kak: fix multiline-edit extension

ranger: disable preview scripts and vcs support, making it very fast
update
2025-04-05 14:02:55 -03:00 · 2025-04-04 21:15:12 -03:00 · 2025-04-04 21:15:12 -03:00 · 2025-04-02 17:11:01 -03:00 · 2025-03-28 20:22:34 -03:00 · 2025-03-27 21:09:14 -03:00
39 changed files with 592 additions and 156 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,28 @@
+keys:
+  - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
+  - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
+  - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
+  - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
+
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - pgp:
+      - *lelgenio-gpg
+      age:
+      - *lelgenio-ssh
+      - *monolith-ssh
+  - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - pgp:
+      - *lelgenio-gpg
+      age:
+      - *lelgenio-ssh
+      - *monolith-ssh
+  - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - pgp:
+      - *lelgenio-gpg
+      age:
+      - *lelgenio-ssh
+      - *phantom-ssh
--- a/flake.lock
+++ b/flake.lock
@ -73,6 +73,22 @@
        "url": "https://git.lelgenio.com/lelgenio/catboy-spinner"
      }
    },
+    "contador-da-viagem": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1742610036,
+        "narHash": "sha256-sY1iheemazmIVJAnoFtut6cN7HX/C5OMDY54UrmCoqE=",
+        "ref": "refs/heads/main",
+        "rev": "efe5ac4a16de7f78824ac89dc987ef635afa5267",
+        "revCount": 4,
+        "type": "git",
+        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
+      }
+    },
    "crane": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -209,11 +225,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740485968,
-        "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
+        "lastModified": 1741786315,
+        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
+        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
        "type": "github"
      },
      "original": {
@ -227,11 +243,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1739502527,
-        "narHash": "sha256-KMLNOCWmqdDeAZV5O1ccRmVqRutDcy4IONJin3lzd0Q=",
+        "lastModified": 1742179690,
+        "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=",
        "owner": "lelgenio",
        "repo": "dzgui-nix",
-        "rev": "06fcea9445b5a005b40469a69f57f2147398bc94",
+        "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4",
        "type": "github"
      },
      "original": {
@ -440,11 +456,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1739757849,
-        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
+        "lastModified": 1742655702,
+        "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
+        "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff",
        "type": "github"
      },
      "original": {
@ -481,11 +497,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740281615,
-        "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=",
+        "lastModified": 1742701275,
+        "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023",
+        "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
        "type": "github"
      },
      "original": {
@ -504,11 +520,11 @@
        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
-        "lastModified": 1740437053,
-        "narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
+        "lastModified": 1742413977,
+        "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
+        "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
        "type": "gitlab"
      },
      "original": {
@ -551,11 +567,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1740367490,
-        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
+        "lastModified": 1743095683,
+        "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
+        "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
        "type": "github"
      },
      "original": {
@ -612,11 +628,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1740339700,
-        "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=",
+        "lastModified": 1742937945,
+        "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195",
+        "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
        "type": "github"
      },
      "original": {
@ -709,6 +725,7 @@
      "inputs": {
        "agenix": "agenix",
        "catboy-spinner": "catboy-spinner",
+        "contador-da-viagem": "contador-da-viagem",
        "demoji": "demoji",
        "dhist": "dhist",
        "disko": "disko",
@ -722,6 +739,7 @@
        "nixpkgs-unstable": "nixpkgs-unstable",
        "plymouth-themes": "plymouth-themes",
        "ranger-icons": "ranger-icons",
+        "sops-nix": "sops-nix",
        "tlauncher": "tlauncher",
        "tomater": "tomater",
        "treefmt-nix": "treefmt-nix",
@ -775,6 +793,26 @@
        "type": "github"
      }
    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1742700801,
+        "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -922,11 +960,11 @@
        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
-        "lastModified": 1739829690,
-        "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
+        "lastModified": 1743081648,
+        "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "3d0579f5cc93436052d94b73925b48973a104204",
+        "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7",
        "type": "github"
      },
      "original": {
@ -937,11 +975,11 @@
    },
    "vpsadminos": {
      "locked": {
-        "lastModified": 1740082937,
-        "narHash": "sha256-HcTWGIzG2leM0gZabg9lkY7iLwvAe49lqXEzez/Rp/s=",
+        "lastModified": 1743047409,
+        "narHash": "sha256-WTUW2GZqHknVwEbzF/TeX2eg52414gfl6hXloDDwEsQ=",
        "owner": "vpsfreecz",
        "repo": "vpsadminos",
-        "rev": "521427c69173bc443de940ba88d4f58d5fa8d8e2",
+        "rev": "cf9324b9ff855172bd9de8aa3b8215071c4a0c6f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -26,6 +26,11 @@
      inputs.home-manager.follows = "home-manager";
    };

