From 24201d0db61b54ab594216823c6a742919d65908 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 21 Nov 2024 10:09:26 +0100
Subject: [PATCH 1/6] Install `attic` on `sisko`

---
 hosts/default.nix                        |   2 +
 hosts/sisko/default.nix                  |   1 +
 modules/atticd/default.nix               |  52 +++++++++++++++++++++++
 secrets/secrets.nix                      |   5 +++
 secrets/sisko-attic-environment-file.age | Bin 0 -> 5999 bytes
 5 files changed, 60 insertions(+)
 create mode 100644 modules/atticd/default.nix
 create mode 100644 secrets/sisko-attic-environment-file.age

diff --git a/hosts/default.nix b/hosts/default.nix
index 5636017..f86454b 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -110,11 +110,13 @@
           "cloudflare-dyndns-api-token" = { };
           "restic-hetzner-password" = { };
           "hass-ssh-key".owner = "hass";
+          "sisko-attic-environment-file".owner = "atticd";
           "autistici-password" = {
             # FIXME terrible, should create a third ad-hoc group
             owner = "grafana";
             group = "forgejo";
           };
+
         };
       };
     };
diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index ba45c12..969f4e4 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -30,6 +30,7 @@
       "immich"
       "paperless"
       "syncthing"
+      "atticd"
     ]
     ++ [
       ./disko.nix
diff --git a/modules/atticd/default.nix b/modules/atticd/default.nix
new file mode 100644
index 0000000..507ba59
--- /dev/null
+++ b/modules/atticd/default.nix
@@ -0,0 +1,52 @@
+{ config, lib, ... }:
+{
+  services.atticd = {
+    enable = true;
+    settings = {
+      listen = "0.0.0.0:8081";
+      allowed-hosts = [ ]; # Allow all hosts
+      # api-endpoint = "https://cache.staging.mlabs.city/";
+      soft-delete-caches = false;
+      require-proof-of-possession = true;
+
+      database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc";
+
+      storage = {
+        type = "local";
+        path = "/mnt/hd/atticd";
+      };
+
+      compression = {
+        level = 8;
+        type = "zstd";
+      };
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+    environmentFile = config.age.secrets.sisko-attic-environment-file.path;
+  };
+
+  systemd.services.atticd = {
+    serviceConfig = {
+      DynamicUser = lib.mkForce false;
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d config.services.atticd.settings.storage.path 770 atticd atticd"
+  ];
+
+  users = {
+    groups.atticd = { };
+    users.atticd = {
+      group = "atticd";
+      home = config.services.atticd.settings.storage.path;
+      isSystemUser = true;
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e5e95f4..52a3217 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -161,6 +161,11 @@ with keys.users;
     ccr-gpg
     sisko
   ];
+  "sisko-attic-environment-file.age".publicKeys = [
+    ccr-ssh
+    ccr-gpg
+    sisko
+  ];
 
