flake.lock: Update

Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded' (2025-04-26) → 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1' (2025-05-18) • Updated input 'catppuccin': 'github:catppuccin/nix/a5db9e41a4dccfa5ffe38e6f1841a5f9ad5c5c04' (2025-05-02) → 'github:catppuccin/nix/0ba11b12be81f0849a89ed17ab635164ea8f0112' (2025-05-24) • Updated input 'disko': 'github:nix-community/disko/d0c543d740fad42fe2c035b43c9d41127e073c78' (2025-04-28) → 'github:nix-community/disko/a894f2811e1ee8d10c50560551e50d6ab3c392ba' (2025-05-26) • Updated input 'dream2nix': 'github:nix-community/dream2nix/8ce6284ff58208ed8961681276f82c2f8f978ef4' (2024-12-25) → 'github:nix-community/dream2nix/6fd6d9188f32efd1e1656b3c3e63a67f9df7b636' (2025-05-19) • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/66bb2d7a4df96d0c1e63648850b7aed1b2e8d683' (2025-05-03) → 'github:nix-community/emacs-overlay/e048433838750a5fd9036e56dd8f59affa6d676b' (2025-05-26) • Updated input 'emacs-overlay/nixpkgs': 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78' (2025-05-01) → 'github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c' (2025-05-23) • Updated input 'emacs-overlay/nixpkgs-stable': 'github:NixOS/nixpkgs/bf3287dac860542719fe7554e21e686108716879' (2025-05-02) → 'github:NixOS/nixpkgs/f09dede81861f3a83f7f06641ead34f02f37597f' (2025-05-23) • Updated input 'git-hooks-nix': 'github:cachix/git-hooks.nix/dcf5072734cb576d2b0c59b2ac44f5050b5eac82' (2025-03-22) → 'github:cachix/git-hooks.nix/80479b6ec16fefd9c1db3ea13aeb038c60530f46' (2025-05-16) • Updated input 'homeManager': 'github:nix-community/home-manager/c0962eeeabfb8127713f859ec8a5f0e86dead0f2' (2025-05-03) → 'github:nix-community/home-manager/d23d20f55d49d8818ac1f1b2783671e8a6725022' (2025-05-26) • Updated input 'lanzaboote': 'github:nix-community/lanzaboote/995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba' (2025-04-21) → 'github:nix-community/lanzaboote/2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85' (2025-05-12) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5' (2025-03-09) → 'github:ipetkov/crane/dfd9a8dfd09db9aad544c4d3b6c47b12562544a5' (2025-05-03) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) • Updated input 'lanzaboote/pre-commit-hooks-nix': 'github:cachix/pre-commit-hooks.nix/b5a62751225b2f62ff3147d0a334055ebadcd5cc' (2025-03-07) → 'github:cachix/pre-commit-hooks.nix/fa466640195d38ec97cf0493d6d6882bc4d14969' (2025-05-06) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/c777dc8a1e35407b0e80ec89817fe69970f4e81a' (2025-03-10) → 'github:oxalica/rust-overlay/5b07506ae89b025b14de91f697eba23b48654c52' (2025-05-12) • Updated input 'lix': 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4e84fd9a0061a04627ec6962c0ed08c2ad0b8a7f' (2025-05-02) → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=dbff52bfbc48ead789888bf24422d0ef6f7ba9a8' (2025-05-25) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=fa69ae26cc32dda178117b46487c2165c0e08316' (2025-03-25) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=3c23c6ae2aecc1f76ae7993efe1a78b5316f0700' (2025-05-19) • Updated input 'mobile-nixos': 'github:NixOS/mobile-nixos/6679fd7a8dd4ccf4aa538b82216723861cfe61a2' (2025-04-05) → 'github:NixOS/mobile-nixos/6e249e58b5d8166738ebcfd401f05f7496049dd3' (2025-05-25) • Updated input 'nix-on-droid': 'github:nix-community/nix-on-droid/5d88ff2519e4952f8d22472b52c531bb5f1635fc' (2024-09-06) → 'github:nix-community/nix-on-droid/40b8c7465f78887279a0a3c743094fa6ea671ab1' (2025-05-16) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/72081c9fbbef63765ae82bff9727ea79cc86bd5b' (2025-04-29) → 'github:NixOS/nixos-hardware/11f2d9ea49c3e964315215d6baa73a8d42672f06' (2025-05-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78' (2025-05-01) → 'github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c' (2025-05-23) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/29ec5026372e0dec56f890e50dbe4f45930320fd' (2025-05-02) → 'github:numtide/treefmt-nix/1f3f7b784643d488ba4bf315638b2b0a4c5fb007' (2025-05-26)
