116 changed files with 902 additions and 1862 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +0,0 @@
 flake.lock binary
 *.gpg binary
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,37 +0,0 @@
 keys:
  - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
  - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
  - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
  - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
  - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
 creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *monolith-ssh
  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini|gpg)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *monolith-ssh
  - path_regex: secrets/double-rainbow/[^/]+\.(yaml|json|env|ini|gpg)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *monolith-ssh
      - *double-rainbow-ssh
  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
    key_groups:
    - pgp:
      - *lelgenio-gpg
      age:
      - *lelgenio-ssh
      - *phantom-ssh
--- a/flake.lock
+++ b/flake.lock
@ -16,6 +16,31 @@
        "type": "github"
      }
    },
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": [
          "home-manager"
        ],
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1736955230,
        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "blobs": {
      "flake": false,
      "locked": {
@ -48,22 +73,6 @@
        "url": "https://git.lelgenio.com/lelgenio/catboy-spinner"
      }
    },
    "contador-da-viagem": {
      "flake": false,
      "locked": {
        "lastModified": 1742610036,
        "narHash": "sha256-sY1iheemazmIVJAnoFtut6cN7HX/C5OMDY54UrmCoqE=",
        "ref": "refs/heads/main",
        "rev": "efe5ac4a16de7f78824ac89dc987ef635afa5267",
        "revCount": 4,
        "type": "git",
        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
      },
      "original": {
        "type": "git",
        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
      }
    },
    "crane": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -130,6 +139,28 @@
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1700795494,
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "demoji": {
      "inputs": {
        "advisory-db": "advisory-db",
@ -178,11 +209,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769524058,
+        "lastModified": 1740485968,
-        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
+        "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
+        "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
        "type": "github"
      },
      "original": {
@ -196,11 +227,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1764972059,
+        "lastModified": 1739502527,
-        "narHash": "sha256-MLdmXiPhouR4nSxIZwNEHWGYT2rR9UquaYGbZPEBgRk=",
+        "narHash": "sha256-KMLNOCWmqdDeAZV5O1ccRmVqRutDcy4IONJin3lzd0Q=",
        "owner": "lelgenio",
        "repo": "dzgui-nix",
-        "rev": "14bd77c58f4cc4864513f9d887ad387337c9411f",
+        "rev": "06fcea9445b5a005b40469a69f57f2147398bc94",
        "type": "github"
      },
      "original": {
@ -250,11 +281,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1761588595,
+        "lastModified": 1696426674,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -265,7 +296,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1681202837,
@ -283,7 +314,7 @@
    },
    "flake-utils_2": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1681202837,
@ -316,7 +347,7 @@
    },
    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1681202837,
@ -334,7 +365,7 @@
    },
    "flake-utils_5": {
      "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1681202837,
@ -352,7 +383,7 @@
    },
    "flake-utils_6": {
      "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1681202837,
@ -370,7 +401,7 @@
    },
    "flake-utils_7": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1710146030,
@ -386,54 +417,6 @@
        "type": "github"
      }
    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
          "nixos-mailserver",
          "flake-compat"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "nixos-mailserver",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1763319842,
        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "nixos-mailserver",
          "git-hooks",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "hello-fonts": {
      "flake": false,
      "locked": {
@ -457,40 +440,20 @@
        ]
      },
      "locked": {
-        "lastModified": 1770260404,
+        "lastModified": 1739757849,
-        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
+        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
+        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.11",
+        "ref": "release-24.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "lsfg-vk-flake": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1756367273,
        "narHash": "sha256-u7/qG5xQxW+o51R2lBPj0NxU3oFrUwj78UlCKKNHGAc=",
        "owner": "pabloaul",
        "repo": "lsfg-vk-flake",
        "rev": "62aadfc844b2002abe47cbbc9dfd028033376248",
        "type": "github"
      },
      "original": {
        "owner": "pabloaul",
        "repo": "lsfg-vk-flake",
        "type": "github"
      }
    },
    "made-you-look": {
      "inputs": {
        "crane": "crane_2",
@ -518,11 +481,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770315571,
+        "lastModified": 1740281615,
-        "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=",
+        "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb",
+        "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023",
        "type": "github"
      },
      "original": {
@ -535,22 +498,22 @@
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat_2",
        "git-hooks": "git-hooks",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
-        "lastModified": 1766537863,
+        "lastModified": 1740437053,
-        "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
+        "narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
+        "rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-25.11",
+        "ref": "master",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
@ -571,28 +534,28 @@
        "type": "github"
      }
    },
-    "nixpkgs-mesa-26": {
+    "nixpkgs-24_11": {
      "locked": {
-        "lastModified": 1770837954,
+        "lastModified": 1734083684,
-        "narHash": "sha256-B9rn+KSP/+lgM7j406sDIapS1IedxgACFdiRHzMTzVU=",
+        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "157721757fca10d3f26d11ace9883f1f0b0bccef",
+        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "rev": "157721757fca10d3f26d11ace9883f1f0b0bccef",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1770562336,
+        "lastModified": 1740367490,
-        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
+        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
+        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
        "type": "github"
      },
      "original": {
@ -649,26 +612,26 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1770464364,
+        "lastModified": 1740339700,
-        "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=",
+        "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457",
+        "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.11",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1770107345,
+        "lastModified": 1735554305,
-        "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
+        "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
+        "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd",
        "type": "github"
      },
      "original": {
@ -729,11 +692,11 @@
    "ranger-icons": {
      "flake": false,
      "locked": {
-        "lastModified": 1749128401,
+        "lastModified": 1736375293,
-        "narHash": "sha256-qvWqKVS4C5OO6bgETBlVDwcv4eamGlCUltjsBU3gAbA=",
+        "narHash": "sha256-ck53eG+mGIQ706sUnEHbJ6vY1/LYnRcpq94JXzwnGTQ=",
        "owner": "alexanderjeurissen",
        "repo": "ranger_devicons",
-        "rev": "1bcaff0366a9d345313dc5af14002cfdcddabb82",
+        "rev": "f227f212e14996fbb366f945ec3ecaf5dc5f44b0",
        "type": "github"
      },
      "original": {
@ -744,24 +707,21 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "catboy-spinner": "catboy-spinner",
        "contador-da-viagem": "contador-da-viagem",
        "demoji": "demoji",
        "dhist": "dhist",
        "disko": "disko",
        "dzgui-nix": "dzgui-nix",
        "hello-fonts": "hello-fonts",
        "home-manager": "home-manager",
        "lsfg-vk-flake": "lsfg-vk-flake",
        "made-you-look": "made-you-look",
        "nix-index-database": "nix-index-database",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs_5",
        "nixpkgs-mesa-26": "nixpkgs-mesa-26",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "plymouth-themes": "plymouth-themes",
        "ranger-icons": "ranger-icons",
        "sops-nix": "sops-nix",
        "tlauncher": "tlauncher",
        "tomater": "tomater",
        "treefmt-nix": "treefmt-nix",
@ -815,26 +775,6 @@
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1770526836,
        "narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -925,6 +865,21 @@
        "type": "github"
      }
    },
    "systems_7": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "tlauncher": {
      "inputs": {
        "flake-utils": "flake-utils_5",
@ -939,11 +894,11 @@
        "rev": "6a68f2cda0aa2fbb399a4c43b445e8c1a2df0634",
        "revCount": 4,
        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
      },
      "original": {
        "type": "git",
-        "url": "https://git.lelgenio.com/lelgenio/tlauncher-nix"
+        "url": "https://git.lelgenio.xyz/lelgenio/tlauncher-nix"
      }
    },
    "tomater": {
@ -967,11 +922,11 @@
        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
-        "lastModified": 1770228511,
+        "lastModified": 1739829690,
-        "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
+        "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
+        "rev": "3d0579f5cc93436052d94b73925b48973a104204",
        "type": "github"
      },
      "original": {
@ -982,11 +937,11 @@
    },
    "vpsadminos": {
      "locked": {
-        "lastModified": 1770130846,
+        "lastModified": 1740082937,
-        "narHash": "sha256-B9uMrG9ghVJWNBXOMmKMqfxErh58A2AINXsdqMpgyvc=",
+        "narHash": "sha256-HcTWGIzG2leM0gZabg9lkY7iLwvAe49lqXEzez/Rp/s=",
        "owner": "vpsfreecz",
        "repo": "vpsadminos",
-        "rev": "5e3a56de3af9244d2ebab808c24e5d590115534b",
+        "rev": "521427c69173bc443de940ba88d4f58d5fa8d8e2",
        "type": "github"
      },
      "original": {
@ -1002,11 +957,11 @@
        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
-        "lastModified": 1758999384,
+        "lastModified": 1719076817,
-        "narHash": "sha256-n1RiAhVtPxhjHmKoOBfEleTAMwz9JSvLmZyCQYpwXSQ=",
+        "narHash": "sha256-B6NTomYXL50j6fabZrAGvTPp3zv5oFxNUhwvLhDNoMw=",
        "ref": "refs/heads/main",
-        "rev": "0949b2fe4f54f74bf880c2034f6fc3a7d15b7cef",
+        "rev": "406d6646970191c016a375f25a35aa00dfa0d4aa",
-        "revCount": 6,
+        "revCount": 4,
        "type": "git",
        "url": "https://git.lelgenio.com/lelgenio/warthunder-leak-counter"
      },
@ -1021,11 +976,11 @@
        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
-        "lastModified": 1762293940,
+        "lastModified": 1715216838,
-        "narHash": "sha256-KfieW/NePLvh/5sEpoPW2jkaETSAeEFZsz8580YwbBE=",
+        "narHash": "sha256-q5key9BWJjJQqECrhflso9ZTzULBeScvromo0S4fjqE=",
        "owner": "lelgenio",
        "repo": "wl-crosshair",
-        "rev": "233b6db7b39c80a92ac116c4ef4d88de4b49cbce",
+        "rev": "39b716cf410a1b45006f50f32f8d63de5c43aedb",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,12 +1,10 @@
 {
  description = "My system config";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.11";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
-    nixpkgs-mesa-26.url = "nixpkgs/157721757fca10d3f26d11ace9883f1f0b0bccef";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
    home-manager.url = "github:nix-community/home-manager/release-25.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    vpsadminos.url = "github:vpsfreecz/vpsadminos";
@ -22,25 +20,21 @@
    plymouth-themes.url = "github:adi1090x/plymouth-themes";
    plymouth-themes.flake = false;
-    sops-nix = {
+    agenix = {
-      url = "github:Mic92/sops-nix";
+      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    dzgui-nix.url = "github:lelgenio/dzgui-nix";
    tlauncher = {
-      url = "git+https://git.lelgenio.com/lelgenio/tlauncher-nix";
+      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lsfg-vk-flake = {
      url = "github:pabloaul/lsfg-vk-flake";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@ -57,10 +51,6 @@
    wl-crosshair.url = "github:lelgenio/wl-crosshair";
    warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
    made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
    contador-da-viagem = {
      url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem";
      flake = false;
    };
    catboy-spinner = {
      url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
      flake = false;
@ -100,16 +90,16 @@
      specialArgs = {
        inherit inputs;
        self = inputs.self;
      };
-      common_modules = [
+      common_modules =
        [
          { nixpkgs.pkgs = pkgs; }
          ./system/configuration.nix
-        ./system/sops.nix
+          ./system/secrets.nix
          ./system/greetd.nix
          { login-manager.greetd.enable = desktop == "sway"; }
-        inputs.sops-nix.nixosModules.default
+          inputs.agenix.nixosModules.default
          inputs.home-manager.nixosModules.home-manager
          inputs.disko.nixosModules.disko
          (
@ -121,7 +111,6 @@
                my = config.my;
                imports = [
                  ./user/home.nix
                inputs.sops-nix.homeManagerModules.sops
                ];
              };
              home-manager.backupFileExtension = "bkp";
@ -152,21 +141,19 @@
            ./system/monolith-gitlab-runner.nix
            ./system/monolith-forgejo-runner.nix
            ./system/nix-serve.nix
-          ]
+          ] ++ common_modules;
          ++ common_modules;
        };
        double-rainbow = lib.nixosSystem {
          inherit system specialArgs;
          modules = [
-            ./hosts/double-rainbow
+            ./hosts/double-rainbow.nix
-          ]
+            ./system/rainbow-gitlab-runner.nix
-          ++ common_modules;
+          ] ++ common_modules;
        };
        pixie = lib.nixosSystem {
          inherit system specialArgs;
-          modules = [
+          modules =
-            ./hosts/pixie.nix
+            [ ./hosts/pixie.nix ]
          ]
            ++ common_modules
            ++ [
              {
--- a/hosts/double-rainbow/default.nix
+++ b/hosts/double-rainbow/default.nix
@ -17,13 +17,7 @@ let
  ];
 in
 {
-  imports = [
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
    (modulesPath + "/installer/scan/not-detected.nix")
    ./gitlab-runner.nix
    ./nebula-vpn.nix
  ];
  my.nix-ld.enable = true;
  boot.initrd.availableKernelModules = [
    "xhci_pci"
--- a/hosts/double-rainbow/gitlab-runner.nix
+++ b/hosts/double-rainbow/gitlab-runner.nix
@ -1,36 +0,0 @@
 {
  config,
  pkgs,
  ...
