niri: wip add niri

pass: install import extension
update
2024-09-16 01:13:31 -03:00 · 2024-09-15 20:22:24 -03:00 · 2024-09-14 15:23:01 -03:00 · 2024-09-14 14:54:43 -03:00 · 2024-08-20 10:50:40 -03:00 · 2024-08-20 01:16:36 -03:00
155 changed files with 1837 additions and 3642 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +0,0 @@
-flake.lock binary
-*.gpg binary
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,37 +0,0 @@
-keys:
-  - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-  - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-  - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-  - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
-  - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
-
-creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
-    key_groups:
-    - pgp:
-      - *lelgenio-gpg
-      age:
-      - *lelgenio-ssh
-      - *monolith-ssh
-  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini|gpg)$
-    key_groups:
-    - pgp:
-      - *lelgenio-gpg
-      age:
-      - *lelgenio-ssh
-      - *monolith-ssh
-  - path_regex: secrets/double-rainbow/[^/]+\.(yaml|json|env|ini|gpg)$
-    key_groups:
-    - pgp:
-      - *lelgenio-gpg
-      age:
-      - *lelgenio-ssh
-      - *monolith-ssh
-      - *double-rainbow-ssh
-  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
-    key_groups:
-    - pgp:
-      - *lelgenio-gpg
-      age:
-      - *lelgenio-ssh
-      - *phantom-ssh
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -1,14 +1,10 @@
 {
  description = "My system config";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.11";
-    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
-
-    home-manager.url = "github:nix-community/home-manager/release-25.11";
+    nixpkgs.url = "nixpkgs/nixos-24.05";
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

-    vpsadminos.url = "github:vpsfreecz/vpsadminos";
-
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
@ -20,60 +16,47 @@
    plymouth-themes.url = "github:adi1090x/plymouth-themes";
    plymouth-themes.flake = false;

-    sops-nix = {
-      url = "github:Mic92/sops-nix";
+    agenix = {
+      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
    };

    nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs-24_05.follows = "nixpkgs";
    };

-    dzgui-nix.url = "github:lelgenio/dzgui-nix";
+    dzgui-nix = {
+      url = "github:lelgenio/dzgui-nix/dzgui-4.1.0";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    tlauncher = {
-      url = "git+https://git.lelgenio.com/lelgenio/tlauncher-nix";
+      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    lsfg-vk-flake = {
-      url = "github:pabloaul/lsfg-vk-flake";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    treefmt-nix.url = "github:numtide/treefmt-nix";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";

    # my stuff
-    dhist.url = "github:lelgenio/dhist";
-    demoji.url = "github:lelgenio/demoji";
-    wl-crosshair.url = "github:lelgenio/wl-crosshair";
-    warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
-    made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
-    contador-da-viagem = {
-      url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem";
-      flake = false;
+    dhist = {
+      url = "github:lelgenio/dhist";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
-    catboy-spinner = {
-      url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
-      flake = false;
+    demoji = {
+      url = "github:lelgenio/demoji";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
-    tomater = {
-      url = "git+https://git.lelgenio.com/lelgenio/tomater";
-      flake = false;
+    wl-crosshair = {
+      url = "github:lelgenio/wl-crosshair";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
-    youre-wrong = {
-      url = "git+https://git.lelgenio.com/lelgenio/youre-wrong";
-      flake = false;
-    };
-    hello-fonts = {
-      url = "git+https://git.lelgenio.com/lelgenio/hello-fonts";
-      flake = false;
+    warthunder-leak-counter = {
+      url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
+      inputs.nixpkgs.follows = "nixpkgs";
    };

    niri-flake = {
@ -103,19 +86,40 @@

      specialArgs = {
        inherit inputs;
-        self = inputs.self;
      };
-      common_modules = [
-        { nixpkgs.pkgs = pkgs; }
-        ./system/configuration.nix
-        {
-          login-manager.greetd.enable = desktop == "sway" || desktop == "niri";
-          my.gnome.enable = desktop == "gnome";
-          my.kde.enable = desktop == "kde";
-        }
+      common_modules =
+        [
+          { nixpkgs.pkgs = pkgs; }

-        { home-manager.extraSpecialArgs = specialArgs; }
-      ];
+          inputs.niri-flake.nixosModules.niri
+          {
+            programs.niri.enable = true;
+            niri-flake.cache.enable = true;
+            environment.systemPackages = with pkgs; [ fuzzel ];
+          }
+          ./system/configuration.nix
+          ./system/secrets.nix
+          ./system/greetd.nix
+          { login-manager.greetd.enable = desktop == "sway"; }
+
+          inputs.agenix.nixosModules.default
+          inputs.dzgui-nix.nixosModules.default
+          inputs.home-manager.nixosModules.home-manager
+          inputs.disko.nixosModules.disko
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.lelgenio = import ./user/home.nix;
+            home-manager.backupFileExtension = "bkp";
+            # Optionally, use home-manager.extraSpecialArgs to pass
+            # arguments to home.nix
+            home-manager.extraSpecialArgs = {
+              inherit inputs;
+            };
+          }
+        ]
+        ++ lib.optional (desktop == "gnome") ./system/gnome.nix
+        ++ lib.optional (desktop == "kde") ./system/kde.nix;
    in
    {
      checks."${system}" = {
@ -123,33 +127,49 @@
      };
      nixosConfigurations = {
        i15 = lib.nixosSystem {
-          inherit specialArgs;
-          modules = common_modules ++ [ ./hosts/i15 ];
+          inherit system specialArgs;
+          modules = [ ./hosts/i15 ] ++ common_modules;
        };
        monolith = lib.nixosSystem {
-          inherit specialArgs;
-          modules = common_modules ++ [
+          inherit system specialArgs;
+          modules = [
            ./hosts/monolith
-          ];
+            ./system/monolith-gitlab-runner.nix
+            ./system/monolith-forgejo-runner.nix
+            ./system/nix-serve.nix
+            ./system/steam.nix
+          ] ++ common_modules;
+        };
+        rainbow = lib.nixosSystem {
+          inherit system specialArgs;
+          modules = [
+            ./hosts/rainbow
+            ./system/rainbow-gitlab-runner.nix
+          ] ++ common_modules;
        };
        double-rainbow = lib.nixosSystem {
-          inherit specialArgs;
-          modules = common_modules ++ [
-            ./hosts/double-rainbow
-          ];
+          inherit system specialArgs;
+          modules = [
+            ./hosts/double-rainbow.nix
+            ./system/rainbow-gitlab-runner.nix
+          ] ++ common_modules;
        };
        pixie = lib.nixosSystem {
-          inherit specialArgs;
-          modules = common_modules ++ [
-            ./hosts/pixie.nix
-          ];
+          inherit system specialArgs;
+          modules =
+            [ ./hosts/pixie.nix ]
+            ++ common_modules
+            ++ [
+              {
+                packages.media-packages.enable = lib.mkOverride 0 false;
+                programs.steam.enable = lib.mkOverride 0 false;
+                services.flatpak.enable = lib.mkOverride 0 false;
+              }
+            ];
        };
        phantom = lib.nixosSystem {
-          inherit specialArgs;
-          modules = [
-            { nixpkgs.pkgs = pkgs; }
-            ./hosts/phantom
-          ];
+          inherit system specialArgs;
+          modules = [ ./hosts/phantom ];
        };
      };

@ -166,7 +186,6 @@

      packages.${system} = pkgs // packages;

-      # formatter.${system} = pkgs.nixfmt-rfc-style;
-      formatter.${system} = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.wrapper;
+      formatter.${system} = pkgs.nixfmt-rfc-style;
    };
 }
--- a/hosts/double-rainbow/default.nix
+++ b/hosts/double-rainbow/default.nix
@ -17,13 +17,7 @@ let
  ];
 in
 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ./gitlab-runner.nix
-    ./nebula-vpn.nix
-  ];
-
-  my.nix-ld.enable = true;
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot.initrd.availableKernelModules = [
    "xhci_pci"
@ -43,15 +37,14 @@ in
    options = [ "subvol=@" ] ++ btrfs_options ++ btrfs_ssd;
  };

-  boot.initrd.luks.devices."luks-d6573cf8-25f0-4ffc-8046-ac3a4db1e964".device =
-    "/dev/disk/by-uuid/d6573cf8-25f0-4ffc-8046-ac3a4db1e964";
+  boot.initrd.luks.devices."luks-d6573cf8-25f0-4ffc-8046-ac3a4db1e964".device = "/dev/disk/by-uuid/d6573cf8-25f0-4ffc-8046-ac3a4db1e964";

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/97EB-7DB5";
    fsType = "vfat";
  };

-  swapDevices = [ { device = "/swapfile"; } ];
+  swapDevices = [ ];

  services.udev.extraRules = ''
    # Force all disks to use mq-deadline scheduler
--- a/hosts/double-rainbow/gitlab-runner.nix
+++ b/hosts/double-rainbow/gitlab-runner.nix
@ -1,36 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 4;
-    services = {
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-
-  sops.secrets = {
-    "gitlab-runners/wopus-gitlab-nix" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-  };
-}
--- a/hosts/double-rainbow/nebula-vpn.nix
+++ b/hosts/double-rainbow/nebula-vpn.nix
@ -1,51 +0,0 @@
-{ pkgs, config, ... }:
-let
-  s = config.sops.secrets;
-
-  secretConfig = {
-    owner = "nebula-wopus";
-    group = "nebula-wopus";
-    restartUnits = [ "nebula@wopus.service" ];
-    sopsFile = ../../secrets/double-rainbow/default.yaml;
-  };
-in
-{
-  environment.systemPackages = with pkgs; [ nebula ];
-
-  services.nebula.networks.wopus = {
-    enable = true;
-    isLighthouse = false;
-    lighthouses = [ "192.168.88.1" ];
-    settings = {
-      cipher = "aes";
-    };
-    cert = s."nebula-wopus-vpn/double-rainbow-crt".path;
-    key = s."nebula-wopus-vpn/double-rainbow-key".path;
-    ca = s."nebula-wopus-vpn/ca-crt".path;
-    staticHostMap = {
-      "192.168.88.1" = [
-        "neubla-vpn.wopus.dev:4242"
-      ];
-    };
-    firewall.outbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-    firewall.inbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-  };
-
-  sops.secrets = {
-    "nebula-wopus-vpn/ca-crt" = secretConfig;
-    "nebula-wopus-vpn/double-rainbow-crt" = secretConfig;
-    "nebula-wopus-vpn/double-rainbow-key" = secretConfig;
-  };
-}
--- a/hosts/monolith/amdgpu.nix
+++ b/hosts/monolith/amdgpu.nix
@ -1,23 +0,0 @@
-{ pkgs, ... }:
-{
-  boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.kernelParams = [
-    "video=DP-1:1920x1080@144"
-  ];
-
-  # hardware.amdgpu = {
-  #   overdrive = {
-  #     enable = true;
-  #     ppfeaturemask = "0xffffffff";
-  #   };
-  # };
-
-  hardware.graphics.package = pkgs.unstable.mesa; # Mesa 26 at the time
-
-  hardware.graphics.enable32Bit = true;
-
-  hardware.graphics.extraPackages = with pkgs; [
-    # libva needs to match `hardware.graphics.package`
-    unstable.libva
-  ];
-}
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -23,12 +23,7 @@ in
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./partition.nix
-    ./amdgpu.nix
-    ./factorio-server.nix
-    ./nebula-vpn.nix
-    ./minio.nix
-    ./monolith-forgejo-runner.nix
-    ./monolith-gitlab-runner.nix
+    ./undervolt.nix
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
@ -39,39 +34,37 @@ in
    "sd_mod"
  ];

-  hardware.opentabletdriver = {
-    enable = true;
-    # TODO: remove this once otd gets updated
-    package = pkgs.unstable.opentabletdriver;
-  };
-
-  sops.defaultSopsFile = lib.mkForce ../../secrets/monolith/default.yaml;
-
-  my.gaming.enable = true;
-  my.nix-ld.enable = true;
-
-  systemd.slices."system" = {
-    enable = true;
-    sliceConfig = {
-      # 50% maximum usage accross 8 cores
-      CPUQuota = "${toString (8 * 50)}%";
-    };
-  };
+  hardware.opentabletdriver.enable = true;

  boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
-
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [
    "kvm-amd"
    "amdgpu"
    "zenpower"
  ];
-
+  boot.kernelParams = [
+    "amdgpu.dcdebugmask=0x10" # amdgpu undervolting bug
+    "video=DP-1:1920x1080@144"
+  ];
  systemd.sleep.extraConfig = ''
    HibernateDelaySec=30s
    SuspendState=mem
  '';

+  hardware.opengl.driSupport = true;
+  # # For 32 bit applications
+  hardware.opengl.driSupport32Bit = true;
+
+  hardware.opengl.extraPackages = with pkgs; [
+    libva
+    libvdpau
+    vaapiVdpau
+    rocm-opencl-icd
+    rocm-opencl-runtime
+    rocmPackages.rocm-smi
+  ];
+
  fileSystems."/mnt/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
@ -108,8 +101,7 @@ in
    options = [
      "subvol=@games"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Downloads/Torrents" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -117,8 +109,7 @@ in
    options = [
      "subvol=@torrents"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Música" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -126,8 +117,7 @@ in
    options = [
      "subvol=@music"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/data" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -135,8 +125,7 @@ in
    options = [
      "subvol=@data"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
@ -160,9 +149,9 @@ in
    # Fix broken suspend with Logitech USB dongle
    # `lsusb | grep Logitech` will return "vendor:product"
    ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled"
-    # Force all disks to use kyber scheduler
+    # Force all disks to use mq-deadline scheduler
    # For some reason "noop" is used by default which is kinda bad when io is saturated
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="kyber"
+    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
  '';

  boot.tmp = {
--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@ -1,65 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-let
-  mkBackup = time: {
-    systemd.services."factorio-backup-save-${time}" = {
-      description = "Backup factorio saves";
-      script = ''
-        set -exuo pipefail
-
-        FILENAME="space-age-$(date --iso=seconds | tr ':' '_').zip"
-        DEST_DIR=~lelgenio/Documentos/GameSaves/factorio_saves/space-age-1/${time}
-
-        mkdir -p "$DEST_DIR"
-        cp /var/lib/factorio/saves/default.zip "$DEST_DIR"/$FILENAME
-        chown lelgenio "$DEST_DIR" "$DEST_DIR"/$FILENAME
-
-        # list all files, from oldest to newest
-        # remove the last 10 from the list
-        # delete the rest
-        cd "$DEST_DIR"
-        ls | head -n-10 | xargs -r rm -v
-      '';
-      serviceConfig.Type = "oneshot";
-    };
-
-    systemd.timers."factorio-backup-save-${time}" = {
-      timerConfig = {
-        # Systemd accepts descriptive names such as "daily"
-        # The times are at midnight, Persistent makes sure that the backups get executed
-        OnCalendar = time;
-        Persistent = true;
-        Unit = "factorio-backup-save-${time}.service";
-      };
-      wantedBy = [ "timers.target" ];
-    };
-  };
-in
-{
-  imports = [
-    (mkBackup "daily")
-    (mkBackup "monthly")
-  ];
-
-  services.factorio = {
-    enable = true;
-    package = pkgs.my-factorio-headless;
-    public = true;
-    lan = true;
-    openFirewall = true;
-    admins = [ "lelgenio" ];
-    extraSettingsFile = config.sops.secrets."factorio/server-config.json".path;
-  };
-
-  systemd.services.factorio = {
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-  };
-
-  sops.secrets."factorio/server-config.json" = {
-    mode = "777";
-  };
-}
--- a/hosts/monolith/minio.nix
+++ b/hosts/monolith/minio.nix
@ -1,43 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-let
-  s = config.sops.secrets;
-
-  dataDir = "/var/lib/minio";
-
-  s3Port = 14749;
-  consolePort = 10601;
-
-  secretConfig = {
-    owner = "minio";
-    group = "minio";
-    restartUnits = [ "minio.service" ];
-    sopsFile = ../../secrets/monolith/default.yaml;
-  };
-in
-{
-  services.minio = {
-    enable = true;
-
-    dataDir = [ dataDir ];
-
-    listenAddress = "0.0.0.0:${toString s3Port}";
-    consoleAddress = "127.0.0.1:${toString consolePort}";
-
-    rootCredentialsFile = config.sops.secrets."minio/root-credentials".path;
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 minio minio -"
-  ];
-
-  networking.firewall.allowedTCPPorts = [ s3Port ];
-
-  sops.secrets = {
-    "minio/root-credentials" = secretConfig;
-  };
-}
--- a/hosts/monolith/monolith-gitlab-runner.nix
+++ b/hosts/monolith/monolith-gitlab-runner.nix
@ -1,51 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { inherit inputs; })
-    mkNixRunner
-    mkNixRunnerFull
-    ;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 8;
-    services = {
-      # runner for building in docker via host's nix-daemon
-      # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
-      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
-
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-
-      default = {
-        # File should contain at least these two variables:
-        # `CI_SERVER_URL`
-        # `CI_SERVER_TOKEN`
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
-        dockerImage = "debian:stable";
-        dockerPullPolicy = "if-not-present";
-      };
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-
-  sops.secrets = {
-    "gitlab-runners/thoreb-telemetria-nix" = { };
-    "gitlab-runners/thoreb-itinerario-nix" = { };
-    "gitlab-runners/docker-images-token" = { };
-    "gitlab-runners/wopus-gitlab-nix" = { };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = { };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = { };
-  };
-}
--- a/hosts/monolith/nebula-vpn.nix
+++ b/hosts/monolith/nebula-vpn.nix
@ -1,53 +0,0 @@
-{ pkgs, config, ... }:
-let
-  s = config.sops.secrets;
-
-  secretConfig = {
-    owner = "nebula-wopus";
-    group = "nebula-wopus";
-    restartUnits = [ "nebula@wopus.service" ];
-    sopsFile = ../../secrets/monolith/default.yaml;
-  };
-in
-{
-  environment.systemPackages = with pkgs; [ nebula ];
-
-  services.nebula.networks.wopus = {
-    enable = true;
-    isLighthouse = false;
-    lighthouses = [
-      "192.168.88.3"
-    ];
-    settings = {
-      cipher = "aes";
-    };
-    cert = s."nebula-wopus-vpn/monolith-crt".path;
-    key = s."nebula-wopus-vpn/monolith-key".path;
-    ca = s."nebula-wopus-vpn/ca-crt".path;
-    staticHostMap = {
-      "192.168.88.3" = [
-        "72.60.60.221:4242"
-      ];
-    };
-    firewall.outbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-    firewall.inbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-  };
-
-  sops.secrets = {
-    "nebula-wopus-vpn/ca-crt" = secretConfig;
-    "nebula-wopus-vpn/monolith-crt" = secretConfig;
-    "nebula-wopus-vpn/monolith-key" = secretConfig;
-  };
-}
--- a/hosts/monolith/undervolt.nix
+++ b/hosts/monolith/undervolt.nix
@ -0,0 +1,18 @@
+{ pkgs, ... }:
+let
+  undervoltGpu = pkgs.writeShellScript "undervolt-gpu" ''
+    set -xe
+    cd $1
+    echo "manual" > power_dpm_force_performance_level
+    echo "1" > pp_power_profile_mode
+    test -e pp_od_clk_voltage
+    echo "vo -100" > pp_od_clk_voltage
+    echo "c" > pp_od_clk_voltage
+  '';
+in
+{
+  boot.kernelParams = [ "amdgpu.ppfeaturemask=0xfffd7fff" ];
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="hwmon", ATTR{name}=="amdgpu", ATTR{power1_cap}="186000000", RUN+="${undervoltGpu} %S%p/device"
+  '';
+}
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@ -2,19 +2,15 @@
  config,
  pkgs,
  inputs,
-  lib,
  ...
 }:
 {
  imports = [
-    inputs.vpsadminos.nixosConfigurations.container
-    inputs.sops-nix.nixosModules.default
-
-    ../../system/sops.nix
+    ./vpsadminos.nix
+    inputs.agenix.nixosModules.default
    ../../system/nix.nix
    ./hardware-config.nix
    ./mastodon.nix
-    ./lemmy.nix
    ./nextcloud.nix
    ./nginx.nix
    ./syncthing.nix
@ -22,9 +18,9 @@
    ./writefreely.nix
    ./email.nix
    ./forgejo.nix
+    ./warthunder-leak-counter.nix
    ./invidious.nix
    ./davi.nix
-    ./goofs.nix
  ];