2025-05-26 15:02:07 +00:00
17 changed files with 142 additions and 133 deletions
--- a/checks/default.nix
+++ b/checks/default.nix
@ -11,7 +11,7 @@
  ];
  perSystem =
-    { config, pkgs, ... }:
+    { config, ... }:
    {
      treefmt.config = {
        projectRootFile = ".git/config";
@ -42,18 +42,6 @@
          package = config.treefmt.build.wrapper;
        };
      };
      packages.push-to-cache =
        let
          allChecks = with self.checks; x86_64-linux // aarch64-linux;
          checks = builtins.removeAttrs allChecks [ "push-to-cache" ];
        in
        pkgs.writeShellScriptBin "push-to-cache.sh" ''
          attic push $1 --stdin --jobs 64 << EOF
          ${lib.concatStringsSep "\n" (
            builtins.map (builtins.unsafeDiscardStringContext) (builtins.attrValues checks)
          )}
          EOF
        '';
    };
  flake.checks =
@ -61,7 +49,7 @@
      build = _: nc: nc.config.system.build.toplevel;
    in
    {
-      x86_64-linux = (lib.mapAttrs build { inherit (self.nixosConfigurations) picard pike kirk; });
+      x86_64-linux = lib.mapAttrs build { inherit (self.nixosConfigurations) picard pike kirk; };
      aarch64-linux = lib.mapAttrs build {
        inherit (self.nixosConfigurations) sisko; # pbp;
      };
--- a/flake.lock
+++ b/flake.lock
@ -83,11 +83,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748832438,
+        "lastModified": 1748225455,
-        "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=",
+        "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4",
+        "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
        "type": "github"
      },
      "original": {
@ -103,11 +103,11 @@
        "pyproject-nix": "pyproject-nix"
      },
      "locked": {
-        "lastModified": 1748838242,
+        "lastModified": 1747658429,
-        "narHash": "sha256-wORL3vLIJdBF8hz73yuD7DVsrbOvFgtH96hQIetXhfg=",
+        "narHash": "sha256-qZWuEdxmPx818qR61t3mMozJOvZSmTRUDPU4L3JeGgE=",
        "owner": "nix-community",
        "repo": "dream2nix",
-        "rev": "e92dacdc57acaa6b2ae79592c1a62c2340931410",
+        "rev": "6fd6d9188f32efd1e1656b3c3e63a67f9df7b636",
        "type": "github"
      },
      "original": {
@ -122,11 +122,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1748941793,
+        "lastModified": 1748248657,
-        "narHash": "sha256-HncwK05hos0Z5SSjVF5CtZjwMTn56xjWq08fRIdKBms=",
+        "narHash": "sha256-zqhc7qyoRmgZpkvjocYEui9xYlzL90nqPf40zADGruM=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "78278b770d2c83657657da569544cf20eccee0ef",
+        "rev": "e048433838750a5fd9036e56dd8f59affa6d676b",
        "type": "github"
      },
      "original": {
@ -245,11 +245,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1748821116,
+        "lastModified": 1743550720,
-        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
        "type": "github"
      },
      "original": {
@ -387,11 +387,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748925027,
+        "lastModified": 1748227609,
-        "narHash": "sha256-BJ0qRIdvt5aeqm3zg/5if7b5rruG05zrSX3UpLqjDRk=",
