home: add automatic home-manager cleanup service

refactor: move rm-target service and timer to separate file
factorio: update backup script filename to fix syncthing integration
2025-03-27 01:07:27 -03:00 · 2025-03-26 21:58:24 -03:00 · 2025-03-23 16:30:08 -03:00 · 2025-03-21 00:55:53 -03:00 · 2025-03-20 20:51:33 -03:00 · 2025-03-20 20:36:48 -03:00
112 changed files with 985 additions and 1502 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +0,0 @@
-flake.lock binary
-*.gpg binary
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,33 +2,24 @@ keys:
  - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
  - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
  - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-  - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
  - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y

 creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *monolith-ssh
-  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *monolith-ssh
-  - path_regex: secrets/double-rainbow/[^/]+\.(yaml|json|env|ini|gpg)$
-    key_groups:
-    - pgp:
-      - *lelgenio-gpg
-      age:
-      - *lelgenio-ssh
-      - *monolith-ssh
-      - *double-rainbow-ssh
-  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
+  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
--- a/flake.lock
+++ b/flake.lock
@ -16,6 +16,31 @@
        "type": "github"
      }
    },
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1736955230,
+        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "blobs": {
      "flake": false,
      "locked": {
@ -48,22 +73,6 @@
        "url": "https://git.lelgenio.com/lelgenio/catboy-spinner"
      }
    },
-    "contador-da-viagem": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1742610036,
-        "narHash": "sha256-sY1iheemazmIVJAnoFtut6cN7HX/C5OMDY54UrmCoqE=",
-        "ref": "refs/heads/main",
-        "rev": "efe5ac4a16de7f78824ac89dc987ef635afa5267",
-        "revCount": 4,
-        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
-      }
-    },
    "crane": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -130,6 +139,28 @@
        "type": "github"
      }
    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
    "demoji": {
      "inputs": {
        "advisory-db": "advisory-db",
@ -178,11 +209,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769524058,
-        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
+        "lastModified": 1741786315,
+        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
+        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
        "type": "github"
      },
      "original": {
@ -196,11 +227,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1764972059,
-        "narHash": "sha256-MLdmXiPhouR4nSxIZwNEHWGYT2rR9UquaYGbZPEBgRk=",
+        "lastModified": 1742179690,
+        "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=",
        "owner": "lelgenio",
        "repo": "dzgui-nix",
-        "rev": "14bd77c58f4cc4864513f9d887ad387337c9411f",
+        "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4",
        "type": "github"
      },
      "original": {
@ -250,11 +281,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1761588595,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -265,7 +296,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1681202837,
@ -283,7 +314,7 @@
    },
    "flake-utils_2": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1681202837,
@ -316,7 +347,7 @@
    },
    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1681202837,
@ -334,7 +365,7 @@
    },
    "flake-utils_5": {
      "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1681202837,
@ -352,7 +383,7 @@
    },
    "flake-utils_6": {
      "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1681202837,
@ -370,7 +401,7 @@
    },
    "flake-utils_7": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1710146030,
@ -386,54 +417,6 @@
        "type": "github"
      }
    },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": [
-          "nixos-mailserver",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixos-mailserver",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1763319842,
-        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "nixos-mailserver",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
    "hello-fonts": {
      "flake": false,
      "locked": {
@ -457,40 +440,20 @@
        ]
      },
      "locked": {
-        "lastModified": 1770260404,
-        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
+        "lastModified": 1742234739,
+        "narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
+        "rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.11",
+        "ref": "release-24.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
-    "lsfg-vk-flake": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1756367273,
-        "narHash": "sha256-u7/qG5xQxW+o51R2lBPj0NxU3oFrUwj78UlCKKNHGAc=",
-        "owner": "pabloaul",
-        "repo": "lsfg-vk-flake",
-        "rev": "62aadfc844b2002abe47cbbc9dfd028033376248",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pabloaul",
-        "repo": "lsfg-vk-flake",
-        "type": "github"
-      }
-    },
    "made-you-look": {
      "inputs": {
        "crane": "crane_2",
@ -518,11 +481,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770315571,
-        "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=",
+        "lastModified": 1742174123,
+        "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb",
+        "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
        "type": "github"
      },
      "original": {
@ -535,22 +498,22 @@
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat_2",
-        "git-hooks": "git-hooks",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
+        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
-        "lastModified": 1766537863,
-        "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
+        "lastModified": 1742413977,
+        "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
+        "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-25.11",
+        "ref": "master",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
@ -571,28 +534,28 @@
        "type": "github"
      }
    },
-    "nixpkgs-mesa-26": {
+    "nixpkgs-24_11": {
      "locked": {
-        "lastModified": 1770837954,
-        "narHash": "sha256-B9rn+KSP/+lgM7j406sDIapS1IedxgACFdiRHzMTzVU=",
+        "lastModified": 1734083684,
+        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "157721757fca10d3f26d11ace9883f1f0b0bccef",
+        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "rev": "157721757fca10d3f26d11ace9883f1f0b0bccef",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1770562336,
-        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
+        "lastModified": 1742422364,
+        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
+        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
        "type": "github"
      },
      "original": {
@ -649,26 +612,26 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1770464364,
-        "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=",
+        "lastModified": 1742388435,
+        "narHash": "sha256-GheQGRNYAhHsvPxWVOhAmg9lZKkis22UPbEHlmZMthg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457",
+        "rev": "b75693fb46bfaf09e662d09ec076c5a162efa9f6",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.11",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1770107345,
-        "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
+        "lastModified": 1735554305,
+        "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
+        "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd",
        "type": "github"
      },
      "original": {
@ -729,11 +692,11 @@
    "ranger-icons": {
      "flake": false,
      "locked": {
-        "lastModified": 1749128401,
-        "narHash": "sha256-qvWqKVS4C5OO6bgETBlVDwcv4eamGlCUltjsBU3gAbA=",
+        "lastModified": 1736375293,
+        "narHash": "sha256-ck53eG+mGIQ706sUnEHbJ6vY1/LYnRcpq94JXzwnGTQ=",
        "owner": "alexanderjeurissen",
        "repo": "ranger_devicons",
-        "rev": "1bcaff0366a9d345313dc5af14002cfdcddabb82",
+        "rev": "f227f212e14996fbb366f945ec3ecaf5dc5f44b0",
        "type": "github"
      },
      "original": {
@ -744,20 +707,18 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "catboy-spinner": "catboy-spinner",
-        "contador-da-viagem": "contador-da-viagem",
        "demoji": "demoji",
        "dhist": "dhist",
        "disko": "disko",
        "dzgui-nix": "dzgui-nix",
        "hello-fonts": "hello-fonts",
        "home-manager": "home-manager",
-        "lsfg-vk-flake": "lsfg-vk-flake",
        "made-you-look": "made-you-look",
        "nix-index-database": "nix-index-database",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs_5",
-        "nixpkgs-mesa-26": "nixpkgs-mesa-26",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "plymouth-themes": "plymouth-themes",
        "ranger-icons": "ranger-icons",
@ -822,11 +783,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770526836,
-        "narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=",
+        "lastModified": 1742406979,
+        "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d",
+        "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
        "type": "github"
      },
      "original": {
@ -925,6 +886,21 @@
        "type": "github"
      }
    },
+    "systems_7": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "tlauncher": {
      "inputs": {
        "flake-utils": "flake-utils_5",
@ -939,11 +915,11 @@
        "rev": "6a68f2cda0aa2fbb399a4c43b445e8c1a2df0634",
        "revCount": 4,
        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
      },
      "original": {
        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
      }
    },
    "tomater": {
@ -967,11 +943,11 @@
        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
-        "lastModified": 1770228511,
-        "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
+        "lastModified": 1742370146,
+        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
+        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
        "type": "github"
      },
      "original": {
@ -982,11 +958,11 @@
    },
    "vpsadminos": {
      "locked": {
-        "lastModified": 1770130846,
-        "narHash": "sha256-B9uMrG9ghVJWNBXOMmKMqfxErh58A2AINXsdqMpgyvc=",
+        "lastModified": 1742222981,
+        "narHash": "sha256-EDhfWimpzUnpH5h/FQ3oYw/Kaq4Cx1E5nRofDQyI3aE=",
        "owner": "vpsfreecz",
        "repo": "vpsadminos",
-        "rev": "5e3a56de3af9244d2ebab808c24e5d590115534b",
+        "rev": "14da38b9a49bf156e06f20ed02533a0549e6d487",
        "type": "github"
      },
      "original": {
@ -1002,11 +978,11 @@
        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
-        "lastModified": 1758999384,
-        "narHash": "sha256-n1RiAhVtPxhjHmKoOBfEleTAMwz9JSvLmZyCQYpwXSQ=",
+        "lastModified": 1719076817,
+        "narHash": "sha256-B6NTomYXL50j6fabZrAGvTPp3zv5oFxNUhwvLhDNoMw=",
        "ref": "refs/heads/main",
-        "rev": "0949b2fe4f54f74bf880c2034f6fc3a7d15b7cef",
-        "revCount": 6,
+        "rev": "406d6646970191c016a375f25a35aa00dfa0d4aa",
+        "revCount": 4,
        "type": "git",
        "url": "https://git.lelgenio.com/lelgenio/warthunder-leak-counter"
      },
@ -1021,11 +997,11 @@
        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
-        "lastModified": 1762293940,
-        "narHash": "sha256-KfieW/NePLvh/5sEpoPW2jkaETSAeEFZsz8580YwbBE=",
+        "lastModified": 1715216838,
+        "narHash": "sha256-q5key9BWJjJQqECrhflso9ZTzULBeScvromo0S4fjqE=",
        "owner": "lelgenio",
        "repo": "wl-crosshair",
-        "rev": "233b6db7b39c80a92ac116c4ef4d88de4b49cbce",
+        "rev": "39b716cf410a1b45006f50f32f8d63de5c43aedb",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,12 +1,10 @@
 {
  description = "My system config";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.11";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";

-    nixpkgs-mesa-26.url = "nixpkgs/157721757fca10d3f26d11ace9883f1f0b0bccef";
-
-    home-manager.url = "github:nix-community/home-manager/release-25.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    vpsadminos.url = "github:vpsfreecz/vpsadminos";
@ -22,25 +20,26 @@
    plymouth-themes.url = "github:adi1090x/plymouth-themes";
    plymouth-themes.flake = false;

+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
+
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    dzgui-nix.url = "github:lelgenio/dzgui-nix";

    tlauncher = {
-      url = "git+https://git.lelgenio.com/lelgenio/tlauncher-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    lsfg-vk-flake = {
-      url = "github:pabloaul/lsfg-vk-flake";
+      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -57,10 +56,6 @@
    wl-crosshair.url = "github:lelgenio/wl-crosshair";
    warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
    made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
-    contador-da-viagem = {
-      url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem";
-      flake = false;
-    };
    catboy-spinner = {
      url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
      flake = false;
@ -100,15 +95,17 @@

      specialArgs = {
        inherit inputs;
-        self = inputs.self;
      };
-      common_modules = [
+      common_modules =
+        [
          { nixpkgs.pkgs = pkgs; }
          ./system/configuration.nix
+          ./system/secrets.nix
          ./system/sops.nix
          ./system/greetd.nix
          { login-manager.greetd.enable = desktop == "sway"; }

+          inputs.agenix.nixosModules.default
          inputs.sops-nix.nixosModules.default
          inputs.home-manager.nixosModules.home-manager
          inputs.disko.nixosModules.disko
@ -121,7 +118,6 @@
                my = config.my;
                imports = [
                  ./user/home.nix
-                inputs.sops-nix.homeManagerModules.sops
                ];
              };
              home-manager.backupFileExtension = "bkp";
@ -150,23 +146,21 @@
          modules = [
            ./hosts/monolith
            ./system/monolith-gitlab-runner.nix
+            ./system/monolith-bitbucket-runner.nix
            ./system/monolith-forgejo-runner.nix
            ./system/nix-serve.nix
-          ]
-          ++ common_modules;
+          ] ++ common_modules;
        };
        double-rainbow = lib.nixosSystem {
          inherit system specialArgs;
          modules = [
-            ./hosts/double-rainbow
-          ]
-          ++ common_modules;
+            ./hosts/double-rainbow.nix
+          ] ++ common_modules;
        };
        pixie = lib.nixosSystem {
          inherit system specialArgs;
-          modules = [
-            ./hosts/pixie.nix
-          ]
+          modules =
+            [ ./hosts/pixie.nix ]
            ++ common_modules
            ++ [
              {
--- a/hosts/double-rainbow/default.nix
+++ b/hosts/double-rainbow/default.nix
@ -17,11 +17,7 @@ let
  ];
 in
 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ./gitlab-runner.nix
-    ./nebula-vpn.nix
-  ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  my.nix-ld.enable = true;

--- a/hosts/double-rainbow/gitlab-runner.nix
+++ b/hosts/double-rainbow/gitlab-runner.nix
@ -1,36 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 4;
-    services = {
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-
-  sops.secrets = {
-    "gitlab-runners/wopus-gitlab-nix" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
-      sopsFile = ../../secrets/double-rainbow/default.yaml;
-    };
-  };
-}
--- a/hosts/double-rainbow/nebula-vpn.nix
+++ b/hosts/double-rainbow/nebula-vpn.nix
@ -1,51 +0,0 @@
-{ pkgs, config, ... }:
-let
-  s = config.sops.secrets;
-
-  secretConfig = {
-    owner = "nebula-wopus";
-    group = "nebula-wopus";
-    restartUnits = [ "nebula@wopus.service" ];
-    sopsFile = ../../secrets/double-rainbow/default.yaml;
-  };
-in
-{
-  environment.systemPackages = with pkgs; [ nebula ];
-
-  services.nebula.networks.wopus = {
-    enable = true;
-    isLighthouse = false;
-    lighthouses = [ "192.168.88.1" ];
-    settings = {
-      cipher = "aes";
-    };
-    cert = s."nebula-wopus-vpn/double-rainbow-crt".path;
-    key = s."nebula-wopus-vpn/double-rainbow-key".path;
-    ca = s."nebula-wopus-vpn/ca-crt".path;
-    staticHostMap = {
-      "192.168.88.1" = [
-        "neubla-vpn.wopus.dev:4242"
-      ];
-    };
-    firewall.outbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-    firewall.inbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-  };
-
-  sops.secrets = {
-    "nebula-wopus-vpn/ca-crt" = secretConfig;
-    "nebula-wopus-vpn/double-rainbow-crt" = secretConfig;
-    "nebula-wopus-vpn/double-rainbow-key" = secretConfig;
-  };
-}
--- a/hosts/monolith/amdgpu.nix
+++ b/hosts/monolith/amdgpu.nix
@ -1,23 +1,39 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
+let
+  undervoltGpu = pkgs.writeShellScript "undervolt-gpu" ''
+    set -xe
+    cd $1
+    echo "manual" > power_dpm_force_performance_level
+    echo "1" > pp_power_profile_mode
+    test -e pp_od_clk_voltage
+    echo "vo -120" > pp_od_clk_voltage
+    echo "c" > pp_od_clk_voltage
+  '';
+in
 {
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "video=DP-1:1920x1080@144"
  ];

