wip: caffeinated

.gitattributes

@@ -1,2 +1 @@
 flake.lock binary
-*.gpg binary

.sops.yaml

@@ -5,21 +5,21 @@ keys:
   - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
 
 creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - pgp:
       - *lelgenio-gpg
       age:
       - *lelgenio-ssh
       - *monolith-ssh
-  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - pgp:
       - *lelgenio-gpg
       age:
       - *lelgenio-ssh
       - *monolith-ssh
-  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - pgp:
       - *lelgenio-gpg

flake.lock

@@ -28,11 +28,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1750173260,
-        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
+        "lastModified": 1747575206,
+        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
+        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
         "type": "github"
       },
       "original": {
@@ -225,11 +225,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751607816,
-        "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=",
+        "lastModified": 1749436314,
+        "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662",
+        "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a",
         "type": "github"
       },
       "original": {
@@ -504,11 +504,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751468302,
-        "narHash": "sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA=",
+        "lastModified": 1749154018,
+        "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "501cfec8277f931a9c9af9f23d3105c537faeafe",
+        "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
         "type": "github"
       },
       "original": {
@@ -518,29 +518,11 @@
         "type": "github"
       }
     },
-    "lsfg-vk-flake": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_4"
-      },
-      "locked": {
-        "lastModified": 1752427857,
-        "narHash": "sha256-gF09uaUCp/uykgMfk3HE3fWxwm5sl5bTnJerKfKfX5w=",
-        "owner": "pabloaul",
-        "repo": "lsfg-vk-flake",
-        "rev": "f24d8fe3714cabc69073568efece5e9e5c153fe7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pabloaul",
-        "repo": "lsfg-vk-flake",
-        "type": "github"
-      }
-    },
     "made-you-look": {
       "inputs": {
         "crane": "crane_2",
         "flake-utils": "flake-utils_4",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1728159958,
@@ -563,11 +545,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751170039,
-        "narHash": "sha256-3EKpUmyGmHYA/RuhZjINTZPU+OFWko0eDwazUOW64nw=",
+        "lastModified": 1749355504,
+        "narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "9c932ae632d6b5150515e5749b198c175d8565db",
+        "rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94",
         "type": "github"
       },
       "original": {
@@ -633,29 +615,13 @@
         "type": "github"
       }
     },
-    "nixpkgs-pre-broken-waybar": {
-      "locked": {
-        "lastModified": 1750069205,
-        "narHash": "sha256-ALOBI3nTUFOX0A2bpFZqtsEZfH82icS9r9L/y3XA+2s=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f",
-        "type": "github"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1751271578,
-        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
+        "lastModified": 1749285348,
+        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
+        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
         "type": "github"
       },
       "original": {
@@ -695,22 +661,6 @@
       }
     },
     "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
       "locked": {
         "lastModified": 1719010183,
         "narHash": "sha256-8HMWaqpyjbVeEsmy/A2H6VFtW/Wr71vkPLnpTiAXu+8=",
@@ -726,13 +676,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
-        "lastModified": 1751582995,
-        "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=",
+        "lastModified": 1749727998,
+        "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693",
+        "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd",
         "type": "github"
       },
       "original": {
@@ -741,7 +691,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1747958103,
         "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
@@ -757,7 +707,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
       "locked": {
         "lastModified": 1719010183,
         "narHash": "sha256-8HMWaqpyjbVeEsmy/A2H6VFtW/Wr71vkPLnpTiAXu+8=",
@@ -773,7 +723,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1714091391,
         "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=",
@@ -832,12 +782,10 @@
         "dzgui-nix": "dzgui-nix",
         "hello-fonts": "hello-fonts",
         "home-manager": "home-manager",
-        "lsfg-vk-flake": "lsfg-vk-flake",
         "made-you-look": "made-you-look",
         "nix-index-database": "nix-index-database",
         "nixos-mailserver": "nixos-mailserver",
-        "nixpkgs": "nixpkgs_6",
-        "nixpkgs-pre-broken-waybar": "nixpkgs-pre-broken-waybar",
+        "nixpkgs": "nixpkgs_5",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "plymouth-themes": "plymouth-themes",
         "ranger-icons": "ranger-icons",
@@ -902,11 +850,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751606940,
-        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
+        "lastModified": 1749592509,
+        "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
+        "rev": "50754dfaa0e24e313c626900d44ef431f3210138",
         "type": "github"
       },
       "original": {
@@ -1034,11 +982,11 @@
         "rev": "6a68f2cda0aa2fbb399a4c43b445e8c1a2df0634",
         "revCount": 4,
         "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
       },
       "original": {
         "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
       }
     },
     "tomater": {
@@ -1059,14 +1007,14 @@
     },
     "treefmt-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_6"
       },
       "locked": {
-        "lastModified": 1750931469,
-        "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
+        "lastModified": 1749194973,
+        "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
+        "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
         "type": "github"
       },
       "original": {
@@ -1077,11 +1025,11 @@
     },
     "vpsadminos": {
       "locked": {
-        "lastModified": 1751504201,
-        "narHash": "sha256-rmy2PeePgItz8uBU3ge1Mq0wVJSfX6V3qUmhBL2arPQ=",
+        "lastModified": 1749716966,
+        "narHash": "sha256-aF+YOXv07qI7Q267gqapUcAsoQkI3+EcmZczatq6wkg=",
         "owner": "vpsfreecz",
         "repo": "vpsadminos",
-        "rev": "8e1f048ef6c8fb07dde01a31ab3a6625aa83b239",
+        "rev": "2d991bb5109350801a381bff097809b76ee962f5",
         "type": "github"
       },
       "original": {
@@ -1094,7 +1042,7 @@
       "inputs": {
         "crane": "crane_3",
         "flake-utils": "flake-utils_6",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_7"
       },
       "locked": {
         "lastModified": 1719076817,
@@ -1113,7 +1061,7 @@
     "wl-crosshair": {
       "inputs": {
         "flake-utils": "flake-utils_7",
-        "nixpkgs": "nixpkgs_9"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1715216838,

