update nix ssh cache

This reverts commit ffe90ab90d.

.gitattributes

@@ -1 +1,2 @@
 flake.lock binary
+*.gpg binary

.sops.yaml

@@ -5,21 +5,21 @@ keys:
   - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
 
 creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
     key_groups:
     - pgp:
       - *lelgenio-gpg
       age:
       - *lelgenio-ssh
       - *monolith-ssh
-  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
+  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini|gpg)$
     key_groups:
     - pgp:
       - *lelgenio-gpg
       age:
       - *lelgenio-ssh
       - *monolith-ssh
-  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
+  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
     key_groups:
     - pgp:
       - *lelgenio-gpg

flake.lock

@@ -28,11 +28,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1747575206,
+        "lastModified": 1750173260,
-        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
         "type": "github"
       },
       "original": {
@@ -225,11 +225,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747742835,
+        "lastModified": 1751607816,
-        "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
+        "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
+        "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662",
         "type": "github"
       },
       "original": {
@@ -243,11 +243,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1742179690,
+        "lastModified": 1749410315,
-        "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=",
+        "narHash": "sha256-5H8MuMMSq1WnQcvb1FiDNkKP+uyeZ8HX5GRTMfEOyLI=",
         "owner": "lelgenio",
         "repo": "dzgui-nix",
-        "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4",
+        "rev": "49adbb1edfb3c25b0cd8256d35673394386065e7",
         "type": "github"
       },
       "original": {
@@ -504,11 +504,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747556831,
+        "lastModified": 1751468302,
-        "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
+        "narHash": "sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
+        "rev": "501cfec8277f931a9c9af9f23d3105c537faeafe",
         "type": "github"
       },
       "original": {
@@ -518,11 +518,29 @@
         "type": "github"
       }
     },
+    "lsfg-vk-flake": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1752427857,
+        "narHash": "sha256-gF09uaUCp/uykgMfk3HE3fWxwm5sl5bTnJerKfKfX5w=",
+        "owner": "pabloaul",
+        "repo": "lsfg-vk-flake",
+        "rev": "f24d8fe3714cabc69073568efece5e9e5c153fe7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pabloaul",
+        "repo": "lsfg-vk-flake",
+        "type": "github"
+      }
+    },
     "made-you-look": {
       "inputs": {
         "crane": "crane_2",
         "flake-utils": "flake-utils_4",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1728159958,
@@ -545,11 +563,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747540584,
+        "lastModified": 1751170039,
-        "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=",
+        "narHash": "sha256-3EKpUmyGmHYA/RuhZjINTZPU+OFWko0eDwazUOW64nw=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce",
+        "rev": "9c932ae632d6b5150515e5749b198c175d8565db",
         "type": "github"
       },
       "original": {
@@ -615,13 +633,29 @@
         "type": "github"
       }
     },
+    "nixpkgs-pre-broken-waybar": {
+      "locked": {
+        "lastModified": 1750069205,
+        "narHash": "sha256-ALOBI3nTUFOX0A2bpFZqtsEZfH82icS9r9L/y3XA+2s=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f",
+        "type": "github"
+      }
+    },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1747744144,
+        "lastModified": 1751271578,
-        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
         "type": "github"
       },
       "original": {
@@ -661,6 +695,22 @@
       }
     },
     "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1751984180,
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1719010183,
         "narHash": "sha256-8HMWaqpyjbVeEsmy/A2H6VFtW/Wr71vkPLnpTiAXu+8=",
@@ -676,13 +726,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
       "locked": {
-        "lastModified": 1747953325,
