nixy: remove f2fs from initramfs

nixy: add global USER variable
nixy/dnscyrpt-proxy2: add full path for public-resolvers.md
2025-01-15 11:55:21 +01:00 · 2025-01-15 11:41:32 +01:00 · 2025-01-15 11:35:21 +01:00 · 2025-01-15 11:33:53 +01:00 · 2025-01-10 18:11:42 +01:00 · 2025-01-10 18:11:13 +01:00
57 changed files with 3807 additions and 790 deletions
--- a/.nixd.json
+++ b/.nixd.json
@ -0,0 +1 @@
 {"formatting":{"command":"alejandra"}}
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,30 @@
 keys:
  - &magpie       age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
  - &mediabox     age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
  - &nixy         age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
 creation_rules:
  - path_regex: common/secrets/[^/]+\.yaml$
    key_groups:
    - age:
      - *magpie
      - *mediabox
      - *nixy
  - path_regex: magpie/secrets/[^/]+\.yaml$
    key_groups:
    - age:
      - *magpie
      - *nixy
  - path_regex: mediabox/secrets/[^/]+\.yaml$
    key_groups:
    - age:
      - *mediabox
      - *nixy
  - path_regex: nixy/secrets/[^/]+\.yaml$
    key_groups:
    - age:
      - *nixy
--- a/README.md
+++ b/README.md
@ -1 +0,0 @@
 NixOS configuration using nix flakes and home-manager
--- a/README.txt
+++ b/README.txt
@ -0,0 +1,3 @@
 NixOS configuration using nix flakes and home-manager
 Main repository found at: https://git.project-cloud.net/asmir/nixos_flake_config
--- a/blue/configuration.nix
+++ b/blue/configuration.nix
@ -1,56 +1,45 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
  config,
  pkgs,
  lib,
  caps2esc,
  nix-xilinx,
  sops-nix,
  ...
-}: {
+}:
-  imports = [];
+{
  imports = [
  ];
  system.stateVersion = "23.05";
-  system.autoUpgrade.enable = false;
+  system.autoUpgrade.enable = true;
  sops.age.keyFile = config.users.users.akill.home + "/.config/sops/age/keys.txt";
  sops.secrets."peerix/private" = {
    sopsFile = ./secrets/peerix.yaml;
  };
  nix = {
    optimise.automatic = true;
    gc.automatic = true;
    gc.options = "--delete-older-than 7d";
-    package = pkgs.nixUnstable;
+    package = pkgs.nixVersions.latest;
-    settings = {
+    settings.experimental-features = [
-      experimental-features = ["nix-command" "flakes"];
+      "nix-command"
-      trusted-public-keys = [
+      "flakes"
        "binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
    ];
  };
  };
  boot = {
    extraModulePackages = with config.boot.kernelPackages; [usbip];
    initrd.compressor = "zstd";
    initrd.kernelModules = ["amdgpu"];
    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = ["psmouse.synaptics_intertouch=0"];
+    kernelParams = [ "msr.allow_writes=on" ];
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot.editor = false;
    loader.systemd-boot.enable = true;
    readOnlyNixStore = true;
    supportedFilesystems = [ "btrfs" ];
-    tmp.useTmpfs = true;
+    tmpOnTmpfs = true;
    initrd.compressor = "zstd";
    loader.systemd-boot = {
      enable = true;
      editor = false;
      memtest86.enable = true;
    };
    loader.efi.canTouchEfiVariables = true;
    readOnlyNixStore = true;
  };
  security = {
    rtkit.enable = true;
    allowSimultaneousMultithreading = true;
-    sudo.enable = true;
+    sudo.enable = false;
    doas.enable = true;
    doas.extraRules = [
      {
@ -66,45 +55,24 @@
  };
  networking = {
-    firewall = {
+    firewall.enable = true;
-      enable = true;
+    hostName = "blue";
-      allowedTCPPorts = [80 443];
+    nameservers = [
-    };
+      "127.0.0.1"
-
+      "::1"
-    hostName = "nixy";
+    ];
    nameservers = ["127.0.0.1" "::1"];
    dhcpcd.extraConfig = "nohook resolv.conf";
    extraHosts = ''
      192.168.88.230 mediabox.lan
      192.168.88.230 jellyfin.mediabox.lan
      192.168.88.230 deluge.mediabox.lan
      192.168.88.230 binarycache.mediabox.lan
      192.168.88.231 workstation.lan
      192.168.88.1   router.lan
    '';
    networkmanager = {
      enable = true;
      dns = "none";
-      wifi.backend = "iwd";
+      # wifi.backend = "iwd";
    };
    wireless.iwd = {
      enable = true;
      settings = {
        General = {
          AddressRandomization = "network";
          #EnableNetworkConfiguration = true;
        };
      };
    };
  };
  time.timeZone = "Europe/Sarajevo";
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [nix-xilinx.overlay];
  environment = {
    homeBinInPath = true;
    variables = {
@ -134,9 +102,9 @@
        serviceConfig.Nice = -20;
        script = ''
          ${pkgs.interception-tools}/bin/intercept \
-          -g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
+          -g /dev/input/by-path/*-kbd | \
-          ${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput   \
+          /opt/caps2esc  | ${pkgs.interception-tools}/bin/uinput   \
-          -d /dev/input/by-path/platform-i8042-serio-0-event-kbd   \
+          -d /dev/input/by-path/*-kbd   \
        '';
      };
    };
@ -154,9 +122,21 @@
    fstrim.enable = true;
    fwupd.enable = true;
    ntp.enable = true;
-    openssh.enable = true;
+    openssh.enable = false;
    printing.enable = true;
    nextcloud = {
      enable = true;
      hostName = "localhost";
      config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
    };
    jellyfin = {
      enable = false;
      user = "akill";
      openFirewall = false;
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
@ -177,17 +157,10 @@
      windowManager.i3.enable = true;
    };
-    udev = {
+    udev.packages = [
-      packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
+      pkgs.rtl-sdr
-      extraRules = ''
+      pkgs.openhantek6022
-               #Xilinx FTDI
+    ];
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
        #Xilinx Digilent
        ATTR{idVendor}=="1443", MODE:="666"
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
      '';
    };
    tlp = {
      enable = true;
@ -204,13 +177,19 @@
        {
          keys = [ 114 ];
-          events = ["key" "rep"];
+          events = [
            "key"
            "rep"
          ];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
        }
        {
          keys = [ 115 ];
-          events = ["key" "rep"];
+          events = [
            "key"
            "rep"
          ];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
        }
@ -228,6 +207,18 @@
      ];
    };
    mpd = {
      musicDirectory = "/home/mpd/music";
      enable = false;
      extraConfig = ''
        audio_output {
          type "pulse"
          name "pulsee srv"
          server "127.0.0.1"
        }
      '';
    };
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
@ -245,11 +236,6 @@
      };
    };
    nix-serve = {
      enable = false;
      secretKeyFile = "/var/cache-priv-key.pem";
    };
    journald.extraConfig = ''
      SystemMaxUse=50M
    '';
@ -301,7 +287,6 @@
    };
    podman = {
      enable = true;
      autoPrune.enable = true;
      dockerCompat = true;
    };
  };
@ -322,7 +307,8 @@
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
-      extraPackages = with pkgs; [];
+      extraPackages = with pkgs; [
      ];
    };
  };
@ -334,6 +320,14 @@
  users.users.akill = {
    isNormalUser = true;
    shell = pkgs.zsh;
-    extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
+    extraGroups = [
      "wireshark"
      "kvm"
      "tty"
      "audio"
      "sound"
      "adbusers"
      "dialout"
    ];
  };
 }
--- a/blue/hardware-configuration.nix
+++ b/blue/hardware-configuration.nix
@ -0,0 +1,100 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
    "sr_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
    fsType = "btrfs";
    options = [
      "subvol=root"
      "compress=zstd"
      "noatime"
    ];
  };
  boot.initrd.luks.devices."enc_root".device =
    "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
    fsType = "btrfs";
    options = [
      "subvol=home"
      "compress=zstd"
      "noatime"
    ];
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
    fsType = "btrfs";
    options = [
      "subvol=nix"
      "compress=zstd"
      "noatime"
    ];
  };
  fileSystems."/var/log" = {
    device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
    fsType = "btrfs";
    options = [
      "subvol=log"
      "compress=zstd"
      "noatime"
    ];
    neededForBoot = true;
  };
  fileSystems."/persist" = {
    device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
    fsType = "btrfs";
    options = [
      "subvol=persist"
      "compress=zstd"
      "noatime"
    ];
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/6C85-D29B";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/common/packages.nix
+++ b/common/packages.nix
@ -1,50 +1,81 @@
 {
  config,
  pkgs,
  nix-xilinx,
  system,
  ...
-}: {
+}:
-  environment.systemPackages = with pkgs;
+{
  environment.systemPackages =
    with pkgs;
    [
      acpi
      binutils
      binwalk
      bluez
      bluez-tools
      btop
      busybox
      curlHTTP3
      dfu-util
      dhcpcd
      direnv
      dmidecode
      dnsmasq
      dnsutils
      dtach
      ethtool
      f2fs-tools
      fd
      file
      fio
      fzf
      fzy
      git
      adwaita-icon-theme
      gnomeExtensions.appindicator
      gnupg
      gptfdisk
-      htop
+      hcxdumptool
      hdparm
      htop-vim
      interception-tools
      iw
      jq
      lm_sensors
      man-pages
      man-pages-posix
      meson
      mosh
      msmtp
      nano
      neovim
      ninja
      nix-index
      nixos-option
      nmap
      ntfs3g
      ntfsprogs
      nvim
      nvme-cli
      openhantek6022
      optipng
      pax-utils
      pciutils
      proxychains-ng
      pstree
      psutils
      qemu_kvm
      ripgrep
      rsync
      silver-searcher
      socat
      sops
      sshfs
      strace
      swaylock
      tig
      tmux
      traceroute
      unrar
      unzip
      usbutils
@ -56,9 +87,18 @@
      vulkan-tools-lunarg
      vulkan-validation-layers
      wget
      wirelesstools
      wol
      xdg-utils
      xfsprogs
      zip
      z-lua
    ]
-    ++ (with nix-xilinx.packages.x86_64-linux; [vivado vitis vitis_hls model_composer xilinx-shell]);
+    ++ (with nix-xilinx.packages.${system}; [
      vivado
      vitis
      vitis_hls
      model_composer
      xilinx-shell
    ]);
 }
--- a/common/secrets/wg_preshared.yaml
+++ b/common/secrets/wg_preshared.yaml
@ -0,0 +1,42 @@
 wg_preshared:
    nixy: ENC[AES256_GCM,data:kP+Vt48NMpdBSGjpWzzxt+nqxPNXrofV4kLwgU4o62riB9rxU1CZ4Ddr17k=,iv:xCqR/rbGrJYBkxOpsAg1qxxEGXRD+577JGTNDqshcOQ=,tag:9rAdg6Zw6kVzLxwF1U+pNg==,type:str]
    mediabox: ENC[AES256_GCM,data:BL9vCUE6wWtmTNPMCvJNZjiAMUWRmLLHOk73v1Z8EOJWcsZ5G3U+08TxBBg=,iv:XTZnF2kMVurTD+TPL0T7uDDu1gGjOdO7AWHXsZS5yO8=,tag:6RIAsbe0Ue4MX28VxzbPCg==,type:str]
    workstation: ENC[AES256_GCM,data:x60PMdgihMjtvQagphdO0uft7LLU2grdgeTrO5oSRiqOtb23P5S5SxDQ3Js=,iv:CB8QldIZ8/FjbcAkLxekygUo5luHig7FnH7wyrgZEuk=,tag:E3XWxPH5/fHyFmGimQ4tLg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQ3JGNWRMeGhwM1dIOU5T
            ZEt4WVhFa2lSaklpM3hmR04wY213TGd6K1FvCnltWFpqNHdrQ2V1V2ZDdTVOYlhP
            M0x2TVRJbUtZK2xaOGE5Ri93YmV6R1UKLS0tIDQ3VkNrYjFNTjNrRTNFRmhYaENt
            ZkRpMnZ3ZldOdWJ3VGw1T1RnRG15WDQKeZ9VBkcu2j83Hjofy1AAtBBqM9Tk3uFi
            F/wgzV7mBXiBB/4w17iJsU5mB6s/JXXnGq11pu9QXC5tu072huCNYQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheWtsbnArT3BwSVJ4QTJB
            ZENTK2ZpS0lLUmJ1d1VaUVVGNnNXMEZ4RFJvCmFueFNiQjk5MkdnTVkvVVk1TkVV
            M2Izamo0M1lGaVRPaGFOQUhkNGpmSmsKLS0tIGxtSXVackdsTTN1cTIvSEo4bGg3
            a0dVL2FmL05TRllrZjBuOStPNTBHcU0KOaJFNhr0emSiAJFOFsaJ4sdUwjzg5TOW
            Mh3JvRJINefiBUsFnFx8d3gn0+jHn+kXw22WMGRcbGgZTxJbFylmeA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5UVJiMENSeFdGWHRVVkt0
            UEI4ek9jRFdYYkN5Nlc5Qi85MDhPRTA2bGt3CnZJcThNU1huczJGaEF6WWpzcHdV
            dWhIczMzWSt0ZEVXeXdVQlBOZTZsN3cKLS0tIHRBQlhPT1FDcEZWU3JyNEZ0UWxC
            eDhXVWo2UHVCaFUrak9aVEU5N0FxRVEKDKBpbHWwTkW3BFAXQ213/glZyTz88OjZ
            JHh0phDzFZG0+nzBz3TAi0ZyYnlbOYAuEvQh1uUg9MI1XUCr8GC9Qw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-22T16:06:34Z"
    mac: ENC[AES256_GCM,data:BRgF+L22FuN/v+Vi57JLaTxtAe4Gr8UtY4QIYRUeigpHCkxza+pUd5qyGTIsHeaRFWNy726u9+PlX3uy0MlOt9lzQ1Zlmc+hDthUIHRWX9mqO+j5+klmDvVug5yqr2f7HMtBD+tnEwDr65FuPNKqJjmg1Tbk0RD12yt/gkEAy7w=,iv:aTWVlHEQGNgnIIoJ2IpnppU6lo7g0kI7gxtPM1ZqXvM=,tag:PhZypRZAlmxnKz1Kxtppzg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/common/suspend.nix
+++ b/common/suspend.nix
@ -0,0 +1,72 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.services.batteryNotifier;
 in
 {
  options = {
    services.batteryNotifier = {
      enable = mkOption {
        default = false;
        description = ''
          Whether to enable battery notifier.
        '';
      };
      device = mkOption {
        default = "BAT0";
        description = ''
          Device to monitor.
        '';
      };
      notifyCapacity = mkOption {
        default = 10;
        description = ''
          Battery level at which a notification shall be sent.
        '';
      };
      suspendCapacity = mkOption {
        default = 5;
        description = ''
          Battery level at which a suspend unless connected shall be sent.