flake.nix

@@ -4,9 +4,6 @@
     nixpkgs.url = "nixpkgs/nixos-25.05";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
 
-    # TODO: remove after waybar >0.13.0
-    nixpkgs-pre-broken-waybar.url = "github:nixos/nixpkgs/1c1c9b3f5ec0421eaa0f22746295466ee6a8d48f";
-
     home-manager.url = "github:nix-community/home-manager/release-25.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -42,15 +39,10 @@
     dzgui-nix.url = "github:lelgenio/dzgui-nix";
 
     tlauncher = {
-      url = "git+https://git.lelgenio.com/lelgenio/tlauncher-nix";
+      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    lsfg-vk-flake = {
-      url = "github:pabloaul/lsfg-vk-flake";
-      flake = false;
-    };
-
     disko = {
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -130,7 +122,6 @@
                 my = config.my;
                 imports = [
                   ./user/home.nix
-                  inputs.sops-nix.homeManagerModules.sops
                 ];
               };
               home-manager.backupFileExtension = "bkp";
@@ -159,6 +150,7 @@
           modules = [
             ./hosts/monolith
             ./system/monolith-gitlab-runner.nix
+            ./system/monolith-bitbucket-runner.nix
             ./system/monolith-forgejo-runner.nix
             ./system/nix-serve.nix
           ] ++ common_modules;

hosts/phantom/email.nix

@@ -36,8 +36,6 @@
         hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
       };
     };
-
-    enableManageSieve = true;
   };
 
   # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
@@ -54,7 +52,7 @@
       $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";
-      $config['plugins'] = [ "carddav", "archive", "managesieve" ];
+      $config['plugins'] = [ "carddav", "archive" ];
     '';
   };
 }

overlays/default.nix

@@ -35,7 +35,6 @@ rec {
     final: prev:
     packages
     // {
-      lsfg-vk = final.callPackage inputs.lsfg-vk-flake { };
       dhist = inputs.dhist.packages.${prev.system}.dhist;
       demoji = inputs.demoji.packages.${prev.system}.default;
       tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
@@ -45,10 +44,6 @@ rec {
 
   patches = (
     final: prev: {
-      waybar =
-        assert prev.waybar.version == "0.13.0";
-        inputs.nixpkgs-pre-broken-waybar.legacyPackages.${prev.system}.waybar;
-
       mySway = prev.sway.override {
         withBaseWrapper = true;
         withGtkWrapper = true;

