fixes

2024-10-11 11:06:13 +02:00
36 changed files with 1398 additions and 1395 deletions
--- a/.gitea/workflows/nix-flake-check.yaml
+++ b/.gitea/workflows/nix-flake-check.yaml
@ -1,14 +0,0 @@
 name: nix flake check
 on:
  push:
    branches:
      - 'renovate/**'
 jobs:
  nix-flake-update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - run: /root/.nix-profile/bin/nix flake check --all-systems
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,7 +2,7 @@ keys:
  - &user_patrick 5FA64909521A5C85992F26E0F819AEFF941BB849
  - &host_celestia age1vadwmwh8ckfal7j83gwrwn9324gqufwgkxskznhp9v867amndcwqgp2w6t
  - &host_primordial age12u7ayy2q5dps2pcpc6z7962pz07jxv3tt03hna6jyumlu4fdjvtqdg2n3e
-  - &host_framework age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk
+  - &host_laptop age1fhnujflp29sekvwjgw0ue2hnmjum3fpcj80vly0rkt07u9xwlf7ql25mkk
 creation_rules:
  - path_regex: nixos/celestia/secrets\.yaml$
    key_groups:
@ -16,9 +16,3 @@ creation_rules:
      - *user_patrick
      age:
      - *host_primordial
  - path_regex: nixos/framework/secrets\.yaml$
    key_groups:
    - pgp:
      - *user_patrick
      age:
      - *host_framework
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -3,40 +3,31 @@
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
    flake-utils.url = "github:numtide/flake-utils";
-
+    deploy.url = "github:serokell/deploy-rs";
-    lanzaboote = {
+    nurpkgs.url = "github:nix-community/NUR";
-      url = "github:nix-community/lanzaboote";
+    sops-nix.url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
+    lanzaboote.url = "github:nix-community/lanzaboote";
-    };
+    home-manager.url = "github:nix-community/home-manager";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nur = {
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    deploy = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    simple-nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nixvim = {
+    rycee-nurpkgs = {
-      url = "git+https://git.fuckwit.dev/fuckwit/nixvim";
+      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs-f2k = {
      url = "github:fortuneteller2k/nixpkgs-f2k";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    devenv = {
      url = "github:cachix/devenv/latest";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
--- a/home-modules/firefox-webapp.nix
+++ b/home-modules/firefox-webapp.nix
@ -14,11 +14,7 @@
      nameValuePair "home-manager-webapp-${name}" {
        id = cfg.id;
-        userChrome =
+        userChrome = ''
          /*
          css
          */
          ''
          @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
          browser {
--- a/home-modules/firefox/default.nix
+++ b/home-modules/firefox/default.nix
@ -1,111 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: let
  inherit (lib) mkOption mkEnableOption mkPackageOption types;
  defaultExtensions = with pkgs.nur.repos.rycee.firefox-addons; [
    bitwarden
    darkreader
    i-dont-care-about-cookies
    privacy-badger
    ublock-origin
  ];
  defaultSettings = {
    "app.normandy.first_run" = false;
    "app.shield.optoutstudies.enabled" = false;
    # disable updates (pretty pointless with nix)
    "app.update.channel" = "default";
    "browser.contentblocking.category" = "standard"; # "strict"
    "browser.ctrlTab.recentlyUsedOrder" = false;
    "browser.download.viewableInternally.typeWasRegistered.svg" = true;
    "browser.download.viewableInternally.typeWasRegistered.webp" = true;
    "browser.download.viewableInternally.typeWasRegistered.xml" = true;
    "browser.search.region" = "DE";
    "browser.shell.checkDefaultBrowser" = false;
    "browser.tabs.loadInBackground" = true;
    "browser.urlbar.placeholderName" = "EnteEnteLauf";
    "browser.urlbar.showSearchSuggestionsFirst" = false;
    # disable all the annoying quick actions
    "browser.urlbar.quickactions.enabled" = false;
    "browser.urlbar.quickactions.showPrefs" = false;
    "browser.urlbar.shortcuts.quickactions" = false;
    "browser.urlbar.suggest.quickactions" = false;
    "distribution.searchplugins.defaultLocale" = "en-US";
    "doh-rollout.balrog-migration-done" = true;
    "doh-rollout.doneFirstRun" = true;
    "general.useragent.locale" = "en-US";
    "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.update.enabled" = false;
    "extensions.webcompat.enable_picture_in_picture_overrides" = true;
    "extensions.webcompat.enable_shims" = true;
    "extensions.webcompat.perform_injections" = true;
    "extensions.webcompat.perform_ua_overrides" = true;
    "privacy.donottrackheader.enabled" = true;
    "browser.translations.enable" = false;
    # Yubikey
    "security.webauth.u2f" = true;
    "security.webauth.webauthn" = true;
    "security.webauth.webauthn_enable_softtoken" = false;
    "security.webauth.webauthn_enable_usbtoken" = true;
    "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
    "layout.word_select.stop_at_punctuation" = false;
  };
  cfg = config.personal.firefox;
 in {
  options.personal.firefox = {
    enable = mkEnableOption "Apply personal firefox defaults.";
    package = mkPackageOption pkgs "firefox-bin" {};
    extraExtensions = mkOption {
      type = types.listOf types.package;
      default = [];
      description = "Extra Firefox extensions to install.";
    };
    settings = mkOption {
      type = types.attrsOf ((pkgs.formats.json {}).type
        // {
          description = "Preferences (int, bool, string, and also attrs, list, float as a JSON string)";
        });
      default = defaultSettings;
      description = "Attribute set of preferences.";
    };
  };
  config = {
    programs.firefox = lib.mkIf cfg.enable {
      enable = true;
      package = cfg.package;
      profiles = {
        default = {
          isDefault = true;
          id = 0;
          userChrome = builtins.readFile ./userChrome.css;
          extensions = defaultExtensions ++ cfg.extraExtensions;
          inherit (cfg) settings;
        };
      };
    };
  };
 }
--- a/home-modules/firefox/userChrome.css
+++ b/home-modules/firefox/userChrome.css
@ -1,76 +0,0 @@
 /* Source file https://github.com/MrOtherGuy/firefox-csshacks/tree/master/chrome/toolbars_below_content_v2.css made available under Mozilla Public License v. 2.0
 See the above repository for updates as well as full license text. */
 /* This requires Firefox 133
 * By default tabs will be the top-most toolbar, but you can set the following pref to move them to bottom:
 * userchrome.toolbars-below-content.tabs-at-bottom.enabled
 */
 #navigator-toolbox{
  display: contents;
  --uc-navbar-height: 40px;
 }
 :root[uidensity="compact"] #navigator-toolbox{
  --uc-navbar-height: 34px;
 }
 #main-window > body > #browser,
 .global-notificationbox,
 #tab-notification-deck,
 #toolbar-menubar{
  order: -1;
 }
 #TabsToolbar{
  max-height: calc((var(--tab-min-height) + 2 * var(--tab-block-margin,0px)) * var(--multirow-n-rows,1));
 }
 #toolbar-menubar,
 #TabsToolbar{
  background: inherit !important;
 }
@media (-moz-platform: linux){
  :root[sizemode="normal"][customtitlebar] #toolbar-menubar{
    border-top-left-radius: inherit;
    border-top-right-radius: inherit;
  }
  #toolbar-menubar,
  #TabsToolbar{
    opacity: 1 !important;
    will-change: unset !important;
  }
  #notification-popup[side="top"]{
    margin-top: calc(-2 * var(--panel-padding-block) - 40px - 32px - 8.5em) !important;
  }
  #permission-popup[side="top"]{
    margin-top: calc(-2 * var(--panel-padding-block) - 2.5em);
  }
 }
 #nav-bar,
 #PersonalToolbar{
  background-image: linear-gradient(var(--toolbar-bgcolor),var(--toolbar-bgcolor)), var(--lwt-additional-images,var(--toolbar-bgimage)) !important;
  background-position: top,var(--lwt-background-alignment);
  background-position-y: calc(0px - var(--tab-min-height) - 2*var(--tab-block-margin,0px));
  background-repeat: repeat,var(--lwt-background-tiling);
 }
 :root[lwtheme-image] #nav-bar,
 :root[lwtheme-image] #PersonalToolbar{
  background-image: linear-gradient(var(--toolbar-bgcolor),var(--toolbar-bgcolor)),var(--lwt-header-image), var(--lwt-additional-images,var(--toolbar-bgimage)) !important;
 }
 #PersonalToolbar{
  background-position-y: calc(0px - var(--tab-min-height) - 2*var(--tab-block-margin,0px) - var( --uc-navbar-height));
 }
 #urlbar[breakout][breakout-extend]{
  display: flex !important;
  flex-direction: column-reverse !important;
  transform: translateY(calc(var(--urlbar-container-height) - 100%));
 }
 #urlbar[breakout-extend]:not([usertyping]) > .urlbar-input-container::after{
  display: flex;
  content: "";
  height: calc(var(--urlbar-min-height) - 2px - 2 * var(--urlbar-container-padding));
 }
 .urlbarView-body-inner{ border-top-style: none !important; }
 #TabsToolbar{
  order: 3
 }
--- a/home-modules/modules-list.nix
+++ b/home-modules/modules-list.nix
@ -1,6 +1,5 @@
 {...}: {
  imports = [
    ./firefox
    ./firefox-webapp.nix
  ];
 }
--- a/home/configurations.nix
+++ b/home/configurations.nix
@ -1,18 +1,27 @@
 {
  nixpkgs,
-  nur,
+  nurpkgs,
  home-manager,
-  nixvim,
+  devenv,
  ...