 }:
 let
  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
 in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
    settings.concurrent = 4;
    services = {
      wopus-gitlab-nix = mkNixRunnerFull {
        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
      };
    };
  };
  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
  sops.secrets = {
    "gitlab-runners/wopus-gitlab-nix" = {
      sopsFile = ../../secrets/double-rainbow/default.yaml;
    };
    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
      sopsFile = ../../secrets/double-rainbow/default.yaml;
    };
    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
      sopsFile = ../../secrets/double-rainbow/default.yaml;
    };
  };
 }
--- a/hosts/double-rainbow/nebula-vpn.nix
+++ b/hosts/double-rainbow/nebula-vpn.nix
@ -1,51 +0,0 @@
 { pkgs, config, ... }:
 let
  s = config.sops.secrets;
  secretConfig = {
    owner = "nebula-wopus";
    group = "nebula-wopus";
    restartUnits = [ "nebula@wopus.service" ];
    sopsFile = ../../secrets/double-rainbow/default.yaml;
  };
 in
 {
  environment.systemPackages = with pkgs; [ nebula ];
  services.nebula.networks.wopus = {
    enable = true;
    isLighthouse = false;
    lighthouses = [ "192.168.88.1" ];
    settings = {
      cipher = "aes";
    };
    cert = s."nebula-wopus-vpn/double-rainbow-crt".path;
    key = s."nebula-wopus-vpn/double-rainbow-key".path;
    ca = s."nebula-wopus-vpn/ca-crt".path;
    staticHostMap = {
      "192.168.88.1" = [
        "neubla-vpn.wopus.dev:4242"
      ];
    };
    firewall.outbound = [
      {
        host = "any";
        port = "any";
        proto = "any";
      }
    ];
    firewall.inbound = [
      {
        host = "any";
        port = "any";
        proto = "any";
      }
    ];
  };
  sops.secrets = {
    "nebula-wopus-vpn/ca-crt" = secretConfig;
    "nebula-wopus-vpn/double-rainbow-crt" = secretConfig;
    "nebula-wopus-vpn/double-rainbow-key" = secretConfig;
  };
 }
--- a/hosts/monolith/amdgpu.nix
+++ b/hosts/monolith/amdgpu.nix
@ -1,23 +1,40 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
  undervoltGpu = pkgs.writeShellScript "undervolt-gpu" ''
    set -xe
    cd $1
    echo "manual" > power_dpm_force_performance_level
    echo "1" > pp_power_profile_mode
    test -e pp_od_clk_voltage
    echo "vo -120" > pp_od_clk_voltage
    echo "c" > pp_od_clk_voltage
  '';
 in
 {
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "video=DP-1:1920x1080@144"
    "amdgpu.ppfeaturemask=0xfffd7fff" # enable undervolting
  ];
-  # hardware.amdgpu = {
+  systemd.services.amd-fan-control = {
-  #   overdrive = {
+    script = ''
-  #     enable = true;
+      ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 85
-  #     ppfeaturemask = "0xffffffff";
+    '';
-  #   };
+    serviceConfig = {
-  # };
+      Restart = "always";
-
+      RestartSec = 10;
-  hardware.graphics.package = pkgs.pkgs-mesa-26.mesa;
+    };
    wantedBy = [ "multi-user.target" ];
  };
  hardware.graphics.enable32Bit = true;
  hardware.graphics.extraPackages = with pkgs; [
-    # libva needs to match `hardware.graphics.package`
+    libva
    pkgs-mesa-26.libva
  ];
  services.udev.extraRules = ''
    ACTION=="add", SUBSYSTEM=="hwmon", ATTR{name}=="amdgpu", ATTR{power1_cap}="186000000", RUN+="${undervoltGpu} %S%p/device"
  '';
 }
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -25,8 +25,6 @@ in
    ./partition.nix
    ./amdgpu.nix
    ./factorio-server.nix
    ./nebula-vpn.nix
    ./minio.nix
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
@ -43,10 +41,7 @@ in
    package = pkgs.unstable.opentabletdriver;
  };
  sops.defaultSopsFile = lib.mkForce ../../secrets/monolith/default.yaml;
  my.gaming.enable = true;
  my.nix-ld.enable = true;
  boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
@ -98,8 +93,7 @@ in
    options = [
      "subvol=@games"
      "nofail"
-    ]
+    ] ++ btrfs_options;
    ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Downloads/Torrents" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -107,8 +101,7 @@ in
    options = [
      "subvol=@torrents"
      "nofail"
-    ]
+    ] ++ btrfs_options;
    ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Música" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -116,8 +109,7 @@ in
    options = [
      "subvol=@music"
      "nofail"
-    ]
+    ] ++ btrfs_options;
    ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/data" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
@ -125,8 +117,7 @@ in
    options = [
      "subvol=@data"
      "nofail"
-    ]
+    ] ++ btrfs_options;
    ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
@ -150,9 +141,9 @@ in
    # Fix broken suspend with Logitech USB dongle
    # `lsusb | grep Logitech` will return "vendor:product"
    ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled"
-    # Force all disks to use kyber scheduler
+    # Force all disks to use mq-deadline scheduler
    # For some reason "noop" is used by default which is kinda bad when io is saturated
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="kyber"
+    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
  '';
  boot.tmp = {
--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@ -7,12 +7,12 @@
 {
  services.factorio = {
    enable = true;
-    package = pkgs.my-factorio-headless;
+    package = pkgs.factorio-headless; # I override this in ./pkgs
    public = true;
    lan = true;
    openFirewall = true;
    admins = [ "lelgenio" ];
-    extraSettingsFile = config.sops.secrets."factorio/server-config.json".path;
+    extraSettingsFile = config.age.secrets.factorio-settings.path;
  };
  systemd.services.factorio = {
@ -23,12 +23,11 @@
  systemd.services.factorio-backup-save = {
    description = "Backup factorio saves";
    script = ''
      FILENAME="space-age-$(date --iso=seconds | tr ':' '_').zip"
      ${lib.getExe pkgs.rsync} \
        -av  \
        --chown=lelgenio \
        /var/lib/factorio/saves/default.zip \
-        ~lelgenio/Documentos/GameSaves/factorio_saves/$FILENAME
+        ~lelgenio/Documentos/GameSaves/factorio_saves/space-age-$(date --iso=seconds).zip
    '';
    serviceConfig.Type = "oneshot";
    wantedBy = [ "multi-user.target" ];
@ -43,7 +42,8 @@
    wantedBy = [ "timers.target" ];
  };
-  sops.secrets."factorio/server-config.json" = {
+  age.secrets.factorio-settings = {
    file = ../../secrets/factorio-settings.age;
    mode = "777";
  };
 }
--- a/hosts/monolith/minio.nix
+++ b/hosts/monolith/minio.nix
@ -1,43 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  s = config.sops.secrets;
  dataDir = "/var/lib/minio";
  s3Port = 14749;
  consolePort = 10601;
  secretConfig = {
    owner = "minio";
    group = "minio";
    restartUnits = [ "minio.service" ];
    sopsFile = ../../secrets/monolith/default.yaml;
  };
 in
 {
  services.minio = {
    enable = true;
    dataDir = [ dataDir ];
    listenAddress = "0.0.0.0:${toString s3Port}";
    consoleAddress = "127.0.0.1:${toString consolePort}";
    rootCredentialsFile = config.sops.secrets."minio/root-credentials".path;
  };
  systemd.tmpfiles.rules = [
    "d ${dataDir} 0755 minio minio -"
  ];
  networking.firewall.allowedTCPPorts = [ s3Port ];
  sops.secrets = {
    "minio/root-credentials" = secretConfig;
  };
 }
--- a/hosts/monolith/nebula-vpn.nix
+++ b/hosts/monolith/nebula-vpn.nix
@ -1,61 +0,0 @@
 { pkgs, config, ... }:
 let
  s = config.sops.secrets;
  secretConfig = {
    owner = "nebula-wopus";
    group = "nebula-wopus";
    restartUnits = [ "nebula@wopus.service" ];
    sopsFile = ../../secrets/monolith/default.yaml;
  };
 in
 {
  environment.systemPackages = with pkgs; [ nebula ];
  services.nebula.networks.wopus = {
    enable = true;
    isLighthouse = false;
    lighthouses = [
      "192.168.88.1"
      "192.168.88.2"
      "192.168.88.3"
    ];
    settings = {
      cipher = "aes";
    };
    cert = s."nebula-wopus-vpn/monolith-crt".path;
    key = s."nebula-wopus-vpn/monolith-key".path;
    ca = s."nebula-wopus-vpn/ca-crt".path;
    staticHostMap = {
      "192.168.88.1" = [
        "neubla-vpn.wopus.dev:4242"
      ];
      "192.168.88.2" = [
        "82.25.77.78:4242"
      ];
      "192.168.88.3" = [
        "72.60.60.221:4242"
      ];
    };
    firewall.outbound = [
      {
        host = "any";
        port = "any";
        proto = "any";
      }
    ];
    firewall.inbound = [
      {
        host = "any";
        port = "any";
        proto = "any";
      }
    ];
  };
  sops.secrets = {
    "nebula-wopus-vpn/ca-crt" = secretConfig;
    "nebula-wopus-vpn/monolith-crt" = secretConfig;
    "nebula-wopus-vpn/monolith-key" = secretConfig;
  };
 }
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@ -2,15 +2,12 @@
  config,
  pkgs,
  inputs,
  lib,
  ...
 }:
 {
  imports = [
    inputs.vpsadminos.nixosConfigurations.container
-    inputs.sops-nix.nixosModules.default
+    inputs.agenix.nixosModules.default
    ../../system/sops.nix
    ../../system/nix.nix
    ./hardware-config.nix
    ./mastodon.nix
@ -52,7 +49,7 @@
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  # Select internationalisation properties.
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";
  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
@ -60,15 +57,6 @@
    identityPaths = [ "/root/.ssh/id_rsa" ];
  };
  sops = {
    secrets.hello = { };
    defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;
  };
  environment.etc."teste-sops" = {
    text = config.sops.secrets.hello.path;
  };
  virtualisation.docker = {
    enable = true;
    daemon.settings = {
--- a/hosts/phantom/email.nix
+++ b/hosts/phantom/email.nix
@ -36,16 +36,12 @@
        hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
      };
    };
    enableManageSieve = true;
    stateVersion = 3;
  };
  # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
-  services.postfix.settings.main = {
+  services.postfix.extraConfig = ''
-    smtp_address_preference = "ipv4";
+    smtp_address_preference = ipv4
-  };
+  '';
  # Webmail
  services.roundcube = {
@ -56,7 +52,7 @@
      $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
-      $config['plugins'] = [ "carddav", "archive", "managesieve" ];
+      $config['plugins'] = [ "carddav", "archive" ];
    '';
  };
 }
--- a/hosts/phantom/forgejo.nix
+++ b/hosts/phantom/forgejo.nix
@ -42,10 +42,11 @@ in
        USER = "noreply@git.lelgenio.com";
      };
    };
-    secrets.mailer.PASSWD = config.sops.secrets."forgejo/smtp_password".path;
+    mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
  };
-  sops.secrets."forgejo/smtp_password" = {
+  age.secrets.phantom-forgejo-mailer-password = {
    file = ../../secrets/phantom-forgejo-mailer-password.age;
    mode = "400";
    owner = "forgejo";
  };
--- a/hosts/phantom/goofs.nix
+++ b/hosts/phantom/goofs.nix
@ -43,9 +43,4 @@
    forceSSL = true;
    root = inputs.hello-fonts;
  };
  services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = inputs.contador-da-viagem;
  };
 }
--- a/hosts/phantom/hardware-config.nix
+++ b/hosts/phantom/hardware-config.nix
@ -5,7 +5,7 @@
    options = [ "nofail" ];
  };
  fileSystems."/var/lib/mastodon" = {
-    device = "172.16.131.19:/nas/5749/mastodon";
+    device = "172.16.130.7:/nas/5749/mastodon";
    fsType = "nfs";
    options = [ "nofail" ];
  };