+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
      inputs.nixpkgs.follows = "nixpkgs";
@ -51,6 +56,10 @@
    wl-crosshair.url = "github:lelgenio/wl-crosshair";
    warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
    made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
+    contador-da-viagem = {
+      url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem";
+      flake = false;
+    };
    catboy-spinner = {
      url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
      flake = false;
@ -96,10 +105,12 @@
          { nixpkgs.pkgs = pkgs; }
          ./system/configuration.nix
          ./system/secrets.nix
+          ./system/sops.nix
          ./system/greetd.nix
          { login-manager.greetd.enable = desktop == "sway"; }

          inputs.agenix.nixosModules.default
+          inputs.sops-nix.nixosModules.default
          inputs.home-manager.nixosModules.home-manager
          inputs.disko.nixosModules.disko
          (
@ -139,6 +150,7 @@
          modules = [
            ./hosts/monolith
            ./system/monolith-gitlab-runner.nix
+            ./system/monolith-bitbucket-runner.nix
            ./system/monolith-forgejo-runner.nix
            ./system/nix-serve.nix
          ] ++ common_modules;
@ -147,7 +159,6 @@
          inherit system specialArgs;
          modules = [
            ./hosts/double-rainbow.nix
-            ./system/rainbow-gitlab-runner.nix
          ] ++ common_modules;
        };
        pixie = lib.nixosSystem {
--- a/hosts/double-rainbow.nix
+++ b/hosts/double-rainbow.nix
@ -19,6 +19,8 @@ in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

+  my.nix-ld.enable = true;
+
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
--- a/hosts/monolith/amdgpu.nix
+++ b/hosts/monolith/amdgpu.nix
@ -14,12 +14,11 @@ in
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "video=DP-1:1920x1080@144"
-    "amdgpu.ppfeaturemask=0xfffd7fff" # enable undervolting
  ];

  systemd.services.amd-fan-control = {
    script = ''
-      ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 85
+      ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 90 0 80
    '';
    serviceConfig = {
      Restart = "always";
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -42,6 +42,7 @@ in
  };

  my.gaming.enable = true;
+  my.nix-ld.enable = true;

  boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];

--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@ -23,11 +23,12 @@
  systemd.services.factorio-backup-save = {
    description = "Backup factorio saves";
    script = ''
+      FILENAME="space-age-$(date --iso=seconds | tr ':' '_').zip"
      ${lib.getExe pkgs.rsync} \
        -av  \
        --chown=lelgenio \
        /var/lib/factorio/saves/default.zip \
-        ~lelgenio/Documentos/GameSaves/factorio_saves/space-age-$(date --iso=seconds).zip
+        ~lelgenio/Documentos/GameSaves/factorio_saves/$FILENAME
    '';
    serviceConfig.Type = "oneshot";
    wantedBy = [ "multi-user.target" ];
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@ -2,12 +2,16 @@
  config,
  pkgs,
  inputs,
+  lib,
  ...
 }:
 {
  imports = [
    inputs.vpsadminos.nixosConfigurations.container
    inputs.agenix.nixosModules.default
+    inputs.sops-nix.nixosModules.default
+
+    ../../system/sops.nix
    ../../system/nix.nix
    ./hardware-config.nix
    ./mastodon.nix
@ -57,6 +61,15 @@
    identityPaths = [ "/root/.ssh/id_rsa" ];
  };