+        "lastModified": 1751582995,
-        "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
+        "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
+        "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693",
         "type": "github"
       },
       "original": {
@@ -691,13 +741,13 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
       "locked": {
-        "lastModified": 1745377448,
+        "lastModified": 1747958103,
-        "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
+        "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
+        "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1",
         "type": "github"
       },
       "original": {
@@ -707,7 +757,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1719010183,
         "narHash": "sha256-8HMWaqpyjbVeEsmy/A2H6VFtW/Wr71vkPLnpTiAXu+8=",
@@ -723,7 +773,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
       "locked": {
         "lastModified": 1714091391,
         "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=",
@@ -758,11 +808,11 @@
     "ranger-icons": {
       "flake": false,
       "locked": {
-        "lastModified": 1736375293,
+        "lastModified": 1749128401,
-        "narHash": "sha256-ck53eG+mGIQ706sUnEHbJ6vY1/LYnRcpq94JXzwnGTQ=",
+        "narHash": "sha256-qvWqKVS4C5OO6bgETBlVDwcv4eamGlCUltjsBU3gAbA=",
         "owner": "alexanderjeurissen",
         "repo": "ranger_devicons",
-        "rev": "f227f212e14996fbb366f945ec3ecaf5dc5f44b0",
+        "rev": "1bcaff0366a9d345313dc5af14002cfdcddabb82",
         "type": "github"
       },
       "original": {
@@ -782,10 +832,12 @@
         "dzgui-nix": "dzgui-nix",
         "hello-fonts": "hello-fonts",
         "home-manager": "home-manager",
+        "lsfg-vk-flake": "lsfg-vk-flake",
         "made-you-look": "made-you-look",
         "nix-index-database": "nix-index-database",
         "nixos-mailserver": "nixos-mailserver",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
+        "nixpkgs-pre-broken-waybar": "nixpkgs-pre-broken-waybar",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "plymouth-themes": "plymouth-themes",
         "ranger-icons": "ranger-icons",
@@ -850,11 +902,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747603214,
+        "lastModified": 1751606940,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
         "type": "github"
       },
       "original": {
@@ -982,11 +1034,11 @@
         "rev": "6a68f2cda0aa2fbb399a4c43b445e8c1a2df0634",
         "revCount": 4,
         "type": "git",
-        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
       },
       "original": {
         "type": "git",
-        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
       }
     },
     "tomater": {
@@ -1007,14 +1059,14 @@
     },
     "treefmt-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_7"
       },
       "locked": {
-        "lastModified": 1747912973,
+        "lastModified": 1750931469,
-        "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=",
+        "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3",
+        "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
         "type": "github"
       },
       "original": {
@@ -1025,11 +1077,11 @@
     },
     "vpsadminos": {
       "locked": {
-        "lastModified": 1748016252,
+        "lastModified": 1751504201,
-        "narHash": "sha256-P/h9BTZv6r5br/MKkXyEdUdDTU446UaAZzGLQMCMSIw=",
+        "narHash": "sha256-rmy2PeePgItz8uBU3ge1Mq0wVJSfX6V3qUmhBL2arPQ=",
         "owner": "vpsfreecz",
         "repo": "vpsadminos",
-        "rev": "4756a2ecc603c347e3d983663d663e96f22225a9",
+        "rev": "8e1f048ef6c8fb07dde01a31ab3a6625aa83b239",
         "type": "github"
       },
       "original": {
@@ -1042,7 +1094,7 @@
       "inputs": {
         "crane": "crane_3",
         "flake-utils": "flake-utils_6",
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1719076817,
@@ -1061,7 +1113,7 @@
     "wl-crosshair": {
       "inputs": {
         "flake-utils": "flake-utils_7",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_9"
       },
       "locked": {
         "lastModified": 1715216838,

flake.nix

@@ -4,6 +4,9 @@
     nixpkgs.url = "nixpkgs/nixos-25.05";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
 