        '';
      };
    };
  };
  config = mkIf cfg.enable {
    systemd.user.timers."lowbatt" = {
      description = "check battery level";
      timerConfig.OnBootSec = "1m";
      timerConfig.OnUnitInactiveSec = "1m";
      timerConfig.Unit = "lowbatt.service";
      wantedBy = [ "timers.target" ];
    };
    systemd.user.services."lowbatt" = {
      description = "battery level notifier";
      serviceConfig.PassEnvironment = "DISPLAY";
      script = ''
        export battery_capacity=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/capacity)
        export battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
        if [[ $battery_capacity -le ${builtins.toString cfg.notifyCapacity} && $battery_status = "Discharging" ]]; then
            ${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Low" "You should probably plug-in."
        fi
        if [[ $battery_capacity -le ${builtins.toString cfg.suspendCapacity} && $battery_status = "Discharging" ]]; then
            ${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Critically Low" "Computer will suspend in 60 seconds."
            sleep 60s
            battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
            if [[ $battery_status = "Discharging" ]]; then
                systemctl suspend
            fi
        fi
      '';
    };
  };
 }
--- a/common/wg_pubkey_proton
+++ b/common/wg_pubkey_proton
@ -0,0 +1 @@
 g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=
--- a/common/wg_pubkey_workstation
+++ b/common/wg_pubkey_workstation
@ -0,0 +1 @@
 kbmzzQc3bBpkjE7K/ohycZtx+ml+dzVYOQ2xM0/bzzQ=
--- a/flake.lock
+++ b/flake.lock
@ -1,31 +1,29 @@
 {
  "nodes": {
-    "caps2esc": {
+    "blobs": {
-      "inputs": {
+      "flake": false,
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1684616473,
+        "lastModified": 1604995301,
-        "narHash": "sha256-e8/7jWl2EA1UROhd9L+D9kLdd5SoFYWi+56n2jer7g4=",
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
-        "owner": "asmir.abdulahovic",
+        "owner": "simple-nixos-mailserver",
-        "repo": "caps2esc",
+        "repo": "blobs",
-        "rev": "4ebc36bef4f4548566df14d94c9c9907e7a76e78",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
        "type": "gitlab"
      },
      "original": {
-        "owner": "asmir.abdulahovic",
+        "owner": "simple-nixos-mailserver",
-        "repo": "caps2esc",
+        "repo": "blobs",
        "type": "gitlab"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
+        "lastModified": 1732722421,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac",
        "type": "github"
      },
      "original": {
@ -50,6 +48,22 @@
        "type": "github"
      }
    },
    "flake-compat_3": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@ -75,15 +89,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1688220547,
+        "lastModified": 1736373539,
-        "narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=",
+        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b",
+        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-24.11",
        "repo": "home-manager",
        "type": "github"
      }
@ -91,14 +106,16 @@
    "nix-xilinx": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1685780173,
+        "lastModified": 1732892167,
-        "narHash": "sha256-K18JYyCHrnb05Odb7N9FpU30az7QOV8uL9ch0RgU7i0=",
+        "narHash": "sha256-AZ0rgM9xj+Bf2C8RfGMUvuVdcqkvQU5/Wm8u6A5xYJg=",
        "owner": "asmir.abdulahovic",
        "repo": "nix-xilinx",
-        "rev": "cc5ab958d31c58481b1f7f3a2c0a4db7c22006e9",
+        "rev": "3071f40914fe2db3837a40a72a97af6f0a442f16",
        "type": "gitlab"
      },
      "original": {
@ -109,100 +126,62 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1684585791,
+        "lastModified": 1736200483,
-        "narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
+        "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1688256355,
        "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1685677062,
        "narHash": "sha256-zoHF7+HNwNwne2XEomphbdc4Y8tdWT16EUxUTXpOKpQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "95be94370d09f97f6af6a1df1eb9649b5260724e",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1688231357,
        "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
+        "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs-24_11": {
      "locked": {
-        "lastModified": 1684668519,
+        "lastModified": 1734083684,
-        "narHash": "sha256-KkVvlXTqdLLwko9Y0p1Xv6KQ9QTcQorrU098cGilb7c=",
+        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "85340996ba67cc02f01ba324e18b1306892ed6f5",
+        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
-    "nixpkgs_5": {
+    "nvim": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1688188316,
+        "lastModified": 1736528609,
-        "narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
+        "narHash": "sha256-p0tYmTVnnFghamXEXD4w/lldCi604zIWDV4Ol9ubQ5g=",
-        "owner": "NixOS",
+        "ref": "refs/heads/master",
-        "repo": "nixpkgs",
+        "rev": "8245a48cc75cc74dea1b3ca89cb58f24f8e14f85",
-        "rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
+        "revCount": 42,
-        "type": "github"
+        "type": "git",
        "url": "https://git.project-cloud.net/asmir/nvim_flake"
      },
      "original": {
-        "owner": "NixOS",
+        "type": "git",
-        "ref": "nixpkgs-unstable",
+        "url": "https://git.project-cloud.net/asmir/nvim_flake"
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "peerix": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1684706914,
@ -218,27 +197,77 @@
        "type": "gitlab"
      }
    },
    "project-cloud": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "theme_anemone": "theme_anemone",
        "theme_deepthought": "theme_deepthought"
      },
      "locked": {
        "lastModified": 1729077289,
        "narHash": "sha256-z5LEPxOJq2LjhPhY4QE1IOt0lBD39cipR6Lw8vRTNlI=",
        "ref": "refs/heads/master",
        "rev": "eab712e42139d33911ba767c2ff1bfbdf05c254d",
        "revCount": 27,
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/project-cloud"
      },
      "original": {
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/project-cloud"
      }
    },
    "root": {
      "inputs": {
        "caps2esc": "caps2esc",
        "home-manager": "home-manager",
        "nix-xilinx": "nix-xilinx",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs",
        "nvim": "nvim",
        "peerix": "peerix",
-        "sops-nix": "sops-nix"
+        "project-cloud": "project-cloud",
        "simple-nixos-mailserver": "simple-nixos-mailserver",
        "sops-nix": "sops-nix",
        "swaysw": "swaysw",
        "zremap": "zremap"
      }
    },
    "simple-nixos-mailserver": {
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
        "lastModified": 1735230346,
        "narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
        "rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
    },
    "sops-nix": {
      "inputs": {
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": [
-        "nixpkgs-stable": "nixpkgs-stable"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1688268466,
+        "lastModified": 1736515725,
-        "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
+        "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
+        "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125",
        "type": "github"
      },
      "original": {
@ -247,6 +276,26 @@
        "type": "github"
      }
    },
    "swaysw": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1711800706,
        "narHash": "sha256-VuClUfWEmuv6Ysf6g42rfIm4cRZ/DWYZJxlNd9f1IL4=",
        "ref": "refs/heads/master",
        "rev": "7422c005ffdd282c389d21c5f8a4ea835bc1a0f0",
        "revCount": 4,
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/swaysw"
      },
      "original": {
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/swaysw"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -261,6 +310,58 @@
        "repo": "default",
        "type": "github"
      }
    },
    "theme_anemone": {
      "flake": false,
      "locked": {
        "lastModified": 1699399376,
        "narHash": "sha256-u2baLVhc/tWd9h9+g9vKBN1m4qG23uL1HUizFigOJXw=",
        "owner": "Speyll",
        "repo": "anemone",
        "rev": "565a6e84e3054a45ec31729125801ab1f403c936",
        "type": "github"
      },
      "original": {
        "owner": "Speyll",
        "repo": "anemone",
        "type": "github"
      }
    },
    "theme_deepthought": {
      "flake": false,
      "locked": {
        "lastModified": 1681035730,
        "narHash": "sha256-dzhfGmhuNCbloqknM7lVnFbNYmf2/ue7az6DQok44yM=",
        "owner": "RatanShreshtha",
        "repo": "DeepThought",
        "rev": "430c1d5085dd6bea4cd6bd2d55003db67ba6bea0",
        "type": "github"
      },
      "original": {
        "owner": "RatanShreshtha",
        "repo": "DeepThought",
        "type": "github"
      }
    },
    "zremap": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1721120316,
        "narHash": "sha256-CaAMnU6LKqJrsZmR9k0/2brpULnAekpgG5S0BjtFhaQ=",
        "ref": "refs/heads/master",
        "rev": "8a7923bd4e5d36b186408d5432568a91ac67b695",
        "revCount": 21,
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/zremap"
      },
      "original": {
        "type": "git",
        "url": "https://git.project-cloud.net/asmir/zremap"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -2,41 +2,91 @@
  description = "NixOS configuration";
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
-    caps2esc.url = "gitlab:asmir.abdulahovic/caps2esc";
+
-    nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx";
+    nix-xilinx = {
-    peerix.url = "gitlab:asmir.abdulahovic/peerix";
+      url = "gitlab:asmir.abdulahovic/nix-xilinx";
-    sops-nix.url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
    peerix = {
      url = "gitlab:asmir.abdulahovic/peerix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    zremap = {
      url = "git+https://git.project-cloud.net/asmir/zremap";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    swaysw = {
      url = "git+https://git.project-cloud.net/asmir/swaysw";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nvim = {
      url = "git+https://git.project-cloud.net/asmir/nvim_flake";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-24.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    simple-nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    project-cloud = {
      url = "git+https://git.project-cloud.net/asmir/project-cloud";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = inputs @ {
+  outputs =
-    self,
+    inputs@{
    nixpkgs,
    caps2esc,
      home-manager,
      nixpkgs,
      nix-xilinx,
      nvim,
      peerix,
      project-cloud,
      simple-nixos-mailserver,
      sops-nix,
      swaysw,
      zremap,
      ...
-  }: {
+    }:
    let
      pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
    in
    {
      nixosConfigurations = rec {
-      nixy = nixpkgs.lib.nixosSystem {
+        nixy = nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          modules = [
            { _module.args = inputs; }
-          ./configuration.nix
+            { _module.args.system = system; }
-          ./packages.nix
+            { nix.registry.nixpkgs.flake = nixpkgs; }
-          ./hardware-configuration.nix
+            ./common/packages.nix
            ./common/suspend.nix
            ./nixy/configuration.nix
            ./nixy/hardware-configuration.nix
            sops-nix.nixosModules.sops
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.akill = import ./home/home.nix;
              home-manager.extraSpecialArgs = { inherit inputs system; };
              home-manager.backupFileExtension = "home_backup";
            }
            peerix.nixosModules.peerix
            {
@ -46,12 +96,91 @@
                package = peerix.packages.x86_64-linux.peerix;
                openFirewall = true; # UDP/12304
                privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
-              publicKeyFile = ./peerix-public;
+                publicKeyFile = ./nixy/peerix-public;
                publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
              };
            }
          ];
        };
-    };
+
        mediabox = nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          modules = [
            { _module.args = inputs; }
            { _module.args.system = system; }
            { nix.registry.nixpkgs.flake = nixpkgs; }
            ./common/packages.nix
            ./common/suspend.nix
            ./mediabox/configuration.nix
            ./mediabox/hardware-configuration.nix
            ./modules/qbittorrent.nix
            sops-nix.nixosModules.sops
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.akill = import ./home/home.nix;
              home-manager.extraSpecialArgs = { inherit inputs system; };
            }
            peerix.nixosModules.peerix
            {
              services.peerix = {
                enable = true;
                globalCacheTTL = 10;
                package = peerix.packages.x86_64-linux.peerix;
                openFirewall = true; # UDP/12304
                privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
                publicKeyFile = ./mediabox/peerix-public;
                publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
              };
            }
          ];
        };
        blue = nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          modules = [
            { _module.args = inputs; }
            { _module.args.system = system; }
            { nix.registry.nixpkgs.flake = nixpkgs; }
            ./blue/configuration.nix
            ./blue/hardware-configuration.nix
            ./common/packages.nix
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.akill = import ./home/home.nix;
              home-manager.extraSpecialArgs = { inherit inputs system; };
            }
          ];
        };
        magpie = nixpkgs.lib.nixosSystem rec {
          system = "aarch64-linux";
          modules = [
            { _module.args = inputs; }
            { _module.args.system = system; }
            { nix.registry.nixpkgs.flake = nixpkgs; }
            ./magpie/configuration.nix
            ./magpie/hardware-configuration.nix
            simple-nixos-mailserver.nixosModule
            sops-nix.nixosModules.sops
            (builtins.toPath "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix")
          ];
        };
      };
      devShell.x86_64-linux = pkgs.mkShell {
        buildInputs = with pkgs; [
          sops
          ssh-to-age
          age
        ];
        shellHook = ''
          echo "Configuring NixOS!"
        '';
      };
      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
    };
 }
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -1,78 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-amd" "amdgpu"];
  boot.extraModulePackages = [];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
    fsType = "btrfs";
    options = ["subvol=root" "compress=zstd" "noatime"];
  };
  boot.initrd.luks.devices."sys_enc".device = "/dev/disk/by-uuid/682d030d-189e-4b47-a60a-62cf1f3729d3";
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
    fsType = "btrfs";
    options = ["subvol=home" "compress=zstd" "noatime"];
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
    fsType = "btrfs";
    options = ["subvol=nix" "compress=zstd" "noatime"];
  };
  fileSystems."/persist" = {
    device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
    fsType = "btrfs";
    options = ["subvol=persist" "compress=zstd" "noatime"];
  };
  fileSystems."/var/log" = {
    device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
    fsType = "btrfs";
    options = ["subvol=log" "compress=zstd" "noatime"];
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/3F3E-9833";
    fsType = "vfat";
  };
  fileSystems."/opt/xilinx" = {
    device = "/dev/disk/by-uuid/09912fb9-0284-4b4e-add1-d4a27329539f";
    fsType = "erofs";
  };
  swapDevices = [
    /*
    {
       device = "/dev/disk/by-uuid/ee1792c9-098b-40c1-b760-20def16ba67f";
       encrypted = {
         enable = true;
         keyFile = "/mnt-root/swap.key";
         label = "swap_encr";
         blkDev = "/dev/disk/by-uuid/aee12e27-b45a-4291-be78-db0a903071b3";
       };
     }
    */
  ];
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  nix.settings.max-jobs = lib.mkDefault 8;
 }
--- a/home/home.nix
+++ b/home/home.nix
@ -1,13 +1,22 @@
 {
  pkgs,
  config,
  lib,
  pkgs,
  ...