+  sops = {
+    secrets.hello = { };
+    defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;
+  };
+
+  environment.etc."teste-sops" = {
+    text = config.sops.secrets.hello.path;
+  };
+
  virtualisation.docker = {
    enable = true;
    daemon.settings = {
--- a/hosts/phantom/goofs.nix
+++ b/hosts/phantom/goofs.nix
@ -43,4 +43,9 @@
    forceSSL = true;
    root = inputs.hello-fonts;
  };
+  services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = {
+    enableACME = true;
+    forceSSL = true;
+    root = inputs.contador-da-viagem;
+  };
 }
--- a/hosts/phantom/hardware-config.nix
+++ b/hosts/phantom/hardware-config.nix
@ -5,7 +5,7 @@
    options = [ "nofail" ];
  };
  fileSystems."/var/lib/mastodon" = {
-    device = "172.16.130.7:/nas/5749/mastodon";
+    device = "172.16.131.19:/nas/5749/mastodon";
    fsType = "nfs";
    options = [ "nofail" ];
  };
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@ -1,10 +1,10 @@
 { factorio-headless, pkgs }:

 factorio-headless.overrideAttrs (_: rec {
-  version = "2.0.28";
+  version = "2.0.39";
  src = pkgs.fetchurl {
    name = "factorio_headless_x64-${version}.tar.xz";
    url = "https://www.factorio.com/get-download/${version}/headless/linux64";
-    hash = "sha256-6pk3tq3HoY4XpOHmSZLsOJQHSXs25oKAuxT83UyITdM=";
+    hash = "sha256-D4o9DkN5e1/02LhdfDNLCVo/B9mqf4Cx6H+Uk5qT3zQ=";
  };
 })
--- a/scripts/amd-fan-control
+++ b/scripts/amd-fan-control
@ -39,10 +39,31 @@ if [ -z "$TEMP_MAX" ];then
  bail "No maximum temperature provided"
 fi

-PWM_MIN=0
-PWM_MAX=255
+PWM_MIN_PCT="$4"
+PWM_MAX_PCT="$5"
+
+if [ -z "$PWM_MIN_PCT" ];then
+  bail "No minimum fan speed % not provided"
+fi
+
+if [ -z "$PWM_MAX_PCT" ];then
+  bail "No maximum fan speed % not provided"
+fi
+
+PWM_MIN="$(( $PWM_MIN_PCT * 255 / 100))"
+PWM_MAX="$(( $PWM_MAX_PCT * 255 / 100))"

 echo "Running..." >&2
+
+echo "TEMP_MIN=$TEMP_MIN°C"
+echo "TEMP_MAX=$TEMP_MAX°C"
+echo "FAN_MIN=$PWM_MIN_PCT%"
+echo "FAN_MAX=$PWM_MAX_PCT%"
+
+echo 1 > "$HWMON/pwm1_enable"
+
+PREV=0
+
 while true; do
    TEMPERATURE_RAW=$(cat "$TEMP_INPUT")
    TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))"
@ -55,7 +76,11 @@ while true; do
        PWM=$PWM_MIN
    fi