--- a/hosts/phantom/invidious.nix
+++ b/hosts/phantom/invidious.nix
@ -23,7 +23,7 @@
    #     "visitor_data": "...",
    #     "po_token": "..."
    # }
-    extraSettingsFile = config.sops.secrets."invidious/settings.json".path;
+    extraSettingsFile = config.age.secrets.phantom-invidious-settings.path;
    settings = {
      force_resolve = "ipv6";
      db = {
@ -33,7 +33,8 @@
    };
  };
-  sops.secrets."invidious/settings.json" = {
+  age.secrets.phantom-invidious-settings = {
    file = ../../secrets/phantom-invidious-settings.age;
    mode = "666";
  };
 }
--- a/hosts/phantom/mastodon.nix
+++ b/hosts/phantom/mastodon.nix
@ -14,14 +14,15 @@
      host = "lelgenio.com";
      fromAddress = "noreply@social.lelgenio.com";
      user = "noreply@social.lelgenio.com";
-      passwordFile = config.sops.secrets."mastodon/smtp-password".path;
+      passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
    };
    streamingProcesses = 2;
    extraConfig.SINGLE_USER_MODE = "true";
    mediaAutoRemove.olderThanDays = 5;
  };
-  sops.secrets."mastodon/smtp-password" = {
+  age.secrets.phantom-mastodon-mailer-password = {
    file = ../../secrets/phantom-mastodon-mailer-password.age;
    mode = "400";
    owner = "mastodon";
  };
--- a/hosts/phantom/nextcloud.nix
+++ b/hosts/phantom/nextcloud.nix
@ -1,17 +1,17 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud30;
    hostName = "cloud.lelgenio.com";
    https = true;
    config = {
-      dbtype = "sqlite"; # TODO: move to single postgres db
+      adminpassFile = config.age.secrets.phantom-nextcloud.path;
      adminpassFile = config.sops.secrets."nextcloud/default-password".path;
    };
  };
@ -20,9 +20,12 @@
    enableACME = true;
  };
-  sops.secrets."nextcloud/default-password" = {
+  age = {
    secrets.phantom-nextcloud = {
      file = ../../secrets/phantom-nextcloud.age;
      mode = "400";
      owner = "nextcloud";
      group = "nextcloud";
    };
  };
 }
--- a/hosts/phantom/writefreely.nix
+++ b/hosts/phantom/writefreely.nix
@ -12,16 +12,19 @@
    nginx.forceSSL = true;
    host = "blog.lelgenio.com";
    admin.name = "lelgenio";
-    admin.initialPasswordFile = config.sops.secrets."writefreely/password".path;
+    admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
    settings.app = {
      site_name = "Leo's blog";
      single_user = true;
    };
  };
-  sops.secrets."writefreely/password" = {
+  age = {
    secrets.phantom-writefreely = {
      file = ../../secrets/phantom-writefreely.age;
      mode = "400";
      owner = "writefreely";
      group = "writefreely";
    };
  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -14,7 +14,6 @@ rec {
  unstable = final: prev: {
    unstable = import inputs.nixpkgs-unstable { inherit (final) system config; };
    pkgs-mesa-26 = import inputs.nixpkgs-mesa-26 { inherit (final) system config; };
  };
  themes = (
@ -29,6 +28,14 @@ rec {
          ];
        }
      );
      nerdfonts_fira_hack = (
        final.nerdfonts.override {
          fonts = [
            "FiraCode"
            "Hack"
          ];
        }
      );
    }
  );
@ -36,8 +43,6 @@ rec {
    final: prev:
    packages
    // {
      lsfg-vk = inputs.lsfg-vk-flake.packages.${prev.system}.lsfg-vk;
      lsfg-vk-ui = inputs.lsfg-vk-flake.packages.${prev.system}.lsfg-vk-ui;
      dhist = inputs.dhist.packages.${prev.system}.dhist;
      demoji = inputs.demoji.packages.${prev.system}.default;
      tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
--- a/pkgs/caffeinated/default.nix
+++ b/pkgs/caffeinated/default.nix
@ -1,53 +0,0 @@
 {
  stdenv,
  lib,
  fetchFromGitHub,
  pkgconf,
  pkg-config,
  wayland-scanner,
  systemd,
  libbsd,
  wayland,
  wayland-protocols,
  libcap,
 }:
 stdenv.mkDerivation {
  pname = "caffeinated";
  version = "2022-12-08";
  src = fetchFromGitHub {
    owner = "electrickite";
    repo = "caffeinated";
    rev = "5a8eff054bdce225a19cf3ab785dc1bbc9bd3265";
    hash = "sha256-X1w/YWljcwb5ZH8Nt92CDhPU/yqBLH3lBS7yVJUeyzY=";
  };
  nativeBuildInputs = [
    pkgconf
    pkg-config
    wayland-scanner
  ];
  buildInputs = [
    systemd
    libbsd
    wayland
    wayland-protocols
    libcap
  ];
  makeFlags = [ "WAYLAND=1" ];
  installFlags = [ "PREFIX=$(out)" ];
  meta = {
    description = "Utility to prevent the system from entering an idle state";
    homepage = "https://github.com/electrickite/caffeinated";
    license = lib.licenses.mit;
    platforms = lib.platforms.linux;
    maintainers = with lib.maintainers; [ lelgenio ];
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -3,13 +3,12 @@
 { pkgs, inputs }:
 rec {
  caffeinated = pkgs.callPackage ./caffeinated { };
  cargo-checkmate = pkgs.callPackage ./cargo-checkmate.nix { };
  lipsum = pkgs.callPackage ./lipsum.nix { };
  emmet-cli = pkgs.callPackage ./emmet-cli.nix { };
  material-wifi-icons = pkgs.callPackage ./material-wifi-icons.nix { };
  gnome-pass-search-provider = pkgs.callPackage ./gnome-pass-search-provider.nix { };
-  my-factorio-headless = pkgs.callPackage ./factorio-headless {
+  factorio-headless = pkgs.callPackage ./factorio-headless {
    inherit (pkgs.unstable) factorio-headless;
  };
 }
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@ -1,10 +1,10 @@
 { factorio-headless, pkgs }:
 factorio-headless.overrideAttrs (_: rec {
-  version = "2.0.72";
+  version = "2.0.28";
  src = pkgs.fetchurl {
    name = "factorio_headless_x64-${version}.tar.xz";
    url = "https://www.factorio.com/get-download/${version}/headless/linux64";
-    hash = "sha256-zzBXNA28nYK9UWGUmuPnuPrZEux8oHuKMVHgQkpVaM0=";
+    hash = "sha256-6pk3tq3HoY4XpOHmSZLsOJQHSXs25oKAuxT83UyITdM=";
  };
 })
--- a/pkgs/gnome-pass-search-provider.nix
+++ b/pkgs/gnome-pass-search-provider.nix
@ -2,7 +2,7 @@
  stdenv,
  fetchFromGitHub,
  python3Packages,
-  wrapGAppsHook3,
+  wrapGAppsHook,
  gtk3,
  gobject-introspection,
 }:
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [
    python3Packages.wrapPython
-    wrapGAppsHook3
+    wrapGAppsHook
  ];
  propagatedBuildInputs = [
--- a/pkgs/lipsum.nix
+++ b/pkgs/lipsum.nix
@ -3,7 +3,7 @@
  fetchFromGitHub,
  pkg-config,
  vala,
-  wrapGAppsHook3,
+  wrapGAppsHook,
 }:
 stdenv.mkDerivation rec {
  pname = "lipsum";
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [
    pkg-config
    vala
-    wrapGAppsHook3
+    wrapGAppsHook
  ];
  makeFlags = [ "PRG=${pname}" ];
--- a/scripts/_sway_idle_toggle
+++ b/scripts/_sway_idle_toggle
@ -0,0 +1,11 @@
 #!/bin/sh
 swayidlectl() {
  systemctl --user $1 swayidle.service
 }
 if swayidlectl status > /dev/null; then
    swayidlectl stop
 else
    swayidlectl start
 fi
--- a/scripts/amd-fan-control
+++ b/scripts/amd-fan-control
@ -0,0 +1,61 @@
 #!/usr/bin/env bash
 set -e
 DEVICE="$1" # eg: /sys/class/drm/card1/device
 HWMON=$(echo "$DEVICE"/hwmon/hwmon*)
 exit() {
    echo "Setting controll to auto" >&2
    echo 2 > "$HWMON/pwm1_enable"
 }
 trap exit EXIT INT
 bail() {
    echo "Error: $@" >&2
    echo "Exiting..." >&2
    exit 1
 }
 if ! [ -d "$HWMON" ]; then
    bail "Invalid HWMON"
 fi
 TEMP_INPUT="$HWMON/temp2_input"
 if ! [ -f $TEMP_INPUT ]; then
    bail "Invalid TEMP_INPUT"
 fi
 TEMP_MIN="$2"
 TEMP_MAX="$3"
 if [ -z "$TEMP_MIN" ];then
  bail "No minimum temperature provided"
 fi
 if [ -z "$TEMP_MAX" ];then
  bail "No maximum temperature provided"
 fi
 PWM_MIN=0
 PWM_MAX=255
 echo "Running..." >&2
 while true; do
    TEMPERATURE_RAW=$(cat "$TEMP_INPUT")
    TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))"
    # Remap from a number between 60_000..90_000 to 0..255
    PWM=$(( ($TEMPERATURE - $TEMP_MIN) * $PWM_MAX / ($TEMP_MAX - $TEMP_MIN) ))
    if [ "$PWM" -gt $PWM_MAX ]; then
        PWM=$PWM_MAX
    elif [ "$PWM" -lt $PWM_MIN ]; then
        PWM=$PWM_MIN
    fi
    echo 1 > "$HWMON/pwm1_enable"
    echo "$PWM" > "$HWMON/pwm1"
    sleep .1s
 done
--- a/scripts/bcrypt
+++ b/scripts/bcrypt
@ -1,17 +0,0 @@
 #!/bin/sh
 set -euo pipefail
 if [ "$#" = 0 ]; then
    echo "Usage: $0 [passwords...] | $0 - < passwords.txt" >&2
    exit 1
 fi
 if [ "$1" = '-' ]; then
    xargs -x -n1 -d'\n' htpasswd -bnBC 10 "" | tr -d ':' | sed '/^$/d'
 else
    for pass in "$@"; do
        htpasswd -bnBC 10 "" "$pass" | tr -d ':' | sed '/^$/d'
    done
 fi
--- a/scripts/bmenu
+++ b/scripts/bmenu
@ -8,10 +8,13 @@
 if test "$argv[1]" = "run"
    test -n "$argv[2]" && set t "$argv[2]" || set t "terminal"
    test -n "$i3SOCK" && set wrapper 'i3-msg exec --'
    test -n "$SWAYSOCK" && set wrapper 'swaymsg exec --'
    exec j4-dmenu-desktop \
        --dmenu="bmenu start -p Iniciar:" \
        --term "$t" \
-        --i3-ipc \
+        --wrapper="$wrapper" \
        --no-generic
 end
--- a/scripts/controller-battery
+++ b/scripts/controller-battery
@ -10,20 +10,29 @@ if test -z "$CONTROLLER"; then
 fi
 CAPACITY=$(cat "$CONTROLLER/capacity")
 STATUS=$(cat "$CONTROLLER/status")
 echo -n '󰊴 '
 if test "$STATUS" = "Charging"; then
    echo -n "󰂄"
 else
    print-battery-icon "$CAPACITY"
 fi
 # Add terminating newline
 echo
 # Tooltip
 echo -n '󰊴'
-print-battery-icon "$CAPACITY"
+
-echo " $CAPACITY%"
+if test "$CAPACITY" -ge 90; then
    echo '󰁹'
 elif test "$CAPACITY" -ge 90; then
    echo '󰂂'
 elif test "$CAPACITY" -ge 80; then
    echo '󰂁'
 elif test "$CAPACITY" -ge 70; then
    echo '󰂀'
 elif test "$CAPACITY" -ge 60; then
    echo '󰁿'
 elif test "$CAPACITY" -ge 50; then
    echo '󰁾'
 elif test "$CAPACITY" -ge 40; then
    echo '󰁽'
 elif test "$CAPACITY" -ge 30; then
    echo '󰁼'
 elif test "$CAPACITY" -ge 20; then
    echo '󰁻'
 elif test "$CAPACITY" -ge 10; then
    echo '󰁺'
 else
    echo '󰂎'
 fi
--- a/scripts/default.nix
+++ b/scripts/default.nix
@ -23,6 +23,7 @@
  in
  with final;
  createScripts {
    amd-fan-control = [ bash ];
    br = [ ];
    bmenu = [
      bemenu
@ -34,7 +35,7 @@
    ];
    down_meme = [
      wl-clipboard
-      unstable.yt-dlp
+      yt-dlp
      libnotify
    ];
    wl-copy-file = [
@ -43,6 +44,7 @@
    ];
    _diffr = [ diffr ];
    _thunar-terminal = [ terminal ];
    _sway_idle_toggle = [ swayidle ];
    kak-pager = [
      fish
      _diffr
@ -53,9 +55,8 @@
      _diffr
    ];
    helix-man-pager = [ helix-pager ];
    bcrypt = [ apacheHttpd ];
    musmenu = [
-      mpc
+      mpc-cli
      wdmenu
      trash-cli
      xdg-user-dirs
@ -73,7 +74,6 @@
    ];
    wpass = [
      wdmenu
      ripgrep
      fd
      myPass
      sd
@ -113,11 +113,11 @@
      mpv
      pqiv
      python3Packages.deemix
-      mpc
+      mpc-cli
      mpdDup
    ];
    mpdDup = [
-      mpc
+      mpc-cli
      perl
    ];
    readQrCode = [
@ -137,17 +137,7 @@
      libinput
      libratbag
    ];
-    sway-sync-xkbmap = [
+    controller-battery = [ ];
      xorg.setxkbmap
      jq
    ];
    print-battery-icon = [ ];
    controller-battery = [ print-battery-icon ];
    mouse-battery = [ print-battery-icon ];
    nix-prefetch-firefox-extension = [
      nix
    ];
    _docker-block-external-connections = [
      iptables
      gawk
--- a/scripts/down_meme
+++ b/scripts/down_meme
@ -1,19 +1,10 @@
 #!/bin/sh
 set -euo pipefail
 cleanup() {
    if test "$?" != 0; then
        notify-send "Failed to download"
    fi
 }
 trap cleanup EXIT INT
 DIR=$(mktemp -d)
 cd "$DIR"
-yt-dlp --cookies-from-browser firefox --merge-output-format mp4 "$(wl-paste)"
+yt-dlp --merge-output-format mp4 "$(wl-paste)"
 FILENAME="$(ls | head -n1)"
--- a/scripts/mouse-battery
+++ b/scripts/mouse-battery
@ -1,39 +0,0 @@
 #!/bin/sh
 set -e
 MODEL_NAME_FILE=$(rg --files-with-matches G502 /sys/class/power_supply/*/model_name | head -n1)
 if test -z "$MODEL_NAME_FILE"; then
    echo
    exit 0
 fi
 MOUSE=$(dirname "$MODEL_NAME_FILE")
 if test -z "$MOUSE"; then
    echo
    exit 0
 fi
 CAPACITY=$(cat "$MOUSE/capacity")
 STATUS=$(cat "$MOUSE/status")
 echo -n '🖱️'