 }:
-with lib; let
+let
-  vimrc = import ./vimrc.nix {inherit pkgs vimUtils fetchFromGitHub;};
+  qutebrowser_firejail = pkgs.writeShellScriptBin "qutebrowser" ''
-in {
+    firejail -- ${lib.getExe pkgs.qutebrowser} "$@"
-  imports = [./zsh.nix ./i3status-rust.nix ./sway.nix ./i3.nix ./home_packages.nix ./whatsapp-for-linux.nix];
+  '';
 in
 {
  imports = [
    ./zsh.nix
    ./i3status-rust.nix
    ./sway.nix
    ./i3.nix
    ./home_packages.nix
    ./whatsapp-for-linux.nix
  ];
  home.stateVersion = "22.11";
  home.username = "akill";
@ -17,23 +26,33 @@ in {
  xdg.mimeApps = {
    enable = true;
    defaultApplications = {
-      "application/pdf" = ["sioyek.desktop"];
+      "application/pdf" = "sioyek.desktop";
      "default-web-browser" = "org.qutebrowser.qutebrowser.desktop";
      "text/html" = "org.qutebrowser.qutebrowser.desktop";
      "x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
      "x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
      "x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
      "x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
    };
  };
  fonts.fontconfig.enable = true;
-  home.sessionVariables = {
+  home.sessionVariables = rec {
-    BROWSER = "qutebrowser";
+    BROWSER = lib.getExe qutebrowser_firejail;
    DEFAULT_BROWSER = "${BROWSER}";
    EDITOR = "nvim";
    _JAVA_AWT_WM_NONREPARENTING = "1";
    MOZ_ENABLE_WAYLAND = "1";
    NIXOS_OZONE_WL = "1";
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    SUDO_EDITOR = "nvim";
    WLR_RENDERER = "vulkan";
  };
-  wayland.windowManager.sway = {enable = true;};
+  wayland.windowManager.sway = {
    enable = true;
  };
  programs = {
    home-manager.enable = true;
@ -47,16 +66,27 @@ in {
      };
    };
    tmux = {
      enable = true;
      clock24 = true;
      keyMode = "vi";
      terminal = "screen-256color";
      plugins = with pkgs.tmuxPlugins; [
        sysstat
        net-speed
        gruvbox
      ];
    };
    mpv = {
      enable = true;
      package = pkgs.mpv;
      config = {
        slang = "eng,en";
        alang = "eng,en";
        hwdec = "auto";
        vo = "gpu-next";
        ao = "pipewire";
-        script-opts-set = "sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
+        script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
        ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
      };
@ -122,19 +152,21 @@ in {
          font = "JetBrainsMono:size=10";
          dpi-aware = "yes";
        };
-        mouse = {hide-when-typing = "yes";};
+        mouse = {
          hide-when-typing = "yes";
        };
      };
    };
    qutebrowser = {
      enable = true;
-      package = pkgs.qutebrowser-qt6;
+      package = qutebrowser_firejail;
      keyBindings = {
        normal = {
          "j" = "scroll-px 0 25";
          "k" = "scroll-px 0 -25";
          "u" = "undo --window";
-          ";v" = "hint links userscript view_in_mpv";
+          ";v" = "hint links spawn mpv {hint-url}";
        };
      };
@ -167,23 +199,28 @@ in {
      userName = "Asmir A";
      userEmail = "asmir.abdulahovic@gmail.com";
      extraConfig = {
-        pull = {rebase = true;};
+        init.defaultBranch = "master";
-        credential = {helper = "store";};
+        pull = {
          rebase = true;
        };
        credential = {
          helper = "store";
        };
      };
-
+      signing.key = "020C42B7A9ABA3E2";
-    neovim = {
+      signing.signByDefault = true;
      enable = true;
      vimAlias = true;
      vimdiffAlias = true;
      plugins = vimrc.plugins;
      extraConfig = "";
      extraPackages = vimrc.extraPackages;
    };
    obs-studio = {
      enable = true;
-      plugins = with pkgs.obs-studio-plugins; [obs-vkcapture input-overlay obs-multi-rtmp obs-pipewire-audio-capture wlrobs obs-vaapi];
+      plugins = with pkgs.obs-studio-plugins; [
        obs-vkcapture
        input-overlay
        obs-multi-rtmp
        obs-pipewire-audio-capture
        wlrobs
        obs-vaapi
      ];
    };
    i3status-rust.enable = true;
@ -191,14 +228,10 @@ in {
    zsh.enable = true;
  };
  xdg.configFile."nvim/init.lua" = {
    source = ./vimrc.lua;
    recursive = true;
  };
  services = {
    lorri.enable = false;
    mako.enable = true;
    cliphist.enable = true;
    gammastep = {
      enable = true;
      latitude = "44.53";
@ -215,26 +248,66 @@ in {
      enableSshSupport = true;
    };
-    swayidle = {
+    swayidle =
      let
        locker = pkgs.writeShellScriptBin "swaylock_fancy" ''
          TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
          ${lib.getExe pkgs.grim} -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
          ${lib.getExe pkgs.swaylock} -f -i "$TMP_FILE"
          ${pkgs.coreutils}/bin/rm "$TMP_FILE"
        '';
      in
      {
        enable = true;
        events = [
          {
            event = "before-sleep";
-          command = "swaylock_bg_blur.sh";
+            command = "${locker}/bin/swaylock_fancy";
          }
          {
            event = "lock";
-          command = "swaylock_bg_blur.sh";
+            command = "${locker}/bin/swaylock_fancy";
          }
          {
            event = "after-resume";
-          command = "pkill -USR1 i3status-rs";
+            command = "${pkgs.procps}/bin/pkill -USR1 i3status-rs";
          }
        ];
        timeouts = [
          {
            timeout = 15 * 60;
-          command = "swaylock_bg_blur.sh";
+            command = "${locker}/bin/swaylock_fancy";
          }
        ];
      };
    kanshi = {
      enable = true;
      settings = [
        {
          profile.name = "undocked";
          profile.outputs = [
            {
              criteria = "eDP-1";
            }
          ];
        }
        {
          profile.name = "docked";
          profile.outputs = [
            {
              criteria = "eDP-1";
            }
            {
              criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026536";
              mode = "1920x1080@74.973Hz";
            }
            {
              criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026535";
              mode = "1920x1080@74.973Hz";
            }
          ];
        }
      ];
    };
--- a/home/home_packages.nix
+++ b/home/home_packages.nix
@ -1,79 +1,177 @@
 {
-  config,
+  lib,
  pkgs,
  inputs,
  system,
  ...
-}: {
+}:
-  home.packages = with pkgs; [
+let
-    alejandra
+  chromium_teams = pkgs.writeShellScriptBin "chromium_teams" ''
    ${lib.getExe pkgs.ungoogled-chromium} --socket=wayland org.chromium.Chromium --app=https://teams.microsoft.com/
  '';
  chromium_discord = pkgs.writeShellScriptBin "chromium_discord" ''
    ${lib.getExe pkgs.ungoogled-chromium} --socket=wayland org.chromium.Chromium --app=https://discordapp.com/channels/@me
  '';
  chromium_stackfield = pkgs.writeShellScriptBin "chromium_stackfield" ''
    ${lib.getExe pkgs.ungoogled-chromium} --socket=wayland org.chromium.Chromium --app=https://stackfield.com/
  '';
  qcad = pkgs.writeShellScriptBin "qcad" ''
    QT_QPA_PLATFORM=xcb ${lib.getExe pkgs.qcad} $@
  '';
  ssh_proxy = pkgs.writeShellScriptBin "ssh_proxy" ''
    if ${pkgs.coreutils}/bin/test $# -ne 1; then
      echo "Usage: $0 <user>@<ssh_host>"
      exit
    fi
    PROXY_PORT="1337"
    ${lib.getExe pkgs.openssh} -D "$PROXY_PORT" -q -N "$@"
  '';
  wrap_sh =
    let
      bubblewrap = pkgs.callPackage ../packages/bubblewrap/default.nix { };
    in
    pkgs.writeShellScriptBin "wrap.sh" ''
      if ${pkgs.coreutils-full}/bin/test $# -ne 1; then
        echo "Usage: $0 <directory>"
        exit
      fi
      FULL_PATH=$(${pkgs.coreutils-full}/bin/realpath "$1")
      BUBBLEWRAP_DIR="$1" ${bubblewrap}/bin/bwrap \
        --bind / / \
        --dev /dev \
        --overlay-src "$FULL_PATH" \
        --tmp-overlay "$FULL_PATH" \
        "$SHELL"
    '';
 in
 {
  home.packages =
    with pkgs;
    [
      anydesk
      appimage-run
      arp-scan
      birdtray
      blackmagic
      blender
      btop
      cached-nix-shell
      caddy
      cargo
-    ccls
+      ungoogled-chromium
-    cemu
+      cmake
      compsize
-    cura
+      # cura
      deluge
      dfu-util
      discord
      dmenu-wayland
      drawio
      dualsensectl
      ffmpeg-full
      firefox
      freecad
      gcc
      gdb
      ghostscript
      glab
      glaxnimate
      gnumake
      go
      grim
      heimdall
      hyperfine
      icestorm
      imagemagick
      imv
      inkscape
      jellyfin-media-player
      kdenlive
      kicad
      kodi-wayland
      krita
      libnotify
-    libreoffice
+      libreoffice-qt6-fresh
      libva-utils
      linuxPackages_latest.perf
      lsix
      lsix
      mediainfo
      ncdu
      neovide
      nextpnr
      ngspice
      nix-init
      nixpkgs-fmt
      nix-prefetch-git
      nodePackages.peerflix
      nom
      openems
      openocd
      openscad
      pandoc
-    pass
+      paraview
      pass-wayland
      patchelf
      pavucontrol
      pay-respects
      pirate-get
      poppler_utils
      powertop
      pulsemixer
      pwvucontrol
      python3
      python3Packages.west
      remmina
      river
      rizin
      rtorrent
-    rustc
+      sbcl
      screen
      seer
      sioyek
      skypeforlinux
      slurp
      steam-run
      stm32cubemx
      swayimg
      tea
      teams-for-linux
      tectonic
      tessen
      texlive.combined.scheme-full
      thunderbird
      typst
      upx
      waybar
      wdisplays
      weechat
      whatsapp-for-linux
      wine
      wireshark
      wl-clipboard
      wlr-randr
      wofi
      x2goclient
      yewtube
      yosys
      yt-dlp
      zapzap
      zathura
-    zeal-qt6
+      # zeal-qt6
      zig
-    zls
+    ]
    ++ [
      chromium_discord
      chromium_stackfield
      chromium_teams
      ssh_proxy
      wrap_sh
      qcad
    ]
    ++ [
      inputs.swaysw.packages.${system}.swaysw
      (pkgs.callPackage ../packages/viber/default.nix { })
      (pkgs.callPackage ../packages/bubblewrap/default.nix { })
    ];
 }
--- a/home/i3.nix
+++ b/home/i3.nix
@ -1,11 +1,12 @@
 {
  config,
  lib,
  pkgs,
  ...
-}: let
+}:
 let
  scratchpad_cmd = "floating enable, resize set 1502 845, move position center, move scratchpad, scratchpad show";
-in {
+in
 {
  xsession.windowManager.i3 = {
    enable = true;
    package = pkgs.i3;
@ -54,24 +55,28 @@ in {
        "${modifier}+Escape" = "workspace back_and_forth";
        "${modifier}+p" = "exec ${pkgs.dmenu}/bin/dmenu_run";
-        "Mod4+l" = "exec i3-msg [instance=\"python3_scr\"] scratchpad show || exec alacritty --class python3_scr -e python3";
+        "Mod4+l" =
          "exec i3-msg [instance=\"python3_scr\"] scratchpad show || exec alacritty --class python3_scr -e python3";
        "Mod4+j" = "exec i3-msg [class=\"ViberPC\"] scratchpad show || exec viber";
        "Mod4+m" = "exec i3-msg [class=\"Thunderbird\"] scratchpad show || exec thunderbird";
-        "Mod4+y" = "exec i3-msg [instance=\"pulsemixer_scr\"] scratchpad show || exec alacritty --class pulsemixer_scr -e pulsemixer";
+        "Mod4+y" =
          "exec i3-msg [instance=\"pulsemixer_scr\"] scratchpad show || exec alacritty --class pulsemixer_scr -e pulsemixer";
      };
      window = {
-        /*
+        # border = 4;
        border = 4;
        */
        commands = [
          {
            command = scratchpad_cmd;
-            criteria = {instance = "pulsemixer_scr|python3_scr";};
+            criteria = {
              instance = "pulsemixer_scr|python3_scr";
            };
          }
          {
            command = scratchpad_cmd;
-            criteria = {class = "Thunderbird";};
+            criteria = {
              class = "Thunderbird";
            };
          }
          {
            command = scratchpad_cmd;
@ -82,7 +87,9 @@ in {
          }
          {
            command = "focus child, layout tabbed, focus";
-            criteria = {class = "qutebrowser";};
+            criteria = {
              class = "qutebrowser";
            };
          }
        ];
      };
@ -91,7 +98,10 @@ in {
        {
          position = "top";
          fonts = {
-            names = ["DejaVu Sans Mono" "FontAwesome5Free"];
+            names = [
              "DejaVu Sans Mono"
              "FontAwesome5Free"
            ];
            style = "Fixed Bold SemiCondensed";
            size = 7.0;
          };
--- a/home/i3status-rust.nix
+++ b/home/i3status-rust.nix
@ -1,9 +1,5 @@
 { ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  programs.i3status-rust = {
    bars.top = {
      icons = "awesome5";
@ -23,7 +19,15 @@
        }
        {
          block = "disk_space";
-          path = "/";
+          path = "/nix";
          info_type = "available";
          interval = 20;
          warning = 20.0;
          alert = 10.0;
        }
        {
          block = "disk_space";
          path = "/home";
          info_type = "available";
          interval = 20;
          warning = 20.0;
@ -39,6 +43,16 @@
          device = "enp5s0";
          interval = 2;
        }
        {
          block = "net";
          device = "enp7s0f3u1u1";
          interval = 2;
        }
        {
          block = "net";
          device = "eno1";
          interval = 2;
        }
        {
          block = "memory";
        }
--- a/home/sway.nix
+++ b/home/sway.nix
@ -1,12 +1,30 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  system,
  lib,
  ...
-}: {
+}:
 let
  cliphist_sway = pkgs.writeShellScriptBin "cliphist_sway" ''
    ${lib.getExe pkgs.cliphist} list | \
    ${lib.getExe pkgs.wofi} --dmenu --insensitive | \
    ${lib.getExe pkgs.cliphist} decode | \
    ${pkgs.wl-clipboard}/bin/wl-copy
  '';
  screenshot_clip = pkgs.writeShellScriptBin "screenshot_clip" ''
    GEOM="$(${lib.getExe pkgs.slurp} -d)"
    ${lib.getExe pkgs.grim} -g "$GEOM" - | ${pkgs.wl-clipboard}/bin/wl-copy
  '';
  swaysw = inputs.swaysw.packages.${system}.swaysw;
  viber = pkgs.callPackage ../packages/viber/default.nix { };
  term = "${pkgs.foot}/bin/footclient";
 in
 {
  wayland.windowManager.sway = {
    enable = true;
    extraSessionCommands = "";
    extraConfigEarly = '''';
    config = {
      fonts = {
@ -18,49 +36,71 @@
      window.commands = [
        {
          command = "move scratchpad, resize set 1152 648";
-          criteria = {app_id = "pulsemixer|python3|whatsapp-for-linux|com.viber.Viber";};
+          criteria = {
            app_id = "pulsemixer|python3|com.rtosta.zapzap|whatsapp-for-linux|com.viber";
          };
        }
        {
          command = "move scratchpad, resize set 1502 845";
-          criteria = {class = "ViberPC";};
+          criteria = {
            app_id = "com.viber";
          };
        }
        {
          command = "floating enable";
-          criteria = {app_id = "sws_cli";};
+          criteria = {
            app_id = "sws_cli";
          };
        }
      ];
      modifier = "Mod4";
      output = {
        eDP-1 = {
          bg = "~/pic/weird_dragon.jpg stretch";
          /*
            bg = "~/pic/wallpaper stretch";
            scale = "1.4";
          */
        };
        HDMI-A-4 = {
          res = "1920x1080";
        };
      };
      input = {
-        "1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
+        "type:keyboard" = {
-        "1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
+          repeat_delay = "150";
-        "2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
+        };
        "type:keyboard" = {
          repeat_rate = "70";
        };
        "type:touchpad" = {
          tap = "enabled";
        };
      };
      bars = [
        {
          position = "top";
          fonts = {
-            names = ["Iosevka" "FontAwesome"];
+            names = [
              "Iosevka"
              "FontAwesome"
            ];
            style = "Bold Semi-Condensed";
            size = 12.0;
          };
-          statusCommand = "i3status-rs ~/.config/i3status-rust/config-top.toml";
+          statusCommand = "${lib.getExe pkgs.i3status-rust} ~/.config/i3status-rust/config-top.toml";
        }
      ];
      keybindings = {
        "Alt+Shift+q" = "kill";
-        "Alt+Shift+Return" = "exec ${pkgs.foot}/bin/footclient";
+        "Alt+Shift+Return" = "exec ${term}";
-        "Alt+p" = "exec ${pkgs.dmenu-wayland}/bin/dmenu-wl_run -fn \"mono 14\"";
+        "Alt+p" = "exec ${pkgs.bemenu}/bin/bemenu-run";
        "Alt+c" = "exec ${pkgs.moreutils}/bin/lckdo cliphist_sway ${cliphist_sway}/bin/cliphist_sway";
        "Print" = "exec ${pkgs.moreutils}/bin/lckdo screenshot_clip ${screenshot_clip}/bin/screenshot_clip";
        "Alt+Shift+space" = "floating toggle";
        "Alt+space" = "focus mode_toggle";
@ -95,21 +135,21 @@
        "Alt+j" = "focus down";
        "Alt+k" = "focus up";
        "Alt+l" = "focus right";
-        "Alt+slash" = "exec lckdo /tmp/.sws_cli_lock footclient -a sws_cli -- sws_cli.sh";
+        "Alt+slash" = "exec ${pkgs.moreutils}/bin/lckdo swaysw ${swaysw}/bin/swaysw";
        "Alt+Escape" = "workspace back_and_forth";
        "Alt+f" = "fullscreen enable";
        "Alt+bracketright" = "focus output right";
        "Alt+bracketleft" = "focus output left";
-        "Mod4+l" = ''
+        "Mod4+l" =
-          exec swaymsg [app_id="python3"] scratchpad show || exec foot -a python3 python3'';
+          ''exec ${pkgs.sway}/bin/swaymsg [app_id="python3"] scratchpad show || exec ${term} -a python3 ${lib.getExe pkgs.python3}'';
-        "Mod4+h" = "exec swaymsg [app_id=whatsapp-for-linux] scratchpad show || exec whatsapp-for-linux";
+        "Mod4+j" =
-        "Mod4+j" = "exec swaymsg [app_id=com.viber.Viber] scratchpad show";
+          "exec ${pkgs.sway}/bin/swaymsg [app_id=com.rtosta.zapzap] scratchpad show || exec ${lib.getExe pkgs.zapzap}";
-        "Mod4+y" = ''
+        "Mod4+h" =
-          exec swaymsg [app_id="pulsemixer"] scratchpad show || exec foot -a pulsemixer pulsemixer'';
+          "exec ${pkgs.sway}/bin/swaymsg [app_id=com.viber] scratchpad show || exec ${viber}/bin/viber";
-
+        "Mod4+y" =
-        "XF86AudioRaiseVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
+          ''exec ${pkgs.sway}/bin/swaymsg [app_id="pulsemixer"] scratchpad show || exec ${term} -a pulsemixer ${lib.getExe pkgs.pulsemixer}'';
-        "XF86AudioLowerVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
+        "Mod4+p" = "exec ${lib.getExe pkgs.tessen} -a copy";
        "XF86AudioMute" = "exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
        "XF86AudioMicMute" = "exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
      };
    };
  };
--- a/home/vimrc.lua
+++ b/home/vimrc.lua
@ -1,195 +0,0 @@
 -- Basic settings
 vim.g.loaded_matchparen = true
 vim.g.netrw_liststyle = 3
 vim.go.background = 'dark'
 vim.go.belloff = 'all'
 vim.go.breakindent = true
 vim.go.hlsearch = false
 vim.go.laststatus = 0
 vim.go.lazyredraw = true
 vim.go.showcmd = true
 vim.go.synmaxcol = 800
 vim.go.syntax = 'on'
 vim.go.termguicolors = true
 vim.go.titleold = vim.fn.getcwd()
 vim.go.title = true
 vim.go.wildmenu = true
 vim.go.wrap = true
 vim.wo.number = true
 vim.cmd([[colorscheme gruvbox]])
 -- Defines a read-write directory for treesitters in nvim's cache dir
 local parser_install_dir = vim.fn.stdpath("cache") .. "/treesitters"
 if vim.fn.isdirectory(parser_install_dir) == 0 then
 	vim.fn.mkdir(parser_install_dir, "p")
 end
 -- Adding runtime needed for Nix setup on non NixOS
 vim.o.runtimepath = vim.o.runtimepath .. "," .. parser_install_dir
 require 'nvim-treesitter.install'.compilers = { 'gcc' }
 require 'nvim-treesitter.configs'.setup {
 	ensure_installed = { "c", "cpp", "zig", "python", "verilog", "nix", "lua", "latex" },
 	parser_install_dir = parser_install_dir,
 	highlight = { enable = true, disable = {} },
 	indent = { enable = false, disable = {} },
 	rainbow = {
 		enable = true,
 		extended_mode = true, -- Highlight also non-parentheses delimiters, boolean or table: lang -> boolean
 		max_file_lines = 1000, -- Do not enable for files with more than 1000 lines, int
 		colors = {
 			'#ff0000', '#ffa500', '#ffff00', '#008000', '#0051a0', '#8003f2'
 		} -- table of hex strings
 	}
 }
 -- Mappings.