+        "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "cb809ec1ff15cf3237c6592af9bbc7e4d983e98c",
+        "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022",
        "type": "github"
      },
      "original": {
@ -464,11 +464,11 @@
    "lix": {
      "flake": false,
      "locked": {
-        "lastModified": 1748893954,
+        "lastModified": 1748182888,
-        "narHash": "sha256-Vj1GHarIzlJI3We5KnYcAQlSjn++fx7/lKRaiIVz3tg=",
+        "narHash": "sha256-tm3yi3KL+KjMnLZFXKR1ioI/Rk8DIa2n1NNE6I99BpU=",
        "ref": "refs/heads/main",
-        "rev": "019b17f4e93c098f99a9bc691be1f1c4df026c7d",
+        "rev": "dbff52bfbc48ead789888bf24422d0ef6f7ba9a8",
-        "revCount": 17982,
+        "revCount": 17946,
        "type": "git",
        "url": "https://git@git.lix.systems/lix-project/lix"
      },
@ -569,11 +569,11 @@
    },
    "nixosHardware": {
      "locked": {
-        "lastModified": 1748942041,
+        "lastModified": 1747900541,
-        "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
+        "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
+        "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
        "type": "github"
      },
      "original": {
@ -632,11 +632,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1748740939,
+        "lastModified": 1743296961,
-        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
+        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
+        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
        "type": "github"
      },
      "original": {
@ -647,11 +647,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1748810746,
+        "lastModified": 1748037224,
-        "narHash": "sha256-1na8blYvU1F6HLwx/aFjrhUqpqZ0SCsnqqW9n2vXvok=",
+        "narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "78d9f40fd6941a1543ffc3ed358e19c69961d3c1",
+        "rev": "f09dede81861f3a83f7f06641ead34f02f37597f",
        "type": "github"
      },
      "original": {
@ -711,11 +711,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1748693115,
+        "lastModified": 1748026106,
-        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
+        "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
+        "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
        "type": "github"
      },
      "original": {
@ -742,11 +742,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1748693115,
+        "lastModified": 1748026106,
-        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
+        "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
+        "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
        "type": "github"
      },
      "original": {
--- a/hmModules/emacs/default.nix
+++ b/hmModules/emacs/default.nix
@ -49,7 +49,6 @@ in
      copilot-language-server.fhs
      math-preview
      emacs-lsp-booster
      texlive.combined.scheme-full
    ]
    ++ (with hunspellDicts; [
      en_US-large
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -89,7 +89,6 @@
          "forgejo-runners-token".owner = "nixuser";
          "forgejo-nix-access-tokens".owner = "nixuser";
          "nix-netrc" = { };
          "wireguard-mlabs-private-key" = { };
        };
      };
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -41,7 +41,6 @@
      "prometheus-exporters"
      "zerotier"
      "alloy"
      "wireguard-mlabs"
    ]
    ++ [ ./disko.nix ];
--- a/hosts/pike/default.nix
+++ b/hosts/pike/default.nix
@ -89,7 +89,6 @@
      "pantalaimon"
      "gimp"
      "jellyfin"
      "unison"
    ];
    extraGroups = [ "plugdev" ];
    backupPaths = [ ];
