From 69a806e17ba6320bbbeee5ccc7b4d2f6676a6160 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:15:29 -0300
Subject: [PATCH 1/8] phantom: disable auto-updates

---
 hosts/phantom/default.nix | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/hosts/phantom/default.nix b/hosts/phantom/default.nix
index 79972d0..5351726 100644
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@@ -82,19 +82,6 @@
     max-jobs = 1;
   };
 
-  system.autoUpgrade = {
-    enable = true;
-    dates = "04:40";
-    operation = "switch";
-    flags = [
-      "--update-input"
-      "nixpkgs"
-      "--no-write-lock-file"
-      "--print-build-logs"
-    ];
-    flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom";
-  };
-
   networking.firewall.allowedTCPPorts = [ 8745 ];
 
   system.stateVersion = "23.05"; # Never change this

From 9f001b8c17a782bc43c28362530cc2c0ab0dd2eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:15:42 -0300
Subject: [PATCH 2/8] factorio: update server 2.0.72 -> 2.0.73

---
 pkgs/factorio-headless/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/factorio-headless/default.nix b/pkgs/factorio-headless/default.nix
index 4711275..77dcec8 100644
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@@ -1,10 +1,10 @@
 { factorio-headless, pkgs }:
 
 factorio-headless.overrideAttrs (_: rec {
-  version = "2.0.72";
+  version = "2.0.73";
   src = pkgs.fetchurl {
     name = "factorio_headless_x64-${version}.tar.xz";
     url = "https://www.factorio.com/get-download/${version}/headless/linux64";
-    hash = "sha256-zzBXNA28nYK9UWGUmuPnuPrZEux8oHuKMVHgQkpVaM0=";
+    hash = "sha256-dSAl+BtewSKZGe3IafnIdz20u1SKkNNw+Fk4I2yFfZo=";
   };
 })

From 7f899de0d3f5815b693c4b376b9e5277fb6d71a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:16:30 -0300
Subject: [PATCH 3/8] home: install kubernetes tools

---
 scripts/default.nix |  5 +++++
 scripts/kubectl-rsh | 30 ++++++++++++++++++++++++++++++
 user/home.nix       |  4 ++++
 3 files changed, 39 insertions(+)
 create mode 100755 scripts/kubectl-rsh

diff --git a/scripts/default.nix b/scripts/default.nix
index dca8862..3ebf1dd 100644
--- a/scripts/default.nix
+++ b/scripts/default.nix
@@ -48,6 +48,11 @@
       _diffr
     ];
     kak-man-pager = [ kak-pager ];
+    kubectl-rsh = [
+      bash
+      kubectl
+      rsync
+    ];
     helix-pager = [
       fish
       _diffr
diff --git a/scripts/kubectl-rsh b/scripts/kubectl-rsh
new file mode 100755
index 0000000..6a0e84f
--- /dev/null
+++ b/scripts/kubectl-rsh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -exu
+set -o pipefail
+
+namespace=''
+container=''
+pod=$1
+shift
+
+# rsync calls us with "-l pod namespace" if we use pod@namespace
+if [ "X$pod" = "X-l" ]; then
+	pod=$1
+	shift
+	namespace="-n $1"
+	shift
+fi
+
+# pod is "pod.container"
+if [[ "$pod" == *"."* ]]; then
+	container="-c ${pod#*.}"
+	pod="${pod%.*}"
+fi
+
+# pod is "type#name"
+if [[ "$pod" == *"#"* ]]; then
+	pod="${pod//#/\/}"
+fi
+
+exec kubectl $namespace exec -i $container $pod -- "$@"
diff --git a/user/home.nix b/user/home.nix
index 1a3d1c3..f6cc1e8 100644
--- a/user/home.nix
+++ b/user/home.nix
@@ -121,6 +121,10 @@
     docker-compose
     mariadb
 
+    kubectl
+    kustomize
+    kubectl-rsh
+
     nodePackages.intelephense
     nodePackages.typescript-language-server
     flow # js lsp server