pkgs/caffeinated/default.nix

@@ -0,0 +1,42 @@
+{
+  stdenv,
+  fetchFromGitHub,
+
+  pkgconf,
+  pkg-config,
+  wayland-scanner,
+
+  systemd,
+  libbsd,
+  wayland,
+  wayland-protocols,
+}:
+
+stdenv.mkDerivation {
+  pname = "caffeinated";
+  version = "2022-12-08";
+
+  src = fetchFromGitHub {
+    owner = "electrickite";
+    repo = "caffeinated";
+    rev = "5a8eff054bdce225a19cf3ab785dc1bbc9bd3265";
+    hash = "sha256-X1w/YWljcwb5ZH8Nt92CDhPU/yqBLH3lBS7yVJUeyzY=";
+  };
+
+  nativeBuildInputs = [
+    pkgconf
+    pkg-config
+    wayland-scanner
+  ];
+
+  buildInputs = [
+    systemd
+    libbsd
+    wayland
+    wayland-protocols
+  ];
+
+  makeFlags = [ "WAYLAND=1" ];
+
+  installFlags = [ "PREFIX=$(out)" ];
+}

pkgs/default.nix

@@ -3,6 +3,7 @@
 
 { pkgs, inputs }:
 rec {
+  caffeinated = pkgs.callPackage ./caffeinated { };
   cargo-checkmate = pkgs.callPackage ./cargo-checkmate.nix { };
   lipsum = pkgs.callPackage ./lipsum.nix { };
   emmet-cli = pkgs.callPackage ./emmet-cli.nix { };

scripts/default.nix

@@ -74,7 +74,6 @@
     ];
     wpass = [
       wdmenu
-      ripgrep
       fd
       myPass
       sd

scripts/wpass

@@ -29,7 +29,7 @@ main() {
 
     test -n "$entry" || exit 0
 
-    username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'`
+    username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'`
     password=`pass show "$entry" 2>/dev/null | head -n 1`
     otp=`pass otp "$entry" 2>/dev/null` || true
 

secrets/monolith/default.yaml

@@ -5,6 +5,11 @@ gitlab-runners:
     thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
     docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
     wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
+bitbucket-runners:
+    wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str]
+    wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str]
+    wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str]
+    wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str]
 sops:
     age:
         - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
@@ -25,8 +30,8 @@ sops:
             aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
             jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-24T11:51:22Z"
-    mac: ENC[AES256_GCM,data:onyjWlFsH/9YGSi2nGsPmZjhE4nFVQ5Jiwfi4s9KC7NetKD7Reyz2JY6i3YuZspBn3Jvbq8nOKVPGzttMAG+IrqQEv6+MxrCOEnJZXZcqocDNg7dACOXmJB5iwpFVdKscesTH2SScf7Pl/q6l9KOFjFuaZeBB7dlxHVA5zzCVOU=,iv:lEbxg2HfxU6ikgWSpUNAGIfgaz7DnZjXnLWcmsvt0A4=,tag:/Ag37QuJj9Xy/u20Nhy05Q==,type:str]
+    lastmodified: "2025-06-16T13:05:35Z"
+    mac: ENC[AES256_GCM,data:i8HOA7JSVSkxpoXJpFYrENodySyEEupYLNjuezRpd+PQWmxE7igonFyweUblmkSyBgy1FpmN+llwoP0Cokka5QyJse9jq9hR6dFATpZC9qPzSlAb+RpdSzp4QXjryOzP/23RJ7WhhBOC2DRw8OkDBPDJINBnCtu1ticpiuXKoHs=,iv:WEEdZDbrrkhip0ZkpqQfg6fwV+OzP/bBBrExyvOhqng=,tag:6iLMsJtenKdU/lJU/+HnCg==,type:str]
     pgp:
         - created_at: "2025-03-07T22:49:16Z"
           enc: |-

system/containers.nix

@@ -33,18 +33,6 @@
 
     networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;
 
