Update from update-inputs-2024-06-13-04-20

2024-06-13 04:21:01 +02:00 · 2024-06-13 04:21:01 +02:00 · 586a45a06b
commit 586a45a06b
parent 2c9bb4dfb5 d57bac4461
36 changed files with 259 additions and 113 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,7 +1,7 @@
 keys:
  - &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
  - &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
-  - &alucard age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
+  - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
 creation_rules:
  - path_regex: secrets/services/dns-knot.yaml
    key_groups:
@ -20,13 +20,13 @@ creation_rules:
    - pgp:
      - *emily
      age:
-      - *alucard
+      - *emilia
  - path_regex: secrets/services/vaultwarden.yaml
    key_groups:
    - pgp:
      - *emily
      age:
-      - *alucard
+      - *emilia
  - path_regex: secrets/services/hydra.yaml
    key_groups:
    - pgp:
--- a/config/common/networking.nix
+++ b/config/common/networking.nix
@ -1,12 +1,13 @@
-{ config, lib, ... }: with lib; {
+{ lib, ... }: with lib; {
  networking = {
    domain = mkDefault "kyouma.net";
+    dhcpcd.enable = false;
+    useDHCP = false;
    nftables.enable = mkDefault true;
    firewall.logRefusedConnections = mkDefault false;
  };

  systemd.network.enable = true;
-  networking.dhcpcd.enable = false;

  services.resolved = {
    enable = true;
--- a/config/hosts/_minimal/configuration.nix
+++ b/config/hosts/_minimal/configuration.nix
@ -1,4 +1,4 @@
-{ modulesPath, config, lib, inputs, pkgs, ... }: {
+{ modulesPath, inputs, pkgs, ... }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
--- a/config/hosts/crime/configuration.nix
+++ b/config/hosts/crime/configuration.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ ... }: {
  imports = [
    ../../common
    ../../profiles/headless.nix
--- a/config/hosts/crime/nginx.nix
+++ b/config/hosts/crime/nginx.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, ... }:
 let 
  landingPage = pkgs.writeTextDir "index.html" '' 
    <!DOCTYPE html>
--- a/config/hosts/emilia/configuration.nix
+++ b/config/hosts/emilia/configuration.nix
@ -0,0 +1,38 @@
+{ ... }:{
+  imports = [
+    ../../common
+    ../../profiles/headless.nix
+    ../../profiles/physical.nix
+    ../../services/forgejo.nix
+    ../../services/nginx.nix
+    ../../services/uptime-kuma.nix
+    ../../services/vaultwarden.nix
+    ./disko.nix
+    ./hardware-configuration.nix
+  ];
+  boot.initrd.kernelModules = [ "i915" ];
+  boot.initrd.supportedFilesystems = [ "btrfs" ];
+
+  kyouma.machine-type.physical = true;
+  kyouma.nginx.defaultForbidden = "uptime.kyouma.net";
+
+  networking = {
+    firewall.allowedTCPPorts = [ 80 443 ];
+    hostName = "emilia";
+  };
+  systemd.network.networks."98-eth-default" = {
+    matchConfig.MACAddress = "04:d4:c4:39:73:f6";
+    addresses = [
+      {
+        Address = "95.217.83.107/32";
+        Peer = "95.217.83.65/32";
+      }
+      { Address = "2a01:4f9:4a:1f5f::1/64"; }
+    ];
+    routes = [
+      { Gateway = "95.217.83.65"; }
+      { Gateway = "fe80::1"; }
+    ];
+  };
+
+}
--- a/config/hosts/emilia/disko.nix
+++ b/config/hosts/emilia/disko.nix
@ -0,0 +1,71 @@
+{ inputs, ... }: {
+  imports = [
+    inputs.disko.nixosModules.disko
+  ];
+  disko.devices = {
+    disk.bb-nvme0n1 = {
+      device = "/dev/disk/by-id/nvme-eui.343337304e4032870025384100000001";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          BOOT = {
+            type = "EF00";
+            size = "512M";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "/dev/disk/by-partlabel/disk-aa-nvme1n1-root" "-f" "-d raid1" "-m raid1" ];
+              subvolumes = {
+                "nixos" = {
+                  mountpoint = "/";
+                  mountOptions = [ "compress=zstd" "noatime" ];
+                };
+                "var" = {
+                  mountpoint = "/var";
+                  mountOptions = [ "compress=zstd" "noatime" ];
+                };
+                "home" = {
+                  mountpoint = "/home";
+                  mountOptions = [ "compress=zstd" "noatime" ];
+                };
+                "nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [ "compress=zstd" "noatime" ];
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    disk.aa-nvme1n1 = {
+      device = "/dev/disk/by-id/nvme-eui.343337304d8021880025384500000001";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          BOOT = {
+            type = "EF00";
+            size = "512M";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = null;
+            };
+          };
+          root = {
+            size = "100%";
+          };
+        };
+      };
+    };
+  };
+}
--- a/config/hosts/emilia/hardware-configuration.nix
+++ b/config/hosts/emilia/hardware-configuration.nix
@ -0,0 +1,9 @@
+{ modulesPath, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ];
+  boot.kernelModules = [ "kvm-intel" ];
+}
+
--- a/config/hosts/girldick/configuration.nix
+++ b/config/hosts/girldick/configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }: {
+{ lib, ... }: {
  imports = [
    ../../common
    ../../profiles/kartoffel.nix
--- a/config/hosts/integra/configuration.nix
+++ b/config/hosts/integra/configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: { 
+{ ... }: { 
  imports = [
    ../../common
    ../../profiles/builder.nix
@ -14,10 +14,7 @@