 }: let
-  pkgs = import nixpkgs rec {
+  pkgs = import nixpkgs {
    system = "x86_64-linux";
-    overlays = [(final: prev: {nixvim = nixvim.packages.${system}.default;}) nur.overlays.default];
+  };
  nur = import nurpkgs {
    inherit pkgs;
    nurpkgs = pkgs;
  };
 in {
  work = home-manager.lib.homeManagerConfiguration {
    inherit pkgs;
    extraSpecialArgs = {
      inherit devenv; # TODO: Remove dependency on devenv
      ff-addons = nur.repos.rycee.firefox-addons;
    };
    modules = [
      ../home-modules/modules-list.nix
      ./work
@ -22,8 +31,12 @@ in {
  framework = home-manager.lib.homeManagerConfiguration {
    inherit pkgs;
    extraSpecialArgs = {
      ff-addons = nur.repos.rycee.firefox-addons;
    };
    modules = [
-      ../home-modules/modules-list.nix
+      # ../home-modules/modules-list.nix
      ./framework
    ];
  };
--- a/home/framework/default.nix
+++ b/home/framework/default.nix
@ -14,7 +14,6 @@
      moonlight-qt
      vesktop
      telegram-desktop
      nixvim
    ];
    sessionPath = ["~/.local/bin"];
    sessionVariables = {
@ -28,8 +27,6 @@
    ./programs
  ];
  services.udiskie.enable = true;
  accounts.email.accounts = {
    patrick = {
      primary = true;
--- a/home/framework/programs/alacritty/default.nix
+++ b/home/framework/programs/alacritty/default.nix
@ -1,35 +0,0 @@
 {...}: {
  programs.alacritty = {
    enable = true;
    settings = {
      general.live_config_reload = true;
      env.TERM = "xterm-256color";
      bell.duration = 0;
      cursor.style = "Block";
      scrolling = {
        history = 10000;
        multiplier = 3;
      };
      window = {
        opacity = 0.9;
      };
      mouse.bindings = [
        {
          mouse = "Middle";
          action = "PasteSelection";
        }
      ];
      colors = {
        primary = {
          background = "0x000000";
          foreground = "0xeaeaea";
        };
      };
    };
  };
 }
--- a/home/framework/programs/default.nix
+++ b/home/framework/programs/default.nix
@ -1,5 +1,4 @@
 [
  ./alacritty
  ./firefox
  ./hyprland
  {
--- a/home/framework/programs/firefox/default.nix
+++ b/home/framework/programs/firefox/default.nix
@ -1,5 +1,129 @@
-{...}: {
+{
-  personal.firefox = {
+  pkgs,
  lib,
  stdenv,
  specialArgs,
  ...
 }: let
  extensions = with specialArgs.ff-addons; [
    bitwarden
    darkreader
    i-dont-care-about-cookies
    privacy-badger
    ublock-origin
    tree-style-tab
    tridactyl
  ];
  customChrome = ''
    @-moz-document url(chrome://browser/content/browser.xhtml) {
      /* tabs on bottom of window */
      /* requires that you set
       * toolkit.legacyUserProfileCustomizations.stylesheets = true
       * in about:config
       */
      #main-window body { flex-direction: column-reverse !important; }
      #navigator-toolbox { flex-direction: column-reverse !important; }
      #urlbar {
        top: unset !important;
        bottom: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2) !important;
        box-shadow: none !important;
        display: flex !important;
        flex-direction: column !important;
      }
      #urlbar-input-container {
        order: 2;
      }
      #urlbar > .urlbarView {
        order: 1;
        border-bottom: 1px solid #666;
      }
      #urlbar-results {
        display: flex;
        flex-direction: column-reverse;
      }
      .search-one-offs { display: none !important; }
      .tab-background { border-top: none !important; }
      #navigator-toolbox::after { border: none; }
      #TabsToolbar .tabbrowser-arrowscrollbox,
      #tabbrowser-tabs, .tab-stack { min-height: 28px !important; }
      .tabbrowser-tab { font-size: 80%; }
      .tab-content { padding: 0 5px; }
      .tab-close-button .toolbarbutton-icon { width: 12px !important; height: 12px !important; }
      toolbox[inFullscreen=true] { display: none; }
    }
  '';
  userChrome = customChrome;
  # ~/.mozilla/firefox/PROFILE_NAME/prefs.js | user.js
  settings = {
    "app.normandy.first_run" = false;
    "app.shield.optoutstudies.enabled" = false;
    # disable updates (pretty pointless with nix)
    "app.update.channel" = "default";
    "browser.contentblocking.category" = "standard"; # "strict"
    "browser.ctrlTab.recentlyUsedOrder" = false;
    "browser.download.viewableInternally.typeWasRegistered.svg" = true;
    "browser.download.viewableInternally.typeWasRegistered.webp" = true;
    "browser.download.viewableInternally.typeWasRegistered.xml" = true;
    "browser.search.region" = "DE";
    "browser.shell.checkDefaultBrowser" = false;
    "browser.tabs.loadInBackground" = true;
    "browser.urlbar.placeholderName" = "EnteEnteLauf";
    "browser.urlbar.showSearchSuggestionsFirst" = false;
    # disable all the annoying quick actions
    "browser.urlbar.quickactions.enabled" = false;
    "browser.urlbar.quickactions.showPrefs" = false;
    "browser.urlbar.shortcuts.quickactions" = false;
    "browser.urlbar.suggest.quickactions" = false;
    "distribution.searchplugins.defaultLocale" = "en-US";
    "doh-rollout.balrog-migration-done" = true;
    "doh-rollout.doneFirstRun" = true;
    "general.useragent.locale" = "en-US";
    "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.update.enabled" = false;
    "extensions.webcompat.enable_picture_in_picture_overrides" = true;
    "extensions.webcompat.enable_shims" = true;
    "extensions.webcompat.perform_injections" = true;
    "extensions.webcompat.perform_ua_overrides" = true;
    "privacy.donottrackheader.enabled" = true;
    "browser.translations.enable" = false;
    # Yubikey
    "security.webauth.u2f" = true;
    "security.webauth.webauthn" = true;
    "security.webauth.webauthn_enable_softtoken" = false;
    "security.webauth.webauthn_enable_usbtoken" = true;
    "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
    "layout.word_select.stop_at_punctuation" = false;
  };
 in {
  programs.firefox = {
    enable = true;
    package = pkgs.firefox-bin;
    profiles = {
      default = {
        isDefault = true;
        id = 0;
        inherit extensions settings userChrome;
      };
    };
  };
 }
--- a/home/framework/programs/hyprland/default.nix
+++ b/home/framework/programs/hyprland/default.nix
@ -1,84 +1,19 @@
 {pkgs, ...}: {
-  services.hypridle = {
+  wayland.windowManager.hyprland = let
-    enable = true;
+    locker = "${pkgs.swaylock}/bin/swaylock";
-
+    set-dpms = "${pkgs.hyprland}/bin/hyprctl dispatcher dpms";
-    settings = {
+    locked-dpms = pkgs.writeShellScript "locked-dpms.sh" ''