-  # hardware.amdgpu = {
-  #   overdrive = {
-  #     enable = true;
-  #     ppfeaturemask = "0xffffffff";
-  #   };
-  # };
-
-  hardware.graphics.package = pkgs.pkgs-mesa-26.mesa;
+  systemd.services.amd-fan-control = {
+    script = ''
+      ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 90 0 80
+    '';
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = 10;
+    };
+    wantedBy = [ "multi-user.target" ];
+  };

  hardware.graphics.enable32Bit = true;

  hardware.graphics.extraPackages = with pkgs; [
-    # libva needs to match `hardware.graphics.package`
-    pkgs-mesa-26.libva
+    libva
  ];
+
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="hwmon", ATTR{name}=="amdgpu", ATTR{power1_cap}="186000000", RUN+="${undervoltGpu} %S%p/device"
+  '';
 }
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -25,8 +25,6 @@ in
    ./partition.nix
    ./amdgpu.nix
    ./factorio-server.nix
-    ./nebula-vpn.nix
-    ./minio.nix
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
@ -43,8 +41,6 @@ in
    package = pkgs.unstable.opentabletdriver;
  };

-  sops.defaultSopsFile = lib.mkForce ../../secrets/monolith/default.yaml;
-
  my.gaming.enable = true;
  my.nix-ld.enable = true;

@ -98,8 +94,7 @@ in
    options = [
      "subvol=@games"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Downloads/Torrents" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -107,8 +102,7 @@ in
    options = [
      "subvol=@torrents"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Música" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -116,8 +110,7 @@ in
    options = [
      "subvol=@music"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/data" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -125,8 +118,7 @@ in
    options = [
      "subvol=@data"
      "nofail"
-    ]
-    ++ btrfs_options;
+    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
@ -150,9 +142,9 @@ in
    # Fix broken suspend with Logitech USB dongle
    # `lsusb | grep Logitech` will return "vendor:product"
    ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled"
-    # Force all disks to use kyber scheduler
+    # Force all disks to use mq-deadline scheduler
    # For some reason "noop" is used by default which is kinda bad when io is saturated
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="kyber"
+    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
  '';

  boot.tmp = {
--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@ -7,12 +7,12 @@
 {
  services.factorio = {
    enable = true;
-    package = pkgs.my-factorio-headless;
+    package = pkgs.factorio-headless; # I override this in ./pkgs
    public = true;
    lan = true;
    openFirewall = true;
    admins = [ "lelgenio" ];
-    extraSettingsFile = config.sops.secrets."factorio/server-config.json".path;
+    extraSettingsFile = config.age.secrets.factorio-settings.path;
  };

  systemd.services.factorio = {
@ -43,7 +43,8 @@
    wantedBy = [ "timers.target" ];
  };

-  sops.secrets."factorio/server-config.json" = {
+  age.secrets.factorio-settings = {
+    file = ../../secrets/factorio-settings.age;
    mode = "777";
  };
 }
--- a/hosts/monolith/minio.nix
+++ b/hosts/monolith/minio.nix
@ -1,43 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-let
-  s = config.sops.secrets;
-
-  dataDir = "/var/lib/minio";
-
-  s3Port = 14749;
-  consolePort = 10601;
-
-  secretConfig = {
-    owner = "minio";
-    group = "minio";
-    restartUnits = [ "minio.service" ];
-    sopsFile = ../../secrets/monolith/default.yaml;
-  };
-in
-{
-  services.minio = {
-    enable = true;
-
-    dataDir = [ dataDir ];
-
-    listenAddress = "0.0.0.0:${toString s3Port}";
-    consoleAddress = "127.0.0.1:${toString consolePort}";
-
-    rootCredentialsFile = config.sops.secrets."minio/root-credentials".path;
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 minio minio -"
-  ];
-
-  networking.firewall.allowedTCPPorts = [ s3Port ];
-
-  sops.secrets = {
-    "minio/root-credentials" = secretConfig;
-  };
-}
--- a/hosts/monolith/nebula-vpn.nix
+++ b/hosts/monolith/nebula-vpn.nix
@ -1,61 +0,0 @@
-{ pkgs, config, ... }:
-let
-  s = config.sops.secrets;
-
-  secretConfig = {
-    owner = "nebula-wopus";
-    group = "nebula-wopus";
-    restartUnits = [ "nebula@wopus.service" ];
-    sopsFile = ../../secrets/monolith/default.yaml;
-  };
-in
-{
-  environment.systemPackages = with pkgs; [ nebula ];
-
-  services.nebula.networks.wopus = {
-    enable = true;
-    isLighthouse = false;
-    lighthouses = [
-      "192.168.88.1"
-      "192.168.88.2"
-      "192.168.88.3"
-    ];
-    settings = {
-      cipher = "aes";
-    };
-    cert = s."nebula-wopus-vpn/monolith-crt".path;
-    key = s."nebula-wopus-vpn/monolith-key".path;
-    ca = s."nebula-wopus-vpn/ca-crt".path;
-    staticHostMap = {
-      "192.168.88.1" = [
-        "neubla-vpn.wopus.dev:4242"
-      ];
-      "192.168.88.2" = [
-        "82.25.77.78:4242"
-      ];
-      "192.168.88.3" = [
-        "72.60.60.221:4242"
-      ];
-    };
-    firewall.outbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-    firewall.inbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-  };
-
-  sops.secrets = {
-    "nebula-wopus-vpn/ca-crt" = secretConfig;
-    "nebula-wopus-vpn/monolith-crt" = secretConfig;
-    "nebula-wopus-vpn/monolith-key" = secretConfig;
-  };
-}
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@ -8,6 +8,7 @@
 {
  imports = [
    inputs.vpsadminos.nixosConfigurations.container
+    inputs.agenix.nixosModules.default
    inputs.sops-nix.nixosModules.default

    ../../system/sops.nix
@ -52,7 +53,7 @@
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  # Select internationalisation properties.
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";

  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;

--- a/hosts/phantom/email.nix
+++ b/hosts/phantom/email.nix
@ -36,16 +36,12 @@
        hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
      };
    };
-
-    enableManageSieve = true;
-
-    stateVersion = 3;
  };

  # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
-  services.postfix.settings.main = {
-    smtp_address_preference = "ipv4";
-  };
+  services.postfix.extraConfig = ''
+    smtp_address_preference = ipv4
+  '';

  # Webmail
  services.roundcube = {
@ -56,7 +52,7 @@
      $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
-      $config['plugins'] = [ "carddav", "archive", "managesieve" ];
+      $config['plugins'] = [ "carddav", "archive" ];
    '';
  };
 }
--- a/hosts/phantom/forgejo.nix
+++ b/hosts/phantom/forgejo.nix
@ -42,10 +42,11 @@ in
        USER = "noreply@git.lelgenio.com";
      };
    };
-    secrets.mailer.PASSWD = config.sops.secrets."forgejo/smtp_password".path;
+    mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
  };

-  sops.secrets."forgejo/smtp_password" = {
+  age.secrets.phantom-forgejo-mailer-password = {
+    file = ../../secrets/phantom-forgejo-mailer-password.age;
    mode = "400";
    owner = "forgejo";
  };
--- a/hosts/phantom/goofs.nix
+++ b/hosts/phantom/goofs.nix
@ -43,9 +43,4 @@
    forceSSL = true;
    root = inputs.hello-fonts;
  };
-  services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = {
-    enableACME = true;
-    forceSSL = true;
-    root = inputs.contador-da-viagem;
-  };
 }
--- a/hosts/phantom/invidious.nix
+++ b/hosts/phantom/invidious.nix
@ -23,7 +23,7 @@
    #     "visitor_data": "...",
    #     "po_token": "..."
    # }
-    extraSettingsFile = config.sops.secrets."invidious/settings.json".path;
+    extraSettingsFile = config.age.secrets.phantom-invidious-settings.path;
    settings = {
      force_resolve = "ipv6";
      db = {
@ -33,7 +33,8 @@
    };
  };

-  sops.secrets."invidious/settings.json" = {
+  age.secrets.phantom-invidious-settings = {
+    file = ../../secrets/phantom-invidious-settings.age;
    mode = "666";
  };
 }
--- a/hosts/phantom/mastodon.nix
+++ b/hosts/phantom/mastodon.nix
@ -14,14 +14,15 @@
      host = "lelgenio.com";
      fromAddress = "noreply@social.lelgenio.com";
      user = "noreply@social.lelgenio.com";
-      passwordFile = config.sops.secrets."mastodon/smtp-password".path;
+      passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
    };
    streamingProcesses = 2;
    extraConfig.SINGLE_USER_MODE = "true";
    mediaAutoRemove.olderThanDays = 5;
  };

-  sops.secrets."mastodon/smtp-password" = {
+  age.secrets.phantom-mastodon-mailer-password = {
+    file = ../../secrets/phantom-mastodon-mailer-password.age;
    mode = "400";
    owner = "mastodon";
  };
--- a/hosts/phantom/nextcloud.nix
+++ b/hosts/phantom/nextcloud.nix
@ -1,17 +1,17 @@
 {
  config,
  pkgs,
+  inputs,
  ...
 }:
 {
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud30;
    hostName = "cloud.lelgenio.com";
    https = true;
    config = {
-      dbtype = "sqlite"; # TODO: move to single postgres db
-      adminpassFile = config.sops.secrets."nextcloud/default-password".path;
+      adminpassFile = config.age.secrets.phantom-nextcloud.path;
    };
  };

@ -20,9 +20,12 @@
    enableACME = true;
  };

-  sops.secrets."nextcloud/default-password" = {
+  age = {
+    secrets.phantom-nextcloud = {
+      file = ../../secrets/phantom-nextcloud.age;
      mode = "400";
      owner = "nextcloud";
      group = "nextcloud";
    };
+  };
 }
--- a/hosts/phantom/writefreely.nix
+++ b/hosts/phantom/writefreely.nix
@ -12,16 +12,19 @@
    nginx.forceSSL = true;
    host = "blog.lelgenio.com";
    admin.name = "lelgenio";
-    admin.initialPasswordFile = config.sops.secrets."writefreely/password".path;
+    admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
    settings.app = {
      site_name = "Leo's blog";
      single_user = true;
    };
  };

-  sops.secrets."writefreely/password" = {
+  age = {
+    secrets.phantom-writefreely = {
+      file = ../../secrets/phantom-writefreely.age;
      mode = "400";
      owner = "writefreely";
      group = "writefreely";
    };
+  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -14,7 +14,6 @@ rec {

  unstable = final: prev: {
    unstable = import inputs.nixpkgs-unstable { inherit (final) system config; };
-    pkgs-mesa-26 = import inputs.nixpkgs-mesa-26 { inherit (final) system config; };
  };

  themes = (
@ -29,6 +28,14 @@ rec {
          ];
        }
      );
+      nerdfonts_fira_hack = (
+        final.nerdfonts.override {
+          fonts = [
+            "FiraCode"
+            "Hack"
+          ];
+        }
+      );
    }
  );

@ -36,8 +43,6 @@ rec {
    final: prev:
    packages
    // {
-      lsfg-vk = inputs.lsfg-vk-flake.packages.${prev.system}.lsfg-vk;
-      lsfg-vk-ui = inputs.lsfg-vk-flake.packages.${prev.system}.lsfg-vk-ui;
      dhist = inputs.dhist.packages.${prev.system}.dhist;
      demoji = inputs.demoji.packages.${prev.system}.default;
      tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
--- a/pkgs/caffeinated/default.nix
+++ b/pkgs/caffeinated/default.nix
@ -1,53 +0,0 @@
-{
-  stdenv,
-  lib,
-  fetchFromGitHub,
-
-  pkgconf,
-  pkg-config,
-  wayland-scanner,
-
-  systemd,
-  libbsd,
-  wayland,
-  wayland-protocols,
-  libcap,
-}:
-
-stdenv.mkDerivation {
-  pname = "caffeinated";
-  version = "2022-12-08";
-
-  src = fetchFromGitHub {
-    owner = "electrickite";
-    repo = "caffeinated";
-    rev = "5a8eff054bdce225a19cf3ab785dc1bbc9bd3265";
-    hash = "sha256-X1w/YWljcwb5ZH8Nt92CDhPU/yqBLH3lBS7yVJUeyzY=";
-  };
-
-  nativeBuildInputs = [
-    pkgconf
-    pkg-config
-    wayland-scanner
-  ];
-
-  buildInputs = [
-    systemd
-    libbsd
-    wayland
-    wayland-protocols
-    libcap
-  ];
-
-  makeFlags = [ "WAYLAND=1" ];
-
-  installFlags = [ "PREFIX=$(out)" ];
-
-  meta = {
-    description = "Utility to prevent the system from entering an idle state";
-    homepage = "https://github.com/electrickite/caffeinated";
-    license = lib.licenses.mit;
-    platforms = lib.platforms.linux;
-    maintainers = with lib.maintainers; [ lelgenio ];
-  };
-}
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -3,13 +3,12 @@