  kyouma.machine-type.physical = true;

-  networking = {
-    hostName = "integra";
-    useDHCP = false;
-  };
+  networking.hostName = "integra";

  systemd.network.networks."98-eth-default" = {
    matchConfig.Type = "ether";
--- a/config/hosts/integra/disko.nix
+++ b/config/hosts/integra/disko.nix
@ -1,4 +1,4 @@
-{ config, inputs, ... }: {
+{ inputs, ... }: {
  imports = [
    inputs.disko.nixosModules.disko
  ];
--- a/config/hosts/integra/hardware-configuration.nix
+++ b/config/hosts/integra/hardware-configuration.nix
@ -1,6 +1,6 @@
-{ config, lib, pkgs, modulesPath, ... }: {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+{ modulesPath, ... }: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ];
--- a/config/hosts/lain/configuration.nix
+++ b/config/hosts/lain/configuration.nix
@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }: {
+{ lib, pkgs, ... }: {
  imports = [
    ../../common
    ../../profiles/rpi.nix
--- a/config/hosts/lain/iso.nix
+++ b/config/hosts/lain/iso.nix
@ -1,4 +1,4 @@
-{ config, lib, inputs, ... }: {
+{ lib, inputs, ... }: {
  imports = [
    "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
    ./configuration.nix
--- a/config/hosts/ns-nbg/configuration.nix
+++ b/config/hosts/ns-nbg/configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ ... }: {
  imports = [
    ../../common
    ../../profiles/headless.nix
@ -6,7 +6,7 @@
  ];
  kyouma.machine-type.physical = false;

-  systemd.network.networks."98-eth-static" = {
+  systemd.network.networks."98-eth-default" = {
    matchConfig.Type = "ether";
    matchConfig.Name = "e*";
    linkConfig.RequiredForOnline = "routable";
@ -20,8 +20,8 @@
      "185.244.193.190/22"
    ];
    routes = [
-      { routeConfig.Gateway = "fe80::1"; }
-      { routeConfig.Gateway = "185.244.192.1"; }
+      { Gateway = "fe80::1"; }
+      { Gateway = "185.244.192.1"; }
    ];
  };
  services.powerdns = {
--- a/config/hosts/ryuuko/configuration.nix
+++ b/config/hosts/ryuuko/configuration.nix
@ -3,8 +3,9 @@
    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
    ../../common
    ../../profiles/graphical
-    ./hardware-configuration.nix
+    ../../profiles/physical.nix
    ./disko.nix
+    ./hardware-configuration.nix
  ];

  boot.extraModprobeConfig = ''
@ -21,13 +22,8 @@
    "rcu_nocbs=0-8"
    