 if test "$STATUS" = "Charging"; then
    echo -n "󰂄"
 else
    print-battery-icon "$CAPACITY"
 fi
 if test "$CAPACITY" -lt 50; then
    echo -n "$CAPACITY%"
 fi
 echo
 # Tooltip
 echo -n '🖱️'
 print-battery-icon "$CAPACITY"
 echo " $CAPACITY%"
--- a/scripts/nix-prefetch-firefox-extension
+++ b/scripts/nix-prefetch-firefox-extension
@ -1,7 +0,0 @@
 #!/bin/sh
 set -euo pipefail
 hash="$(nix-prefetch-url --type sha256 "$@")"
 nix-hash --to-sri --type sha256 "$hash" 2>/dev/null
--- a/scripts/print-battery-icon
+++ b/scripts/print-battery-icon
@ -1,33 +0,0 @@
 #!/bin/sh
 set -e
 if test $# -ne 1; then
    echo "Usage $0" >&2
    exit 1
 fi
 CAPACITY="$1"
 if test "$CAPACITY" -ge 90; then
    echo -n '󰁹'
 elif test "$CAPACITY" -ge 90; then
    echo -n '󰂂'
 elif test "$CAPACITY" -ge 80; then
    echo -n '󰂁'
 elif test "$CAPACITY" -ge 70; then
    echo -n '󰂀'
 elif test "$CAPACITY" -ge 60; then
    echo -n '󰁿'
 elif test "$CAPACITY" -ge 50; then
    echo -n '󰁾'
 elif test "$CAPACITY" -ge 40; then
    echo -n '󰁽'
 elif test "$CAPACITY" -ge 30; then
    echo -n '󰁼'
 elif test "$CAPACITY" -ge 20; then
    echo -n '󰁻'
 elif test "$CAPACITY" -ge 10; then
    echo -n '󰁺'
 else
    echo -n '󰂎'
 fi
--- a/scripts/screenshotsh
+++ b/scripts/screenshotsh
@ -46,13 +46,4 @@ case $1 in
            $screenshot -o "$cur_output" - | $copy ||
            $screenshot - | $copy
        ;;
    edit)
        # Focused monitor to clipboard
        cur_output=$(swaymsg -t get_outputs |
            jq -r '.[] | select(.focused) | .name')
        test -n "$cur_output" &&
            $screenshot -o "$cur_output" - | satty --filename - --output-filename "$DESTFILE" ||
            $screenshot - | satty --filename - --output-filename "$DESTFILE"
        ;;
 esac
--- a/scripts/sway-sync-xkbmap
+++ b/scripts/sway-sync-xkbmap
@ -1,22 +0,0 @@
 #!/bin/sh
 set -euo pipefail
 LAST_LAYOUT=""
 while sleep 1s; do
    CURRENT_LAYOUT=$(swaymsg -t get_inputs | jq -r '.[]|.xkb_active_layout_name|select(.)' | head -n1)
    if test "$LAST_LAYOUT" = "$CURRENT_LAYOUT"; then
        true
    elif test "$CURRENT_LAYOUT" = "English (Colemak)"; then
        echo "Setting layout to colemak"
        setxkbmap us colemak
    elif test "$CURRENT_LAYOUT" = "Portuguese (Brazil)"; then
        echo "Setting layout to br"
        setxkbmap br
    fi
    LAST_LAYOUT="$CURRENT_LAYOUT"
 done
--- a/scripts/wpass
+++ b/scripts/wpass
@ -29,8 +29,8 @@ main() {
    test -n "$entry" || exit 0
-    username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'` || true
+    username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'`
-    password=`pass show "$entry" 2>/dev/null | head -n 1` || true
+    password=`pass show "$entry" 2>/dev/null | head -n 1`
    otp=`pass otp "$entry" 2>/dev/null` || true
    action="$(print_actions_for_entry | wdmenu -p Action)"
@ -50,10 +50,8 @@ main() {
 }
 autotype(){
    if test -n "$username"; then
    env wtype -s 100 "$username"
    env wtype -s 100 -k tab
    fi
    env wtype -s 100 "$password"
 }
--- a/secrets/double-rainbow/default.yaml
+++ b/secrets/double-rainbow/default.yaml
@ -1,57 +0,0 @@
 gitlab-runners:
    wopus-gitlab-nix: ENC[AES256_GCM,data:n/bm5W5Q/h7MxMZX7yz4qeUBpfZDrI7A7/PlnLncMto5V5itVTXRvfd3+D/d2r9PVuJSogfMgMAh0cwuvPspjlm9ToPxrmgGdYbnAkhnFeTHdCfcF1x2DG2JkHe54wUhcQa9QEJkWZ5jJM//2jU=,iv:63lrYCCBMSr5toulba7Rni+iun0Bl2vMFbIsTVvOWQs=,tag:Z1GHj91q09sOWCaLPIKJ4Q==,type:str]
    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:+5I7INvMNfegjjC0xPNOSj+vFakXe6V4N/S5wvL64DOxfPXhSQAjVtdMslp/LlJXH4XWbkQ8ErLbySB3WMDMRDnDRY+6+UKXsP6MFpvEtho0lN+8ZeAGC25ehadYDSFTX43wz6cLRuoAqRQdhPKM96wcYif7nF40cStgaAQhkNemK7AenSA9LQ4J72dWovFuwfTZml8qH6W/O+YEqfOgZsyJ/LobcM1fiuN1S4NnCOJSWB2Ahsu0tiMOSRxKWeUS9+ewh+x1xnZL3y4vax5GgtS2KojtXq0U4qgNi4Gwnmef7HmH1tVgeMO2ykCsuCCZ9iJR0IOqTHU2l+U6hTzf5vehpgK5/tsthkXRsLUmVRnjUaQwaEq9JYltGpEdk6U0UnD+Mf0f5BsDw23lHgannLeduhrSFrPFj+BVodnPxjyYJTPXwXfbWrKIQ8s5kWfIq9x0VePsteIgEH4xLL0yFtyZzrYeCq9WF3j5xTvJsOlG0ehQzX22orrM4RzrFVmeLYOIc/V4bQeyIf1lWemr,iv:UNaUnlVayrzF7qpgIVi9gxPFGCzIP24jNUpO295JPog=,tag:a5OlD+AJH3u6y+Lo3lOQWw==,type:str]
    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:aknblYwAAGaso/Vhr9f1RX64tA3uOh3qxc1dBI7DQmk4TUlQn/AYrKF7wanIhhydrasRulDEam3CBiiyeW/ejcXG07wKIUyZ94TOYfcyRd1yo+PGkmb1yycU6PdjaP5/zwUPAnjMhR2quW+8iwADaUMYKXIJkdQaqUW9a845vBKIxgNgBskWMGMzldb+aUnr2eCb,iv:MQdEUrNugzv+QL6f/MNUqh9M+nFVsWI4VHlMrgQOTEg=,tag:olNTQyCSOhv3sgSjuIXKBA==,type:str]
 nebula-wopus-vpn:
    ca-crt: ENC[AES256_GCM,data:zNESDEqeRPBsaY53cDKx6DMYdHIdEjxAsX7rLMrGkd0+aw2zOEJDJ5jb/zIeatf7xBj5DkJa+CDWmWsu5v9p0QUu0LEEvdin3utuGa5GQEYR+1LCCrlB52klTvKEK6ck5cYewVR5bmq0NTvw4aVxZJoMKMXICYhNEs20ZMCIrbX8UOddXKt6OxeOzVZ/9uFg1gY9qkHe3Wn5mmNLwvXoHvzwtr+Oc9xT+SRMPYkGUkbyxQ5zRjJUKS79aPQ8R6ZgZVJqUmr9wS58D2To1Sfk4Ykrd4Q2lIlbTXdswp1im3LSTy0YosHu5P6mmBq9u3M=,iv:hnCrHDkQiUsoaFTImtWlvM+tuSplU5p4s6kkm/ysLZ0=,tag:5vH6oEWwUOA/QsiW0XvBag==,type:str]
    double-rainbow-crt: ENC[AES256_GCM,data:gdR79bE2RdE8cc9HdIxoiTCbyzsaTrSRg8uouVLmq6IRnb8B7tltIitli0SRXzMWqfg1IUIQbXHbIvPgeQ+puCHqr1ghYK1GzrDLz6GIGTn8g+9MnDbRTghdlWKKrKVxJnrSecJvV0qEkDr2/WEAsXalstxcDEPNq2Rb+c7bv/P2oFNjKN1eeWsE5TgpFj61RLEWx/wPzQKyNx2ZFu1l4r63II6npvlZ8rwdrJAeZIT8oaU53zQzMMs0tHGYTJeaZcPgdBKfVSCmzGxrE2kuwR0bxSSB2knqdBmtl1aVxs3bF2Fkm1+wovCadCze+Ta6Vgtk4v8d3Ta+wE5qzek8shb2m7lXTixki356wOG0r3B+180Kzk5B7q4tIycrk9ggKPKAA+2XNHVFM9L8PojflK3BY+U=,iv:wNoELN2y8QrFGPJYQdrAVsaLrhMzD8ep313o/jpT9fM=,tag:8sRBtkfd1TVMK7R64sMXqw==,type:str]
    double-rainbow-key: ENC[AES256_GCM,data:I0LGhV9biErwZw4PzOX6mbqyh+8n2XbpikwOqLe70g9+pfO72e8qdXvzYko8zLGIL0x8ZUYn6XCP63ZYzP866cLHCgglZ0+PQeBbqzp3lgfYDd7zBHDJE0NQobPtV6n1enbpzRtBe+ROeYQxCV5sZmEoxbzUyR0aSJ3JaGgZNw==,iv:Y5Iy32zHnQgqIH3d9U81FlsW+Mg8u06fk+AMnTcGejk=,tag:1ojEKwVALA9grJRzyNc+9g==,type:str]
 sops:
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eTBFdVM5OFlQTi9JMmFw
            QWpIU2dSdDMzQTVJOWJCUU03QXR1QVZoeXc4CkljdHNKQ0tUczMrNys5eXNGMnVa
            K003QjdRaWY4RmNtaEw4cEsxSEJwZlEKLS0tIFZpbGUyaHh0RndkVlpQVlVucHJa
            TndIUUhsY2xSR3E1WlJXV3ZFN0lIMncKjjf1yt4XhfguzYoCNmHYSmetMDnoz4cr
            frbZdy4hl9w9EZO5JUeC/n7QMYTZLC2/Zk2PXRUvwyQglrGoUVK2Bg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHd4L0NEZW55OWd3SWlv
            U3dEcDNKZUJid2VsZ1lQdy9NRnIyVDRPRm1VCnZDcCs0S1BLNjJLZTFpSHVpNVRj
            OFpMK0ZjWTJkcWJoUFk2YnBCK3JKcFUKLS0tIEtqRkF4Q0FobXhPVTF6eWN2d0Nx
            eVAwSi9LaVNEcHIvQnhhZmZLbHRPOUUK6A91L8YCpi/sM9FiXcJ1sLmW3U4KadYL
            uw07mobP1Rf0RUdAuSK+42ErFgmS+OTDze/mT/PXg6Dfk+vhTjbfGA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaUpLU1ZxQWNCNFNGeEpl
            dEpVbzBFbk1XaVoxMXIzMWFmTkZWS05GOFFvCmJGamVGK2pCeTJROVloMGdYK3Mx
            cGF1elFSbjJ3UmUyc1FsUkh6b2JNWTgKLS0tIFRzbHZIL25tK1dnWm90QVFueWZM
            WUZrTkg0cklJSUg5MndsN0ZPcVk4U0kKPsj787kDFDMxsBt5qk4Bp121AMTE++99
            m2X4lL6ona9fUe8e8wGhdgxZmqvJL2RCaVWJJy5SAbJ/skP3y7i2mw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-11-12T16:38:27Z"
    mac: ENC[AES256_GCM,data:XMsrBwV2G1jRA2c/T3y4015p6bJdggfrbI62bHZ1PQtbOImQUpxChVI9JhZqOIzWpyYB32HavRHwCe5nfam+L2tWNlVMRSogKBpDuanxyf3o2EHHStQqZYUuJrYtOL5cdeYMIXKRWS6LmHdHkcI2ixHsL+NXIG5o3XIYMaEBufo=,iv:G20hevYygnonf5l4qGZqs+b9f1FC+cfnYIKZcs+mUP4=,tag:p5rITlVoOwqdrG8Kcmjieg==,type:str]
    pgp:
        - created_at: "2025-09-09T20:27:32Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQEMAzy6JxafzLr5AQf/a5v/AIIsdE9WawM710HCLQwEJXskDXfN7UP055gDBJer
            96qny8cKC833OhTPLqWCUpAVgJ1JQ8EDLvj2YvXLiq/NmMFs+mBwjPdzNIUKzK6E
            QgtjRJuQfOGSW0i44b+nkmWLSi1PhxVbIFt27Nl4I+mrvkhztIZcTwht+be3mMrp
            z1hEn/BbXsin6JOB6EuyFbsRZ3wYFUlr23NiKVI/JSo39ifbtGqgWn68GN+tYYYs
            mZ5tJykyRZxTU6qEKBaW9veClxs0FW2shQpp6Go/u6u/ghhHeB99trauPFL2rypT
            IaLGWruFwHMsd+rSTcw+YrTbL7bfkqx/4xj5dxJaFNJeAfo5F5ddr1odeAHeSQmh
            pfStJmy83SHhyDw8wLKMeF9d7dPKIyU4cXbLjSv1w86bDpDw8LBJSYEjJPVjLONV
            F6AXCJxNckDXmshGUejC09abAcMzzTsEJK7ocqEoMg==
            =XAWM
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/secrets/factorio-settings.age
+++ b/secrets/factorio-settings.age
--- a/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
+++ b/secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age
@ -0,0 +1,16 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 KuJIQzvERsM1zAF4iikbaIMsi4e/vnyx1yq6h9Mzxf6FnXyFRcUgLPVe05krQhJX
 0wjv18bI0jxRb8742Ww9i2nU5Tlrok9ol458iye5CPl63fAlVih4/Rkl3IkUIiIz
 q/VayGVaIHmpRD2xiEa4L+NXS9N69vVXoubX0oZrB0nPdYJ83gFU9u+CBqqG2EWr
 PBjyIvT5i5MDBnPZGOudadIoyeWGfjXEPsQWhQhL9ssi5QOzLXBnTDlxT53bNvHX
 2yOFprLDZ+ZONedkxy8OXZpPDYNcgPAIHiqx1E87ftqPIucdeU49AqlPh46wrPC3
 79E2hgSoPvn4poTlJtAD0tIADRGkcEV6wLCylN2lTOUJenUfhLNQ7ok4ITx8MOv3
 IkbWiD9yTMExVBlhc+us+XfBHM8mlWs/zu+18YTy21RM03gzY6lHVZCQPxay2Rof
 A505SeZ4Tyhoy0+oLaYv9b+7DJdlhUo/XMaKSibtgJ/2MCtRqmV5ZsnuUIWn1Qsc
 -> Vg-grease `tLg-(2z
 4EPuRnZmXpoB32r/0GCtskU3HU3h5ic
 --- QmKr+zAXnMpWBBBqNm2u954fOu2Zt8Y/kPPdq4UHgZc
 ¤ì{çu|õæu´Ó€]OmXÝP3µÆ²•4_±½Â_
 q4›<EFBFBD>Ð6mþm©<‚pLH+d.hî‹’C<RDµ‘q<1F>Oø}öô3ÁZ¤KJ¤DÉàj]ÈýÒ¯Ù
ìá‚ØûCROË¥F;>‡
--- a/secrets/lelgenio-cachix.age
+++ b/secrets/lelgenio-cachix.age
--- a/secrets/lsfg.dll.gpg
+++ b/secrets/lsfg.dll.gpg
--- a/secrets/monolith-forgejo-runner-token.age
+++ b/secrets/monolith-forgejo-runner-token.age
--- a/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 YvABDqm9pSLhyLaKLDStuDisPJnaDpHnpTdTU4/xWgD3F4g2WkMymilhabqM+R5S
 hqcSVDxYE2mpPDPIDIMPRlZyw5EBKS6zQYFr7u3fdSMzzhL6pBLUvFtfq40Y3o6C
 LkkkYyWnJisWuTYeBY95H+fbDhqOylbjHP1fhRVwXO85pa4CcRMAWU2pKOIZRb3T
 IuQyE3LOT/vts56q0mgdItJK0gX0NJzXxi+8YdXb2VU5ny6IOBzDL4jUHhi4nfpS
 AmzEZE3ezq4Nxg+txMDQ6ZO+JUhqjCS4XDf5b2Lq6fDenVhFaNYf4HK/fMZHKhKE
 Ac+K5U3CKB7B2Ur+sEdB7AYWOc346bvxZhP16nwCI0ocaquo6WzEa6XA7zfRVC86
 wlTIUVdYKW3e/4AIHFnSXhFNss52kkhOjxcdQpdBb5RgSc/gWel7XFJ3bV17bCmV
 ccCYejBvW+Arpgr9Tl3UfyEbRbGTe7Jbxydsrx5h7gcXOuBYE3x8RGhegiL28wVl
 --- E11l59lvUhPNzXAYTgVUIIUCgJsEsSDMdnLV6r+qSiA
 ¥Ë‹-&I:Ú¹Sa°_àÝzt•ø¨J!H¤¹'ëC`'uÜ@sØÙ'”:†èì÷ãÎ¶~Ò[0š×ïnÝY-uôF¦eÜ‹ê‹Çü`xÓ7‚öªíßDÆãÉþ0<C3BE>/Ã—%V½«Þ‘îUˆ
--- a/secrets/monolith-nix-serve-privkey.age
+++ b/secrets/monolith-nix-serve-privkey.age
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@ -1,59 +0,0 @@
 forgejo-runners:
    git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str]
 gitlab-runners:
    thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
    thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
    docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
    wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:F+QHv9wwgyQYobKwyG13tS2OKCZuBPKLe7RLkhxsqYmVEtkCnli9jG+unMp7MC5L0i3puNqfoXP2IC6g4ESHq1yE0ksUpUCHzps4oMZBQK9b5JcqXQs+c//hskTQ/sFmTfGPpdnQ7wAifnQf5Mx2E4RwiRznMgJGQ3RDDjg9xfWUyvw6PlslZH65aGrq3P/iURvj,iv:u34+rXKLcZjBlVJmdbf60I82Fb621lUjOBmR4CTJWGk=,tag:ToPtBIz3bgzAUKc6hh4Oxg==,type:str]
 nebula-wopus-vpn:
    ca-crt: ENC[AES256_GCM,data:sFc9SxfCVaDYxbJqzEK6pRsVoJSFbD1qs/oVKLXXJPrR2y5jVM/ESk/xwaemwEBDPn2VOxLqD62lPF8jP665w/rutskKJ4pMji+Ev2zeryaxDmEwSOL8EbEQtlNxkZZEX3dwVNxykbK5A3bIrcI6vHaOTFeMht6IanO6CdeQOS0KoyYW0fHbW0Dc/YytBMjVWCPQk2VeWCl7X4JBsjj8aVQ8qgupsI16tJmETetO3lHAaYt6dk0Fp51XVaKSuaYGBhnoADXEKA3cIQoPUOaJ1Q0CmdfYk5XWEr0q0OcqjeAn8OERGufHr227tJgYx8A=,iv:G5iq5qeX9NlkOdmj9K0GRQ/6lAU0cBNEO2hQe9kyirY=,tag:b3sW5hs0pkIqqm2j81BIIA==,type:str]
    monolith-crt: ENC[AES256_GCM,data:+0YbGYreXYR2+cu0NwXUuAnfIEUBGXm5J6nUTx2/z25gDTOVx9eI7USX6cQT/3NOt9S8odHcHeWQXChgWU9Xf+avdXmNO9vQGf8bZCybDQltPF+Gb2zRiFWiAy7raQaZc74SMbGCzABdfQBnEnqs+s/y0+ovilzOmcopnu551QEyjojuMLVcpUsvrEoQBx+dLYBjx22xob0wNUmXgBFxLRuDvYHGdehZ4jg8Ihf9kpDyjtjpfa8mF1kmdKZvPI5Y9z4ZOvA8266H+jFSqfx41nIuYcIwi8naKkoRue4kRCv71IXyK5DJNEweZPXD5sCdd005sxGgBnpSJCpSfr7TsCy5FxDcf9ISi3yrXLttcnOt2u1b3FFKNQiwlo5s2PQB2AB2Zf3nvKPqICmcXtGN3w==,iv:Q6izpQw3SymKNjnjO4x3pzqGJo5SxYZkVYdXcHQBi0A=,tag:9tlMYrN+/mMNYifw1F3yZQ==,type:str]