From d038605de98abaa54e8d8169704323209b82d1ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:16:57 -0300
Subject: [PATCH 4/8] firefox: install gnome shell extension

---
 user/firefox.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/user/firefox.nix b/user/firefox.nix
index 1dd599c..2cf2e43 100644
--- a/user/firefox.nix
+++ b/user/firefox.nix
@@ -49,6 +49,12 @@ in
             hash = "sha256-yt6yRiLTuaK4K/QwgkL9gCVGsSa7ndFOHqZvKqIGZ5U=";
           })
 
+          (pkgs.fetchFirefoxAddon {
+            name = "gnome_shell_integration";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4591252/gnome_shell_integration-12.1.xpi";
+            hash = "sha256-gVv8CKKnjKenp9WcVASiBmu6xhcxE8GfHq46a3qDnbU=";
+          })
+
           (pkgs.fetchFirefoxAddon {
             name = "vimium_ff";
             url = "https://addons.mozilla.org/firefox/downloads/file/4191523/vimium_ff-2.0.6.xpi";

From ff74e9ec4a31276e7a1de25f54cc3fb9b90010a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:17:23 -0300
Subject: [PATCH 5/8] fish: mark branches with deleted remote

---
 user/fish/fish_prompt.fish | 47 ++++++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 12 deletions(-)

diff --git a/user/fish/fish_prompt.fish b/user/fish/fish_prompt.fish
index ec7774e..337c469 100644
--- a/user/fish/fish_prompt.fish
+++ b/user/fish/fish_prompt.fish
@@ -63,6 +63,21 @@ function _fish_prompt_git_unpushed_branches
       string split ', '
 end
 
+function _fish_prompt_git_remote_deleted -a git_branch
+    set -l git_remote (git config --get "branch.$git_branch.remote" 2> /dev/null)
+    set -l git_merge_ref (git config --get "branch.$git_branch.merge" 2> /dev/null)
+
+    test -n "$git_remote"
+    and test -n "$git_merge_ref"
+    or return 1
+
+    set -l git_remote_ref "refs/remotes/$git_remote/"(string replace -r '^refs/heads/' '' "$git_merge_ref")
+    git show-ref --verify --quiet "$git_remote_ref"
+    and return 1
+
+    return 0
+end
+
 function fish_git_prompt
     command -qs git
     or return
@@ -81,6 +96,7 @@ function fish_git_prompt
     set -l git_branch   (git branch --show-current 2> /dev/null);or return
     set -l git_detach   (_fish_prompt_git_detached)
     set -l git_remote_branch   (git rev-parse --abbrev-ref (git branch --show-current)@{u} 2> /dev/null)
+    set -l git_remote_deleted (_fish_prompt_git_remote_deleted "$git_branch"; and echo "1")
     set -l git_status_s (timeout 5s git status -s | string collect)
     set -l git_log_unpushed (_fish_prompt_git_unpushed_branches)
 
@@ -100,26 +116,33 @@ function fish_git_prompt
        _fish_prompt_warn   "$git_detach"
     else if  test -n "$git_branch"
        _fish_prompt_accent "$git_branch"
+       if test -n "$git_remote_deleted"
+           _fish_prompt_warn "X"
+       end
     else
        _fish_prompt_warn "init"
     end
 
     # if we have at least one commit
     if git rev-parse HEAD -- &>/dev/null
-        # print a "↑" if ahead of origin
-        test 0 -ne (git log --oneline "$git_remote_branch"..HEAD -- | wc -l)
-        and set -f _git_sync_ahead '↑'
+        # Only compare ahead/behind when upstream exists and resolves correctly.
+        if test -n "$git_remote_branch"
+            and git rev-parse --verify "$git_remote_branch" &>/dev/null
+            # print a "↑" if ahead of origin
+            test 0 -ne (git log --oneline "$git_remote_branch"..HEAD -- | wc -l)
+            and set -f _git_sync_ahead '↑'
 