 -- See `:help vim.diagnostic.*` for documentation on any of the below functions
 local opts = { noremap = true, silent = true }
 vim.api.nvim_set_keymap('n', '<space>e',
 	'<cmd>lua vim.diagnostic.open_float()<CR>', opts)
 vim.api.nvim_set_keymap('n', '<space>q',
 	'<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
 vim.api.nvim_set_keymap('n', 'Q', '<cmd>nohl<CR>', opts)
 vim.api.nvim_set_keymap('n', 'j', 'gj', opts)
 vim.api.nvim_set_keymap('n', 'k', 'gk', opts)
 vim.api.nvim_set_keymap('v', 'j', 'gj', opts)
 vim.api.nvim_set_keymap('v', 'k', 'gk', opts)
 vim.api.nvim_set_keymap('n', '<C-J>', '<C-W><C-J>', opts)
 vim.api.nvim_set_keymap('n', '<C-K>', '<C-W><C-K>', opts)
 vim.api.nvim_set_keymap('n', '<C-L>', '<C-W><C-L>', opts)
 vim.api.nvim_set_keymap('n', '<C-H>', '<C-W><C-H>', opts)
 vim.api.nvim_create_autocmd('LspAttach', {
 	desc = 'LSP actions',
 	callback = function()
 		local bufmap = function(mode, lhs, rhs)
 			vim.keymap.set(mode, lhs, rhs, { buffer = true })
 		end
 		-- Displays hover information about the symbol under the cursor
 		bufmap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<cr>')
 		-- Jump to the definition
 		bufmap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<cr>')
 		-- Jump to declaration
 		bufmap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<cr>')
 		-- Lists all the implementations for the symbol under the cursor
 		bufmap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<cr>')
 		-- Jumps to the definition of the type symbol
 		bufmap('n', 'go', '<cmd>lua vim.lsp.buf.type_definition()<cr>')
 		-- Lists all the references
 		bufmap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<cr>')
 		-- Displays a function's signature information
 		bufmap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<cr>')
 		-- Renames all references to the symbol under the cursor
 		bufmap('n', 'rn', '<cmd>lua vim.lsp.buf.rename()<cr>')
 		-- Selects a code action available at the current cursor position
 		bufmap('n', '<F4>', '<cmd>lua vim.lsp.buf.code_action()<cr>')
 		bufmap('x', '<F4>', '<cmd>lua vim.lsp.buf.range_code_action()<cr>')
 		-- Show diagnostics in a floating window
 		bufmap('n', 'gl', '<cmd>lua vim.diagnostic.open_float()<cr>')
 		-- Move to the previous diagnostic
 		bufmap('n', '[d', '<cmd>lua vim.diagnostic.goto_prev()<cr>')
 		-- Move to the next diagnostic
 		bufmap('n', ']d', '<cmd>lua vim.diagnostic.goto_next()<cr>')
 		-- Format current buffer
 		bufmap('n', '<space>f', function() vim.lsp.buf.format { async = true } end)
 	end
 })
 -- Use a loop to conveniently call 'setup' on multiple servers and
 -- map buffer local keybindings when the language server attaches
 local cmp = require 'cmp'
 cmp.setup({
 	sources = cmp.config.sources({
 		{ name = 'nvim_lsp' },
 		{ name = 'buffer' },
 		{ name = 'path' },
 	}),
 	mapping = {
 		["<Tab>"] = cmp.mapping({
 			i = function(fallback)
 				if cmp.visible() then
 					cmp.select_next_item({ behavior = cmp.SelectBehavior.Insert })
 				else
 					fallback()
 				end
 			end,
 		}),
 		["<S-Tab>"] = cmp.mapping({
 			i = function(fallback)
 				if cmp.visible() then
 					cmp.select_prev_item({ behavior = cmp.SelectBehavior.Insert })
 				else
 					fallback()
 				end
 			end,
 		}),
 		['<Down>'] = cmp.mapping(cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
 		['<Up>'] = cmp.mapping(cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
 		['<C-n>'] = cmp.mapping({
 			i = function(fallback)
 				if cmp.visible() then
 					cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
 				else
 					fallback()
 				end
 			end
 		}),
 		['<C-p>'] = cmp.mapping({
 			i = function(fallback)
 				if cmp.visible() then
 					cmp.select_prev_item({ behavior = cmp.SelectBehavior.Select })
 				else
 					fallback()
 				end
 			end
 		}),
 		['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
 		['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
 		['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
 		['<C-e>'] = cmp.mapping({ i = cmp.mapping.close(), c = cmp.mapping.close() }),
 		['<CR>'] = cmp.mapping({
 			i = cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = false }),
 		}),
 	}
 })
 local servers = { 'pyright', 'rust_analyzer', 'ccls', 'lua_ls', 'rnix', 'texlab', 'verible' }
 local capabilities = require('cmp_nvim_lsp').default_capabilities()
 for _, lsp in pairs(servers) do
 	require('lspconfig')[lsp].setup {
 		capabilities = capabilities
 	}
 end
 require('lspconfig').lua_ls.setup({
 	single_file_support = true,
 })
 require('lspconfig').verible.setup({
 	root_dir = function() return vim.loop.cwd() end
 })
 if vim.fn.exists('+undofile') ~= 0 then
 	local undo_dir = vim.env.HOME .. '/.config/nvim/undo'
 	if vim.fn.isdirectory(undo_dir) == 0 then vim.fn.mkdir(undo_dir, 'p') end
 	vim.o.undodir = undo_dir
 	vim.o.undofile = true
 end
 vim.cmd([[syntax sync minlines=100]])
 vim.cmd([[syntax sync maxlines=140]])
--- a/home/vimrc.nix
+++ b/home/vimrc.nix
@ -1,44 +0,0 @@
 {
  pkgs,
  vimUtils,
  fetchFromGitHub,
 }: {
  extraPackages = [
    pkgs.ccls
    pkgs.clang
    pkgs.luaformatter
    pkgs.nil
    pkgs.pyright
    pkgs.rnix-lsp
    pkgs.rust-analyzer
    pkgs.sumneko-lua-language-server
    pkgs.svls
    pkgs.texlab
    pkgs.tree-sitter
    pkgs.zls
    pkgs.verible
  ];
  plugins = with pkgs.vimPlugins; [
    colorizer
    fugitive
    fzf-vim
    gruvbox
    nvim-lspconfig
    nvim-treesitter
    nvim-ts-rainbow
    repeat
    targets-vim
    UltiSnips
    vim-addon-nix
    vim-signify
    vim-slime
    vim-snippets
    zig-vim
    cmp-nvim-lsp
    cmp-buffer
    cmp-path
    cmp-cmdline
    nvim-cmp
  ];
 }
--- a/home/whatsapp-for-linux.nix
+++ b/home/whatsapp-for-linux.nix
@ -1,10 +1,6 @@
 { lib, ... }:
 with lib;
 {
  config,
  pkgs,
  lib,
  ...
 }:
 with lib; {
  xdg.configFile."whatsapp-for-linux/settings.conf".source = builtins.toFile "settings.conf" (
    generators.toINI { } {
      General = {
--- a/home/zsh.nix
+++ b/home/zsh.nix
@ -1,9 +1,5 @@
 { pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  programs.z-lua = {
    enableAliases = true;
    enableZshIntegration = true;
@ -12,7 +8,6 @@
  programs.zsh = {
    autocd = true;
    enableCompletion = false;
    syntaxHighlighting.enable = true;
    defaultKeymap = "viins";
    shellAliases = {
@ -22,6 +17,7 @@
      cp = "cp -v";
      rm = "rm -v";
      ip = "ip --color=auto";
      f = "''$(pay-respects zsh)";
    };
    history = {
@ -42,18 +38,13 @@
        src = pkgs.nix-zsh-completions;
        file = "share/zsh/plugins/nix/nix-zsh-completions.plugin.zsh";
      }
      {
        name = "fast_syntax_highlight";
        src = pkgs.zsh-fast-syntax-highlighting;
        file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
      }
      {
        name = "pure_prompt";
        src = pkgs.fetchFromGitHub {
          owner = "sindresorhus";
          repo = "pure";
-          rev = "47c0c881f0e7cfdb5eaccd335f52ad17b897c060";
+          rev = "92b8e9057988566b37ff695e70e2e9bbeb7196c8";
-          sha256 = "15xdhi72pq88ls5gx1h0k23jvb41j6kq6ar17dqmd5d38zsgwl3v";
+          hash = "sha256-TbOrnhLHgOvcfsgmL0l3bWY33yLIhG1KSi4ITIPq1+A=";
        };
        file = "pure.plugin.zsh";
      }
@ -72,6 +63,11 @@
        };
        file = "sudo.plugin.zsh";
      }
      {
        name = "zsh-fast-syntax-highlighting";
        src = pkgs.zsh-fast-syntax-highlighting;
        file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
      }
    ];
    envExtra = '''';
@ -86,7 +82,6 @@
      setopt c_bases
      setopt completeinword
      setopt completealiases
      setopt extendedglob
      setopt notify
      #
@ -99,6 +94,15 @@
      eval "$(direnv hook zsh)"
      zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
      if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then
        TMUX_EXE="${pkgs.tmux}/bin/tmux"
        systemd-run --scope --user $TMUX_EXE attach-session -t $USER || systemd-run --scope --user $TMUX_EXE new-session -s $USER
      fi
      if [[ -n "$BUBBLEWRAP_DIR" ]]; then
        RPS1="{{$BUBBLEWRAP_DIR}}"
      fi
    '';
  };
 }
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@ -0,0 +1,409 @@
 {
  config,
  pkgs,
  lib,
  project-cloud,
  nvim,
  system,
  ...