-    echo 1 > "$HWMON/pwm1_enable"
-    echo "$PWM" > "$HWMON/pwm1"
+    AVG="$(( ($PWM * 20 + $PREV * 80) / 100 ))"
+
+    echo "$AVG"
+
+    echo "$AVG" > "$HWMON/pwm1"
+    PREV="$AVG"
    sleep .1s
 done
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@ -0,0 +1,55 @@
+forgejo-runners:
+    git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str]
+gitlab-runners:
+    thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
+    thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
+    docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
+bitbucket-runners:
+    wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str]
+    wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str]
+    wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str]
+    wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk
+            SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts
+            Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1
+            U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys
+            f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD
+            a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw
+            K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3
+            aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
+            jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-07T21:28:04Z"
+    mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str]
+    pgp:
+        - created_at: "2025-03-07T22:49:16Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6
+            YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl
+            iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo
+            N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs
+            86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3
+            JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS
+            Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi
+            czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g==
+            =Yqqx
+            -----END PGP MESSAGE-----
+          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4-unstable
--- a/secrets/phantom/default.yaml
+++ b/secrets/phantom/default.yaml
@ -0,0 +1,54 @@
+hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str]
+example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str]
+#ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str]
+    - ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str]
+example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
+    - ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3
+            TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z
+            R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj
+            NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x
+            nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU
+            VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3
+            YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE
+            RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
+            o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-05T22:27:18Z"
+    mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str]
+    pgp:
+        - created_at: "2025-03-07T22:49:19Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE
+            nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem
+            TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2
+            XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo
+            QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO
+            q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W
+            cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw
+            REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw==
+            =htZl
+            -----END PGP MESSAGE-----
+          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4-unstable
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -2,9 +2,6 @@ let
  main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
 in
 {
-  "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
-    main_ssh_public_key
-  ];
  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
    main_ssh_public_key
  ];
--- a/secrets/test.yaml
+++ b/secrets/test.yaml
@ -0,0 +1,55 @@
+hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str]
+example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str]
+#ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str]
+    - ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str]
+example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool]
+    - ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool]
+sops:
+    shamir_threshold: 1
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR
+            VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW
+            UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh
+            a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/
+            X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG
+            LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl
+            RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK
+            NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP
+            Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-07T22:49:01Z"
+    mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str]
+    pgp:
+        - created_at: "2025-03-07T22:49:20Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu
+            cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy
+            vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt
+            hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC
+            t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH
+            SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr
+            KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me
+            CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ==
+            =IMON
+            -----END PGP MESSAGE-----
+          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -1,7 +1,7 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  imports = [
    ./android.nix
@ -17,6 +17,7 @@
    ./locale.nix
    ./users.nix
    ./containers.nix
+    ./nix-ld.nix
    ./network.nix
    ../settings
  ];
--- a/system/containers.nix
+++ b/system/containers.nix
@ -9,6 +9,7 @@

  config = lib.mkIf config.my.containers.enable {
    services.flatpak.enable = true;
+    programs.appimage.enable = true;