  ];
-  boot.loader = {
-    systemd-boot.enable = true;
-    efi.canTouchEfiVariables = true;
-  };

  hardware.bluetooth.enable = true;
-  hardware.cpu.intel.updateMicrocode = true;
  hardware.gpgSmartcards.enable = true;
  hardware.nitrokey.enable = true;

@ -44,7 +40,6 @@
    extraBackends = [ pkgs.utsushi ];
  };

-  kyouma.machine-type.physical = true;
  kyouma.machine-type.portable = true;

  networking.hostName = "ryuuko";
--- a/config/hosts/ryuuko/disko.nix
+++ b/config/hosts/ryuuko/disko.nix
@ -1,4 +1,4 @@
-{ config, inputs, ... }: {
+{ inputs, ... }: {
  imports = [
    inputs.disko.nixosModules.disko
  ];
--- a/config/hosts/ryuuko/hardware-configuration-qemu.nix
+++ b/config/hosts/ryuuko/hardware-configuration-qemu.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ modulesPath, ... }:

 {
  imports =
--- a/config/hosts/ryuuko/hardware-configuration.nix
+++ b/config/hosts/ryuuko/hardware-configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ modulesPath, ... }:

 {
  imports =
--- a/config/hosts/web-dus/configuration.nix
+++ b/config/hosts/web-dus/configuration.nix
@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }: { 
+{ config, inputs, lib, ... }: { 
  imports = [
    inputs.fernglas.nixosModules.default
    inputs.kyouma-www.nixosModules.default
--- a/config/profiles/builder.nix
+++ b/config/profiles/builder.nix
@ -6,7 +6,7 @@
    min-free = ${builtins.toString (4096 * 1024 * 1024)}
    max-free = ${builtins.toString (8192 * 1024 * 1024)}
    max-substitution-jobs = 20
-    max-silent-time = 3600
+    max-silent-time = 7200
  '';
  users.users.build = {
    isNormalUser = true;
--- a/config/profiles/graphical/default.nix
+++ b/config/profiles/graphical/default.nix
@ -25,13 +25,15 @@
  services.udisks2.enable = true;

  environment.variables = {
-    SDL_VIDEODRIVER = "wayland";
-    QT_QPA_PLATFORM = "wayland";
-    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    CLUTTER_BACKEND = "wayland";
    GDK_BACKEND = "wayland,x11";
    MOZ_ENABLE_WAYLAND = "1";
-    CLUTTER_BACKEND = "wayland";
-    LIBVA_DRIVER_NAME = "iHD";
+    QT_QPA_PLATFORM = "wayland;xcb";
+    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    SDL_VIDEODRIVER = "wayland";
+    LIBVA_DRIVER_NAME = "radeonsi";
+    MESA_VK_DEVICE_SELECT = "1002:73df";
+    WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
  };
  xdg.icons.enable = true;
  xdg.portal = {
@ -121,7 +123,7 @@
      source = pkgs.writeShellApplication {
        name = "rofi-powermenu";
        text = builtins.readFile ./files/scripts/rofi_powermenu.sh;
-        runtimeInputs = with pkgs; [ rofi coreutils-full toybox xdg-user-dirs ];
+        runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ];
      };
    };
    home.file."./local/bin/hypr/rofi_screenshot.sh" = {
@ -268,21 +270,21 @@
          "eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
          #"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
          #"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
-          "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@143.972,3840x0, 1,bitdepth,10"
-          "desc:Samsung Electric Company S27E500 0x3043394D, 1920x1080@70,6400x180, 1"
+          "desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@120,5280x0,1, bitdepth,10, vrr,2"
+          "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1"
          ",preferred,auto,1"
        ];
        workspace = [
-          "1, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, default:true"
-          "2, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
-          "3, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
-          "4, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
-          "5, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
-          "6, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
+          "1, monitor:desc:Dell Inc. AW3225QF FXK2YZ3, default:true"
+          "2, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
+          "3, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
+          "4, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
+          "5, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
+          "6, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
          "7, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
-          "8, monitor:desc:Samsung Electric Company S27E500 0x3043394D"
-          "9, monitor:desc:Samsung Electric Company S27E500 0x3043394D"
-          "10,monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
+          "8, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
+          "9, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
+          "10,monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
        ];
        windowrule = [
          "float, foot-float"
@ -313,7 +315,7 @@