 { pkgs, inputs }:
 rec {
-  caffeinated = pkgs.callPackage ./caffeinated { };
  cargo-checkmate = pkgs.callPackage ./cargo-checkmate.nix { };
  lipsum = pkgs.callPackage ./lipsum.nix { };
  emmet-cli = pkgs.callPackage ./emmet-cli.nix { };
  material-wifi-icons = pkgs.callPackage ./material-wifi-icons.nix { };
  gnome-pass-search-provider = pkgs.callPackage ./gnome-pass-search-provider.nix { };
-  my-factorio-headless = pkgs.callPackage ./factorio-headless {
+  factorio-headless = pkgs.callPackage ./factorio-headless {
    inherit (pkgs.unstable) factorio-headless;
  };
 }
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@ -1,10 +1,10 @@
 { factorio-headless, pkgs }:

 factorio-headless.overrideAttrs (_: rec {
-  version = "2.0.72";
+  version = "2.0.39";
  src = pkgs.fetchurl {
    name = "factorio_headless_x64-${version}.tar.xz";
    url = "https://www.factorio.com/get-download/${version}/headless/linux64";
-    hash = "sha256-zzBXNA28nYK9UWGUmuPnuPrZEux8oHuKMVHgQkpVaM0=";
+    hash = "sha256-D4o9DkN5e1/02LhdfDNLCVo/B9mqf4Cx6H+Uk5qT3zQ=";
  };
 })
--- a/pkgs/gnome-pass-search-provider.nix
+++ b/pkgs/gnome-pass-search-provider.nix
@ -2,7 +2,7 @@
  stdenv,
  fetchFromGitHub,
  python3Packages,
-  wrapGAppsHook3,
+  wrapGAppsHook,
  gtk3,
  gobject-introspection,
 }:
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {

  nativeBuildInputs = [
    python3Packages.wrapPython
-    wrapGAppsHook3
+    wrapGAppsHook
  ];

  propagatedBuildInputs = [
--- a/pkgs/lipsum.nix
+++ b/pkgs/lipsum.nix
@ -3,7 +3,7 @@
  fetchFromGitHub,
  pkg-config,
  vala,
-  wrapGAppsHook3,
+  wrapGAppsHook,
 }:
 stdenv.mkDerivation rec {
  pname = "lipsum";
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [
    pkg-config
    vala
-    wrapGAppsHook3
+    wrapGAppsHook
  ];

  makeFlags = [ "PRG=${pname}" ];
--- a/scripts/_sway_idle_toggle
+++ b/scripts/_sway_idle_toggle
@ -0,0 +1,11 @@
+#!/bin/sh
+
+swayidlectl() {
+  systemctl --user $1 swayidle.service
+}
+
+if swayidlectl status > /dev/null; then
+    swayidlectl stop
+else
+    swayidlectl start
+fi
--- a/scripts/amd-fan-control
+++ b/scripts/amd-fan-control
@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+set -e
+
+DEVICE="$1" # eg: /sys/class/drm/card1/device
+HWMON=$(echo "$DEVICE"/hwmon/hwmon*)
+
+exit() {
+    echo "Setting controll to auto" >&2
+    echo 2 > "$HWMON/pwm1_enable"
+}
+
+trap exit EXIT INT
+
+bail() {
+    echo "Error: $@" >&2
+    echo "Exiting..." >&2
+    exit 1
+}
+
+if ! [ -d "$HWMON" ]; then
+    bail "Invalid HWMON"
+fi
+
+TEMP_INPUT="$HWMON/temp2_input"
+
+if ! [ -f $TEMP_INPUT ]; then
+    bail "Invalid TEMP_INPUT"
+fi
+
+TEMP_MIN="$2"
+TEMP_MAX="$3"
+
+if [ -z "$TEMP_MIN" ];then
+  bail "No minimum temperature provided"
+fi
+
+if [ -z "$TEMP_MAX" ];then
+  bail "No maximum temperature provided"
+fi
+
+PWM_MIN_PCT="$4"
+PWM_MAX_PCT="$5"
+
+if [ -z "$PWM_MIN_PCT" ];then
+  bail "No minimum fan speed % not provided"
+fi
+
+if [ -z "$PWM_MAX_PCT" ];then
+  bail "No maximum fan speed % not provided"
+fi
+
+PWM_MIN="$(( $PWM_MIN_PCT * 255 / 100))"
+PWM_MAX="$(( $PWM_MAX_PCT * 255 / 100))"
+
+echo "Running..." >&2
+
+echo "TEMP_MIN=$TEMP_MIN°C"
+echo "TEMP_MAX=$TEMP_MAX°C"
+echo "FAN_MIN=$PWM_MIN_PCT%"
+echo "FAN_MAX=$PWM_MAX_PCT%"
+
+echo 1 > "$HWMON/pwm1_enable"
+
+PREV=0
+
+while true; do
+    TEMPERATURE_RAW=$(cat "$TEMP_INPUT")
+    TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))"
+    # Remap from a number between 60_000..90_000 to 0..255
+    PWM=$(( ($TEMPERATURE - $TEMP_MIN) * $PWM_MAX / ($TEMP_MAX - $TEMP_MIN) ))
+
+    if [ "$PWM" -gt $PWM_MAX ]; then
+        PWM=$PWM_MAX
+    elif [ "$PWM" -lt $PWM_MIN ]; then
+        PWM=$PWM_MIN
+    fi
+
+    AVG="$(( ($PWM * 20 + $PREV * 80) / 100 ))"
+
+    echo "$AVG"
+
+    echo "$AVG" > "$HWMON/pwm1"
+    PREV="$AVG"
+    sleep .1s
+done
--- a/scripts/bcrypt
+++ b/scripts/bcrypt
@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-if [ "$#" = 0 ]; then
-    echo "Usage: $0 [passwords...] | $0 - < passwords.txt" >&2
-    exit 1
-fi
-
-if [ "$1" = '-' ]; then
-    xargs -x -n1 -d'\n' htpasswd -bnBC 10 "" | tr -d ':' | sed '/^$/d'
-else
-    for pass in "$@"; do
-        htpasswd -bnBC 10 "" "$pass" | tr -d ':' | sed '/^$/d'
-    done
-fi
-
--- a/scripts/bmenu
+++ b/scripts/bmenu
@ -8,10 +8,13 @@
 if test "$argv[1]" = "run"
    test -n "$argv[2]" && set t "$argv[2]" || set t "terminal"

+    test -n "$i3SOCK" && set wrapper 'i3-msg exec --'
+    test -n "$SWAYSOCK" && set wrapper 'swaymsg exec --'
+
    exec j4-dmenu-desktop \
        --dmenu="bmenu start -p Iniciar:" \
        --term "$t" \
-        --i3-ipc \
+        --wrapper="$wrapper" \
        --no-generic
 end

--- a/scripts/controller-battery
+++ b/scripts/controller-battery
@ -10,20 +10,29 @@ if test -z "$CONTROLLER"; then
 fi

 CAPACITY=$(cat "$CONTROLLER/capacity")
-STATUS=$(cat "$CONTROLLER/status")

 echo -n '󰊴'

-if test "$STATUS" = "Charging"; then
-    echo -n "󰂄"
+if test "$CAPACITY" -ge 90; then
+    echo '󰁹'
+elif test "$CAPACITY" -ge 90; then
+    echo '󰂂'
+elif test "$CAPACITY" -ge 80; then
+    echo '󰂁'
+elif test "$CAPACITY" -ge 70; then
+    echo '󰂀'
+elif test "$CAPACITY" -ge 60; then
+    echo '󰁿'
+elif test "$CAPACITY" -ge 50; then
+    echo '󰁾'
+elif test "$CAPACITY" -ge 40; then
+    echo '󰁽'
+elif test "$CAPACITY" -ge 30; then
+    echo '󰁼'
+elif test "$CAPACITY" -ge 20; then
+    echo '󰁻'
+elif test "$CAPACITY" -ge 10; then
+    echo '󰁺'
 else
-    print-battery-icon "$CAPACITY"
+    echo '󰂎'
 fi
-
-# Add terminating newline
-echo
-
-# Tooltip
-echo -n '󰊴'
-print-battery-icon "$CAPACITY"
-echo " $CAPACITY%"
--- a/scripts/default.nix
+++ b/scripts/default.nix
@ -23,6 +23,7 @@
  in
  with final;
  createScripts {
+    amd-fan-control = [ bash ];
    br = [ ];
    bmenu = [
      bemenu
@ -34,7 +35,7 @@
    ];
    down_meme = [
      wl-clipboard
-      unstable.yt-dlp
+      yt-dlp
      libnotify
    ];
    wl-copy-file = [
@ -43,6 +44,7 @@
    ];
    _diffr = [ diffr ];
    _thunar-terminal = [ terminal ];
+    _sway_idle_toggle = [ swayidle ];
    kak-pager = [
      fish
      _diffr
@ -53,9 +55,8 @@
      _diffr
    ];
    helix-man-pager = [ helix-pager ];
-    bcrypt = [ apacheHttpd ];
    musmenu = [
-      mpc
+      mpc-cli
      wdmenu
      trash-cli
      xdg-user-dirs
@ -73,7 +74,6 @@
    ];
    wpass = [
      wdmenu
-      ripgrep
      fd
      myPass
      sd
@ -113,11 +113,11 @@
      mpv
      pqiv
      python3Packages.deemix
-      mpc
+      mpc-cli
      mpdDup
    ];
    mpdDup = [
-      mpc
+      mpc-cli
      perl
    ];
    readQrCode = [
@ -137,17 +137,7 @@
      libinput
      libratbag
    ];
-    sway-sync-xkbmap = [
-      xorg.setxkbmap
-      jq
-    ];
-    print-battery-icon = [ ];
-    controller-battery = [ print-battery-icon ];
-    mouse-battery = [ print-battery-icon ];
-    nix-prefetch-firefox-extension = [
-      nix
-    ];
-
+    controller-battery = [ ];
    _docker-block-external-connections = [
      iptables
      gawk
--- a/scripts/down_meme
+++ b/scripts/down_meme
@ -1,19 +1,10 @@
 #!/bin/sh

-set -euo pipefail
-
-cleanup() {
-    if test "$?" != 0; then
-        notify-send "Failed to download"
-    fi
-}
-trap cleanup EXIT INT
-
 DIR=$(mktemp -d)

 cd "$DIR"

-yt-dlp --cookies-from-browser firefox --merge-output-format mp4 "$(wl-paste)"
+yt-dlp --merge-output-format mp4 "$(wl-paste)"

 FILENAME="$(ls | head -n1)"

--- a/scripts/mouse-battery
+++ b/scripts/mouse-battery
@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -e
-
-MODEL_NAME_FILE=$(rg --files-with-matches G502 /sys/class/power_supply/*/model_name | head -n1)
-
-if test -z "$MODEL_NAME_FILE"; then
-    echo
-    exit 0
-fi
-
-MOUSE=$(dirname "$MODEL_NAME_FILE")
-
-if test -z "$MOUSE"; then
-    echo
-    exit 0
-fi
-
-CAPACITY=$(cat "$MOUSE/capacity")
-STATUS=$(cat "$MOUSE/status")
-
-echo -n '🖱️'
-
-if test "$STATUS" = "Charging"; then
-    echo -n "󰂄"
-else
-    print-battery-icon "$CAPACITY"
-fi
-
-if test "$CAPACITY" -lt 50; then
-    echo -n "$CAPACITY%"
-fi
-
-echo
-
-# Tooltip
-echo -n '🖱️'
-print-battery-icon "$CAPACITY"
-echo " $CAPACITY%"
--- a/scripts/nix-prefetch-firefox-extension
+++ b/scripts/nix-prefetch-firefox-extension
@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-hash="$(nix-prefetch-url --type sha256 "$@")"
-
-nix-hash --to-sri --type sha256 "$hash" 2>/dev/null
--- a/scripts/print-battery-icon
+++ b/scripts/print-battery-icon
@ -1,33 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if test $# -ne 1; then
-    echo "Usage $0" >&2
-    exit 1
-fi
-CAPACITY="$1"
-
-if test "$CAPACITY" -ge 90; then
-    echo -n '󰁹'
-elif test "$CAPACITY" -ge 90; then
-    echo -n '󰂂'
-elif test "$CAPACITY" -ge 80; then
-    echo -n '󰂁'
-elif test "$CAPACITY" -ge 70; then
-    echo -n '󰂀'
-elif test "$CAPACITY" -ge 60; then
-    echo -n '󰁿'
-elif test "$CAPACITY" -ge 50; then
-    echo -n '󰁾'
-elif test "$CAPACITY" -ge 40; then
-    echo -n '󰁽'
-elif test "$CAPACITY" -ge 30; then
-    echo -n '󰁼'
-elif test "$CAPACITY" -ge 20; then
-    echo -n '󰁻'
-elif test "$CAPACITY" -ge 10; then
-    echo -n '󰁺'
-else
-    echo -n '󰂎'
-fi
--- a/scripts/screenshotsh
+++ b/scripts/screenshotsh
@ -46,13 +46,4 @@ case $1 in
            $screenshot -o "$cur_output" - | $copy ||
            $screenshot - | $copy
        ;;
-    edit)
-        # Focused monitor to clipboard
-        cur_output=$(swaymsg -t get_outputs |
-            jq -r '.[] | select(.focused) | .name')
-
-        test -n "$cur_output" &&
-            $screenshot -o "$cur_output" - | satty --filename - --output-filename "$DESTFILE" ||
-            $screenshot - | satty --filename - --output-filename "$DESTFILE"
-        ;;
 esac
--- a/scripts/sway-sync-xkbmap
+++ b/scripts/sway-sync-xkbmap
@ -1,22 +0,0 @@
-#!/bin/sh
-
-set -euo pipefail
-
-LAST_LAYOUT=""
-
-while sleep 1s; do
-    CURRENT_LAYOUT=$(swaymsg -t get_inputs | jq -r '.[]|.xkb_active_layout_name|select(.)' | head -n1)
-
-    if test "$LAST_LAYOUT" = "$CURRENT_LAYOUT"; then
-        true
-    elif test "$CURRENT_LAYOUT" = "English (Colemak)"; then
-        echo "Setting layout to colemak"
-        setxkbmap us colemak
-    elif test "$CURRENT_LAYOUT" = "Portuguese (Brazil)"; then
-        echo "Setting layout to br"
-        setxkbmap br
-    fi
-
-    LAST_LAYOUT="$CURRENT_LAYOUT"
-done
-
--- a/scripts/wpass
+++ b/scripts/wpass
@ -29,8 +29,8 @@ main() {

    test -n "$entry" || exit 0

-    username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'` || true
-    password=`pass show "$entry" 2>/dev/null | head -n 1` || true
+    username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'`
+    password=`pass show "$entry" 2>/dev/null | head -n 1`
    otp=`pass otp "$entry" 2>/dev/null` || true

    action="$(print_actions_for_entry | wdmenu -p Action)"
@ -50,10 +50,8 @@ main() {
 }

 autotype(){
-    if test -n "$username"; then
    env wtype -s 100 "$username"
    env wtype -s 100 -k tab
-    fi
    env wtype -s 100 "$password"
 }