    monolith-key: ENC[AES256_GCM,data:Y8KVQk66dewyeRIF+6HJeufD9EYO55m73LxrtZi4KQU0RbUpsV0eiRMX62rYtw6+uP87f5Tx6kC3fX4+mqNb2ZgDtVvm3/Qnz5Ly112c/h33krNqRpv6pEHRkrS9j01tLkJnxwiyIvq3b03GTAIoCKWgqaaagCXYHArgzRrDIw==,iv:lp3zuD8XWaiJvyxzXHrgpF4qbrCv/uf9l9qyWXVrkkM=,tag:eSlTCa2TrIuga7UUxoloBQ==,type:str]
 minio:
    root-credentials: ENC[AES256_GCM,data:izDiis6BgAubbe91EUcuwMKrSrYEDQFQbaEGzpdjj3Wlt8Z8gzgvGmYCryAK8GBUMbzQvy0do26xMGMl3LxLWz9bgixixPVFTTg5GhfUJw==,iv:hkrkGz+EpVwkWEMQWBrm2u4Jti7azsDtsTmyouDREug=,tag:mDnOKKBwgKOmsxegKcRhpQ==,type:str]
 nix-serve:
    private-key: ENC[AES256_GCM,data:xSHNHiLKs5QG92cSR0gNlusRhGjRUcelSvBt/f3+LdLjTtPaYMmiEiUsl43FyaigGkGq4nGDWAgPVJ+bFNpman0F4KwYqoSp5zH07IC9KaXouvudRLMZc8MkpwKKptKebKDlxKfsLt44n3qnV7OPYzSgzA==,iv:yUM/4yCIJqTt04HyXBVe+EMN4NnFkVnVhsUvUlKv2QM=,tag:qAr0UIjWzXH1eEzGCrK5Vg==,type:str]
 factorio:
    server-config.json: ENC[AES256_GCM,data:qpLNcNjKrlH5IjGsq7ukCPR7G5dfOfN9joM2KZUdKZetZ/mA8ikBSbuBtRxwBQUSB6PcFxDftus704vlOkLcDcc4PT9rnpEiedLng9NkJPZZo2exfozut3N7dhij28c6Jy2uvad1pzAfW78iHI0kJNkDQDD2oW9xoFAZrPDRh5oNLpNn1/iIFoIflyYFctUbcpsDvs+8xHGGM5PQQo0QnZcxfSPY2iT4At1i5WP/Uedonvlw9fNcoOtzP7BhOECuMWUC5W2v2hP2/vcp7M8=,iv:Ln+/4AudJfdJYdkq0xLVF8dyrObzLwhANpTo3WgjUF4=,tag:Rgw4/J016Geiv6FwF5ZaMQ==,type:str]
 sops:
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk
            SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts
            Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1
            U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys
            f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD
            a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw
            K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3
            aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
            jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-02-15T06:33:37Z"
    mac: ENC[AES256_GCM,data:lYnwpoQuDSRpcPdIoSX3aGssc34UPqj6aZaliXl9XKMu1FMEgKwYXvNGOgs4tV2hBUQvTB4ZhiPT62awEHxzO1CmVdi6eiR9LTP2KetVubvKp8Ps/xoWKl51pG9ubJj+H3rfwAhfbGVZmAb6PKQgY6mnpyutlt/ojCMoKJ4BVwM=,iv:O0MoP+Nb1+nrowX3yfhIY/pjtSbLPV6qHOhDiEfdpzw=,tag:qSA02qKepxJ8p1qpZYN+UQ==,type:str]
    pgp:
        - created_at: "2025-03-07T22:49:16Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6
            YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl
            iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo
            N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs
            86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3
            JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS
            Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi
            czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g==
            =Yqqx
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/secrets/phantom-forgejo-mailer-password.age
+++ b/secrets/phantom-forgejo-mailer-password.age
--- a/secrets/phantom-invidious-settings.age
+++ b/secrets/phantom-invidious-settings.age
@ -0,0 +1,16 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 iTcgtxF1IxopbtF+aw7V8IQfH7tWiMk9lE/eWlVHVjeaRvER5W6Y3xZNOFCjtbqY
 VwEyV6ibfZ4GJt1jRu2icEH/AnLUJFFGQnxu/K/rtoZ3tqSIk9WCBv3aPo4oZRiU
 uaaxi2gD8qo1RLyl/Ij7Djw4i/isUOO1EON5sgx1d39k6qUD4Mak0DSU4EtGdTsr
 OaxDAc0kAxhxZQOUH/QlKa0HLonaFcy1LHqvttOcw3UZuZnaYfZiPlcqe3USS9cm
 96aIC5cS9pHr4JFrqRYvfpla2TY5jlCB/xBGw3KjGEIQoBPXSsJZA6BCMZyp00++
 tdfS2aomt9HFmb1wZDS0jWAxkVF6nXXBbolFVih+58h0nYLljtHIQ3SizRoXY459
 x3JE9NReHp2OO3SlIeO03Kv8YMBvj7nSSd1C1PMpu+hJ/eCXi1WQxD6QY+40muk6
 KhqE3PZ8BCY2b+VpywUF5gVH28mo3jscqAzhf2dZ3SQlzldI+hFyKPxTdAqkfUOH
 --- cinb+wzjVfTkpfm1CtFIFaepwoQVCj1MquB5rAC45Ew
 ¾
 6
 ZCþHS07ïºÖóýE¼X*Àqb=üOßíÛÉwu¥¤³Pºþ¹ÙçÇ–Ñ³/£ómvòÞ×Ë2VœÄ«
 ÁŠxvç[“£‚µ£±”Ì‚A~ evdÓåÙ0¢Œni³1Ò›¹Qý„"í@Ù¹§ÞÔ{KpÐ:åÏµuµsÊÎBñò(X…r[ÂQVg¢Tš¤°ðœîËï@Ä*ÇõÿíB«<>.§¯žhEé²ŸèÐë’÷½¥Žûzlz|kã`l8‘´8¼M›cch<63>îáZ`ƒ ?yeoƒ+ÈM-:/–À**ìè¦ÊcŸÎZD¡2Ñá¼é&·÷¾Ç¢¹£e¤ï*Hnç"Þ~+|ua(û6óËJ
--- a/secrets/phantom-mastodon-mailer-password.age
+++ b/secrets/phantom-mastodon-mailer-password.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
 /WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
 eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
 WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
 bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
 MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
 ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
 CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
 --- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
 ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ‘ 'ÂJŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|
--- a/secrets/phantom-nextcloud.age
+++ b/secrets/phantom-nextcloud.age
@ -0,0 +1,15 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 bpGCgyaAPDutva1Gp/YPuek6IZTXJHKb7+oIAV/x+7Ry4Oci9zM2VWvPVE/rPE/d
 0AzBX1NvsWBB005w42RfiErk4FQYRCouwNR1FNjUWNdQOmku++RPfxBXspAFIDkQ
 yM7mqbhwf5by5rZY+2kl20QxkErkVtZolus1am9RV4uyXfdPaRcKjWOuPiEim42d
 YdeCXq4nJGxlL3tRunIqLIZGhV08wHBl7Dubhn9hdD6/ekDk0RloVTBDZUY5tUPL
 dJk+bfFPI0DimytzCwyQbWEHOkdiWYSNzbx2JhTSvuqefHP1UzB2LukaQc2gOJFV
 mVKvQuGpOWknytMUhM6zCTvRw4OQutAZd96OniQYTas/vnmfT2l2n9aMEzQK157A
 U9DmsvhBypILiQSPpA7QrGB1QVuRjAFJA86ASY1FAT6MdBBK4vZ8fK7mpT06JO/n
 gwv+UlvFBziWHzA/1GOLrfD+ExjmbeucRZr5XGszrAaK/7GPZt4LF69hRmKegL94
 -> 9I3~SC,<-grease M$2 RibFL]C
 uR6MirHtTc4Tyrcw3T2my+BN2Q
 --- 56zk9BqgwQqNymga1mUDgpvtfIpMy5i/JnaSXbjx6jk
 ÞQÚÞ—Ž)NâÿÚ¦¨Žß‘-†ŸÀ ÷ÑDz-ÖIÅß-°]p$ÉX5æT·PU=u;kæ8}wÁV¦mšç=
--- a/secrets/phantom-renawiki.age
+++ b/secrets/phantom-renawiki.age
@ -0,0 +1,16 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 BUJ9L1bwZ0RWj3FmMghmZDkY4iuc0gujS3Rfat+hj/pg+MALZ69Tovc5RnqmOZT/
 pTGPTzWj3WO70YU+wCUHKZ74JcKdL3wSD1FWOWYRvyDV3gxZjDTjw4Grs+sH9M4Z
 MrhdoyY95fhmGZHJ7Qkx/aKCAK/OaFSu5Vhh37ykmLd1gQ9NJYQ+G3lLr1Mrqjd/
 1QaBqJtJpAFTA0eCd3+oBtQ/qgHD2ZBJcOmkS9sRC6S4YKNoyoDifTbL29aJC4f/
 08myI0WH/ApbtN1hWuiVWibmy/9/76IAvgUqi8fULNY5w7Otz3nKGV+mDA5+oD11
 jCHZJdcec9JFyZ/V2mh/PoHpNawksNPy85eJ0MpM1avM25Qib8kWJM6fnZb7uJzt
 DsYCl2q4ILnTaieuTSJUfgacKbrwSv7MQfgdh1SkXAShyZ7aSCoDhsgSdOVwYoAX
 Mspm0NtodeV7493qZwYspO6H0xbfh20vXa1DOeMt98T1iP0aYYhfRXkb0wACx1QF
 -> \z/RLj3S-grease cmv( uCkG*= .cX3S 9r^&
 OVTVTnB3PjD4COiRCtQ
 --- EhfDqxfjLIHF9Sa7V4ytO1xsRK8p23WDsWcB9/B9fRw
 .ß=–£))/’ö‰Í¹êÒ‹#´ýLÁƒŒÓ‰Ž—|p
 7	ÍñÄKä®7ò²Š@üCJfš:w6Pè•@@/N<>7¿
--- a/secrets/phantom/default.yaml
+++ b/secrets/phantom/default.yaml
@ -1,60 +0,0 @@
 hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str]
 example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str]
 #ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment]
 example_array:
    - ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str]
    - ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str]
 example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float]
 example_booleans:
    - ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
    - ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
 forgejo:
    smtp_password: ENC[AES256_GCM,data:g/Uqmtp8A9pas5WcslwnGCKSXv7dYSRMA8wKm7DWpvssVRZJ,iv:vNBqdTlZ5mg0AhjMNr8rUts1rDBYmq03tdiceVN3xjs=,tag:M3qfiZEWvJN/XUjjmnAXqA==,type:str]
 invidious:
    settings.json: ENC[AES256_GCM,data:wzbBnj3qrhw+clHpetEm/FYs+zkMM0kG0JO97E2wPEPaoBZDuOy3BRAbzmwkn4RUEt2hWVN89/A1qweXuuScXt5LSgaQXFXmGQQ2RzXY7K7Pr3uBNol53pnNQI5M6Mi1bif26rdiwznE0QgZCuptadhPcHbCaWB2QrXyYDdTdvQ6Wd+ZueSXPXCjpRnXaqZzTFc5VJf09wqTFahUvVkgjkhgiLVUu218b8xghekJLwJ3bKwmXuXsnmGSQjFry6ttbFPQJawVXWqsiNY7iaE0k1K3NKcTu5Fm2XiriPTKuGM51EXrqaw97ywWN8JEBGxZTk7kcWg2tAf9ddOewYMG,iv:2oDgPdFihZ9O8IkAydL2DtlUtCBUw70u2F2Rn+eW9rs=,tag:zvdZbEdQzbtWgft+i00ufQ==,type:str]
 mastodon:
    smtp-password: ENC[AES256_GCM,data:ciRTgcCKueSiYerBjWHOD4c9wlpMlcV9jiFaEWFh92vgA6J9,iv:TAaPiMIL8Yfd9k4j9dN40dWqQWAPb+24ngvPC7GTrlE=,tag:+7fGAN7FKiPIWvdsQXGqxg==,type:str]
 nextcloud:
    default-password: ENC[AES256_GCM,data:mR0KRCheXh6NBVn+odK9Kx0e4njJDuZ6OS37Iw==,iv:PAb/sCt7hq5WKZwr4FMfiMqf7mGvpXQEnZcbzmDz9oI=,tag:ukBDHbFKrStXckzuE1TwJA==,type:str]
 writefreely:
    password: ENC[AES256_GCM,data:5hzvM8Aitvj4Hb/RgViV1QjsnpQqln0k1nZvEz8Y7vdZvcHo,iv:Wi+pKcGqi09050sitgxt/+hYGF2mlmYC0SDjmqSWPr4=,tag:V0KSBgIV4fgMbxuADVTxrA==,type:str]
 sops:
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3
            TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z
            R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj
            NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x
            nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU
            VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3
            YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE
            RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
            o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-02-15T06:46:07Z"
    mac: ENC[AES256_GCM,data:lnvq80oOH2pO6AxBbnjNxvz0xcukTFowcxKf24RKFf/ZouRL6uCJEWJwNCoAKCGOHibrztsGHLDL/cgOffv9CTivIYmzbB+9q2MCQNGxrSL7CkWr/mK9xb5Yz1ASvvZxcGB7WmZNVZXvjIr6mdZy50UweHJoit+oDvE03cmG9Bw=,iv:CikhhcnCE9SXpRasZEImUR6vU5cauD4YIplxPYsPo4A=,tag:+QaBv8Nrk40UCYhUskepyw==,type:str]
    pgp:
        - created_at: "2025-03-07T22:49:19Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE
            nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem
            TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2
            XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo
            QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO
            q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W
            cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw
            REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw==
            =htZl
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 KCVF4Sy49stOeQs2uunYKkvadqeimmWlJ4ucEJxfXy2z+OkkZpixUnWgJEH2nCa4
 NL/F0Wezbqvh+Texl4FlHN8PT2w/d5gdg/L+fI4jBYCvbbiHA4sdUgmXWigY8zrU
 5H7Y9mgb1Y174fA6zfTCk2fHmk+KARoV27YrS2fzGoVQiPhnvv8ZT51eF1E+Zs4I
 +YtXehxEOqYljJKYJJnF9ElzfNa8nypACGtcjTE8eEq0DlZu2U7qV+QWwQudHbcs
 MbFR2VtkHWQaNdK1vVBGND1CMlfshSCqbUzGcexownMiCVSal1RKA2uAWnYdOEc/
 QSR8cKn8QQ5dyPFCqZ8RnlCMUegCVLg5cC0/rlTUD0C/Ti2SRBYTH3HvJjmSNk8k
 3LdcNwK4YtG4d1gkqLVjwCM1Yg8I/UICb5nQYclvBz5VQ2drvL/gU/+Vc7Z5KUFI
 0G/7uNmeJ16Eky+X9c73ZZxVqm0TzDENE2GzkPhBHEfXBR+4j6m8KKEWxQmA2ZSg
 --- Oq9wU0h90iU/8g1XTNI+LuAg7t09hngj9DCK91V1+pg
 Ï‡võ’P·Êì}ÓN,×ÿWl?y0)‘eVw‰©Aði±ýê•Å<E280A2>Sm¥œ¼¸à‡ì>‰ð°ÑD“ÂQž¦C-ùëB†Ôáôôø0ŽúVµ|÷=ŽXÊ6©ë ¢œ‹W<E280B9>>ãÒì~·-qIÞ%
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,22 @@
 let
  main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
 in
 {
  "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
    main_ssh_public_key
  ];
  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
    main_ssh_public_key
  ];
  "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
  "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
  "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
  "factorio-settings.age".publicKeys = [ main_ssh_public_key ];
  "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
  "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
  "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
  "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
  "phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
  "phantom-invidious-settings.age".publicKeys = [ main_ssh_public_key ];
 }
--- a/secrets/test.yaml
+++ b/secrets/test.yaml
@ -1,55 +0,0 @@
 hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str]
 example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str]
 #ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment]
 example_array:
    - ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str]
    - ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str]
 example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float]
 example_booleans:
    - ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool]
    - ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool]