          # Misc
          "$mod, C,     exec, ~/.local/bin/hypr/colorpicker.sh"
-          "CTRL_ALT, L, exec, ${pkgs.hyprlock}/bin/hyprlock" 
+          "CTRL_ALT, L, exec, ${pkgs.systemd}/bin/loginctl lock-session" 

          # Function keys
          ", XF86AudioMute,         exec, ${pactl} set-sink-mute @DEFAULT_SINK@ toggle"
@ -726,7 +728,7 @@

    services.swayidle =
    let 
-      hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
+      hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
    in {
      enable = true;
      systemdTarget = "hyprland-session.target";
--- a/config/profiles/graphical/files/scripts/rofi_powermenu.sh
+++ b/config/profiles/graphical/files/scripts/rofi_powermenu.sh
@ -59,11 +59,11 @@ confirm_run () {
 # Execute Command
 run_cmd() {
 	if [[ "$1" == '--opt1' ]]; then
-		hyprlock
+		pidof hyprlock || hyprlock
 	elif [[ "$1" == '--opt2' ]]; then
 		confirm_run 'hyprctl dispatch exit 0'
 	elif [[ "$1" == '--opt3' ]]; then
-		confirm_run 'pulsemixer --mute' 'hyprlock' 'systemctl suspend' #"$DIR/scripts/lockscreen" 
+		confirm_run 'pulsemixer --mute' 'systemctl suspend'
 	elif [[ "$1" == '--opt4' ]]; then
 		confirm_run 'systemctl hibernate'
 	elif [[ "$1" == '--opt5' ]]; then
--- a/config/profiles/graphical/nixvim.nix
+++ b/config/profiles/graphical/nixvim.nix
@ -1,4 +1,4 @@
-{config, pkgs, inputs, ... }: {
+{ pkgs, inputs, ... }: {
  home-manager.users.emily.imports = [ 
    inputs.nixvim.homeManagerModules.nixvim
  ];
--- a/config/profiles/kartoffel.nix
+++ b/config/profiles/kartoffel.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ ... }: {
  services.resolved = {
    extraConfig = ''
      DNS = [2a0f:be01::1] 
@ -14,7 +14,7 @@
      IPv6AcceptRA = false;
    };
    routes = [
-      { routeConfig.Gateway = "fe80::1"; }
+      { Gateway = "fe80::1"; }
    ];
  };
 }
--- a/config/profiles/lxc.nix
+++ b/config/profiles/lxc.nix
@ -1,4 +1,4 @@
-{ lib, modulesPath, ... }: {
+{ modulesPath, ... }: {
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
  ];
@ -14,6 +14,5 @@
    };
  };