-      general = {
+      ${pkgs.swayidle}/bin/swayidle -w \
-        lock_cmd = "pidof hyprlock || hyprlock";
+        timeout 10 'if pgrep -x swaylock; then ${set-dpms} off; fi' \
-      };
+        resume '${set-dpms} on'
-
+    '';
-      listener = [
+    idle-script = pkgs.writeShellScript "idle-lock.sh" ''
-        {
+      ${pkgs.swayidle}/bin/swayidle -w \
-          timeout = 300;
+        timeout 300 '${locker} -f' \
-          on-timeout = "loginctl lock-session";
+        timeout 330 '${set-dpms} off' \
-        }
+        resume '${set-dpms} on'
-        {
+    '';
-          timeout = 330;
+  in {
          on-timeout = "hyprctl dispatch dpms off";
          on-resume = "hyprctl dispatch dpms on";
        }
      ];
    };
  };
  programs.hyprlock = {
    enable = true;
    settings = {
      background = {
        monitor = "";
        path = "screenshot";
        blur_passes = 2;
        blur_size = 7;
        noise = 1.17e-2;
      };
      auth.fingerprint.enabled = true;
      label = [
        {
          monitor = "";
          text = "$TIME";
          color = "rgba(242, 243, 244, 0.75)";
          font_size = 95;
          position = "0, 300";
          halign = "center";
          valign = "center";
        }
        {
          monitor = "";
          text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
          color = "rgba(242, 243, 244, 0.75)";
          font_size = 22;
          position = "0, 200";
          halign = "center";
          valign = "center";
        }
      ];
      input-field = {
        monitor = "";
        size = "200,50";
        outline_thickness = 2;
        dots_size = 0.2;
        dots_spacing = 0.35;
        dots_center = true;
        outer_color = "rgba(0, 0, 0, 0)";
        inner_color = "rgba(0, 0, 0, 0.2)";
        font_color = "rgb(111, 45, 104)";
        fade_on_empty = false;
        rounding = -1;
        check_color = "rgb(30, 107, 204)";
        placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
        hide_input = false;
        position = "0, -100";
        halign = "center";
        valign = "center";
      };
    };
  };
  wayland.windowManager.hyprland = {
    enable = true;
    settings = {
      "$mod" = "SUPER";
@ -93,6 +28,8 @@
      exec-once = [
        "${pkgs.waybar}/bin/waybar"
        "${pkgs.mako}/bin/mako"
        idle-script
        locked-dpms
      ];
      input = {
@ -112,12 +49,10 @@
      decoration = {
        rounding = 5;
-        shadow = {
+        drop_shadow = true;
-          enabled = true;
+        shadow_range = 4;
-          range = 4;
+        shadow_render_power = 3;
-          render_power = 3;
+        "col.shadow" = "rgba(1a1a1aee)";
          color = "rgba(1a1a1aee)";
        };
        blur = {
          enabled = true;
@ -146,7 +81,7 @@
          "$mod, return, exec, ${pkgs.alacritty}/bin/alacritty"
          "$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun"
          "$mod SHIFT, Q, killactive, "
-          "$mod, L, exec, loginctl lock-session"
+          "$mod, L, exec, ${locker}"
          "$mod, V, togglefloating, "
          "$mod, F, fullscreen, 1"
          "$mod, P, pseudo, # dwindle"
--- a/home/work/default.nix
+++ b/home/work/default.nix
@ -1,15 +1,14 @@
 {
  config,
  pkgs,
-  # devenv,
+  devenv,
  ...
 }: {
  home = {
    stateVersion = "22.11";
    username = "patrick";
    homeDirectory = "/home/${config.home.username}";
-    packages = pkgs.callPackage ./pkgs.nix {};
+    packages = (pkgs.callPackage ./pkgs.nix {}) ++ [devenv.packages.${pkgs.system}.devenv];
    # packages = (pkgs.callPackage ./pkgs.nix {}) ++ [devenv.packages.${pkgs.system}.devenv];
    sessionPath = ["~/.local/bin"];
    sessionVariables = {
      SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
@ -22,7 +21,4 @@
    ./programs
    ./services
  ];
  nixpkgs.config.permittedInsecurePackages = [
    "electron-27.3.11"
  ];
 }
--- a/home/work/pkgs.nix
+++ b/home/work/pkgs.nix
@ -1,10 +1,15 @@
 {pkgs, ...}:
 with pkgs; [
  age # Modern encryption tool with small explicit keys
  arandr # simple GUI for xrandr
  atuin
  dig # dns command-line tool
  fd # "find" for files
  geckodriver # remote controll firefox
  helix # modal editor
  htop # process monitor
  hyperfine # command-line benchmarking tool
  i3lock # screen locker
  imagemagick # selection screenshot stuff
  just # just a command runner
  keepassxc # password manager
@ -17,16 +22,21 @@ with pkgs; [
  mtr # traceroute
  mumble # voice call client
  ncdu # disk space info (a better du)
  neovim-unwrapped # best code editor on the planet
  networkmanagerapplet # systray applet for NetworkManager
  nitrogen # wallpapger manager
  nushellFull # A modern shell written in Rust
  ouch # painless compression and decompression for your terminal
  pavucontrol # pulseaudio volume control
  playerctl # music player controller
  podman-compose # podman manager
  restic # incremental backup tool
  ripgrep # fast grep
  rocketchat-desktop # company chat
  sops # Mozilla sops (Secrets OPerationS) is an editor of encrypted files
  thunderbird # email client
  xclip # clipboard support
  xsel # clipboard support (also for neovim)
  zeal # offline documentation browser
  zellij # A terminal workspace with batteries included
  wl-clipboard
  nixvim
 ]
--- a/home/work/programs/alacritty/default.nix
+++ b/home/work/programs/alacritty/default.nix
@ -3,7 +3,8 @@
    enable = true;
    settings = {
-      general.live_config_reload = true;
+      live_config_reload = true;
      env.TERM = "xterm-256color";
      bell.duration = 0;
      cursor.style = "Block";
--- a/home/work/programs/bash/default.nix
+++ b/home/work/programs/bash/default.nix
@ -9,11 +9,7 @@
      rescue = "ssh-wrapper rescue";
    };
-    initExtra =
+    initExtra = ''
      /*
      bash
      */
      ''
      source ${pkgs.blesh}/share/blesh/ble.sh
      export PATH=$PATH:~/.local/bin
      export SSH_AUTH_SOCK=/run/user/1000/ssh-agent
--- a/home/work/programs/default.nix
+++ b/home/work/programs/default.nix
@ -3,7 +3,6 @@
  ./autorandr
  ./bash
  ./firefox
  ./nvim
  ./rofi
  ./tmate
  ./xresources
@ -18,7 +17,7 @@
      eza = {
        enable = true;
-        icons = "auto";
+        icons = true;
        git = true;
      };
--- a/home/work/programs/firefox/default.nix
+++ b/home/work/programs/firefox/default.nix
@ -1,6 +1,140 @@
-{pkgs, ...}: {
+{
-  personal.firefox = {
+  pkgs,
  lib,
  stdenv,
  specialArgs,
  ...