  networking.hostName = "phantom";
@ -52,29 +48,12 @@
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  # Select internationalisation properties.
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";

  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;

-  sops = {
-    secrets.hello = { };
-    defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;
-  };
-
-  environment.etc."teste-sops" = {
-    text = config.sops.secrets.hello.path;
-  };
-
-  virtualisation.docker = {
-    enable = true;
-    daemon.settings = {
-      # needed by bitbucket runner ???
-      log-driver = "json-file";
-      log-opts = {
-        max-size = "10m";
-        max-file = "3";
-      };
-    };
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
  };

  nix.settings = {
@ -82,6 +61,19 @@
    max-jobs = 1;
  };

+  system.autoUpgrade = {
+    enable = true;
+    dates = "04:40";
+    operation = "switch";
+    flags = [
+      "--update-input"
+      "nixpkgs"
+      "--no-write-lock-file"
+      "--print-build-logs"
+    ];
+    flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom";
+  };
+
  networking.firewall.allowedTCPPorts = [ 8745 ];

  system.stateVersion = "23.05"; # Never change this
--- a/hosts/phantom/email.nix
+++ b/hosts/phantom/email.nix
@ -36,16 +36,12 @@
        hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
      };
    };
-
-    enableManageSieve = true;
-
-    stateVersion = 3;
  };

  # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
-  services.postfix.settings.main = {
-    smtp_address_preference = "ipv4";
-  };
+  services.postfix.extraConfig = ''
+    smtp_address_preference = ipv4
+  '';

  # Webmail
  services.roundcube = {
@ -56,7 +52,7 @@
      $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
-      $config['plugins'] = [ "carddav", "archive", "managesieve" ];
+      $config['plugins'] = [ "carddav", "archive" ];
    '';
  };
 }
--- a/hosts/phantom/forgejo.nix
+++ b/hosts/phantom/forgejo.nix
@ -27,9 +27,6 @@ in
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
-      repository = {
-        ENABLE_PUSH_CREATE_USER = true;
-      };
      server = {
        DOMAIN = "git.lelgenio.com";
        HTTP_PORT = 3000;
@ -42,10 +39,11 @@ in
        USER = "noreply@git.lelgenio.com";
      };
    };
-    secrets.mailer.PASSWD = config.sops.secrets."forgejo/smtp_password".path;
+    mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
  };

-  sops.secrets."forgejo/smtp_password" = {
+  age.secrets.phantom-forgejo-mailer-password = {
+    file = ../../secrets/phantom-forgejo-mailer-password.age;
    mode = "400";
    owner = "forgejo";
  };
--- a/hosts/phantom/goofs.nix
+++ b/hosts/phantom/goofs.nix
@ -1,51 +0,0 @@
-{ inputs, config, ... }:
-{
-  imports = [
-    inputs.warthunder-leak-counter.nixosModules.default
-    inputs.made-you-look.nixosModules.default
-  ];
-
-  services.warthunder-leak-counter.enable = true;
-  services.nginx.virtualHosts."warthunder-leak-counter.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.warthunder-leak-counter.port}";
-    };
-  };
-
-  services.made-you-look.enable = true;
-  services.nginx.virtualHosts."coolest-thing-ever.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.made-you-look.port}";
-    };
-  };
-
-  services.nginx.virtualHosts."catboy-spinner.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.catboy-spinner;
-  };
-  services.nginx.virtualHosts."tomater.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.tomater;
-  };
-  services.nginx.virtualHosts."youre-wrong.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.youre-wrong;
-  };
-  services.nginx.virtualHosts."hello-fonts.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.hello-fonts;
-  };
-  services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.contador-da-viagem;
-  };
-}
--- a/hosts/phantom/hardware-config.nix
+++ b/hosts/phantom/hardware-config.nix
@ -1,15 +1,10 @@
 {
-  fileSystems."/var/lib/syncthing-data" = {
-    device = "172.16.130.7:/nas/5749/syncthinng_data";
-    fsType = "nfs";
-    options = [ "nofail" ];
-  };
-  fileSystems."/var/lib/mastodon" = {
-    device = "172.16.131.19:/nas/5749/mastodon";
-    fsType = "nfs";
-    options = [ "nofail" ];
-  };
-
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+{
  swapDevices = [
    {
      device = "/swap/swapfile";
--- a/hosts/phantom/invidious.nix
+++ b/hosts/phantom/invidious.nix
@ -1,39 +1,12 @@
 {
-  inputs,
-  pkgs,
-  config,
-  ...
-}:
-{
-  # Replace with unstable, since 24.05 does not have sig-helper
-  disabledModules = [ "services/web-apps/invidious.nix" ];
-  imports = [ (inputs.nixpkgs-unstable + "/nixos/modules/services/web-apps/invidious.nix") ];
-
  services.invidious = {
    enable = true;
    domain = "invidious.lelgenio.com";
    nginx.enable = true;
    port = 10601;
-    http3-ytproxy.enable = true;
-    sig-helper = {
-      enable = true;
-      package = pkgs.unstable.inv-sig-helper;
+    settings.db = {
+      user = "invidious";
+      dbname = "invidious";
    };
-    # {
-    #     "visitor_data": "...",
-    #     "po_token": "..."
-    # }
-    extraSettingsFile = config.sops.secrets."invidious/settings.json".path;
-    settings = {
-      force_resolve = "ipv6";
-      db = {
-        user = "invidious";
-        dbname = "invidious";
-      };
-    };
-  };
-
-  sops.secrets."invidious/settings.json" = {
-    mode = "666";
  };
 }
--- a/hosts/phantom/lemmy.nix
+++ b/hosts/phantom/lemmy.nix
@ -1,18 +0,0 @@
-{ pkgs, ... }:
-{
-  services.lemmy = {
-    enable = true;
-    settings = {
-      hostname = "lemmy.lelgenio.com";
-    };
-    database.createLocally = true;
-    nginx.enable = true;
-  };
-
-  services.pict-rs.package = pkgs.pict-rs;
-
-  services.nginx.virtualHosts."lemmy.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-  };
-}
--- a/hosts/phantom/mastodon.nix
+++ b/hosts/phantom/mastodon.nix
@ -14,14 +14,15 @@
      host = "lelgenio.com";
      fromAddress = "noreply@social.lelgenio.com";
      user = "noreply@social.lelgenio.com";
-      passwordFile = config.sops.secrets."mastodon/smtp-password".path;
+      passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
    };
    streamingProcesses = 2;
    extraConfig.SINGLE_USER_MODE = "true";
    mediaAutoRemove.olderThanDays = 5;
  };

-  sops.secrets."mastodon/smtp-password" = {
+  age.secrets.phantom-mastodon-mailer-password = {
+    file = ../../secrets/phantom-mastodon-mailer-password.age;
    mode = "400";
    owner = "mastodon";
  };
--- a/hosts/phantom/nextcloud.nix
+++ b/hosts/phantom/nextcloud.nix
@ -1,17 +1,17 @@
 {
  config,
  pkgs,
+  inputs,
  ...
 }:
 {
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud29;
    hostName = "cloud.lelgenio.com";
    https = true;
    config = {
-      dbtype = "sqlite"; # TODO: move to single postgres db
-      adminpassFile = config.sops.secrets."nextcloud/default-password".path;
+      adminpassFile = config.age.secrets.phantom-nextcloud.path;
    };
  };

@ -20,9 +20,12 @@
    enableACME = true;
  };

-  sops.secrets."nextcloud/default-password" = {
-    mode = "400";
-    owner = "nextcloud";
-    group = "nextcloud";
+  age = {
+    secrets.phantom-nextcloud = {
+      file = ../../secrets/phantom-nextcloud.age;
+      mode = "400";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
  };
 }
--- a/hosts/phantom/syncthing.nix
+++ b/hosts/phantom/syncthing.nix
@ -11,10 +11,6 @@
    dataDir = "/var/lib/syncthing-data";
    guiAddress = "0.0.0.0:8384";
    openDefaultPorts = true;
-    guiPasswordFile = config.sops.secrets."syncthing/password".path;
-    settings.gui = {
-      user = "lelgenio";
-    };
  };

  services.nginx.virtualHosts."syncthing.lelgenio.com" = {
@ -30,10 +26,4 @@
          "proxy_pass_header Authorization;";
    };
  };
-
-  sops.secrets."syncthing/password" = {
-    mode = "400";
-    owner = "syncthing";
-    group = "syncthing";
-  };
 }
--- a/hosts/phantom/vpsadminos.nix
+++ b/hosts/phantom/vpsadminos.nix
@ -0,0 +1,76 @@
+# This file provides compatibility for NixOS to run in a container on vpsAdminOS
+# hosts.
+#
+# If you're experiencing issues, try updating this file to the latest version
+# from vpsAdminOS repository:
+#
+#   https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
+
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+let
+  nameservers = [
+    "1.1.1.1"
+    "2606:4700:4700::1111"
+  ];
+in
+{
+  networking.nameservers = mkDefault nameservers;
+  services.resolved = mkDefault { fallbackDns = nameservers; };
+  networking.dhcpcd.extraConfig = "noipv4ll";
+
+  systemd.services.systemd-sysctl.enable = false;
+  systemd.services.systemd-oomd.enable = false;
+  systemd.sockets."systemd-journald-audit".enable = false;
+  systemd.mounts = [
+    {
+      where = "/sys/kernel/debug";
+      enable = false;
+    }
+  ];
+  systemd.services.rpc-gssd.enable = false;
+
+  # Due to our restrictions in /sys, the default systemd-udev-trigger fails
+  # on accessing PCI devices, etc. Override it to match only network devices.
+  # In addition, boot.isContainer prevents systemd-udev-trigger.service from
+  # being enabled at all, so add it explicitly.
+  systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ];
+  systemd.services.systemd-udev-trigger.serviceConfig.ExecStart = [
+    ""
+    "-udevadm trigger --subsystem-match=net --action=add"
+  ];
+
+  boot.isContainer = true;
+  boot.enableContainers = mkDefault true;
+  boot.loader.initScript.enable = true;
+  boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs";
+  boot.systemdExecutable = mkDefault "/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0";
+
+  # Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix>
+  documentation.enable = mkOverride 500 true;
+  documentation.nixos.enable = mkOverride 500 true;
+  networking.useHostResolvConf = mkOverride 500 false;
+  services.openssh.startWhenNeeded = mkOverride 500 false;
+
+  # Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host
+  systemd.services.networking-setup = {
+    description = "Load network configuration provided by the vpsAdminOS host";
+    before = [ "network.target" ];
+    wantedBy = [ "network.target" ];
+    after = [ "network-pre.target" ];
+    path = [ pkgs.iproute2 ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add";
+      ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del";
+    };
+    unitConfig.ConditionPathExists = "/ifcfg.add";
+    restartIfChanged = false;
+  };
+}
--- a/hosts/phantom/warthunder-leak-counter.nix
+++ b/hosts/phantom/warthunder-leak-counter.nix
@ -0,0 +1,19 @@
+{
+  inputs,
+  pkgs,
+  config,
+  ...
+}:
+{
+  imports = [ inputs.warthunder-leak-counter.nixosModules.default ];
+
+  services.warthunder-leak-counter.enable = true;
+
+  services.nginx.virtualHosts."warthunder-leak-counter.lelgenio.com" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.warthunder-leak-counter.port}";
+    };
+  };
+}
--- a/hosts/phantom/writefreely.nix
+++ b/hosts/phantom/writefreely.nix
@ -12,16 +12,19 @@
    nginx.forceSSL = true;
    host = "blog.lelgenio.com";
    admin.name = "lelgenio";
-    admin.initialPasswordFile = config.sops.secrets."writefreely/password".path;
+    admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
    settings.app = {
      site_name = "Leo's blog";
      single_user = true;
    };
  };

-  sops.secrets."writefreely/password" = {
-    mode = "400";
-    owner = "writefreely";
-    group = "writefreely";
+  age = {
+    secrets.phantom-writefreely = {
+      file = ../../secrets/phantom-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
  };
 }
--- a/hosts/pixie/default.nix
+++ b/hosts/pixie/default.nix
@ -12,9 +12,6 @@
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  packages.media-packages.enable = lib.mkOverride 0 false;
-  services.flatpak.enable = lib.mkOverride 0 false;
-
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
--- a/hosts/rainbow/default.nix
+++ b/hosts/rainbow/default.nix
@ -0,0 +1,85 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  btrfs_options = [
+    "compress=zstd:3"
+    "noatime"
+    "x-systemd.device-timeout=0"
+  ];
+  btrfs_ssd = [
+    "ssd"
+    "discard=async"
+  ];
+in
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ "i915" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/BTRFS_ROOT";
+    fsType = "btrfs";
+    options = [ "subvol=@nixos" ] ++ btrfs_options ++ btrfs_ssd;
+  };
+
+  boot.initrd.luks.devices = {
+    "main" = {
+      bypassWorkqueues = true;
+      device = "/dev/disk/by-label/CRYPT_ROOT";
+    };
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-label/BTRFS_ROOT";
+    fsType = "btrfs";
+    options = [ "subvol=@home" ] ++ btrfs_options ++ btrfs_ssd;
+  };
+
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/DC3B-5753";
+    fsType = "vfat";
+  };
+
+  fileSystems."/swap" = {
+    device = "/dev/disk/by-label/BTRFS_ROOT";
+    fsType = "btrfs";
+    options = [ "subvol=@swap" ] ++ btrfs_ssd;
+  };
+
+  swapDevices = [
+    {
+      device = "/swap/swapfile";
+      size = (1024 * 8);
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  networking.hostName = "rainbow"; # Define your hostname.
+}
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -2,7 +2,6 @@
 rec {
  all = [
    scripts
-    unstable
    themes
    new-packages
    patches
@ -12,18 +11,6 @@ rec {

  scripts = (import ../scripts);