+    # TODO: remove after waybar >0.13.0
+    nixpkgs-pre-broken-waybar.url = "github:nixos/nixpkgs/1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f";
+
     home-manager.url = "github:nix-community/home-manager/release-25.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -39,10 +42,15 @@
     dzgui-nix.url = "github:lelgenio/dzgui-nix";
 
     tlauncher = {
-      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
+      url = "git+https://git.lelgenio.com/lelgenio/tlauncher-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    lsfg-vk-flake = {
+      url = "github:pabloaul/lsfg-vk-flake";
+      flake = false;
+    };
+
     disko = {
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -122,6 +130,7 @@
                 my = config.my;
                 imports = [
                   ./user/home.nix
+                  inputs.sops-nix.homeManagerModules.sops
                 ];
               };
               home-manager.backupFileExtension = "bkp";
@@ -150,7 +159,6 @@
           modules = [
             ./hosts/monolith
             ./system/monolith-gitlab-runner.nix
-            ./system/monolith-bitbucket-runner.nix
             ./system/monolith-forgejo-runner.nix
             ./system/nix-serve.nix
           ] ++ common_modules;

hosts/phantom/email.nix

@@ -36,6 +36,8 @@
         hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
       };
     };
+
+    enableManageSieve = true;
   };
 
   # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
@@ -52,7 +54,7 @@
       $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";
-      $config['plugins'] = [ "carddav", "archive" ];
+      $config['plugins'] = [ "carddav", "archive", "managesieve" ];
     '';
   };
 }

overlays/default.nix

@@ -35,6 +35,7 @@ rec {
     final: prev:
     packages
     // {
+      lsfg-vk = final.callPackage inputs.lsfg-vk-flake { };
       dhist = inputs.dhist.packages.${prev.system}.dhist;
       demoji = inputs.demoji.packages.${prev.system}.default;
       tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
@@ -44,6 +45,10 @@ rec {
 
   patches = (
     final: prev: {
+      waybar =
+        assert prev.waybar.version == "0.13.0";
+        inputs.nixpkgs-pre-broken-waybar.legacyPackages.${prev.system}.waybar;
+
       mySway = prev.sway.override {
         withBaseWrapper = true;
         withGtkWrapper = true;

scripts/default.nix

@@ -74,6 +74,7 @@
     ];
     wpass = [
       wdmenu
+      ripgrep
       fd
       myPass
       sd

scripts/wpass

@@ -29,7 +29,7 @@ main() {
 
     test -n "$entry" || exit 0
 
-    username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'`
+    username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'`
     password=`pass show "$entry" 2>/dev/null | head -n 1`
     otp=`pass otp "$entry" 2>/dev/null` || true
 

secrets/monolith/default.yaml

@@ -5,12 +5,7 @@ gitlab-runners:
     thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
     docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
     wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
-    wopus-gitlab-docker-images: ENC[AES256_GCM,data:aGbCjQr1VKgg5n4f8vZKgdXcDw/M5JHez9E2TqipBXQ8D0jXdfPg6laNOJUOD+uPBOIGKUBMEg4OtLblCZFVw/V6wJN16wVbwkDU3uELQ8tPmlYSt4fcy4+5sC6+tV4YeMSKA6yIjD+xpkk=,iv:ojBhf2WdkWHruvTbABAAvuGDVOnsUl+qnhvH09L+lgA=,tag:gWhEkvL1qlcge3bSKVDSIg==,type:str]
+    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
-bitbucket-runners:
-    wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str]
-    wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str]
-    wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str]
-    wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str]
 sops:
     age:
         - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
@@ -31,8 +26,8 @@ sops:
             aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
             jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-28T03:04:52Z"
+    lastmodified: "2025-07-16T15:08:21Z"
-    mac: ENC[AES256_GCM,data:THwZcK7nJnCYEUR8CiaQKZ8dQpYbDqnshBBWFzEzPXEWLgFB9+7d6aRh9ZDjZs0rhBTChta3H7YxDJdFh5nAJQy532FJp4S4tBOLHWFZARlKhXngujd0SvxPER55uvxImNFIYX0RDSHUck5jDXCA0tBCmE/Q7DuY7v0+cmRgOV8=,iv:1p3kFMSg0k1n00P6UY5Tttuqvpsb4Se8km5zA9GhAu4=,tag:cDxbHZ+eScDQacwV1sYGIA==,type:str]
+    mac: ENC[AES256_GCM,data:jGS7FqZqEeACNIoeSLokZFa8NdD4ItagH0MXDK/71VODxAHXyYx1YC1rjQoHtJ94wBJV+PAJBvsVXFLRpp9OrmSmHdEAxDAfk0/yQsbqpTyruYRC+bkf5V+Ul8DhtXLFlCQ0LVL+Ku9jTUGCUbV0MHLAN5OBfPglk2vICOoV8Qk=,iv:1HAG5eAoAscctpkYQ1BNUFfQAodb0KbMqgQMw9W6G3o=,tag:rpxbvG5l7eMvCTKYQeRtEw==,type:str]
     pgp:
         - created_at: "2025-03-07T22:49:16Z"
           enc: |-