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@ -163,19 +163,6 @@ in
    config.services.home-assistant.configDir
  ];
  services.nginx.virtualHosts."home.aciceri.dev" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
      proxyWebsockets = true;
    };
    extraConfig = ''
      proxy_set_header    Upgrade     $http_upgrade;
      proxy_set_header    Connection  $connection_upgrade;
    '';
  };
  # virtualisation.oci-containers = {
  #   backend = "podman";
  #   containers.homeassistant = {
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@ -22,16 +22,4 @@
    fsType = "ext4";
    options = [ "bind" ];
  };
  services.nginx.virtualHosts."photos.aciceri.dev" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
      proxyWebsockets = true;
    };
    extraConfig = ''
      client_max_body_size 50000M;
    '';
  };
 }
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -25,23 +25,23 @@
        "https://cache.iog.io"
        "https://cache.lix.systems"
        "https://nix-community.cachix.org"
-        "https://mlabs.cachix.org"
+        # "https://mlabs.cachix.org"
        "http://sisko.wg.aciceri.dev:8081/nixfleet"
      ];
      trusted-public-keys = [
        "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
+        # "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
        "nixfleet:Bud23440n6mMTmgq/7U+mk91zlLjnx2X3lQQrCBCCU4="
      ];
-      deprecated-features = [ "url-literals" ]; # despite a warning saying that this option doesn't exist it seems to work
+      deprecated-features = [ "url-literals" ];
    };
    nixPath = [ "nixpkgs=${fleetFlake.inputs.nixpkgs}" ];
    extraOptions = ''
-      experimental-features = nix-command flakes
+      experimental-features = nix-command flakes impure-derivations
      builders-use-substitutes = true
    '';
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -16,7 +16,6 @@
        pdfa_image_compression = "lossless";
        invalidate_digital_signatures = true;
      };
      PAPERLESS_URL = "https://paper.sisko.wg.aciceri.dev";
    };
  };
@ -34,12 +33,6 @@
    };
    extraConfig = ''
      client_max_body_size 50000M;
      proxy_redirect off;
      proxy_set_header Host $host:$server_port;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header X-Forwarded-Proto $scheme;
    '';
    serverAliases = [ "paper.sisko.zt.aciceri.dev" ];
  };
--- a/modules/sisko-proxy/default.nix
+++ b/modules/sisko-proxy/default.nix
@ -1,5 +1,105 @@
 { config, ... }:
 {
  imports = [ ../nginx-base ];
-  # TODO this file can be probably deleted now
+  services.nginx.virtualHosts = {
-  # each module defining a virtualHost should import nginx-base
+    localhost.listen = [ { addr = "127.0.0.1"; } ];
    "home.aciceri.dev" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  $connection_upgrade;
      '';
    };
    "home.sisko.aciceri.dev" = {
      forceSSL = true;
      useACMEHost = "aciceri.dev";
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  $connection_upgrade;
      '';
    };
    "photos.aciceri.dev" = {
      extraConfig = ''
        client_max_body_size 50000M;
      '';
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
        proxyWebsockets = true;
      };
    };
    # "${config.services.nextcloud.hostName}" = {
    #   forceSSL = true;
    #   enableACME = true;
    # };
    # "sevenofnix.aciceri.dev" = {
    #   forceSSL = true;
    #   enableACME = true;
    #   locations."/" = {
    #     proxyPass = "http://10.1.1.2:${builtins.toString config.services.buildbot-master.port}";
    #     proxyWebsockets = true;
    #   };
    # };
  };
