:34:51 +02:00 · 2025-05-29 15:33:16 +02:00 · 2025-05-29 10:42:13 +02:00 · 2025-05-28 20:33:11 +02:00
17 changed files with 170 additions and 179 deletions
--- a/checks/default.nix
+++ b/checks/default.nix
@ -11,7 +11,7 @@
  ];
  perSystem =
-    { config, ... }:
+    { config, pkgs, ... }:
    {
      treefmt.config = {
        projectRootFile = ".git/config";
@ -42,6 +42,18 @@
          package = config.treefmt.build.wrapper;
        };
      };
      packages.push-to-cache =
        let
          allChecks = with self.checks; x86_64-linux // aarch64-linux;
          checks = builtins.removeAttrs allChecks [ "push-to-cache" ];
        in
        pkgs.writeShellScriptBin "push-to-cache.sh" ''
          attic push $1 --stdin --jobs 64 << EOF
          ${lib.concatStringsSep "\n" (
            builtins.map (builtins.unsafeDiscardStringContext) (builtins.attrValues checks)
          )}
          EOF
        '';
    };
  flake.checks =
@ -49,7 +61,7 @@
      build = _: nc: nc.config.system.build.toplevel;
    in
    {
-      x86_64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) picard pike kirk; };
+      x86_64-linux = (lib.mapAttrs build { inherit (self.nixosConfigurations) picard pike kirk; });
      aarch64-linux = lib.mapAttrs build {
        inherit (self.nixosConfigurations) sisko; # pbp;
      };
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1745630506,
+        "lastModified": 1747575206,
-        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
+        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
+        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
        "type": "github"
      },
      "original": {
@ -26,11 +26,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1746175539,
+        "lastModified": 1748080874,
-        "narHash": "sha256-/wjcn1CDQqOhwOoYKS8Xp0KejrdXSJZQMF1CbbrVtMw=",
+        "narHash": "sha256-sUebEzAkrY8Aq5G0GHFyRddmRNGP/a2iTtV7ISNvi/c=",
        "owner": "catppuccin",
        "repo": "nix",
-        "rev": "a5db9e41a4dccfa5ffe38e6f1841a5f9ad5c5c04",
+        "rev": "0ba11b12be81f0849a89ed17ab635164ea8f0112",
        "type": "github"
      },
      "original": {
@ -41,11 +41,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1741481578,
+        "lastModified": 1746291859,
-        "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
+        "narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
+        "rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5",
        "type": "github"
      },
      "original": {
@ -83,11 +83,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745812220,
+        "lastModified": 1748832438,
-        "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
+        "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
+        "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4",
        "type": "github"
      },
      "original": {
@ -103,11 +103,11 @@
        "pyproject-nix": "pyproject-nix"
      },
      "locked": {
-        "lastModified": 1735160684,
+        "lastModified": 1748838242,
-        "narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=",
+        "narHash": "sha256-wORL3vLIJdBF8hz73yuD7DVsrbOvFgtH96hQIetXhfg=",
        "owner": "nix-community",
        "repo": "dream2nix",
-        "rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4",
+        "rev": "e92dacdc57acaa6b2ae79592c1a62c2340931410",
        "type": "github"
      },
      "original": {
@ -122,11 +122,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1746240489,
+        "lastModified": 1748941793,
-        "narHash": "sha256-DWMG7jkpxrEGzTZZerDqaxT8X983tibFGfNeoWtX1yU=",
+        "narHash": "sha256-HncwK05hos0Z5SSjVF5CtZjwMTn56xjWq08fRIdKBms=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "66bb2d7a4df96d0c1e63648850b7aed1b2e8d683",
+        "rev": "78278b770d2c83657657da569544cf20eccee0ef",
        "type": "github"
      },
      "original": {
@ -191,11 +191,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741352980,
+        "lastModified": 1743550720,
-        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
        "type": "github"
      },
      "original": {
@ -245,11 +245,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1748821116,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
        "type": "github"
      },
      "original": {