 }: let
  extensions = with specialArgs.ff-addons; [
    bitwarden
    darkreader
    i-dont-care-about-cookies
    privacy-badger
    ublock-origin
    tree-style-tab
    tridactyl
  ];
  customChrome = ''
    @-moz-document url(chrome://browser/content/browser.xhtml) {
      /* tabs on bottom of window */
      /* requires that you set
       * toolkit.legacyUserProfileCustomizations.stylesheets = true
       * in about:config
       */
      #main-window body { flex-direction: column-reverse !important; }
      #navigator-toolbox { flex-direction: column-reverse !important; }
      #urlbar {
        top: unset !important;
        bottom: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2) !important;
        box-shadow: none !important;
        display: flex !important;
        flex-direction: column !important;
      }
      #urlbar-input-container {
        order: 2;
      }
      #urlbar > .urlbarView {
        order: 1;
        border-bottom: 1px solid #666;
      }
      #urlbar-results {
        display: flex;
        flex-direction: column-reverse;
      }
      .search-one-offs { display: none !important; }
      .tab-background { border-top: none !important; }
      #navigator-toolbox::after { border: none; }
      #TabsToolbar .tabbrowser-arrowscrollbox,
      #tabbrowser-tabs, .tab-stack { min-height: 28px !important; }
      .tabbrowser-tab { font-size: 80%; }
      .tab-content { padding: 0 5px; }
      .tab-close-button .toolbarbutton-icon { width: 12px !important; height: 12px !important; }
      toolbox[inFullscreen=true] { display: none; }
    }
  '';
  userChrome = customChrome;
  # ~/.mozilla/firefox/PROFILE_NAME/prefs.js | user.js
  settings = {
    "app.normandy.first_run" = false;
    "app.shield.optoutstudies.enabled" = false;
    # disable updates (pretty pointless with nix)
    "app.update.channel" = "default";
    "browser.contentblocking.category" = "standard"; # "strict"
    "browser.ctrlTab.recentlyUsedOrder" = false;
    "browser.download.viewableInternally.typeWasRegistered.svg" = true;
    "browser.download.viewableInternally.typeWasRegistered.webp" = true;
    "browser.download.viewableInternally.typeWasRegistered.xml" = true;
    "browser.search.region" = "DE";
    "browser.shell.checkDefaultBrowser" = false;
    "browser.tabs.loadInBackground" = true;
    "browser.urlbar.placeholderName" = "EnteEnteLauf";
    "browser.urlbar.showSearchSuggestionsFirst" = false;
    # disable all the annoying quick actions
    "browser.urlbar.quickactions.enabled" = false;
    "browser.urlbar.quickactions.showPrefs" = false;
    "browser.urlbar.shortcuts.quickactions" = false;
    "browser.urlbar.suggest.quickactions" = false;
    "distribution.searchplugins.defaultLocale" = "en-US";
    "doh-rollout.balrog-migration-done" = true;
    "doh-rollout.doneFirstRun" = true;
    "general.useragent.locale" = "en-US";
    "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
    "extensions.update.enabled" = false;
    "extensions.webcompat.enable_picture_in_picture_overrides" = true;
    "extensions.webcompat.enable_shims" = true;
    "extensions.webcompat.perform_injections" = true;
    "extensions.webcompat.perform_ua_overrides" = true;
    "privacy.donottrackheader.enabled" = true;
    # Yubikey
    "security.webauth.u2f" = true;
    "security.webauth.webauthn" = true;
    "security.webauth.webauthn_enable_softtoken" = false;
    "security.webauth.webauthn_enable_usbtoken" = true;
    "network.dns.ipv4OnlyDomains" = "google.com";
    "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
    "layout.word_select.stop_at_punctuation" = false;
  };
 in {
  programs.firefox = {
    enable = true;
-    extraExtensions = with pkgs.nur.repos.rycee.firefox-addons; [keepassxc-browser];
+
    package = pkgs.firefox-bin;
    profiles = {
      default = {
        isDefault = true;
        id = 0;
        inherit extensions settings userChrome;
      };
    };
    webapps = {
      rocket-chat = {
        url = "https://chat.hetzner.company";
        id = 1;
        genericName = "Internet Messenger";
        categories = ["Network" "InstantMessaging"];
      };
    };
  };
 }
--- a/home/work/programs/hyprland/default.nix
+++ b/home/work/programs/hyprland/default.nix
@ -1,82 +1,19 @@
 {pkgs, ...}: {
-  services.hypridle = {
+  wayland.windowManager.hyprland = let
-    enable = true;
+    locker = "${pkgs.swaylock}/bin/swaylock";
-
+    set-dpms = "${pkgs.hyprland}/bin/hyprctl dispatcher dpms";
-    settings = {
+    locked-dpms = pkgs.writeShellScript "locked-dpms.sh" ''
-      general = {
+      ${pkgs.swayidle}/bin/swayidle -w \
-        lock_cmd = "pidof hyprlock || hyprlock";
+        timeout 10 'if pgrep -x swaylock; then ${set-dpms} off; fi' \
-      };
+        resume '${set-dpms} on'
-
+    '';
-      listener = [
+    idle-script = pkgs.writeShellScript "idle-lock.sh" ''
-        {
+      ${pkgs.swayidle}/bin/swayidle -w \
-          timeout = 300;
+        timeout 300 '${locker} -f' \
-          on-timeout = "loginctl lock-session";
+        timeout 330 '${set-dpms} off' \
-        }
+        resume '${set-dpms} on'
-        {
+    '';
-          timeout = 330;
+  in {
          on-timeout = "hyprctl dispatch dpms off";
          on-resume = "hyprctl dispatch dpms on";
        }
      ];
    };
  };
  programs.hyprlock = {
    enable = true;
    settings = {
      background = {
        monitor = "";
        path = "screenshot";
        blur_passes = 2;
        blur_size = 7;
        noise = 1.17e-2;
      };
      label = [
        {
          monitor = "";
          text = "$TIME";
          color = "rgba(242, 243, 244, 0.75)";
          font_size = 95;
          position = "0, 300";
          halign = "center";
          valign = "center";
        }
        {
          monitor = "";
          text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
          color = "rgba(242, 243, 244, 0.75)";
          font_size = 22;
          position = "0, 200";
          halign = "center";
          valign = "center";
        }
      ];
      input-field = {
        monitor = "";
        size = "200,50";
        outline_thickness = 2;
        dots_size = 0.2;
        dots_spacing = 0.35;
        dots_center = true;
        outer_color = "rgba(0, 0, 0, 0)";
        inner_color = "rgba(0, 0, 0, 0.2)";
        font_color = "rgb(111, 45, 104)";
        fade_on_empty = false;
        rounding = -1;
        check_color = "rgb(30, 107, 204)";
        placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
        hide_input = false;
        position = "0, -100";
        halign = "center";
        valign = "center";
      };
    };
  };
  wayland.windowManager.hyprland = {
    enable = true;
    settings = {
@ -85,12 +22,14 @@
      exec-once = [
        "${pkgs.waybar}/bin/waybar"
        "${pkgs.mako}/bin/mako"
        idle-script
        locked-dpms
      ];
      monitor = [
        "eDP-1,1920x1080,0x0,1.333333" # Laptop screen
-        "desc:Dell Inc. DELL P2723DE 79RFH14,2560x1440,1440x0,1"
+        "desc:LG Electronics LG ULTRAWIDE 0x000219F2,2560x1080,1440x0,1" # Primary @home
-        "desc:Dell Inc. DELL P2723DE 39RFH14,2560x1440,4000x0,1"
+        # "desc:Fujitsu Siemens Computers GmbH B22W-6 LED YV3U164923,1680x1050,4000x0,1" # Secondary @home
        ",preferred,auto,1" # Automatically configure everything else
      ];
@ -122,12 +61,10 @@
      decoration = {
        rounding = 5;
-        shadow = {
+        drop_shadow = true;
-          enabled = true;
+        shadow_range = 4;
-          range = 4;
+        shadow_render_power = 3;
-          render_power = 3;
+        "col.shadow" = "rgba(1a1a1aee)";
          color = "rgba(1a1a1aee)";
        };
        blur = {
          enabled = true;
@ -156,7 +93,7 @@
          "$mod, return, exec, ${pkgs.alacritty}/bin/alacritty"
          "$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun"
          "$mod SHIFT, Q, killactive, "
-          "$mod, L, exec, loginctl lock-session"
+          "$mod, L, exec, ${locker}"
          "$mod, V, togglefloating, "
          "$mod, F, fullscreen, 1"
          "$mod, P, pseudo, # dwindle"
@ -183,6 +120,10 @@
        "$mod, mouse:273, resizewindow"
      ];
      bindl = [
        "$mod SHIFT, L, exec, ${locker}"
      ];
      windowrulev2 = [
        # KeePassXC
        "float,class:(org.keepassxc.KeePassXC)"
@ -198,7 +139,6 @@
      misc = {
        mouse_move_enables_dpms = true;
        key_press_enables_dpms = true;
        vfr = true;
      };
    };
  };
--- a/home/work/programs/nvim/default.nix
+++ b/home/work/programs/nvim/default.nix
@ -1,357 +0,0 @@
 {pkgs, ...}: {
  programs.neovim = {
    enable = false;
    defaultEditor = true;
    viAlias = true;
    vimAlias = true;
    vimdiffAlias = true;
    withRuby = false;
    withPython3 = false;
    plugins = with pkgs.vimPlugins; [
      vim-commentary
      plenary-nvim
      cmp-nvim-lsp
      cmp-buffer
      cmp-path
      nvim-web-devicons
      lsp_extensions-nvim
      lsp_signature-nvim
      telescope-nvim
      onedark-nvim
      {
        plugin = fidget-nvim;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            require('fidget').setup {}
          '';
      }
      {
        plugin = symbols-outline-nvim;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            require('symbols-outline').setup()