    virtualisation.docker = {
      enable = true;
--- a/system/gaming.nix
+++ b/system/gaming.nix
@ -59,5 +59,13 @@
        };
      };
    };
+
+    programs.corectrl = {
+      enable = true;
+      gpuOverclock = {
+        enable = true;
+        ppfeaturemask = "0xffffffff";
+      };
+    };
  };
 }
--- a/system/monolith-bitbucket-runner.nix
+++ b/system/monolith-bitbucket-runner.nix
@ -0,0 +1,50 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  mkRunner = secret: {
+    image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
+    volumes = [
+      "/tmp:/tmp"
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "/var/lib/docker/containers:/var/lib/docker/containers:ro"
+    ];
+    environmentFiles = [ secret ];
+  };
+
+  secretConf = {
+    sopsFile = ../secrets/monolith/default.yaml;
+  };
+in
+{
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      # needed by bitbucket runner ???
+      log-driver = "json-file";
+      log-opts = {
+        max-size = "10m";
+        max-file = "3";
+      };
+    };
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  virtualisation.oci-containers.containers = {
+    bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
+    bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
+    bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
+    bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
+  };
+
+  sops.secrets = {
+    "bitbucket-runners/wopus-runner-1" = secretConf;
+    "bitbucket-runners/wopus-runner-2" = secretConf;
+    "bitbucket-runners/wopus-runner-3" = secretConf;
+    "bitbucket-runners/wopus-runner-4" = secretConf;
+  };
+}
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  lib,
  ...
 }:
 let
@ -16,9 +15,29 @@ in
    services = {
      # runner for building in docker via host's nix-daemon
      # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
-      thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
+      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
+
+      default = {
+        # File should contain at least these two variables:
+        # `CI_SERVER_URL`
+        # `CI_SERVER_TOKEN`
+        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
+        dockerImage = "debian:stable";
+      };
    };
  };
  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
+
+  sops.secrets = {
+    "gitlab-runners/thoreb-telemetria-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
+    "gitlab-runners/thoreb-itinerario-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
+    "gitlab-runners/docker-images-token" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
+  };
 }
--- a/system/nix-ld.nix
+++ b/system/nix-ld.nix
@ -0,0 +1,21 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  options.my.nix-ld.enable = lib.mkEnableOption { };
+
+  config = lib.mkIf (config.my.nix-ld.enable) {
+    programs.nix-ld = {
+      enable = true;
+      libraries =
+        with pkgs;
+        # run appimages + linux games natively
+        [ fuse ]
+        ++ (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs)
+        ++ (appimageTools.defaultFhsEnvArgs.targetPkgs pkgs);
+    };
+  };
+}
--- a/system/rainbow-gitlab-runner.nix
+++ b/system/rainbow-gitlab-runner.nix
@ -1,22 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 6;
-    services = {
-      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
-      thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-}
--- a/system/secrets.nix
+++ b/system/secrets.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  age = {
    identityPaths = [ "/root/.ssh/id_rsa" ];
@ -6,7 +6,6 @@
    secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
    secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
    secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
-    secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
    secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
    secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
  };
--- a/system/sops.nix
+++ b/system/sops.nix
@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    sops
+    gnupg
+  ];
+
+  sops = {
+    defaultSopsFile = ../secrets/test.yaml;
+    age.sshKeyPaths = [
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/home/lelgenio/.ssh/id_ed25519"
+    ];
+  };
+}
--- a/user/dummy.nix
+++ b/user/dummy.nix
@ -1,6 +1,7 @@
 { lib, ... }:
 {
  options.my = {
+    nix-ld.enable = lib.mkEnableOption { };
    android.enable = lib.mkEnableOption { };
    media-packages.enable = lib.mkEnableOption { };
    containers.enable = lib.mkEnableOption { };
--- a/user/firefox.nix
+++ b/user/firefox.nix
@ -2,15 +2,22 @@
  config,
  pkgs,
  lib,
-  font,
  ...
 }:
 let
-  inherit (config.my) desktop browser;
+  inherit (config.my) desktop;
+  inherit (config.my.theme) color;
+
  bugfixedFirefox = pkgs.firefox-devedition-unwrapped // {
    requireSigning = false;
    allowAddonSideload = true;
  };
+
+  swayCustomization = ''
+    #titlebar { display: none !important; }
+    #TabsToolbar { display: none !important; }
+    #sidebar-header { display: none !important; }
+  '';
 in
 {
  config = {
@ -119,54 +126,17 @@ in
            "devtools.chrome.enabled" = true;
            "devtools.debugger.remote-enabled" = true;
          };
-          userChrome =
-            if desktop == "sway" then
-              ''
-                #titlebar { display: none !important; }
-                #TabsToolbar { display: none !important; }
-                #sidebar-header { display: none !important; }
-              ''
-            else
-              ''
-                /* Element | chrome://browser/content/browser.xhtml */
+          userChrome = ''
+            ${lib.optionalString (desktop == "sway") swayCustomization}

-                #navigator-toolbox {
-                  display: grid;
-                  grid-template-columns: 1fr 50px;
-                  overflow: hidden;
-                }
+            #sidebar-main {
+              background-color: ${color.bg};
+            }