 }:
 {
  imports = [ ];
  nix.optimise.automatic = true;
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  system.switch = {
    enable = false;
    enableNg = true;
  };
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 2;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelParams = [
    "ip=dhcp"
    "console=tty"
  ];
  boot.kernel.sysctl = {
    "net.core.default_qdisc" = "fq";
    "net.ipv4.tcp_congestion_control" = "bbr";
  };
  boot.initrd = {
    compressor = "zstd";
    availableKernelModules = [
      "virtio-pci"
      "virtio-gpu"
    ];
    systemd.enable = true;
    network = {
      enable = true;
      ssh = {
        enable = true;
        hostKeys = [ /etc/ssh_dummy_ed25519_key ];
        authorizedKeyFiles = [ ../nixy/ssh_pubkey ];
      };
    };
  };
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  users.users.root.initialHashedPassword = "";
  users.users.root.openssh.authorizedKeys.keys = [
    (builtins.readFile ../nixy/ssh_pubkey)
  ];
  environment.systemPackages = with pkgs; [
    curl
    fd
    file
    fzf
    fzy
    git
    nvim.packages.${system}.nvim
    htop-vim
    nvim
    pciutils
    tig
    tmux
    unzip
    usbutils
    wget
    zip
  ];
  programs.mosh.enable = true;
  mailserver = {
    enable = true;
    debug = false;
    fqdn = "mail.project-cloud.net";
    domains = [ "project-cloud.net" ];
    enableSubmissionSsl = true;
    enableImap = false;
    enableImapSsl = true;
    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "gitea@project-cloud.net" = {
        hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
        aliases = [ "git@project-cloud.net" ];
      };
      "asmir@project-cloud.net" = {
        hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
        aliases = [ "asmir.abdulahovic@project-cloud.net" ];
      };
    };
    certificateScheme = "acme-nginx";
  };
  services.journald.extraConfig = ''SystemMaxUse=50M '';
  services.logind.extraConfig = ''KillUserProcesses=yes '';
  services.openssh.settings.PermitRootLogin = "prohibit-password";
  services.openssh.enable = true;
  services.openssh.listenAddresses = [
    {
      addr = "10.100.0.1"; # wireguard
      port = 22;
    }
  ];
  services.opendkim.enable = true;
  services.miniflux = {
    enable = false;
    adminCredentialsFile = config.sops.secrets."miniflux_env".path;
    config = {
      LISTEN_ADDR = "localhost:5001";
      BASE_URL = "https://miniflux.project-cloud.net";
    };
  };
  services.goatcounter = {
    enable = true;
    port = 8002;
    proxy = true;
    address = "127.0.0.1";
  };
  services.nextcloud = {
    enable = false;
    package = pkgs.nextcloud28;
    config.adminpassFile = config.sops.secrets."nextcloud_admin".path;
    configureRedis = true;
    hostName = "cloud.project-cloud.net";
    https = true;
    settings = {
      mail_smtpmode = "sendmail";
      mail_sendmailmode = "pipe";
      enabledPreviewProviders = [
        "OC\\Preview\\BMP"
        "OC\\Preview\\GIF"
        "OC\\Preview\\HEIC"
        "OC\\Preview\\JPEG"
        "OC\\Preview\\Krita"
        "OC\\Preview\\MarkDown"
        "OC\\Preview\\MP3"
        "OC\\Preview\\OpenDocument"
        "OC\\Preview\\PNG"
        "OC\\Preview\\TXT"
        "OC\\Preview\\XBitmap"
      ];
    };
    phpOptions = {
      "opcache.jit" = "tracing";
      "opcache.jit_buffer_size" = "100M";
      "opcache.interned_strings_buffer" = "16";
    };
  };
  services.nginx = {
    enable = true;
    package = pkgs.nginxQuic;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."project-cloud.net" = {
      quic = true;
      http3 = true;
      forceSSL = true;
      enableACME = true;
      root = "${project-cloud.packages.${system}.default}/public";
    };
    /*
      virtualHosts.${config.services.nextcloud.hostName} = {
        quic = true;
        http3 = true;
        forceSSL = true;
        enableACME = true;
      };
    */
    virtualHosts."miniflux.project-cloud.net" = {
      quic = true;
      http3 = true;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:5001";
      };
    };
    virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
      quic = true;
      http3 = true;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://unix:${toString config.services.gitea.settings.server.HTTP_ADDR}";
      };
    };
    virtualHosts."stats.project-cloud.net" = {
      quic = true;
      http3 = true;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:8002/";
      };
    };
  };
  services.gitea = {
    enable = true;
    appName = "Project Cloud Gitea server";
    database = {
      type = "sqlite3";
      passwordFile = config.sops.secrets."gitea_db".path;
    };
    settings.server = {
      DOMAIN = "git.project-cloud.net";
      ROOT_URL = "https://git.project-cloud.net";
      DISABLE_SSH = true;
      HTTP_PORT = 3001;
      LANDING_PAGE = "explore";
      PROTOCOL = "http+unix";
    };
    settings.mailer = {
      ENABLED = true;
      FROM = "gitea@project-cloud.net";
      PROTOCOL = "sendmail";
      SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
    };
    settings.service = {
      DISABLE_REGISTRATION = true;
      REGISTER_EMAIL_CONFIRM = true;
    };
    settings."markup.restructuredtext" =
      let
        docutils = pkgs.python3.withPackages (
          ps: with ps; [
            docutils
            pygments
          ]
        );
      in
      {
        ENABLED = true;
        FILE_EXTENSIONS = ".rst";
        RENDER_COMMAND = "${docutils}/bin/rst2html.py";
        IS_INPUT_FILE = false;
      };
  };
  services.nfs.server.enable = false;
  services.nfs.server.extraNfsdConfig = ''
    rdma = true
    vers3 = false
    vers4.0 = false
    vers4.1 = false
  '';
  services.nfs.server.exports = ''
    /export/nixy    10.100.0.1/24(rw,nohide,insecure,no_subtree_check,all_squash,anonuid=1000,anongid=100)
  '';
  services.borgbackup.jobs."borgbase" = {
    paths = [
      "/var/lib/gitea"
    ];
    exclude = [ ];
    repo = "ssh://na9fqv67@na9fqv67.repo.borgbase.com/./repo";
    encryption = {
      mode = "repokey-blake2";
      passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
    };
    environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
    compression = "auto,zstd";
    startAt = "daily";
  };
  services.seafile = {
    enable = false;
    initialAdminPassword = "admin";
    adminEmail = "asmir.abdulahovic" + "@" + "gmail.com";
  };
  # needed for sendmail mail functionality
  users.users.gitea.extraGroups = [ "postdrop" ];
  systemd.services.gitea.serviceConfig = {
    RestrictAddressFamilies = [ "AF_NETLINK" ];
    ProtectSystem = lib.mkForce false;
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "asmir.abdulahovic@gmail.com";
  };
  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    secrets = {
      "asmir_mail_pw_hash".sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
      "borgbase_enc_key".sopsFile = ./secrets/borgbase_enc_key.yaml;
      "borgbase_ssh_key".sopsFile = ./secrets/borgbase_ssh_key.yaml;
      "gitea_mail_pw_hash".sopsFile = ./secrets/gitea_mail_pw_hash.yaml;
      "miniflux_env".sopsFile = ./secrets/miniflux.yaml;
      "wg_preshared/mediabox".sopsFile = ../common/secrets/wg_preshared.yaml;
      "wg_preshared/nixy".sopsFile = ../common/secrets/wg_preshared.yaml;
      "wg_preshared/workstation".sopsFile = ../common/secrets/wg_preshared.yaml;
      "wg_privkey".sopsFile = ./secrets/wg_privkey.yaml;
      "gitea_db" = {
        sopsFile = ./secrets/gitea_db.yaml;
        owner = config.users.users.gitea.name;
      };
      /*
        "nextcloud_admin" = {
          sopsFile = ./secrets/nextcloud_admin.yaml;
          owner = config.users.users.nextcloud.name;
        };
      */
    };
  };
  networking.hostName = "magpie";
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    80
    443
    587
    2049
  ]; # http, mail, mail, nfs
  networking.firewall.allowedUDPPorts = [
    443
    51820
  ]; # mail, wireguard
  networking.firewall.allowPing = true;
  networking.firewall.logRefusedConnections = lib.mkDefault false;
  networking.nat.enable = true;
  networking.nat.externalInterface = "enp1s0";
  networking.nat.internalInterfaces = [ "wg0" ];
  networking.networkmanager.enable = true;
  networking.wireless.enable = false;
  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "10.100.0.1/24" ];
      listenPort = 51820;
      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
      postSetup = ''
        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
      '';
      # This undoes the above command
      postShutdown = ''
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
      '';
      privateKeyFile = config.sops.secrets."wg_privkey".path;
      peers = [
        {
          publicKey = builtins.readFile ../nixy/wg_pubkey;
          presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
          allowedIPs = [ "10.100.0.6/32" ];
        }
        {
          publicKey = builtins.readFile ../mediabox/wg_pubkey;
          presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
          allowedIPs = [ "10.100.0.5/32" ];
        }
        {
          publicKey = builtins.readFile ../common/wg_pubkey_workstation;
          presharedKeyFile = config.sops.secrets."wg_preshared/workstation".path;
          allowedIPs = [ "10.100.0.4/32" ];
        }
      ];
    };
  };
  systemd = {
    enableEmergencyMode = false;
    watchdog = {
      runtimeTime = "20s";
      rebootTime = "30s";
    };
    sleep.extraConfig = ''
      AllowSuspend=no
      AllowHibernation=no
    '';
  };
  system.stateVersion = "22.11";
 }
--- a/magpie/hardware-configuration.nix
+++ b/magpie/hardware-configuration.nix
@ -0,0 +1,44 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  lib,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "virtio_pci"
    "usbhid"
    "sr_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/4FEE-DEED";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/magpie/secrets/asmir_mail_pw_hash.yaml
+++ b/magpie/secrets/asmir_mail_pw_hash.yaml
@ -0,0 +1,30 @@
 asmir_mail_pw_hash: ENC[AES256_GCM,data:LOKGd9X69fSj81BwaqjiQL18gXPebIdcfjOO2UJM8XOUEzsqP/gHYWuLYGQ5wuZB9zcFm0yeGjNN8hOq,iv:KwunTtk1ca/N4UidUXh3nSBwMNlP8vI4h2kk8roAzNU=,tag:JyfLzweD7sVT/+RVpLA3QQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOS3RoalBRQTB5Mkp4THpa
            aG9jS0UraEJlWHlVRFBWNWNJNGVOd0hxdUZBCm10OWwramN3UGdLUFpwbkduaU16
            S1FWcHIrK0dKRTAvSlN4SlI3eHJJL3cKLS0tIFljS3oxWXZyRlFEVUdUYXRsc2x4
            N1h6SFYrcTZQK1JSRWZsV2MvTGFwb0kKxRohlU6vR3CR2SGqDT9P8AxQXMSbpQuO
            g1t6gj3c+YBugUsCMuNpYEE+8OvfSQmsZV0VHojS8dMHSD9x75237w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bnFpZzB2b21YVEZtenBj
            TlkxdVlSWmM3dDNnQmxqQm5FWlQ0ZHhySGg0Cll1andBcE0yZ04zaFZlajBDSDUx
            VHRWbFVOeE1CZmlveTB0UEpjZUpzMEEKLS0tIE5tcVFuaWt6K2RKR3FodGYra25n
            bHNWWmh1dFdJVGtETWYvZDY1TGpvUVkKu4sO+/OXdV4xsLmOMlbV5nIidX+iREgF
            q0IavI9nzOZ0tkWSV/9mFua8Mp1vPW8wCBOqnW3nhPvYDoTbGQEovQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-20T19:31:29Z"
    mac: ENC[AES256_GCM,data:xXiCems/1em6JdK3V5GcD811yc8t6iHHFmz0OOrWM3muR807Ux80TrD3uoMN8GxIMyr0AloH41k8+vxaSlMmHsGGl6o1P13aR03E+A9ZLp1W2Nb3nCy5rH4pF8WSeNMxZ1SoT2iEAtTsh29xusocQTMUvr7Ou8TDLyVvrKhBPZw=,iv:SSPpVTbVQTvhPg1qm9akrg2ji1fRcukkwX5P2FzWMb4=,tag:a6GiGWfwnKLtteVoi9DJtQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/magpie/secrets/borgbase_enc_key.yaml
+++ b/magpie/secrets/borgbase_enc_key.yaml
@ -0,0 +1,30 @@
 borgbase_enc_key: ENC[AES256_GCM,data:bnSjKRY6HlmOyhjyuJLH8Xqzzpm7NgZI5g==,iv:RYlg83PqV2DIQHa5FoD6ls/utVjuSwmrv56N6Lrtn8s=,tag:hC6e9d5/EH9V7kG23XblEQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdm1lejdSTm1PN1dsWHNJ
            Nzc5aERNUlk5U0VoNWRzcVlMSXpqSEFmYkVNCkhqeHZrMng4WjEzcnBxdmtVUWlz
            NXhiNFB6Ukc2eGRiNW96YVloQyt0ZW8KLS0tIFhjUVlITVVTcktCTzEzdUJzTmsy
            UVhGc2VKeFJmS3RUY2YrR2FVVlVOcDAKsl+Fo16/3PpQ35aF4EBq5kjpyNxnZfip
            1sfq1ppUfg6QRRICWtxUyXLS898BVusW8cMft6k9JbgZfQnc9YUSBg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMTZhdm1mVXhWdlNJVytR
            Z3ROLzNnZHUvMXRUcCtPeFFBRWJxY3lyRWljCkErdXAxc3ZETFMxd3ZCRHJPY2JU
            N1YxL0VJZ1M0eUdEblhrTDd2VWNNRVUKLS0tIFRBTGNKUDUxaDdGK2x4aWIxMm9i
            Zit1QTdRTjVNdjhFYklEUVlsQjZCM2cKtutM+au5vNF0x9ZP9Cg4pMUGsScIMRFU
            KYrBHGW+VfEDpr534X8FXe1Uox70U+HPoT/mEm4RF575ssbTSoW0Hg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-05T19:01:07Z"
    mac: ENC[AES256_GCM,data:Fz1ZwYR7cg+bcgNe/JZ2oEqhYihQWnCoy3J76VIPb089PNCXXp0xJ/eYjOoKlGK42z1wEO8hJ8FoaLvzuqhO0aatKpHDx0bBos8YqZYuGAuW115AdK5m6ecby7yi5lBIBpXOv1sU8uOtdBR32UPFAQ9oQf0KleWju47phF43v9o=,iv:Lbu5eLKfEnrehSY1+r0z75pZnNDNEVSmrEaJRDpDTU4=,tag:TLdtQTNbo0dxlpV9ZPm+uQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/magpie/secrets/borgbase_ssh_key.yaml
+++ b/magpie/secrets/borgbase_ssh_key.yaml
@ -0,0 +1,30 @@
 borgbase_ssh_key: ENC[AES256_GCM,data:W/aAQPSaPxGPeY50arJr50OWZjN+RJt9Y4MlpPNtw3KT2y+fUuMpNAjMuGd+3mzA2bs9YpE2WlgJ7KO5XPH7M36tSI+K2pcnjX1NMl8giJ952iCsqW4siij64JguK/gUi3GAe3LXHTjr3VgubSdqVd25k0bys+GiMfsHXXGD6tinKmEheis6XgfcChrvyYgQ4DKPW4HOHC4/V6roXaK+GTe+qY0BdzM27cDHc3a85cuHAAeDnYdNfdRAItI3KmDCx8edeBwt4vonR/v9AaDRH2PjZWq583Rlqoa8TQvQi0+yWf6O6MikHQlP1GoYCe5iI+rOF6KTseDjS2aoLZ+mXNxVmmOVdZrq1vx0UpsbJWRZE+1UluQwdrEm1mLMrI4Z2wFNfzjg9rOiJ36AL1YdcXtI0RHLYp8r92Qt3IFVwcC1NT/AWJkFOGr5z0PX0w+mi4J+f1wDvVguXp2KaguB2XAJbnpgQQ2ZqYv0gTkBLZ/RAOyQgaMaESCfJBWXE3DESMOspj4AYUsjQiaxmF13,iv:ph++5hCX3DzqwCoObz73/Xn0qy/+Za5+DI/EVsc67yY=,tag:0VkALd0j3D6yA7jCE7vogg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydXE0RXhGU0tsbnRTU0pw
            THZBNngvUEwwMGVTQ3dscCtKMnVCb1pSSzN3CkVzNS9UY3dqYWRDOENTaFhadFcz