   # WireGuard
   "picard-wireguard-private-key.age".publicKeys = [
diff --git a/secrets/sisko-attic-environment-file.age b/secrets/sisko-attic-environment-file.age
new file mode 100644
index 0000000000000000000000000000000000000000..97274634192fa829b29883ed306a7d3b1f4fd675
GIT binary patch
literal 5999
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!*`Do#|;cT7xoD(7;`b;`}Da4anJ
zF!2k@2+zsN3CSr)4a*8K3-ihdPN^s_$?`PMDvL-rcZ@P|wakvt4zSeENDs+%DNpit
z4RYtQNYpkh_bT;@$TZ1FN{Ngxb;(NAPIigRD-3iijVkfUaH~iT@F@%S*0!iD_slTN
z_sYm9wbW1b4fG8z&J4@tDz1v~uX6S>uE>chEU5A_)6dKHEsjbtEXoOX&#H9H)^`bw
zNJ)zD@{aJTa!O7LGj;YTC`_u-E(+Cmvn<U><|@w33vzKcEcK2uNiRvNOv?8QcFfBO
z2@3Wp4suMg&=2%<b}QCTa!fbY&yUCtH}Ea1sHjNMH+L}#woK0U4d5yaFADN@)(-Ly
zaJ0w@E7uN6bTf!D3A8W^%JWH%&~~n@3iqz4%<*z^^e9htw<xpp^~g<1&GZf}EKhe%
zO;6{_D0VA0at$qaGRw>hcGouW@=wb3t&A*kN%gAA&owDA)OQKbDRJ^BEAe;CtaJ%;
zEeH+qNY@Te%JeNrHa89AD#|J`PxtV34st9k&MuE|GfPejOD_w}%C8Fc3e0x$(>BaE
zNy+p|@{Y*M@rjDab`J~)GfE4{HZ}=%Hr6lJ<}!^)cQ1%CGR#S`EO+<v&bM^Ut15DG
z4D&WmH+D;k%r!L+2}@3Ka`Es8E_ZPWERNJR_KGaiF1PSEFfwz?ujEP#3@tECtJ06i
zNlG^;_i@j*h%`<w$gl{pO!5mV2)E2FEXy)<NeNALtI&5XGdK2f_I4?>uyjtgOgGZD
zaI@qJEH^In3Nm+$@~J8*3Ul*M@(d^m&ri!JuhLI84K6A*Om!{D4|c8eO0CRwbSVq<
z&`$Sq&#wwFc6Sc;Oft>nN-}V%aC8ka4lK{DuyD^TH!z4WiOjDIFmNre@Xd7$%J!`E
zGS5kKD^E^FPRD^BMaKG$Tpp37iGHSm9tNIXK88icsfHF7-Udl#dEo`+?pelOhCTto
zE(SgUjz;E=B}S&H!KI#A`XN>6&iUq!#)T%8kz7@w0q)+31qE&asVOB!DV1)iM#kCx
zfu-5bQN|t_&aM&q?tww!rUr(20luXbuBBeC#g#t(MJZKzg_XG;X3ks&Nx21iNiL2#
zxlu-@X_-Mr*&&r?E;)XlW*&Zy>51Nc!DXo_F6Ay>m6>L~KKfBb;b~dfDM5va;ei#Y
zCZSneA?5}7L1rdNDMpb6WfrA{9?4;r1?Db6Q9fD0AtlabX-2uGCZ5I?Nx??JrvBMU
zZe<nTt_77D!IcK3RaqgWTqa?Dkp^YSAtsKAsX0|8g(*d$nURT>j?Pi#z7|Oq`lVi#
zg+UdSerZ|yCWV2Hj?Q^L0Vb8jZcb&v=E1&(fm~6kWx2uW&PExL<%JOeg`WCRet8z<
zMp+(yzMiH|B_0_8M#1HgQCaEU1xa~HmcC&|ey&ErZYe3DMj44gMX6i{#-3jO!TC<+
z8QvN0{uLFGg_S;OW|koV25y<|VXnSj8IC1s!9m5Y>0Zeh;fd}=5!$KFK~Y{+CLaDl
z?#XFfg_eaz8Hr&gsrh~d-USARQDJ^nE<TY?k%0wC?p{8n>4{+`>E#9il@<j#$=XRp
zZhlE7o>3<L2IfIkVG)M@T)8<0IfX%ah58X`PDX)g#hGa?=@ov?uI~9xj#;I-l|>a5
z7G7yyDV1q?8O44<c~KcYX{i-K8BX4TPND9p#azK@sa2IxCFxFPA$jf*0cPeYSz*Ct
zB^5sDflitJnHDC-`L4Ns?vY+bSr!GMsRri7W{FvW*<SA2mH{4yK7m|jS;2V)UX{T`
zmaZwLIr%>BX*m`Jsh$RYUP-2@2IlUbUd{&jfoYKzS=q33oSI@}YHDbypk0;{l;^0B
zYwnTm=T(+ek?&uoUs>huXq2905#g1Xo$FN?;p&m$7UCG>=3e3IomI}|;$Ko2Sx{&h
zmZG1n9qR68>EcmX?CPEGn5FNP8IhV8<dS3<RT-Y|AL`1btE;OJ>1tk49_$oh>KB<(
z>6T^aWn^lctM6iw6yTkc8f6xd6zZv8nwabsni9yxFk`LC#%$iXpH-f4ge=`Y!$jy@
zZ@=B#_UM}(EV=hr$uBkHm*3HN;UeQ2i%P|Q9;Iy=99K6S{<%0NJt}X>$w0My@q<xk
zYiF=&>Si!~u9$hStle#YSNGj%ij%auW1c%pJ!(|b6x_Ec{F2o4`lg<}Uz$Je(r^F&
z@7%vd6`jcq@dA0QC)po-6UcgM_E;~IY4`s_3Q0%5YXq(2`*GUQ?ZT^|SOYen>8g=8
zTxvgOhC8jBw{<y3h0C`46~=r*z5k?*l@EN-)3p7eu&$!suk_2xj4Hmc8Fn)|O)h?|
zZOLb|S#SQ==H#ij{MVLl4*C|GvnYTqFs5QZ<B{p^zTB&2+YL^yxfXHn)a}mS|85IS
zn78Nf()zOuWv3Hek6vFFQTK7C*5xH@GDB<@9y}Vk?b;XHiU~ILZ!|9#FVbXE@B5l{