-                /* Element | chrome://browser/content/browser.xhtml */
-
-                #nav-bar {
-                  flex: 1;
-                  width: 100%;
-                  grid-column: 1 / 3;
-                  grid-row: 1;
-                  z-index: 0;
-                  padding-right: 29px !important;
-                }
-
-                /* Element | chrome://browser/content/browser.xhtml */
-
-                .toolbar-items {
-                  display: none;
-                }
-
-                /* Element | chrome://browser/content/browser.xhtml */
-
-                #TabsToolbar {
-                  max-width: 50px;
-                }
-
-                /* Element | chrome://browser/content/browser.xhtml */
-
-                #titlebar {
-                  max-width: 50px;
-                  grid-area: 1 / 2;
-                  z-index: 10;
-                }
-              '';
+            #tabbrowser-tabbox {
+              outline-width: 0 !important;
+            }
+          '';
        };
      };
    };
--- a/user/git.nix
+++ b/user/git.nix
@ -16,17 +16,46 @@ in
        user = {
          name = username;
          email = mail.personal.user;
+          signingkey = "2F8F21CE8721456B";
        };
        init.defaultBranch = "main";
-        commit.verbose = true;
-        push.autoSetupRemote = true;
+        core = {
+          fsmonitor = true;
+          untrackedCache = true;
+        };
+        commit = {
+          verbose = true;
+          gpgsign = true;
+        };
+        fetch = {
+          prune = true;
+          pruneTags = true;
+          all = true;
+        };
+        push = {
+          autoSetupRemote = true;
+          default = "simple";
+          followTags = true;
+        };
        pull.rebase = true;
-        merge.conflictStyle = "diff3";
-        rerere.enabled = true;
+        tag.sort = "version:refname";
+        merge.conflictStyle = "zdiff3";
+        rerere = {
+          enabled = true;
+          autoupdate = true;
+        };
+        branch.sort = "-committerdate";
+        diff = {
+          algorithm = "histogram";
+          colorMoved = "plain";
+          mnemonicPrefix = true;
+          renames = true;
+        };
        rebase = {
          abbreviateCommands = true;
          autoSquash = true;
          autoStash = true;
+          updateRefs = true;
        };
        pager = {
          log = "${pkgs._diffr}/bin/_diffr | ${pkgs.kak-pager}/bin/kak-pager";
--- a/user/gnome.nix
+++ b/user/gnome.nix
@ -35,6 +35,7 @@ lib.mkIf (config.my.desktop == "gnome") {
    amberol
    pitivi
    keepassxc
+    menulibre

    libsForQt5.qt5ct
    libsForQt5.qtstyleplugin-kvantum
--- a/user/home-manager.nix
+++ b/user/home-manager.nix
@ -0,0 +1,28 @@
+{ pkgs, lib, ... }:
+{
+  programs.home-manager.enable = true;
+
+  systemd.user.services.home-manager-expire = {
+    Unit = {
+      Description = "Remove old home-manager generations";
+    };
+    Service = {
+      Type = "oneshot";
+      ExecStart = pkgs.writeShellScript "home-manager-expire" ''
+        ${lib.getExe pkgs.home-manager} expire-generations 7d
+      '';
+    };
+  };
+  systemd.user.timers.home-manager-expire = {
+    Unit = {
+      Description = "Remove old home-manager generations";
+    };
+    Timer = {
+      OnCalendar = "daily";
+      Unit = "home-manager-expire.service";
+    };
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+}
--- a/user/home.nix
+++ b/user/home.nix
@ -9,6 +9,7 @@
 {
  imports = [
    ./dummy.nix
+    ./home-manager.nix
    ./waybar
    ./helix.nix
    ./kakoune
@ -44,6 +45,7 @@
    inputs.nix-index-database.hmModules.nix-index
    ../settings
    ./powerplay-led-idle.nix
+    ./rm-target.nix
  ];

  my = import ./variables.nix // {
@ -57,8 +59,6 @@
  home.username = "lelgenio";
  home.homeDirectory = "/home/lelgenio";

-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
  home.packages = with pkgs; [
    terminal

@ -169,30 +169,6 @@
        exec nicotine
      '';

-  systemd.user.services.rm-target = {
-    Unit = {
-      Description = "Remove directories named 'target'";
-    };
-    Service = {
-      Type = "oneshot";
-      ExecStart = pkgs.writeShellScript "rm-target" ''
-        sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
-      '';
-    };
-  };
-  systemd.user.timers.rm-target = {
-    Unit = {
-      Description = "Remove directories named 'target'";
-    };
-    Timer = {
-      OnCalendar = "weekly";
-      Unit = "rm-target.service";
-    };
-    Install = {
-      WantedBy = [ "timers.target" ];
-    };
-  };
-
  # This value determines the Home Manager release that your
  # configuration is compatible with. This helps avoid breakage
  # when a new Home Manager release introduces backwards
--- a/user/kakoune/default.nix
+++ b/user/kakoune/default.nix
@ -82,6 +82,9 @@ in
            rev = "1cc6baeb14b773916eb9209469aa77b3cfa67a0a";
            sha256 = "sha256-3PLxG9UtT0MMSibvTviXQIgTH3rApZ3WSbNCEH3c7HE=";
          };
+          buildInputs = with pkgs; [
+            python3Minimal
+          ];
        })
      ];
      extraConfig =
--- a/user/kakoune/filetypes.kak
+++ b/user/kakoune/filetypes.kak
@ -15,6 +15,14 @@ hook global WinSetOption filetype=nix %{
    set buffer formatcmd 'nixfmt'
 }