-        # print a "↓" if behind of origin
-        test 0 -lt (git log --oneline HEAD.."$git_remote_branch" -- | wc -l)
-        and set -l _git_sync_behind '↓'
+            # print a "↓" if behind of origin
+            test 0 -lt (git log --oneline HEAD.."$git_remote_branch" -- | wc -l)
+            and set -l _git_sync_behind '↓'
 
-        if set -q _git_sync_ahead _git_sync_behind
-            _fish_prompt_normal '⇅'
-        else if set -q _git_sync_ahead
-            _fish_prompt_normal '↑'
-        else if set -q _git_sync_behind
-            _fish_prompt_normal '↓'
+            if set -q _git_sync_ahead _git_sync_behind
+                _fish_prompt_normal '⇅'
+            else if set -q _git_sync_ahead
+                _fish_prompt_normal '↑'
+            else if set -q _git_sync_behind
+                _fish_prompt_normal '↓'
+            end
         end
 
         if test -n "$git_log_unpushed"

From c625920f2c0b7f7fc2dcbd234adbc176c35c1d4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:19:13 -0300
Subject: [PATCH 6/8] monolith: limit system slice to 50% cpu usage

---
 hosts/monolith/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index da69746..29bf7ed 100644
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -50,6 +50,14 @@ in
   my.gaming.enable = true;
   my.nix-ld.enable = true;
 
+  systemd.slices."system" = {
+    enable = true;
+    sliceConfig = {
+      # 50% maximum usage accross 8 cores
+      CPUQuota = "${toString (8 * 50)}%";
+    };
+  };
+
   boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
 
   boot.initrd.kernelModules = [ "amdgpu" ];

From eb5e752b44333835e07ad041ddf7da65a6cfb1f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:19:35 -0300
Subject: [PATCH 7/8] monolith: increase gitlab runners concurrent count to 8

---
 hosts/monolith/monolith-gitlab-runner.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/monolith/monolith-gitlab-runner.nix b/hosts/monolith/monolith-gitlab-runner.nix
index b8eb3df..8de40bc 100644
--- a/hosts/monolith/monolith-gitlab-runner.nix
+++ b/hosts/monolith/monolith-gitlab-runner.nix
@@ -15,7 +15,7 @@ in
   virtualisation.docker.enable = true;
   services.gitlab-runner = {
     enable = true;
-    settings.concurrent = 3;
+    settings.concurrent = 8;
     services = {
       # runner for building in docker via host's nix-daemon
       # nix store will be readable in runner, might be insecure

From b5690aaaeea41e7a2923efb16e58ab5e4c42d351 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Tue, 3 Mar 2026 23:26:25 -0300
Subject: [PATCH 8/8] wpass: allow copying arbitrary keys

---
 scripts/wpass | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/scripts/wpass b/scripts/wpass
index 2b6240e..90a9d44 100755
--- a/scripts/wpass
+++ b/scripts/wpass
@@ -18,6 +18,13 @@ print_actions_for_entry() {
   if test -n "$otp"; then
     echo "OTP"
   fi
+
+  echo "$entry_content" | \
+    rg '^(\w+): .*$' --replace '$1' | \
+    sed \
+      -e '/login/d' \
+      -e '/user/d' \
+      -e '/email/d'
 }
 
 main() {
@@ -29,8 +36,9 @@ main() {
 
     test -n "$entry" || exit 0
 
-    username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'` || true
-    password=`pass show "$entry" 2>/dev/null | head -n 1` || true
+    entry_content="$(pass show "$entry" 2>/dev/null)" || true
+    username=`echo "$entry_content" | rg -m1 '(login|user|email): (.*)' -r '$2'` || true
+    password=`echo "$entry_content" | head -n 1` || true
     otp=`pass otp "$entry" 2>/dev/null` || true
 
     action="$(print_actions_for_entry | wdmenu -p Action)"
@@ -45,6 +53,10 @@ main() {
             printf '%s' "$password" | wl-copy;;
         OTP)
             pass otp "$entry" | wl-copy;;
+        *)
+            key="$action"
+            printf '%s\n' "$entry_content"  | rg -m1 "^$key: (.*)" -r '$1' | wl-copy -n
+            ;;
     esac
 
 }