system/containers.nix

@@ -33,6 +33,18 @@
 
     networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;
 
+    # Docker punches holes in your firewall
+    systemd.services.docker-update-firewall = {
+      script = lib.getExe pkgs._docker-block-external-connections;
+    };
+    systemd.timers.docker-update-firewall = {
+      timerConfig = {
+        OnCalendar = "minutely";
+        Unit = "docker-update-firewall.service";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+
     programs.extra-container.enable = true;
 
     programs.firejail.enable = true;

system/gitlab-runner.nix

@@ -1,6 +1,12 @@
 { pkgs, lib, ... }:
 let
-  installNixScript = pkgs.writeScriptBin "install-nix" ''
+  installNixScript =
+    {
+      authenticationTokenConfigFile,
+      nixCacheSshPrivateKeyPath ? null,
+      ...
+    }:
+    pkgs.writeScriptBin "install-nix" ''
       mkdir -p -m 0755 /nix/var/log/nix/drvs
       mkdir -p -m 0755 /nix/var/nix/gcroots
       mkdir -p -m 0755 /nix/var/nix/profiles
@@ -25,16 +31,31 @@ let
           ]
         )
       }
+
+      ${lib.optionalString (nixCacheSshPrivateKeyPath != null) ''
+        NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}"
+        NIX_CACHE_SSH_PUBLIC_KEY="# nix-cache.wopus.dev:22 SSH-2.0-OpenSSH_10.0
+        nix-cache.wopus.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU71N5QxdCmM7N25SnOg6u+YLmv92znpeDcyIDamldI"
+        . ${./gitlab-runner/nix-cache-start}
+      ''}
     '';
 in
-{
+rec {
-  mkNixRunner = authenticationTokenConfigFile: {
+  mkNixRunnerFull =
+    {
+      authenticationTokenConfigFile,
+      nixCacheSshPrivateKeyPath ? null,
+      ...
+    }@args:
+    {
       # File should contain at least these two variables:
       # `CI_SERVER_URL`
       # `REGISTRATION_TOKEN`
       inherit authenticationTokenConfigFile; # 2
       dockerImage = "alpine:3.18.2";
-    dockerVolumes = [
+      dockerPullPolicy = "if-not-present";
+      dockerVolumes =
+        [
           "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
           "/nix/store:/nix/store:ro"
           "/nix/var/nix/db:/nix/var/nix/db:ro"
@@ -42,9 +63,13 @@ in
           "/tmp:/tmp"
           "/var/run/docker.sock:/var/run/docker.sock"
           "/var/lib/docker/containers:/var/lib/docker/containers"
+          "/cache"
+        ]
+        ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [
+          "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}"
         ];
-    dockerDisableCache = true;
+      # dockerDisableCache = true;
-    preBuildScript = "\". ${lib.getExe installNixScript}\"";
+      preBuildScript = "\". ${lib.getExe (installNixScript args)}\"";
       environmentVariables = {
         ENV = "/etc/profile";
         USER = "root";
@@ -52,4 +77,10 @@ in
         NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
       };
     };
+
+  mkNixRunner =
+    authenticationTokenConfigFile:
+    mkNixRunnerFull {
+      inherit authenticationTokenConfigFile;
+    };
 }