-  unstable =
-    final: prev:
-    let
-      args = {
-        inherit (final) config;
-        system = prev.stdenv.hostPlatform.system;
-      };
-    in
-    {
-      unstable = import inputs.nixpkgs-unstable args;
-    };
-
  themes = (
    final: prev: {
      papirus_red = (final.papirus-icon-theme.override { color = "red"; });
@ -36,23 +23,25 @@ rec {
          ];
        }
      );
+      nerdfonts_fira_hack = (
+        final.nerdfonts.override {
+          fonts = [
+            "FiraCode"
+            "Hack"
+          ];
+        }
+      );
    }
  );

  new-packages = (
    final: prev:
-    let
-      system = prev.stdenv.hostPlatform.system;
-    in
    packages
    // {
-      lsfg-vk = inputs.lsfg-vk-flake.packages.${system}.lsfg-vk;
-      lsfg-vk-ui = inputs.lsfg-vk-flake.packages.${system}.lsfg-vk-ui;
-      dhist = inputs.dhist.packages.${system}.dhist;
-      demoji = inputs.demoji.packages.${system}.default;
-      tlauncher = inputs.tlauncher.packages.${system}.tlauncher;
-      wl-crosshair = inputs.wl-crosshair.packages.${system}.default;
-      dzgui = inputs.dzgui-nix.packages.${system}.default;
+      dhist = inputs.dhist.packages.${prev.system}.dhist;
+      demoji = inputs.demoji.packages.${prev.system}.default;
+      tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
+      wl-crosshair = inputs.wl-crosshair.packages.${prev.system}.default;
    }
  );

--- a/pkgs/blade-formatter/default.nix
+++ b/pkgs/blade-formatter/default.nix
@ -0,0 +1,64 @@
+{
+  lib,
+  mkYarnPackage,
+  fetchFromGitHub,
+  fetchYarnDeps,
+  testers,
+  writeText,
+  runCommand,
+  blade-formatter,
+}:
+
+mkYarnPackage rec {
+  pname = "blade-formatter";
+  version = "1.38.2";
+
+  src = fetchFromGitHub {
+    owner = "shufo";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-JvILLw7Yp4g/dSsYtZ2ylmlXfS9t+2KADlBrYOJWTpg=";
+  };
+
+  packageJSON = ./package.json;
+  offlineCache = fetchYarnDeps {
+    yarnLock = "${src}/yarn.lock";
+    hash = "sha256-UFDxw3fYMzSUhZw+TCEh/dN7OioKI75LzKSnEwGPKDA=";
+  };
+
+  postBuild = "yarn build";
+
+  passthru.tests = {
+    version = testers.testVersion {
+      package = blade-formatter;
+      command = "blade-formatter --version";
+    };
+
+    simple = testers.testEqualContents {
+      assertion = "blade-formatter formats a basic blade file";
+      expected = writeText "expected" ''
+        @if (true)
+            Hello world!
+        @endif
+      '';
+      actual =
+        runCommand "actual"
+          {
+            nativeBuildInputs = [ blade-formatter ];
+            base = writeText "base" ''
+              @if(   true )  Hello world!   @endif
+            '';
+          }
+          ''
+            blade-formatter $base > $out
+          '';
+    };
+  };
+
+  meta = with lib; {
+    description = "Laravel Blade template formatter";
+    homepage = "https://github.com/shufo/blade-formatter";
+    license = licenses.mit;
+    maintainers = with maintainers; [ lelgenio ];
+  };
+}
--- a/pkgs/blade-formatter/package.json
+++ b/pkgs/blade-formatter/package.json
@ -0,0 +1,120 @@
+{
+  "name": "blade-formatter",
+  "engines": {
+    "node": ">= 14.0.0"
+  },
+  "keywords": [
+    "php",
+    "formatter",
+    "laravel"
+  ],
+  "version": "1.38.2",
+  "description": "An opinionated blade template formatter for Laravel",
+  "main": "./dist/bundle.cjs",
+  "types": "./dist/types/main.d.ts",
+  "type": "module",
+  "exports": {
+    ".": {
+      "import": "./dist/bundle.js",
+      "require": "./dist/bundle.cjs",
+      "default": "./dist/bundle.js"
+    },
+    "./*": "./*"
+  },
+  "scripts": {
+    "build": "cross-env NODE_ENV=production node esbuild.js && cross-env NODE_ENV=production ESM_BUILD=true node esbuild.js",
+    "prepublish": "tsc src/main.ts --declaration --emitDeclarationOnly --outDir ./dist/types || true",
+    "watch": "node esbuild.js",
+    "test": "yarn run build && node --experimental-vm-modules node_modules/.bin/jest",
+    "lint": "eslint src -c .eslintrc.json --ext ts",
+    "fix": "prettier {src,__tests__}/**/*.ts --write",
+    "check_formatted": "prettier **/*.ts -c",
+    "changelog": "conventional-changelog -p angular -i CHANGELOG.md -s -r 0",
+    "prepare": "husky install",
+    "bin": "cross-env ./bin/blade-formatter.cjs"
+  },
+  "bin": {
+    "blade-formatter": "bin/blade-formatter.cjs"
+  },
+  "author": "Shuhei Hayashibara",
+  "license": "MIT",
+  "dependencies": {
+    "@prettier/plugin-php": "^0.19.7",
+    "@shufo/tailwindcss-class-sorter": "3.0.1",
+    "aigle": "^1.14.1",
+    "ajv": "^8.9.0",
+    "chalk": "^4.1.0",
+    "concat-stream": "^2.0.0",
+    "detect-indent": "^6.0.0",
+    "find-config": "^1.0.0",
+    "glob": "^8.0.1",
+    "html-attribute-sorter": "^0.4.3",
+    "ignore": "^5.1.8",
+    "js-beautify": "^1.14.8",
+    "lodash": "^4.17.19",
+    "php-parser": "3.1.5",
+    "prettier": "^2.2.0",
+    "tailwindcss": "^3.1.8",
+    "vscode-oniguruma": "1.7.0",
+    "vscode-textmate": "^7.0.1",
+    "xregexp": "^5.0.1",
+    "yargs": "^17.3.1"
+  },
+  "devDependencies": {
+    "@babel/core": "^7.6.4",
+    "@babel/plugin-transform-modules-commonjs": "^7.16.5",
+    "@babel/preset-env": "^7.13.12",
+    "@babel/preset-typescript": "^7.16.5",
+    "@types/concat-stream": "^2.0.0",
+    "@types/find-config": "^1.0.1",
+    "@types/fs-extra": "^11.0.0",
+    "@types/glob": "^8.0.0",
+    "@types/jest": "^29.0.0",
+    "@types/js-beautify": "^1.13.3",
+    "@types/lodash": "^4.14.178",
+    "@types/mocha": "^10.0.0",
+    "@types/node": "^18.0.0",
+    "@types/xregexp": "^4.4.0",
+    "@typescript-eslint/eslint-plugin": "^5.8.1",
+    "@typescript-eslint/parser": "^5.8.1",
+    "app-root-path": "^3.0.0",
+    "babel-jest": "^29.0.0",
+    "codecov": "^3.8.3",
+    "cross-env": "^7.0.3",
+    "esbuild": "^0.19.0",
+    "esbuild-node-externals": "^1.4.1",
+    "eslint": "^8.5.0",
+    "eslint-config-airbnb-base": "^15.0.0",
+    "eslint-config-airbnb-typescript": "^17.0.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-import-resolver-typescript": "^3.0.0",
+    "eslint-plugin-import": "^2.25.3",
+    "eslint-plugin-jest": "^26.0.0",
+    "eslint-plugin-prettier": "^5.0.0",
+    "fs-extra": "^11.0.0",
+    "husky": "^8.0.0",
+    "jest": "^29.0.0",
+    "lint-staged": ">=10",
+    "source-map-loader": "^4.0.0",
+    "ts-jest": "^29.0.0",
+    "ts-loader": "^9.2.6",
+    "ts-migrate": "^0.1.27",
+    "ts-node": "^10.4.0",
+    "typescript": "^5.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/shufo/blade-formatter.git"
+  },
+  "files": [
+    "dist",
+    "src",
+    "bin",
+    "wasm",
+    "syntaxes",
+    "CHANGELOG.md"
+  ],
+  "lint-staged": {
+    "*.ts": "yarn run fix"
+  }
+}
--- a/pkgs/caffeinated/default.nix
+++ b/pkgs/caffeinated/default.nix
@ -1,53 +0,0 @@
-{
-  stdenv,
-  lib,
-  fetchFromGitHub,
-
-  pkgconf,
-  pkg-config,
-  wayland-scanner,
-
-  systemd,
-  libbsd,
-  wayland,
-  wayland-protocols,
-  libcap,
-}:
-
-stdenv.mkDerivation {
-  pname = "caffeinated";
-  version = "2022-12-08";
-
-  src = fetchFromGitHub {
-    owner = "electrickite";
-    repo = "caffeinated";
-    rev = "5a8eff054bdce225a19cf3ab785dc1bbc9bd3265";
-    hash = "sha256-X1w/YWljcwb5ZH8Nt92CDhPU/yqBLH3lBS7yVJUeyzY=";
-  };
-
-  nativeBuildInputs = [
-    pkgconf
-    pkg-config
-    wayland-scanner
-  ];
-
-  buildInputs = [
-    systemd
-    libbsd
-    wayland
-    wayland-protocols
-    libcap
-  ];
-
-  makeFlags = [ "WAYLAND=1" ];
-
-  installFlags = [ "PREFIX=$(out)" ];
-
-  meta = {
-    description = "Utility to prevent the system from entering an idle state";
-    homepage = "https://github.com/electrickite/caffeinated";
-    license = lib.licenses.mit;
-    platforms = lib.platforms.linux;
-    maintainers = with lib.maintainers; [ lelgenio ];
-  };
-}
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -3,13 +3,11 @@

 { pkgs, inputs }:
 rec {
-  caffeinated = pkgs.callPackage ./caffeinated { };
+  blade-formatter = pkgs.callPackage ./blade-formatter { };
  cargo-checkmate = pkgs.callPackage ./cargo-checkmate.nix { };
  lipsum = pkgs.callPackage ./lipsum.nix { };
  emmet-cli = pkgs.callPackage ./emmet-cli.nix { };
  material-wifi-icons = pkgs.callPackage ./material-wifi-icons.nix { };
  gnome-pass-search-provider = pkgs.callPackage ./gnome-pass-search-provider.nix { };
-  my-factorio-headless = pkgs.callPackage ./factorio-headless {
-    inherit (pkgs.unstable) factorio-headless;
-  };
+  kak-tree-sitter = pkgs.callPackage ./kak-tree-sitter.nix { };
 }
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@ -1,10 +0,0 @@
-{ factorio-headless, pkgs }:
-
-factorio-headless.overrideAttrs (_: rec {
-  version = "2.0.73";
-  src = pkgs.fetchurl {
-    name = "factorio_headless_x64-${version}.tar.xz";
-    url = "https://www.factorio.com/get-download/${version}/headless/linux64";
-    hash = "sha256-dSAl+BtewSKZGe3IafnIdz20u1SKkNNw+Fk4I2yFfZo=";
-  };
-})
--- a/pkgs/factorio-headless/update.sh
+++ b/pkgs/factorio-headless/update.sh
@ -1,14 +0,0 @@
-#!/bin/sh
-
-set -xe
-
-cd "$(dirname $0)"
-
-current_version="$(rg '^.*?version\s*=\s*"(.+)".*?$' --replace '$1' ./default.nix)"
-current_hash="$(rg '^.*?hash\s*=\s*"(.+)".*?$' --replace '$1' ./default.nix)"
-
-new_version="$(curl https://factorio.com/api/latest-releases | jq -r .stable.headless)"
-new_hash="$(nix-hash --to-sri --type sha256 $(nix-prefetch-url --type sha256 https://www.factorio.com/get-download/${new_version}/headless/linux64))"
-
-sd --fixed-strings "$current_version" "$new_version" ./default.nix
-sd --fixed-strings "$current_hash" "$new_hash" ./default.nix
--- a/pkgs/gnome-pass-search-provider.nix
+++ b/pkgs/gnome-pass-search-provider.nix
@ -2,9 +2,10 @@
  stdenv,
  fetchFromGitHub,
  python3Packages,
-  wrapGAppsHook3,
+  wrapGAppsHook,
  gtk3,
  gobject-introspection,
+  gnome,
 }:

 let
@ -29,7 +30,7 @@ stdenv.mkDerivation rec {

  nativeBuildInputs = [
    python3Packages.wrapPython
-    wrapGAppsHook3
+    wrapGAppsHook
  ];

  propagatedBuildInputs = [
--- a/pkgs/kak-tree-sitter.nix
+++ b/pkgs/kak-tree-sitter.nix
@ -0,0 +1,34 @@
+{
+  lib,
+  stdenv,
+  rustPlatform,
+  fetchFromSourcehut,
+  makeWrapper,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "kak-tree-sitter";
+  version = "1.1.2";
+
+  src = fetchFromSourcehut {
+    owner = "~hadronized";
+    repo = "kak-tree-sitter";
+    rev = "kak-tree-sitter-v${version}";
+    hash = "sha256-wBWfSyR8LGtug/mCD0bJ4lbdN3trIA/03AnCxZoEOSA=";
+  };
+
+  cargoSha256 = "sha256-OQPUWqJAts8DbFNSsC/CmMCbuZ9TVxRTR05O7oiodKI=";
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  postFixup = ''
+    wrapProgram "$out/bin/ktsctl" \
+      --suffix PATH : ${stdenv.cc}
+  '';
+
+  meta = with lib; {
+    description = "Server that interfaces tree-sitter with kakoune";
+    homepage = "https://git.sr.ht/~hadronized/kak-tree-sitter";
+    license = with licenses; [ mit ];
+  };
+}
--- a/pkgs/lipsum.nix
+++ b/pkgs/lipsum.nix
@ -3,7 +3,7 @@
  fetchFromGitHub,
  pkg-config,
  vala,
-  wrapGAppsHook3,
+  wrapGAppsHook,
 }:
 stdenv.mkDerivation rec {
  pname = "lipsum";
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [
    pkg-config
    vala
-    wrapGAppsHook3
+    wrapGAppsHook
  ];

  makeFlags = [ "PRG=${pname}" ];
--- a/scripts/_docker-block-external-connections
+++ b/scripts/_docker-block-external-connections
@ -1,33 +0,0 @@
-#!/bin/sh
-
-# Create the DOCKER-USER chain if it doesn't exist
-iptables -N DOCKER-USER || true
-
-# Flush existing rules in the DOCKER-USER chain
-iptables -F DOCKER-USER
-
-# Get all external network interfaces
-interfaces=$(
-    ip -o -f inet addr show |
-    awk '{print $2}' |
-    grep -E '^(enp|eth|wlan|wlp)' |
-    sort -u
-)
-
-for iface in $interfaces; do
-    # Allow traffic from LAN
-    iptables -A DOCKER-USER -i "$iface" -s 127.0.0.1 -j ACCEPT
-    iptables -A DOCKER-USER -i "$iface" -s 10.0.0.0/8 -j ACCEPT
-    iptables -A DOCKER-USER -i "$iface" -s 192.168.0.0/16 -j ACCEPT
-
-    # Allow established and related connections
-    iptables -A DOCKER-USER -i "$iface" -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-    # Drop all other traffic
-    iptables -A DOCKER-USER -i "$iface" -j DROP
-
-    echo "iptables rules have been set up for interface: $iface"
-done
-
-# Return to the previous chain
-iptables -A DOCKER-USER -j RETURN
--- a/scripts/_sway_idle_toggle
+++ b/scripts/_sway_idle_toggle
@ -0,0 +1,11 @@
+#!/bin/sh
+
+swayidlectl() {
+  systemctl --user $1 swayidle.service
+}
+
+if swayidlectl status > /dev/null; then
+    swayidlectl stop
+else
+    swayidlectl start
+fi
--- a/scripts/bcrypt
+++ b/scripts/bcrypt
@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-if [ "$#" = 0 ]; then
-    echo "Usage: $0 [passwords...] | $0 - < passwords.txt" >&2
-    exit 1
-fi
-
-if [ "$1" = '-' ]; then
-    xargs -x -n1 -d'\n' htpasswd -bnBC 10 "" | tr -d ':' | sed '/^$/d'
-else
-    for pass in "$@"; do
-        htpasswd -bnBC 10 "" "$pass" | tr -d ':' | sed '/^$/d'
-    done
-fi
-
--- a/scripts/bmenu
+++ b/scripts/bmenu
@ -8,16 +8,14 @@
 if test "$argv[1]" = "run"
    test -n "$argv[2]" && set t "$argv[2]" || set t "terminal"