-  networking.useDHCP = false;
  networking.useHostResolvConf = false;
 }
--- a/config/profiles/physical.nix
+++ b/config/profiles/physical.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }:{
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+  environment.systemPackages = with pkgs; [
+    pciutils
+    usbutils
+  ];
+  hardware.cpu.intel.updateMicrocode = true;
+  hardware.enableAllFirmware = true;
+
+  kyouma.machine-type.physical = true;
+
+  services.fwupd.enable = true;
+}
--- a/config/profiles/rpi.nix
+++ b/config/profiles/rpi.nix
@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }: {
+{ inputs, pkgs, ... }: {
  imports = [
    inputs.nixos-hardware.nixosModules.raspberry-pi-4
  ];
--- a/config/services/forgejo.nix
+++ b/config/services/forgejo.nix
@ -5,7 +5,7 @@
  };
  services.forgejo = {
    enable = true;
-    mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path;
+    secrets.mailer.PASSWD = config.sops.secrets."services/forgejo/mailerPassword".path;
    database = {
      createDatabase = true;
      type = "postgres";
--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }: with lib; {
+{ config, lib, ... }: with lib; {
  kyouma.deployment.tags = [ "web" ];
  security.dhparams.enable = true;
  security.dhparams.params.nginx = {};
--- a/config/services/nyastodon.nix
+++ b/config/services/nyastodon.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: {
+{ config, pkgs, ... }: {
  services.mastodon = {
    enable = true;
    package = pkgs.nyastodon;
--- a/config/services/uptime-kuma.nix
+++ b/config/services/uptime-kuma.nix
@ -0,0 +1,18 @@
+{ ... }:{
+  services.uptime-kuma = {
+    enable = true;
+    appriseSupport = true;
+    settings = {
+      HOST = "::1";
+      PORT = "3001";
+      NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
+    };
+  }; 
+  kyouma.nginx.virtualHosts."uptime.kyouma.net" = {
+    locations."/" = {
+      proxyPass = "http://[::1]:3001";
+      proxyWebsockets = true;
+    };
+  };
+  security.acme.certs."uptime.kyouma.net" = {};
+}
--- a/config/services/vaultwarden.nix
+++ b/config/services/vaultwarden.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ config, ... }: {
  sops.secrets."services/vaultwarden/environmentFile" = {
    sopsFile = ../../secrets/services/vaultwarden.yaml;
    owner = "vaultwarden";
--- a/flake.lock
+++ b/flake.lock
@ -206,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718008439,
-        "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=",
+        "lastModified": 1718242063,
+        "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82",
+        "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
        "type": "github"
      },
      "original": {
@ -472,11 +472,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718141734,
-        "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=",
+        "lastModified": 1718243258,
+        "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad",
+        "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3",
        "type": "github"
      },
      "original": {
@ -516,11 +516,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716993688,
-        "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