zYGTxNl{wR9&K5tc`#w8~*Y=@X(rT02jW2H1OKJErcDpZ>`?Ox7%xLW?CdPG5HMO&I
z_buAmx4hx<CE+$l2CcA~iMy38yuRE!BpP<`mHew6SHdS7y!~}E@bIsP$4uVpF<U3y
zo_<o4A=ze;U{81Ar=6@KtC;P!ti2!g@>k-DFYA>jPI+3a9-X~$=KsSL=9$x6rnU2A
zujE}9B(w5fpu8^on>L?SoS#eO4@{S0pP2C5$M+{=M`rbwE1ixn4{7cf)_X9E|5I~W
zCA--a*HZnoM=u!T{)rwsay9sLl+OEoZ@ID;=(^8;toth}CUDB3lX8{^Qp>NrPg%{f
zi}epz-?uf_w*L^wzIfP3s8X@-<dr6#eQ)C3n{FMG(A!ya`OaUJ!i$qvw)4NeJ~y}K
zui(u2?-&=KGTDB%mQy7B>8H$AwIz-B;=3pAU-!B8mr`rVnz>x(UmZ_%%|86%$YGOd
zH7u^XZck{h&pA@Ur4V7ATlZrA#0hgPwbvv+o%1G3*Z9t?B^kZ973Xi=a(}-`zHsel
z$vR!0*IMdsQF>QGkNuRp%D#SuqDjPg{pVVGpV=L|{H*m1mN!c)Y&jKia(fZO!~eSu
zr=Lr>b@1G_g}!SPq^3>TE_h)@R^s`9uTQ#Pzuo@PaPGSu!f6$(pRV(texbm#-sF1F
z$?1Uy$~NW7`aXS@IIrv-x7gk1`VUwq1lP+kKev?G`SY)utKL$L)wd5^dcJK&gq*Hs
z&vyG6bCRN$cj-;saQwcxtk=6lh7UWoF0d6ZoKQMZ-#n=>H(^DW?xu%_KBziw7E?W#
zsI0|!VcO24Tl23?KgRRw$&Ls8^_tfneN|Nd$eiEty3|~<M@RR<cCE;ksbYPbZt`*o
zHSc)gxV1ByFHLm$WHS~Ep5k*IbsPCM)JV;~$-O4u(WhzkhS|G+>z`j4$F<{A`SZQm
zm&IE)^UA7aKD>18UqwCh3;(zF54W2vs0lrDi1};2m{+NUbcXC6)A)Xm3{KG+m#o>_
z3Up7Fz0yl}7goNtRCfM>xlh)J>|Da#9?p2z=<yT%%~oz(XK!62xrYDN&f^>x4*dQl
zyXh5AyQueh$M}-|+<@2}`Q^>u!{5u6t}t%P(^ClMPUU0XJwGV#Vfpieoh@=-tPkrg
z=HA??JS*|C`Q%+nDHR*ygW1JPKSwQDnJTc)ZyRHM1#4j5u|%0pnfvBSd$%#~XZXLO
zk)?e@?%Ex1#P8MYoYbi}`3tYPYUZ-U+-*z?HtX}4TdF>|F7MOA?_bXQzg}Tk_@UO<
zXRdslA+$-!dcxJ7CWDBXpFggvv|Rr-*I@Z^QSJ7_H<wMnb2H+KmAdJwiRZlPl(TB~
z2t2)zXA$;MYge$fn`guCzsgp*#wkBe{C~Cj&=f|##r%iom%ZQT`A%ZKzr}i~Td$UU
z$)C^{d;W!^lELxMS*OnKD-n6K@g!qxv+0lA&S{r9D#aERo^|cH-6DVX{L~*C-_F}S
zt@dzrSHZ8@Y?<2w=6{n336eS)bNsKRNB@^%*94Vp#(1gtbNhH!J8*6HT|L8}@x`J|
zugc6{^~ioP*=NJ_c~+Nq^7^flcE%}IE<01&Caq;4X1(F5^XFAT$w55-M2vQ;Tz~BG
zb<W(2Rfp4<4bRDzCVln$I!TUWW9h?7u7b7!R$s4J1>2koShauG<zwfh-TDmq?p^vX
z+jY0f;0){P6*nhs(AdU*k>`BiPpkaU<aGUYOn0WQNoqV-vQwi^MQy*=PiCus?HTJH
z+e91PE9l!M&Ri3^dEFG<M;a~*Bu@&RSo`2z)!#|ka!WlguVlRI9^7jkm41EiHJ`|&
zmkIYxuWLy2OIja~=8TO#b9h3)%q}4hj=mp%4YrE^ay!_RzfwZ@OhL^mrs;VVsWHp_
zV+9_1F?Tfd#Uz!Lu_x7}tjm3MDt+a=gAEB&l!d3hUO2bnjdX%=uG)vMP67$*zWk15
zdS=HRFg;S3VSQKeqn5`x8Ad#MMl&XSc`9olzD!|Ox!b~fhU@D6(zm6y>&Nij3_O4I
zrczdksPA^|%L#K^=lf&}UW+)m=-Nu(T~Bv!PIij^$KcB>7O*t)>*St}>-~!&1ZEX1
zPhEJWBS>{>!Q5x+ikBxlsLgDix$H=sXU>^BGR!%P15e1C-nBAgTc)Pi^}zKJqpb7O
zA4ZBB)|}q)uIrWI-KfU-9f?^d?y9i8{P;;;N1}>ldj2!B4DUT+3wyU1EV`gzztr-G
z`(7gs_iF;NU+g~VYREkZyl>PL9Q}^rna^XFTMM6VN?s@*#HBRf{T<8v?r-AaHrJ)|
zjC%g{{n|D~tz_r!c+(aBzPC;9l&fw(^jqRo!in6q+WT5f3|W8uUa>IB;FZrFBj(*@
zk6-*LT~XW|TdF;Ey8Ty1<5$x!_WkLsYo7VvK-M5fROs@`t5Nd{)@~^)y%;TguJ7gf
z%Q-%+e4+jti@tiPeecWNmXk8=WcmFLvn=B!ajpxS{%LkdJH)+KQr-OQa@dZN;L`WT
z9Yyc@I+Q)?O<&(@=3gSPI{w|g<cW1b(=9Lls!U{*Hi-TGSZw;<i=TADE`QrJxj`%4
z_`1g&mbt#Kx84!=QVRU#*4gNM=7xoXLfMpfh9&pc&$ytlJ9|>#W;XG2H#`2GwtXNw
zYp(GnuII%ye7ojcn(tg~_l*72cb6G$7p9mVmb1O-nEz5DB*XjS<~PEUJx|U@KgtPT
zpkpQ45ODeY*{2@Oe%;%jGx}8?TQP6Pp<CT*ey5H)DSN$B2;kD-`qQ}K<<ec3*2{am