@ -282,11 +282,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1747372754,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
        "type": "github"
      },
      "original": {
@ -387,11 +387,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746243165,
+        "lastModified": 1748925027,
-        "narHash": "sha256-DQycVmlyLQNLjLJ/FzpokVmbxGQ8HjQQ4zN4nyq2vII=",
+        "narHash": "sha256-BJ0qRIdvt5aeqm3zg/5if7b5rruG05zrSX3UpLqjDRk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c0962eeeabfb8127713f859ec8a5f0e86dead0f2",
+        "rev": "cb809ec1ff15cf3237c6592af9bbc7e4d983e98c",
        "type": "github"
      },
      "original": {
@ -448,11 +448,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1745271491,
+        "lastModified": 1747056319,
-        "narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=",
+        "narHash": "sha256-qSKcBaISBozadtPq6BomnD+wIYTZIkiua3UuHLaD52c=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba",
+        "rev": "2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85",
        "type": "github"
      },
      "original": {
@ -464,11 +464,11 @@
    "lix": {
      "flake": false,
      "locked": {
-        "lastModified": 1746186329,
+        "lastModified": 1748893954,
-        "narHash": "sha256-MLz0MjeVCaqvIvf5szUwNwYEiXC/lKWL0I2VS+6V/e0=",
+        "narHash": "sha256-Vj1GHarIzlJI3We5KnYcAQlSjn++fx7/lKRaiIVz3tg=",
        "ref": "refs/heads/main",
-        "rev": "4e84fd9a0061a04627ec6962c0ed08c2ad0b8a7f",
+        "rev": "019b17f4e93c098f99a9bc691be1f1c4df026c7d",
-        "revCount": 17824,
+        "revCount": 17982,
        "type": "git",
        "url": "https://git@git.lix.systems/lix-project/lix"
      },
@ -489,11 +489,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742945498,
+        "lastModified": 1747667424,
-        "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=",
+        "narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=",
        "ref": "refs/heads/main",
-        "rev": "fa69ae26cc32dda178117b46487c2165c0e08316",
+        "rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700",
-        "revCount": 138,
+        "revCount": 144,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/nixos-module"
      },
@ -505,11 +505,11 @@
    "mobile-nixos": {
      "flake": false,
      "locked": {
-        "lastModified": 1743812405,
+        "lastModified": 1748200777,
-        "narHash": "sha256-BedQ9Z3+nqtp9BRjHjJNPUeLIMVbTsP3Udbz0b1cUn0=",
+        "narHash": "sha256-ELbQ7Apk0QzfhO8WjQIqEBuN2bEnGQHNxeiOSx/mU38=",
        "owner": "NixOS",
        "repo": "mobile-nixos",
-        "rev": "6679fd7a8dd4ccf4aa538b82216723861cfe61a2",
+        "rev": "6e249e58b5d8166738ebcfd401f05f7496049dd3",
        "type": "github"
      },
      "original": {
@ -554,11 +554,11 @@
        "nmd": "nmd"
      },
      "locked": {
-        "lastModified": 1725658585,
+        "lastModified": 1747382160,
-        "narHash": "sha256-P29z4Gt89n5ps1U7+qmIrj0BuRXGZQSIaOe2+tsPgfw=",
+        "narHash": "sha256-nlHPjA5GH4wdwnAoOzCt7BVLUKtIAAW2ClNGz2OxTrs=",
        "owner": "nix-community",
        "repo": "nix-on-droid",
-        "rev": "5d88ff2519e4952f8d22472b52c531bb5f1635fc",
+        "rev": "40b8c7465f78887279a0a3c743094fa6ea671ab1",
        "type": "github"
      },
      "original": {
@ -569,11 +569,11 @@
    },
    "nixosHardware": {
      "locked": {
-        "lastModified": 1745955289,
+        "lastModified": 1748942041,
-        "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=",
+        "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b",
+        "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
        "type": "github"
      },
      "original": {
@ -632,11 +632,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1748740939,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
        "type": "github"
      },
      "original": {
@ -647,11 +647,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1746183838,
+        "lastModified": 1748810746,
-        "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=",
+        "narHash": "sha256-1na8blYvU1F6HLwx/aFjrhUqpqZ0SCsnqqW9n2vXvok=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bf3287dac860542719fe7554e21e686108716879",
+        "rev": "78d9f40fd6941a1543ffc3ed358e19c69961d3c1",
        "type": "github"
      },
      "original": {
@ -711,11 +711,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1746141548,