          '';
      }
      {
        plugin = nvim-treesitter.withAllGrammars;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            require('nvim-treesitter.configs').setup {
              highlight = {
                enable = true, -- false will disable the whole extension
              },
              incremental_selection = {
                enable = false,
                keymaps = {
                  init_selection = 'gnn',
                  node_incremental = 'grn',
                  scope_incremental = 'grc',
                  node_decremental = 'grm',
                },
              },
              indent = {
                enable = true,
              }
            }
          '';
      }
      {
        plugin = nvim-tree-lua;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            local function my_on_attach(bufnr)
              local api = require "nvim-tree.api"
              local function opts(desc)
                return { desc = "nvim-tree: " .. desc, buffer = bufnr, noremap = true, silent = true, nowait = true }
              end
              -- default mappings
              api.config.mappings.default_on_attach(bufnr)
              -- custom mappings
              vim.keymap.set('n', '?',  api.tree.toggle_help,     opts('Help'))
              vim.keymap.set('n', 's',  api.node.open.horizontal, opts('Paste File'))
              vim.keymap.set('n', 'ma', api.fs.create,            opts('New File'))
              vim.keymap.set('n', 'md', api.fs.remove,            opts('Delete File'))
              vim.keymap.set('n', 'me', api.fs.rename_node,       opts('Rename File'))
              vim.keymap.set('n', 'yy', api.fs.copy.node,         opts('Copy File'))
              vim.keymap.set('n', 'mp', api.fs.paste,             opts('Paste File'))
            end
            require("nvim-tree").setup {
              on_attach = my_on_attach,
            }
          '';
      }
      {
        plugin = nvim-cmp;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            -- local luasnip = require 'luasnip'
            local cmp = require 'cmp'
            cmp.setup {
              -- snippet = {
              --   expand = function(args)
              --     require('luasnip').lsp_expand(args.body)
              --   end,
              -- },
              window = {
                -- documentation = true,
              },
              mapping = cmp.mapping.preset.insert({
                ['<C-p>'] = cmp.mapping.select_prev_item(),
                ['<C-n>'] = cmp.mapping.select_next_item(),
                ['<C-d>'] = cmp.mapping.scroll_docs(-4),
                ['<C-f>'] = cmp.mapping.scroll_docs(4),
                ['<C-Space>'] = cmp.mapping.complete(),
                ['<C-e>'] = cmp.mapping.close(),
                ['<CR>'] = cmp.mapping.confirm {
                  behavior = cmp.ConfirmBehavior.Replace,
                  select = true,
                },
                ['<Tab>'] = function(fallback)
                  if cmp.visible() then
                    cmp.select_next_item()
                  else
                    fallback()
                  end
                end,
                ['<S-Tab>'] = function(fallback)
                  if cmp.visible() then
                    cmp.select_prev_item()
                  else
                    fallback()
                  end
                end,
              }),
              sources = {
                { name = 'nvim_lsp' },
                -- { name = 'luasnip' },
                { name = 'buffer' },
                { name = 'path' },
                -- { name = 'latex_symbols' },
              },
            }
          '';
      }
      {
        plugin = nvim-lspconfig;
        type = "lua";
        config =
          /*
          lua
          */
          ''
            function hi(name, opts)
              local options = ""
              for k, v in pairs(opts) do
                  options = options.." "..k.."="..v
              end
              vim.cmd("highlight "..name..options)
            end
            local u = require('utils')
            local lspc = require('lspconfig')
            local ih = require("inlay-hints")
            ih.setup()
            local on_attach = function(client, bufnr)
              local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end
              local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end
              buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc')
              local opts = { noremap=true, silent=true }
              buf_set_keymap('n', '<c-]>', ':lua vim.lsp.buf.definition()<CR>',           opts)
              buf_set_keymap('n', 'K',     ':lua vim.lsp.buf.hover()<CR>',                opts)
              buf_set_keymap('n', 'gD',    ':lua vim.lsp.buf.implementation()<CR>',       opts)
              buf_set_keymap('n', '<c-k>', ':lua vim.lsp.buf.signature_help()<CR>',       opts)
              buf_set_keymap('n', '1gD',   ':lua vim.lsp.buf.type_definition()<CR>',      opts)
              buf_set_keymap('n', 'gr',    ':lua vim.lsp.buf.references()<CR>',           opts)
              buf_set_keymap('n', 'g0',    ':lua vim.lsp.buf.document_symbol()<CR>',      opts)
              buf_set_keymap('n', 'gW',    ':lua vim.lsp.buf.workspace_symbol()<CR>',     opts)
              buf_set_keymap('n', 'gd',    ':lua vim.lsp.buf.definition()<CR>',           opts)
              buf_set_keymap('n', 'ga',    ':lua vim.lsp.buf.code_action()<CR>',          opts)
              buf_set_keymap('n', 'ff',    ':lua vim.lsp.buf.format({async = true})<CR>', opts)
              buf_set_keymap('n', 'gn',    '<cmd>lua vim.lsp.buf.rename()<CR>',           opts)
              --require'completion'.on_attach(client)
              -- Set highlight colors
              local highlights = {
                Error = "Red",
                Warning = "Yellow",
                Information = "Blue",
                Hint = "Green",
              }
              for typ, color in pairs(highlights) do
                hi('LspDiagnosticsDefault'..typ, {ctermfg = color})
                hi('LspDiagnosticsUnderline'..typ, {cterm = 'underline'})
              end
              vim.lsp.handlers['textDocument/publishDiagnostics'] = vim.lsp.with(
                vim.lsp.diagnostic.on_publish_diagnostics,
                {
                  virtual_text = true,
                  signs = true,
                  update_in_insert = true,
                  underline = true
                }
              )
              require "lsp_signature".on_attach({doc_lines = 0})
              ih.on_attach(client, bufnr)
            end
            -- nvim-cmp supports additional completion capabilities
            local capabilities = vim.lsp.protocol.make_client_capabilities()
            capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
            local config = {
              on_attach = on_attach,
              capabilities = capabilities,
              flags = {debounce_text_changes = 150}
            }
            lspc.bashls.setup(config)
            lspc.nixd.setup(config)
            lspc.solargraph.setup(config)
            lspc.rust_analyzer.setup{
              on_attach = on_attach,
              capabilities = capabilities,
              flags = {debounce_text_changes = 150},
              settings = {
                ['rust-analyzer'] = {
                   assist = {
                     importGranularity = "module",
                     importPrefix = "by_self",
                   },
                   cargo = {
                     loadOutDirsFromCheck = true
                   },
                   procMacro = {
                     enable = true
                   },
                   checkOnSave = {
                     command = "clippy"
                   },
                }
              }
            }
            -- Set completeopt to have a better completion experience
            vim.o.completeopt = 'menuone,noselect'
          '';
      }
    ];
    extraLuaConfig =
      /*
      lua
      */
      ''
        local onedark = require('onedark')
        onedark.setup { style = 'warmer' }
        onedark.load()
        vim.cmd('set background=dark')
        local llc = require('lualine').get_config()
        llc.options.theme = 'onedark'
        require('lualine').setup(llc)
        local key = vim.api.nvim_set_keymap
        local o = vim.o
        local wo = vim.wo
        local bo = vim.bo
        local cmd = vim.cmd
        vim.cmd([[autocmd CursorHold * lua vim.diagnostic.open_float({focusable = false})]])
        key('n', ';', ':Telescope find_files<CR>', {})
        key('n', '<C-n>', ':NvimTreeToggle<CR>', {})
        key('n', 'gh', '/<c-r>=expand("<cword>")<CR><CR>N', {})
        key('i', '<TAB>', 'pumvisible() ? "<C-n>" : "<Tab>"', { expr = true, silent = true })
        key('i', '<S-TAB>', 'pumvisible() ? "<C-p>" : "<S-Tab>"', { expr = true, silent = true })
        key('n', '<leader>g', ':lua require"telescope.builtin".live_grep{}<CR>', {})
        key('v', '<leader>c', ':w !wl-copy<CR><CR>', { silent = true })
        vim.api.nvim_exec(
          [[
          augroup YankHighlight
            autocmd!