system/gitlab-runner/nix-cache-start

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+echo "nix-cache: Setting up ssh key and host" >&2
+STORE_HOST_PUB_KEY="$(echo "$NIX_CACHE_SSH_PUBLIC_KEY" | base64 | tr -d '\n')"
+STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
+echo STORE_URL="$STORE_URL" >&2
+
+NIX_EXTRA_CONFIG_FILE=$(mktemp)
+cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
+  extra-substituters = $STORE_URL
+EOF
+
+echo "nix-cache: Adding remote cache as substituter" >&2
+export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
+
+echo "nix-cache: Setting up nix hook" >&2
+nix() {
+    echo "nix-cache: executing nix hook" >&2
+    command nix "$@"
+    local STATUS="$?"
+
+    local BUILD=no
+    if test "$STATUS" = "0"; then
+        for arg in "$@"; do
+            echo "nix-cache: evaluating arg '$arg'" >&2
+            case "$arg" in
+                build)
+                    echo "nix-cache: enablig upload" >&2
+                    BUILD=yes
+                ;;
+                -*)
+                    echo "nix-cache: ignoring argument '$arg'" >&2
+                ;;
+                *)
+                    if test "$BUILD" = yes; then
+                        echo "nix-cache: Sending path $arg" >&2
+                        command nix copy --to "$STORE_URL" "$arg" || true
+                    else
+                        echo "nix-cache: not building, ignoring argument '$arg'" >&2
+                    fi
+                ;;
+            esac
+        done
+    else
+        echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2
+    fi
+
+    return "$STATUS"
+}

system/monolith-bitbucket-runner.nix

@@ -1,50 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-
-let
-  mkRunner = secret: {
-    image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
-    volumes = [
-      "/tmp:/tmp"
-      "/var/run/docker.sock:/var/run/docker.sock"
-      "/var/lib/docker/containers:/var/lib/docker/containers:ro"
-    ];
-    environmentFiles = [ secret ];
-  };
-
-  secretConf = {
-    sopsFile = ../secrets/monolith/default.yaml;
-  };
-in
-{
-  virtualisation.docker = {
-    enable = true;
-    daemon.settings = {
-      # needed by bitbucket runner ???
-      log-driver = "json-file";
-      log-opts = {
-        max-size = "10m";
-        max-file = "3";
-      };
-    };
-  };
-
-  virtualisation.oci-containers.backend = "docker";
-
-  virtualisation.oci-containers.containers = {
-    bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
-    bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
-    bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
-    bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
-  };
-
-  sops.secrets = {
-    "bitbucket-runners/wopus-runner-1" = secretConf;
-    "bitbucket-runners/wopus-runner-2" = secretConf;
-    "bitbucket-runners/wopus-runner-3" = secretConf;
-    "bitbucket-runners/wopus-runner-4" = secretConf;
-  };
-}

system/monolith-gitlab-runner.nix

@@ -4,21 +4,24 @@
   ...
 }:
 let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner mkNixRunnerFull;
 in
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;
   virtualisation.docker.enable = true;
   services.gitlab-runner = {
     enable = true;
-    settings.concurrent = 12;
+    settings.concurrent = 6;
     services = {
       # runner for building in docker via host's nix-daemon
       # nix store will be readable in runner, might be insecure
       thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
       thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
 
-      wopus-gitlab-nix = mkNixRunner config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+      wopus-gitlab-nix = mkNixRunnerFull {
+        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+        nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
+      };
 
       default = {
         # File should contain at least these two variables:
@@ -26,15 +29,7 @@ in
         # `CI_SERVER_TOKEN`
         authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
         dockerImage = "debian:stable";
-      };
+        dockerPullPolicy = "if-not-present";
-
-      wopus-gitlab-docker-images = {
-        # File should contain at least these two variables:
-        # `CI_SERVER_URL`
-        # `CI_SERVER_TOKEN`
-        authenticationTokenConfigFile =
-          config.sops.secrets."gitlab-runners/wopus-gitlab-docker-images".path;
-        dockerImage = "debian:stable";
       };
     };
   };
@@ -53,7 +48,7 @@ in
     "gitlab-runners/wopus-gitlab-nix" = {
       sopsFile = ../secrets/monolith/default.yaml;
     };
-    "gitlab-runners/wopus-gitlab-docker-images" = {
+    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
       sopsFile = ../secrets/monolith/default.yaml;
     };
   };

system/network.nix

@@ -26,6 +26,8 @@
     };
   };
 