-    set -l launcher_args \
+    test -n "$i3SOCK" && set wrapper 'i3-msg exec --'
+    test -n "$SWAYSOCK" && set wrapper 'swaymsg exec --'
+
+    exec j4-dmenu-desktop \
        --dmenu="bmenu start -p Iniciar:" \
        --term "$t" \
+        --wrapper="$wrapper" \
        --no-generic
-
-    if test -n "$SWAYSOCK"
-        set launcher_args $launcher_args --i3-ipc
-    end
-
-    exec j4-dmenu-desktop $launcher_args
 end

 if test -n "$SWAYSOCK"
@ -27,13 +25,6 @@ if test -n "$SWAYSOCK"

    test -n "$focused_output"
    and set focused_output "-m $focused_output"
-else if test -n "$NIRI_SOCKET"
-    set -l focused_name (niri msg -j focused-output | jq -r '.name')
-    set -l focused_index (niri msg -j outputs | jq -r --arg focused "$focused_name" 'keys | index($focused)')
-
-    if test -n "$focused_index"; and test "$focused_index" != "null"
-        set focused_output "-m $focused_index"
-    end
 end

 set -l config "$HOME/.config/bmenu.conf"
--- a/scripts/controller-battery
+++ b/scripts/controller-battery
@ -1,29 +0,0 @@
-#!/bin/sh
-
-set -e
-
-CONTROLLER=$(find /sys/class/power_supply -maxdepth 1 -name '*controller*' || true)
-
-if test -z "$CONTROLLER"; then
-    echo
-    exit 0
-fi
-
-CAPACITY=$(cat "$CONTROLLER/capacity")
-STATUS=$(cat "$CONTROLLER/status")
-
-echo -n '󰊴 '
-
-if test "$STATUS" = "Charging"; then
-    echo -n "󰂄"
-else
-    print-battery-icon "$CAPACITY"
-fi
-
-# Add terminating newline
-echo
-
-# Tooltip
-echo -n '󰊴'
-print-battery-icon "$CAPACITY"
-echo " $CAPACITY%"
--- a/scripts/default.nix
+++ b/scripts/default.nix
@ -34,7 +34,7 @@
    ];
    down_meme = [
      wl-clipboard
-      unstable.yt-dlp
+      yt-dlp
      libnotify
    ];
    wl-copy-file = [
@ -43,24 +43,19 @@
    ];
    _diffr = [ diffr ];
    _thunar-terminal = [ terminal ];
+    _sway_idle_toggle = [ swayidle ];
    kak-pager = [
      fish
      _diffr
    ];
    kak-man-pager = [ kak-pager ];
-    kubectl-rsh = [
-      bash
-      kubectl
-      rsync
-    ];
    helix-pager = [
      fish
      _diffr
    ];
    helix-man-pager = [ helix-pager ];
-    bcrypt = [ apacheHttpd ];
    musmenu = [
-      mpc
+      mpc-cli
      wdmenu
      trash-cli
      xdg-user-dirs
@ -78,7 +73,6 @@
    ];
    wpass = [
      wdmenu
-      ripgrep
      fd
      myPass
      sd
@ -118,11 +112,11 @@
      mpv
      pqiv
      python3Packages.deemix
-      mpc
+      mpc-cli
      mpdDup
    ];
    mpdDup = [
-      mpc
+      mpc-cli
      perl
    ];
    readQrCode = [
@ -130,35 +124,11 @@
      zbar
      wl-clipboard
    ];
-    git_clean_remote_deleted = [
-      git
-      gnugrep
-      gawk
-      findutils
-    ];
-    pint-fmt = [ ];
    powerplay-led-idle = [
      bash
      libinput
      libratbag
    ];
-    sway-sync-xkbmap = [
-      xorg.setxkbmap
-      jq
-    ];
-    print-battery-icon = [ ];
-    controller-battery = [ print-battery-icon ];
-    mouse-battery = [ print-battery-icon ];
-    nix-prefetch-firefox-extension = [
-      nix
-    ];
-
-    _docker-block-external-connections = [
-      iptables
-      gawk
-      gnugrep
-      iproute2
-    ];
  }
  // lib.mapAttrs importScript {
    wdmenu = ./wdmenu.nix;
--- a/scripts/down_meme
+++ b/scripts/down_meme
@ -1,19 +1,10 @@
 #!/bin/sh

-set -euo pipefail
-
-cleanup() {
-    if test "$?" != 0; then
-        notify-send "Failed to download"
-    fi
-}
-trap cleanup EXIT INT
-
 DIR=$(mktemp -d)

 cd "$DIR"

-yt-dlp --cookies-from-browser firefox --merge-output-format mp4 "$(wl-paste)"
+yt-dlp --merge-output-format mp4 "$(wl-paste)"

 FILENAME="$(ls | head -n1)"

--- a/scripts/git_clean_remote_deleted
+++ b/scripts/git_clean_remote_deleted
@ -1,6 +0,0 @@
-#!/bin/sh
-
-git branch -vv \
-| grep ': gone]' \
-| awk '{print $1}' \
-| xargs git branch -D
--- a/scripts/kubectl-rsh
+++ b/scripts/kubectl-rsh
@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-set -exu
-set -o pipefail
-
-namespace=''
-container=''
-pod=$1
-shift
-
-# rsync calls us with "-l pod namespace" if we use pod@namespace
-if [ "X$pod" = "X-l" ]; then
-	pod=$1
-	shift
-	namespace="-n $1"
-	shift
-fi
-
-# pod is "pod.container"
-if [[ "$pod" == *"."* ]]; then
-	container="-c ${pod#*.}"
-	pod="${pod%.*}"
-fi
-
-# pod is "type#name"
-if [[ "$pod" == *"#"* ]]; then
-	pod="${pod//#/\/}"
-fi
-
-exec kubectl $namespace exec -i $container $pod -- "$@"
--- a/scripts/mouse-battery
+++ b/scripts/mouse-battery
@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -e
-
-MODEL_NAME_FILE=$(rg --files-with-matches G502 /sys/class/power_supply/*/model_name | head -n1)
-
-if test -z "$MODEL_NAME_FILE"; then
-    echo
-    exit 0
-fi
-
-MOUSE=$(dirname "$MODEL_NAME_FILE")
-
-if test -z "$MOUSE"; then
-    echo
-    exit 0
-fi
-
-CAPACITY=$(cat "$MOUSE/capacity")
-STATUS=$(cat "$MOUSE/status")
-
-echo -n '🖱️'
-
-if test "$STATUS" = "Charging"; then
-    echo -n "󰂄"
-else
-    print-battery-icon "$CAPACITY"
-fi
-
-if test "$CAPACITY" -lt 50; then
-    echo -n "$CAPACITY%"
-fi
-
-echo
-
-# Tooltip
-echo -n '🖱️'
-print-battery-icon "$CAPACITY"
-echo " $CAPACITY%"
--- a/scripts/nix-prefetch-firefox-extension
+++ b/scripts/nix-prefetch-firefox-extension
@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-hash="$(nix-prefetch-url --type sha256 "$@")"
-
-nix-hash --to-sri --type sha256 "$hash" 2>/dev/null
--- a/scripts/pint-fmt
+++ b/scripts/pint-fmt
@ -1,7 +0,0 @@
-#!/bin/sh
-
-file="$(mktemp)"
-cat - >"$file"
-./vendor/bin/pint --quiet "$file"
-cat "$file"
-rm "$file"
--- a/scripts/print-battery-icon
+++ b/scripts/print-battery-icon
@ -1,33 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if test $# -ne 1; then
-    echo "Usage $0" >&2
-    exit 1
-fi
-CAPACITY="$1"
-
-if test "$CAPACITY" -ge 90; then
-    echo -n '󰁹'
-elif test "$CAPACITY" -ge 90; then
-    echo -n '󰂂'
-elif test "$CAPACITY" -ge 80; then
-    echo -n '󰂁'
-elif test "$CAPACITY" -ge 70; then
-    echo -n '󰂀'
-elif test "$CAPACITY" -ge 60; then
-    echo -n '󰁿'
-elif test "$CAPACITY" -ge 50; then
-    echo -n '󰁾'
-elif test "$CAPACITY" -ge 40; then
-    echo -n '󰁽'
-elif test "$CAPACITY" -ge 30; then
-    echo -n '󰁼'
-elif test "$CAPACITY" -ge 20; then
-    echo -n '󰁻'
-elif test "$CAPACITY" -ge 10; then
-    echo -n '󰁺'
-else
-    echo -n '󰂎'
-fi
--- a/scripts/screenshotsh
+++ b/scripts/screenshotsh
@ -46,13 +46,4 @@ case $1 in
            $screenshot -o "$cur_output" - | $copy ||
            $screenshot - | $copy
        ;;
-    edit)
-        # Focused monitor to clipboard
-        cur_output=$(swaymsg -t get_outputs |
-            jq -r '.[] | select(.focused) | .name')
-
-        test -n "$cur_output" &&
-            $screenshot -o "$cur_output" - | satty --filename - --output-filename "$DESTFILE" ||
-            $screenshot - | satty --filename - --output-filename "$DESTFILE"
-        ;;
 esac
--- a/scripts/sway-sync-xkbmap
+++ b/scripts/sway-sync-xkbmap
@ -1,22 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-LAST_LAYOUT=""
-
-while sleep 1s; do
-    CURRENT_LAYOUT=$(swaymsg -t get_inputs | jq -r '.[]|.xkb_active_layout_name|select(.)' | head -n1)
-
-    if test "$LAST_LAYOUT" = "$CURRENT_LAYOUT"; then
-        true
-    elif test "$CURRENT_LAYOUT" = "English (Colemak)"; then
-        echo "Setting layout to colemak"
-        setxkbmap us colemak
-    elif test "$CURRENT_LAYOUT" = "Portuguese (Brazil)"; then
-        echo "Setting layout to br"
-        setxkbmap br
-    fi
-
-    LAST_LAYOUT="$CURRENT_LAYOUT"
-done
-
--- a/scripts/wpass
+++ b/scripts/wpass
@ -18,13 +18,6 @@ print_actions_for_entry() {
  if test -n "$otp"; then
    echo "OTP"
  fi
-
-  echo "$entry_content" | \
-    rg '^(\w+): .*$' --replace '$1' | \
-    sed \
-      -e '/login/d' \
-      -e '/user/d' \
-      -e '/email/d'
 }

 main() {
@ -36,9 +29,8 @@ main() {

    test -n "$entry" || exit 0

-    entry_content="$(pass show "$entry" 2>/dev/null)" || true
-    username=`echo "$entry_content" | rg -m1 '(login|user|email): (.*)' -r '$2'` || true
-    password=`echo "$entry_content" | head -n 1` || true
+    username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'`
+    password=`pass show "$entry" 2>/dev/null | head -n 1`
    otp=`pass otp "$entry" 2>/dev/null` || true

    action="$(print_actions_for_entry | wdmenu -p Action)"
@ -53,19 +45,13 @@ main() {
            printf '%s' "$password" | wl-copy;;
        OTP)
            pass otp "$entry" | wl-copy;;
-        *)
-            key="$action"
-            printf '%s\n' "$entry_content"  | rg -m1 "^$key: (.*)" -r '$1' | wl-copy -n
-            ;;
    esac

 }

 autotype(){
-    if test -n "$username"; then
-        env wtype -s 100 "$username"
-        env wtype -s 100 -k tab
-    fi
+    env wtype -s 100 "$username"
+    env wtype -s 100 -k tab
    env wtype -s 100 "$password"
 }