--- a/secrets/double-rainbow/default.yaml
+++ b/secrets/double-rainbow/default.yaml
@ -1,57 +0,0 @@
-gitlab-runners:
-    wopus-gitlab-nix: ENC[AES256_GCM,data:n/bm5W5Q/h7MxMZX7yz4qeUBpfZDrI7A7/PlnLncMto5V5itVTXRvfd3+D/d2r9PVuJSogfMgMAh0cwuvPspjlm9ToPxrmgGdYbnAkhnFeTHdCfcF1x2DG2JkHe54wUhcQa9QEJkWZ5jJM//2jU=,iv:63lrYCCBMSr5toulba7Rni+iun0Bl2vMFbIsTVvOWQs=,tag:Z1GHj91q09sOWCaLPIKJ4Q==,type:str]
-    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:+5I7INvMNfegjjC0xPNOSj+vFakXe6V4N/S5wvL64DOxfPXhSQAjVtdMslp/LlJXH4XWbkQ8ErLbySB3WMDMRDnDRY+6+UKXsP6MFpvEtho0lN+8ZeAGC25ehadYDSFTX43wz6cLRuoAqRQdhPKM96wcYif7nF40cStgaAQhkNemK7AenSA9LQ4J72dWovFuwfTZml8qH6W/O+YEqfOgZsyJ/LobcM1fiuN1S4NnCOJSWB2Ahsu0tiMOSRxKWeUS9+ewh+x1xnZL3y4vax5GgtS2KojtXq0U4qgNi4Gwnmef7HmH1tVgeMO2ykCsuCCZ9iJR0IOqTHU2l+U6hTzf5vehpgK5/tsthkXRsLUmVRnjUaQwaEq9JYltGpEdk6U0UnD+Mf0f5BsDw23lHgannLeduhrSFrPFj+BVodnPxjyYJTPXwXfbWrKIQ8s5kWfIq9x0VePsteIgEH4xLL0yFtyZzrYeCq9WF3j5xTvJsOlG0ehQzX22orrM4RzrFVmeLYOIc/V4bQeyIf1lWemr,iv:UNaUnlVayrzF7qpgIVi9gxPFGCzIP24jNUpO295JPog=,tag:a5OlD+AJH3u6y+Lo3lOQWw==,type:str]
-    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:aknblYwAAGaso/Vhr9f1RX64tA3uOh3qxc1dBI7DQmk4TUlQn/AYrKF7wanIhhydrasRulDEam3CBiiyeW/ejcXG07wKIUyZ94TOYfcyRd1yo+PGkmb1yycU6PdjaP5/zwUPAnjMhR2quW+8iwADaUMYKXIJkdQaqUW9a845vBKIxgNgBskWMGMzldb+aUnr2eCb,iv:MQdEUrNugzv+QL6f/MNUqh9M+nFVsWI4VHlMrgQOTEg=,tag:olNTQyCSOhv3sgSjuIXKBA==,type:str]
-nebula-wopus-vpn:
-    ca-crt: ENC[AES256_GCM,data:zNESDEqeRPBsaY53cDKx6DMYdHIdEjxAsX7rLMrGkd0+aw2zOEJDJ5jb/zIeatf7xBj5DkJa+CDWmWsu5v9p0QUu0LEEvdin3utuGa5GQEYR+1LCCrlB52klTvKEK6ck5cYewVR5bmq0NTvw4aVxZJoMKMXICYhNEs20ZMCIrbX8UOddXKt6OxeOzVZ/9uFg1gY9qkHe3Wn5mmNLwvXoHvzwtr+Oc9xT+SRMPYkGUkbyxQ5zRjJUKS79aPQ8R6ZgZVJqUmr9wS58D2To1Sfk4Ykrd4Q2lIlbTXdswp1im3LSTy0YosHu5P6mmBq9u3M=,iv:hnCrHDkQiUsoaFTImtWlvM+tuSplU5p4s6kkm/ysLZ0=,tag:5vH6oEWwUOA/QsiW0XvBag==,type:str]
-    double-rainbow-crt: ENC[AES256_GCM,data:gdR79bE2RdE8cc9HdIxoiTCbyzsaTrSRg8uouVLmq6IRnb8B7tltIitli0SRXzMWqfg1IUIQbXHbIvPgeQ+puCHqr1ghYK1GzrDLz6GIGTn8g+9MnDbRTghdlWKKrKVxJnrSecJvV0qEkDr2/WEAsXalstxcDEPNq2Rb+c7bv/P2oFNjKN1eeWsE5TgpFj61RLEWx/wPzQKyNx2ZFu1l4r63II6npvlZ8rwdrJAeZIT8oaU53zQzMMs0tHGYTJeaZcPgdBKfVSCmzGxrE2kuwR0bxSSB2knqdBmtl1aVxs3bF2Fkm1+wovCadCze+Ta6Vgtk4v8d3Ta+wE5qzek8shb2m7lXTixki356wOG0r3B+180Kzk5B7q4tIycrk9ggKPKAA+2XNHVFM9L8PojflK3BY+U=,iv:wNoELN2y8QrFGPJYQdrAVsaLrhMzD8ep313o/jpT9fM=,tag:8sRBtkfd1TVMK7R64sMXqw==,type:str]
-    double-rainbow-key: ENC[AES256_GCM,data:I0LGhV9biErwZw4PzOX6mbqyh+8n2XbpikwOqLe70g9+pfO72e8qdXvzYko8zLGIL0x8ZUYn6XCP63ZYzP866cLHCgglZ0+PQeBbqzp3lgfYDd7zBHDJE0NQobPtV6n1enbpzRtBe+ROeYQxCV5sZmEoxbzUyR0aSJ3JaGgZNw==,iv:Y5Iy32zHnQgqIH3d9U81FlsW+Mg8u06fk+AMnTcGejk=,tag:1ojEKwVALA9grJRzyNc+9g==,type:str]
-sops:
-    age:
-        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eTBFdVM5OFlQTi9JMmFw
-            QWpIU2dSdDMzQTVJOWJCUU03QXR1QVZoeXc4CkljdHNKQ0tUczMrNys5eXNGMnVa
-            K003QjdRaWY4RmNtaEw4cEsxSEJwZlEKLS0tIFZpbGUyaHh0RndkVlpQVlVucHJa
-            TndIUUhsY2xSR3E1WlJXV3ZFN0lIMncKjjf1yt4XhfguzYoCNmHYSmetMDnoz4cr
-            frbZdy4hl9w9EZO5JUeC/n7QMYTZLC2/Zk2PXRUvwyQglrGoUVK2Bg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHd4L0NEZW55OWd3SWlv
-            U3dEcDNKZUJid2VsZ1lQdy9NRnIyVDRPRm1VCnZDcCs0S1BLNjJLZTFpSHVpNVRj
-            OFpMK0ZjWTJkcWJoUFk2YnBCK3JKcFUKLS0tIEtqRkF4Q0FobXhPVTF6eWN2d0Nx
-            eVAwSi9LaVNEcHIvQnhhZmZLbHRPOUUK6A91L8YCpi/sM9FiXcJ1sLmW3U4KadYL
-            uw07mobP1Rf0RUdAuSK+42ErFgmS+OTDze/mT/PXg6Dfk+vhTjbfGA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaUpLU1ZxQWNCNFNGeEpl
-            dEpVbzBFbk1XaVoxMXIzMWFmTkZWS05GOFFvCmJGamVGK2pCeTJROVloMGdYK3Mx
-            cGF1elFSbjJ3UmUyc1FsUkh6b2JNWTgKLS0tIFRzbHZIL25tK1dnWm90QVFueWZM
-            WUZrTkg0cklJSUg5MndsN0ZPcVk4U0kKPsj787kDFDMxsBt5qk4Bp121AMTE++99
-            m2X4lL6ona9fUe8e8wGhdgxZmqvJL2RCaVWJJy5SAbJ/skP3y7i2mw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-12T16:38:27Z"
-    mac: ENC[AES256_GCM,data:XMsrBwV2G1jRA2c/T3y4015p6bJdggfrbI62bHZ1PQtbOImQUpxChVI9JhZqOIzWpyYB32HavRHwCe5nfam+L2tWNlVMRSogKBpDuanxyf3o2EHHStQqZYUuJrYtOL5cdeYMIXKRWS6LmHdHkcI2ixHsL+NXIG5o3XIYMaEBufo=,iv:G20hevYygnonf5l4qGZqs+b9f1FC+cfnYIKZcs+mUP4=,tag:p5rITlVoOwqdrG8Kcmjieg==,type:str]
-    pgp:
-        - created_at: "2025-09-09T20:27:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQEMAzy6JxafzLr5AQf/a5v/AIIsdE9WawM710HCLQwEJXskDXfN7UP055gDBJer
-            96qny8cKC833OhTPLqWCUpAVgJ1JQ8EDLvj2YvXLiq/NmMFs+mBwjPdzNIUKzK6E
-            QgtjRJuQfOGSW0i44b+nkmWLSi1PhxVbIFt27Nl4I+mrvkhztIZcTwht+be3mMrp
-            z1hEn/BbXsin6JOB6EuyFbsRZ3wYFUlr23NiKVI/JSo39ifbtGqgWn68GN+tYYYs
-            mZ5tJykyRZxTU6qEKBaW9veClxs0FW2shQpp6Go/u6u/ghhHeB99trauPFL2rypT
-            IaLGWruFwHMsd+rSTcw+YrTbL7bfkqx/4xj5dxJaFNJeAfo5F5ddr1odeAHeSQmh
-            pfStJmy83SHhyDw8wLKMeF9d7dPKIyU4cXbLjSv1w86bDpDw8LBJSYEjJPVjLONV
-            F6AXCJxNckDXmshGUejC09abAcMzzTsEJK7ocqEoMg==
-            =XAWM
-            -----END PGP MESSAGE-----
-          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2
--- a/secrets/factorio-settings.age
+++ b/secrets/factorio-settings.age
--- a/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
+++ b/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+KuJIQzvERsM1zAF4iikbaIMsi4e/vnyx1yq6h9Mzxf6FnXyFRcUgLPVe05krQhJX
+0wjv18bI0jxRb8742Ww9i2nU5Tlrok9ol458iye5CPl63fAlVih4/Rkl3IkUIiIz
+q/VayGVaIHmpRD2xiEa4L+NXS9N69vVXoubX0oZrB0nPdYJ83gFU9u+CBqqG2EWr
+PBjyIvT5i5MDBnPZGOudadIoyeWGfjXEPsQWhQhL9ssi5QOzLXBnTDlxT53bNvHX
+2yOFprLDZ+ZONedkxy8OXZpPDYNcgPAIHiqx1E87ftqPIucdeU49AqlPh46wrPC3
+79E2hgSoPvn4poTlJtAD0tIADRGkcEV6wLCylN2lTOUJenUfhLNQ7ok4ITx8MOv3
+IkbWiD9yTMExVBlhc+us+XfBHM8mlWs/zu+18YTy21RM03gzY6lHVZCQPxay2Rof
+A505SeZ4Tyhoy0+oLaYv9b+7DJdlhUo/XMaKSibtgJ/2MCtRqmV5ZsnuUIWn1Qsc
+
+-> Vg-grease `tLg-(2z
+4EPuRnZmXpoB32r/0GCtskU3HU3h5ic
+--- QmKr+zAXnMpWBBBqNm2u954fOu2Zt8Y/kPPdq4UHgZc
+¤ì{çu|õæu´Ó€]OmXÝP3µÆ²•4_±½Â_
+q4›<EFBFBD>Ð6mþm©<‚pLH+d.hî‹’C<RDµ‘q<1F>Oø}öô3ÁZ¤KJ¤DÉàj]ÈýÒ¯Ù
ìá‚ØûCROË¥F;>‡
--- a/secrets/lelgenio-cachix.age
+++ b/secrets/lelgenio-cachix.age
--- a/secrets/lsfg.dll.gpg
+++ b/secrets/lsfg.dll.gpg
--- a/secrets/monolith-forgejo-runner-token.age
+++ b/secrets/monolith-forgejo-runner-token.age
--- a/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+YvABDqm9pSLhyLaKLDStuDisPJnaDpHnpTdTU4/xWgD3F4g2WkMymilhabqM+R5S
+hqcSVDxYE2mpPDPIDIMPRlZyw5EBKS6zQYFr7u3fdSMzzhL6pBLUvFtfq40Y3o6C
+LkkkYyWnJisWuTYeBY95H+fbDhqOylbjHP1fhRVwXO85pa4CcRMAWU2pKOIZRb3T
+IuQyE3LOT/vts56q0mgdItJK0gX0NJzXxi+8YdXb2VU5ny6IOBzDL4jUHhi4nfpS
+AmzEZE3ezq4Nxg+txMDQ6ZO+JUhqjCS4XDf5b2Lq6fDenVhFaNYf4HK/fMZHKhKE
+Ac+K5U3CKB7B2Ur+sEdB7AYWOc346bvxZhP16nwCI0ocaquo6WzEa6XA7zfRVC86
+wlTIUVdYKW3e/4AIHFnSXhFNss52kkhOjxcdQpdBb5RgSc/gWel7XFJ3bV17bCmV
+ccCYejBvW+Arpgr9Tl3UfyEbRbGTe7Jbxydsrx5h7gcXOuBYE3x8RGhegiL28wVl
+
+--- E11l59lvUhPNzXAYTgVUIIUCgJsEsSDMdnLV6r+qSiA
+¥Ë‹-&I:Ú¹Sa°_àÝzt•ø¨J!H¤¹'ëC`'uÜ@sØÙ'”:†èì÷ãÎ¶~Ò[0š×ïnÝY-uôF¦eÜ‹ê‹Çü`xÓ7‚öªíßDÆãÉþ0<C3BE>/Ã—%V½«Þ‘îUˆ
--- a/secrets/monolith-nix-serve-privkey.age
+++ b/secrets/monolith-nix-serve-privkey.age
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@ -4,20 +4,16 @@ gitlab-runners:
    thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
    thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
    docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
-    wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
-    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
-    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:F+QHv9wwgyQYobKwyG13tS2OKCZuBPKLe7RLkhxsqYmVEtkCnli9jG+unMp7MC5L0i3puNqfoXP2IC6g4ESHq1yE0ksUpUCHzps4oMZBQK9b5JcqXQs+c//hskTQ/sFmTfGPpdnQ7wAifnQf5Mx2E4RwiRznMgJGQ3RDDjg9xfWUyvw6PlslZH65aGrq3P/iURvj,iv:u34+rXKLcZjBlVJmdbf60I82Fb621lUjOBmR4CTJWGk=,tag:ToPtBIz3bgzAUKc6hh4Oxg==,type:str]
-nebula-wopus-vpn:
-    ca-crt: ENC[AES256_GCM,data:sFc9SxfCVaDYxbJqzEK6pRsVoJSFbD1qs/oVKLXXJPrR2y5jVM/ESk/xwaemwEBDPn2VOxLqD62lPF8jP665w/rutskKJ4pMji+Ev2zeryaxDmEwSOL8EbEQtlNxkZZEX3dwVNxykbK5A3bIrcI6vHaOTFeMht6IanO6CdeQOS0KoyYW0fHbW0Dc/YytBMjVWCPQk2VeWCl7X4JBsjj8aVQ8qgupsI16tJmETetO3lHAaYt6dk0Fp51XVaKSuaYGBhnoADXEKA3cIQoPUOaJ1Q0CmdfYk5XWEr0q0OcqjeAn8OERGufHr227tJgYx8A=,iv:G5iq5qeX9NlkOdmj9K0GRQ/6lAU0cBNEO2hQe9kyirY=,tag:b3sW5hs0pkIqqm2j81BIIA==,type:str]
-    monolith-crt: ENC[AES256_GCM,data:+0YbGYreXYR2+cu0NwXUuAnfIEUBGXm5J6nUTx2/z25gDTOVx9eI7USX6cQT/3NOt9S8odHcHeWQXChgWU9Xf+avdXmNO9vQGf8bZCybDQltPF+Gb2zRiFWiAy7raQaZc74SMbGCzABdfQBnEnqs+s/y0+ovilzOmcopnu551QEyjojuMLVcpUsvrEoQBx+dLYBjx22xob0wNUmXgBFxLRuDvYHGdehZ4jg8Ihf9kpDyjtjpfa8mF1kmdKZvPI5Y9z4ZOvA8266H+jFSqfx41nIuYcIwi8naKkoRue4kRCv71IXyK5DJNEweZPXD5sCdd005sxGgBnpSJCpSfr7TsCy5FxDcf9ISi3yrXLttcnOt2u1b3FFKNQiwlo5s2PQB2AB2Zf3nvKPqICmcXtGN3w==,iv:Q6izpQw3SymKNjnjO4x3pzqGJo5SxYZkVYdXcHQBi0A=,tag:9tlMYrN+/mMNYifw1F3yZQ==,type:str]
-    monolith-key: ENC[AES256_GCM,data:Y8KVQk66dewyeRIF+6HJeufD9EYO55m73LxrtZi4KQU0RbUpsV0eiRMX62rYtw6+uP87f5Tx6kC3fX4+mqNb2ZgDtVvm3/Qnz5Ly112c/h33krNqRpv6pEHRkrS9j01tLkJnxwiyIvq3b03GTAIoCKWgqaaagCXYHArgzRrDIw==,iv:lp3zuD8XWaiJvyxzXHrgpF4qbrCv/uf9l9qyWXVrkkM=,tag:eSlTCa2TrIuga7UUxoloBQ==,type:str]