            autocmd TextYankPost * silent! lua vim.highlight.on_yank()
          augroup end
        ]] ,
          false
        )
        vim.api.nvim_create_autocmd("BufEnter", {
          nested = true,
          callback = function()
            if #vim.api.nvim_list_wins() == 1 and vim.api.nvim_buf_get_name(0):match("NvimTree_") ~= nil then
              vim.cmd 'quit'
            end
          end
        })
        cmd('syntax on')
        cmd('set number')
        cmd('set completeopt=menuone,noinsert,noselect')
        cmd('set shortmess+=c')
        cmd("autocmd CursorHold,CursorHoldI *.rs :lua require'lsp_extensions'.inlay_hints{ only_current_line = true }")
        o.startofline = true
        wo.cursorline = true
        o.updatetime = 300
        wo.signcolumn='yes'
        o.showcmd = true
        o.shell = 'bash'
        o.mouse = 'a'
        o.smarttab = true
        bo.tabstop = 2
        bo.shiftwidth = 2
        bo.expandtab = true
        wo.relativenumber = true
        o.hidden = true
      '';
    extraPackages = with pkgs; [
      shfmt
      nixd
      nodePackages.bash-language-server
    ];
  };
 }
--- a/home/work/programs/tmate/.tmate.conf
+++ b/home/work/programs/tmate/.tmate.conf
@ -1,10 +1,8 @@
 set -g history-limit 50000
 set -g default-terminal "screen-256color"
 set -g mouse on
 set -sg escape-time 50
 set -g default-terminal "xterm-256color"
 set -as terminal-overrides ",xterm-*:Tc"
 unbind C-b
 set-option -g prefix C-a
 bind-key C-a send-prefix
--- a/nixos/celestia/configuration.nix
+++ b/nixos/celestia/configuration.nix
@ -35,9 +35,6 @@ in {
  sops.secrets."tailscale-auth-key" = {};
  sops.secrets."act-runner-token" = {};
  sops.secrets."photoprism-password-file" = {};
  sops.secrets."restic_ssh_key" = {};
  sops.secrets."restic_documents_repository_password" = {};
  sops.secrets."restic_images_repository_password" = {};
  imports = [
    ./hardware-configuration.nix
@ -52,14 +49,6 @@ in {
  ];
  boot.kernelModules = ["amd-pstate"];
  # *arr services are not yet all updated to .NET 8
  nixpkgs.config.permittedInsecurePackages = [
    "aspnetcore-runtime-6.0.36"
    "aspnetcore-runtime-wrapped-6.0.36"
    "dotnet-sdk-6.0.428"
    "dotnet-sdk-wrapped-6.0.428"
  ];
  system.stateVersion = "23.11"; # Did you read the comment?
  networking = {
    hostName = "celestia";
@ -92,9 +81,6 @@ in {
    zfs
    lm_sensors
    ffmpeg
    rtl_433
    dump1090
    rtl-sdr
  ];
  users.users."root".openssh.authorizedKeys.keys = [
@ -175,10 +161,8 @@ in {
    samba = {
      enable = true;
      openFirewall = true;
-      settings = {
+      extraConfig = "map to guest = bad user";
-        global = {
+      shares = {
          "map to guest" = "bad user";
        };
        dump = {
          path = "/tank/dump";
          browsable = "yes";
@ -212,39 +196,16 @@ in {
        url = "https://git.fuckwit.dev";
        tokenFile = config.sops.secrets."act-runner-token".path;
        labels = [
-          "nix:docker://nixos/nix:latest"
+          "native:host"
        ];
-        # hostPackages = with pkgs; [
+        hostPackages = with pkgs; [
-        #   bash
+          bash
-        #   coreutils
+          coreutils
-        #   curl
+          curl
-        #   wget
+          wget
-        #   gnused
+          gnused
-        #   gitMinimal
+          gitMinimal
        # ];
      };
    };
    restic = let
      mkBackup = repo: paths: exclude: pruneOpts: {
        repository = "sftp:u169497-sub5@u169497.your-storagebox.de:${repo}";
        passwordFile = config.sops.secrets."restic_${repo}_repository_password".path;
        initialize = true;
        extraOptions = [
          "sftp.command='ssh -p23 u169497-sub5@u169497.your-storagebox.de -i ${config.sops.secrets."restic_ssh_key".path} -s sftp'"
        ];
        paths = paths;
        exclude = exclude;
        pruneOpts = pruneOpts;
        timerConfig = {
          OnCalendar = "00:05";
          RandomizedDelaySec = "1h";
        };
      };
    in {
      backups = {
        documents = mkBackup "documents" ["/tank/documents"] [] ["-d 7" "-w 5" "-m 12"];
        images = mkBackup "images" ["/tank/images"] ["/tank/images/import"] ["-d 7" "-w 5" "-m 12"];
      };
    };
@ -336,8 +297,6 @@ in {
      settings = {
        PHOTOPRISM_ADMIN_USER = "root";
        PHOTOPRISM_DEFAULT_LOCALE = "de";
        PHOTOPRISM_DETECT_NSFW = "true";
        PHOTOPRISM_UPLOAD_NSFW = "true";
      };
    };
@ -438,8 +397,6 @@ in {
  };
  hardware = {
    rtl-sdr.enable = true;
    fancontrol = {
      enable = true;
      config = ''
--- a/nixos/celestia/hardware-configuration.nix
+++ b/nixos/celestia/hardware-configuration.nix
@ -21,6 +21,7 @@
    forceImportRoot = false;
    extraPools = ["tank"];
  };
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/3652c231-d679-42dd-80f1-e9afccb4ca13";
@ -33,7 +34,6 @@
      allowDiscards = true;
      keyFileSize = 4096;
      keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_D5A325A0-0:0";
      tryEmptyPassphrase = true;
    };
  };
--- a/nixos/celestia/secrets.yaml
+++ b/nixos/celestia/secrets.yaml
@ -2,9 +2,6 @@ acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZG
 tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
 act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str]
 photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str]
 restic_ssh_key: ENC[AES256_GCM,data:NK7WXhnnueZ6kVZJnjShZ/QaNXINrJ6+youN3EPBmNjiLBTJHFg4LVR3MCU1GaK2HJpbz3qEJa/kto9LPONRR0F6LO6/7U17O0fdzF7Ca7u4xHI7uKBE6x9/dhd5MHJ2yQpEUwJnTB6i/++OcbSfTJmp062jTgWxdarngt6skx0m5JIlu6lhLKyFzGa+cBIesFItredQ2SJroUC4rK3CiQLutuaBlhw90wys3T2uTtRRgzQ08AF90+JY5jqflZposQPT0ox+xEegOyZ4UJxX2WToxD998N7/eETxo2E94zL/5f2mGoubDxwPTZp8cPX+1g85tFjhn361OSgHBwgRRT3rs/js1xZkQQO2McKPyGZVHOzQ0GSrpvxiSiUZk8/49eynEkWUsY2YXQxvl3/s6r/Toh9Wbr9mo3X67A2phTx1beEnU8XMwWS/5ZnqtFNHvxC6tfkAIwblNvCc9mTigSYhOji9TBpcZNOCumY/MYzGSCzxSFXcOnsKZKjxdE3ByHFKcMvJ+uiaav000MbdplOOsYLCSpdQAAZH,iv:JFcu2GO8k7awfB8RV17tcFj5KhXmUxnzjnoEdmMaqxc=,tag:awy4njmuS/l5CCFqWdsy3A==,type:str]
 restic_documents_repository_password: ENC[AES256_GCM,data:rcQ5PsvJW2i3e2v1FqbqCOoqiblqFDsqRifzY6YxIKZTNSNrRPgqUduqei/0aSGJTNG+zYS4YRCooCZ/E7mYFg==,iv:IO6OGY+Dfai0Hl/NWT7bqqhTkfhXlUqqnJyQjm87fSw=,tag:K3D112tm+kC5OpEF2t+oZQ==,type:str]
 restic_images_repository_password: ENC[AES256_GCM,data:yNWUqZ9ddkfD15mO7NocUYwqNWPaTHXfLkMNq7yy5xgSG4I3G01mFTt5qCPbZ0n+Y6DFlhDQBLAC5SwOvVNggA==,iv:LqA7TG9TS7eyHZ/xqF+L1w5imPdogQGH0DyokaQj4Bc=,tag:1OLRp7VO8Lfy1nQcUr3OWA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -20,8 +17,8 @@ sops:
            K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
            wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-18T18:21:19Z"
+    lastmodified: "2024-08-26T08:34:59Z"
-    mac: ENC[AES256_GCM,data:3QqYfYJpIb1kcd6Kh92BbfQIBrsniet3HYVR56V5g/eHRwJpy526A8Gpntc0vdu7Adpv/bbaaPzmCTeanhEXwXB38iXnEsWSsUBn/KyT0bhIi7HcXNfRM6al7cWA6YBwSyy12ElD0Bf/fX2ptUId39tOj3yr7Rg4VaXMr9gEsMk=,iv:s5LlkeHcjoqWeQDBQmoOTZWI7L18bJi/yz3yv8uGoSM=,tag:FH/CbzCyqBp1ebeKIPox8g==,type:str]
+    mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str]
    pgp:
        - created_at: "2024-01-25T08:00:56Z"
          enc: |-
@ -36,4 +33,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
    unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.0
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@ -1,7 +1,9 @@
 {
  self,
  nixpkgs,
  nixpkgs-stable,
  sops-nix,
  home-manager,
  lanzaboote,
  simple-nixos-mailserver,
  inputs,
@ -59,9 +61,7 @@
              inherit ip sshUser sshPort allowLocalDeployment remoteBuild;
            };
          }
-          {
+          {nixpkgs.system = "${system}";}
            nixpkgs.system = "${system}";
          }
        ]
        ++ additionalModules
        ++ [file];
@ -90,7 +90,7 @@ in {
    np = nixpkgs;
    system = "x86_64-linux";
    ip = "192.168.1.11";
-    remoteBuild = false;
+    # remoteBuild = false;
    file = ./celestia/configuration.nix;
  };
--- a/nixos/framework/configuration.nix
+++ b/nixos/framework/configuration.nix
@ -6,8 +6,6 @@
  ...