--- a/secrets/double-rainbow/default.yaml
+++ b/secrets/double-rainbow/default.yaml
@ -1,57 +0,0 @@
-gitlab-runners:
-    wopus-gitlab-nix: ENC[AES256_GCM,data:n/bm5W5Q/h7MxMZX7yz4qeUBpfZDrI7A7/PlnLncMto5V5itVTXRvfd3+D/d2r9PVuJSogfMgMAh0cwuvPspjlm9ToPxrmgGdYbnAkhnFeTHdCfcF1x2DG2JkHe54wUhcQa9QEJkWZ5jJM//2jU=,iv:63lrYCCBMSr5toulba7Rni+iun0Bl2vMFbIsTVvOWQs=,tag:Z1GHj91q09sOWCaLPIKJ4Q==,type:str]
-    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:+5I7INvMNfegjjC0xPNOSj+vFakXe6V4N/S5wvL64DOxfPXhSQAjVtdMslp/LlJXH4XWbkQ8ErLbySB3WMDMRDnDRY+6+UKXsP6MFpvEtho0lN+8ZeAGC25ehadYDSFTX43wz6cLRuoAqRQdhPKM96wcYif7nF40cStgaAQhkNemK7AenSA9LQ4J72dWovFuwfTZml8qH6W/O+YEqfOgZsyJ/LobcM1fiuN1S4NnCOJSWB2Ahsu0tiMOSRxKWeUS9+ewh+x1xnZL3y4vax5GgtS2KojtXq0U4qgNi4Gwnmef7HmH1tVgeMO2ykCsuCCZ9iJR0IOqTHU2l+U6hTzf5vehpgK5/tsthkXRsLUmVRnjUaQwaEq9JYltGpEdk6U0UnD+Mf0f5BsDw23lHgannLeduhrSFrPFj+BVodnPxjyYJTPXwXfbWrKIQ8s5kWfIq9x0VePsteIgEH4xLL0yFtyZzrYeCq9WF3j5xTvJsOlG0ehQzX22orrM4RzrFVmeLYOIc/V4bQeyIf1lWemr,iv:UNaUnlVayrzF7qpgIVi9gxPFGCzIP24jNUpO295JPog=,tag:a5OlD+AJH3u6y+Lo3lOQWw==,type:str]
-    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:aknblYwAAGaso/Vhr9f1RX64tA3uOh3qxc1dBI7DQmk4TUlQn/AYrKF7wanIhhydrasRulDEam3CBiiyeW/ejcXG07wKIUyZ94TOYfcyRd1yo+PGkmb1yycU6PdjaP5/zwUPAnjMhR2quW+8iwADaUMYKXIJkdQaqUW9a845vBKIxgNgBskWMGMzldb+aUnr2eCb,iv:MQdEUrNugzv+QL6f/MNUqh9M+nFVsWI4VHlMrgQOTEg=,tag:olNTQyCSOhv3sgSjuIXKBA==,type:str]
-nebula-wopus-vpn:
-    ca-crt: ENC[AES256_GCM,data:zNESDEqeRPBsaY53cDKx6DMYdHIdEjxAsX7rLMrGkd0+aw2zOEJDJ5jb/zIeatf7xBj5DkJa+CDWmWsu5v9p0QUu0LEEvdin3utuGa5GQEYR+1LCCrlB52klTvKEK6ck5cYewVR5bmq0NTvw4aVxZJoMKMXICYhNEs20ZMCIrbX8UOddXKt6OxeOzVZ/9uFg1gY9qkHe3Wn5mmNLwvXoHvzwtr+Oc9xT+SRMPYkGUkbyxQ5zRjJUKS79aPQ8R6ZgZVJqUmr9wS58D2To1Sfk4Ykrd4Q2lIlbTXdswp1im3LSTy0YosHu5P6mmBq9u3M=,iv:hnCrHDkQiUsoaFTImtWlvM+tuSplU5p4s6kkm/ysLZ0=,tag:5vH6oEWwUOA/QsiW0XvBag==,type:str]
-    double-rainbow-crt: ENC[AES256_GCM,data:gdR79bE2RdE8cc9HdIxoiTCbyzsaTrSRg8uouVLmq6IRnb8B7tltIitli0SRXzMWqfg1IUIQbXHbIvPgeQ+puCHqr1ghYK1GzrDLz6GIGTn8g+9MnDbRTghdlWKKrKVxJnrSecJvV0qEkDr2/WEAsXalstxcDEPNq2Rb+c7bv/P2oFNjKN1eeWsE5TgpFj61RLEWx/wPzQKyNx2ZFu1l4r63II6npvlZ8rwdrJAeZIT8oaU53zQzMMs0tHGYTJeaZcPgdBKfVSCmzGxrE2kuwR0bxSSB2knqdBmtl1aVxs3bF2Fkm1+wovCadCze+Ta6Vgtk4v8d3Ta+wE5qzek8shb2m7lXTixki356wOG0r3B+180Kzk5B7q4tIycrk9ggKPKAA+2XNHVFM9L8PojflK3BY+U=,iv:wNoELN2y8QrFGPJYQdrAVsaLrhMzD8ep313o/jpT9fM=,tag:8sRBtkfd1TVMK7R64sMXqw==,type:str]
-    double-rainbow-key: ENC[AES256_GCM,data:I0LGhV9biErwZw4PzOX6mbqyh+8n2XbpikwOqLe70g9+pfO72e8qdXvzYko8zLGIL0x8ZUYn6XCP63ZYzP866cLHCgglZ0+PQeBbqzp3lgfYDd7zBHDJE0NQobPtV6n1enbpzRtBe+ROeYQxCV5sZmEoxbzUyR0aSJ3JaGgZNw==,iv:Y5Iy32zHnQgqIH3d9U81FlsW+Mg8u06fk+AMnTcGejk=,tag:1ojEKwVALA9grJRzyNc+9g==,type:str]
-sops:
-    age:
-        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eTBFdVM5OFlQTi9JMmFw
-            QWpIU2dSdDMzQTVJOWJCUU03QXR1QVZoeXc4CkljdHNKQ0tUczMrNys5eXNGMnVa
-            K003QjdRaWY4RmNtaEw4cEsxSEJwZlEKLS0tIFZpbGUyaHh0RndkVlpQVlVucHJa
-            TndIUUhsY2xSR3E1WlJXV3ZFN0lIMncKjjf1yt4XhfguzYoCNmHYSmetMDnoz4cr
-            frbZdy4hl9w9EZO5JUeC/n7QMYTZLC2/Zk2PXRUvwyQglrGoUVK2Bg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHd4L0NEZW55OWd3SWlv
-            U3dEcDNKZUJid2VsZ1lQdy9NRnIyVDRPRm1VCnZDcCs0S1BLNjJLZTFpSHVpNVRj
-            OFpMK0ZjWTJkcWJoUFk2YnBCK3JKcFUKLS0tIEtqRkF4Q0FobXhPVTF6eWN2d0Nx
-            eVAwSi9LaVNEcHIvQnhhZmZLbHRPOUUK6A91L8YCpi/sM9FiXcJ1sLmW3U4KadYL
-            uw07mobP1Rf0RUdAuSK+42ErFgmS+OTDze/mT/PXg6Dfk+vhTjbfGA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaUpLU1ZxQWNCNFNGeEpl
-            dEpVbzBFbk1XaVoxMXIzMWFmTkZWS05GOFFvCmJGamVGK2pCeTJROVloMGdYK3Mx
-            cGF1elFSbjJ3UmUyc1FsUkh6b2JNWTgKLS0tIFRzbHZIL25tK1dnWm90QVFueWZM
-            WUZrTkg0cklJSUg5MndsN0ZPcVk4U0kKPsj787kDFDMxsBt5qk4Bp121AMTE++99
-            m2X4lL6ona9fUe8e8wGhdgxZmqvJL2RCaVWJJy5SAbJ/skP3y7i2mw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-12T16:38:27Z"
-    mac: ENC[AES256_GCM,data:XMsrBwV2G1jRA2c/T3y4015p6bJdggfrbI62bHZ1PQtbOImQUpxChVI9JhZqOIzWpyYB32HavRHwCe5nfam+L2tWNlVMRSogKBpDuanxyf3o2EHHStQqZYUuJrYtOL5cdeYMIXKRWS6LmHdHkcI2ixHsL+NXIG5o3XIYMaEBufo=,iv:G20hevYygnonf5l4qGZqs+b9f1FC+cfnYIKZcs+mUP4=,tag:p5rITlVoOwqdrG8Kcmjieg==,type:str]
-    pgp:
-        - created_at: "2025-09-09T20:27:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMAzy6JxafzLr5AQf/a5v/AIIsdE9WawM710HCLQwEJXskDXfN7UP055gDBJer
-            96qny8cKC833OhTPLqWCUpAVgJ1JQ8EDLvj2YvXLiq/NmMFs+mBwjPdzNIUKzK6E
-            QgtjRJuQfOGSW0i44b+nkmWLSi1PhxVbIFt27Nl4I+mrvkhztIZcTwht+be3mMrp
-            z1hEn/BbXsin6JOB6EuyFbsRZ3wYFUlr23NiKVI/JSo39ifbtGqgWn68GN+tYYYs
-            mZ5tJykyRZxTU6qEKBaW9veClxs0FW2shQpp6Go/u6u/ghhHeB99trauPFL2rypT
-            IaLGWruFwHMsd+rSTcw+YrTbL7bfkqx/4xj5dxJaFNJeAfo5F5ddr1odeAHeSQmh
-            pfStJmy83SHhyDw8wLKMeF9d7dPKIyU4cXbLjSv1w86bDpDw8LBJSYEjJPVjLONV
-            F6AXCJxNckDXmshGUejC09abAcMzzTsEJK7ocqEoMg==
-            =XAWM
-            -----END PGP MESSAGE-----
-          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2
--- a/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
+++ b/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+KuJIQzvERsM1zAF4iikbaIMsi4e/vnyx1yq6h9Mzxf6FnXyFRcUgLPVe05krQhJX
+0wjv18bI0jxRb8742Ww9i2nU5Tlrok9ol458iye5CPl63fAlVih4/Rkl3IkUIiIz
+q/VayGVaIHmpRD2xiEa4L+NXS9N69vVXoubX0oZrB0nPdYJ83gFU9u+CBqqG2EWr
+PBjyIvT5i5MDBnPZGOudadIoyeWGfjXEPsQWhQhL9ssi5QOzLXBnTDlxT53bNvHX
+2yOFprLDZ+ZONedkxy8OXZpPDYNcgPAIHiqx1E87ftqPIucdeU49AqlPh46wrPC3
+79E2hgSoPvn4poTlJtAD0tIADRGkcEV6wLCylN2lTOUJenUfhLNQ7ok4ITx8MOv3
+IkbWiD9yTMExVBlhc+us+XfBHM8mlWs/zu+18YTy21RM03gzY6lHVZCQPxay2Rof
+A505SeZ4Tyhoy0+oLaYv9b+7DJdlhUo/XMaKSibtgJ/2MCtRqmV5ZsnuUIWn1Qsc
+
+-> Vg-grease `tLg-(2z
+4EPuRnZmXpoB32r/0GCtskU3HU3h5ic
+--- QmKr+zAXnMpWBBBqNm2u954fOu2Zt8Y/kPPdq4UHgZc
+¤ì{çu|õæu´Ó€]OmXÝP3µÆ²•4_±½Â_
+q4›<EFBFBD>Ð6mþm©<‚pLH+d.hî‹’C<RDµ‘q<1F>Oø}öô3ÁZ¤KJ¤DÉàj]ÈýÒ¯Ù
ìá‚ØûCROË¥F;>‡
--- a/secrets/lelgenio-cachix.age
+++ b/secrets/lelgenio-cachix.age
--- a/secrets/lsfg.dll.gpg
+++ b/secrets/lsfg.dll.gpg
--- a/secrets/monolith-forgejo-runner-token.age
+++ b/secrets/monolith-forgejo-runner-token.age
--- a/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+YvABDqm9pSLhyLaKLDStuDisPJnaDpHnpTdTU4/xWgD3F4g2WkMymilhabqM+R5S
+hqcSVDxYE2mpPDPIDIMPRlZyw5EBKS6zQYFr7u3fdSMzzhL6pBLUvFtfq40Y3o6C
+LkkkYyWnJisWuTYeBY95H+fbDhqOylbjHP1fhRVwXO85pa4CcRMAWU2pKOIZRb3T
+IuQyE3LOT/vts56q0mgdItJK0gX0NJzXxi+8YdXb2VU5ny6IOBzDL4jUHhi4nfpS
+AmzEZE3ezq4Nxg+txMDQ6ZO+JUhqjCS4XDf5b2Lq6fDenVhFaNYf4HK/fMZHKhKE
+Ac+K5U3CKB7B2Ur+sEdB7AYWOc346bvxZhP16nwCI0ocaquo6WzEa6XA7zfRVC86
+wlTIUVdYKW3e/4AIHFnSXhFNss52kkhOjxcdQpdBb5RgSc/gWel7XFJ3bV17bCmV
+ccCYejBvW+Arpgr9Tl3UfyEbRbGTe7Jbxydsrx5h7gcXOuBYE3x8RGhegiL28wVl
+
+--- E11l59lvUhPNzXAYTgVUIIUCgJsEsSDMdnLV6r+qSiA
+¥Ë‹-&I:Ú¹Sa°_àÝzt•ø¨J!H¤¹'ëC`'uÜ@sØÙ'”:†èì÷ãÎ¶~Ò[0š×ïnÝY-uôF¦eÜ‹ê‹Çü`xÓ7‚öªíßDÆãÉþ0<C3BE>/Ã—%V½«Þ‘îUˆ
--- a/secrets/monolith-nix-serve-privkey.age
+++ b/secrets/monolith-nix-serve-privkey.age
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@ -1,59 +0,0 @@
-forgejo-runners:
-    git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str]
-gitlab-runners:
-    thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
-    thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
-    docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
-    wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
-    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
-    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:F+QHv9wwgyQYobKwyG13tS2OKCZuBPKLe7RLkhxsqYmVEtkCnli9jG+unMp7MC5L0i3puNqfoXP2IC6g4ESHq1yE0ksUpUCHzps4oMZBQK9b5JcqXQs+c//hskTQ/sFmTfGPpdnQ7wAifnQf5Mx2E4RwiRznMgJGQ3RDDjg9xfWUyvw6PlslZH65aGrq3P/iURvj,iv:u34+rXKLcZjBlVJmdbf60I82Fb621lUjOBmR4CTJWGk=,tag:ToPtBIz3bgzAUKc6hh4Oxg==,type:str]
-nebula-wopus-vpn:
-    ca-crt: ENC[AES256_GCM,data:sFc9SxfCVaDYxbJqzEK6pRsVoJSFbD1qs/oVKLXXJPrR2y5jVM/ESk/xwaemwEBDPn2VOxLqD62lPF8jP665w/rutskKJ4pMji+Ev2zeryaxDmEwSOL8EbEQtlNxkZZEX3dwVNxykbK5A3bIrcI6vHaOTFeMht6IanO6CdeQOS0KoyYW0fHbW0Dc/YytBMjVWCPQk2VeWCl7X4JBsjj8aVQ8qgupsI16tJmETetO3lHAaYt6dk0Fp51XVaKSuaYGBhnoADXEKA3cIQoPUOaJ1Q0CmdfYk5XWEr0q0OcqjeAn8OERGufHr227tJgYx8A=,iv:G5iq5qeX9NlkOdmj9K0GRQ/6lAU0cBNEO2hQe9kyirY=,tag:b3sW5hs0pkIqqm2j81BIIA==,type:str]
-    monolith-crt: ENC[AES256_GCM,data:+0YbGYreXYR2+cu0NwXUuAnfIEUBGXm5J6nUTx2/z25gDTOVx9eI7USX6cQT/3NOt9S8odHcHeWQXChgWU9Xf+avdXmNO9vQGf8bZCybDQltPF+Gb2zRiFWiAy7raQaZc74SMbGCzABdfQBnEnqs+s/y0+ovilzOmcopnu551QEyjojuMLVcpUsvrEoQBx+dLYBjx22xob0wNUmXgBFxLRuDvYHGdehZ4jg8Ihf9kpDyjtjpfa8mF1kmdKZvPI5Y9z4ZOvA8266H+jFSqfx41nIuYcIwi8naKkoRue4kRCv71IXyK5DJNEweZPXD5sCdd005sxGgBnpSJCpSfr7TsCy5FxDcf9ISi3yrXLttcnOt2u1b3FFKNQiwlo5s2PQB2AB2Zf3nvKPqICmcXtGN3w==,iv:Q6izpQw3SymKNjnjO4x3pzqGJo5SxYZkVYdXcHQBi0A=,tag:9tlMYrN+/mMNYifw1F3yZQ==,type:str]
-    monolith-key: ENC[AES256_GCM,data:Y8KVQk66dewyeRIF+6HJeufD9EYO55m73LxrtZi4KQU0RbUpsV0eiRMX62rYtw6+uP87f5Tx6kC3fX4+mqNb2ZgDtVvm3/Qnz5Ly112c/h33krNqRpv6pEHRkrS9j01tLkJnxwiyIvq3b03GTAIoCKWgqaaagCXYHArgzRrDIw==,iv:lp3zuD8XWaiJvyxzXHrgpF4qbrCv/uf9l9qyWXVrkkM=,tag:eSlTCa2TrIuga7UUxoloBQ==,type:str]
-minio:
-    root-credentials: ENC[AES256_GCM,data:izDiis6BgAubbe91EUcuwMKrSrYEDQFQbaEGzpdjj3Wlt8Z8gzgvGmYCryAK8GBUMbzQvy0do26xMGMl3LxLWz9bgixixPVFTTg5GhfUJw==,iv:hkrkGz+EpVwkWEMQWBrm2u4Jti7azsDtsTmyouDREug=,tag:mDnOKKBwgKOmsxegKcRhpQ==,type:str]
-nix-serve:
-    private-key: ENC[AES256_GCM,data:xSHNHiLKs5QG92cSR0gNlusRhGjRUcelSvBt/f3+LdLjTtPaYMmiEiUsl43FyaigGkGq4nGDWAgPVJ+bFNpman0F4KwYqoSp5zH07IC9KaXouvudRLMZc8MkpwKKptKebKDlxKfsLt44n3qnV7OPYzSgzA==,iv:yUM/4yCIJqTt04HyXBVe+EMN4NnFkVnVhsUvUlKv2QM=,tag:qAr0UIjWzXH1eEzGCrK5Vg==,type:str]
-factorio:
-    server-config.json: ENC[AES256_GCM,data:qpLNcNjKrlH5IjGsq7ukCPR7G5dfOfN9joM2KZUdKZetZ/mA8ikBSbuBtRxwBQUSB6PcFxDftus704vlOkLcDcc4PT9rnpEiedLng9NkJPZZo2exfozut3N7dhij28c6Jy2uvad1pzAfW78iHI0kJNkDQDD2oW9xoFAZrPDRh5oNLpNn1/iIFoIflyYFctUbcpsDvs+8xHGGM5PQQo0QnZcxfSPY2iT4At1i5WP/Uedonvlw9fNcoOtzP7BhOECuMWUC5W2v2hP2/vcp7M8=,iv:Ln+/4AudJfdJYdkq0xLVF8dyrObzLwhANpTo3WgjUF4=,tag:Rgw4/J016Geiv6FwF5ZaMQ==,type:str]
-sops:
-    age:
-        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk
-            SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts
-            Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1
-            U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys
-            f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD
-            a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw
-            K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3
-            aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
-            jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-15T06:33:37Z"
-    mac: ENC[AES256_GCM,data:lYnwpoQuDSRpcPdIoSX3aGssc34UPqj6aZaliXl9XKMu1FMEgKwYXvNGOgs4tV2hBUQvTB4ZhiPT62awEHxzO1CmVdi6eiR9LTP2KetVubvKp8Ps/xoWKl51pG9ubJj+H3rfwAhfbGVZmAb6PKQgY6mnpyutlt/ojCMoKJ4BVwM=,iv:O0MoP+Nb1+nrowX3yfhIY/pjtSbLPV6qHOhDiEfdpzw=,tag:qSA02qKepxJ8p1qpZYN+UQ==,type:str]
-    pgp:
-        - created_at: "2025-03-07T22:49:16Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6
-            YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl
-            iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo
-            N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs
-            86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3
-            JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS
-            Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi
-            czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g==
-            =Yqqx
-            -----END PGP MESSAGE-----
-          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
--- a/secrets/phantom-forgejo-mailer-password.age
+++ b/secrets/phantom-forgejo-mailer-password.age
--- a/secrets/phantom-mastodon-mailer-password.age
+++ b/secrets/phantom-mastodon-mailer-password.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
+/WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
+eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
+WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
+bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
+MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
+ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
+CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
+
+--- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
+ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ‘ 'ÂJŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|
--- a/secrets/phantom-nextcloud.age
+++ b/secrets/phantom-nextcloud.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+bpGCgyaAPDutva1Gp/YPuek6IZTXJHKb7+oIAV/x+7Ry4Oci9zM2VWvPVE/rPE/d
+0AzBX1NvsWBB005w42RfiErk4FQYRCouwNR1FNjUWNdQOmku++RPfxBXspAFIDkQ
+yM7mqbhwf5by5rZY+2kl20QxkErkVtZolus1am9RV4uyXfdPaRcKjWOuPiEim42d
+YdeCXq4nJGxlL3tRunIqLIZGhV08wHBl7Dubhn9hdD6/ekDk0RloVTBDZUY5tUPL
+dJk+bfFPI0DimytzCwyQbWEHOkdiWYSNzbx2JhTSvuqefHP1UzB2LukaQc2gOJFV
+mVKvQuGpOWknytMUhM6zCTvRw4OQutAZd96OniQYTas/vnmfT2l2n9aMEzQK157A
+U9DmsvhBypILiQSPpA7QrGB1QVuRjAFJA86ASY1FAT6MdBBK4vZ8fK7mpT06JO/n
+gwv+UlvFBziWHzA/1GOLrfD+ExjmbeucRZr5XGszrAaK/7GPZt4LF69hRmKegL94
+
+-> 9I3~SC,<-grease M$2 RibFL]C
+uR6MirHtTc4Tyrcw3T2my+BN2Q
+--- 56zk9BqgwQqNymga1mUDgpvtfIpMy5i/JnaSXbjx6jk
+ÞQÚÞ—Ž)NâÿÚ¦¨Žß‘-†ŸÀ ÷ÑDz-ÖIÅß-°]p$ÉX5æT·PU=u;kæ8}wÁV¦mšç=
--- a/secrets/phantom-renawiki.age
+++ b/secrets/phantom-renawiki.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+BUJ9L1bwZ0RWj3FmMghmZDkY4iuc0gujS3Rfat+hj/pg+MALZ69Tovc5RnqmOZT/
+pTGPTzWj3WO70YU+wCUHKZ74JcKdL3wSD1FWOWYRvyDV3gxZjDTjw4Grs+sH9M4Z
+MrhdoyY95fhmGZHJ7Qkx/aKCAK/OaFSu5Vhh37ykmLd1gQ9NJYQ+G3lLr1Mrqjd/
+1QaBqJtJpAFTA0eCd3+oBtQ/qgHD2ZBJcOmkS9sRC6S4YKNoyoDifTbL29aJC4f/
+08myI0WH/ApbtN1hWuiVWibmy/9/76IAvgUqi8fULNY5w7Otz3nKGV+mDA5+oD11
+jCHZJdcec9JFyZ/V2mh/PoHpNawksNPy85eJ0MpM1avM25Qib8kWJM6fnZb7uJzt
+DsYCl2q4ILnTaieuTSJUfgacKbrwSv7MQfgdh1SkXAShyZ7aSCoDhsgSdOVwYoAX
+Mspm0NtodeV7493qZwYspO6H0xbfh20vXa1DOeMt98T1iP0aYYhfRXkb0wACx1QF
+
+-> \z/RLj3S-grease cmv( uCkG*= .cX3S 9r^&
+OVTVTnB3PjD4COiRCtQ
+--- EhfDqxfjLIHF9Sa7V4ytO1xsRK8p23WDsWcB9/B9fRw
+.ß=–£))/’ö‰Í¹êÒ‹#´ýLÁƒŒÓ‰Ž—|p
+7	ÍñÄKä®7ò²Š@üCJfš:w6Pè•@@/N<>7¿
--- a/secrets/phantom/default.yaml
+++ b/secrets/phantom/default.yaml
@ -1,62 +0,0 @@
-hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str]
-example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str]
-#ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str]
-    - ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str]
-example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
-    - ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
-forgejo:
-    smtp_password: ENC[AES256_GCM,data:g/Uqmtp8A9pas5WcslwnGCKSXv7dYSRMA8wKm7DWpvssVRZJ,iv:vNBqdTlZ5mg0AhjMNr8rUts1rDBYmq03tdiceVN3xjs=,tag:M3qfiZEWvJN/XUjjmnAXqA==,type:str]
-invidious:
-    settings.json: ENC[AES256_GCM,data:wzbBnj3qrhw+clHpetEm/FYs+zkMM0kG0JO97E2wPEPaoBZDuOy3BRAbzmwkn4RUEt2hWVN89/A1qweXuuScXt5LSgaQXFXmGQQ2RzXY7K7Pr3uBNol53pnNQI5M6Mi1bif26rdiwznE0QgZCuptadhPcHbCaWB2QrXyYDdTdvQ6Wd+ZueSXPXCjpRnXaqZzTFc5VJf09wqTFahUvVkgjkhgiLVUu218b8xghekJLwJ3bKwmXuXsnmGSQjFry6ttbFPQJawVXWqsiNY7iaE0k1K3NKcTu5Fm2XiriPTKuGM51EXrqaw97ywWN8JEBGxZTk7kcWg2tAf9ddOewYMG,iv:2oDgPdFihZ9O8IkAydL2DtlUtCBUw70u2F2Rn+eW9rs=,tag:zvdZbEdQzbtWgft+i00ufQ==,type:str]
-mastodon:
-    smtp-password: ENC[AES256_GCM,data:ciRTgcCKueSiYerBjWHOD4c9wlpMlcV9jiFaEWFh92vgA6J9,iv:TAaPiMIL8Yfd9k4j9dN40dWqQWAPb+24ngvPC7GTrlE=,tag:+7fGAN7FKiPIWvdsQXGqxg==,type:str]
-nextcloud:
-    default-password: ENC[AES256_GCM,data:mR0KRCheXh6NBVn+odK9Kx0e4njJDuZ6OS37Iw==,iv:PAb/sCt7hq5WKZwr4FMfiMqf7mGvpXQEnZcbzmDz9oI=,tag:ukBDHbFKrStXckzuE1TwJA==,type:str]
-writefreely:
-    password: ENC[AES256_GCM,data:5hzvM8Aitvj4Hb/RgViV1QjsnpQqln0k1nZvEz8Y7vdZvcHo,iv:Wi+pKcGqi09050sitgxt/+hYGF2mlmYC0SDjmqSWPr4=,tag:V0KSBgIV4fgMbxuADVTxrA==,type:str]
-syncthing:
-    password: ENC[AES256_GCM,data:s3EMaGJGSwGxgajdHfWpblAU1Ows/h5JzS6PB9jU/BfmSMvG,iv:E2Exhs2f2v16iovexQGm9HUMxpLrY2uQ8OS/rOawj08=,tag:QXesaGB9v+yPnokZh6DMWA==,type:str]
-sops:
-    age:
-        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3
-            TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z
-            R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj
-            NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x
-            nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU
-            VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3
-            YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE
-            RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
-            o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-22T12:00:25Z"
-    mac: ENC[AES256_GCM,data:AZm1yDw8whCTufBYbiug3i1e1YQRVprOMFTSR6GvvPDXD8ouvwSqoqYbmL7Cm1GxEG5WME1Z/tRzBzN2rU0gleGpXAXb/C+nF3R4PEHdPg25b0vfWAShZHb1YZGpMwkAd3H69y7yJclXeE2sFKx85DUGieYELelrzF9hT8jceHE=,iv:74M+68IAx0Kv7MCAe4Hsj/oTRJP6XOZNc2bxc1Ot5kI=,tag:XfocOwXlpM9WYHVHGs0MWg==,type:str]
-    pgp:
-        - created_at: "2025-03-07T22:49:19Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE
-            nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem
-            TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2
-            XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo
-            QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO
-            q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W
-            cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw
-            REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw==
-            =htZl
-            -----END PGP MESSAGE-----
-          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
--- a/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+KCVF4Sy49stOeQs2uunYKkvadqeimmWlJ4ucEJxfXy2z+OkkZpixUnWgJEH2nCa4
+NL/F0Wezbqvh+Texl4FlHN8PT2w/d5gdg/L+fI4jBYCvbbiHA4sdUgmXWigY8zrU
+5H7Y9mgb1Y174fA6zfTCk2fHmk+KARoV27YrS2fzGoVQiPhnvv8ZT51eF1E+Zs4I
+YtXehxEOqYljJKYJJnF9ElzfNa8nypACGtcjTE8eEq0DlZu2U7qV+QWwQudHbcs
+MbFR2VtkHWQaNdK1vVBGND1CMlfshSCqbUzGcexownMiCVSal1RKA2uAWnYdOEc/
+QSR8cKn8QQ5dyPFCqZ8RnlCMUegCVLg5cC0/rlTUD0C/Ti2SRBYTH3HvJjmSNk8k
+3LdcNwK4YtG4d1gkqLVjwCM1Yg8I/UICb5nQYclvBz5VQ2drvL/gU/+Vc7Z5KUFI
+0G/7uNmeJ16Eky+X9c73ZZxVqm0TzDENE2GzkPhBHEfXBR+4j6m8KKEWxQmA2ZSg
+
+--- Oq9wU0h90iU/8g1XTNI+LuAg7t09hngj9DCK91V1+pg
+Ï‡võ’P·Êì}ÓN,×ÿWl?y0)‘eVw‰©Aði±ýê•Å<E280A2>Sm¥œ¼¸à‡ì>‰ð°ÑD“ÂQž¦C-ùëB†Ôáôôø0ŽúVµ|÷=ŽXÊ6©ë ¢œ‹W<E280B9>>ãÒì~·-qIÞ%
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,20 @@
+let
+  main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
+in
+{
+  "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
+    main_ssh_public_key
+  ];
+  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
+    main_ssh_public_key
+  ];
+  "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
+  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
+  "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
+  "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
+}
--- a/secrets/test.yaml
+++ b/secrets/test.yaml
@ -1,55 +0,0 @@
-hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str]
-example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str]
-#ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str]
-    - ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str]
-example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool]
-    - ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool]
-sops:
-    shamir_threshold: 1
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR
-            VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW
-            UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh
-            a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/
-            X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG
-            LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl
-            RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK
-            NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP
-            Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-07T22:49:01Z"
-    mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str]
-    pgp:
-        - created_at: "2025-03-07T22:49:20Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu
-            cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy
-            vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt
-            hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC
-            t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH
-            SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr
-            KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me
-            CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ==
-            =IMON
-            -----END PGP MESSAGE-----
-          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
--- a/settings/default.nix
+++ b/settings/default.nix
@ -1,18 +1,6 @@
 { lib, ... }:
 {
  options = {
-    my = {
-      themes = lib.mkOption { };
-      key = lib.mkOption { };
-      theme = lib.mkOption { };
-      accent = lib.mkOption { };
-      font = lib.mkOption { };
-      username = lib.mkOption { type = lib.types.str; };
-      mail = lib.mkOption { };
-      dmenu = lib.mkOption { type = lib.types.str; };
-      desktop = lib.mkOption { type = lib.types.str; };
-      browser = lib.mkOption { type = lib.types.str; };
-      editor = lib.mkOption { type = lib.types.str; };
-    };
+    my = lib.mkOption { };
  };
 }
--- a/30
+++ b/30
@ -1,29 +1,13 @@
 #!/usr/bin/env bash