z)BQ5(Zg$G0bCcXoS<bX&`{?o^$k~wlZv4*A$)C?0Vf~x2b#dA!-*eKeN>%E$8_Zk+
z9p0~)F-6E*Ln7@_%gnt;{yQjLx7qR`<%Gem-PaaI`b@}3y%LZo)Y(6C{$Bl6dz3|c
z9+#9}Dg1W2p!4hT>4L0(m5<m5*Ia+fTO_;a{nH?pZ&P(YA3yM0%fLbF;qFiK?_J}I
z-#h70(S-$q>Zh$Pt&R1Ry?bHpq2TbZCOxbv@h4w4h^_y(SpCeI&*k>b50*$?nELcY
z|CU3aWM&0O?lGG2JosL+vW9u@pHq9kYowj{#dlN7<!Sk>?fXL&xZnI;vZK!M*KBci
zxkXDm=SEunoMoYD_K{)kmuvy&e8s9&tj#}*m~V)!3)e_;s*f$+qgG*Mr8NKkyE8vM
z`~K<vJ3Hgr%~dL=(pJ9dKip7zJ^yS&fa9WRB{v0FQ*S1RM#q_5kbM2w^;+jqIf-e%
zv|Sg9*MzLvV1AV~<Pz`u*ZU3HTk=@zyH4~xTC+=@=lkvQM1|j%zS=IV+@xBw^2`yd
zb3&)@8kO%Wl$2h*=CNYWy$ZcUjG799AEfNmGyI*7ZND@>?QF8c2lacpo|FEw%QXF1
zJH7qFCAN2!y>&f*g$tLLt>OMDQ^aAj?N<6m^Sbqn57+{HOH5C2Pyf1E#D(q1{uUXr
z)rE5owVaqQIQ6;FhaMsMM^k<&u$0s+&DK#+KfZEubm-$<?^kwaE{yJsxZ>3K!YkJ?
zQTnLqe_`E1H~HjmIt_EJ-_FUGxiDS*&|1e-vrf5o-sUTF_XR}W+<!aasmjy}*&37B
z`Qe&;)k;fV?0s$0m#VNob_aLds)ZL9Eq*&e%qJ`<eD<^-+~(UtIj2AS5P9MKBo1-q
z0N>It@<o=%Cmo2DsNdCfRqTGd+B{Xa)qWLQrX)nqpOjI{RDJT!IxcC=U)(*f>l}+6
z{w%gp>+>i}dZv`m_c6(nbH<#~r>bXF4!d6PQ{?U2cffMtk7Y}R=Wk%RbbN!CbkPLS
zA6phViJAPAzWDUU8Ig$>OvG$`k6SCOb-sU0eo5qs^Ysz8y*@2`XOvbw<IJbRLwhf6
zP&pabH~Vj;mN!dN#P0d54R@cmEr?y(@Ku^o{Lbl_RlciJg?9w3vlYEra{84N!%PPk
zZN2$Xf5UqX4YGMRYP*TKREZikaK{C!J)6|u&NyR2o^;;kX7Arw;g4r;JTT>}Mf1s<
zg-cG<8=m3a6DX}W*KJ|W|E>Jp#|urR)sB5j{P`%w+UxGD=G&d#H^my(y2zR(h;>=2
z%j-+jDj1&KSIM9CZBg0JzWA2y8RlCiXerI){$-$P>(O5;5pYE2tJI1m;jPkl_wKXK
zdz8_Xvith|jf?l}Tdtdy$?+me*J{m7rNf+0r<h#yur85UWZv-ED%$T$M```3lG0aS
zv*Y9h_dVXbJ7WH?<yX7DxPAy}t^Hv;X=~F_+rEUPj&9|3?t#j+wHlRLZx{QQp7p(@
z7N>DxTR2N$qkEvycG;8qn$3s94@9>84Y_`@GB|9$9$V9vhy!aMzW-<O$>^zuC5MOl
zc?of^;xp&YSlxdwD!bynzye#zq$a0}KI<!bH+g3J9iDKbe|qN6ytWHR6AsD#$nt#0
zn$5C8Yvqjk`!~Lsv%Zj8d}sPYw*M^-lQt>O6pz1nm6gr@R>_Hb3%P<l8~2nk3(u9D
zSX9aUak}3Ah!x6THS5=kP1-SQRS?U*;{m4kUa}{ZywYu1tp4-Cu4{~{3b`+G-h47p
zbNZDU_wDdmZnvj*XHGiLb**UY6T#;%X4$>>_%C`&{+NlZ%q|_<dl{!!F+cvf=F`DB
zt~|_pW*JIFuk|nexYBf1o~B84cKprIb&`*@PFsdCC&@KE`ug!Bm*+RW%}O5yw{~%E
zdXoK>f#X+^+hnyv%0{09^UCM)_RCI^Pqr5mXnyB&_8RZZm+yT$PacvxeSq^rlSx?K
z7jYhurNv=lMw_Mc16cmWHnK;4JR-i*qOx&ytNL0G@7sJ_^Ack-SVOvAdl)1NIeEp3
z&rE!8=j0tC`)GE=@1i>1{NK!XOFk|Tvn|y-x9Qoni_ZE64=Vr9(%({jt2m~$c*h}2
z*3;_?&gjRr>tA3pXbJX_-S;{FD!b=rm!}pbsk^m0Rr>p0%yHpcKb1$w;or~Z)9=%x
zK6!nTb9%M+d}~CAdzs3z_&WiXzQ<T^Enl20ogMve!(pS-d;ho_+?n|B_ob~nce!rQ
z$y#G=)2PukVFSlrMn?N-p4rovAAj=Xr^n4TGVJeF4*oi;aPH@(FwxqL|8-)YtdMLx
zQGNS7r((2f_liKrs_eZ{+(nDuoe9i4ylcbG{K;=V{>toYIC!=$uIZld(Fzl3laKHG
z_bdzAu(+K|^i-8|=Y>)ei;2er*G*ZV+E}vS*t3o;J0i}UnmlQx_KDZakH7x+c;<_?
zOX?>cU5}kIVb?GDvn<7%-RsueH&A`&xBL28`-+K|*T|~Hu4$iD@#IJLp7KAL-^x`3
z+x{3h&byqlmn%d4+2_7a{_CD4H@m*C{l(Am!L=oH^Wqs-os8@+IR0L1T-6!qe#Rp?
zZOT)JtzX~0T>1A6&!_ulerETt?{=(O<hNjA?bFZ}omqL;MEueYS}!m5NLw^xOHjsl
z&rSIfZo4XOE-7{Yny0)_T|AC$A79XybwMWr_V>D7-N$(T_mwM3eMeos{kfv8>Y2-^
zc|)$?`yvUy2-(*;-Yi#d-ebI|JGs=cvXocXXdg?yrbv%P#r2o^m42mjJ3?xHxyz(I
sP53oqnpptz4j$fP{ACu85=w#&#TyFouI1eIQ6eDD)sOvyV9mQ50L`hIlK=n!