 }: {
  imports = [./hardware-configuration.nix];
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets."tailscale-auth-key" = {};
  boot.bootspec.enable = true;
  boot.loader.systemd-boot.enable = lib.mkForce false;
@ -16,7 +14,7 @@
    pkiBundle = "/etc/secureboot";
  };
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.kernelPackages = pkgs.linuxPackages_6_11;
+  boot.kernelPackages = pkgs.linuxPackages_6_9;
  nixpkgs.config.allowUnfree = true;
@ -35,26 +33,21 @@
    extraPackages = [pkgs.vaapiVdpau];
  };
  hardware.rtl-sdr.enable = true;
  hardware.bluetooth.enable = true;
  security.pam.services.swaylock = {};
  security.pam.services.hyprlock = {};
  fonts.packages = with pkgs; [
    font-awesome
-    nerd-fonts.fira-mono
+    (nerdfonts.override {fonts = ["FiraMono"];})
    mypkgs.comic-mono
  ];
  services = {
    illum.enable = true;
    fwupd.enable = true;
-    fprintd.enable = true; # currently broken
+    fprintd.enable = false; # currently broken
    pcscd.enable = true;
    udisks2.enable = true;
    tlp = {
      enable = true;
      settings = {
@ -104,14 +97,6 @@
      lidSwitchExternalPower = "ignore";
      extraConfig = "HoldoffTimeoutSec=300s";
    };
    tailscale = {
      enable = true;
      extraUpFlags = [
        "--accept-routes=true"
      ];
      authKeyFile = config.sops.secrets."tailscale-auth-key".path;
    };
  };
  services.pipewire = {
@ -126,7 +111,7 @@
  users.users.patrick = {
    isNormalUser = true;
-    extraGroups = ["wheel" "plugdev"];
+    extraGroups = ["wheel"];
  };
  environment.systemPackages = with pkgs; [
--- a/nixos/framework/secrets.yaml
+++ b/nixos/framework/secrets.yaml
@ -1,33 +0,0 @@
 tailscale-auth-key: ENC[AES256_GCM,data:jReYmVBmruNXXOlB9ep1Vx84XSKA8JAPReuxXglPMNDCUOIaX2S7zPuxAJp4KYhE91CnCNzprW/rdGejMw==,iv:251dyqcTqRh6N/lM07spgcyBnsxvwTdhKXdM45hepTc=,tag:/JqRTN80TJmA3H06Efbx8A==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQ29IUmRFcjNXNFRVZDh5
            ZGE0YUJxYmFITHJ1N1RtVkNHbnpBYS9IM0g0CmFWak94ZE9BR2x2cHhrTkxxVWVn
            czlRNUJoSm5FUVVPQVdXMnp6V1dMRjAKLS0tIFNUWVNCMEhjbEpjUXhRS05QTFpL
            bk1raG5pVE10ZEh1RXdYUXY0ZkVkUW8K5JWNqbd6k6slfOR9xfc6a58tdouElwlX
            w4MzIE7dUlqYux4MxbTzXhnX/A3D2oXg60Ya5rKqakgnAYvWlNwwAw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-25T15:49:24Z"
    mac: ENC[AES256_GCM,data:GQcgu7CWkUPrcsYlSK8rbnZIu3Ph/q5ohEt2F46Q5afEh2j0aQQfdlO7suFUmO93qoQ4Z4qo6HmSsqajR5QTMvWMjERSdAYh8WiX64zgnxzYD32GCLjvtp3NSraIHy5RsnX/+4vNDsGVq1pJIEr6McWuvxuuZ3cT2JbHiui8cGI=,iv:GkHo9aM6JXM1+kY42au7Rm3fJrqOnncKLxLC52JrVUw=,tag:7Ua+LTsfihrr+qcVhKvJPA==,type:str]
    pgp:
        - created_at: "2024-11-25T15:46:53Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hF4DMGJRmcuHhnsSAQdAIUNST8klTbwju58Y6yBe8tZtn0yK4hCrocSfV5qAOz8w
            eDZyWmShWVeAMIksZPJthyq2GmExd6S+BPjgn6sLmeaDBHzUsLV2lexpGSTif6MW
            1GgBCQIQVijI8dBnboVzsQHN1Yaj9Ntfb++u29TBmYiXLm455jsr/Aqwp8I9ZM0P
            tMPkxT6kHebICXpsbZvkSxv3kaPK1+TBGZkk8VEZxZZBl7NpvCAKufOiCHU/sH8I
            UOJGtqbpiWwqJQ==
            =qjQD
            -----END PGP MESSAGE-----
          fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/nixos/laptop/configuration.nix
+++ b/nixos/laptop/configuration.nix
@ -17,7 +17,7 @@
      preLVM = true;
    };
  };
-  boot.kernelPackages = pkgs.linuxPackages_6_6;
+  boot.kernelPackages = pkgs.linuxPackages_6_8;
  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "Europe/Berlin";
@ -113,7 +113,14 @@
    xserver = {
      enable = true;
      # windowManager.awesome = {
      #   enable = true;
      #   package = pkgs.callPackage ../../overrides/awesome.nix {};
      # };
      displayManager = {
        # sddm.enable = true;
        # defaultSession = "none+awesome";
        gdm = {
          enable = true;
          wayland = true;
@ -127,6 +134,46 @@
    };
  };
  # services.jupyter = {
  #   enable = true;
  #   package = pkgs.jupyter-all;
  #   command = "jupyter-lab";
  #   group = "users";
  #   password = "'$argon2i$v=19$m=4096,t=3,p=1$a2pzamhrdjgzaGtzZGZoZGY4NzcydWhkZnM$fuPanvCWOsPNpBjyLaBz3YRRzmSSdpp8kaYJAyEPtWA'";
  #   kernels = let
  #     juliaEnv = pkgs.julia_19-bin.withPackages ["IJulia" "Plots"];
  #     ijulia = builtins.readFile (
  #       pkgs.runCommand "${juliaEnv.name}-ijulia-pkgdir"
  #       {
  #         buildInputs = [juliaEnv];
  #       } ''
  #         ${juliaEnv}/bin/julia -e 'using IJulia; print(pkgdir(IJulia))' >$out
  #       ''
  #     );
  #   in {
  #     ijulia = {
  #       displayName = "Julia ${juliaEnv.julia.version}";
  #       argv = [
  #         "${juliaEnv}/bin/julia"
  #         "-i"
  #         "--color=yes"
  #         "${ijulia}/src/kernel.jl"
  #         "{connection_file}"
  #       ];
  #       language = "julia";
  #       interruptMode = "signal";
  #       logo32 = "${ijulia}/deps/logo-32x32.png";
  #       logo64 = "${ijulia}/deps/logo-64x64.png";
  #     };
  #   };
  # };
  # # systemd.services.jupyter.environment.JUPYTER_DATA_DIR = builtins.toString (pkgs.jupyter-kernel.create {
  # #   definitions = config.services.jupyter.kernels;
  # # });
  # systemd.services.jupyter.environment.JUPYTER_DATA_DIR = ".jupyter/data";
  # systemd.services.jupyter.environment.JUPYTER_RUNTIME_DIR = "/var/lib/jupyter/.local/share/jupyter/runtime";
  security.sudo.configFile = ''
    Defaults lecture=always
    Defaults lecture_file=${../../misc/sudo_lecture}
@ -135,7 +182,7 @@
  fonts.packages = with pkgs; [
    font-awesome
-    nerd-fonts.fira-mono
+    (nerdfonts.override {fonts = ["FiraMono"];})
    mypkgs.comic-mono
  ];
--- a/nixos/primordial/configuration.nix
+++ b/nixos/primordial/configuration.nix
@ -12,9 +12,6 @@ in {
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets."gitea.env" = {};
  sops.secrets."keycloak_db_pw" = {};
  sops.secrets."restic_mail_repository_password" = {};