-set -euo pipefail
+nix fmt

-nix fmt --option warn-dirty false
-
-# Allow usage of untracked files in nix code
-git add --intent-to-add .
-
-# I only use warn-dirty=false because of this
 git --no-pager diff

-run() {
+sudo nice ionice \
    nixos-rebuild \
-        switch \
-        --sudo \
-        --option warn-dirty false \
-        --print-build-logs \
-        --flake .# \
-        "$@"
-}
-
-if which nom >/dev/null; then
-    run --log-format internal-json \
-        "$@" \
-    |& nom --json
-else
-    run "$@"
-fi
+    switch \
+    --verbose \
+    --print-build-logs \
+    --flake .# \
+    $@
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+#!/bin/sh
+
+./switch \
+    --option extra-substituters "http://nixcache.lelgenio.1337.cx:5000" \
+    --option extra-trusted-public-keys "nixcache.lelgenio.1337.cx:HZCwDaM39BOF+MLuviMQTUrz3rBWLTLV9H+GV4zcxVI=" \
+    "$@"
--- a/system/android.nix
+++ b/system/android.nix
@ -1,16 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  options.my.android.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf config.my.android.enable {
-    # Open kde connect ports
-    programs.kdeconnect.enable = true;
-
-    programs.adb.enable = true;
-  };
-}
--- a/system/boot.nix
+++ b/system/boot.nix
@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  inputs,
  ...
 }:
 {
@ -42,7 +43,7 @@
    };
    plymouth = {
      enable = true;
-      theme = lib.mkIf (config.my.desktop == "sway" || config.my.desktop == "niri") "red_loader";
+      theme = lib.mkIf (config.my.desktop == "sway") "red_loader";
      themePackages = with pkgs; [
        (adi1090x-plymouth-themes.override { selected_themes = [ "red_loader" ]; })
      ];
--- a/system/cachix.nix
+++ b/system/cachix.nix
@ -0,0 +1,18 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  services.cachix-watch-store = {
+    enable = true;
+    cacheName = "lelgenio";
+    cachixTokenFile = config.age.secrets.lelgenio-cachix.path;
+  };
+  systemd.services.cachix-watch-store-agent = {
+    serviceConfig.TimeoutStopSec = 3;
+    # If we don't do this, cachix tends to timeout
+    serviceConfig.KillMode = lib.mkForce "control-group";
+  };
+}
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -2,21 +2,15 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
-  pkgs,
  config,
+  pkgs,
  inputs,
  ...
 }:
 {
  imports = [
-    inputs.sops-nix.nixosModules.default
-    inputs.home-manager.nixosModules.home-manager
-    inputs.disko.nixosModules.disko
-    inputs.niri-flake.nixosModules.niri
-
-    ./niri.nix
-    ./android.nix
-    ./gaming.nix
+    ./gamemode.nix
+    ./cachix.nix
    ./media-packages.nix
    ./boot.nix
    ./thunar.nix
@ -28,45 +22,38 @@
    ./locale.nix
    ./users.nix
    ./containers.nix
-    ./nix-ld.nix
    ./network.nix
-    ./sops.nix
-    ./greetd.nix
-    ./gnome.nix
-    ./kde.nix
-    ./home-manager.nix
    ../settings
  ];

-  my = import ../user/variables.nix // {
-    android.enable = true;
-    media-packages.enable = true;
-    containers.enable = true;
-    niri.enable = true;
-  };
+  my = import ../user/variables.nix;

  zramSwap.enable = true;

+  programs.adb.enable = true;
+  services.udev.packages = [ pkgs.android-udev-rules ];
+
  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;

+  packages.media-packages.enable = true;
  environment.systemPackages = with pkgs; [
    pavucontrol

    glib # gsettings
    usbutils
-    adwaita-icon-theme # default gnome cursors
+    # dracula-theme # gtk theme
+    gnome3.adwaita-icon-theme # default gnome cursors
  ];

  services.geoclue2.enable = true;

-  systemd.settings.Manager = {
-    DefaultTimeoutStopSec = "10s";
-  };
-  services.logind.settings.Login = {
-    HandlePowerKey = "suspend";
-  };
-  services.upower.enable = true;
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=10s
+  '';
+  services.logind.extraConfig = ''
+    HandlePowerKey=suspend
+  '';

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/system/containers.nix
+++ b/system/containers.nix
@ -1,56 +1,20 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-{
-  options.my.containers.enable = lib.mkEnableOption { };
+  services.flatpak.enable = true;

-  config = lib.mkIf config.my.containers.enable {
-    services.flatpak.enable = true;
-    programs.appimage.enable = true;
-
-    virtualisation.docker = {
+  virtualisation.docker = {
+    enable = true;
+    autoPrune = {
      enable = true;
-      autoPrune = {
-        enable = true;
-        dates = "monthly";
-        flags = [
-          "--all"
-          "--volumes"
-        ];
-      };
-      daemon.settings = {
-        # needed by bitbucket runner ???
-        log-driver = "json-file";
-        log-opts = {
-          max-size = "10m";
-          max-file = "3";
-        };
-      };
+      dates = "monthly";
+      flags = [
+        "--all"
+        "--volumes"
+      ];
    };
-
-    networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;
-
-    # Docker punches holes in your firewall
-    systemd.services.docker-update-firewall = {
-      script = lib.getExe pkgs._docker-block-external-connections;
-    };
-    systemd.timers.docker-update-firewall = {
-      timerConfig = {
-        OnCalendar = "minutely";
-        Unit = "docker-update-firewall.service";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-
-    programs.extra-container.enable = true;
-
-    programs.firejail.enable = true;
-
-    virtualisation.libvirtd.enable = true;
-    environment.systemPackages = with pkgs; [ dnsmasq ];
-    networking.firewall.trustedInterfaces = [ "virbr0" ];
  };
+
+  programs.extra-container.enable = true;
+
+  programs.firejail.enable = true;
 }
--- a/system/fonts.nix
+++ b/system/fonts.nix
@ -3,9 +3,8 @@
  fonts.enableDefaultPackages = true;
  fonts.packages = with pkgs; [
    noto-fonts
-    noto-fonts-cjk-sans
-    noto-fonts-color-emoji
-    nerd-fonts.fira-code
-    nerd-fonts.hack
+    noto-fonts-cjk
+    noto-fonts-emoji
+    nerdfonts_fira_hack
  ];
 }
--- a/system/gamemode.nix
+++ b/system/gamemode.nix
@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  programs.gamemode.enable = true;
+  programs.gamemode.enableRenice = true;
+  programs.gamemode.settings = {
+    general = {
+      renice = 10;
+    };
+
+    # Warning: GPU optimisations have the potential to damage hardware
+    gpu = {
+      apply_gpu_optimisations = "accept-responsibility";
+      gpu_device = 0;
+      amd_performance_level = "high";
+    };
+
+    custom = {
+      start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+      end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+    };
+  };
+}
--- a/system/gaming.nix
+++ b/system/gaming.nix
@ -1,65 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  inputs,
-  ...
-}:
-{
-  options.my.gaming.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf config.my.gaming.enable {
-    programs.steam.enable = true;
-    programs.steam.extraPackages =
-      config.fonts.packages
-      ++ (with pkgs; [
-        capitaine-cursors
-        bibata-cursors
-        mangohud
-        xdg-user-dirs
-        gamescope
-
-        # gamescope compatibility??
-        xorg.libXcursor
-        xorg.libXi
-        xorg.libXinerama
-        xorg.libXScrnSaver
-        libpng
-        libpulseaudio
-        libvorbis
-        stdenv.cc.cc.lib
-        libkrb5
-        keyutils
-      ]);
-
-    environment.systemPackages = with pkgs; [
-      protontricks
-      bottles
-      dzgui
-    ];
-
-    programs.gamemode = {
-      enable = true;
-      enableRenice = true;
-      settings = {
-        general = {
-          renice = 10;
-        };
-
-        # Warning: GPU optimisations have the potential to damage hardware
-        gpu = {
-          apply_gpu_optimisations = "accept-responsibility";
-          gpu_device = 0;
-          amd_performance_level = "high";
-        };
-
-        custom = {
-          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
-          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
-        };
-      };
-    };
-
-    programs.corectrl.enable = true;
-  };
-}
--- a/system/gitlab-runner.nix
+++ b/system/gitlab-runner.nix
@ -1,95 +1,51 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  inputs ? null,
-  ...
-}:
-let
-  installNixScript =
-    {
-      authenticationTokenConfigFile,
-      nixCacheSshPrivateKeyPath ? null,
-      nixCacheSshPublicKeyPath ? null,
-      ...
-    }:
-    pkgs.writeScriptBin "install-nix" ''
-      mkdir -p -m 0755 /nix/var/log/nix/drvs
-      mkdir -p -m 0755 /nix/var/nix/gcroots
-      mkdir -p -m 0755 /nix/var/nix/profiles
-      mkdir -p -m 0755 /nix/var/nix/temproots
-      mkdir -p -m 0755 /nix/var/nix/userpool
-      mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
-      mkdir -p -m 1777 /nix/var/nix/profiles/per-user
-      mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
-      mkdir -p -m 0700 "$HOME/.nix-defexpr"
-
-      . ${pkgs.nix}/etc/profile.d/nix.sh
-
-      ${pkgs.nix}/bin/nix-env -i ${
-        lib.concatStringsSep " " (
-          with pkgs;
-          [
-            nix
-            cacert
-            git
-            openssh
-            docker
-          ]
-        )
-      }
-
-      ${lib.optionalString (nixCacheSshPrivateKeyPath != null && nixCacheSshPublicKeyPath != null) ''
-        NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}"
-        NIX_CACHE_SSH_PUBLIC_KEY_PATH="${nixCacheSshPublicKeyPath}"
-        . ${./gitlab-runner/nix-cache-start}
-      ''}
-    '';
-in
-rec {
-  mkNixRunnerFull =
-    {
-      authenticationTokenConfigFile,
-      nixCacheSshPrivateKeyPath ? null,
-      nixCacheSshPublicKeyPath ? null,
-      ...
-    }@args:
-    {
+  mkNixRunner =
+    authenticationTokenConfigFile: with lib; rec {
      # File should contain at least these two variables:
      # `CI_SERVER_URL`
      # `REGISTRATION_TOKEN`
      inherit authenticationTokenConfigFile; # 2
      dockerImage = "alpine:3.18.2";
-      dockerPullPolicy = "if-not-present";
+      dockerAllowedImages = [ dockerImage ];
      dockerVolumes = [
        "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
        "/nix/store:/nix/store:ro"
        "/nix/var/nix/db:/nix/var/nix/db:ro"
        "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
-        "/tmp:/tmp"
-        "/var/run/docker.sock:/var/run/docker.sock"
-        "/var/lib/docker/containers:/var/lib/docker/containers"
-        "/cache"
-      ]
-      ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [
-        "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}"
-      ]
-      ++ lib.optionals (nixCacheSshPublicKeyPath != null) [
-        "${nixCacheSshPublicKeyPath}:${nixCacheSshPublicKeyPath}"
      ];
-      # dockerDisableCache = true;
-      preBuildScript = "\". ${lib.getExe (installNixScript args)}\"";
+      dockerDisableCache = true;
+      preBuildScript = pkgs.writeScript "setup-container" ''
+        mkdir -p -m 0755 /nix/var/log/nix/drvs
+        mkdir -p -m 0755 /nix/var/nix/gcroots
+        mkdir -p -m 0755 /nix/var/nix/profiles
+        mkdir -p -m 0755 /nix/var/nix/temproots
+        mkdir -p -m 0755 /nix/var/nix/userpool
+        mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
+        mkdir -p -m 1777 /nix/var/nix/profiles/per-user
+        mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
+        mkdir -p -m 0700 "$HOME/.nix-defexpr"
+
+        . ${pkgs.nix}/etc/profile.d/nix.sh
+
+        ${pkgs.nix}/bin/nix-env -i ${
+          concatStringsSep " " (
+            with pkgs;
+            [
+              nix
+              cacert
+              git
+              openssh
+            ]
+          )
+        }
+      '';
      environmentVariables = {
        ENV = "/etc/profile";
        USER = "root";
        NIX_REMOTE = "daemon";
+        PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
        NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
-        NIX_PATH = if inputs != null then "nixpkgs=${inputs.nixpkgs}" else "";
      };
    };
-
-  mkNixRunner =
-    authenticationTokenConfigFile:
-    mkNixRunnerFull {
-      inherit authenticationTokenConfigFile;
-    };
 }
--- a/system/gitlab-runner/nix-cache-start
+++ b/system/gitlab-runner/nix-cache-start
@ -1,49 +0,0 @@
-#!/bin/sh
-
-echo "nix-cache: Setting up ssh key and host" >&2
-STORE_HOST_PUB_KEY="$(cat "$NIX_CACHE_SSH_PUBLIC_KEY_PATH" | base64 | tr -d '\n')"
-STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
-echo STORE_URL="$STORE_URL" >&2
-
-NIX_EXTRA_CONFIG_FILE=$(mktemp)
-cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
-  extra-substituters = $STORE_URL
-EOF
-
-echo "nix-cache: Adding remote cache as substituter" >&2
-export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
-
-echo "nix-cache: Setting up nix hook" >&2
-nix() {
-    echo "nix-cache: executing nix hook" >&2
-    command nix "$@"
-    local STATUS="$?"
-
-    local BUILD=no
-    if test "$STATUS" = "0"; then
-        for arg in "$@"; do
-            echo "nix-cache: evaluating arg '$arg'" >&2
-            case "$arg" in
-                build)
-                    echo "nix-cache: enablig upload" >&2
-                    BUILD=yes
-                ;;
-                -*)
-                    echo "nix-cache: ignoring argument '$arg'" >&2
-                ;;
-                *)
-                    if test "$BUILD" = yes; then
-                        echo "nix-cache: Sending path $arg" >&2
-                        command nix copy --to "$STORE_URL" "$arg" || true
-                    else
-                        echo "nix-cache: not building, ignoring argument '$arg'" >&2
-                    fi
-                ;;
-            esac
-        done
-    else
-        echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2
-    fi
-
-    return "$STATUS"
-}
--- a/system/gnome.nix
+++ b/system/gnome.nix
@ -1,51 +1,47 @@
+{ pkgs, lib, ... }:
 {
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  options.my.gnome.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf config.my.gnome.enable {
-    services.xserver.enable = true;
-    services.displayManager.gdm.enable = true;
-    services.desktopManager.gnome = {
+  services.xserver = {
+    enable = true;
+    desktopManager.gnome = {
      enable = true;
      # Enable VRR (Variable Refresh Rate)
-      extraGSettingsOverridePackages = with pkgs; [ mutter ];
+      extraGSettingsOverridePackages = with pkgs; [ gnome.mutter ];
      extraGSettingsOverrides = ''
        [org.gnome.mutter]
        experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer']
      '';
    };
+    displayManager.gdm.enable = true;
+  };