-minio:
-    root-credentials: ENC[AES256_GCM,data:izDiis6BgAubbe91EUcuwMKrSrYEDQFQbaEGzpdjj3Wlt8Z8gzgvGmYCryAK8GBUMbzQvy0do26xMGMl3LxLWz9bgixixPVFTTg5GhfUJw==,iv:hkrkGz+EpVwkWEMQWBrm2u4Jti7azsDtsTmyouDREug=,tag:mDnOKKBwgKOmsxegKcRhpQ==,type:str]
-nix-serve:
-    private-key: ENC[AES256_GCM,data:xSHNHiLKs5QG92cSR0gNlusRhGjRUcelSvBt/f3+LdLjTtPaYMmiEiUsl43FyaigGkGq4nGDWAgPVJ+bFNpman0F4KwYqoSp5zH07IC9KaXouvudRLMZc8MkpwKKptKebKDlxKfsLt44n3qnV7OPYzSgzA==,iv:yUM/4yCIJqTt04HyXBVe+EMN4NnFkVnVhsUvUlKv2QM=,tag:qAr0UIjWzXH1eEzGCrK5Vg==,type:str]
-factorio:
-    server-config.json: ENC[AES256_GCM,data:qpLNcNjKrlH5IjGsq7ukCPR7G5dfOfN9joM2KZUdKZetZ/mA8ikBSbuBtRxwBQUSB6PcFxDftus704vlOkLcDcc4PT9rnpEiedLng9NkJPZZo2exfozut3N7dhij28c6Jy2uvad1pzAfW78iHI0kJNkDQDD2oW9xoFAZrPDRh5oNLpNn1/iIFoIflyYFctUbcpsDvs+8xHGGM5PQQo0QnZcxfSPY2iT4At1i5WP/Uedonvlw9fNcoOtzP7BhOECuMWUC5W2v2hP2/vcp7M8=,iv:Ln+/4AudJfdJYdkq0xLVF8dyrObzLwhANpTo3WgjUF4=,tag:Rgw4/J016Geiv6FwF5ZaMQ==,type:str]
+bitbucket-runners:
+    wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str]
+    wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str]
+    wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str]
+    wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
@ -37,8 +33,8 @@ sops:
            aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
            jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-15T06:33:37Z"
-    mac: ENC[AES256_GCM,data:lYnwpoQuDSRpcPdIoSX3aGssc34UPqj6aZaliXl9XKMu1FMEgKwYXvNGOgs4tV2hBUQvTB4ZhiPT62awEHxzO1CmVdi6eiR9LTP2KetVubvKp8Ps/xoWKl51pG9ubJj+H3rfwAhfbGVZmAb6PKQgY6mnpyutlt/ojCMoKJ4BVwM=,iv:O0MoP+Nb1+nrowX3yfhIY/pjtSbLPV6qHOhDiEfdpzw=,tag:qSA02qKepxJ8p1qpZYN+UQ==,type:str]
+    lastmodified: "2025-03-07T21:28:04Z"
+    mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str]
    pgp:
        - created_at: "2025-03-07T22:49:16Z"
          enc: |-
@ -56,4 +52,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.9.4-unstable
--- a/secrets/phantom-forgejo-mailer-password.age
+++ b/secrets/phantom-forgejo-mailer-password.age
--- a/secrets/phantom-invidious-settings.age
+++ b/secrets/phantom-invidious-settings.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+iTcgtxF1IxopbtF+aw7V8IQfH7tWiMk9lE/eWlVHVjeaRvER5W6Y3xZNOFCjtbqY
+VwEyV6ibfZ4GJt1jRu2icEH/AnLUJFFGQnxu/K/rtoZ3tqSIk9WCBv3aPo4oZRiU
+uaaxi2gD8qo1RLyl/Ij7Djw4i/isUOO1EON5sgx1d39k6qUD4Mak0DSU4EtGdTsr
+OaxDAc0kAxhxZQOUH/QlKa0HLonaFcy1LHqvttOcw3UZuZnaYfZiPlcqe3USS9cm
+96aIC5cS9pHr4JFrqRYvfpla2TY5jlCB/xBGw3KjGEIQoBPXSsJZA6BCMZyp00++
+tdfS2aomt9HFmb1wZDS0jWAxkVF6nXXBbolFVih+58h0nYLljtHIQ3SizRoXY459
+x3JE9NReHp2OO3SlIeO03Kv8YMBvj7nSSd1C1PMpu+hJ/eCXi1WQxD6QY+40muk6
+KhqE3PZ8BCY2b+VpywUF5gVH28mo3jscqAzhf2dZ3SQlzldI+hFyKPxTdAqkfUOH
+
+--- cinb+wzjVfTkpfm1CtFIFaepwoQVCj1MquB5rAC45Ew
+¾
+6
+ZCþHS07ïºÖóýE¼X*Àqb=üOßíÛÉwu¥¤³Pºþ¹ÙçÇ–Ñ³/£ómvòÞ×Ë2VœÄ«
+ÁŠxvç[“£‚µ£±”Ì‚A~ evdÓåÙ0¢Œni³1Ò›¹Qý„"í@Ù¹§ÞÔ{KpÐ:åÏµuµsÊÎBñò(X…r[ÂQVg¢Tš¤°ðœîËï@Ä*ÇõÿíB«<>.§¯žhEé²ŸèÐë’÷½¥Žûzlz|kã`l8‘´8¼M›cch<63>îáZ`ƒ ?yeoƒ+ÈM-:/–À**ìè¦ÊcŸÎZD¡2Ñá¼é&·÷¾Ç¢¹£e¤ï*Hnç"Þ~+|ua(û6óËJ
--- a/secrets/phantom-mastodon-mailer-password.age
+++ b/secrets/phantom-mastodon-mailer-password.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
+/WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
+eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
+WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
+bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
+MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
+ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
+CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
+
+--- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
+ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ‘ 'ÂJŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|
--- a/secrets/phantom-nextcloud.age
+++ b/secrets/phantom-nextcloud.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+bpGCgyaAPDutva1Gp/YPuek6IZTXJHKb7+oIAV/x+7Ry4Oci9zM2VWvPVE/rPE/d
+0AzBX1NvsWBB005w42RfiErk4FQYRCouwNR1FNjUWNdQOmku++RPfxBXspAFIDkQ
+yM7mqbhwf5by5rZY+2kl20QxkErkVtZolus1am9RV4uyXfdPaRcKjWOuPiEim42d
+YdeCXq4nJGxlL3tRunIqLIZGhV08wHBl7Dubhn9hdD6/ekDk0RloVTBDZUY5tUPL
+dJk+bfFPI0DimytzCwyQbWEHOkdiWYSNzbx2JhTSvuqefHP1UzB2LukaQc2gOJFV
+mVKvQuGpOWknytMUhM6zCTvRw4OQutAZd96OniQYTas/vnmfT2l2n9aMEzQK157A
+U9DmsvhBypILiQSPpA7QrGB1QVuRjAFJA86ASY1FAT6MdBBK4vZ8fK7mpT06JO/n
+gwv+UlvFBziWHzA/1GOLrfD+ExjmbeucRZr5XGszrAaK/7GPZt4LF69hRmKegL94
+
+-> 9I3~SC,<-grease M$2 RibFL]C
+uR6MirHtTc4Tyrcw3T2my+BN2Q
+--- 56zk9BqgwQqNymga1mUDgpvtfIpMy5i/JnaSXbjx6jk
+ÞQÚÞ—Ž)NâÿÚ¦¨Žß‘-†ŸÀ ÷ÑDz-ÖIÅß-°]p$ÉX5æT·PU=u;kæ8}wÁV¦mšç=
--- a/secrets/phantom-renawiki.age
+++ b/secrets/phantom-renawiki.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+BUJ9L1bwZ0RWj3FmMghmZDkY4iuc0gujS3Rfat+hj/pg+MALZ69Tovc5RnqmOZT/
+pTGPTzWj3WO70YU+wCUHKZ74JcKdL3wSD1FWOWYRvyDV3gxZjDTjw4Grs+sH9M4Z
+MrhdoyY95fhmGZHJ7Qkx/aKCAK/OaFSu5Vhh37ykmLd1gQ9NJYQ+G3lLr1Mrqjd/
+1QaBqJtJpAFTA0eCd3+oBtQ/qgHD2ZBJcOmkS9sRC6S4YKNoyoDifTbL29aJC4f/
+08myI0WH/ApbtN1hWuiVWibmy/9/76IAvgUqi8fULNY5w7Otz3nKGV+mDA5+oD11
+jCHZJdcec9JFyZ/V2mh/PoHpNawksNPy85eJ0MpM1avM25Qib8kWJM6fnZb7uJzt
+DsYCl2q4ILnTaieuTSJUfgacKbrwSv7MQfgdh1SkXAShyZ7aSCoDhsgSdOVwYoAX
+Mspm0NtodeV7493qZwYspO6H0xbfh20vXa1DOeMt98T1iP0aYYhfRXkb0wACx1QF
+
+-> \z/RLj3S-grease cmv( uCkG*= .cX3S 9r^&
+OVTVTnB3PjD4COiRCtQ
+--- EhfDqxfjLIHF9Sa7V4ytO1xsRK8p23WDsWcB9/B9fRw
+.ß=–£))/’ö‰Í¹êÒ‹#´ýLÁƒŒÓ‰Ž—|p
+7	ÍñÄKä®7ò²Š@üCJfš:w6Pè•@@/N<>7¿
--- a/secrets/phantom/default.yaml
+++ b/secrets/phantom/default.yaml
@ -8,17 +8,11 @@ example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9L
 example_booleans:
    - ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
    - ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
-forgejo:
-    smtp_password: ENC[AES256_GCM,data:g/Uqmtp8A9pas5WcslwnGCKSXv7dYSRMA8wKm7DWpvssVRZJ,iv:vNBqdTlZ5mg0AhjMNr8rUts1rDBYmq03tdiceVN3xjs=,tag:M3qfiZEWvJN/XUjjmnAXqA==,type:str]
-invidious:
-    settings.json: ENC[AES256_GCM,data:wzbBnj3qrhw+clHpetEm/FYs+zkMM0kG0JO97E2wPEPaoBZDuOy3BRAbzmwkn4RUEt2hWVN89/A1qweXuuScXt5LSgaQXFXmGQQ2RzXY7K7Pr3uBNol53pnNQI5M6Mi1bif26rdiwznE0QgZCuptadhPcHbCaWB2QrXyYDdTdvQ6Wd+ZueSXPXCjpRnXaqZzTFc5VJf09wqTFahUvVkgjkhgiLVUu218b8xghekJLwJ3bKwmXuXsnmGSQjFry6ttbFPQJawVXWqsiNY7iaE0k1K3NKcTu5Fm2XiriPTKuGM51EXrqaw97ywWN8JEBGxZTk7kcWg2tAf9ddOewYMG,iv:2oDgPdFihZ9O8IkAydL2DtlUtCBUw70u2F2Rn+eW9rs=,tag:zvdZbEdQzbtWgft+i00ufQ==,type:str]
-mastodon:
-    smtp-password: ENC[AES256_GCM,data:ciRTgcCKueSiYerBjWHOD4c9wlpMlcV9jiFaEWFh92vgA6J9,iv:TAaPiMIL8Yfd9k4j9dN40dWqQWAPb+24ngvPC7GTrlE=,tag:+7fGAN7FKiPIWvdsQXGqxg==,type:str]
-nextcloud:
-    default-password: ENC[AES256_GCM,data:mR0KRCheXh6NBVn+odK9Kx0e4njJDuZ6OS37Iw==,iv:PAb/sCt7hq5WKZwr4FMfiMqf7mGvpXQEnZcbzmDz9oI=,tag:ukBDHbFKrStXckzuE1TwJA==,type:str]
-writefreely:
-    password: ENC[AES256_GCM,data:5hzvM8Aitvj4Hb/RgViV1QjsnpQqln0k1nZvEz8Y7vdZvcHo,iv:Wi+pKcGqi09050sitgxt/+hYGF2mlmYC0SDjmqSWPr4=,tag:V0KSBgIV4fgMbxuADVTxrA==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
@ -38,8 +32,8 @@ sops:
            RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
            o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-15T06:46:07Z"
-    mac: ENC[AES256_GCM,data:lnvq80oOH2pO6AxBbnjNxvz0xcukTFowcxKf24RKFf/ZouRL6uCJEWJwNCoAKCGOHibrztsGHLDL/cgOffv9CTivIYmzbB+9q2MCQNGxrSL7CkWr/mK9xb5Yz1ASvvZxcGB7WmZNVZXvjIr6mdZy50UweHJoit+oDvE03cmG9Bw=,iv:CikhhcnCE9SXpRasZEImUR6vU5cauD4YIplxPYsPo4A=,tag:+QaBv8Nrk40UCYhUskepyw==,type:str]
+    lastmodified: "2025-03-05T22:27:18Z"
+    mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str]
    pgp:
        - created_at: "2025-03-07T22:49:19Z"
          enc: |-
@ -57,4 +51,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.9.4-unstable
--- a/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa BwwxHg
+KCVF4Sy49stOeQs2uunYKkvadqeimmWlJ4ucEJxfXy2z+OkkZpixUnWgJEH2nCa4
+NL/F0Wezbqvh+Texl4FlHN8PT2w/d5gdg/L+fI4jBYCvbbiHA4sdUgmXWigY8zrU
+5H7Y9mgb1Y174fA6zfTCk2fHmk+KARoV27YrS2fzGoVQiPhnvv8ZT51eF1E+Zs4I
+YtXehxEOqYljJKYJJnF9ElzfNa8nypACGtcjTE8eEq0DlZu2U7qV+QWwQudHbcs
+MbFR2VtkHWQaNdK1vVBGND1CMlfshSCqbUzGcexownMiCVSal1RKA2uAWnYdOEc/
+QSR8cKn8QQ5dyPFCqZ8RnlCMUegCVLg5cC0/rlTUD0C/Ti2SRBYTH3HvJjmSNk8k
+3LdcNwK4YtG4d1gkqLVjwCM1Yg8I/UICb5nQYclvBz5VQ2drvL/gU/+Vc7Z5KUFI
+0G/7uNmeJ16Eky+X9c73ZZxVqm0TzDENE2GzkPhBHEfXBR+4j6m8KKEWxQmA2ZSg
+
+--- Oq9wU0h90iU/8g1XTNI+LuAg7t09hngj9DCK91V1+pg
+Ï‡võ’P·Êì}ÓN,×ÿWl?y0)‘eVw‰©Aði±ýê•Å<E280A2>Sm¥œ¼¸à‡ì>‰ð°ÑD“ÂQž¦C-ùëB†Ôáôôø0ŽúVµ|÷=ŽXÊ6©ë ¢œ‹W<E280B9>>ãÒì~·-qIÞ%
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,19 @@
+let
+  main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
+in
+{
+  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
+    main_ssh_public_key
+  ];
+  "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
+  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
+  "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
+  "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
+  "factorio-settings.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-invidious-settings.age".publicKeys = [ main_ssh_public_key ];
+}
--- a/3
+++ b/3
@ -4,9 +4,6 @@ set -euo pipefail