  sops.secrets."restic_ssh_key" = {};
  sops.secrets."act-runner-token" = {};
  imports = [
    ./mail.nix
@ -232,22 +229,6 @@ in {
      lfs.enable = true;
    };
    gitea-actions-runner.instances = {
      docker-runner = {
        enable = true;
        name = "primordial-docker";
        url = "https://git.fuckwit.dev";
        tokenFile = config.sops.secrets."act-runner-token".path;
        labels = [
          "ubuntu-latest:docker://node:16-bullseye"
        ];
        settings = {
          runner.capacity = 5;
          cache.enabled = false;
        };
      };
    };
    grafana = {
      enable = true;
@ -267,40 +248,22 @@ in {
      };
    };
-    restic = {
+    keycloak = {
-      backups = {
+      enable = true;
-        mail = {
+
-          repository = "sftp:u169497-sub5@u169497.your-storagebox.de:mail";
+      database = {
-          initialize = true;
+        type = "postgresql";
-          extraOptions = [
+        createLocally = true;
-            "sftp.command='ssh -p23 u169497-sub5@u169497.your-storagebox.de -i ${config.sops.secrets."restic_ssh_key".path} -s sftp'"
+        passwordFile = config.sops.secrets."keycloak_db_pw".path;
          ];
          passwordFile = config.sops.secrets."restic_mail_repository_password".path;
          paths = ["/var/vmail" "/var/dkim"];
          timerConfig = {
            OnCalendar = "00:05";
            RandomizedDelaySec = "1h";
          };
        };
      };
      };
-    # keycloak = {
+      settings = {
-    #   enable = true;
+        hostname = "sso.fuckwit.dev";
-    #
+        http-host = "127.0.0.1";
-    #   database = {
+        http-port = 8004;
-    #     type = "postgresql";
+        proxy = "edge";
-    #     createLocally = true;
+      };
-    #     passwordFile = config.sops.secrets."keycloak_db_pw".path;
+    };
    #   };
    #
    #   settings = {
    #     hostname = "sso.fuckwit.dev";
    #     http-host = "127.0.0.1";
    #     http-port = 8004;
    #     proxy = "edge";
    #   };
    # };
    # drone-server = {
    #   enable = true;
@ -314,8 +277,6 @@ in {
    # };
  };
  virtualisation.podman.enable = true;
  users.users."root".openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux"
--- a/nixos/primordial/mail.nix
+++ b/nixos/primordial/mail.nix
@ -5,7 +5,6 @@
 }: {
  mailserver = {
    enable = true;
    enableManageSieve = true;
    fqdn = "mail.fuckwit.dev";
    domains = ["fuckwit.dev"];
--- a/nixos/primordial/secrets.yaml
+++ b/nixos/primordial/secrets.yaml
@ -1,8 +1,5 @@
 gitea.env: ENC[AES256_GCM,data:wkSPzLQtL3vGNIjG+jG6I3+R7wLBBdXeaCHbKxMbpVOldo8zrPLu8HdoryneRro58d7D9Cao9x+n5SvYNfGwHPgDJG8saXTeyEffIWIKNC+5+8fjiWwIkAvstckmZjSLitVxcwhifs49jmZgW/xQBPEPiAHzVkjeueV7p/Jm9WgyD2ycPrKUvNEYJ6DWZqQq9r10Y/KsRZsvRzF2cp6YeX7YGjW7E2wuQz9yy8gOFHxmoJxAc4zM7XaKZWKtow1UPCjTtxiY7qRkWK7KQt21Xf3FCsU=,iv:qQv7hbqh3Kl6sE/XW37D9AbYt4gLJw5BnfbbLIkzOd4=,tag:g6Cecvdb67W01HvIULNzsQ==,type:str]
 keycloak_db_pw: ENC[AES256_GCM,data:1oBqzpFokAmjkT770YKYwzCllaGTprtDR9W4B/+V6ZUXPhJ1R9DNWZHqpQ==,iv:dK36GBiDj12HVjUkZqTVk/rR6s1sf6dmQTk1ZJQwi+I=,tag:6Ix9QSf+A0U82sG0z8wSmw==,type:str]
 restic_mail_repository_password: ENC[AES256_GCM,data:B2XAP9tnztl/c7HB7bHywfJcwV9sLahfqCfI0TajWaWHPhRsZow4yxhn813FN4pINb5i1kYyiRG/sMXMKAFo9g==,iv:pQnVRVtuhcVtH/Kot9hcx8DSA4qlkksuUiY8HaOawfk=,tag:4lbmh8bQDSVNbI06/gNUlQ==,type:str]
 restic_ssh_key: ENC[AES256_GCM,data:HpS73OEFvqSLYg8Qh1syJEjCfv5og5VxxzK2VPmAFRk5BzM4xF3Dn0cmJtQpwMMwaRGRWFdCTMrQCBWRrLgDt7wUyMpBn1HivLr4nwEOU4oDStv+1zKmrNbWLSYw3TbHoNJ2K+C46lfpV9CBdb+8dmv2vto6HoKFrOYc5/ftYd7lD9zMhueAMCc3q7aPsIFGb2TRGNz1wrF6Cn9ew1Oqh/P7xlUuIgS0kAKRrybhiIO9IUgQsTV3qqZIXogP4Yy2OLSyhbtDuvtLAncL2pJ/ZsGme47G8HoFomyqEIf0eq7YKqlpTqKPbbnxfWSlWYGg+l9OtCJOeyp5oEZ6sjPNdTUYjpcVZpHNEEa2zkaZzRj5Jo/GIiJfCu4F0kk4opbqEUTeDQHgesylxwpd/v5zaplGEqpYZ7y/DAud+YUw7XWYWjy60kjlZdkbKwrL/Cg4dxWY8Cc7v42Ve7aADgSEpEhwo5rHxM3JSVHHHunfC6y+/Qin26wQZhF1w+d8/yqSaJidx6FsDSipGCJtXa9liIG7oG2vUlmYm4rE,iv:d/AFzPAJGSGv1WzQY4+p8mImFoWKkaoMRtIBNAYiU0E=,tag:mdE/e2VX5zdrFT43NZaYNQ==,type:str]
 act-runner-token: ENC[AES256_GCM,data:QEiYYYg8fZQIwVPT+vG2Eo8JO9y5PgVJBm5E1UlujANigQKvVkhPbVtulIB1Fg==,iv:V88x7xqYlbZuawPFU824bZtvM/b44BBVIjhnmtdYCwo=,tag:PgQcH1nkRpHCiBBMCSXfxg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -18,8 +15,8 @@ sops:
            V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy
            GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-10T21:24:52Z"
+    lastmodified: "2024-03-25T19:17:29Z"
-    mac: ENC[AES256_GCM,data:8zOgUn3QPUk6pZxaAVYN+yxIBRAihG9UpHEWSR37gQUT2hYG6ddHDBF56u0G0Hmpa2jUHUNw7hKe2YH7UVxc84Gmsv2oAQL6TPhgtwDBazViF0N9imt3+SEphx0t9Is58pzgFNp7uqy45GaoFtuQ1DIQOG090mHTLHZpnf1YL8o=,iv:EDNwgcGDqAZK4ZSQHxTjyLGhwKkK/TriyeL1FJ6J/Cs=,tag:5WZk+MnZb0kLrVrs601SiA==,type:str]
+    mac: ENC[AES256_GCM,data:Qnou0/umwMX2XD7gDF6SceFI5tLjOO30OVhFSXhxc2yuFj/gB0R1bPplLm5j/wmxfRQDvvm2zLgGFMqt+8i4Z+6OYgbuwFcv4FR2E001aWVj1zh+F8pRZVTxqnsvegoKWQwoXkhZe5S/fjX9N09SMYhBkjLUh9fboGXajEpDws8=,iv:hTQgeyli/MPaUVxJSzhDK+ssxv78w7hRBtQ1pnZGASg=,tag:HDKQ2duHMYvGa74Vp0fIjw==,type:str]
    pgp:
        - created_at: "2024-01-25T11:10:44Z"
          enc: |-
@ -34,4 +31,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.8.1
--- a/outputs.nix
+++ b/outputs.nix
@ -2,6 +2,7 @@
  self,
  flake-utils,
  nixpkgs,
  nurpkgs,
  deploy,
  home-manager,
  ...
--- a/pkgs/comic-mono/default.nix
+++ b/pkgs/comic-mono/default.nix
@ -22,8 +22,8 @@ pkgs.stdenv.mkDerivation rec {
  };
  nativeBuildInputs = with pkgs; [
-    python311
+    python39
-    python311Packages.fontforge
+    python39Packages.fontforge
    pkgs.unzip
  ];
--- a/renovate.json
+++ b/renovate.json
@ -1,12 +0,0 @@
 {
  "nix": {
    "enabled": true
  },
  "lockFileMaintenance": {
    "enabled": true,
    "schedule": [
      "at any time"
    ]
  },
  "automerge": true
 }