-    # Workaround for https://github.com/NixOS/nixpkgs/issues/103746
-    systemd.services."getty@tty1".enable = false;
-    systemd.services."autovt@tty1".enable = false;
+  # Workaround for https://github.com/NixOS/nixpkgs/issues/103746
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;

-    services.displayManager.autoLogin = {
-      enable = true;
-      user = "lelgenio";
-    };
+  services.displayManager.autoLogin = {
+    enable = true;
+    user = "lelgenio";
+  };

-    programs.kdeconnect = {
-      enable = true;
-      package = pkgs.gnomeExtensions.gsconnect;
-    };
+  programs.kdeconnect = {
+    enable = true;
+    package = pkgs.gnomeExtensions.gsconnect;
+  };

-    hardware.opentabletdriver.enable = lib.mkForce false;
+  hardware.opentabletdriver.enable = lib.mkForce false;

-    programs.gpaste.enable = true;
+  programs.gpaste.enable = true;

-    environment.systemPackages = with pkgs; [
+  # services.xserver.displayManager.autologin.user = "lelgenio";
+  environment.systemPackages =
+    with pkgs;
+    with gnome;
+    [
      gnome-tweaks
      dconf-editor

-      gnome-browser-connector
+      chrome-gnome-shell
      gnomeExtensions.quick-settings-audio-devices-hider
-      gnomeExtensions.user-themes
      gnome-pass-search-provider
    ];
-  };
 }
--- a/system/greetd.nix
+++ b/system/greetd.nix
@ -14,8 +14,6 @@ let
    ;

  cfg = config.login-manager.greetd;
-  isSway = desktop == "sway";
-  isNiri = desktop == "niri";
 in
 {
  options.login-manager.greetd = {
@ -27,7 +25,8 @@ in
    # Enable the X11 windowing system.
    services.xserver.enable = false;

-    programs.sway = lib.mkIf isSway {
+    # enable sway window manager
+    programs.sway = {
      enable = true;
      package = pkgs.mySway;
      wrapperFeatures.gtk = true;
@ -38,27 +37,17 @@ in
    xdg.portal = {
      enable = true;
      wlr.enable = true;
+      # Always pick the first monitor, this is fine since I only ever use a single monitor
+      wlr.settings.screencast.chooser_type = "none";
      # gtk portal needed to make gtk apps happy
      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
    };
    services.greetd =
      let
-        start-session = pkgs.writeShellScriptBin "start-session" (
-          if isNiri then
-            ''
-              mkdir -p ~/.local/share/niri
-              exec niri-session 2>&1 | tee -a ~/.local/share/niri/niri.log
-            ''
-          else
-            ''
-              mkdir -p ~/.local/share/sway
-              exec sway 2>&1 | tee -a ~/.local/share/sway/sway.log
-            ''
-        );
        greetd_main_script = pkgs.writeShellScriptBin "main" ''
-          export XDG_CURRENT_DESKTOP=${desktop} GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
-          ${pkgs.gtkgreet}/bin/gtkgreet -l -c ${lib.getExe start-session}
-          ${lib.optionalString isSway "swaymsg exit"}
+          export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
+          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop}
+          swaymsg exit
        '';
        swayConfig = pkgs.writeText "greetd-sway-config" ''
          # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
@ -81,16 +70,15 @@ in
        enable = true;
        settings = {
          initial_session = {
-            command = lib.getExe start-session;
+            command = desktop;
            user = "lelgenio";
          };
          default_session = {
-            command = "dbus-run-session -- ${pkgs.sway}/bin/sway --config ${swayConfig}";
+            command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
          };
        };
      };
    environment.systemPackages = with pkgs; [
-      niri
      sway
      swaylock
      swayidle
--- a/system/home-manager.nix
+++ b/system/home-manager.nix
@ -1,13 +0,0 @@
-{ config, inputs, ... }:
-{
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    users.lelgenio = {
-      my = config.my;
-      # Don't add other modules here, add them in home.nix
-      imports = [ ../user/home.nix ];
-    };
-    backupFileExtension = "bkp";
-  };
-}
--- a/system/kde.nix
+++ b/system/kde.nix
@ -1,19 +1,15 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  options.my.kde.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf config.my.kde.enable {
-    # Enable the X11 windowing system.
-    services.xserver.enable = true;
-    # Enable the KDE Desktop Environment.
-    services.displayManager.sddm.enable = true;
-    services.desktopManager.plasma6.enable = true;
-    # services.xserver.displayManager.autologin.user = "lelgenio";
-    programs.dconf.enable = true;
-  };
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  # Enable the KDE Desktop Environment.
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;
+  # services.xserver.displayManager.autologin.user = "lelgenio";
+  programs.dconf.enable = true;
+  # environment.systemPackages = with pkgs;
+  #   with gnome; [
+  #     gnome-tweaks
+  #     dconf-editor
+  #   ];
 }
--- a/system/locale.nix
+++ b/system/locale.nix
@ -2,7 +2,7 @@
 {
  time.timeZone = "America/Sao_Paulo";
  environment.variables.TZ = config.time.timeZone;
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";

  # Configure keymap in X11
  services.xserver.xkb = {
--- a/system/media-packages.nix
+++ b/system/media-packages.nix
@ -5,20 +5,20 @@
  ...
 }:
 let
-  cfg = config.my.media-packages;
+  cfg = config.packages.media-packages;
 in
 {
-  options.my.media-packages = {
+  options.packages.media-packages = {
    enable = lib.mkEnableOption "media packages";
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      down_meme
-      unstable.yt-dlp
+      yt-dlp
      ffmpeg
      obs-studio
      imagemagick
-      mpc
+      mpc-cli
      helvum
      gimp
      inkscape
--- a/hosts/monolith/monolith-forgejo-runner.nix
+++ b/hosts/monolith/monolith-forgejo-runner.nix
@ -1,12 +1,12 @@
 { pkgs, config, ... }:
 {
  services.gitea-actions-runner = {
-    package = pkgs.forgejo-runner;
+    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.lelgenio.com";
-      tokenFile = config.sops.secrets."forgejo-runners/git.lelgenio.com-default".path;
+      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
      labels = [
        # provide a debian base with nodejs for actions
        "debian-latest:docker://node:18-bullseye"
@ -17,6 +17,4 @@
      ];
    };
  };
-
-  sops.secrets."forgejo-runners/git.lelgenio.com-default" = { };
 }
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -0,0 +1,24 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
+in
+{
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    settings.concurrent = 4;
+    services = {
+      # runner for building in docker via host's nix-daemon
+      # nix store will be readable in runner, might be insecure
+      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
+      thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+    };
+  };
+  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
+}
--- a/system/mouse.nix
+++ b/system/mouse.nix
@ -10,6 +10,6 @@
    MatchBus=usb
    MatchVendor=0x046D
    MatchProduct=0x4099
-    AttrEventCode=-REL_WHEEL_HI_RES;-REL_HWHEEL_HI_RES;
+    AttrEventCode=-REL_WHEEL_HI_RES
  '';
 }
--- a/system/network.nix
+++ b/system/network.nix
@ -6,6 +6,8 @@
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Enable networking
  networking.networkmanager.enable = true;
+  # Open kde connect ports
+  programs.kdeconnect.enable = true;

  networking.firewall = {
    enable = true;
@ -13,7 +15,7 @@
  };