 nix fmt

-# Allow usage of untracked files in nix code
-git add --intent-to-add .
-
 git --no-pager diff

 run() {
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+#!/bin/sh
+
+./switch \
+    --option extra-substituters "http://nixcache.lelgenio.1337.cx:5000" \
+    --option extra-trusted-public-keys "nixcache.lelgenio.1337.cx:HZCwDaM39BOF+MLuviMQTUrz3rBWLTLV9H+GV4zcxVI=" \
+    "$@"
--- a/system/android.nix
+++ b/system/android.nix
@ -12,5 +12,6 @@
    programs.kdeconnect.enable = true;

    programs.adb.enable = true;
+    services.udev.packages = [ pkgs.android-udev-rules ];
  };
 }
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -43,13 +43,12 @@

  services.geoclue2.enable = true;

-  systemd.settings.Manager = {
-    DefaultTimeoutStopSec = "10s";
-  };
-  services.logind.settings.Login = {
-    HandlePowerKey = "suspend";
-  };
-  services.upower.enable = true;
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=10s
+  '';
+  services.logind.extraConfig = ''
+    HandlePowerKey=suspend
+  '';

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/system/containers.nix
+++ b/system/containers.nix
@ -33,18 +33,6 @@

    networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;

-    # Docker punches holes in your firewall
-    systemd.services.docker-update-firewall = {
-      script = lib.getExe pkgs._docker-block-external-connections;
-    };
-    systemd.timers.docker-update-firewall = {
-      timerConfig = {
-        OnCalendar = "minutely";
-        Unit = "docker-update-firewall.service";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-
    programs.extra-container.enable = true;

    programs.firejail.enable = true;
--- a/system/fonts.nix
+++ b/system/fonts.nix
@ -4,8 +4,7 @@
  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk-sans
-    noto-fonts-color-emoji
-    nerd-fonts.fira-code
-    nerd-fonts.hack
+    noto-fonts-emoji
+    nerdfonts_fira_hack
  ];
 }
--- a/system/gaming.nix
+++ b/system/gaming.nix
@ -60,6 +60,12 @@
      };
    };

-    programs.corectrl.enable = true;
+    programs.corectrl = {
+      enable = true;
+      gpuOverclock = {
+        enable = true;
+        ppfeaturemask = "0xffffffff";
+      };
+    };
  };
 }
--- a/system/gitlab-runner.nix
+++ b/system/gitlab-runner.nix
@ -1,18 +1,21 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  inputs ? null,
-  ...
-}:
-let
-  installNixScript =
-    {
-      authenticationTokenConfigFile,
-      nixCacheSshPrivateKeyPath ? null,
-      nixCacheSshPublicKeyPath ? null,
-      ...
-    }:
-    pkgs.writeScriptBin "install-nix" ''
+  mkNixRunner =
+    authenticationTokenConfigFile: with lib; rec {
+      # File should contain at least these two variables:
+      # `CI_SERVER_URL`
+      # `REGISTRATION_TOKEN`
+      inherit authenticationTokenConfigFile; # 2
+      dockerImage = "alpine:3.18.2";
+      dockerAllowedImages = [ dockerImage ];
+      dockerVolumes = [
+        "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
+        "/nix/store:/nix/store:ro"
+        "/nix/var/nix/db:/nix/var/nix/db:ro"
+        "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
+      ];
+      dockerDisableCache = true;
+      preBuildScript = pkgs.writeScript "setup-container" ''
        mkdir -p -m 0755 /nix/var/log/nix/drvs
        mkdir -p -m 0755 /nix/var/nix/gcroots
        mkdir -p -m 0755 /nix/var/nix/profiles
@ -26,70 +29,23 @@ let
        . ${pkgs.nix}/etc/profile.d/nix.sh

        ${pkgs.nix}/bin/nix-env -i ${
-        lib.concatStringsSep " " (
+          concatStringsSep " " (
            with pkgs;
            [
              nix
              cacert
              git
              openssh
-            docker
            ]
          )
        }
-
-      ${lib.optionalString (nixCacheSshPrivateKeyPath != null && nixCacheSshPublicKeyPath != null) ''
-        NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}"
-        NIX_CACHE_SSH_PUBLIC_KEY_PATH="${nixCacheSshPublicKeyPath}"
-        . ${./gitlab-runner/nix-cache-start}
-      ''}
      '';
-in
-rec {
-  mkNixRunnerFull =
-    {
-      authenticationTokenConfigFile,
-      nixCacheSshPrivateKeyPath ? null,
-      nixCacheSshPublicKeyPath ? null,
-      ...
-    }@args:
-    {
-      # File should contain at least these two variables:
-      # `CI_SERVER_URL`
-      # `REGISTRATION_TOKEN`
-      inherit authenticationTokenConfigFile; # 2
-      dockerImage = "alpine:3.18.2";
-      dockerPullPolicy = "if-not-present";
-      dockerVolumes = [
-        "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
-        "/nix/store:/nix/store:ro"
-        "/nix/var/nix/db:/nix/var/nix/db:ro"
-        "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
-        "/tmp:/tmp"
-        "/var/run/docker.sock:/var/run/docker.sock"
-        "/var/lib/docker/containers:/var/lib/docker/containers"
-        "/cache"
-      ]
-      ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [
-        "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}"
-      ]
-      ++ lib.optionals (nixCacheSshPublicKeyPath != null) [
-        "${nixCacheSshPublicKeyPath}:${nixCacheSshPublicKeyPath}"
-      ];
-      # dockerDisableCache = true;
-      preBuildScript = "\". ${lib.getExe (installNixScript args)}\"";
      environmentVariables = {
        ENV = "/etc/profile";
        USER = "root";
        NIX_REMOTE = "daemon";
+        PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
        NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
-        NIX_PATH = if inputs != null then "nixpkgs=${inputs.nixpkgs}" else "";
      };
    };
-
-  mkNixRunner =
-    authenticationTokenConfigFile:
-    mkNixRunnerFull {
-      inherit authenticationTokenConfigFile;
-    };
 }
--- a/system/gitlab-runner/nix-cache-start
+++ b/system/gitlab-runner/nix-cache-start
@ -1,49 +0,0 @@
-#!/bin/sh
-
-echo "nix-cache: Setting up ssh key and host" >&2
-STORE_HOST_PUB_KEY="$(cat "$NIX_CACHE_SSH_PUBLIC_KEY_PATH" | base64 | tr -d '\n')"
-STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
-echo STORE_URL="$STORE_URL" >&2
-
-NIX_EXTRA_CONFIG_FILE=$(mktemp)
-cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
-  extra-substituters = $STORE_URL
-EOF
-
-echo "nix-cache: Adding remote cache as substituter" >&2
-export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
-
-echo "nix-cache: Setting up nix hook" >&2
-nix() {
-    echo "nix-cache: executing nix hook" >&2
-    command nix "$@"
-    local STATUS="$?"
-
-    local BUILD=no
-    if test "$STATUS" = "0"; then
-        for arg in "$@"; do
-            echo "nix-cache: evaluating arg '$arg'" >&2
-            case "$arg" in
-                build)
-                    echo "nix-cache: enablig upload" >&2
-                    BUILD=yes
-                ;;
-                -*)
-                    echo "nix-cache: ignoring argument '$arg'" >&2
-                ;;
-                *)
-                    if test "$BUILD" = yes; then
-                        echo "nix-cache: Sending path $arg" >&2
-                        command nix copy --to "$STORE_URL" "$arg" || true
-                    else
-                        echo "nix-cache: not building, ignoring argument '$arg'" >&2
-                    fi
-                ;;
-            esac
-        done
-    else
-        echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2
-    fi
-
-    return "$STATUS"
-}
--- a/system/greetd.nix
+++ b/system/greetd.nix
@ -37,18 +37,16 @@ in
    xdg.portal = {
      enable = true;
      wlr.enable = true;
+      # Always pick the first monitor, this is fine since I only ever use a single monitor
+      wlr.settings.screencast.chooser_type = "none";
      # gtk portal needed to make gtk apps happy
      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
    };
    services.greetd =
      let
-        start-sway = pkgs.writeShellScriptBin "start-sway" ''
-          mkdir -p ~/.local/share/sway
-          exec sway 2>&1 | tee -a ~/.local/share/sway/sway.log
-        '';
        greetd_main_script = pkgs.writeShellScriptBin "main" ''
          export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
-          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${lib.getExe start-sway}
+          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop}
          swaymsg exit
        '';
        swayConfig = pkgs.writeText "greetd-sway-config" ''
@ -72,11 +70,11 @@ in
        enable = true;
        settings = {
          initial_session = {
-            command = lib.getExe start-sway;
+            command = desktop;
            user = "lelgenio";
          };
          default_session = {
-            command = "dbus-run-session -- ${pkgs.sway}/bin/sway --config ${swayConfig}";
+            command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
          };
        };
      };
--- a/system/locale.nix
+++ b/system/locale.nix
@ -2,7 +2,7 @@
 {
  time.timeZone = "America/Sao_Paulo";
  environment.variables.TZ = config.time.timeZone;
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";

  # Configure keymap in X11
  services.xserver.xkb = {
--- a/system/media-packages.nix
+++ b/system/media-packages.nix
@ -14,11 +14,11 @@ in
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      down_meme
-      unstable.yt-dlp
+      yt-dlp
      ffmpeg
      obs-studio
      imagemagick
-      mpc
+      mpc-cli
      helvum
      gimp
      inkscape
--- a/system/monolith-bitbucket-runner.nix
+++ b/system/monolith-bitbucket-runner.nix
@ -0,0 +1,50 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  mkRunner = secret: {
+    image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
+    volumes = [
+      "/tmp:/tmp"
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "/var/lib/docker/containers:/var/lib/docker/containers:ro"
+    ];
+    environmentFiles = [ secret ];
+  };
+
+  secretConf = {
+    sopsFile = ../secrets/monolith/default.yaml;
+  };
+in
+{
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      # needed by bitbucket runner ???
+      log-driver = "json-file";
+      log-opts = {
+        max-size = "10m";
+        max-file = "3";
+      };
+    };
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  virtualisation.oci-containers.containers = {
+    bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
+    bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
+    bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
+    bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
+  };
+
+  sops.secrets = {
+    "bitbucket-runners/wopus-runner-1" = secretConf;
+    "bitbucket-runners/wopus-runner-2" = secretConf;
+    "bitbucket-runners/wopus-runner-3" = secretConf;
+    "bitbucket-runners/wopus-runner-4" = secretConf;
+  };
+}
--- a/system/monolith-forgejo-runner.nix
+++ b/system/monolith-forgejo-runner.nix
@ -1,12 +1,12 @@
 { pkgs, config, ... }:
 {
  services.gitea-actions-runner = {
-    package = pkgs.forgejo-runner;
+    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.lelgenio.com";
-      tokenFile = config.sops.secrets."forgejo-runners/git.lelgenio.com-default".path;
+      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
      labels = [
        # provide a debian base with nodejs for actions
        "debian-latest:docker://node:18-bullseye"
@ -17,6 +17,4 @@
      ];
    };
  };
-
-  sops.secrets."forgejo-runners/git.lelgenio.com-default" = { };
 }
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -1,37 +1,29 @@
 {
  config,
  pkgs,
-  inputs,
  ...
 }:
 let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { inherit inputs; }) mkNixRunner mkNixRunnerFull;
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
 in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
-    settings.concurrent = 3;
+    settings.concurrent = 12;
    services = {
      # runner for building in docker via host's nix-daemon
      # nix store will be readable in runner, might be insecure
      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;

-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-
      default = {
        # File should contain at least these two variables:
        # `CI_SERVER_URL`
        # `CI_SERVER_TOKEN`
        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
        dockerImage = "debian:stable";
-        dockerPullPolicy = "if-not-present";
      };
    };
  };
@ -47,14 +39,5 @@ in
    "gitlab-runners/docker-images-token" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
-    "gitlab-runners/wopus-gitlab-nix" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
  };
 }
--- a/system/mouse.nix
+++ b/system/mouse.nix
@ -10,6 +10,6 @@
    MatchBus=usb
    MatchVendor=0x046D
    MatchProduct=0x4099
-    AttrEventCode=-REL_WHEEL_HI_RES;-REL_HWHEEL_HI_RES;
+    AttrEventCode=-REL_WHEEL_HI_RES
  '';
 }
--- a/system/network.nix
+++ b/system/network.nix
@ -26,8 +26,6 @@
    };
  };