+        "lastModified": 1717976995,
+        "narHash": "sha256-u3HBinyIyUvL1+N816bODpJmSQdgn0Mbb8BprFw7kqo=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
+        "rev": "315aa649ba307704db0b16c92f097a08a65ec955",
        "type": "github"
      },
      "original": {
@ -531,11 +531,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1717995329,
-        "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=",
+        "lastModified": 1718207430,
+        "narHash": "sha256-/eO2NTRvrrdYWMI06plS8ANDGOhTZBA+C3H3KwbBI1w=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "58b52b0dd191af70f538c707c66c682331cfdffc",
+        "rev": "9e848e173ca83adf884815c66edc08652ef9ade8",
        "type": "github"
      },
      "original": {
@ -614,11 +614,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1717974879,
-        "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
+        "lastModified": 1718160348,
+        "narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
+        "rev": "57d6973abba7ea108bac64ae7629e7431e0199b6",
        "type": "github"
      },
      "original": {
@ -644,11 +644,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1718098450,
-        "narHash": "sha256-QDKPhT61Cf82/7G7vMyEfKQSIGGzs33FyT+4RB34spo=",
+        "lastModified": 1718202302,
+        "narHash": "sha256-urU2mKEhKCaThtRDM54oUj40A+m3wYSnWjfkoxbuhLU=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "7a2d065ccec902c17db71bd2ba3e485a0952f43b",
+        "rev": "cc9023fb1d74fad3b7b704a1c161a2ce9f378431",
        "type": "github"
      },
      "original": {
@ -765,11 +765,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717850719,
-        "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
+        "lastModified": 1718139168,
+        "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
+        "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1",
        "type": "github"
      },
      "original": {
--- a/secrets/services/forgejo.yaml
+++ b/secrets/services/forgejo.yaml
@ -7,27 +7,27 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
-        - recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
+        - recipient: age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkd3djMk56SytWVmo5RDNw
-            NHMvUEtRMGZyUzFiakVGZE1aWTFjZnJkbFM4Cjk0a2FqdXVhdnNzUUxBWmlJc0tX
-            VWRyalNLMVRzcWQ4MnM4UlhYSEkwUWMKLS0tIG9VUVdsQ3VBc1BnZTgvb3B4c3l3
-            azZWZ1ZzV01LTVJ5YW9DREd3NmRYMm8KDJ/tAgBGmATYSY39IR2SXKxOqTVkcijC
-            MI7kq5wqQBZP/yHdCrjQymnqH8Nvxf0s3iXpGBlPxURfowe+iH5F3A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpWm1qS1NTM1l5QnFDRkha
+            a0phMGRxV05sL012RXFaYUpCZ2N5L0x3eVM0CnE2NUxMWm8rdnRYRlUyeFFDUHYr
+            cElyU2RVMmJacnVsWWw1VG5Na2Vidm8KLS0tIGR0aFRCVkZYRU5FMU5rT0ZBU0tU
+            ODRObVRsRnFVOThDMGlxc1gxdHJqSDAK1SExfC7p67F2tY03QGW3TVUIXr5beFDU
+            McLdfLI7pIwBuazIAvs3Ln5Gd5XEfgJpmnzyrhfjW1S71f3vW2RpBQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-02T14:54:13Z"
    mac: ENC[AES256_GCM,data:N5mdPONsyiUy5TGUI2rurxyd5Lczt7pMwdhI7eKqk5ZThZAf6dni/xhv+gO5LXDHTIdtopFegsk3t5FWtkCK+U6B+1ouU8E6mBDLTwVHa0+cZcf42eTipAATLxGjQRhgHxfUSfU4ndke96Nx6MN/F57n+fUAmMyrenhJunlCLnc=,iv:rMpOparLNS4yxFra6x1LT7kuYQQETD/UVFIZ2buVTLM=,tag:QLC+t6yCHlVgA6N0vlCHJg==,type:str]