-    # Docker punches holes in your firewall
-    systemd.services.docker-update-firewall = {
-      script = lib.getExe pkgs._docker-block-external-connections;
-    };
-    systemd.timers.docker-update-firewall = {
-      timerConfig = {
-        OnCalendar = "minutely";
-        Unit = "docker-update-firewall.service";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-
     programs.extra-container.enable = true;
 
     programs.firejail.enable = true;

system/gitlab-runner.nix

@@ -34,7 +34,6 @@ in
     # `REGISTRATION_TOKEN`
     inherit authenticationTokenConfigFile; # 2
     dockerImage = "alpine:3.18.2";
-    dockerPullPolicy = "if-not-present";
     dockerVolumes = [
       "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
       "/nix/store:/nix/store:ro"

system/monolith-bitbucket-runner.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  mkRunner = secret: {
+    image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
+    volumes = [
+      "/tmp:/tmp"
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "/var/lib/docker/containers:/var/lib/docker/containers:ro"
+    ];
+    environmentFiles = [ secret ];
+  };
+
+  secretConf = {
+    sopsFile = ../secrets/monolith/default.yaml;
+  };
+in
+{
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      # needed by bitbucket runner ???
+      log-driver = "json-file";
+      log-opts = {
+        max-size = "10m";
+        max-file = "3";
+      };
+    };
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  virtualisation.oci-containers.containers = {
+    bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
+    bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
+    bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
+    bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
+  };
+
+  sops.secrets = {
+    "bitbucket-runners/wopus-runner-1" = secretConf;
+    "bitbucket-runners/wopus-runner-2" = secretConf;
+    "bitbucket-runners/wopus-runner-3" = secretConf;
+    "bitbucket-runners/wopus-runner-4" = secretConf;
+  };
+}

system/monolith-gitlab-runner.nix

@@ -26,7 +26,6 @@ in
         # `CI_SERVER_TOKEN`
         authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
         dockerImage = "debian:stable";
-        dockerPullPolicy = "if-not-present";
       };
     };
   };

system/network.nix

@@ -26,8 +26,6 @@
     };
   };
 
-  services.fail2ban.enable = true;
-
   # Workaround for nm-wait-online hanging??
   # Ref: https://github.com/NixOS/nixpkgs/issues/180175
   systemd.services.NetworkManager-wait-online = {

system/sound.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  services.pulseaudio.enable = false;
+  hardware.pulseaudio.enable = false;
   services.pipewire = {
     enable = true;
     wireplumber.enable = true;

user/firefox.nix

@@ -59,11 +59,6 @@ in
             url = "https://addons.mozilla.org/firefox/downloads/file/4263531/youtube_recommended_videos-1.6.7.xpi";
             hash = "sha256-u21ouN9IyOzkTkFSeDz+QBp9psJ1F2Nmsvqp6nh0DRU=";
           })
-          (pkgs.fetchFirefoxAddon {
-            name = "youtube_no_translation";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4529979/youtube_no_translation-2.7.1.xpi";
-            hash = "sha256-HOLeSWt0phsR/l3FcCRUUFCurU2zyBuZBlynlxPbGqs=";
-          })
           # (pkgs.fetchFirefoxAddon {
           #   name = "invidious_redirect";
           #   url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";

user/gnome.nix

@@ -43,7 +43,7 @@ lib.mkIf (config.my.desktop == "gnome") {
     qt6Packages.qtstyleplugin-kvantum
   ];
 
-  services.gpg-agent.pinentry.package = pkgs.pinentry-gnome;
+  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome;
 
   xdg.defaultApplications = {
     enable = lib.mkForce false;

user/home.nix

@@ -24,7 +24,6 @@
     ./mpv.nix
     ./mangohud.nix
     ./gaming.nix
-    ./lsfg-vk
     ./pipewire.nix
     ./mimeapps.nix
     ./desktop-entries.nix
@@ -37,7 +36,6 @@
     ./pass.nix
     ./pqiv.nix
     ./zathura.nix
-    ./satty
     ./man.nix
     ./mpd.nix
     ./sway
@@ -149,8 +147,6 @@
     enable = true;
   };
 