+        "lastModified": 1748693115,
-        "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
+        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78",
+        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
        "type": "github"
      },
      "original": {
@ -742,11 +742,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1746141548,
+        "lastModified": 1748693115,
-        "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
+        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78",
+        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
        "type": "github"
      },
      "original": {
@ -821,11 +821,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741379162,
+        "lastModified": 1746537231,
-        "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
+        "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
+        "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
        "type": "github"
      },
      "original": {
@ -906,11 +906,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741573199,
+        "lastModified": 1747017456,
-        "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=",
+        "narHash": "sha256-C/U12fcO+HEF071b5mK65lt4XtAIZyJSSJAg9hdlvTk=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a",
+        "rev": "5b07506ae89b025b14de91f697eba23b48654c52",
        "type": "github"
      },
      "original": {
@ -1009,11 +1009,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746216483,
+        "lastModified": 1748243702,
-        "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=",
+        "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd",
+        "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
        "type": "github"
      },
      "original": {
--- a/hmModules/emacs/default.nix
+++ b/hmModules/emacs/default.nix
@ -49,6 +49,7 @@ in
      copilot-language-server.fhs
      math-preview
      emacs-lsp-booster
      texlive.combined.scheme-full
    ]
    ++ (with hunspellDicts; [
      en_US-large
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -89,6 +89,7 @@
          "forgejo-runners-token".owner = "nixuser";
          "forgejo-nix-access-tokens".owner = "nixuser";
          "nix-netrc" = { };
          "wireguard-mlabs-private-key" = { };
        };
      };
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -41,6 +41,7 @@
      "prometheus-exporters"
      "zerotier"
      "alloy"
      "wireguard-mlabs"
    ]
    ++ [ ./disko.nix ];
--- a/hosts/pike/default.nix
+++ b/hosts/pike/default.nix
@ -89,6 +89,7 @@
      "pantalaimon"
      "gimp"
      "jellyfin"
      "unison"
    ];
    extraGroups = [ "plugdev" ];
    backupPaths = [ ];
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@ -163,6 +163,19 @@ in
    config.services.home-assistant.configDir
  ];
  services.nginx.virtualHosts."home.aciceri.dev" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
      proxyWebsockets = true;
    };
    extraConfig = ''
      proxy_set_header    Upgrade     $http_upgrade;
      proxy_set_header    Connection  $connection_upgrade;
    '';
  };
  # virtualisation.oci-containers = {
  #   backend = "podman";
  #   containers.homeassistant = {
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@ -22,4 +22,16 @@
    fsType = "ext4";
    options = [ "bind" ];
  };
  services.nginx.virtualHosts."photos.aciceri.dev" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
      proxyWebsockets = true;
    };
    extraConfig = ''
      client_max_body_size 50000M;
    '';
  };
 }
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -25,23 +25,23 @@
        "https://cache.iog.io"
        "https://cache.lix.systems"
        "https://nix-community.cachix.org"
-        # "https://mlabs.cachix.org"
+        "https://mlabs.cachix.org"
        "http://sisko.wg.aciceri.dev:8081/nixfleet"
      ];
      trusted-public-keys = [
        "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        # "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
+        "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
        "nixfleet:Bud23440n6mMTmgq/7U+mk91zlLjnx2X3lQQrCBCCU4="
      ];
-      deprecated-features = [ "url-literals" ];
+      deprecated-features = [ "url-literals" ]; # despite a warning saying that this option doesn't exist it seems to work
    };
    nixPath = [ "nixpkgs=${fleetFlake.inputs.nixpkgs}" ];