+hook global BufCreate .*\.json %{
+    set buffer formatcmd 'prettier --parser json'
+}
+
+hook global BufCreate .*\.ya?ml %{
+    set buffer formatcmd 'prettier --parser yaml'
+}
+
 hook global BufCreate .*\.html %{
    set buffer formatcmd 'prettier --parser html'
 }
--- a/user/ranger/rc.conf
+++ b/user/ranger/rc.conf
@ -27,10 +27,10 @@ set confirm_on_delete multiple
 # Use non-default path for file preview script?
 # ranger ships with scope.sh, a script that calls external programs (see
 # README.md for dependencies) to preview images, archives, etc.
-set preview_script ~/.config/ranger/scope.sh
+# set preview_script ~/.config/ranger/scope.sh

 # Use the external preview script or display simple plain text or image previews?
-set use_preview_script true
+# set use_preview_script true

 # Automatically count files in the directory, even before entering them?
 set automatically_count_files true
@ -40,7 +40,7 @@ set automatically_count_files true
 set open_all_images true

 # Be aware of version control systems and display information.
-set vcs_aware true
+set vcs_aware false

 # State of the four backends git, hg, bzr, svn. The possible states are
 # disabled, local (only show local info), enabled (show local and remote
--- a/user/rm-target.nix
+++ b/user/rm-target.nix
@ -0,0 +1,26 @@
+{ pkgs, lib, ... }:
+{
+  systemd.user.services.rm-target = {
+    Unit = {
+      Description = "Remove directories named 'target'";
+    };
+    Service = {
+      Type = "oneshot";
+      ExecStart = pkgs.writeShellScript "rm-target" ''
+        sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
+      '';
+    };
+  };
+  systemd.user.timers.rm-target = {
+    Unit = {
+      Description = "Remove directories named 'target'";
+    };
+    Timer = {
+      OnCalendar = "weekly";
+      Unit = "rm-target.service";
+    };
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+}
--- a/user/sway/default.nix
+++ b/user/sway/default.nix
@ -20,6 +20,7 @@ in
    ./swayidle.nix
    ./swaylock.nix
    ./theme.nix
+    ./gammastep.nix
  ];

  options.my.sway.enable = lib.mkEnableOption { };
@ -32,6 +33,7 @@ in
    my.mpd.enable = true;
    my.zathura.enable = true;
    my.waybar.enable = true;
+    my.gammastep.enable = true;

    wayland.windowManager.sway = {
      enable = true;
@ -113,13 +115,8 @@ in
        for_window [title=.*] inhibit_idle fullscreen
        exec swaymsg workspace 2
        exec_always systemctl --user restart waybar.service
-        exec corectrl --minimize-systray
      '';
    };
-    services.gammastep = {
-      enable = true;
-      provider = "geoclue2";
-    };

    services.kdeconnect = {
      enable = true;
--- a/user/sway/gammastep.nix
+++ b/user/sway/gammastep.nix
@ -0,0 +1,19 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.gammastep;
+in
+{
+  options.my.gammastep.enable = lib.mkEnableOption { };
+
+  config = lib.mkIf cfg.enable {
+    services.gammastep = {
+      enable = true;
+      dawnTime = "6:00-7:45";
+      duskTime = "18:35-20:15";
+      temperature = {
+        day = 6500;
+        night = 4500;
+      };
+    };
+  };
+}
--- a/user/sway/swaylock.nix
+++ b/user/sway/swaylock.nix
@ -9,7 +9,7 @@ in
  options.my.swaylock.enable = lib.mkEnableOption { };