            MGlibCt5Q3ppelVQU1AyM0wvTm1zMXMKLS0tIHNGM291dE5lb2pwTDFWbWtiUFNp
            Y1ZoSG43TFd0WktKY3lUM3Y0RHJHZVkK0/sD5M54XiQzkSMlDHPkSVMypoxdhU/f
            0nUWA20s6IU63Oqn0j7rGwV6S5j+fZCBzF4kSi8JLJb0619G2++M5g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiem5ZRE1oRU1hWENzc2sv
            dkg4czhVeVNJQllnWG9vYnptL1FhZy9zc0hBClhLRzQxNlhQUEVUcnZDYlZqTWYx
            eDQzV2ozbkd6ZWVZNWkxOXhBV0JNR00KLS0tIFQ4d29OQzhoWTl0Z3BrOURTSktU
            SHZNdFhmS3ZQMnhzMDJWMTl4cXNudFEKhgbRW+6xqGhkTtr4h4JzPxZnGKqr4jcX
            BABLTgzqvM+JvBzmUcYjuagVcLpWsQcNWBaYFBJBMhP8oOgF2dVBcQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-05T20:03:21Z"
    mac: ENC[AES256_GCM,data:YpXUK6UNKpdudVZ+YManWreHufFzw9XbF1cBYutdAaTdqhlzPErpuOmEKLuMA7nr7SQkLK4pu1Eg0P5CA3QXsh0VUHMTiFWxNz7KZeoYAkacK9WzutEldsMG4iVlKmGHhQApSNW4kfPBKs1TgYyZdndBHEdILcoLDxke8kfkoVU=,iv:rpNeNTfXoMpScSfyrY7uK9ZkKasJGVAhgiMoe0XyJFo=,tag:Rl4Ya+iq0BvMSM/J0wySnQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/magpie/secrets/gitea_db.yaml
+++ b/magpie/secrets/gitea_db.yaml
@ -0,0 +1,30 @@
 gitea_db: ENC[AES256_GCM,data:50Hu8vTKZFxd9kjbcDlyqBW9L5s=,iv:ADKMUKbu1YHOp+DUAezpT8tXCi7x3ayA2VN0s7k4kxg=,tag:S1cu5w8qKT7FFpC30Kd3Xg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUXAraFhvN0NLeHhKWGJt
            c2ttRGljUzZiN2ZJeWpTdVRzNCtzL0pqdHhnCmJvek9YNkF4UTd1ZEFSaDBJR1Jz
            ZkUwTFNEYkhmbS9DVUJ0cTNrTVR5TlkKLS0tIFdscFJCaTJjYXFPcVZXUXBPS2ph
            bERTT1dsaStRQnRvb1VnV2lTdGNQd0UK3dXTtGkfxq7oLzDrxFomE0oAjgZo+7H7
            SVVxKy/caewOXbI3R/CHxuaYb0fDDlyIX/zqxqkSaXUIh4rsIT46xw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOFFtQUptR2xIcW5FS3JR
            aUdLbGRJeU4rbFFVcU9HVVdYL293WXY0L3hvCmpPN1BnRDlZNDhOT25zVFRjaGE1
            TThWQUVDOG5YOGtlRmU1T1pZZ1dxTHcKLS0tIHZSUTBDbFN5eXZPMHZvZ2UwMFJu
            cjhmWGJIUEhZQjNXN3J6ZTk1aE1jZHMKjiwLd6gHiLJx63AIzM17C3RaEBbCFIyI
            ppLWEw8cm53hvjCuxsY8jJ/5kHD+25Pw2NMAD5PKt8SjrJzrJcOtMA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-17T21:16:10Z"
    mac: ENC[AES256_GCM,data:EPiLv8IzVXqRan9UlBuA3TmxtB3f4Qj4owed+1Pat9Tih1yOe4Z9RT28JIYJQ70R/IK+Yi0NQem9Ec6HU+8kaxLE3fff/4PM+B9QQbB6fjgLFod/nFk+OuWgR7FTcJ2j16OnlxE5ikCP+qdfvAM0eEv+BoDrWv98gSyCXtMCe48=,iv:th0E7zioz7gtgMlns8kvnf5hmlRH0KX65wPxBi3YP6Y=,tag:JhoGvF8LJmrAQpUOEopohA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/magpie/secrets/gitea_mail_pw_hash.yaml
+++ b/magpie/secrets/gitea_mail_pw_hash.yaml
@ -0,0 +1,30 @@
 gitea_mail_pw_hash: ENC[AES256_GCM,data:HCXKeqnOxcmxbvTWDFd750gXfs/irNvHw+TWQE5qjFsUP6MTRGvJNQvoU5NDYXs6pjgyznIUx1z31DQG,iv:UV7Yf2JsAcpkyfIW/ipYQa3tlTai0WD102iA3V6ba+A=,tag:TIcB+9GOqyuG68uCTAl4Tg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrL2YxU2VhNTArQ0QwYzlU
            Z0NSRm5KRU8xRmZCT1E1N09KY2Vob0lsQ2k0CktqTlZnaUVNaEhpT3BkOGNmN2cv
            Z0JoaFFTTzBwNzVmcHNOeXdwVzdQOTQKLS0tIDluazF6RXA0MVYvY2dRRGkxMGRk
            UEltOVNQdElpRGJVVlpoTVV2bU5rSncKoSGq75dVH7j/hSnqdjgWJyDgg0doEr6K
            anD9sghKSX0afZmVJFOCXZ+lRYi7kmRbqFNBkkuuFndERtbN/5foXw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNW9UcERVditoUE1DVUsw
            WmxtbVNHeVpQS0g2WENJWTVJeHNUMU4yZEVNCnNrSnFnU2hUckxlYjJMYk5CTW9j
            eU9mU1F4WlY1NWdLU0VxaDVtZWduaXcKLS0tIExtRHJkbFBKTWRjSGZOWGc1U0FF
            ZjJkY0FpQnhCazVVVG1DOUZsQ2lXYzgK3UWDBu/Aq7n6CQiRF4NOQdSD4nfU2Gm2
            Tlzyou5rj/rSAv5J7ENsDAzKtK6e5+Xe7acUDY+4Rye82vDxyoblaQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-14T21:21:12Z"
    mac: ENC[AES256_GCM,data:NE9btXZKE3KJmxtWc0Ytb0atfBJKRs5T+Xk9RDFX6veSGBoB+M2+YMCONQdr8T2w6lLJqlrMBHqlfuvD3YnDj041xZmfSsi9NACliWj6GWVWcFWWc6W9OVH8/5CfwjYBdgTJ2o7wdnF9fYHvwMRcaHThDmoUkaExVtVsyu912og=,iv:kyekfEq32GSKVNKy8MJYfT5ZMKNSRQUk1viB2W6k29U=,tag:7ie/2P/F3bPQXpkWGKqTfA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/magpie/secrets/miniflux.yaml
+++ b/magpie/secrets/miniflux.yaml
@ -0,0 +1,30 @@
 miniflux_env: ENC[AES256_GCM,data:K5FiJcboD3tpWxQQG4EeCuOb9d8+cXTLjqb9Nt+aYUvWHwycA51q3ZQTMY9JS7GevNugGvz7,iv:Xk7aW1/DObGxJxTlJniaCBHuCVfCh6OZEewISdZl2Pc=,tag:BY8uVkkRzyKr9pA6EGCY2A==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0K0ZNSWEweUNTbm5KZE5y
            M3ZlbTdBc1RheHFNbGpxZllRdi9tMXVJaEFJCmdQdWh6cks5L3JFclJYWmlkYmVv
            WDA2YXhiN3ovL1V0ZlJjbmluSm5tbGMKLS0tIG1QRnoxMHBQeGtLekRSRVVMNWdP
            R1BuNDZVNzNaTmVvZm9EMy9ld0V4U1UKFjPcFiuhjwCChJKGQbIPFsHwl9oE7S+g
            Utne4LrODAa3wj8TX3vgfRTBrljJmt+OwQJxRfTtq2ocyzR9rNUI+w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNFAvaUlyeHA3Mnluam1G
            dmtIWHU2R2pRV2E3NTVKV1NOTHRSYjVhQVRVCnR4OENHZGYzVE9UdlJBTjdxblIz
            Q0MxN3gyeTJhNTdORFk0SDdycVFrWjAKLS0tIEc5c0RMNjdLSTNKWExsVmlQUGx5
            RFp0dWJXOVVvSGlhZ1pPbGRBWmt2S0UKTwkFwYaTr5jNuQTlqR/1ud8ITKGIbNiM
            myAf39EHCP6cQQ0fjtx2ihy56m9xoK35Aj7h3w0fadONWtCNnhuH2A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-13T11:17:33Z"
    mac: ENC[AES256_GCM,data:CpzC0H2Rfvl7F9tXCJ0WwkhE4Ba7eOIl1QMh1DHP8YQ9rChzAE8S5SXXuJA0jcmVY6NPfZ7zl8VEBepE+LHCq2UdSkAefawLeM6HwNfedP8N+zheqlyCZ8Os48628aHYN0PVI+/dMvpWWcfl+CFaH1mm4c+KYedCIsS9ZEYi9N8=,iv:EbF58pxbtHxPTAgs4dbZ31qyRT3QJ1kQoUShbLE11FY=,tag:FNF/OzS2SL3FweFw0RcRLQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/magpie/secrets/nextcloud_admin.yaml
+++ b/magpie/secrets/nextcloud_admin.yaml
@ -0,0 +1,30 @@
 nextcloud_admin: ENC[AES256_GCM,data:txb5JSKxFeTS3M9LSk7m5M1XAvg=,iv:Rf6VNFmK+f0pjL7wH0dlcPL4CqQDRq/qQyliTdn2c4I=,tag:wDQqDZCK2p5aG+g8eE4weA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYVVnM0xOVzJ5OFZsYlZL
            SThvVkNBdzJoVkZ3ZFBMYVlTNjQwNUxuaVFjCjBhUFRSaGZ6TEh4ellSdS9Uc3FP
            cGJaanNUci9JMDZISXljM1lSREZaZGcKLS0tIFhJOGVIM3Bub3J0WWVMNDlqY3da
            RmVCdEpoUjJGTDYzczNnOWRRTTE3WmcKnRV787F3yBJgSDEhHW1+sAFcyvH+OMQf
            N7er4Wd9Tqi3IJ/lR2Z7Gwn1Dfm5kMHk+hxzPlmdpaGr42ZJNPmNVw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZmFFRXU5NnlGRit6K1ov
            TmR0K05uY2hva3liaDdGNmhST3dWTGdZb1EwCkpsQ3o1ZWloaUdFR3NpbS9uKzE5
            S0ZRRmkxbkJnMFN6SzhzUFo1M3NnTnMKLS0tIE84aFdJS3E4eWw3SG1JeXJwRWd2
            RWp5ZUtUNzJ4OWswWmhXWjRkZkpzWEUKj23XymHvh+nh3HiPD+erv2GZNNpUZKp6
            s0KJSkGuIuILf3kfgp23jXNSFLMEtWwlSh5EP02g2EIHzUg2kLKNpQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-10-17T23:08:24Z"
    mac: ENC[AES256_GCM,data:fb9cOL4Q+q5uarmXtXNlpRmWgv/Ao1MqwwH2V2CQxEiP8zFyFBZs2435vdcLzrQrnBXz0JLVu4g10SH2T4dpYFP42teIkrgmneecjjcM+UOsBsGsrxlpHMha1t/ERRhBA7uJze5/kwHqry6eruWehRTu65QF1qBTql3m6ipjCeY=,iv:a7aFuTCcRCIDERlrj/9dFCF7VgCDDakfPteQimHV3lc=,tag:4mwrDHaQWA4EU0AgtgZaMg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/magpie/secrets/wg_privkey.yaml
+++ b/magpie/secrets/wg_privkey.yaml
@ -0,0 +1,30 @@
 wg_privkey: ENC[AES256_GCM,data:TnUTZheznQqnyK59qdLmAcuVr9JICWlNVtPF1qRMDPbBblD0ALn10qbEC7M=,iv:83fum5iYUrw08XJ0s7RE+/WDGeVjVswPlptzQjWOjeQ=,tag:YhQlmilbnrpRxcUb6rzfHg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUFplcGZMWGhrS2NsRUZF
            WnltcCsvS0VaV29RbTdDK1UveDJwdlBXbTBJCkVaekVUWFVSVkZ5UjUwaWMxU3h0
            eEtOQUR2VkF6RUtLYVBNalJPV3YzWWsKLS0tIDNGek4veStoa011VUV2Z3ZSUVpq
            ZWlYQ2x6a3ROdlYzc3E1WjRhN3F1QUUKwaJruHMCoWtgvep0fI00helDZh8WVrsh
            MV5IaEH5xapid5HHw9bLkjeeVKcT1fo7LCovouv+G5NTjvVzsMyLhw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRWdQeWxUUlJaRndzcVln
            ck5USkpzdDJpSWJTNDZJWVBMQnl0QnVvTDF3Clg2SEY3eDdqS0Y5ei8vUlk0dTli
            bTYycFYyMjcxdmtpc1IybXBxN2RORm8KLS0tIHlHaEJLMnRTQ20yN2RrRnNqMzk0
            ZVlSb1FHVVJhb0IyaHJiQlpHRjNyMDAKNQ8VzdC3s43YcZk6UQjyA1GX69x/znhE
            ZaFkMfNX6CgxfjKRW2rhXrJi+txdhmQ0CfpfWDr3zp3XVuMq942M1Q==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-04T19:04:00Z"
    mac: ENC[AES256_GCM,data:qYNlokRd1lQnOwNNVbV4PwdYeybIRNrxDKX4RPfHJxvQGHBmISzd52JCnCe7zJ14FP/bSNhQqfuxyjdxid/DVPUvkHP+HlaKUR0SLv6c91ORDoaMRC93hrPXypRGplFSbSjnd3dME43ll3oH8fLe4lP9z9KhGS2lRMdduptfWvg=,iv:/j6OOT1dK94vrPOk1Lbcca8KeWvoD+ZaHoH6nMMo0y8=,tag:syHuBVkhOCJ8JCONKkqFkg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/magpie/wg_pubkey
+++ b/magpie/wg_pubkey
@ -0,0 +1 @@
 xhjJdIXtTBNhtSoehsi6p+znIgOfMRetl5/wtnMxJGk=
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@ -0,0 +1,497 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
  config,
  pkgs,
  zremap,
  system,
  nvim,
  ...
 }:
 {
  imports = [ ];
  system.stateVersion = "23.05";
  system.autoUpgrade.enable = false;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.secrets."peerix/private" = {
    sopsFile = ./secrets/peerix.yaml;
    mode = "0400";
    owner = config.users.users.nobody.name;
    group = config.users.users.nobody.group;
  };
  sops.secrets."wg_privkey" = {
    sopsFile = ./secrets/wg_privkey.yaml;
  };
  sops.secrets."wg_preshared/mediabox" = {
    sopsFile = ../common/secrets/wg_preshared.yaml;
  };
  nix = {
    optimise.automatic = true;
    gc.automatic = true;
    gc.options = "--delete-older-than 7d";
    package = pkgs.nixVersions.latest;
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
  };
  boot = {
    initrd = {
      compressor = "zstd";
      availableKernelModules = [ "e1000e" ];
      network = {
        enable = true;
        udhcpc.enable = true;
        ssh = {
          enable = true;
          hostKeys = [ /etc/ssh_dummy_ed25519_key ];
          authorizedKeys = [ (builtins.readFile ../nixy/ssh_pubkey) ];
        };
      };
    };
    kernelModules = [ "acpi_call" ];
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [ "msr.allow_writes=on" ];
    kernel.sysctl = {
      "net.core.default_qdisc" = "fq";
      "net.ipv4.tcp_congestion_control" = "bbr";
    };
    loader.systemd-boot = {
      editor = false;
      enable = true;
      memtest86.enable = true;
    };
    readOnlyNixStore = true;
    supportedFilesystems = [ "btrfs" ];
    tmp.useTmpfs = true;
    tmp.tmpfsSize = "80%";
  };
  security = {
    rtkit.enable = true;
    acme = {
      acceptTerms = true;
      defaults.email = "aasmir@gmx.com";
    };
  };
  powerManagement = {
    enable = true;
    cpuFreqGovernor = "ondemand";
  };
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
        51820
      ];
    };
    hostName = "mediabox";
    interfaces.enp0s25.useDHCP = true;
    interfaces.wlp3s0.useDHCP = false;
    useDHCP = false;
    wireless.enable = false;
    wireless.interfaces = [ "wlp3s0" ];
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    dhcpcd.extraConfig = "nohook resolv.conf";
    networkmanager.dns = "none";
    extraHosts = ''
      192.168.1.173 nixy.lan
      192.168.88.171 jellyfin.mediabox.lan
      192.168.88.171 mediabox.lan
      192.168.88.171 qbittorrent.mediabox.lan
      192.168.88.1   router.lan
      192.168.88.231 workstation.lan
    '';
    wireguard.interfaces = {
      wg0 = {
        ips = [ "10.100.0.5/24" ];
        privateKeyFile = config.sops.secrets."wg_privkey".path;
        peers = [
          {
            publicKey = builtins.readFile ../magpie/wg_pubkey;
            presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
            allowedIPs = [ "10.100.0.0/24" ];
            endpoint = "5.75.229.224:51820";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
  time.timeZone = "Europe/Sarajevo";
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [ nvim.overlays.${system}.overlay ];
  environment = {
    homeBinInPath = true;
    variables = {
      PATH = "$HOME/.cargo/bin";
    };
  };
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  programs.zsh.enable = true;
  programs.light.enable = true;
  programs.firejail.enable = true;
  programs.adb.enable = false;
  programs.wireshark.enable = true;
  programs.sway.enable = true;
  # List services that you want to enable:
  systemd = {
    services = {
      "macchanger-wireless" = {
        after = [ "sys-subsystem-net-devices-wlp3s0.device" ];
        before = [ "network-pre.target" ];
        bindsTo = [ "sys-subsystem-net-devices-wlp3s0.device" ];
        description = "Changes MAC of my wireless interface for privacy reasons";
        stopIfChanged = false;
        wantedBy = [ "multi-user.target" ];
        wants = [ "network-pre.target" ];
        script = ''
          ${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
        '';
        serviceConfig.Type = "oneshot";
      };
      "zremap" = {
        description = "Intercepts keyboard udev events";
        wants = [ "systemd-udevd.service" ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig.Nice = -20;
        script = ''
          sleep 1
          ${zremap.defaultPackage.${system}}/bin/zremap \
          /dev/input/by-path/platform-i8042-serio-0-event-kbd
        '';
      };
      "wakeonlan" = {
        description = "Reenable wake on lan every boot";
        after = [ "network.target" ];
        serviceConfig = {
          Type = "oneshot";
          ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
        };
        wantedBy = [
          "default.target"
          "suspend.target"
          "shutdown.target"
        ];
      };
      /*
        "cpu_setting" = {
          description = "Enable turboot boost and undervolt cpu after suspend";
          wantedBy = ["post-resume.target" "multi-user.target"];
          after = ["post-resume.target"];
          script = ''
                   echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
                   echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
            ${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
          '';
          serviceConfig.Type = "oneshot";
        };
      */
    };
  };
  services = {
    acpid.enable = true;
    btrfs.autoScrub.enable = true;
    dbus.enable = true;
    fstrim.enable = true;
    fwupd.enable = true;
    ntp.enable = true;