literal 0
HcmV?d00001


From 312d1801f0b6321eb24205f600e1d29566bf5936 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 21 Nov 2024 10:10:06 +0100
Subject: [PATCH 2/6] Add `attic-client` to the Forgejo runner

---
 modules/forgejo-runners/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix
index 1d88c82..e9b52b9 100644
--- a/modules/forgejo-runners/default.nix
+++ b/modules/forgejo-runners/default.nix
@@ -23,6 +23,7 @@ let
         nix-fast-build
         curl
         tea
+        attic-client
       ]
     }; do
       for bin in "$dir"/bin/*; do

From 0610fc96e90e33cefb0e26327c5ceeb315006820 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 21 Nov 2024 10:10:38 +0100
Subject: [PATCH 3/6] Use `nix-fast-build` from flake (it supports native attic
 pushing)

---
 flake.lock              | 73 ++++++++++++++++++++++++++++++++++++++---
 flake.nix               |  4 +++
 modules/nix/default.nix |  6 ++++
 3 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index e48dcf3..9457803 100644
--- a/flake.lock
+++ b/flake.lock
@@ -223,6 +223,27 @@
       }
     },
     "flake-parts_3": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nix-fast-build",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_4": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib_2"
       },
@@ -240,7 +261,7 @@
         "type": "github"
       }
     },
-    "flake-parts_4": {
+    "flake-parts_5": {
       "inputs": {
         "nixpkgs-lib": [
           "nixThePlanet",
@@ -398,7 +419,7 @@
     },
     "hercules-ci-effects": {
       "inputs": {
-        "flake-parts": "flake-parts_4",
+        "flake-parts": "flake-parts_5",
         "nixpkgs": "nixpkgs_6"
       },
       "locked": {
@@ -622,6 +643,28 @@
         "type": "github"
       }
     },
+    "nix-fast-build": {
+      "inputs": {
+        "flake-parts": "flake-parts_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix_2"
+      },
+      "locked": {
+        "lastModified": 1730278911,
+        "narHash": "sha256-CrbqsC+lEA3w6gLfpqfDMDEKoEta2sl4sbQK6Z/gXak=",
+        "owner": "Mic92",
+        "repo": "nix-fast-build",
+        "rev": "8e7c9d76979381441facb8888f21408312cf177a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "nix-fast-build",
+        "type": "github"
+      }
+    },
     "nix-formatter-pack": {
       "inputs": {
         "nixpkgs": [
@@ -712,7 +755,7 @@
     },
     "nixThePlanet": {
       "inputs": {
-        "flake-parts": "flake-parts_3",
+        "flake-parts": "flake-parts_4",
         "hercules-ci-effects": "hercules-ci-effects",
         "nixpkgs": [
           "nixpkgs"
@@ -1119,12 +1162,13 @@
         "lix-eval-jobs": "lix-eval-jobs",
         "lix-module": "lix-module",
         "mobile-nixos": "mobile-nixos",
+        "nix-fast-build": "nix-fast-build",
         "nix-on-droid": "nix-on-droid",
         "nixDarwin": "nixDarwin",
         "nixThePlanet": "nixThePlanet",
         "nixosHardware": "nixosHardware",
         "nixpkgs": "nixpkgs_7",
-        "treefmt-nix": "treefmt-nix_2",
+        "treefmt-nix": "treefmt-nix_3",
         "vscode-server": "vscode-server"
       }
     },
@@ -1254,6 +1298,27 @@
       }
     },
     "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-fast-build",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723808491,
+        "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_3": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
diff --git a/flake.nix b/flake.nix
index de2ff34..e42bff9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,6 +62,10 @@
     };
     catppuccin.url = "github:catppuccin/nix";
     emacs-overlay.url = "github:nix-community/emacs-overlay";
+    nix-fast-build = {
+      url = "github:Mic92/nix-fast-build";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 84e36c4..a46e84e 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -2,17 +2,23 @@
   config,
   lib,
   fleetFlake,
+  pkgs,
   ...
 }:
 {
   nixpkgs.overlays = [
     (final: _: {
+      nix-fast-build = fleetFlake.inputs.nix-fast-build.packages.${final.system}.nix-fast-build // {
+        nix = final.nix;
+      };
       nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // {
         nix = final.nix;
       };
     })
   ];
 