-  services.fail2ban.enable = true;
-
  # Workaround for nm-wait-online hanging??
  # Ref: https://github.com/NixOS/nixpkgs/issues/180175
  systemd.services.NetworkManager-wait-online = {
--- a/system/nix-serve.nix
+++ b/system/nix-serve.nix
@ -7,8 +7,6 @@
 {
  services.nix-serve = {
    enable = true;
-    secretKeyFile = config.sops.secrets."nix-serve/private-key".path;
+    secretKeyFile = config.age.secrets.monolith-nix-serve-privkey.path;
  };
-
-  sops.secrets."nix-serve/private-key" = { };
 }
--- a/system/nix.nix
+++ b/system/nix.nix
@ -29,12 +29,16 @@ in
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
+        # "http://nixcache.lelgenio.1337.cx:5000"
+        "https://lelgenio.cachix.org"
        "https://wegank.cachix.org"
        "https://snowflakeos.cachix.org/"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        # "nixcache.lelgenio.1337.cx:zxCfx7S658llDgAUG0JVyNrlAdFVvPniSdDOkvfTPS8="
+        "lelgenio.cachix.org-1:W8tMlmDFLU/V+6DlChXjekxoHZpjgVHZpmusC4cueBc="
        "wegank.cachix.org-1:xHignps7GtkPP/gYK5LvA/6UFyz98+sgaxBSy7qK0Vs="
        "snowflakeos.cachix.org-1:gXb32BL86r9bw1kBiw9AJuIkqN49xBvPd1ZW8YlqO70="
      ];
--- a/system/secrets.nix
+++ b/system/secrets.nix
@ -0,0 +1,12 @@
+{ pkgs, config, ... }:
+{
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+    secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
+    secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
+    secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
+    secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
+    secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
+    secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
+  };
+}
--- a/system/sound.nix
+++ b/system/sound.nix
@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  services.pulseaudio.enable = false;
+  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
--- a/user/alacritty.nix
+++ b/user/alacritty.nix
@ -61,7 +61,7 @@ in
                  delimiters = ''^\\u0000-\\u001F\\u007F-\\u009F<>"\\s{-}\\^⟨⟩`'';
                  # Kakoune uses these characters to represent whitespace,
                  # but alacritty doesn't know about them
-                  whitespace_characters = "¬·→";
+                  whitespace_characters = ''¬·→'';
                in
                "${mimes}[${delimiters}${whitespace_characters}]+";
              command = "xdg-open";
--- a/user/chat.nix
+++ b/user/chat.nix
@ -10,12 +10,12 @@
    extraConfig = ''
      exec thunderbird
      exec discordcanary
-      exec Telegram
+      exec telegram-desktop
    '';
  };

  home.packages = with pkgs; [
-    telegram-desktop
+    tdesktop
    discord-canary
    thunderbird
    element-desktop
--- a/user/cursor/cursor.desktop
+++ b/user/cursor/cursor.desktop
@ -0,0 +1,15 @@
+[Desktop Entry]
+Name=Cursor
+Exec=/home/lelgenio/.local/bin/cursor --enable-features=UseOzonePlatform --ozone-platform-hint=wayland %F
+Path=/home/lelgenio/.local/bin
+Icon=/home/lelgenio/.icons/cursor.png
+Type=Application
+Categories=Utility;Development;
+StartupWMClass=Cursor
+X-AppImage-Version=latest
+Comment=Cursor is an AI-first coding environment.
+MimeType=x-scheme-handler/cursor;
+
+
+[Desktop Action new-empty-window]
+Exec=/home/lelgenio/.local/bin/cursor --enable-features=UseOzonePlatformc --ozone-platform-hint --new-window %F
--- a/user/cursor/default.nix
+++ b/user/cursor/default.nix
@ -0,0 +1,20 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+{
+  options.cursor = {
+    enable = lib.mkEnableOption { };
+  };
+
+  config = lib.mkIf config.cursor.enable {
+    home.file = {
+      "${config.home.homeDirectory}/.local/share/applications/cursor.desktop".source = ./cursor.desktop;
+      "${config.home.homeDirectory}/.config/Cusor/User/keybindings.json".source =
+        config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/projects/nixos-config/user/cursor/keybindings.json";
+      "${config.home.homeDirectory}/.config/Cursor/User/settings.json".source =
+        config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/projects/nixos-config/user/cursor/settings.json";
+    };
+  };
+}
--- a/user/cursor/keybindings.json
+++ b/user/cursor/keybindings.json
@ -0,0 +1 @@
+[]
--- a/user/cursor/settings.json
+++ b/user/cursor/settings.json
@ -0,0 +1,34 @@
+{
+    "terminal.integrated.sendKeybindingsToShell": true,
+    "window.titleBarStyle": "custom",
+    "workbench.preferredDarkColorTheme": "GitHub Dark",
+    "workbench.preferredLightColorTheme": "GitHub Light",
+    "window.autoDetectColorScheme": true,
+    "workbench.colorTheme": "GitHub Dark",
+    "git.autofetch": true,
+    "git.confirmSync": false,
+    "editor.suggest.snippetsPreventQuickSuggestions": false,
+    "update.mode": "none",
+    "intelephense.files.exclude": [
+        "**/.git/**",
+        "**/.svn/**",
+        "**/.hg/**",
+        "**/CVS/**",
+        "**/.DS_Store/**",
+        "**/node_modules/**",
+        "**/bower_components/**",
+        "**/vendor/**/{Tests,tests}/**",
+        "**/.history/**",
+        "**/vendor/**/vendor/**",
+        "**/.direnv/**"
+    ],
+    "intelephense.format.braces": "k&r",
+    "window.commandCenter": 1,
+    "files.exclude": {
+        "**/.deps": true,
+        "**/.direnv": true
+    },
+    "diffEditor.renderSideBySide": false,
+    "laravel-pint.enable": true,
+    "editor.formatOnSave": true
+}
--- a/user/firefox.nix
+++ b/user/firefox.nix
@ -1,11 +1,12 @@
 {
  config,
  pkgs,
+  lib,
+  font,
  ...
 }:
 let
-  inherit (config.my.theme) color;
-
+  inherit (config.my) desktop browser;
  bugfixedFirefox = pkgs.firefox-devedition-unwrapped // {
    requireSigning = false;
    allowAddonSideload = true;
@ -27,15 +28,15 @@ in
            url = "https://addons.mozilla.org/firefox/downloads/file/4202411/sponsorblock-5.4.29.xpi";
            hash = "sha256-7Xqc8cyQNylMe5/dgDOx1f2QDVmz3JshDlTueu6AcSg=";
          })
-          # (pkgs.fetchFirefoxAddon {
-          #   name = "tree-style-tab";
-          #   url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi";
-          #   hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo=";
-          # })
+          (pkgs.fetchFirefoxAddon {
+            name = "tree-style-tab";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi";
+            hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo=";
+          })
          (pkgs.fetchFirefoxAddon {
            name = "ublock-origin";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4492375/ublock_origin-1.64.0.xpi";
-            hash = "sha256-ueHIaL0awd78q/LgF3bRqQ7/ujSwf+aiE1DUXwIuDp8=";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi";
+            hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo=";
          })
          (pkgs.fetchFirefoxAddon {
            name = "user_agent_string_switcher";
@ -55,20 +56,10 @@ in
            hash = "sha256-lKLX6IWWtliRdH1Ig33rVEB4DVfbeuMw0dfUPV/mSSI=";
          })
          (pkgs.fetchFirefoxAddon {
-            name = "unhook";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4263531/youtube_recommended_videos-1.6.7.xpi";
-            hash = "sha256-u21ouN9IyOzkTkFSeDz+QBp9psJ1F2Nmsvqp6nh0DRU=";
+            name = "invidious_redirect";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";
+            hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8=";
          })
-          (pkgs.fetchFirefoxAddon {
-            name = "youtube_no_translation";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4561536/youtube_no_translation-2.11.0.xpi";
-            hash = "sha256-8VpoUDbvZZf0oYGSHnXEiYDjfcPjQqtbDaxp5ndAJ94=";
-          })
-          # (pkgs.fetchFirefoxAddon {
-          #   name = "invidious_redirect";
-          #   url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";
-          #   hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8=";
-          # })

          (pkgs.fetchFirefoxAddon {
            name = "substitoot";
@ -93,14 +84,13 @@ in
        dev-edition-default = {
          isDefault = true;
          search.force = true;
-          search.default = "ddg";
+          search.default = "DuckDuckGo";
          settings = {
            "devtools.theme" = "auto";
            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            "browser.tabs.inTitlebar" = if desktop == "sway" then 0 else 1;
            "sidebar.position_start" = false; # Move sidebar to the right

-            "browser.tabs.groups.enabled" = true;
-
            # enable media RDD to allow gpu acceleration
            "media.rdd-ffmpeg.enabled" = true;
            "media.rdd-ffvpx.enabled" = true;
@ -117,6 +107,8 @@ in
            "media.ffmpeg.vaapi.enabled" = true;
            "media.ffvpx.enabled" = true;

+            "gfx.webrender.all" = true;
+
            # Enable installing non signed extensions
            "extensions.langpacks.signatures.required" = false;
            "xpinstall.signatures.required" = false;
@ -127,27 +119,26 @@ in
            "devtools.chrome.enabled" = true;
            "devtools.debugger.remote-enabled" = true;
          };
-          userChrome = ''
-            #sidebar-main {
-              background-color: ${color.bg};
-            }
-
-            #tabbrowser-tabbox {
-              outline-width: 0 !important;
-            }
-          '';
+          userChrome =
+            if desktop == "sway" then
+              ''
+                #titlebar { display: none !important; }
+                #TabsToolbar { display: none !important; }
+                #sidebar-header { display: none !important; }
+              ''
+            else
+              "";
        };
      };
    };
-
-    home.packages = with pkgs; [
-      nix-prefetch-firefox-extension
-    ];
-
    wayland.windowManager.sway = {
      extraConfig = ''
-        exec firefox-devedition
+        exec firefox
      '';
    };
+    home.sessionVariables = {
+      MOZ_ENABLE_WAYLAND = "1";
+      MOZ_DISABLE_RDD_SANDBOX = "1";
+    };
  };
 }
--- a/user/fish/default.nix
+++ b/user/fish/default.nix
@ -35,14 +35,6 @@ in
        set_color normal

        bind \cy 'commandline | wl-copy -n'
-
-        function envsource
-          for line in (cat $argv | grep -v '^#' |  grep -v '^\s*$' | sed -e 's/=/ /' -e "s/'//g" -e 's/"//g' )
-            set export (string split ' ' $line)
-            set -gx $export[1] $export[2]
-            echo "Exported key $export[1]"
-          end
-        end
      '';
      shellAliases = {
        rm = "trash";
@ -64,7 +56,7 @@ in
        suv = "systemct --user";
        # docker abbrs
        d = "docker";
-        dc = "docker compose";
+        dc = "docker-compose";
        # git abbrs
        g = "git";
        ga = "git add";
--- a/user/gaming.nix
+++ b/user/gaming.nix
@ -17,7 +17,7 @@ in
      # steam # It's enabled in the system config
      tlauncher
      gamescope
-      mesa-demos
+      glxinfo
      vulkan-tools
    ];
  };
--- a/user/git.nix
+++ b/user/git.nix
@ -16,6 +16,7 @@ in
        user = {
          name = username;
          email = mail.personal.user;
+          signingkey = "2F8F21CE8721456B";
        };
        init.defaultBranch = "main";
        core = {
@ -24,9 +25,11 @@ in
        };
        commit = {
          verbose = true;
+          gpgsign = true;
        };
        fetch = {
          prune = true;
+          pruneTags = true;
          all = true;
        };
        push = {
--- a/user/gnome.nix
+++ b/user/gnome.nix
@ -43,7 +43,7 @@ lib.mkIf (config.my.desktop == "gnome") {
    qt6Packages.qtstyleplugin-kvantum
  ];

-  services.gpg-agent.pinentry.package = pkgs.pinentry-gnome;
+  services.gpg-agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;

  xdg.defaultApplications = {
    enable = lib.mkForce false;
--- a/user/home.nix
+++ b/user/home.nix
@ -24,7 +24,6 @@
    ./mpv.nix
    ./mangohud.nix
    ./gaming.nix
-    ./lsfg-vk
    ./pipewire.nix
    ./mimeapps.nix
    ./desktop-entries.nix
@ -37,14 +36,13 @@
    ./pass.nix
    ./pqiv.nix
    ./zathura.nix
-    ./satty
    ./man.nix
    ./mpd.nix
    ./sway
    ./gnome.nix
    ./thunar.nix
    ./xdg-dirs.nix
-    inputs.nix-index-database.homeModules.nix-index
+    inputs.nix-index-database.hmModules.nix-index
    ../settings
    ./powerplay-led-idle.nix
    ./rm-target.nix
@ -73,14 +71,12 @@
    gavin-bc
    file
    jq
-    dust
+    du-dust
    p7zip
    tealdeer
    micro
    _diffr
    br # bulk rename
-    bcrypt
-    semver-tool

    comma

@ -114,6 +110,9 @@
    deluge
    nicotine-plus

+    ## Nix secrets management
+    inputs.agenix.packages.x86_64-linux.default
+
    ## Programming
    # rustup

@ -148,14 +147,12 @@
    enable = true;
  };

-  sops.age.sshKeyPaths = [ (config.home.homeDirectory + "/.ssh/id_ed25519") ];
-
  xdg.defaultApplications = {
    enable = true;
    text-editor = lib.mkDefault "kak.desktop";
    image-viewer = lib.mkDefault "pqiv.desktop";
    video-player = lib.mkDefault "mpv.desktop";
-    web-browser = lib.mkDefault "firefox-devedition.desktop";
+    web-browser = lib.mkDefault "firefox.desktop";
    document-viewer = lib.mkDefault "org.pwmt.zathura.desktop";
    file-manager = lib.mkDefault "thunar.desktop";
    archive-manager = "engrampa.desktop";
--- a/user/kakoune/default.nix
+++ b/user/kakoune/default.nix
@ -82,9 +82,6 @@ in
            rev = "1cc6baeb14b773916eb9209469aa77b3cfa67a0a";
            sha256 = "sha256-3PLxG9UtT0MMSibvTviXQIgTH3rApZ3WSbNCEH3c7HE=";
          };
-          buildInputs = with pkgs; [
-            python3Minimal
-          ];
        })
      ];
      extraConfig =
@ -110,7 +107,6 @@ in
          set global scrolloff 10,20
          set global autoreload yes
          set global startup_info_version 99999999
-          set global grepcmd 'rg -Hn'

        ''
        + (import ./colors.nix {
@ -130,7 +126,7 @@ in
      terminal
      ranger
      bmenu
-      kakoune-lsp
+      kak-lsp
      kak-tree-sitter
      kak-pager
      kak-man-pager
@ -142,8 +138,6 @@ in
      aspell
      aspellDicts.en
      aspellDicts.pt_BR
-
-      ripgrep
    ];
    home.activation = {
      update_kakoune = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
--- a/user/kakoune/filetypes.kak
+++ b/user/kakoune/filetypes.kak
@ -15,16 +15,8 @@ hook global WinSetOption filetype=nix %{
    set buffer formatcmd 'nixfmt'
 }