+  services.fail2ban.enable = true;
+
   # Workaround for nm-wait-online hanging??
   # Ref: https://github.com/NixOS/nixpkgs/issues/180175
   systemd.services.NetworkManager-wait-online = {

system/sound.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  hardware.pulseaudio.enable = false;
+  services.pulseaudio.enable = false;
   services.pipewire = {
     enable = true;
     wireplumber.enable = true;

user/firefox.nix

@@ -34,8 +34,8 @@ in
           # })
           (pkgs.fetchFirefoxAddon {
             name = "ublock-origin";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4492375/ublock_origin-1.64.0.xpi";
-            hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo=";
+            hash = "sha256-ueHIaL0awd78q/LgF3bRqQ7/ujSwf+aiE1DUXwIuDp8=";
           })
           (pkgs.fetchFirefoxAddon {
             name = "user_agent_string_switcher";
@@ -59,6 +59,11 @@ in
             url = "https://addons.mozilla.org/firefox/downloads/file/4263531/youtube_recommended_videos-1.6.7.xpi";
             hash = "sha256-u21ouN9IyOzkTkFSeDz+QBp9psJ1F2Nmsvqp6nh0DRU=";
           })
+          (pkgs.fetchFirefoxAddon {
+            name = "youtube_no_translation";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4529979/youtube_no_translation-2.7.1.xpi";
+            hash = "sha256-HOLeSWt0phsR/l3FcCRUUFCurU2zyBuZBlynlxPbGqs=";
+          })
           # (pkgs.fetchFirefoxAddon {
           #   name = "invidious_redirect";
           #   url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";

user/gnome.nix

@@ -43,7 +43,7 @@ lib.mkIf (config.my.desktop == "gnome") {
     qt6Packages.qtstyleplugin-kvantum
   ];
 
-  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome;
+  services.gpg-agent.pinentry.package = pkgs.pinentry-gnome;
 
   xdg.defaultApplications = {
     enable = lib.mkForce false;

user/home.nix

@@ -24,6 +24,7 @@
     ./mpv.nix
     ./mangohud.nix
     ./gaming.nix
+    ./lsfg-vk
     ./pipewire.nix
     ./mimeapps.nix
     ./desktop-entries.nix
@@ -36,6 +37,7 @@
     ./pass.nix
     ./pqiv.nix
     ./zathura.nix
+    ./satty
     ./man.nix
     ./mpd.nix
     ./sway
@@ -147,6 +149,8 @@
     enable = true;
   };
 
+  sops.age.keyFile = config.home.homeDirectory + "/.ssh/id_ed25519";
+
   xdg.defaultApplications = {
     enable = true;
     text-editor = lib.mkDefault "kak.desktop";

user/kakoune/filetypes.kak

@@ -46,10 +46,18 @@ hook global BufCreate .*\.js %{
     set buffer formatcmd "prettier --stdin-filepath=%val{buffile}"
 }
 
+hook global BufCreate .*\.jsx %{
+    set buffer formatcmd "prettier --stdin-filepath=%val{buffile}"
+}
+
 hook global BufCreate .*\.ts %{
     set buffer formatcmd "prettier --stdin-filepath=%val{buffile}"
 }
 