+  environment.systemPackages = [ pkgs.nix-fast-build ];
+
   nix = {
     optimise.automatic = true;
 

From 0fc04a3b18896cdce9e9d3dd1b22bb7e3a6cd017 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 21 Nov 2024 10:11:40 +0100
Subject: [PATCH 4/6] Clean `home-assistant` configuration

---
 modules/home-assistant/default.nix | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix
index cebc663..9cde4b4 100644
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@@ -70,15 +70,6 @@ in
           "::1"
         ];
       };
-      # ffmpeg = {};
-      # camera = [
-      #   {
-      #     name = "EyeToy";
-      #     platform = "ffmpeg";
-      #     input = "/dev/video1";
-      #     extra_arguments = "-vcodec h264";
-      #   }
-      # ];
       homeassistant = {
         unit_system = "metric";
         time_zone = "Europe/Rome";
@@ -87,17 +78,6 @@ in
         internal_url = "http://rock5b.fleet:8123";
       };
       logger.default = "WARNING";
-      # backup = {};
-      # media_player = [{
-      #   platform = "webostv";
-      #   host = "10.1.1.213";
-      #   name = "TV";
-      #   timeout = "5";
-      #   turn_on_action = {
-      #     service = "wake_on_lan.send_magic_packet";
-      #     data.mac = "20:28:bc:74:14:c2";
-      #   };
-      # }];
       wake_on_lan = { };
       switch = [
         {
@@ -109,7 +89,6 @@ in
         }
       ];
       shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
-      # shell_command.turn_off_picard = ''whoami'';
       prometheus = {
         namespace = "hass";
       };

From f4364c6398d5815c99ecd4942e5716b4c69396e7 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 21 Nov 2024 10:14:58 +0100
Subject: [PATCH 5/6] Enable `webdav` in LAN for Kodi on the TV

---
 hosts/sisko/default.nix         |  2 +-
 modules/sisko-nfs/default.nix   | 20 -----------------
 modules/sisko-share/default.nix | 39 +++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 21 deletions(-)
 delete mode 100644 modules/sisko-nfs/default.nix
 create mode 100644 modules/sisko-share/default.nix

diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index 969f4e4..65c5e0b 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -18,7 +18,7 @@
       "sisko-proxy"
       "invidious"
       "searx"
-      "sisko-nfs"
+      "sisko-share"
       "forgejo"
       "prometheus"
       "grafana"
diff --git a/modules/sisko-nfs/default.nix b/modules/sisko-nfs/default.nix
deleted file mode 100644
index 7e9b82b..0000000
--- a/modules/sisko-nfs/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  systemd.tmpfiles.rules = [
-    "d /export 770 nobody nogroup"
-  ];
-
-  fileSystems."/export/hd" = {
-    device = "/mnt/hd";
-    options = [ "bind" ];
-  };
-
-  services.nfs.server = {
-    enable = true;
-    exports = ''
-      /export     10.100.0.1/24(rw,fsid=0,no_subtree_check)
-      /export/hd  10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [ 2049 ];
-}
diff --git a/modules/sisko-share/default.nix b/modules/sisko-share/default.nix
new file mode 100644
index 0000000..41ea29b
--- /dev/null
+++ b/modules/sisko-share/default.nix
@@ -0,0 +1,39 @@
+{
+  systemd.tmpfiles.rules = [
+    "d /export 770 nobody nogroup"
+  ];
+
+  fileSystems."/export/hd" = {
+    device = "/mnt/hd";
+    options = [ "bind" ];
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /export     10.100.0.1/24(rw,fsid=0,no_subtree_check)
+      /export/hd  10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
+    '';
+  };
+
+  services.webdav = {
+    enable = true;
+
+    settings = {
+      address = "10.1.1.2"; # accessible only in LAN, used by Kodi installed on the TV
+      port = 9999;
+      scope = "/mnt/hd/torrent";
+      modify = false;
+      auth = false; # TODO should we enable authentication? It's only reachable in LAN
+      debug = true;
+      users = [ ];
+    };
+  };
+
+  users.users.webdav.extraGroups = [ "transmission" ];
+
+  networking.firewall.allowedTCPPorts = [
+    2049
+    9999
+  ];
+}