    extraOptions = ''
-      experimental-features = nix-command flakes impure-derivations
+      experimental-features = nix-command flakes
      builders-use-substitutes = true
    '';
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -16,6 +16,7 @@
        pdfa_image_compression = "lossless";
        invalidate_digital_signatures = true;
      };
      PAPERLESS_URL = "https://paper.sisko.wg.aciceri.dev";
    };
  };
@ -33,6 +34,12 @@
    };
    extraConfig = ''
      client_max_body_size 50000M;
      proxy_redirect off;
      proxy_set_header Host $host:$server_port;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header X-Forwarded-Proto $scheme;
    '';
    serverAliases = [ "paper.sisko.zt.aciceri.dev" ];
  };
--- a/modules/sisko-proxy/default.nix
+++ b/modules/sisko-proxy/default.nix
@ -1,105 +1,5 @@
 { config, ... }:
 {
  imports = [ ../nginx-base ];
-  services.nginx.virtualHosts = {
+  # TODO this file can be probably deleted now
-    localhost.listen = [ { addr = "127.0.0.1"; } ];
+  # each module defining a virtualHost should import nginx-base
    "home.aciceri.dev" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  $connection_upgrade;
      '';
    };
    "home.sisko.aciceri.dev" = {
      forceSSL = true;
      useACMEHost = "aciceri.dev";
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  $connection_upgrade;
      '';
    };
    "photos.aciceri.dev" = {
      extraConfig = ''
        client_max_body_size 50000M;
      '';
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
        proxyWebsockets = true;
      };
    };
    # "${config.services.nextcloud.hostName}" = {
    #   forceSSL = true;
    #   enableACME = true;
    # };
    # "sevenofnix.aciceri.dev" = {
    #   forceSSL = true;
    #   enableACME = true;
    #   locations."/" = {
    #     proxyPass = "http://10.1.1.2:${builtins.toString config.services.buildbot-master.port}";
    #     proxyWebsockets = true;
    #   };
    # };
  };
  # services.oauth2_proxy = {
  #   enable = true;
  #   provider = "oidc";
  #   reverseProxy = true;
  #   # replaces following options with .keyFile
  #   clientID = "shouldThisBePrivate?";
  #   clientSecret = "thisShouldBePrivate";
  #   cookie.secret = "thisShouldBePrivate00000";
  #   email.domains = [ "*" ];
  #   extraConfig = {
  #      # custom-sign-in-logo = "${../../lib/mlabs-logo.svg}";
  #      # scope = "user:email";
  #      # banner = "MLabs Status";
  #      # whitelist-domain = ".status.staging.mlabs.city";
  #     oidc-issuer-url = "http://127.0.0.1:5556/dex";
  #   };
  #   # redirectURL = "https://status.staging.mlabs.city/oauth2/callback";
  #   # keyFile = config.age.secrets.status-oauth2-secrets.path;
  #   # cookie.domain = ".status.staging.mlabs.city";
  #   nginx = {
  #     virtualHosts = [
  # 	"search.aciceri.dev"
  #     ];
  #   };
  # };
  # services.dex = {
  #   enable = true;
  #   settings = {
  #     issuer = "http://127.0.0.1:5556/dex";
  #     storage = {
  # 	type = "postgres";
  # 	config.host = "/var/run/postgresql";
  #     };
  #     web = {
  # 	http = "127.0.0.1:5556";
  #     };
  #     enablePasswordDB = true;
  #     staticClients = [
  # 	{
  # 	  # id = "oidcclient";
  # 	  # name = "client";
  # 	  # redirecturis = [ "https://login.aciceri.dev/callback" ];
  # 	  # secretfile = "/etc/dex/oidcclient"; # the content of `secretfile` will be written into to the config as `secret`.
  # 	}
  #     ];
  #   };
  # };
 }
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -13,6 +13,7 @@
      {
        publicKey = vpn.sisko.publicKey;
        allowedIPs = [ "10.100.0.0/24" ];
        # allowedIPs = [ "0.0.0.0/24" ]; # Uncomment for full tunnel
        endpoint = "vpn.aciceri.dev:51820";
        persistentKeepalive = 25;
      }
--- a/modules/wireguard-mlabs/default.nix
+++ b/modules/wireguard-mlabs/default.nix
@ -0,0 +1,15 @@
 { config, ... }:
 {
  networking.wireguard.interfaces.wg1 = {
    ips = [ "10.10.1.1/32" ];
    peers = [
      {
        publicKey = "A4u2Rt5WEMHOAc6YpDABkqAy2dzzFLH9Gn8xWcKaPQQ=";
        allowedIPs = [ "10.10.0.0/16" ];
        endpoint = "vpn.staging.mlabs.city:51820";
        persistentKeepalive = 25;
      }
    ];
    privateKeyFile = config.age.secrets.wireguard-mlabs-private-key.path;
  };
 }
--- a/modules/wireguard-server/default.nix
+++ b/modules/wireguard-server/default.nix
@ -2,6 +2,7 @@
  config,
  lib,
  vpn,
  pkgs,
  ...