 sops:
    shamir_threshold: 1
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR
            VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW
            UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh
            a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/
            X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG
            LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl
            RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK
            NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP
            Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-03-07T22:49:01Z"
    mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str]
    pgp:
        - created_at: "2025-03-07T22:49:20Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu
            cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy
            vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt
            hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC
            t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH
            SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr
            KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me
            CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ==
            =IMON
            -----END PGP MESSAGE-----
          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/3
+++ b/3
@ -4,9 +4,6 @@ set -euo pipefail
 nix fmt
 # Allow usage of untracked files in nix code
 git add --intent-to-add .
 git --no-pager diff
 run() {
--- a/6
+++ b/6
@ -0,0 +1,6 @@
 #!/bin/sh
 ./switch \
    --option extra-substituters "http://nixcache.lelgenio.1337.cx:5000" \
    --option extra-trusted-public-keys "nixcache.lelgenio.1337.cx:HZCwDaM39BOF+MLuviMQTUrz3rBWLTLV9H+GV4zcxVI=" \
    "$@"
--- a/system/android.nix
+++ b/system/android.nix
@ -12,5 +12,6 @@
    programs.kdeconnect.enable = true;
    programs.adb.enable = true;
    services.udev.packages = [ pkgs.android-udev-rules ];
  };
 }
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -1,7 +1,7 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ pkgs, config, ... }:
+{ pkgs, ... }:
 {
  imports = [
    ./android.nix
@ -17,7 +17,6 @@
    ./locale.nix
    ./users.nix
    ./containers.nix
    ./nix-ld.nix
    ./network.nix
    ../settings
  ];
@ -43,13 +42,12 @@
  services.geoclue2.enable = true;
-  systemd.settings.Manager = {
+  systemd.extraConfig = ''
-    DefaultTimeoutStopSec = "10s";
+    DefaultTimeoutStopSec=10s
-  };
+  '';
-  services.logind.settings.Login = {
+  services.logind.extraConfig = ''
-    HandlePowerKey = "suspend";
+    HandlePowerKey=suspend
-  };
+  '';
  services.upower.enable = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/system/containers.nix
+++ b/system/containers.nix
@ -9,7 +9,6 @@
  config = lib.mkIf config.my.containers.enable {
    services.flatpak.enable = true;
    programs.appimage.enable = true;
    virtualisation.docker = {
      enable = true;
@ -33,18 +32,6 @@
    networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;
    # Docker punches holes in your firewall
    systemd.services.docker-update-firewall = {
      script = lib.getExe pkgs._docker-block-external-connections;
    };
    systemd.timers.docker-update-firewall = {
      timerConfig = {
        OnCalendar = "minutely";
        Unit = "docker-update-firewall.service";
      };
      wantedBy = [ "multi-user.target" ];
    };
    programs.extra-container.enable = true;
    programs.firejail.enable = true;
--- a/system/fonts.nix
+++ b/system/fonts.nix
@ -4,8 +4,7 @@
  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk-sans
-    noto-fonts-color-emoji
+    noto-fonts-emoji
-    nerd-fonts.fira-code
+    nerdfonts_fira_hack
    nerd-fonts.hack
  ];
 }
--- a/system/gaming.nix
+++ b/system/gaming.nix
@ -59,7 +59,5 @@
        };
      };
    };
    programs.corectrl.enable = true;
  };
 }
--- a/system/gitlab-runner.nix
+++ b/system/gitlab-runner.nix
@ -1,18 +1,21 @@
 { pkgs, lib, ... }:
 {
-  pkgs,
+  mkNixRunner =
-  lib,
+    authenticationTokenConfigFile: with lib; rec {
-  inputs ? null,
+      # File should contain at least these two variables:
-  ...
+      # `CI_SERVER_URL`
-}:
+      # `REGISTRATION_TOKEN`
-let
+      inherit authenticationTokenConfigFile; # 2
-  installNixScript =
+      dockerImage = "alpine:3.18.2";
-    {
+      dockerAllowedImages = [ dockerImage ];
-      authenticationTokenConfigFile,
+      dockerVolumes = [
-      nixCacheSshPrivateKeyPath ? null,
+        "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
-      nixCacheSshPublicKeyPath ? null,
+        "/nix/store:/nix/store:ro"
-      ...
+        "/nix/var/nix/db:/nix/var/nix/db:ro"
-    }:
+        "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
-    pkgs.writeScriptBin "install-nix" ''
+      ];
      dockerDisableCache = true;
      preBuildScript = pkgs.writeScript "setup-container" ''
        mkdir -p -m 0755 /nix/var/log/nix/drvs
        mkdir -p -m 0755 /nix/var/nix/gcroots
        mkdir -p -m 0755 /nix/var/nix/profiles
@ -26,70 +29,23 @@ let
        . ${pkgs.nix}/etc/profile.d/nix.sh
        ${pkgs.nix}/bin/nix-env -i ${
-        lib.concatStringsSep " " (
+          concatStringsSep " " (
            with pkgs;
            [
              nix
              cacert
              git
              openssh
            docker
            ]
          )
        }
      ${lib.optionalString (nixCacheSshPrivateKeyPath != null && nixCacheSshPublicKeyPath != null) ''
        NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}"
        NIX_CACHE_SSH_PUBLIC_KEY_PATH="${nixCacheSshPublicKeyPath}"
        . ${./gitlab-runner/nix-cache-start}
      ''}
      '';
 in
 rec {
  mkNixRunnerFull =
    {
      authenticationTokenConfigFile,
      nixCacheSshPrivateKeyPath ? null,
      nixCacheSshPublicKeyPath ? null,
      ...
    }@args:
    {
      # File should contain at least these two variables:
      # `CI_SERVER_URL`
      # `REGISTRATION_TOKEN`
      inherit authenticationTokenConfigFile; # 2
      dockerImage = "alpine:3.18.2";
      dockerPullPolicy = "if-not-present";
      dockerVolumes = [
        "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
        "/nix/store:/nix/store:ro"
        "/nix/var/nix/db:/nix/var/nix/db:ro"
        "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
        "/tmp:/tmp"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/var/lib/docker/containers:/var/lib/docker/containers"
        "/cache"
      ]
      ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [
        "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}"
      ]
      ++ lib.optionals (nixCacheSshPublicKeyPath != null) [
        "${nixCacheSshPublicKeyPath}:${nixCacheSshPublicKeyPath}"
      ];
      # dockerDisableCache = true;
      preBuildScript = "\". ${lib.getExe (installNixScript args)}\"";
      environmentVariables = {
        ENV = "/etc/profile";
        USER = "root";
        NIX_REMOTE = "daemon";
        PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
        NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
        NIX_PATH = if inputs != null then "nixpkgs=${inputs.nixpkgs}" else "";
      };
    };
  mkNixRunner =
    authenticationTokenConfigFile:
    mkNixRunnerFull {
      inherit authenticationTokenConfigFile;
    };
 }
--- a/system/gitlab-runner/nix-cache-start
+++ b/system/gitlab-runner/nix-cache-start
@ -1,49 +0,0 @@
 #!/bin/sh
 echo "nix-cache: Setting up ssh key and host" >&2
 STORE_HOST_PUB_KEY="$(cat "$NIX_CACHE_SSH_PUBLIC_KEY_PATH" | base64 | tr -d '\n')"
 STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
 echo STORE_URL="$STORE_URL" >&2
 NIX_EXTRA_CONFIG_FILE=$(mktemp)
 cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
  extra-substituters = $STORE_URL
 EOF
 echo "nix-cache: Adding remote cache as substituter" >&2
 export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
 echo "nix-cache: Setting up nix hook" >&2
 nix() {
    echo "nix-cache: executing nix hook" >&2
    command nix "$@"
    local STATUS="$?"
    local BUILD=no
    if test "$STATUS" = "0"; then
        for arg in "$@"; do
            echo "nix-cache: evaluating arg '$arg'" >&2
            case "$arg" in
                build)
                    echo "nix-cache: enablig upload" >&2
                    BUILD=yes
                ;;
                -*)
                    echo "nix-cache: ignoring argument '$arg'" >&2
                ;;
                *)
                    if test "$BUILD" = yes; then
                        echo "nix-cache: Sending path $arg" >&2
                        command nix copy --to "$STORE_URL" "$arg" || true
                    else
                        echo "nix-cache: not building, ignoring argument '$arg'" >&2
                    fi
                ;;
            esac
        done
    else
        echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2
    fi
    return "$STATUS"
 }
--- a/system/greetd.nix
+++ b/system/greetd.nix
@ -37,18 +37,16 @@ in
    xdg.portal = {
      enable = true;
      wlr.enable = true;
      # Always pick the first monitor, this is fine since I only ever use a single monitor
      wlr.settings.screencast.chooser_type = "none";
      # gtk portal needed to make gtk apps happy
      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
    };
    services.greetd =
      let
        start-sway = pkgs.writeShellScriptBin "start-sway" ''
          mkdir -p ~/.local/share/sway
          exec sway 2>&1 | tee -a ~/.local/share/sway/sway.log
        '';
        greetd_main_script = pkgs.writeShellScriptBin "main" ''
          export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
-          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${lib.getExe start-sway}
+          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop}
          swaymsg exit
        '';
        swayConfig = pkgs.writeText "greetd-sway-config" ''
@ -72,11 +70,11 @@ in
        enable = true;
        settings = {
          initial_session = {
-            command = lib.getExe start-sway;
+            command = desktop;
            user = "lelgenio";
          };
          default_session = {
-            command = "dbus-run-session -- ${pkgs.sway}/bin/sway --config ${swayConfig}";
+            command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
          };
        };
      };
--- a/system/locale.nix
+++ b/system/locale.nix
@ -2,7 +2,7 @@
 {
  time.timeZone = "America/Sao_Paulo";
  environment.variables.TZ = config.time.timeZone;
-  i18n.defaultLocale = "pt_BR.UTF-8";
+  i18n.defaultLocale = "pt_BR.utf8";
  # Configure keymap in X11
  services.xserver.xkb = {
--- a/system/media-packages.nix
+++ b/system/media-packages.nix
@ -14,11 +14,11 @@ in
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      down_meme
-      unstable.yt-dlp
+      yt-dlp
      ffmpeg
      obs-studio
      imagemagick
-      mpc
+      mpc-cli
      helvum
      gimp
      inkscape
--- a/system/monolith-forgejo-runner.nix
+++ b/system/monolith-forgejo-runner.nix
@ -1,12 +1,12 @@
 { pkgs, config, ... }:
 {
  services.gitea-actions-runner = {
-    package = pkgs.forgejo-runner;
+    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.lelgenio.com";
-      tokenFile = config.sops.secrets."forgejo-runners/git.lelgenio.com-default".path;
+      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
      labels = [
        # provide a debian base with nodejs for actions
        "debian-latest:docker://node:18-bullseye"
@ -17,6 +17,4 @@
      ];
    };
  };
  sops.secrets."forgejo-runners/git.lelgenio.com-default" = { };
 }
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -1,60 +1,24 @@
 {
  config,
  pkgs,
-  inputs,
+  lib,
  ...