    pgp:
-        - created_at: "2024-05-02T14:52:36Z"
+        - created_at: "2024-06-12T20:46:38Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hF4D1GtNSlou/HkSAQdARZLi4xZr9dGTiHolSWZreUv6PzkAT2q+/orYXzeiO20w
-            fRrP5wiXgxA+15zzloqz6JPFhdwunGLum7zcQ2oqOvj/X+9TCd0KP+iu/PpIaUPJ
-            0l4BPEMOXUwlK0Ll1z0vwjlabQkuGvvKEWVquaWP+uqwX8VkBnv4rZimiI9J8P3p
-            sIuqm66WGEDHI5MuX4GuBKcd78wRm4d3c5KY6cuk8AzfO5+0wKPcKgB/KyGCzi/n
-            =SNC/
+            hF4D1GtNSlou/HkSAQdAJRWAlEuaIfiHnBMvRqPOunNkBwC0s/8jODy0UJZ/T2Uw
+            tc3GMsi9SiFoa5LJMUKJX+thC4Ci10F7t6PNiH7zWB/VIqjaGhWtTNf0Lab87IHp
+            0l4BaVO4WvWaTqV4zXGAdQUAdVIKMZv7X8UgCQCNvaJA56m3+kgD9a2axJyo/Wh8
+            fNTHH96n5X3Vqd7b9/cEqQ+oyk5UPbKsJUHHUcKwTAq1W5v/L/aszQ5g8kMmWlat
+            =cNKg
            -----END PGP MESSAGE-----
          fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
    unencrypted_suffix: _unencrypted
--- a/secrets/services/vaultwarden.yaml
+++ b/secrets/services/vaultwarden.yaml
@ -7,27 +7,27 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
-        - recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
+        - recipient: age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYlRnYWU0V3dOdXNYVDNP
-            akh2T1dUa3VxVDFMQW8rWURWRUxLNXkwWDJRCloyUGlRbGZFY2owWldxblAvK1l2
-            S0UrODBFK1l0Rlp4VktlNGtONHFQWmcKLS0tICtYQkxQdlBMTGgwSGJIWHBpTWN2
-            Zzc0U3JJOGJDNTViNmpsM1RGYkRSYlEK5TwOYuhhtkD3S1gJGQWTDzr7z0MX9Lwx
-            lSMz7CYrJtVM+Ec+IBIMXopBOnrQWvOeBgEhN9KYfngLGNbUaJelFw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZEwzNThxcytPVUVwQUE1
+            eUUyTFp3NjRpcStZaEFLb2pCS2JGUlFtYmk4ClQxQm1EdVdmeks5VVVaTCtjT3Z0
+            TWtMdy9xeGwwTUlpZHFoNVptbVQ5WnMKLS0tIGlwVTVxSTRmMGNTTkhRaWh1enp1
+            MktVZ0VUbEFOY2xkcUhvQlBFdXhtaGMKkZrL4ePjGaV6Xa1zo+6osC6uT3YfYP/A
+            Sju9hALA36ACnE3QoIE5Rnhme4KwiIA6+VZlIU4OHAB8YPIewmvCCA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-03T13:05:08Z"
    mac: ENC[AES256_GCM,data:xQtCP1lRVQvr3rY/Cb3eW7tAwUSge8yFMuYSzMRUzbaNz03dHU3lhp/FGFDa1aWvbxT9YdKr4rIY2sUlMAK5ltw5uiiOXo5RA0wiC80A9bRVudnxCpF0cvwzBUZyY4I5ydAKE+peKLf76GRVE9awkZLmCu/B+P/R9AuS0GEZxKA=,iv:G3HF5py8bTnbJZBSWDHPVY6yI/ZlDaTEG0XCq0t+ykY=,tag:bs95sOcYsLn1Pls8TpqzHw==,type:str]
    pgp:
-        - created_at: "2024-05-03T12:00:19Z"
+        - created_at: "2024-06-12T20:46:24Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hF4D1GtNSlou/HkSAQdA/lTtX2vY6hjiqZUniapNKZBVC7paxWONm33g8GyZgj4w
-            mAlvN+ydpKWy2MzMpJ30ZQVv9at9OzBJyUWYWC8BU3vhv9JTxua382lDhO1IvQdw
-            0l4BZayJ3woOdhIfX6BUE2jZTTBSEpdHT0hs2EVIBZSFi9fHsFpmdTGS0xAqmhra
-            l8nuCAPCImuRYkOHm1LIKL/QT7rPy7pcj4dXWVq/u9zexEEA24kdPvF32GQaPIbf
-            =bUVv
+            hF4D1GtNSlou/HkSAQdA4mSNSVTN1OTVnF8Rtmf7N/zBy4O/Mo44h5fOiZ6mrnIw
+            ij5NVUS4ndUhJy3eWalmDVFcUonHctRnGDRgfSMXGCS7RUikHn1wir0ZwVEWtTcQ
+            0lwBE2Cc3tr1txXwl94bQtzFJIalVGFO6M/X/D/8sxFR0anNLfsRYrBMQUaPBM0o
+            vSe70n3gbQEFGXdOjc978/OFNtUNHmTasSIE3lR6My/U+D/v7cpRQ/8MPSaopA==
+            =GMv6
            -----END PGP MESSAGE-----
          fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
    unencrypted_suffix: _unencrypted