 }:
 {
@ -17,5 +18,13 @@
      publicKey = vpnConfig.publicKey;
      allowedIPs = [ "${vpnConfig.ip}/32" ];
    }) vpn;
    postSetup = ''
      ${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
    '';
    postShutdown = ''
      ${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
    '';
  };
 }
--- a/secrets/nix-netrc.age
+++ b/secrets/nix-netrc.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -164,6 +164,12 @@ with keys.users;
    picard
    kirk
  ];
  "wireguard-mlabs-private-key.age".publicKeys = [
    ccr-ssh
    picard
    pike
    kirk
  ];
  # WireGuard
  "picard-wireguard-private-key.age".publicKeys = [
--- a/secrets/wireguard-mlabs-private-key.age
+++ b/secrets/wireguard-mlabs-private-key.age
@ -0,0 +1,12 @@
 age-encryption.org/v1
 -> ssh-ed25519 Zh7Kmw 1pcva3l9KyvXlzWJVeul63s1xnL2yEMzuB1R73IdKlA
 TDDa9yQYXrqFS+MCEeqCcQ/27zu3WytSmU5MBNyQTIk
 -> ssh-ed25519 /WmILg z9/JeIxSpzndNP+1fwfdRfKYTaNp7wVITCkF7wwayEs
 8PlFDHZbA0Z/3svhPWGE/sHfsMNmuXrdP6Qf0FhLMmc
 -> ssh-ed25519 OYRzvQ Tk0mN20c8199ZvTY6jXY6ExSXGR3kb4qtnj8HkPj1xY
 5SGMhFzIE98NgNw7bnnivVTvuKtBtJdf/2jAjJUSKl8
 -> ssh-ed25519 /yLdGQ 8J4LLlxtMFW8fALPGUk/NaHIJ59bo9tKe5TGiGAvYhk
 sgE0SQi169mEtltDWIb4ZZaXKUXORyiKhmOZsNOiqKU
 --- sWbCYolqfqwIsja6nNdyPBcOeM/Qq5GninMokUvK4xE
 ÆÅ‰gzŽùï‹Ý{Ä4îÜ	¯Xé?‰<>ë’
 Ae"„€vÈ\Ho,m}bÂq½žä$âÌh—:æfÜGkFÜ=#0q™
Author	SHA1	Message	Date
Seven of Nine	f4278559f9	flake.lock: Update Some checks failed / test (push) Failing after 44m10s Details Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/a894f2811e1ee8d10c50560551e50d6ab3c392ba' (2025-05-26) → 'github:nix-community/disko/58d6e5a83fff9982d57e0a0a994d4e5c0af441e4' (2025-06-02) • Updated input 'dream2nix': 'github:nix-community/dream2nix/6fd6d9188f32efd1e1656b3c3e63a67f9df7b636' (2025-05-19) → 'github:nix-community/dream2nix/e92dacdc57acaa6b2ae79592c1a62c2340931410' (2025-06-02) • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/0fba546d9aa235fc726fe9c8c3bb703e918c14c4' (2025-05-27) → 'github:nix-community/emacs-overlay/78278b770d2c83657657da569544cf20eccee0ef' (2025-06-03) • Updated input 'emacs-overlay/nixpkgs': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) → 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31) • Updated input 'emacs-overlay/nixpkgs-stable': 'github:NixOS/nixpkgs/f09dede81861f3a83f7f06641ead34f02f37597f' (2025-05-23) → 'github:NixOS/nixpkgs/78d9f40fd6941a1543ffc3ed358e19c69961d3c1' (2025-06-01) • Updated input 'flakeParts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) → 'github:hercules-ci/flake-parts/49f0870db23e8c1ca0b5259734a02cd9e1e371a1' (2025-06-01) • Updated input 'flakeParts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30) → 'github:nix-community/nixpkgs.lib/656a64127e9d791a334452c6b6606d17539476e2' (2025-06-01) • Updated input 'homeManager': 'github:nix-community/home-manager/f5b12be834874f7661db4ced969a621ab2d57971' (2025-05-28) → 'github:nix-community/home-manager/cb809ec1ff15cf3237c6592af9bbc7e4d983e98c' (2025-06-03) • Updated input 'lix': 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=fda93021ca8bf43de1e43c223b439b41c3990e4c' (2025-05-27) → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=019b17f4e93c098f99a9bc691be1f1c4df026c7d' (2025-06-02) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/11f2d9ea49c3e964315215d6baa73a8d42672f06' (2025-05-22) → 'github:NixOS/nixos-hardware/fc7c4714125cfaa19b048e8aaf86b9c53e04d853' (2025-06-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) → 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31)	2025-06-03 09:42:50 +00:00