    openssh.enable = true;
    thinkfan.enable = false;
    xrdp = {
      enable = true;
      defaultWindowManager = "icewm";
      openFirewall = true;
    };
    logind = {
      lidSwitch = "ignore";
    };
    jellyfin = {
      enable = true;
      user = "akill";
      openFirewall = true;
    };
    jellyseerr = {
      enable = true;
      openFirewall = true;
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    deluge = {
      enable = false;
      user = "akill";
      openFirewall = true;
      dataDir = "/home/akill/.config/deluge";
      web = {
        enable = true;
        openFirewall = false;
      };
      config = {
        download_location = "/media";
        allow_remote = true;
        daemon_port = 58846;
      };
    };
    transmission = {
      enable = false;
      openFirewall = true;
      settings = {
        rpc-whitelist = "192.168.88.*";
        download-dir = "/media";
      };
    };
    qbittorrent = {
      enable = true;
      user = "akill";
      openFirewall = true;
      dataDir = "/home/akill/.config/qbittorrent";
      port = 8081;
    };
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts."deluge.mediabox.lan" = {
        locations."/".proxyPass = "http://localhost:8112/";
      };
      virtualHosts."qbittorrent.mediabox.lan" = {
        locations."/".proxyPass = "http://localhost:8081/";
      };
      virtualHosts."jellyfin.mediabox.lan" = {
        locations."/".proxyPass = "http://localhost:8096/";
      };
      virtualHosts."jellyseerr.mediabox.lan" = {
        locations."/".proxyPass = "http://localhost:5055/";
      };
    };
    journald.extraConfig = ''
      SystemMaxUse=50M
    '';
    logind.extraConfig = ''
      KillUserProcesses=yes
    '';
    xserver = {
      enable = true;
      libinput.enable = true;
      desktopManager.xterm.enable = false;
      displayManager.lightdm.enable = false;
      displayManager.defaultSession = "none+icewm";
      windowManager.icewm.enable = true;
    };
    udev.packages = [ ];
    tlp = {
      enable = true;
      settings = { };
    };
    actkbd = {
      enable = true;
      bindings = [
        {
          keys = [ 121 ];
          events = [ "key" ];
          command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
        }
        {
          keys = [ 122 ];
          events = [
            "key"
            "rep"
          ];
          command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
        }
        {
          keys = [ 123 ];
          events = [
            "key"
            "rep"
          ];
          command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
        }
        {
          keys = [ 224 ];
          events = [ "key" ];
          command = "/run/current-system/sw/bin/light -U 5";
        }
        {
          keys = [ 225 ];
          events = [ "key" ];
          command = "/run/current-system/sw/bin/light -A 5";
        }
      ];
    };
    mpd = {
      musicDirectory = "/home/mpd/music";
      enable = false;
      extraConfig = ''
        audio_output {
          type "pulse"
          name "pulsee srv"
          server "127.0.0.1"
        }
      '';
    };
    batteryNotifier = {
      enable = true;
      notifyCapacity = 20;
      suspendCapacity = 10;
    };
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        ipv6_servers = true;
        require_dnssec = true;
        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
      };
    };
  };
  fonts.packages = with pkgs; [
    dina-font
    fira-code
    fira-code-symbols
    font-awesome
    font-awesome_4
    iosevka
    jetbrains-mono
    liberation_ttf
    proggyfonts
    siji
  ];
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
  };
  sound.enable = true;
  hardware = {
    bluetooth = {
      enable = false;
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
      extraPackages = with pkgs; [
        intel-media-driver
        vaapiIntel
      ];
    };
  };
  zramSwap = {
    enable = false;
    algorithm = "zstd";
  };
  users.users.akill = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [
      "wireshark"
      "wheel"
      "kvm"
      "tty"
      "audio"
      "sound"
      "adbusers"
      "transmission"
    ];
    openssh.authorizedKeys.keys = [
      (builtins.readFile ../nixy/ssh_pubkey)
    ];
  };
  users.users.ado = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [
      "wireshark"
      "wheel"
      "kvm"
      "tty"
      "audio"
      "sound"
      "adbusers"
      "transmission"
    ];
  };
  users.users.mediauser = {
    isNormalUser = true;
    shell = pkgs.bash;
    extraGroups = [ ];
  };
 }
--- a/mediabox/hardware-configuration.nix
+++ b/mediabox/hardware-configuration.nix
@ -0,0 +1,90 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  lib,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ehci_pci"
    "ahci"
    "usb_storage"
    "sd_mod"
    "rtsx_pci_sdmmc"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
    fsType = "btrfs";
    options = [
      "subvol=root"
      "compress=lzo"
      "noatime"
    ];
  };
  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a";
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
    fsType = "btrfs";
    options = [
      "subvol=home"
      "compress=lzo"
      "noatime"
    ];
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
    fsType = "btrfs";
    options = [
      "subvol=nix"
      "compress=lzo"
      "noatime"
    ];
  };
  fileSystems."/persist" = {
    device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
    fsType = "btrfs";
    options = [
      "subvol=persist"
      "compress=lzo"
      "noatime"
    ];
  };
  fileSystems."/var/log" = {
    device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
    fsType = "btrfs";
    options = [
      "subvol=log"
      "compress=lzo"
      "noatime"
    ];
    neededForBoot = true;
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/4B94-6E7B";
    fsType = "vfat";
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982"; }
  ];
  hardware.cpu.intel.updateMicrocode = true;
  nix.settings.max-jobs = lib.mkDefault 8;
 }
--- a/mediabox/peerix-public
+++ b/mediabox/peerix-public
@ -0,0 +1 @@
 peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=
--- a/mediabox/secrets/peerix.yaml
+++ b/mediabox/secrets/peerix.yaml
@ -0,0 +1,31 @@
 peerix:
    private: ENC[AES256_GCM,data:m76hyDWzcIlczegZyPyTtOYOgOGeyX++SeGsqEWS5b3ZbR2M9RqUGYEscLRX3/Dlff2vgs+hI4cOjiMnhq9pnLzP25Xh4XAiJNMkD43fFCCb7zj2RUWEyLAzzmWpR8fSB1mXTpciUGM=,iv:s9EXpkGYR0kI5xQZ8wAmkobK1q4XlVdFH4irEVwy1bs=,tag:L7AF6mFsxss6NDantbqXMw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Zmc0c1AxMVEzdi94L0Nh
            dHJFSHVSbG1vay9NUDBEVkM4ZWNoT3h4Q1c0CkhWdWVzTEJxZENZYXVFT2RhV3pT
            aDZIUUdWVUVRUDc4ZEFDTkdnaDJxdVkKLS0tIDd6TE56REdjRVdtSXB1dkJrVVNj
            dUxhRnB4dVFRam9xNlFiY2VOSXpNamcKNzRghHeyPtltKH4GkJQ0ef4apr5gziq9
            dhXy6Qil48QJd4hnyr7GW1n7eRIq24OWO3WglLbVAUSQr/gzM2TWiA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMjVQZkVVQmZFbCt3Z2ZI
            Q3NVZUJ0VkZjK0E5SFpqWE50c2dOeFNsUm1jCmdDZGxZYk13emhhanRzWjhvZFM1
            UWNpNm5malkrU1Rkak9PNWk2bW5nRDQKLS0tIE9UdXg4L0hMRzJuUERIMytvc2pr
            Y1BBZFJseUNIeTVtTjBGazk5WE1ZcUUKs9pEtDbCYRfSP0Rh9ENo9A6nUFkYHr4D
            3DvOKSyLL33FBoEddDBd7Si1mpjY2bunueBAe+diDgOrol6tWIMoUw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-09-30T14:18:57Z"
    mac: ENC[AES256_GCM,data:R0TJ/7uihpsCHwPLXFYKi+ZaEUtbZVz02utDF7vO7gYDN1MFa0c5nZ/mAnJJtTJI41GdAu9ezTUiU6H1HTHLxYMeUoNAAvNlSCkvGc/oMQofXidL34hq1X2vG05N3UQlkbAXTlCBkYc20oVVOVmT/lq7USEx29oB/ytxZzKYFvM=,iv:qpz0g+O4kwChct1ddiT3D8rZBg08YUr4Ba5pJ4WQyzo=,tag:pWLFiQWl1QSzveBxnq4uXw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.0
--- a/mediabox/secrets/wg_privkey.yaml
+++ b/mediabox/secrets/wg_privkey.yaml
@ -0,0 +1,30 @@
 wg_privkey: ENC[AES256_GCM,data:ovAxwZEcmRzt/zb42ortPwPyREC16E5YNfDBguZK7uByR4BgJi8kNeoG+GY=,iv:Cv50+JB5S+44U3L9od4zwrEKHi/LM38LnA94DkvCer4=,tag:ehKQrqWwA6daxc2yASDWNQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSGxudng1enhDa281S0pm
            Q0kwQmc1T2hUK0dHd3B4cUh3RzZPZ1dGaXo4CkdPMzNnQWMyYjJiUWk4WEYyODFp
            b2FTbnZwMHh6SHhIcjVNbnBKSVk3TWMKLS0tIFBZOW56K2Y5Q3I4dmh5dXBieEF2
            SWQwcmkzQU5aeEliS29QN3Y0V04zNU0KF0WmF8BDvZ2DyJFztKJv8YmDuqVsAoO4
            QEVLwrJDurRxcNIVGLs5W+60Osa5XMpNc74e23rU7mucB5wPA/84dg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMUtUYyswV3czWDdXWG1x
            cnh5QTZpdlBZYlZ2b2oweXJ5SkZSQldhQmpZCmFrQVlyYnNqZ01kVTVNQTlBRFNR
            WDlITEJOUFZGa0U2NG8xMGpkSnNOQTAKLS0tIDNlK0dxWnB3a3dkTnRmTm5oTlFD
            eGV1VE1tL1c0a3hUdXM2bExmV1l3RnMK8aOugY3XHTCfeBDJVOyGljuuu6hQGJ7W
            ZGoxOz+hhYIHj/04J9DIIOUyt81m8LNCbxcacFKyW7Sqosfj+7N7Gg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-14T19:25:26Z"
    mac: ENC[AES256_GCM,data:vcyglyYG93K3KBISpIESGlNCs5ojWZAL0gyDUzBNCxG5H8RKEz1Y7yOtr5EXnnP66qcBHlKhb81Iyrc071pmJL9dIttiqmvjSWf0zZ9RuV0uYcO/42cqk3J4tBJ6iYCi64y58jifDObbRni6jiGVEGEkSk8cXFqR8UXoSTeXWtU=,iv:avpWr8SeHK1VHz9XhkO7Nd7VOfMP7JXcQaXJA8Xiuhs=,tag:ixJsw/snZEWXGhdPLU1cGg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/mediabox/wg_pubkey
+++ b/mediabox/wg_pubkey
@ -0,0 +1 @@
 S+tL/pTm4D7bsWj/dhpPXHYxcye/DuNMguLD5l1ACEU=
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -0,0 +1,79 @@
 {
  config,
  pkgs,
  ...
 }:
 {
  # Enable Nginx
  services.nginx = {
    enable = true;
    # Use recommended settings
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    # Only allow PFS-enabled ciphers with AES256
    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
    # Setup Nextcloud virtual host to listen on ports
    virtualHosts = {
      "nextcloud.mediabox.lan" = {
        ## Force HTTP redirect to HTTPS
        #forceSSL = true;
      };
    };
  };
  # Actual Nextcloud Config
  services.nextcloud = {
    enable = true;
    hostName = "localhost";
    enableBrokenCiphersForSSE = false;
    package = pkgs.nextcloud25;
    # Use HTTPS for links
    https = true;
    # Auto-update Nextcloud Apps
    autoUpdateApps.enable = true;
    # Set what time makes sense for you
    autoUpdateApps.startAt = "05:00:00";
    config = {
      # Further forces Nextcloud to use HTTPS
      overwriteProtocol = "https";
      # Nextcloud PostegreSQL database configuration, recommended over using SQLite
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      dbpassFile = "/var/nextcloud-db-pass";
      adminpassFile = "/var/nextcloud-admin-pass";
      adminuser = "admin";
    };
  };
  # Enable PostgreSQL
  services.postgresql = {
    enable = true;
    # Ensure the database, user, and permissions always exist
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };
  # Ensure that postgres is running before running the setup
  systemd.services."nextcloud-setup" = {
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
  };
 }
--- a/modules/qbittorrent.nix
+++ b/modules/qbittorrent.nix
@ -0,0 +1,121 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.services.qbittorrent;
  configDir = "${cfg.dataDir}/.config";
  openFilesLimit = 4096;
 in
 {
  options.services.qbittorrent = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Run qBittorrent headlessly as systemwide daemon
      '';
    };
    dataDir = mkOption {
      type = types.path;
      default = "/var/lib/qbittorrent";
      description = ''
        The directory where qBittorrent will create files.
      '';
    };
    user = mkOption {
      type = types.str;
      default = "qbittorrent";
      description = ''
        User account under which qBittorrent runs.
      '';
    };
    group = mkOption {
      type = types.str;
      default = "qbittorrent";
      description = ''
        Group under which qBittorrent runs.
      '';
    };
    port = mkOption {
      type = types.port;
      default = 8080;
      description = ''
        qBittorrent web UI port.
      '';
    };
    openFirewall = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Open services.qBittorrent.port to the outside network.
      '';
    };
    openFilesLimit = mkOption {
      default = openFilesLimit;
      description = ''
        Number of files to allow qBittorrent to open.
      '';
    };
  };
  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.qbittorrent ];
    nixpkgs.overlays = [
      (final: prev: {
        qbittorrent = prev.qbittorrent.override { guiSupport = false; };
      })
    ];
    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [ cfg.port ];
      allowedUDPPorts = [ cfg.port ];
    };
    systemd.services.qbittorrent = {
      after = [ "network.target" ];
      description = "qBittorrent Daemon";
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.qbittorrent ];
      serviceConfig = {
        ExecStart = ''
          ${pkgs.qbittorrent}/bin/qbittorrent-nox \
            --profile=${configDir} \
            --webui-port=${toString cfg.port}
        '';
        # To prevent "Quit & shutdown daemon" from working; we want systemd to
        # manage it!
        Restart = "on-success";
        User = cfg.user;
        Group = cfg.group;
        UMask = "0002";
        LimitNOFILE = cfg.openFilesLimit;
      };
    };
    users.users = mkIf (cfg.user == "qbittorrent") {
      qbittorrent = {
        group = cfg.group;
        home = cfg.dataDir;
        createHome = true;
        description = "qBittorrent Daemon user";
      };
    };
    users.groups = mkIf (cfg.group == "qbittorrent") {
      qbittorrent = {
        gid = null;
      };
    };
  };
 }
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@ -0,0 +1,650 @@
 {
  config,
  nix-xilinx,
  nvim,
  pkgs,
  system,
  zremap,
  ...