-hook global BufCreate .*\.json %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
-}
-
-hook global BufCreate .*\.ya?ml %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
-}
-
 hook global BufCreate .*\.html %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser html'
 }

 hook global BufCreate .*\.component\.html %{
@ -43,23 +35,11 @@ hook global BufCreate .*\.php %{
 }

 hook global BufCreate .*\.js %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
-}
-
-hook global BufCreate .*\.jsx %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
-}
-
-hook global BufCreate .*\.ts %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
-}
-
-hook global BufCreate .*\.tsx %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser babel'
 }

 hook global BufCreate .*\.scss %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser scss'
 }

 hook global BufCreate .*\.vue %{
--- a/user/kakoune/hooks.kak
+++ b/user/kakoune/hooks.kak
@ -15,7 +15,6 @@ hook global NormalIdle .* %{ evaluate-commands %sh{
 define-command -hidden -override git-try-show-diff %{
    evaluate-commands -draft %sh{
        test -f "$kak_buffile" || exit 0
-        echo "$kak_buffile" | grep '/\.git/' > /dev/null && exit 0
        cd $(dirname "$kak_buffile")
        git rev-parse --git-dir > /dev/null &&
        echo "git show-diff"
--- a/user/lsfg-vk/default.nix
+++ b/user/lsfg-vk/default.nix
@ -1,40 +0,0 @@
-{ pkgs, config, ... }:
-let
-  LosslessDllPath = config.home.homeDirectory + "/.local/lib/Lossless.dll";
-in
-{
-  home.file = {
-    ".local/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json".source =
-      "${pkgs.lsfg-vk}/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json";
-    ".local/lib/liblsfg-vk.so".source = "${pkgs.lsfg-vk}/lib/liblsfg-vk.so";
-  };
-
-  home.sessionVariables = {
-    # ENABLE_LSFG = 1; # Don't enable session wide, to avoid bugs
-    LSFG_DLL_PATH = LosslessDllPath;
-  };
-
-  home.packages = with pkgs; [
-    lsfg-vk
-    lsfg-vk-ui
-  ];
-
-  # Put the dll in a reachable location for steam games
-  # Secrets normally are a symlink to /run/user/1000/secrets.d/
-  # Every time sops-nix.service runs, we copy the dll
-  systemd.user.services.copy-lsfg-dll = {
-    Service = {
-      ExecStart = pkgs.writeShellScript "copy-lsfg-dll" ''
-        cp -fv "${config.sops.secrets."lsfg.dll".path}" "${LosslessDllPath}"
-      '';
-      Type = "oneshot";
-    };
-    Unit.After = [ "sops-nix.service" ];
-    Install.WantedBy = [ "sops-nix.service" ];
-  };
-
-  sops.secrets."lsfg.dll" = {
-    sopsFile = ../../secrets/lsfg.dll.gpg;
-    format = "binary";
-  };
-}
--- a/user/mangohud.nix
+++ b/user/mangohud.nix
@ -1,102 +1,68 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, ... }:
 let
  cfg = config.my.mangohud;
-
-  settings = {
-    # Display
-    no_display = true; # Hidden by default
-    font_size = "20";
-
-    toggle_preset = "Control_R+F9";
-    toggle_fps_limit = "Shift_R+F10";
-    toggle_hud_position = "Shift_R+F11";
-    toggle_hud = "Shift_R+F12";
-
-    # GPU
-    pci_dev = "0:03:00.0";
-    gpu_text = "RX 7800 XT";
-    gpu_stats = true;
-    gpu_load_change = true;
-    gpu_load_value = "50,90";
-    gpu_load_color = "FFFFFF,FFAA7F,CC0000";
-    gpu_voltage = true;
-    # throttling_status = true;
-    gpu_core_clock = true;
-    gpu_mem_clock = true;
-    gpu_temp = true;
-    gpu_mem_temp = true;
-    gpu_junction_temp = true;
-    gpu_fan = true;
-    gpu_power = true;
-    gpu_power_limit = true;
-
-    # CPU
-    cpu_text = "R7 8700G";
-    cpu_stats = true;
-    core_load = true;
-    core_bars = true;
-    cpu_load_change = true;
-    cpu_load_value = "50,90";
-    cpu_load_color = "FFFFFF,FFAA7F,CC0000";
-    cpu_mhz = true;
-    cpu_temp = true;
-    cpu_power = true;
-    io_read = true;
-    io_write = true;
-
-    # RAM
-    swap = true;
-    vram = true;
-    vram_color = "AD64C1";
-    ram = true;
-    ram_color = "C26693";
-    procmem = true;
-
-    # FPS
-    fps = true;
-    fps_metrics = "avg,0.01";
-    frame_timing = true;
-    frametime_color = "FFFFFF";
-    # throttling_status_graph = true;
-    show_fps_limit = true;
-    fps_limit = "288,0,30,60,75,90,120,144";
-
-    # Extra
-    resolution = true;
-    fsr = true;
-    winesync = true;
-    present_mode = true;
-    fps_color_change = true;
-    fps_color = "B22222,FDFD09,39F900";
-    fps_value = "60,144";
-  };
-
 in
 {
  options.my.mangohud.enable = lib.mkEnableOption { };

-  config = lib.mkIf cfg.enable {
-    programs.mangohud = {
+  config.programs.mangohud = lib.mkIf cfg.enable {
    enable = true;
    enableSessionWide = true;
-      inherit settings;
-    };
+    settings = {
+      full = true;
+      # histogram = true;
+      no_display = true;
+      fps_limit = "0,30,60,72,90,120,144,240,288,320";
+      toggle_fps_limit = "Shift_R+F10";
+      toggle_preset = "Control_R+F9";
+      fps_metrics = "Control_R+F8";

-    # Have the config file be a regular file and not a symlink, so it's easy to tinker with it
-    xdg.configFile."MangoHud/MangoHud.conf" = {
-      target = "MangoHud/MangoHud.conf.tmp";
-      onChange = ''
-        mkdir -p "${config.xdg.configHome}/MangoHud"
-        if [ -L "${config.xdg.configHome}/MangoHud/MangoHud.conf" ]; then
-          rm "${config.xdg.configHome}/MangoHud/MangoHud.conf"
-        fi
-        ${pkgs.coreutils}/bin/cp --dereference "${config.xdg.configHome}/MangoHud/MangoHud.conf.tmp" "${config.xdg.configHome}/MangoHud/MangoHud.conf"
-      '';
+      # legacy_layout = "false";
+      # gpu_stats = true;
+      # gpu_temp = true;
+      # gpu_core_clock = true;
+      # gpu_mem_clock = true;
+      # gpu_power = true;
+      # gpu_load_change = true;
+      # gpu_load_value = "50,90";
+      gpu_load_color = "FFFFFF,FFAA7F,CC0000";
+      # gpu_text = "GPU";
+      # cpu_stats = true;
+      # cpu_temp = true;
+      # cpu_power = true;
+      # cpu_mhz = true;
+      # cpu_load_change = true;
+      # core_load_change = true;
+      # cpu_load_value = "50,90";
+      cpu_load_color = "FFFFFF,FFAA7F,CC0000";
+      cpu_color = "2e97cb";
+      # cpu_text = "CPU";
+      # io_stats = true;
+      # io_read = true;
+      # io_write = true;
+      io_color = "a491d3";
+      # swap = true;
+      # vram = true;
+      vram_color = "ad64c1";
+      # ram = true;
+      ram_color = "c26693";
+      # fps = true;
+      engine_color = "eb5b5b";
+      gpu_color = "2e9762";
+      wine_color = "eb5b5b";
+      # frame_timing = "1";
+      frametime_color = "00ff00";
+      media_player_color = "ffffff";
+      background_alpha = "0.8";
+      font_size = "24";
+
+      background_color = "020202";
+      position = "top-left";
+      # text_color = "ffffff";
+      round_corners = "10";
+      toggle_hud = "Shift_R+F12";
+      # toggle_logging = "Shift_L+F12";
+      # output_folder = "/home/lelgenio";
    };
  };
 }
--- a/user/ranger/default.nix
+++ b/user/ranger/default.nix
@ -19,7 +19,7 @@
    wl-clipboard

    highlight # syntax highlight
-    poppler-utils # pdf preview
+    poppler_utils # pdf preview
    ffmpeg # audio preview
    ffmpegthumbnailer # video preview
    fontforge # font preview
--- a/user/ranger/rc.conf
+++ b/user/ranger/rc.conf
@ -27,10 +27,10 @@ set confirm_on_delete multiple
 # Use non-default path for file preview script?
 # ranger ships with scope.sh, a script that calls external programs (see
 # README.md for dependencies) to preview images, archives, etc.
-# set preview_script ~/.config/ranger/scope.sh
+set preview_script ~/.config/ranger/scope.sh

 # Use the external preview script or display simple plain text or image previews?
-# set use_preview_script true
+set use_preview_script true

 # Automatically count files in the directory, even before entering them?
 set automatically_count_files true
@ -40,7 +40,7 @@ set automatically_count_files true
 set open_all_images true

 # Be aware of version control systems and display information.
-set vcs_aware false
+set vcs_aware true

 # State of the four backends git, hg, bzr, svn. The possible states are
 # disabled, local (only show local info), enabled (show local and remote
--- a/user/rofi.nix
+++ b/user/rofi.nix
@ -18,7 +18,7 @@ in
  config = {
    programs.rofi = {
      enable = true;
-      package = pkgs.rofi.override {
+      package = pkgs.rofi-wayland.override {
        plugins = with pkgs; [
          rofi-emoji
          rofi-file-browser
--- a/user/satty/config.toml
+++ b/user/satty/config.toml
@ -1,63 +0,0 @@
-[general]
-# Start Satty in fullscreen mode
-fullscreen = true
-# Exit directly after copy/save action
-early-exit = true
-# Draw corners of rectangles round if the value is greater than 0 (0 disables rounded corners)
-corner-roundness = 12
-# Select the tool on startup [possible values: pointer, crop, line, arrow, rectangle, text, marker, blur, brush]
-initial-tool = "brush"
-# Configure the command to be called on copy, for example `wl-copy`
-copy-command = "wl-copy"
-# Increase or decrease the size of the annotations
-# annotation-size-factor = 2
-# Filename to use for saving action. Omit to disable saving to file. Might contain format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime/index.html
-# output-filename = "/tmp/test-%Y-%m-%d_%H:%M:%S.png"
-# After copying the screenshot, save it to a file as well
-# save-after-copy = false
-# Hide toolbars by default
-# default-hide-toolbars = false
-# Experimental: whether window focus shows/hides toolbars. This does not affect initial state of toolbars, see default-hide-toolbars.
-# focus-toggles-toolbars = false
-# The primary highlighter to use, the other is accessible by holding CTRL at the start of a highlight [possible values: block, freehand]
-primary-highlighter = "block"
-# Disable notifications
-disable-notifications = true
-# Actions to trigger on right click (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-right-click = []
-# Actions to trigger on Enter key (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-enter = ["save-to-clipboard"]
-# Actions to trigger on Escape key (order is important)
-# [possible values: save-to-clipboard, save-to-file, exit]
-# actions-on-escape = ["exit"]
-# Action to perform when the Enter key is pressed [possible values: save-to-clipboard, save-to-file]
-# Deprecated: use actions-on-enter instead
-action-on-enter = "save-to-clipboard"
-# Right click to copy
-# Deprecated: use actions-on-right-click instead
-# right-click-copy = false
-# request no window decoration. Please note that the compositor has the final say in this. At this point. requires xdg-decoration-unstable-v1.
-# no-window-decoration = true
-# experimental feature: adjust history size for brush input smooting (0: disabled, default: 0, try e.g. 5 or 10)
-# brush-smooth-history-size = 10
-
-# Font to use for text annotations
-[font]
-family = "Roboto"
-style = "Bold"
-
-# Custom colours for the colour palette
-[color-palette]
-# These will be shown in the toolbar for quick selection
-palette = [
-    "#ff0000",
-    "#00ffff",
-    "#a52a2a",
-    "#dc143c",
-    "#ff1493",
-    "#ffd700",
-    "#008000",
-]
-
--- a/user/satty/default.nix
+++ b/user/satty/default.nix
@ -1,22 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  cfg = config.my.satty;
-in
-{
-  options.my.satty.enable = lib.mkEnableOption { };
-
-  config = lib.mkIf cfg.enable {
-    xdg.configFile."satty/config.toml" = {
-      source = ./config.toml;
-    };
-
-    home.packages = with pkgs; [
-      satty
-    ];
-  };
-}
--- a/user/sway/default.nix
+++ b/user/sway/default.nix
@ -14,14 +14,12 @@ in
  imports = [
    ./kanshi.nix
    ./mako.nix
-    ./sway-sync-xkbmap.nix
    ./sway-binds.nix
    ./sway-modes.nix
    ./sway-assigns.nix
    ./swayidle.nix
    ./swaylock.nix
    ./theme.nix
-    ./gammastep.nix
  ];

  options.my.sway.enable = lib.mkEnableOption { };
@ -33,9 +31,7 @@ in
    my.swaylock.enable = true;
    my.mpd.enable = true;
    my.zathura.enable = true;
-    my.satty.enable = true;
    my.waybar.enable = true;
-    my.gammastep.enable = true;

    wayland.windowManager.sway = {
      enable = true;
@ -77,19 +73,10 @@ in
          };
        output = {
          "*" = {
+            adaptive_sync = "on";
            bg = "${theme.background} fill";
-          };
-          "AOC 24G2W1G4 ATNM6XA004804" = {
-            position = "0,0";
-            adaptive_sync = "on";
            mode = "1920x1080@144.000Hz";
          };
-          "LG Electronics 25UM58G 0x01010101" = {
-            position = "1920,215";
-            adaptive_sync = "on";
-            scale = "1.2";
-            mode = "2560x1080@74.991Hz";
-          };
        };
        fonts = {
          names = [ font.interface ];
@ -128,18 +115,19 @@ in
        exec_always systemctl --user restart waybar.service
      '';
    };
+    services.gammastep = {
+      enable = true;
+      provider = "geoclue2";
+    };

    services.kdeconnect = {
      enable = true;
      indicator = true;
    };

-    services.gpg-agent.pinentry.package = pkgs.pinentry-all;
+    services.gpg-agent.pinentryPackage = pkgs.pinentry-all;

-    xdg.configFile."OpenTabletDriver/settings.json" = {
-      force = true;
-      source = ./open-tablet-driver.json;
-    };
+    xdg.configFile."OpenTabletDriver/settings.json".source = ./open-tablet-driver.json;

    home.packages = with pkgs; [
      mySway
@ -164,7 +152,6 @@ in
      wl-clipboard
      wtype
      wl-crosshair
-      caffeinated

      grim
      satty
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Leonardo Eugênio	a899d5b159	home: add automatic home-manager cleanup service	2025-03-27 01:07:27 -03:00
Leonardo Eugênio	e649117615	refactor: move rm-target service and timer to separate file	2025-03-26 21:58:24 -03:00
Leonardo Eugênio	fd3c642a10	factorio: update backup script filename to fix syncthing integration	2025-03-23 16:30:08 -03:00
Leonardo Eugênio	dc6f25fd23	update	2025-03-21 00:55:53 -03:00
Leonardo Eugênio	ccc5a10793	firefox: remove header styling	2025-03-20 20:51:33 -03:00
Leonardo Eugênio	5e3260a57e	cursor: add cursor editor	2025-03-20 20:36:48 -03:00
Leonardo Eugênio	07b509750b	gnome: install menulibre	2025-03-20 20:31:27 -03:00
lelgenio	c361efb1eb	variables: switch to gnome	2025-03-20 16:59:12 -03:00