Andrea Ciceri	7303969233	Fix typo All checks were successful EVAL aarch64-linux.sisko Details BUILD aarch64-linux.sisko Details UPLOAD aarch64-linux.sisko Details DOWNLOAD aarch64-linux.sisko Details CACHIX aarch64-linux.sisko Details ATTIC aarch64-linux.sisko Details / test (push) Successful in 1h6m39s Details	2025-05-29 15:45:05 +02:00
Andrea Ciceri	4e90abc309	Allow full tunnel Some checks failed / test (push) Has been cancelled Details	2025-05-29 15:34:51 +02:00
Andrea Ciceri	12b731ef9a	Allow forwarding all traffic Some checks are pending / test (push) Waiting to run Details	2025-05-29 15:33:16 +02:00
Andrea Ciceri	908508743b	Move Nginx virtual hosts to relative modules Some checks failed EVAL aarch64-linux.sisko Details BUILD aarch64-linux.sisko Details UPLOAD aarch64-linux.sisko Details DOWNLOAD aarch64-linux.sisko Details CACHIX aarch64-linux.sisko Details ATTIC aarch64-linux.sisko Details / test (push) Successful in 1h20m54s Details	2025-05-29 10:42:13 +02:00
Andrea Ciceri	5fa324bfa2	Enable `unison` on `pike` Some checks failed / test (push) Has been cancelled Details	2025-05-28 20:33:11 +02:00
Andrea Ciceri	650c787cdc	Connect `picard` to the MLabs VPN Some checks failed EVAL aarch64-linux.sisko Details BUILD aarch64-linux.sisko Details UPLOAD aarch64-linux.sisko Details DOWNLOAD aarch64-linux.sisko Details CACHIX aarch64-linux.sisko Details ATTIC aarch64-linux.sisko Details / test (push) Successful in 1h31m42s Details	2025-05-28 16:30:08 +02:00
Andrea Ciceri	c6f951a347	Re-enable `--attic-cache` in `nix-fast-build` All checks were successful EVAL aarch64-linux.sisko Details / test (push) Successful in 1m22s Details	2025-05-28 14:58:53 +02:00
Andrea Ciceri	197463cc08	Test `push-to-cache` script Some checks failed / test (push) Has been cancelled Details	2025-05-28 14:51:14 +02:00
Andrea Ciceri	6bdf2e95c1	Remove `impure-derivations` (not experimental anymore?) Some checks failed / test (push) Has been cancelled Details	2025-05-28 13:58:17 +02:00
Andrea Ciceri	41656bdf55	Bump inputs Some checks failed UPLOAD x86_64-linux.treefmt Details DOWNLOAD x86_64-linux.treefmt Details CACHIX x86_64-linux.treefmt Details ATTIC x86_64-linux.treefmt Details EVAL aarch64-linux.sisko Details BUILD aarch64-linux.sisko Details / test (push) Successful in 19m29s Details	2025-05-28 12:02:46 +02:00
Andrea Ciceri	0c91357de8	Re-enable `url-literals` All checks were successful EVAL aarch64-linux.sisko Details BUILD aarch64-linux.sisko Details UPLOAD aarch64-linux.sisko Details DOWNLOAD aarch64-linux.sisko Details CACHIX aarch64-linux.sisko Details ATTIC aarch64-linux.sisko Details / test (push) Successful in 26m4s Details	2025-05-28 10:08:00 +02:00
Andrea Ciceri	23b1854899	Add `pdflatex` used by Emacs for exporting org files to pdf	2025-05-28 10:07:38 +02:00
Andrea Ciceri	0a8e49517d	Re-enable MLabs cache Some checks failed / test (push) Has been cancelled Details	2025-05-26 17:32:59 +02:00
Andrea Ciceri	912ab8105a	Disable `deprecated-features`	2025-05-26 11:13:44 +02:00
Andrea Ciceri	a055ebeaba	Make `paperless` work again	2025-05-26 11:13:37 +02:00