From 6f4d3f180b19f6c85178e6ce7c3e8f529fff788c Mon Sep 17 00:00:00 2001
From: Seven of Nine <sevenofnine@stronzi.org>
Date: Thu, 21 Nov 2024 14:01:29 +0000
Subject: [PATCH 6/6] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/5fd852c4155a689098095406500d0ae3d04654a8' (2024-11-14)
  → 'github:nix-community/disko/a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4' (2024-11-20)
• Updated input 'dream2nix':
    'github:nix-community/dream2nix/44d41411686bc798876bd6d9f36a4c1143138d85' (2024-11-12)
  → 'github:nix-community/dream2nix/91bec8a0854abfa581a40b5030cfa8f98d2f8ee5' (2024-11-20)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/4639038b0f5e66e7d0f3d103b8e44ded3ab7e337' (2024-11-14)
  → 'github:nix-community/emacs-overlay/46cbce8bc96c36a83a2cae9312026b3028bdcb87' (2024-11-21)
• Updated input 'emacs-overlay/nixpkgs':
    'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11)
  → 'github:NixOS/nixpkgs/23e89b7da85c3640bbc2173fe04f4bd114342367' (2024-11-19)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12)
  → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16)
• Updated input 'git-hooks-nix':
    'github:cachix/git-hooks.nix/cd1af27aa85026ac759d5d3fccf650abe7e1bbf0' (2024-11-11)
  → 'github:cachix/git-hooks.nix/3308484d1a443fc5bc92012435d79e80458fe43c' (2024-11-19)
• Updated input 'homeManager':
    'github:nix-community/home-manager/35b055009afd0107b69c286fca34d2ad98940d57' (2024-11-13)
  → 'github:nix-community/home-manager/a46e702093a5c46e192243edbd977d5749e7f294' (2024-11-19)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/cef39a78679c266300874e7a7000b4da066228d4' (2024-11-04)
  → 'github:nix-community/lanzaboote/2f48272f34174fd2a5ab3df4d8a46919247be879' (2024-11-18)
• Updated input 'lix-eval-jobs':
    'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=57ddb99e781d19704f8a84036f9890e6ca554c41' (2024-11-09)
  → 'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=912a9d63319e71ca131e16eea3348145a255db2e' (2024-11-18)
• Updated input 'lix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
  → 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'lix-eval-jobs/treefmt-nix':
    'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22)
  → 'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30)
• Updated input 'lix-module':
    'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=691193879d96bdfd1e6ab5ebcca2fadc7604cf34' (2024-11-09)
  → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=aa2846680fa9a2032939d720487942567fd9eb63' (2024-11-18)
• Updated input 'lix-module/flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13)
• Updated input 'mobile-nixos':
    'github:NixOS/mobile-nixos/2268e358ed407d9c0a4499ae767d105eeaeec586' (2024-11-06)
  → 'github:NixOS/mobile-nixos/b7db416f5db80a749b45083876e908cda64506ad' (2024-11-19)
• Updated input 'nixDarwin':
    'github:LnL7/nix-darwin/6c71c49e2448e51ad830ed211024e6d0edc50116' (2024-11-12)
  → 'github:LnL7/nix-darwin/61cee20168a3ebb71a9efd70a55adebaadfbe4d4' (2024-11-19)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
  → 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11)
  → 'github:NixOS/nixpkgs/23e89b7da85c3640bbc2173fe04f4bd114342367' (2024-11-19)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30)
  → 'github:numtide/treefmt-nix/37f8f47cb618eddee0c0dd31a582b1cd3013c7f6' (2024-11-21)
---
 flake.lock | 112 ++++++++++++++++++++++++++---------------------------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9457803..8d9ac2c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -80,11 +80,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731549112,
-        "narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=",
+        "lastModified": 1732109232,
+        "narHash": "sha256-iYh6h8yueU8IyOfNclbiBG2+fBFcjjUfXm90ZBzk0c0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "5fd852c4155a689098095406500d0ae3d04654a8",
+        "rev": "a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4",
         "type": "github"
       },
       "original": {
@@ -100,11 +100,11 @@
         "pyproject-nix": "pyproject-nix"
       },
       "locked": {
-        "lastModified": 1731424167,
-        "narHash": "sha256-nKKeRwq7mxcW8cBTmPKzSg0DR/inVrtuJudVM81GISU=",
+        "lastModified": 1732113111,
+        "narHash": "sha256-KgGKWOEbqP15O2J6kue4JShHDk5yGG5e1GfY22bjuZU=",
         "owner": "nix-community",
         "repo": "dream2nix",
-        "rev": "44d41411686bc798876bd6d9f36a4c1143138d85",
+        "rev": "91bec8a0854abfa581a40b5030cfa8f98d2f8ee5",
         "type": "github"
       },
       "original": {
@@ -119,11 +119,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1731574827,
-        "narHash": "sha256-QneOtCpfBNkgJCs32Y8LaKDpontw7W9ATQxIW4qb6qc=",
+        "lastModified": 1732179669,
+        "narHash": "sha256-zpaoCm2sakoi8hsabMjTq7kYTz0SJo7PhRUGk48QjXY=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "4639038b0f5e66e7d0f3d103b8e44ded3ab7e337",
+        "rev": "46cbce8bc96c36a83a2cae9312026b3028bdcb87",
         "type": "github"
       },
       "original": {
@@ -209,11 +209,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727826117,
-        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
+        "lastModified": 1730504689,
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
         "type": "github"
       },
       "original": {
@@ -287,11 +287,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -361,11 +361,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1731363552,
-        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+        "lastModified": 1732021966,