 }:
 let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { inherit inputs; }) mkNixRunner mkNixRunnerFull;
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
 in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
-    settings.concurrent = 3;
+    settings.concurrent = 12;
    services = {
      # runner for building in docker via host's nix-daemon
      # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
+      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
-      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
+      thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
      wopus-gitlab-nix = mkNixRunnerFull {
        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
      };
      default = {
        # File should contain at least these two variables:
        # `CI_SERVER_URL`
        # `CI_SERVER_TOKEN`
        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
        dockerImage = "debian:stable";
        dockerPullPolicy = "if-not-present";
      };
    };
  };
  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
  sops.secrets = {
    "gitlab-runners/thoreb-telemetria-nix" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
    "gitlab-runners/thoreb-itinerario-nix" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
    "gitlab-runners/docker-images-token" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
    "gitlab-runners/wopus-gitlab-nix" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
  };
 }
--- a/system/mouse.nix
+++ b/system/mouse.nix
@ -10,6 +10,6 @@
    MatchBus=usb
    MatchVendor=0x046D
    MatchProduct=0x4099
-    AttrEventCode=-REL_WHEEL_HI_RES;-REL_HWHEEL_HI_RES;
+    AttrEventCode=-REL_WHEEL_HI_RES
  '';
 }
--- a/system/network.nix
+++ b/system/network.nix
@ -26,8 +26,6 @@
    };
  };
  services.fail2ban.enable = true;
  # Workaround for nm-wait-online hanging??
  # Ref: https://github.com/NixOS/nixpkgs/issues/180175
  systemd.services.NetworkManager-wait-online = {
--- a/system/nix-ld.nix
+++ b/system/nix-ld.nix
@ -1,21 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  options.my.nix-ld.enable = lib.mkEnableOption { };
  config = lib.mkIf (config.my.nix-ld.enable) {
    programs.nix-ld = {
      enable = true;
      libraries =
        with pkgs;
        # run appimages + linux games natively
        [ fuse ]
        ++ (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs)
        ++ (appimageTools.defaultFhsEnvArgs.targetPkgs pkgs);
    };
  };
 }
--- a/system/nix-serve.nix
+++ b/system/nix-serve.nix
@ -7,8 +7,6 @@
 {
  services.nix-serve = {
    enable = true;
-    secretKeyFile = config.sops.secrets."nix-serve/private-key".path;
+    secretKeyFile = config.age.secrets.monolith-nix-serve-privkey.path;
  };
  sops.secrets."nix-serve/private-key" = { };
 }
--- a/system/nix.nix
+++ b/system/nix.nix
@ -29,12 +29,16 @@ in
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
        # "http://nixcache.lelgenio.1337.cx:5000"
        "https://lelgenio.cachix.org"
        "https://wegank.cachix.org"
        "https://snowflakeos.cachix.org/"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        # "nixcache.lelgenio.1337.cx:zxCfx7S658llDgAUG0JVyNrlAdFVvPniSdDOkvfTPS8="
        "lelgenio.cachix.org-1:W8tMlmDFLU/V+6DlChXjekxoHZpjgVHZpmusC4cueBc="
        "wegank.cachix.org-1:xHignps7GtkPP/gYK5LvA/6UFyz98+sgaxBSy7qK0Vs="
        "snowflakeos.cachix.org-1:gXb32BL86r9bw1kBiw9AJuIkqN49xBvPd1ZW8YlqO70="
      ];
--- a/system/rainbow-gitlab-runner.nix
+++ b/system/rainbow-gitlab-runner.nix
@ -0,0 +1,22 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
 in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
    settings.concurrent = 6;
    services = {
      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
      thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
    };
  };
  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
 }
--- a/system/secrets.nix
+++ b/system/secrets.nix
@ -0,0 +1,13 @@
 { pkgs, ... }:
 {
  age = {
    identityPaths = [ "/root/.ssh/id_rsa" ];
    secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
    secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
    secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
    secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
    secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
    secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
    secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
  };
 }
--- a/system/sops.nix
+++ b/system/sops.nix
@ -1,15 +0,0 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    sops
    gnupg
  ];
  sops = {
    defaultSopsFile = ../secrets/test.yaml;
    age.sshKeyPaths = [
      "/etc/ssh/ssh_host_ed25519_key"
      "/home/lelgenio/.ssh/id_ed25519"
    ];
  };
 }
--- a/system/sound.nix
+++ b/system/sound.nix
@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  services.pulseaudio.enable = false;
+  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
--- a/user/alacritty.nix
+++ b/user/alacritty.nix
@ -61,7 +61,7 @@ in
                  delimiters = ''^\\u0000-\\u001F\\u007F-\\u009F<>"\\s{-}\\^⟨⟩`'';
                  # Kakoune uses these characters to represent whitespace,
                  # but alacritty doesn't know about them
-                  whitespace_characters = "¬·→";
+                  whitespace_characters = ''¬·→'';
                in
                "${mimes}[${delimiters}${whitespace_characters}]+";
              command = "xdg-open";
--- a/user/chat.nix
+++ b/user/chat.nix
@ -10,12 +10,12 @@
    extraConfig = ''
      exec thunderbird
      exec discordcanary
-      exec Telegram
+      exec telegram-desktop
    '';
  };
  home.packages = with pkgs; [
-    telegram-desktop
+    tdesktop
    discord-canary
    thunderbird
    element-desktop
--- a/user/dummy.nix
+++ b/user/dummy.nix
@ -1,7 +1,6 @@
 { lib, ... }:
 {
  options.my = {
    nix-ld.enable = lib.mkEnableOption { };
    android.enable = lib.mkEnableOption { };
    media-packages.enable = lib.mkEnableOption { };
    containers.enable = lib.mkEnableOption { };
--- a/user/firefox.nix
+++ b/user/firefox.nix
@ -1,11 +1,12 @@
 {
  config,
  pkgs,
  lib,
  font,
  ...
 }:
 let
-  inherit (config.my.theme) color;
+  inherit (config.my) desktop browser;
  bugfixedFirefox = pkgs.firefox-devedition-unwrapped // {
    requireSigning = false;
    allowAddonSideload = true;
@ -27,15 +28,15 @@ in
            url = "https://addons.mozilla.org/firefox/downloads/file/4202411/sponsorblock-5.4.29.xpi";
            hash = "sha256-7Xqc8cyQNylMe5/dgDOx1f2QDVmz3JshDlTueu6AcSg=";
          })
-          # (pkgs.fetchFirefoxAddon {
+          (pkgs.fetchFirefoxAddon {
-          #   name = "tree-style-tab";
+            name = "tree-style-tab";
-          #   url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi";
-          #   hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo=";
+            hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo=";
-          # })
+          })
          (pkgs.fetchFirefoxAddon {
            name = "ublock-origin";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4492375/ublock_origin-1.64.0.xpi";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi";
-            hash = "sha256-ueHIaL0awd78q/LgF3bRqQ7/ujSwf+aiE1DUXwIuDp8=";
+            hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo=";
          })
          (pkgs.fetchFirefoxAddon {
            name = "user_agent_string_switcher";
@ -55,20 +56,10 @@ in
            hash = "sha256-lKLX6IWWtliRdH1Ig33rVEB4DVfbeuMw0dfUPV/mSSI=";
          })
          (pkgs.fetchFirefoxAddon {
-            name = "unhook";
+            name = "invidious_redirect";
-            url = "https://addons.mozilla.org/firefox/downloads/file/4263531/youtube_recommended_videos-1.6.7.xpi";
+            url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";
-            hash = "sha256-u21ouN9IyOzkTkFSeDz+QBp9psJ1F2Nmsvqp6nh0DRU=";
+            hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8=";
          })
          (pkgs.fetchFirefoxAddon {
            name = "youtube_no_translation";
            url = "https://addons.mozilla.org/firefox/downloads/file/4561536/youtube_no_translation-2.11.0.xpi";
            hash = "sha256-8VpoUDbvZZf0oYGSHnXEiYDjfcPjQqtbDaxp5ndAJ94=";
          })
          # (pkgs.fetchFirefoxAddon {
          #   name = "invidious_redirect";
          #   url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi";
          #   hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8=";
          # })
          (pkgs.fetchFirefoxAddon {
            name = "substitoot";
@ -93,14 +84,13 @@ in
        dev-edition-default = {
          isDefault = true;
          search.force = true;
-          search.default = "ddg";
+          search.default = "DuckDuckGo";
          settings = {
            "devtools.theme" = "auto";
            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
            "browser.tabs.inTitlebar" = if desktop == "sway" then 0 else 1;
            "sidebar.position_start" = false; # Move sidebar to the right
            "browser.tabs.groups.enabled" = true;
            # enable media RDD to allow gpu acceleration
            "media.rdd-ffmpeg.enabled" = true;
            "media.rdd-ffvpx.enabled" = true;
@ -117,6 +107,8 @@ in
            "media.ffmpeg.vaapi.enabled" = true;
            "media.ffvpx.enabled" = true;
            "gfx.webrender.all" = true;
            # Enable installing non signed extensions
            "extensions.langpacks.signatures.required" = false;
            "xpinstall.signatures.required" = false;
@ -127,27 +119,65 @@ in
            "devtools.chrome.enabled" = true;
            "devtools.debugger.remote-enabled" = true;
          };
-          userChrome = ''
+          userChrome =
-            #sidebar-main {
+            if desktop == "sway" then
-              background-color: ${color.bg};
+              ''
                #titlebar { display: none !important; }
                #TabsToolbar { display: none !important; }
                #sidebar-header { display: none !important; }
              ''
            else
              ''
                /* Element | chrome://browser/content/browser.xhtml */
                #navigator-toolbox {
                  display: grid;
                  grid-template-columns: 1fr 50px;
                  overflow: hidden;
                }
-            #tabbrowser-tabbox {
+                /* Element | chrome://browser/content/browser.xhtml */
-              outline-width: 0 !important;
+
                #nav-bar {
                  flex: 1;
                  width: 100%;
                  grid-column: 1 / 3;
                  grid-row: 1;
                  z-index: 0;
                  padding-right: 29px !important;
                }
                /* Element | chrome://browser/content/browser.xhtml */
                .toolbar-items {
                  display: none;
                }
                /* Element | chrome://browser/content/browser.xhtml */
                #TabsToolbar {
                  max-width: 50px;
                }
                /* Element | chrome://browser/content/browser.xhtml */
                #titlebar {
                  max-width: 50px;
                  grid-area: 1 / 2;
                  z-index: 10;
                }
              '';
        };
      };
    };
    home.packages = with pkgs; [
      nix-prefetch-firefox-extension
    ];
    wayland.windowManager.sway = {
      extraConfig = ''
-        exec firefox-devedition
+        exec firefox
      '';
    };
    home.sessionVariables = {
      MOZ_ENABLE_WAYLAND = "1";
      MOZ_DISABLE_RDD_SANDBOX = "1";
    };
  };
 }
--- a/user/fish/default.nix
+++ b/user/fish/default.nix
@ -35,14 +35,6 @@ in
        set_color normal
        bind \cy 'commandline | wl-copy -n'
        function envsource
          for line in (cat $argv | grep -v '^#' |  grep -v '^\s*$' | sed -e 's/=/ /' -e "s/'//g" -e 's/"//g' )
            set export (string split ' ' $line)
            set -gx $export[1] $export[2]
            echo "Exported key $export[1]"
          end
        end
      '';
      shellAliases = {
        rm = "trash";
@ -64,7 +56,7 @@ in
        suv = "systemct --user";
        # docker abbrs
        d = "docker";
-        dc = "docker compose";
+        dc = "docker-compose";
        # git abbrs
        g = "git";
        ga = "git add";
--- a/user/gaming.nix
+++ b/user/gaming.nix
@ -17,7 +17,7 @@ in
      # steam # It's enabled in the system config
      tlauncher
      gamescope
-      mesa-demos
+      glxinfo
      vulkan-tools
    ];
  };
--- a/user/git.nix
+++ b/user/git.nix
@ -18,41 +18,15 @@ in
          email = mail.personal.user;
        };
        init.defaultBranch = "main";
-        core = {
+        commit.verbose = true;
-          fsmonitor = true;
+        push.autoSetupRemote = true;
          untrackedCache = true;
        };
        commit = {
          verbose = true;
        };
        fetch = {
          prune = true;
          all = true;
        };
        push = {
          autoSetupRemote = true;
          default = "simple";
          followTags = true;
        };
        pull.rebase = true;
-        tag.sort = "version:refname";
+        merge.conflictStyle = "diff3";
-        merge.conflictStyle = "zdiff3";
+        rerere.enabled = true;
        rerere = {
          enabled = true;
          autoupdate = true;
        };
        branch.sort = "-committerdate";
        diff = {
          algorithm = "histogram";
          colorMoved = "plain";
          mnemonicPrefix = true;
          renames = true;
        };
        rebase = {
          abbreviateCommands = true;
          autoSquash = true;
          autoStash = true;
          updateRefs = true;
        };
        pager = {
          log = "${pkgs._diffr}/bin/_diffr | ${pkgs.kak-pager}/bin/kak-pager";
--- a/user/gnome.nix