+hook global BufCreate .*\.tsx %{
+    set buffer formatcmd "prettier --stdin-filepath=%val{buffile}"
+}
+
 hook global BufCreate .*\.scss %{
     set buffer formatcmd "prettier --stdin-filepath=%val{buffile}"
 }

user/lsfg-vk/default.nix

@@ -0,0 +1,36 @@
+{ pkgs, config, ... }:
+let
+  LosslessDllPath = config.home.homeDirectory + "/.local/lib/Lossless.dll";
+in
+{
+  home.file = {
+    ".local/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json".source =
+      "${pkgs.lsfg-vk}/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json";
+    ".local/lib/liblsfg-vk.so".source = "${pkgs.lsfg-vk}/lib/liblsfg-vk.so";
+  };
+
+  home.sessionVariables = {
+    # ENABLE_LSFG = 1; # Don't enable session wide, to avoid bugs
+    LSFG_MULTIPLIER = 2;
+    LSFG_DLL_PATH = LosslessDllPath;
+  };
+
+  # Put the dll in a reachable location for steam games
+  # Secrets normally are a symlink to /run/user/1000/secrets.d/
+  # Every time sops-nix.service runs, we copy the dll
+  systemd.user.services.copy-lsfg-dll = {
+    Service = {
+      ExecStart = pkgs.writeShellScript "copy-lsfg-dll" ''
+        cp -fv "${config.sops.secrets."lsfg.dll".path}" "${LosslessDllPath}"
+      '';
+      Type = "oneshot";
+    };
+    Unit.After = [ "sops-nix.service" ];
+    Install.WantedBy = [ "sops-nix.service" ];
+  };
+
+  sops.secrets."lsfg.dll" = {
+    sopsFile = ../../secrets/lsfg.dll.gpg;
+    format = "binary";
+  };
+}

user/mangohud.nix

@@ -17,6 +17,9 @@ in
       toggle_preset = "Control_R+F9";
       fps_metrics = "Control_R+F8";
 
+      media_player = false;
+      battery = false;
+
       # legacy_layout = "false";
       # gpu_stats = true;
       # gpu_temp = true;

user/satty/config.toml

@@ -0,0 +1,63 @@
+[general]
+# Start Satty in fullscreen mode
+fullscreen = true
+# Exit directly after copy/save action
+early-exit = true
+# Draw corners of rectangles round if the value is greater than 0 (0 disables rounded corners)
+corner-roundness = 12
+# Select the tool on startup [possible values: pointer, crop, line, arrow, rectangle, text, marker, blur, brush]
+initial-tool = "brush"
+# Configure the command to be called on copy, for example `wl-copy`
+copy-command = "wl-copy"
+# Increase or decrease the size of the annotations
+# annotation-size-factor = 2
+# Filename to use for saving action. Omit to disable saving to file. Might contain format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime/index.html
+# output-filename = "/tmp/test-%Y-%m-%d_%H:%M:%S.png"
+# After copying the screenshot, save it to a file as well
+# save-after-copy = false
+# Hide toolbars by default
+# default-hide-toolbars = false
+# Experimental: whether window focus shows/hides toolbars. This does not affect initial state of toolbars, see default-hide-toolbars.
+# focus-toggles-toolbars = false
+# The primary highlighter to use, the other is accessible by holding CTRL at the start of a highlight [possible values: block, freehand]
+primary-highlighter = "block"
+# Disable notifications
+disable-notifications = true
+# Actions to trigger on right click (order is important)
+# [possible values: save-to-clipboard, save-to-file, exit]
+# actions-on-right-click = []
+# Actions to trigger on Enter key (order is important)
+# [possible values: save-to-clipboard, save-to-file, exit]
+# actions-on-enter = ["save-to-clipboard"]
+# Actions to trigger on Escape key (order is important)
+# [possible values: save-to-clipboard, save-to-file, exit]
+# actions-on-escape = ["exit"]
+# Action to perform when the Enter key is pressed [possible values: save-to-clipboard, save-to-file]
+# Deprecated: use actions-on-enter instead
+action-on-enter = "save-to-clipboard"
+# Right click to copy
+# Deprecated: use actions-on-right-click instead
+# right-click-copy = false
+# request no window decoration. Please note that the compositor has the final say in this. At this point. requires xdg-decoration-unstable-v1.
+# no-window-decoration = true
+# experimental feature: adjust history size for brush input smooting (0: disabled, default: 0, try e.g. 5 or 10)
+# brush-smooth-history-size = 10
+
+# Font to use for text annotations
+[font]
+family = "Roboto"
+style = "Bold"
+
+# Custom colours for the colour palette
+[color-palette]
+# These will be shown in the toolbar for quick selection
+palette = [
+    "#ff0000",
+    "#00ffff",
+    "#a52a2a",
+    "#dc143c",
+    "#ff1493",
+    "#ffd700",
+    "#008000",
+]
+