+        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
         "type": "github"
       },
       "original": {
@@ -485,11 +485,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731535640,
-        "narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=",
+        "lastModified": 1732025103,
+        "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "35b055009afd0107b69c286fca34d2ad98940d57",
+        "rev": "a46e702093a5c46e192243edbd977d5749e7f294",
         "type": "github"
       },
       "original": {
@@ -546,11 +546,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1730739295,
-        "narHash": "sha256-aYeJ/P/9AuK6Kee63ZdsmDjEwhnksF+gIv/OyGtlBJE=",
+        "lastModified": 1731941836,
+        "narHash": "sha256-zpmAzrvK8KdssBSwiIwwRxaUJ77oWORbW0XFvgCFpTE=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "cef39a78679c266300874e7a7000b4da066228d4",
+        "rev": "2f48272f34174fd2a5ab3df4d8a46919247be879",
         "type": "github"
       },
       "original": {
@@ -589,11 +589,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1731185443,
-        "narHash": "sha256-9qkRZFTgbMonlBaLqL+OW6iiHLWXuBJlThISMhwQuGg=",
+        "lastModified": 1731890968,
+        "narHash": "sha256-6xMxT2duVMO6fo1AXfTjqh7LW3ZmNiHw6kBaAhweLGo=",
         "ref": "refs/heads/main",
-        "rev": "57ddb99e781d19704f8a84036f9890e6ca554c41",
-        "revCount": 613,
+        "rev": "912a9d63319e71ca131e16eea3348145a255db2e",
+        "revCount": 616,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nix-eval-jobs"
       },
@@ -614,11 +614,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731185731,
-        "narHash": "sha256-RNaIu43b9PoXEhW4OqXUNZKY/jezQyCYWwdv1M0VjsA=",
+        "lastModified": 1731967274,
+        "narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=",
         "ref": "refs/heads/main",
-        "rev": "691193879d96bdfd1e6ab5ebcca2fadc7604cf34",
-        "revCount": 117,
+        "rev": "aa2846680fa9a2032939d720487942567fd9eb63",
+        "revCount": 119,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module"
       },
@@ -630,11 +630,11 @@
     "mobile-nixos": {
       "flake": false,
       "locked": {
-        "lastModified": 1730912712,
-        "narHash": "sha256-T5A9I6Tfh9zrv9sRWfu/ZKN6VkE670YQ6bjC5sbpTzk=",
+        "lastModified": 1732038579,
+        "narHash": "sha256-NHf24Zmhh5vFBarfgBdgbYQXUppmPitMUkj6Gvddab8=",
         "owner": "NixOS",
         "repo": "mobile-nixos",
-        "rev": "2268e358ed407d9c0a4499ae767d105eeaeec586",
+        "rev": "b7db416f5db80a749b45083876e908cda64506ad",
         "type": "github"
       },
       "original": {
@@ -740,11 +740,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1731454423,
-        "narHash": "sha256-TtwvgFxUa0wyptLhQbKaixgNW1UXf3+TDqfX3Kp63oM=",
+        "lastModified": 1732016537,
+        "narHash": "sha256-XwXUK+meYnlhdQz2TVE4Wv+tsx1CkdGbDPt1tRzCNH4=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "6c71c49e2448e51ad830ed211024e6d0edc50116",
+        "rev": "61cee20168a3ebb71a9efd70a55adebaadfbe4d4",
         "type": "github"
       },
       "original": {
@@ -778,11 +778,11 @@
     },
     "nixosHardware": {
       "locked": {
-        "lastModified": 1731403644,
-        "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
+        "lastModified": 1731797098,
+        "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "f6581f1c3b137086e42a08a906bdada63045f991",
+        "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
         "type": "github"
       },
       "original": {
@@ -871,11 +871,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1731386116,
-        "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
+        "lastModified": 1731797254,
+        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "689fed12a013f56d4c4d3f612489634267d86529",
+        "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
         "type": "github"
       },
       "original": {
@@ -935,11 +935,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1731319897,
-        "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
+        "lastModified": 1732014248,
+        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dc460ec76cbff0e66e269457d7b728432263166c",
+        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
         "type": "github"
       },
       "original": {
@@ -996,11 +996,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1731319897,
-        "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
+        "lastModified": 1732014248,
+        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dc460ec76cbff0e66e269457d7b728432263166c",
+        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
         "type": "github"
       },
       "original": {
@@ -1284,11 +1284,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729613947,
-        "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
+        "lastModified": 1730321837,
+        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
+        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
         "type": "github"
       },
       "original": {
@@ -1325,11 +1325,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730321837,
-        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
+        "lastModified": 1732187120,
+        "narHash": "sha256-XdW2mYXvPHYtZ8oQqO3tRYtxx7kI0Hs3NU64IwAtD68=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
+        "rev": "37f8f47cb618eddee0c0dd31a582b1cd3013c7f6",
         "type": "github"
       },
       "original": {