-  sops.age.keyFile = config.home.homeDirectory + "/.ssh/id_ed25519";
-
   xdg.defaultApplications = {
     enable = true;
     text-editor = lib.mkDefault "kak.desktop";

user/kakoune/kak-lsp.toml

@@ -135,6 +135,7 @@ args = [
 [language_server.rust-analyzer.settings.rust-analyzer]
 # See https://rust-analyzer.github.io/manual.html#configuration
 # cargo.features = []
+cargo.buildScripts.useRustcWrapper = false
 checkOnSave.command = "clippy"
 hoverActions.enable = false # kak-lsp doesn't support this at the moment
 

user/lsfg-vk/default.nix

@@ -1,36 +0,0 @@
-{ pkgs, config, ... }:
-let
-  LosslessDllPath = config.home.homeDirectory + "/.local/lib/Lossless.dll";
-in
-{
-  home.file = {
-    ".local/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json".source =
-      "${pkgs.lsfg-vk}/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json";
-    ".local/lib/liblsfg-vk.so".source = "${pkgs.lsfg-vk}/lib/liblsfg-vk.so";
-  };
-
-  home.sessionVariables = {
-    # ENABLE_LSFG = 1; # Don't enable session wide, to avoid bugs
-    LSFG_MULTIPLIER = 2;
-    LSFG_DLL_PATH = LosslessDllPath;
-  };
-
-  # Put the dll in a reachable location for steam games
-  # Secrets normally are a symlink to /run/user/1000/secrets.d/
-  # Every time sops-nix.service runs, we copy the dll
-  systemd.user.services.copy-lsfg-dll = {
-    Service = {
-      ExecStart = pkgs.writeShellScript "copy-lsfg-dll" ''
-        cp -fv "${config.sops.secrets."lsfg.dll".path}" "${LosslessDllPath}"
-      '';
-      Type = "oneshot";
-    };
-    Unit.After = [ "sops-nix.service" ];
-    Install.WantedBy = [ "sops-nix.service" ];
-  };
-
-  sops.secrets."lsfg.dll" = {
-    sopsFile = ../../secrets/lsfg.dll.gpg;
-    format = "binary";
-  };
-}

user/mangohud.nix

@@ -17,9 +17,6 @@ in
       toggle_preset = "Control_R+F9";
       fps_metrics = "Control_R+F8";
 
-      media_player = false;
-      battery = false;
-
       # legacy_layout = "false";
       # gpu_stats = true;
       # gpu_temp = true;

user/satty/config.toml

@@ -1,63 +0,0 @@
-[general]
-# Start Satty in fullscreen mode
-fullscreen = true
-# Exit directly after copy/save action
-early-exit = true
-# Draw corners of rectangles round if the value is greater than 0 (0 disables rounded corners)
-corner-roundness = 12
-# Select the tool on startup [possible values: pointer, crop, line, arrow, rectangle, text, marker, blur, brush]
-initial-tool = "brush"
-# Configure the command to be called on copy, for example `wl-copy`
-copy-command = "wl-copy"
-# Increase or decrease the size of the annotations
-# annotation-size-factor = 2
-# Filename to use for saving action. Omit to disable saving to file. Might contain format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime/index.html
-# output-filename = "/tmp/test-%Y-%m-%d_%H:%M:%S.png"
-# After copying the screenshot, save it to a file as well
-# save-after-copy = false
-# Hide toolbars by default
-# default-hide-toolbars = false
-# Experimental: whether window focus shows/hides toolbars. This does not affect initial state of toolbars, see default-hide-toolbars.
-# focus-toggles-toolbars = false
-# The primary highlighter to use, the other is accessible by holding CTRL at the start of a highlight [possible values: block, freehand]
-primary-highlighter = "block"
-# Disable notifications
-disable-notifications = true
-# Actions to trigger on right click (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-right-click = []
-# Actions to trigger on Enter key (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-enter = ["save-to-clipboard"]
-# Actions to trigger on Escape key (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-escape = ["exit"]
-# Action to perform when the Enter key is pressed [possible values: save-to-clipboard, save-to-file]
-# Deprecated: use actions-on-enter instead
-action-on-enter = "save-to-clipboard"
-# Right click to copy
-# Deprecated: use actions-on-right-click instead
-# right-click-copy = false
-# request no window decoration. Please note that the compositor has the final say in this. At this point. requires xdg-decoration-unstable-v1.
-# no-window-decoration = true
-# experimental feature: adjust history size for brush input smooting (0: disabled, default: 0, try e.g. 5 or 10)
-# brush-smooth-history-size = 10
-
-# Font to use for text annotations
-[font]
-family = "Roboto"
-style = "Bold"
-
-# Custom colours for the colour palette
-[color-palette]
-# These will be shown in the toolbar for quick selection
-palette = [
-    "#ff0000",
-    "#00ffff",
-    "#a52a2a",
-    "#dc143c",
-    "#ff1493",
-    "#ffd700",
-    "#008000",
-]
-