  config.programs.swaylock.settings = lib.mkIf cfg.enable {
-    image = toString theme.background;
+    image = theme.backgroundPath;
    font = font.interface;
    font-size = font.size.medium;
    indicator-thickness = 20;
--- a/user/variables.nix
+++ b/user/variables.nix
@ -28,6 +28,7 @@ let
      cursor_theme = "Bibata-Modern-Classic";

      background = ./backgrounds/nixos-dark-pattern.png;
+      backgroundPath = "~/.local/share/backgrounds/nixos-dark-pattern.png";
      opacity = 95;
      opacityHex = "ee";
      color = {
@ -59,6 +60,7 @@ let
      cursor_theme = "Bibata-Modern-Classic";

      background = ./backgrounds/nixos-light-pattern.png;
+      backgroundPath = "~/.local/share/backgrounds/nixos-light-pattern.png";
      opacity = 95;
      opacityHex = "ee";
      color = {
Author	SHA1	Message	Date
lelgenio	2d2c3d2007	kak: fix multiline-edit extension	2025-04-05 14:02:55 -03:00
Leonardo Eugênio	caffa85ba0	ranger: disable preview scripts and vcs support, making it very fast	2025-04-04 21:15:12 -03:00
Leonardo Eugênio	1054e831d8	update	2025-04-04 21:15:12 -03:00
lelgenio	9239cbef77	kakoune: add json and yaml formatter	2025-04-02 17:11:01 -03:00
Leonardo Eugênio	921413f545	firefox: update userchrome	2025-03-28 20:22:34 -03:00
Leonardo Eugênio	0a0b8f9e61	gammastep: extract config	2025-03-27 21:09:14 -03:00
Leonardo Eugênio	8cae611cd5	home: add automatic home-manager cleanup service	2025-03-27 19:34:08 -03:00
Leonardo Eugênio	0f61393bf3	refactor: move rm-target service and timer to separate file	2025-03-27 19:34:07 -03:00
Leonardo Eugênio	4ebfaca007	factorio: update backup script filename to fix syncthing integration	2025-03-27 19:34:07 -03:00
Leonardo Eugênio	a432569595	update	2025-03-27 19:34:07 -03:00
Leonardo Eugênio	0f161863fc	firefox: remove header styling	2025-03-27 19:34:07 -03:00
Leonardo Eugênio	3c7da418df	gnome: install menulibre	2025-03-27 19:34:07 -03:00
Leonardo Eugênio	d2654ca5bc	phantom: add travel counter goof	2025-03-21 23:23:52 -03:00
lelgenio	ca9e0d8653	double-rainbow: use nix-ld	2025-03-20 16:40:47 -03:00
Leonardo Eugênio	35ba974c1b	system: install aditional appimage support	2025-03-19 11:48:00 -03:00
Leonardo Eugênio	c51d9ee3f1	system: add nix-ld	2025-03-19 11:47:36 -03:00
Leonardo Eugênio	7d15904e7c	git: sign commits	2025-03-15 01:03:19 -03:00
Leonardo Eugênio	cef96416d8	factorio: 2.0.32 -> 2.0.39	2025-03-12 23:29:31 -03:00
Leonardo Eugênio	6e5eebe3c1	amdgpu: limit fan speed	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	fac1976c9c	phantom: fix mastodon data mount	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	36ec5ef63c	git: update config	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	5a5b544caa	swaylock: fix cache miss	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	1a4fd19596	sops: switch to id_ed25519 keys	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	21d747cb71	monolith: add declarative bitbucket runners	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	b52a886806	monolith: migrate ci secrets to sops	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	0bc125c944	monolith: add docker-images gitlab runner	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	553ea251fa	secrets: add sops	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	9fd65b02ba	factorio: update	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	57f6eb3834	update	2025-03-12 11:40:54 -03:00
Leonardo Eugênio	00c686512c	gaming: add corectrl	2025-03-12 11:40:54 -03:00
lelgenio	b5e6127bb3	rainbow: remove gitlab runner	2025-03-12 11:40:54 -03:00