+++ b/user/gnome.nix
@ -35,7 +35,6 @@ lib.mkIf (config.my.desktop == "gnome") {
    amberol
    pitivi
    keepassxc
    menulibre
    libsForQt5.qt5ct
    libsForQt5.qtstyleplugin-kvantum
@ -43,7 +42,7 @@ lib.mkIf (config.my.desktop == "gnome") {
    qt6Packages.qtstyleplugin-kvantum
  ];
-  services.gpg-agent.pinentry.package = pkgs.pinentry-gnome;
+  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome;
  xdg.defaultApplications = {
    enable = lib.mkForce false;
--- a/user/home-manager.nix
+++ b/user/home-manager.nix
@ -1,28 +0,0 @@
 { pkgs, lib, ... }:
 {
  programs.home-manager.enable = true;
  systemd.user.services.home-manager-expire = {
    Unit = {
      Description = "Remove old home-manager generations";
    };
    Service = {
      Type = "oneshot";
      ExecStart = pkgs.writeShellScript "home-manager-expire" ''
        ${lib.getExe pkgs.home-manager} expire-generations 7d
      '';
    };
  };
  systemd.user.timers.home-manager-expire = {
    Unit = {
      Description = "Remove old home-manager generations";
    };
    Timer = {
      OnCalendar = "daily";
      Unit = "home-manager-expire.service";
    };
    Install = {
      WantedBy = [ "timers.target" ];
    };
  };
 }
--- a/user/home.nix
+++ b/user/home.nix
@ -9,7 +9,6 @@
 {
  imports = [
    ./dummy.nix
    ./home-manager.nix
    ./waybar
    ./helix.nix
    ./kakoune
@ -24,7 +23,6 @@
    ./mpv.nix
    ./mangohud.nix
    ./gaming.nix
    ./lsfg-vk
    ./pipewire.nix
    ./mimeapps.nix
    ./desktop-entries.nix
@ -37,17 +35,15 @@
    ./pass.nix
    ./pqiv.nix
    ./zathura.nix
    ./satty
    ./man.nix
    ./mpd.nix
    ./sway
    ./gnome.nix
    ./thunar.nix
    ./xdg-dirs.nix
-    inputs.nix-index-database.homeModules.nix-index
+    inputs.nix-index-database.hmModules.nix-index
    ../settings
    ./powerplay-led-idle.nix
    ./rm-target.nix
  ];
  my = import ./variables.nix // {
@ -61,6 +57,8 @@
  home.username = "lelgenio";
  home.homeDirectory = "/home/lelgenio";
  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
  home.packages = with pkgs; [
    terminal
@ -73,14 +71,12 @@
    gavin-bc
    file
    jq
-    dust
+    du-dust
    p7zip
    tealdeer
    micro
    _diffr
    br # bulk rename
    bcrypt
    semver-tool
    comma
@ -114,6 +110,9 @@
    deluge
    nicotine-plus
    ## Nix secrets management
    inputs.agenix.packages.x86_64-linux.default
    ## Programming
    # rustup
@ -148,14 +147,12 @@
    enable = true;
  };
  sops.age.sshKeyPaths = [ (config.home.homeDirectory + "/.ssh/id_ed25519") ];
  xdg.defaultApplications = {
    enable = true;
    text-editor = lib.mkDefault "kak.desktop";
    image-viewer = lib.mkDefault "pqiv.desktop";
    video-player = lib.mkDefault "mpv.desktop";
-    web-browser = lib.mkDefault "firefox-devedition.desktop";
+    web-browser = lib.mkDefault "firefox.desktop";
    document-viewer = lib.mkDefault "org.pwmt.zathura.desktop";
    file-manager = lib.mkDefault "thunar.desktop";
    archive-manager = "engrampa.desktop";
@ -172,6 +169,30 @@
        exec nicotine
      '';
  systemd.user.services.rm-target = {
    Unit = {
      Description = "Remove directories named 'target'";
    };
    Service = {
      Type = "oneshot";
      ExecStart = pkgs.writeShellScript "rm-target" ''
        sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
      '';
    };
  };
  systemd.user.timers.rm-target = {
    Unit = {
      Description = "Remove directories named 'target'";
    };
    Timer = {
      OnCalendar = "weekly";
      Unit = "rm-target.service";
    };
    Install = {
      WantedBy = [ "timers.target" ];
    };
  };
  # This value determines the Home Manager release that your
  # configuration is compatible with. This helps avoid breakage
  # when a new Home Manager release introduces backwards
--- a/user/kakoune/default.nix
+++ b/user/kakoune/default.nix
@ -82,9 +82,6 @@ in
            rev = "1cc6baeb14b773916eb9209469aa77b3cfa67a0a";
            sha256 = "sha256-3PLxG9UtT0MMSibvTviXQIgTH3rApZ3WSbNCEH3c7HE=";
          };
          buildInputs = with pkgs; [
            python3Minimal
          ];
        })
      ];
      extraConfig =
@ -110,7 +107,6 @@ in
          set global scrolloff 10,20
          set global autoreload yes
          set global startup_info_version 99999999
          set global grepcmd 'rg -Hn'
        ''
        + (import ./colors.nix {
@ -130,7 +126,7 @@ in
      terminal
      ranger
      bmenu
-      kakoune-lsp
+      kak-lsp
      kak-tree-sitter
      kak-pager
      kak-man-pager
@ -142,8 +138,6 @@ in
      aspell
      aspellDicts.en
      aspellDicts.pt_BR
      ripgrep
    ];
    home.activation = {
      update_kakoune = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
--- a/user/kakoune/filetypes.kak
+++ b/user/kakoune/filetypes.kak
@ -15,16 +15,8 @@ hook global WinSetOption filetype=nix %{
    set buffer formatcmd 'nixfmt'
 }
 hook global BufCreate .*\.json %{
    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
 }
 hook global BufCreate .*\.ya?ml %{
    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
 }
 hook global BufCreate .*\.html %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser html'
 }
 hook global BufCreate .*\.component\.html %{
@ -43,23 +35,11 @@ hook global BufCreate .*\.php %{
 }
 hook global BufCreate .*\.js %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser babel'
 }
 hook global BufCreate .*\.jsx %{
    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
 }
 hook global BufCreate .*\.ts %{
    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
 }
 hook global BufCreate .*\.tsx %{
    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
 }
 hook global BufCreate .*\.scss %{
-    set buffer formatcmd "prettier --stdin-filepath='%val{buffile}'"
+    set buffer formatcmd 'prettier --parser scss'
 }
 hook global BufCreate .*\.vue %{
--- a/user/kakoune/hooks.kak
+++ b/user/kakoune/hooks.kak
@ -15,7 +15,6 @@ hook global NormalIdle .* %{ evaluate-commands %sh{
 define-command -hidden -override git-try-show-diff %{
    evaluate-commands -draft %sh{
        test -f "$kak_buffile" || exit 0
        echo "$kak_buffile" | grep '/\.git/' > /dev/null && exit 0
        cd $(dirname "$kak_buffile")
        git rev-parse --git-dir > /dev/null &&
        echo "git show-diff"
--- a/user/lsfg-vk/default.nix
+++ b/user/lsfg-vk/default.nix
@ -1,40 +0,0 @@
 { pkgs, config, ... }:
 let
  LosslessDllPath = config.home.homeDirectory + "/.local/lib/Lossless.dll";
 in
 {
  home.file = {
    ".local/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json".source =
      "${pkgs.lsfg-vk}/share/vulkan/implicit_layer.d/VkLayer_LS_frame_generation.json";
    ".local/lib/liblsfg-vk.so".source = "${pkgs.lsfg-vk}/lib/liblsfg-vk.so";
  };
  home.sessionVariables = {
    # ENABLE_LSFG = 1; # Don't enable session wide, to avoid bugs
    LSFG_DLL_PATH = LosslessDllPath;
  };
  home.packages = with pkgs; [
    lsfg-vk
    lsfg-vk-ui
  ];
  # Put the dll in a reachable location for steam games
  # Secrets normally are a symlink to /run/user/1000/secrets.d/
  # Every time sops-nix.service runs, we copy the dll
  systemd.user.services.copy-lsfg-dll = {
    Service = {
      ExecStart = pkgs.writeShellScript "copy-lsfg-dll" ''
        cp -fv "${config.sops.secrets."lsfg.dll".path}" "${LosslessDllPath}"
      '';
      Type = "oneshot";
    };
    Unit.After = [ "sops-nix.service" ];
    Install.WantedBy = [ "sops-nix.service" ];
  };
  sops.secrets."lsfg.dll" = {
    sopsFile = ../../secrets/lsfg.dll.gpg;
    format = "binary";
  };
 }
--- a/user/mangohud.nix
+++ b/user/mangohud.nix
@ -1,102 +1,68 @@
-{
+{ config, lib, ... }:
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.mangohud;
  settings = {
    # Display
    no_display = true; # Hidden by default
    font_size = "20";
    toggle_preset = "Control_R+F9";
    toggle_fps_limit = "Shift_R+F10";
    toggle_hud_position = "Shift_R+F11";
    toggle_hud = "Shift_R+F12";
    # GPU
    pci_dev = "0:03:00.0";
    gpu_text = "RX 7800 XT";
    gpu_stats = true;
    gpu_load_change = true;
    gpu_load_value = "50,90";
    gpu_load_color = "FFFFFF,FFAA7F,CC0000";
    gpu_voltage = true;
    # throttling_status = true;
    gpu_core_clock = true;
    gpu_mem_clock = true;
    gpu_temp = true;
    gpu_mem_temp = true;
    gpu_junction_temp = true;
    gpu_fan = true;
    gpu_power = true;
    gpu_power_limit = true;
    # CPU
    cpu_text = "R7 8700G";
    cpu_stats = true;
    core_load = true;
    core_bars = true;
    cpu_load_change = true;
    cpu_load_value = "50,90";
    cpu_load_color = "FFFFFF,FFAA7F,CC0000";
    cpu_mhz = true;
    cpu_temp = true;
    cpu_power = true;
    io_read = true;
    io_write = true;
    # RAM
    swap = true;
    vram = true;
    vram_color = "AD64C1";
    ram = true;
    ram_color = "C26693";
    procmem = true;
    # FPS
    fps = true;
    fps_metrics = "avg,0.01";
    frame_timing = true;
    frametime_color = "FFFFFF";
    # throttling_status_graph = true;
    show_fps_limit = true;
    fps_limit = "288,0,30,60,75,90,120,144";
    # Extra
    resolution = true;
    fsr = true;
    winesync = true;
    present_mode = true;
    fps_color_change = true;
    fps_color = "B22222,FDFD09,39F900";
    fps_value = "60,144";
  };
 in
 {
  options.my.mangohud.enable = lib.mkEnableOption { };
-  config = lib.mkIf cfg.enable {
+  config.programs.mangohud = lib.mkIf cfg.enable {
    programs.mangohud = {
    enable = true;
    enableSessionWide = true;
-      inherit settings;
+    settings = {
-    };
+      full = true;
      # histogram = true;
      no_display = true;
      fps_limit = "0,30,60,72,90,120,144,240,288,320";
      toggle_fps_limit = "Shift_R+F10";
      toggle_preset = "Control_R+F9";
      fps_metrics = "Control_R+F8";
-    # Have the config file be a regular file and not a symlink, so it's easy to tinker with it
+      # legacy_layout = "false";
-    xdg.configFile."MangoHud/MangoHud.conf" = {
+      # gpu_stats = true;
-      target = "MangoHud/MangoHud.conf.tmp";
+      # gpu_temp = true;
-      onChange = ''
+      # gpu_core_clock = true;
-        mkdir -p "${config.xdg.configHome}/MangoHud"
+      # gpu_mem_clock = true;
-        if [ -L "${config.xdg.configHome}/MangoHud/MangoHud.conf" ]; then
+      # gpu_power = true;
-          rm "${config.xdg.configHome}/MangoHud/MangoHud.conf"
+      # gpu_load_change = true;
-        fi
+      # gpu_load_value = "50,90";
-        ${pkgs.coreutils}/bin/cp --dereference "${config.xdg.configHome}/MangoHud/MangoHud.conf.tmp" "${config.xdg.configHome}/MangoHud/MangoHud.conf"
+      gpu_load_color = "FFFFFF,FFAA7F,CC0000";
-      '';
+      # gpu_text = "GPU";
      # cpu_stats = true;
      # cpu_temp = true;
      # cpu_power = true;
      # cpu_mhz = true;
      # cpu_load_change = true;
      # core_load_change = true;
      # cpu_load_value = "50,90";
      cpu_load_color = "FFFFFF,FFAA7F,CC0000";
      cpu_color = "2e97cb";
      # cpu_text = "CPU";
      # io_stats = true;
      # io_read = true;
      # io_write = true;
      io_color = "a491d3";
      # swap = true;
      # vram = true;
      vram_color = "ad64c1";
      # ram = true;
      ram_color = "c26693";
      # fps = true;
      engine_color = "eb5b5b";
      gpu_color = "2e9762";
      wine_color = "eb5b5b";
      # frame_timing = "1";
      frametime_color = "00ff00";
      media_player_color = "ffffff";
      background_alpha = "0.8";
      font_size = "24";
      background_color = "020202";
      position = "top-left";
      # text_color = "ffffff";
      round_corners = "10";
      toggle_hud = "Shift_R+F12";
      # toggle_logging = "Shift_L+F12";
      # output_folder = "/home/lelgenio";
    };
  };
 }
--- a/user/ranger/default.nix
+++ b/user/ranger/default.nix
@ -19,7 +19,7 @@
    wl-clipboard
    highlight # syntax highlight
-    poppler-utils # pdf preview
+    poppler_utils # pdf preview
    ffmpeg # audio preview
    ffmpegthumbnailer # video preview
    fontforge # font preview
--- a/user/ranger/rc.conf
+++ b/user/ranger/rc.conf
@ -27,10 +27,10 @@ set confirm_on_delete multiple
 # Use non-default path for file preview script?
 # ranger ships with scope.sh, a script that calls external programs (see
 # README.md for dependencies) to preview images, archives, etc.
-# set preview_script ~/.config/ranger/scope.sh
+set preview_script ~/.config/ranger/scope.sh
 # Use the external preview script or display simple plain text or image previews?
-# set use_preview_script true
+set use_preview_script true
 # Automatically count files in the directory, even before entering them?
 set automatically_count_files true
@ -40,7 +40,7 @@ set automatically_count_files true
 set open_all_images true
 # Be aware of version control systems and display information.
-set vcs_aware false
+set vcs_aware true
 # State of the four backends git, hg, bzr, svn. The possible states are
 # disabled, local (only show local info), enabled (show local and remote
--- a/user/rm-target.nix
+++ b/user/rm-target.nix
@ -1,26 +0,0 @@
 { pkgs, lib, ... }:
 {
  systemd.user.services.rm-target = {
    Unit = {
      Description = "Remove directories named 'target'";
    };
    Service = {
      Type = "oneshot";
      ExecStart = pkgs.writeShellScript "rm-target" ''
        sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
      '';
    };
  };
  systemd.user.timers.rm-target = {
    Unit = {
      Description = "Remove directories named 'target'";
    };
    Timer = {
      OnCalendar = "weekly";
      Unit = "rm-target.service";
    };
    Install = {
      WantedBy = [ "timers.target" ];
    };
  };
 }
--- a/user/rofi.nix
+++ b/user/rofi.nix
@ -18,7 +18,7 @@ in
  config = {
    programs.rofi = {
      enable = true;
-      package = pkgs.rofi.override {
+      package = pkgs.rofi-wayland.override {
        plugins = with pkgs; [
          rofi-emoji
          rofi-file-browser
--- a/Show more
+++ b/Show more