user/satty/default.nix

@@ -0,0 +1,22 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  cfg = config.my.satty;
+in
+{
+  options.my.satty.enable = lib.mkEnableOption { };
+
+  config = lib.mkIf cfg.enable {
+    xdg.configFile."satty/config.toml" = {
+      source = ./config.toml;
+    };
+
+    home.packages = with pkgs; [
+      satty
+    ];
+  };
+}

user/sway/default.nix

@@ -32,6 +32,7 @@ in
     my.swaylock.enable = true;
     my.mpd.enable = true;
     my.zathura.enable = true;
+    my.satty.enable = true;
     my.waybar.enable = true;
     my.gammastep.enable = true;
 
@@ -123,7 +124,7 @@ in
       indicator = true;
     };
 
-    services.gpg-agent.pinentryPackage = pkgs.pinentry-all;
+    services.gpg-agent.pinentry.package = pkgs.pinentry-all;
 
     xdg.configFile."OpenTabletDriver/settings.json" = {
       force = true;

user/sway/mako.nix

@@ -20,21 +20,22 @@ in
   config = lib.mkIf cfg.enable {
     services.mako = {
       enable = true;
-      borderSize = 2;
+
+      settings = {
+        border-size = 2;
         padding = "5";
         margin = "15";
         layer = "overlay";
 
         font = "${font.interface} ${toString font.size.small}";
-      textColor = color.txt;
+        text-color = color.txt;
 
-      backgroundColor = color.bg;
+        background-color = color.bg;
-      borderColor = accent.color;
+        border-color = accent.color;
-      progressColor = "over ${accent.color}88";
+        progress-color = "over ${accent.color}88";
 
-      defaultTimeout = 10000;
+        default-timeout = 10000;
 
-      settings = {
         "app-name=volumesh" = {
           "default-timeout" = "5000";
           "group-by" = "app-name";

user/sway/sway-binds.nix

@@ -172,7 +172,7 @@ let
     "${mod}+Return" = "exec ${terminal}";
     "${mod}+Ctrl+Return" = "exec thunar";
     "${mod}+Shift+s" = ''
-      exec grim - | satty --filename - --fullscreen --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png
+      exec grim - | satty --filename - --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png
     '';
     "${mod}+Ctrl+v" = "exec wl-paste | tesseract -l por - - | wl-copy";
     "${mod}+k" = "exec showkeys";

user/vscode/default.nix

@@ -4,7 +4,7 @@
   programs.vscode = {
     enable = true;
     package = pkgs.vscodium;
-    extensions = with pkgs.vscode-extensions; [
+    profiles.default.extensions = with pkgs.vscode-extensions; [
       jnoortheen.nix-ide
       github.github-vscode-theme
       rust-lang.rust-analyzer

user/waybar/default.nix

@@ -234,10 +234,7 @@ in
           };
         }
       ];
-      style = builtins.readFile (
+      style = pkgs.replaceVars ./style.css {
-        pkgs.substituteAll {
-          src = ./style.css;
-
         accent_color = accent.color;
 
         color_bg = color.bg;
@@ -249,8 +246,7 @@ in
 
         font_size_big = "${toString font.size.big}px";
         font_size_medium = "${toString font.size.medium}px";
-        }
+      };
-      );
     };
     home.packages = with pkgs; [ waybar ];
   };