  # Enable CUPS to print documents.
-  services.printing.enable = true;
+  # services.printing.enable = true;

  security.rtkit.enable = true;
  services.openssh = {
@ -25,15 +27,4 @@
      KbdInteractiveAuthentication = false;
    };
  };
-
-  services.fail2ban.enable = true;
-
-  # Workaround for nm-wait-online hanging??
-  # Ref: https://github.com/NixOS/nixpkgs/issues/180175
-  systemd.services.NetworkManager-wait-online = {
-    serviceConfig.ExecStart = [
-      ""
-      "${pkgs.networkmanager}/bin/nm-online -q"
-    ];
-  };
 }
--- a/system/niri.nix
+++ b/system/niri.nix
@ -1,18 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  options.my.niri.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf config.my.niri.enable {
-    programs.niri.enable = true;
-    niri-flake.cache.enable = true;
-    environment.systemPackages = with pkgs; [
-      fuzzel
-      xwayland-satellite
-    ];
-  };
-}
--- a/system/nix-ld.nix
+++ b/system/nix-ld.nix
@ -1,21 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-{
-  options.my.nix-ld.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf (config.my.nix-ld.enable) {
-    programs.nix-ld = {
-      enable = true;
-      libraries =
-        with pkgs;
-        # run appimages + linux games natively
-        [ fuse ]
-        ++ (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs)
-        ++ (appimageTools.defaultFhsEnvArgs.targetPkgs pkgs);
-    };
-  };
-}
--- a/system/nix-serve.nix
+++ b/system/nix-serve.nix
@ -0,0 +1,12 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.age.secrets.monolith-nix-serve-privkey.path;
+  };
+}
--- a/system/nix.nix
+++ b/system/nix.nix
@ -29,18 +29,22 @@ in
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
+        # "http://nixcache.lelgenio.1337.cx:5000"
+        "https://lelgenio.cachix.org"
        "https://wegank.cachix.org"
        "https://snowflakeos.cachix.org/"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        # "nixcache.lelgenio.1337.cx:zxCfx7S658llDgAUG0JVyNrlAdFVvPniSdDOkvfTPS8="
+        "lelgenio.cachix.org-1:W8tMlmDFLU/V+6DlChXjekxoHZpjgVHZpmusC4cueBc="
        "wegank.cachix.org-1:xHignps7GtkPP/gYK5LvA/6UFyz98+sgaxBSy7qK0Vs="
        "snowflakeos.cachix.org-1:gXb32BL86r9bw1kBiw9AJuIkqN49xBvPd1ZW8YlqO70="
      ];
    };
    extraOptions = ''
-      experimental-features = nix-command flakes
+      experimental-features = nix-command flakes repl-flake
    '';
  };
 }
--- a/system/rainbow-gitlab-runner.nix
+++ b/system/rainbow-gitlab-runner.nix
@ -0,0 +1,34 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
+in
+{
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    settings.concurrent = 1;
+    services = {
+      # ci_test = {
+      #   registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
+      #   dockerImage = "debian";
+      #   dockerPrivileged = true;
+      # };
+      thoreb_builder = {
+        registrationConfigFile =
+          config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+        dockerImage = "debian";
+        dockerPrivileged = true;
+      };
+
+      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
+      thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+    };
+  };
+  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
+}
--- a/system/secrets.nix
+++ b/system/secrets.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+    secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
+    secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
+    secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
+    secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
+    secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
+    secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
+    secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
+  };
+}
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Leonardo Eugênio	c343cc36cd	niri: wip add niri	2024-09-16 01:13:31 -03:00
Leonardo Eugênio	bd7ae3084a	pass: install import extension	2024-09-15 20:22:24 -03:00
lelgenio	43f376d9ac	update	2024-09-14 15:23:01 -03:00
Leonardo Eugênio	dbb165237e	hardware: remove controller hacks	2024-09-14 14:54:43 -03:00
Leonardo Eugênio	914d2ffde5	davi: extract configuration	2024-08-20 10:50:40 -03:00
Leonardo Eugênio	1fd0100b3c	add user davikiwi	2024-08-20 01:16:36 -03:00
Leonardo Eugênio	74624151b9	firefox: fix tab bar style on gnome	2024-08-19 11:51:40 -03:00
Leonardo Eugênio	ab40423e4e	gnome: don't hardcode qt program styles	2024-08-19 00:07:07 -03:00
Leonardo Eugênio	b1f467866a	gnome: use keepass as password manager	2024-08-19 00:07:07 -03:00
Leonardo Eugênio	bc2ee9c165	scripts: fix pass-export TOTP containing too much information for keepassxc	2024-08-19 00:07:07 -03:00
Leonardo Eugênio	65bdab45c6	hardware: always enable powerplay led idle	2024-08-19 00:06:44 -03:00
Leonardo Eugênio	323e3cc7ce	sway: fix mousepad led timeout	2024-08-17 18:05:39 -03:00
Leonardo Eugênio	113919f4b8	scripts: fixup infinite recursion and recompilations	2024-08-17 11:47:48 -03:00
Leonardo Eugênio	a07a96b3bd	firefox: remove github autoload extension	2024-08-17 02:40:11 -03:00
Leonardo Eugênio	324814f7e2	sway: suspend powerplay mousepad led in sync with mouse	2024-08-17 02:05:00 -03:00
Leonardo Eugênio	49d0cf16e3	vscode: don't use fhs	2024-08-16 21:21:54 -03:00
Leonardo Eugênio	ed511cd0fd	update	2024-08-16 21:21:39 -03:00
Leonardo Eugênio	9da25c99fe	sway: configure mouse	2024-08-15 01:49:10 -03:00
Leonardo Eugênio	3bf1bd220e	Revert "monolith: disable virtualbox while it's borked" This reverts commit `48c074f1f4`.	2024-08-14 22:01:27 -03:00
Leonardo Eugênio	30225c2678	steam: fix gamescope compatibility	2024-08-14 00:34:06 -03:00
Leonardo Eugênio	560b6f1c2a	kakoune: update kak-tree-sitter config	2024-08-14 00:31:17 -03:00
Leonardo Eugênio	4b7f28b93b	fixup! kakoune: add kak-tree-sitter	2024-08-11 02:18:47 -03:00
Leonardo Eugênio	991aeebc14	kakoune: add kak-tree-sitter	2024-08-09 17:54:14 -03:00
Leonardo Eugênio	6237543c62	sway: replace swappy with satty	2024-08-09 01:41:01 -03:00
Leonardo Eugênio	5e4c04502d	gtk: force configuration replacement	2024-08-09 01:22:27 -03:00
Leonardo Eugênio	18cf69a760	gnome: remove nixos-conf-editor and nix-software-center	2024-08-09 01:21:49 -03:00
Leonardo Eugênio	ec9c0addc0	update	2024-08-08 00:27:08 -03:00
Leonardo Eugênio	7588c36d97	gitlab: remove old configs	2024-08-08 00:26:57 -03:00
Leonardo Eugênio	a2a82dbe7c	keyboard: remove config, too buggy	2024-08-08 00:26:35 -03:00
Leonardo Eugênio	981fe889ff	forgejo: fix email host address	2024-08-01 12:25:46 -03:00
Leonardo Eugênio	3b78f02c27	pass: install pass-export	2024-07-30 01:25:13 -03:00
Leonardo Eugênio	b00b0bceb0	waybar: fix stopped icon not appearing man waybar-mpd says {stateIcon} is not set when stopped	2024-07-30 01:25:13 -03:00
lelgenio	c091e2d40d	gitlab-runner: update from registrationToken to authenticationToken	2024-07-29 15:07:13 -03:00
lelgenio	c73663340a	Revert "docker: disable iptables to fix bad security" This reverts commit `84e26f0573`.	2024-07-29 14:13:15 -03:00
Leonardo Eugênio	a8543c5090	keyd: fix modifier keys (rightshift bacame leftshift)	2024-07-24 21:18:01 -03:00
Leonardo Eugênio	665dc96362	update	2024-07-24 20:16:59 -03:00
Leonardo Eugênio	0da79f1fd7	firewall: don't log refused connections	2024-07-23 18:26:33 -03:00
Leonardo Eugênio	84e26f0573	docker: disable iptables to fix bad security	2024-07-23 16:32:31 -03:00
Leonardo Eugênio	1c5cdc9e27	alacritty: add missing SearchPrevious bind	2024-07-18 01:17:51 -03:00
lelgenio	1e50c2e9dc	fish: update fish aliases	2024-07-17 18:01:01 -03:00
Leonardo Eugênio	b7d17a0173	invidious: fix conflic with forgejo port	2024-07-15 12:56:37 -03:00
Leonardo Eugênio	1475ab2806	waybar: fix clock locale	2024-07-15 12:03:13 -03:00
Leonardo Eugênio	752f029bce	sway: disable vrr	2024-07-15 11:50:00 -03:00
Leonardo Eugênio	82b8006bea	thunar: fix finding programs	2024-07-15 11:49:06 -03:00
Leonardo Eugênio	77d82ba339	update	2024-07-15 02:16:02 -03:00
Leonardo Eugênio	0c5a95665c	firefox: enable invidious support	2024-07-15 01:45:44 -03:00
Leonardo Eugênio	da1634aa29	phantom: install invidious	2024-07-15 01:45:32 -03:00
Leonardo Eugênio	ea235409b8	keyboard: fix capslock backspace bind for some programs	2024-07-11 01:29:33 -03:00
Leonardo Eugênio	99a9adc489	monolith: fix amdgpu performance in new kernels	2024-07-08 02:04:58 -03:00
Leonardo Eugênio	34de8dab67	qt: try to improve themes	2024-07-06 18:41:32 -03:00
Leonardo Eugênio	4fdc28fd18	firefox: install github auto-load extension	2024-07-06 18:41:17 -03:00
Leonardo Eugênio	b3aadef8cb	monolith: extract undervolt config	2024-07-06 18:32:29 -03:00
Leonardo Eugênio	2de6fdb7be	firefox: update ublock	2024-07-04 11:47:46 -03:00
Leonardo Eugênio	a4d1e30625	kdenlive: fix dark theme	2024-07-03 12:59:17 -03:00
Leonardo Eugênio	8bcdf0e67e	firefox: switch to dev edition	2024-07-03 12:58:04 -03:00
Leonardo Eugênio	8d4dbf5d71	scripts: fix auto_connect_gamepad	2024-07-01 10:26:37 -03:00
Leonardo Eugênio	03d852b612	monolith: mount root	2024-06-29 01:52:05 -03:00
Leonardo Eugênio	3d0fe199ce	sway: assign vesktop to chat workspace	2024-06-29 01:32:00 -03:00
Leonardo Eugênio	19f1d8c1a0	gnome: package gnome-pass-search-provider	2024-06-28 22:50:17 -03:00
Leonardo Eugênio	325ba751d8	update	2024-06-28 19:28:08 -03:00
Leonardo Eugênio	f5945b14fa	phantom: limit nix daemon to a single concurrent job	2024-06-25 12:23:12 -03:00
Leonardo Eugênio	cca203b104	firefox: install user_agent_string_switcher extension	2024-06-24 11:32:54 -03:00
Leonardo Eugênio	c4f9705002	phandom: add warthunder-leak-counter	2024-06-22 14:21:05 -03:00
Leonardo Eugênio	0fa3ae4add	flake: pin dzgui	2024-06-22 14:21:05 -03:00
lelgenio	6b85e09715	kakoune: add shortcut to keep new and head in merge	2024-06-21 15:08:44 -03:00
Leonardo Eugênio	83d268e422	home: install home manager command	2024-06-21 00:30:53 -03:00
Leonardo Eugênio	f44b2cd53d	sway: enable wrappers	2024-06-21 00:30:44 -03:00
Leonardo Eugênio	ada392b3f3	sway: add screen brightnes binds	2024-06-21 00:30:37 -03:00
Leonardo Eugênio	bb023ea24a	monolith: use tmpfs on /tmp	2024-06-21 00:29:33 -03:00
Leonardo Eugênio	670c7d3629	mimeapps: force associations	2024-06-21 00:28:51 -03:00
Leonardo Eugênio	c98c2cd0db	mastodon: clean up media more often	2024-06-20 23:24:59 -03:00
Leonardo Eugênio	675708d695	update	2024-06-17 10:44:10 -03:00
lelgenio	9ce5b5b04d	uesrs: add to input group	2024-06-16 13:55:19 -03:00
lelgenio	7f98148366	monolith: re-enable old mounts	2024-06-16 13:55:06 -03:00
lelgenio	af5a00b926	monolith: remove unnecessary hibernation params	2024-06-16 13:54:34 -03:00
lelgenio	f93ffbb1a9	auto_connect_gamepad: add delay	2024-06-16 13:54:10 -03:00
lelgenio	d0033a98f1	flake: update	2024-06-16 13:53:44 -03:00
lelgenio	2057a24a63	home: use vesktop	2024-06-16 13:53:34 -03:00
Leonardo Eugênio	eb85e2573d	disko: add monolith config	2024-06-13 22:43:42 -03:00
Leonardo Eugênio	538a7c202e	i15 format	2024-06-13 22:01:35 -03:00
Leonardo Eugênio	b1c96cb075	Add disko	2024-06-13 21:21:04 -03:00
Leonardo Eugênio	3c09386643	add disko	2024-06-13 21:16:24 -03:00
Leonardo Eugênio	a7f6983abe	monolith: remove bigboy mounts	2024-06-13 21:14:58 -03:00
Leonardo Eugênio	d302447326	flake: remove specialisations	2024-06-13 12:49:57 -03:00
Leonardo Eugênio	7426658f62	vscode: use fhs version	2024-06-13 12:49:57 -03:00
lelgenio	b97940aa97	firefox: force sidebar to the right	2024-06-12 23:36:18 -03:00
lelgenio	ba4c57b914	update	2024-06-12 17:44:27 -03:00
Leonardo Eugênio	c8578c9ec9	flake: de-depulicate flake inputs	2024-06-11 19:45:50 -03:00
Leonardo Eugênio	dd0531a825	firefox: install return_youtube_dislikes	2024-06-11 11:53:17 -03:00
Leonardo Eugênio	0ca4b6910e	docker: format config	2024-06-11 09:30:29 -03:00
Leonardo Eugênio	e27e9b584d	flake: remove hyprland	2024-06-11 01:23:05 -03:00
Leonardo Eugênio	9cdb3eb489	sway: remove obsolete systemd integration	2024-06-11 01:19:35 -03:00
Leonardo Eugênio	dfb3b88ada	packages: extract lipsum	2024-06-11 01:10:39 -03:00
Leonardo Eugênio	dfde651cb9	packages: extract material-wifi-icons	2024-06-11 01:08:21 -03:00
Leonardo Eugênio	8aa35f1368	mangohud: remove obsolete patch	2024-06-11 01:02:16 -03:00
Leonardo Eugênio	b4876d9dd9	bemenu: remove obsolete patch	2024-06-11 00:56:11 -03:00
Leonardo Eugênio	5d75616eda	flake: remove maildir-notify-daemon	2024-06-11 00:53:20 -03:00
Leonardo Eugênio	e3325220f4	Revert "monolith: remove corectrl" This reverts commit `43dd44d237`.	2024-06-10 22:50:25 -03:00
Leonardo Eugênio	be3f65adb9	fixup! controller: add auto-connect service	2024-06-10 12:44:51 -03:00
Leonardo Eugênio	dbd1099e19	vdir: remove vdir	2024-06-08 10:00:44 -03:00
Leonardo Eugênio	6b17b910f8	phantom: set hostname	2024-06-07 01:50:56 -03:00
Leonardo Eugênio	8625dbc8a2	phantom: update nextcloud	2024-06-07 01:18:32 -03:00
Leonardo Eugênio	30c7871610	update	2024-06-06 01:42:13 -03:00
Leonardo Eugênio	2f67b084d2	treewide: remove variables from pkgs	2024-06-05 01:20:42 -03:00
Leonardo Eugênio	36a717072a	sway: only enable vrr on fullscreen	2024-06-05 01:20:42 -03:00
Leonardo Eugênio	43dd44d237	monolith: remove corectrl	2024-06-05 01:20:42 -03:00
Leonardo Eugênio	655baa24b0	monolith: only set kernel version here	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	085ca01d56	waybar: always show mpd icon	2024-06-05 01:20:01 -03:00
lelgenio	26ca820d4e	kak: add javascript region to blade templates	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	36636a8a98	qutebrowser: remove config, not used anymore	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	e9b3ed69c9	gnome: disable open tablet driver	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	20d72d7787	gnome: don't manage mimeapps	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	07be28a2fb	gnome: enable variable refresh rate	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	6859150622	monolith: forced disks to use mq-deadline scheduler	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	9137829f02	nix: don't optimise on every build this makes builds slower	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	90a08dfaa9	gnome: add workaround for autologin bug	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	49074303af	controller: add auto-connect service	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	ad12a22346	flake: set formatter to nixfmt-rfc-style	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	15c5e33060	treewide: format using nixfmt-rfc-style	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	5218277b3e	kakoune: use rfc-style nixfmt	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	2ce8246287	nix: lower frequency of gc	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	cbeaa72101	monolith: add docker subvolume	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	3b411b0c6d	configuration: extract nixos config into more files	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	3333772c23	kdeconect: update config	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	686f605a6d	gnome: update autologin config	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	2215da6dc5	scripts: add pass export script	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	a30f87ec71	qutebrowser: don't install if not the default browser	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	48c074f1f4	monolith: disable virtualbox while it's borked	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	9f2382ef2d	flake: update to 24.05	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	96c86f2cc8	Revert "sshd: disable until xz is secure" This reverts commit `b0d1b2fbff`.	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	4ddc0a4acd	sway: don't require rebuilding sway dependencies	2024-06-05 01:20:01 -03:00
Leonardo Eugênio	7bb5a7c5a0	sway: set godot windows to floating	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5cc4532b24	sway: autostart corectrl	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	faca1d3c81	git: enable lfs	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	f54f98ea4e	update: pass arguments to ./switch	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	8f0160ef73	monolith: add gpu crash work-around	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	2ce18fc7a0	sway: enable adaptive sync	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	ba3ab547b7	forgejo-runner: update runner token and url	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	dc4ca50622	firefox: add i dont care about cookies	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	be28de858d	ssh: update hostnames	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	b489452aba	sway: make gaming windows floating by default	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	e925f586a1	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	45383a0d8b	firefox: add substitoot extension	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	de2b80018b	monolith: enable all features of corectrl	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	d86b7db36e	monolith: add forgejo runner	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	e4b9bcca7e	sshd: disable until xz is secure	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	850be61bf3	sway: add more env vars to dbus activation	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	9f10425c04	flake: update lockfile	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	36d2bedd34	syncthing: way for tray	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5f588d7e1a	kdenlive: fix theme	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	577328395d	theme: improve qt theming	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	34c35fb4eb	syncthing: enable tray icon	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5161c3a5d8	mangohud: install patch to fix keybind crash	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	b4538b5db5	gpg: simplify config	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5fa213ab59	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5571ebd26a	lsp: replace rnix-lsp with nil	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	5cbc3b799f	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	061df3f2c4	btop: enable gpu monitoring	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	f6c2f4905b	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	f9d95745ef	kak-lsp: update config to new format	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	b60fc8900a	alacritty: update config	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	c7999c3fbe	update renamed xkb config	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	78d6120281	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	916132cf9c	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	33063a8b99	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	2deca2fc3d	sway: disable adaptive sync	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	c713e32440	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	1201faf5fe	update	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	6c6e82aae8	switch to nixpkgs unstable	2024-05-31 11:41:21 -03:00
Leonardo Eugênio	da736e199c	email: add aliases	2024-05-31 11:40:43 -03:00
Leonardo Eugênio	8f2ccfea9d	vscode: update config	2024-05-28 01:47:10 -03:00
lelgenio	323a02c6fd	phantom: open port 8745	2024-05-20 16:07:05 -03:00
Leonardo Eugênio	0397a4e166	nginx: redirect syncthing. to .com	2024-05-16 11:19:02 -03:00
lelgenio	f8e48e7fa0	nginx: redirect git. to .com	2024-05-15 15:54:04 -03:00
Leonardo Eugênio	c40cbf74f3	nginx: add .xyz -> .com redirect	2024-05-14 16:56:09 -03:00
Leonardo Eugênio	2516836026	mastodon: configure noreply email	2024-05-11 22:21:35 -03:00
Leonardo Eugênio	0f10937be8	phantom: move from .xyz to .com	2024-05-11 18:32:26 -03:00
Leonardo Eugênio	de26e20ed4	phandom: remove wiki	2024-05-11 18:32:26 -03:00
lelgenio	30ea33079a	kak: name clipboard sync hook	2024-05-08 16:28:59 -03:00
Leonardo Eugênio	4f54c31dc5	email: disable ipv6 smtp	2024-05-03 12:32:45 -03:00
Leonardo Eugênio	3c8caa0a17	fixup! switch: don't show git diff pager	2024-05-03 12:32:38 -03:00
Leonardo Eugênio	a78e75055f	switch: don't show git diff pager	2024-04-29 11:36:17 -03:00
Leonardo Eugênio	e67ed127b9	home: disable nextcloud client	2024-04-10 13:33:32 -03:00
Leonardo Eugênio	8518176f2b	phantom: use personal git forge as autoUpdate source	2024-04-09 01:01:29 -03:00
Leonardo Eugênio	bf382371cb	phantom: add a top level domain page	2024-04-09 00:42:40 -03:00
Leonardo Eugênio	3bf20808b5	nextcloud: fix ssl certificates	2024-04-08 23:38:49 -03:00
Leonardo Eugênio	e53be29b0c	email: fix fqdn	2024-04-08 22:48:02 -03:00
Leonardo Eugênio	d06253b430	email: add roundcube archive plugin	2024-04-08 22:14:06 -03:00
Leonardo Eugênio	ed4ded7402	pass: Update password-store repository	2024-04-07 02:48:31 -03:00
Leonardo Eugênio	9165fd4b6f	forgejo: remove unnecessary ssh configuration	2024-04-06 23:41:34 -03:00
Leonardo Eugênio	68a7125822	phantom: add script to update, fmt	2024-04-06 20:44:20 -03:00
Leonardo Eugênio	d0dd646246	mastodon: clean up media more often	2024-04-06 20:38:46 -03:00
Leonardo Eugênio	5edca9c2c6	phandom: add forgejo server	2024-04-06 20:38:35 -03:00