  # services.oauth2_proxy = {
  #   enable = true;
  #   provider = "oidc";
  #   reverseProxy = true;
  #   # replaces following options with .keyFile
  #   clientID = "shouldThisBePrivate?";
  #   clientSecret = "thisShouldBePrivate";
  #   cookie.secret = "thisShouldBePrivate00000";
  #   email.domains = [ "*" ];
  #   extraConfig = {
  #      # custom-sign-in-logo = "${../../lib/mlabs-logo.svg}";
  #      # scope = "user:email";
  #      # banner = "MLabs Status";
  #      # whitelist-domain = ".status.staging.mlabs.city";
  #     oidc-issuer-url = "http://127.0.0.1:5556/dex";
  #   };
  #   # redirectURL = "https://status.staging.mlabs.city/oauth2/callback";
  #   # keyFile = config.age.secrets.status-oauth2-secrets.path;
  #   # cookie.domain = ".status.staging.mlabs.city";
  #   nginx = {
  #     virtualHosts = [
  # 	"search.aciceri.dev"
  #     ];
  #   };
  # };
  # services.dex = {
  #   enable = true;
  #   settings = {
  #     issuer = "http://127.0.0.1:5556/dex";
  #     storage = {
  # 	type = "postgres";
  # 	config.host = "/var/run/postgresql";
  #     };
  #     web = {
  # 	http = "127.0.0.1:5556";
  #     };
  #     enablePasswordDB = true;
  #     staticClients = [
  # 	{
  # 	  # id = "oidcclient";
  # 	  # name = "client";
  # 	  # redirecturis = [ "https://login.aciceri.dev/callback" ];
  # 	  # secretfile = "/etc/dex/oidcclient"; # the content of `secretfile` will be written into to the config as `secret`.
  # 	}
  #     ];
  #   };
  # };
 }
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -13,7 +13,6 @@
      {
        publicKey = vpn.sisko.publicKey;
        allowedIPs = [ "10.100.0.0/24" ];
        # allowedIPs = [ "0.0.0.0/24" ]; # Uncomment for full tunnel
        endpoint = "vpn.aciceri.dev:51820";
        persistentKeepalive = 25;
      }
--- a/modules/wireguard-mlabs/default.nix
+++ b/modules/wireguard-mlabs/default.nix
@ -1,15 +0,0 @@
 { config, ... }:
 {
  networking.wireguard.interfaces.wg1 = {
    ips = [ "10.10.1.1/32" ];
    peers = [
      {
        publicKey = "A4u2Rt5WEMHOAc6YpDABkqAy2dzzFLH9Gn8xWcKaPQQ=";
        allowedIPs = [ "10.10.0.0/16" ];
        endpoint = "vpn.staging.mlabs.city:51820";
        persistentKeepalive = 25;
      }
    ];
    privateKeyFile = config.age.secrets.wireguard-mlabs-private-key.path;
  };
 }
--- a/modules/wireguard-server/default.nix
+++ b/modules/wireguard-server/default.nix
@ -2,7 +2,6 @@
  config,
  lib,
  vpn,
  pkgs,
  ...
 }:
 {
@ -18,13 +17,5 @@
      publicKey = vpnConfig.publicKey;
      allowedIPs = [ "${vpnConfig.ip}/32" ];
    }) vpn;
    postSetup = ''
      ${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
    '';
    postShutdown = ''
      ${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
    '';
  };
 }
--- a/secrets/nix-netrc.age
+++ b/secrets/nix-netrc.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -164,12 +164,6 @@ with keys.users;
    picard
    kirk
  ];
  "wireguard-mlabs-private-key.age".publicKeys = [
    ccr-ssh
    picard
    pike
    kirk
  ];
  # WireGuard
  "picard-wireguard-private-key.age".publicKeys = [
--- a/secrets/wireguard-mlabs-private-key.age
+++ b/secrets/wireguard-mlabs-private-key.age
@ -1,12 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 Zh7Kmw 1pcva3l9KyvXlzWJVeul63s1xnL2yEMzuB1R73IdKlA
 TDDa9yQYXrqFS+MCEeqCcQ/27zu3WytSmU5MBNyQTIk
 -> ssh-ed25519 /WmILg z9/JeIxSpzndNP+1fwfdRfKYTaNp7wVITCkF7wwayEs
 8PlFDHZbA0Z/3svhPWGE/sHfsMNmuXrdP6Qf0FhLMmc
 -> ssh-ed25519 OYRzvQ Tk0mN20c8199ZvTY6jXY6ExSXGR3kb4qtnj8HkPj1xY
 5SGMhFzIE98NgNw7bnnivVTvuKtBtJdf/2jAjJUSKl8
 -> ssh-ed25519 /yLdGQ 8J4LLlxtMFW8fALPGUk/NaHIJ59bo9tKe5TGiGAvYhk
 sgE0SQi169mEtltDWIb4ZZaXKUXORyiKhmOZsNOiqKU
 --- sWbCYolqfqwIsja6nNdyPBcOeM/Qq5GninMokUvK4xE
 ÆÅ‰gzŽùï‹Ý{Ä4îÜ	¯Xé?‰<>ë’
 Ae"„€vÈ\Ho,m}bÂq½žä$âÌh—:æfÜGkFÜ=#0q™