user/satty/default.nix

@@ -1,22 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  cfg = config.my.satty;
-in
-{
-  options.my.satty.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf cfg.enable {
-    xdg.configFile."satty/config.toml" = {
-      source = ./config.toml;
-    };
-
-    home.packages = with pkgs; [
-      satty
-    ];
-  };
-}

user/sway/default.nix

@@ -32,7 +32,6 @@ in
     my.swaylock.enable = true;
     my.mpd.enable = true;
     my.zathura.enable = true;
-    my.satty.enable = true;
     my.waybar.enable = true;
     my.gammastep.enable = true;
 
@@ -124,7 +123,7 @@ in
       indicator = true;
     };
 
-    services.gpg-agent.pinentry.package = pkgs.pinentry-all;
+    services.gpg-agent.pinentryPackage = pkgs.pinentry-all;
 
     xdg.configFile."OpenTabletDriver/settings.json" = {
       force = true;

user/sway/mako.nix

@@ -20,22 +20,21 @@ in
   config = lib.mkIf cfg.enable {
     services.mako = {
       enable = true;
+      borderSize = 2;
+      padding = "5";
+      margin = "15";
+      layer = "overlay";
+
+      font = "${font.interface} ${toString font.size.small}";
+      textColor = color.txt;
+
+      backgroundColor = color.bg;
+      borderColor = accent.color;
+      progressColor = "over ${accent.color}88";
+
+      defaultTimeout = 10000;
 
       settings = {
-        border-size = 2;
-        padding = "5";
-        margin = "15";
-        layer = "overlay";
-
-        font = "${font.interface} ${toString font.size.small}";
-        text-color = color.txt;
-
-        background-color = color.bg;
-        border-color = accent.color;
-        progress-color = "over ${accent.color}88";
-
-        default-timeout = 10000;
-
         "app-name=volumesh" = {
           "default-timeout" = "5000";
           "group-by" = "app-name";

user/sway/sway-binds.nix

@@ -172,7 +172,7 @@ let
     "${mod}+Return" = "exec ${terminal}";
     "${mod}+Ctrl+Return" = "exec thunar";
     "${mod}+Shift+s" = ''
-      exec grim - | satty --filename - --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png
+      exec grim - | satty --filename - --fullscreen --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png
     '';
     "${mod}+Ctrl+v" = "exec wl-paste | tesseract -l por - - | wl-copy";
     "${mod}+k" = "exec showkeys";

user/vscode/default.nix

@@ -4,7 +4,7 @@
   programs.vscode = {
     enable = true;
     package = pkgs.vscodium;
-    profiles.default.extensions = with pkgs.vscode-extensions; [
+    extensions = with pkgs.vscode-extensions; [
       jnoortheen.nix-ide
       github.github-vscode-theme
       rust-lang.rust-analyzer

user/waybar/default.nix

@@ -234,19 +234,23 @@ in
           };
         }
       ];
-      style = pkgs.replaceVars ./style.css {
-        accent_color = accent.color;
+      style = builtins.readFile (
+        pkgs.substituteAll {
+          src = ./style.css;
 
-        color_bg = color.bg;
-        color_bg_dark = color.bg_dark;
-        color_bg_light = color.bg_light;
-        color_txt = color.txt;
+          accent_color = accent.color;
 
-        font_interface = font.interface;
+          color_bg = color.bg;
+          color_bg_dark = color.bg_dark;
+          color_bg_light = color.bg_light;
+          color_txt = color.txt;
 
-        font_size_big = "${toString font.size.big}px";
-        font_size_medium = "${toString font.size.medium}px";
-      };
+          font_interface = font.interface;
+
+          font_size_big = "${toString font.size.big}px";
+          font_size_medium = "${toString font.size.medium}px";
+        }
+      );
     };
     home.packages = with pkgs; [ waybar ];
   };