 }:
 let
  USER = "akill";
 in
 {
  imports = [ ];
  system.stateVersion = "23.05";
  system.autoUpgrade.enable = false;
  system.switch = {
    enable = false;
    enableNg = true;
  };
  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    secrets = {
      "peerix/private" = {
        sopsFile = ./secrets/peerix.yaml;
        mode = "0400";
        owner = config.users.users.nobody.name;
        group = config.users.users.nobody.group;
      };
      "wg_privkey" = {
        sopsFile = ./secrets/wg_privkey.yaml;
      };
      "wg_preshared/nixy" = {
        sopsFile = ../common/secrets/wg_preshared.yaml;
      };
      "wg_privkey_proton" = {
        sopsFile = ./secrets/wg_privkey_proton.yaml;
      };
      "wg_endpoint_proton" = {
        sopsFile = ./secrets/wg_privkey_proton.yaml;
      };
      "borgbase_enc_key" = {
        sopsFile = ./secrets/borgbase_enc_key.yaml;
        owner = config.users.users.${USER}.name;
      };
      "borgbase_ssh_key" = {
        sopsFile = ./secrets/borgbase_ssh_key.yaml;
        owner = config.users.users.${USER}.name;
      };
    };
  };
  nix = {
    optimise.automatic = true;
    gc.automatic = true;
    gc.options = "--delete-older-than 7d";
    package = pkgs.nixVersions.latest;
    settings = {
      sandbox = true;
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
  };
  boot = {
    extraModulePackages = with config.boot.kernelPackages; [
      usbip
      v4l2loopback
    ];
    initrd.compressor = "zstd";
    initrd.kernelModules = [ ];
    initrd.systemd.enable = true;
    binfmt.emulatedSystems = [
      "wasm32-wasi"
      "x86_64-windows"
    ];
    kernelParams = [
      "psmouse.synaptics_intertouch=0"
      "mem_sleep_default=deep"
    ];
    kernel.sysctl = {
      "net.core.default_qdisc" = "fq";
      "net.ipv4.tcp_congestion_control" = "bbr";
    };
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot = {
      editor = false;
      enable = true;
      memtest86.enable = true;
    };
    readOnlyNixStore = true;
    supportedFilesystems = [
      "xfs"
    ];
    tmp.useTmpfs = true;
  };
  security = {
    rtkit.enable = true;
    allowSimultaneousMultithreading = true;
    sudo.enable = true;
    doas.enable = true;
    doas.extraRules = [
      {
        users = [ USER ];
        keepEnv = true;
        persist = true;
      }
    ];
  };
  powerManagement = {
    enable = true;
  };
  networking = {
    nftables.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
        51820
        8020
      ];
    };
    hostName = "nixy";
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    dhcpcd.extraConfig = "nohook resolv.conf";
    extraHosts = ''
      192.168.88.171 jellyfin.mediabox.lan
      192.168.88.171 jellyseerr.mediabox.lan
      192.168.88.171 mediabox.lan
      192.168.88.171 qbittorrent.mediabox.lan
      192.168.88.1   router.lan
      192.168.88.231 workstation.lan
      192.168.88.121 ender.lan
    '';
    networkmanager = {
      enable = true;
      dns = "none";
      wifi.backend = "iwd";
    };
    wireless.iwd = {
      enable = true;
      settings = {
        General = {
          AddressRandomization = "network";
          #EnableNetworkConfiguration = true;
        };
      };
    };
    wireguard.interfaces = {
      wg0 = {
        ips = [ "10.100.0.6/24" ];
        privateKeyFile = config.sops.secrets."wg_privkey".path;
        peers = [
          {
            publicKey = builtins.readFile ../magpie/wg_pubkey;
            presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
            allowedIPs = [ "10.100.0.0/24" ];
            endpoint = "5.75.229.224:51820";
            persistentKeepalive = 25;
          }
        ];
      };
      neox_wg = {
        ips = [ "192.168.51.2/32" ];
        privateKeyFile = config.sops.secrets."wg_privkey".path;
        peers = [
          {
            publicKey = builtins.readFile ../nixy/wg_pubkey_nx;
            allowedIPs = [ "192.168.2.0/24" ];
            endpoint = "185.194.64.26:51820";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
  time.timeZone = "Europe/Sarajevo";
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [
    nix-xilinx.overlay
    nvim.overlays.${system}.overlay
  ];
  environment = {
    etc = {
      "firejail/qutebrowser.local".text = ''
        whitelist ''${RUNUSER}/qutebrowser
      '';
    };
    extraInit = ''
      unset -v SSH_ASKPASS
    '';
    homeBinInPath = true;
    variables = {
      PATH = "$HOME/.cargo/bin";
    };
  };
  programs = {
    steam = {
      enable = true;
      remotePlay.openFirewall = true;
      dedicatedServer.openFirewall = false;
      localNetworkGameTransfers.openFirewall = true;
    };
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    appimage = {
      enable = true;
      binfmt = true;
    };
    zsh.enable = true;
    firejail.enable = true;
    adb.enable = true;
    wireshark.enable = true;
    sway.enable = true;
  };
  documentation.dev.enable = true;
  # List services that you want to enable:
  systemd = {
    services = {
      "zremap@" = {
        enable = true;
        restartIfChanged = true;
        serviceConfig.Nice = -20;
        unitConfig = {
          Description = "zremap on %I";
          ConditionPathExists = "%I";
        };
        serviceConfig = {
          Type = "simple";
          ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I";
        };
      };
      "netns@" = {
        description = "%I network namespace";
        before = [ "network.target" ];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
          ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
        };
      };
      "wg_proton" = {
        description = "wg network interface";
        bindsTo = [ "netns@wg.service" ];
        requires = [ "network-online.target" ];
        wants = [ "dnscrypt-proxy2_proton.service" ];
        after = [ "netns@wg.service" ];
        before = [ "dnscrypt-proxy2_proton.service" ];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = pkgs.writers.writeBash "wg-up" ''
            set -e
            ENDPOINT_IP=$(${pkgs.coreutils-full}/bin/cat "${config.sops.secrets."wg_endpoint_proton".path}")
            ${pkgs.iproute2}/bin/ip link add proton_wg type wireguard
            ${pkgs.iproute2}/bin/ip link set proton_wg netns wg
            ${pkgs.iproute2}/bin/ip -n wg address add 10.2.0.2/32 dev proton_wg
            ${pkgs.iproute2}/bin/ip netns exec wg \
              ${pkgs.wireguard-tools}/bin/wg set "proton_wg" private-key "${
                config.sops.secrets."wg_privkey_proton".path
              }"
            ${pkgs.iproute2}/bin/ip netns exec wg \
              ${pkgs.wireguard-tools}/bin/wg set "proton_wg" peer "g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=" \
                endpoint "$ENDPOINT_IP:51820" \
                persistent-keepalive "25" \
                allowed-ips "0.0.0.0/0"
            ${pkgs.iproute2}/bin/ip -n wg link set lo up
            ${pkgs.iproute2}/bin/ip -n wg link set proton_wg up
            ${pkgs.iproute2}/bin/ip -n wg route add default dev proton_wg
          '';
          ExecStop = pkgs.writers.writeBash "wg-down" ''
            ${pkgs.iproute2}/bin/ip -n wg route del default dev proton_wg
            ${pkgs.iproute2}/bin/ip -n wg link del proton_wg
          '';
        };
      };
      "dnscrypt-proxy2_proton" = {
        description = "DNSCrypt-proxy client proton";
        wants = [
          "network-online.target"
          "nss-lookup.target"
        ];
        before = [ "nss-lookup.target" ];
        after = [ "wg_proton.service" ];
        partOf = [ "wg_proton.service" ];
        serviceConfig = {
          AmbientCapabilities = "CAP_NET_BIND_SERVICE";
          CacheDirectory = "dnscrypt-proxy";
          DynamicUser = true;
          ExecStart = "${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy -config ${config.services.dnscrypt-proxy2.configFile}";
          LockPersonality = true;
          LogsDirectory = "dnscrypt-proxy";
          MemoryDenyWriteExecute = true;
          NetworkNamespacePath = "/var/run/netns/wg";
          NonBlocking = true;
          NoNewPrivileges = true;
          PrivateDevices = true;
          ProtectClock = true;
          ProtectControlGroups = true;
          ProtectHome = true;
          ProtectHostname = true;
          ProtectKernelLogs = true;
          ProtectKernelModules = true;
          ProtectKernelTunables = true;
          ProtectSystem = "strict";
          Restart = "always";
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
          ];
          RestrictNamespaces = true;
          RestrictRealtime = true;
          RuntimeDirectory = "dnscrypt-proxy";
          StateDirectory = "dnscrypt-proxy";
          SystemCallArchitectures = "native";
          SystemCallFilter = [
            "@system-service"
            "@chown"
            "~@aio"
            "~@keyring"
            "~@memlock"
            "~@setuid"
            "~@timer"
          ];
        };
      };
    };
    coredump.enable = false;
    extraConfig = ''
      DefaultTimeoutStartSec=30s
      DefaultTimeoutStopSec=30s
    '';
  };
  services = {
    acpid.enable = true;
    dbus.enable = true;
    dbus.implementation = "broker";
    fstrim.enable = true;
    fwupd.enable = true;
    ntp.enable = true;
    openssh.enable = true;
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    avahi = {
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
    };
    libinput.enable = true;
    xserver = {
      enable = true;
      dpi = 144;
      desktopManager.xterm.enable = false;
      displayManager = {
        lightdm.enable = false;
        startx.enable = true;
      };
      windowManager.i3.enable = false;
    };
    udev = {
      packages = [
        pkgs.openhantek6022
        pkgs.openocd
      ];
      extraRules = ''
        #Xilinx FTDI
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
        #Xilinx Digilent
        ATTR{idVendor}=="1443", MODE:="666"
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
        #Arduino UNO r4
        SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666"
        #zremap on new keyboard
        ACTION=="add", SUBSYSTEM=="input", ATTRS{phys}!="", KERNEL=="event[0-9]*", ENV{ID_INPUT_KEY}=="1", ENV{ID_INPUT_KEYBOARD}=="1", TAG+="systemd", ENV{SYSTEMD_WANTS}+="zremap@$env{DEVNAME}.service"
      '';
    };
    tlp = {
      enable = true;
    };
    batteryNotifier = {
      enable = true;
      notifyCapacity = 20;
      suspendCapacity = 10;
    };
    actkbd = {
      enable = true;
      bindings = [
        {
          keys = [ 113 ];
          events = [ "key" ];
          command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'";
        }
        {
          keys = [ 114 ];
          events = [
            "key"
            "rep"
          ];
          command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'";
        }
        {
          keys = [ 115 ];
          events = [
            "key"
            "rep"
          ];
          command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'";
        }
        {
          keys = [ 224 ];
          events = [ "key" ];
          command = "${pkgs.light}/bin/light -U 5";
        }
        {
          keys = [ 225 ];
          events = [ "key" ];
          command = "${pkgs.light}/bin/light -A 5";
        }
      ];
    };
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        ipv6_servers = true;
        require_dnssec = true;
        require_nolog = true;
        require_nofilter = true;
        http3 = true;
        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
      };
    };
    borgbackup.jobs."borgbase" =
      let
        user = config.users.users.${USER};
        home = user.home;
      in
      {
        user = user.name;
        paths = [
          (home + "/pic/priv")
          (home + "/pproj")
          (home + "/videos/priv")
        ];
        exclude = [
          "**/.ccls_cache"
          "**/*.d"
          "**/*.map"
          "**/*.o"
          "**/zig-cache"
          "**/zig-out"
        ];
        repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
        };
        environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
        compression = "auto,zstd";
        startAt = "daily";
      };
    nix-serve = {
      enable = false;
      secretKeyFile = "/var/cache-priv-key.pem";
    };
    journald.extraConfig = ''
      SystemMaxUse=50M
    '';
    logind.extraConfig = ''
      KillUserProcesses=yes
    '';
    seafile = {
      enable = false;
      initialAdminPassword = "admin";
      adminEmail = "asmir.abdulahovic@gmail.com";
      ccnetSettings = {
        General = {
          SERVICE_URL = "http://127.0.0.1:8020";
        };
      };
      seafileSettings = {
        fileserver = {
          host = "0.0.0.0";
          port = 8082;
        };
      };
    };
  };
  fonts = {
    fontconfig = {
      cache32Bit = true;
      allowBitmaps = true;
      useEmbeddedBitmaps = true;
      defaultFonts = {
        monospace = [ "JetBrainsMono" ];
      };
    };
    packages = with pkgs; [
      dejavu_fonts
      dina-font
      fira-code
      fira-code-symbols
      font-awesome_6
      inconsolata
      iosevka
      jetbrains-mono
      liberation_ttf
      libertine
      noto-fonts
      noto-fonts-cjk-sans
      noto-fonts-color-emoji
      noto-fonts-emoji
      proggyfonts
      siji
      terminus_font
      terminus_font_ttf
      ubuntu_font_family
      vistafonts
    ];
  };
  virtualisation = {
    libvirtd = {
      enable = true;
      allowedBridges = [
        "virbr0"
        "br0"
      ];
    };
    spiceUSBRedirection.enable = true;
    containers.storage.settings = {
      storage = {
        graphroot = "/var/lib/containers/storage";
        runroot = "/run/containers/storage";
      };
    };
    podman = {
      enable = true;
      autoPrune.enable = true;
      dockerCompat = true;
    };
  };
  hardware = {
    bluetooth = {
      enable = true;
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };
    graphics = {
      enable = true;
      extraPackages = [ ];
    };
    rtl-sdr.enable = true;
  };
  zramSwap = {
    enable = false;
    algorithm = "zstd";
  };
  users.users.${USER} = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [
      "wireshark"
      "kvm"
      "tty"
      "audio"
      "sound"
      "adbusers"
      "dialout"
      "wheel"
    ];
  };
 }
--- a/nixy/hardware-configuration.nix
+++ b/nixy/hardware-configuration.nix
@ -0,0 +1,65 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.luks.devices."crypt_dev".device =
    "/dev/disk/by-uuid/e10821b9-5426-4f03-b716-1645a64fcd6a";
  boot.initrd.luks.devices."crypt_dev".allowDiscards = true;
  boot.initrd.availableKernelModules = [
    "nvme"
    "ehci_pci"
    "xhci_pci"
    "uas"
    "usb_storage"
    "sd_mod"
    "rtsx_pci_sdmmc"
  ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [
    "kvm-amd"
    "amd-gpu"
  ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/c461c971-54ca-4fb7-91e8-6ac70de53ef2";
    fsType = "xfs";
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/eeaa6fab-d67d-400f-b6d4-b1f44c2e0047";
    fsType = "xfs";
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/aeaa71ca-a439-4ef3-9ab8-db7ae8f59376";
    fsType = "xfs";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/828E-F3C3";
    fsType = "vfat";
    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
  swapDevices = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = true;
  hardware.enableRedistributableFirmware = true;
 }
--- a/nixy/peerix-public
+++ b/nixy/peerix-public
--- a/nixy/secrets/borgbase_enc_key.yaml
+++ b/nixy/secrets/borgbase_enc_key.yaml
@ -0,0 +1,21 @@
 borgbase_enc_key: ENC[AES256_GCM,data:AD+JghEOX25tBGYhoU1ge1fqrA+5AK8N4yg=,iv:u05GVeWbL3xdZQgGkXSPkxlATd2M9MX4uSZiLOHMMRE=,tag:pmTQIJWmz+ePmSNzO/EO4Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaDhSZVVibVl1NU84NG9U
            aEVQbThIcC9CajNHS25SVW1SMFFwMUsvMmxJCkpTVThpZ0JZdEpLTnJlQWFqM244
            LzFaUFVvWWxIcU4wRlhXalF5TkNpVHMKLS0tIExXMUx5cDBBbDloQ0sxbEY0eGdj
            bE5vNHVHekI2RzY5M3JNcTdCa3pNeUUK8C04wF1te6epA97sNrhoz0VUn+MC7SML
            6N1CZK3MuRARBqcj4c/W1aXuTysvuV1o/Fl5xOk/gbumcfwnDYj28A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-21T08:14:25Z"
    mac: ENC[AES256_GCM,data:7M+akGH09E2JYyKLmwpjx0VCEBmXqO6bNHFNRCO+9LdSIqsEw8MD4WGO0zwHOD9ls7+1OPFeoU+MVbtfMhmvN4g6rg+tFkXbxPSXCPkTA4tL90ZLXoBIpUBxKKhFMxtdOnjXxES3rTzjXGAvxocFOiNv/7pKbzeqMJUnH9FgAcM=,iv:h0+OpLmutMyPN3YFhyuHFgWSqxVK5WmBAE0k5ezEo9A=,tag:UKOXnTOjWaLDEOYk5YK4Aw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/secrets/borgbase_ssh_key.yaml
+++ b/nixy/secrets/borgbase_ssh_key.yaml
@ -0,0 +1,21 @@
 borgbase_ssh_key: ENC[AES256_GCM,data:lLHIBmw/03An3SRJUjYS2pn0g7XEW0kTXtSObhIGwjBwlRypU7uQDz4JseOA2GbSm+GqsGK8U3Ifgirb7t8AsGy6DPxO+2sm+ByJ1S46G6cwkO2GateJw4Zg0mmhUBBuB/eXQMLuBLKZM2WGta5+6O0SWxDtsrTsBhlo5qbwwYILu0gg2zsBWFSn1OBGgvjYYRTd7N85WX8+S7oNYVAL2HjCmhHHtYrLnua4ajBY9dQEzrKdZaQW4v39HV9MyoilEz17fFLU8S2KbJ1iw8HgoAc9W81hpQNNd8fWKY+e0iWxD9X5H7UTs8YP/bsKeWyG4OAwr99zIZ1Lqzi0EuZI+PYkIz4Q4WBmv1wD6Py274iug3kr1OqvaIOmIT/9j2C3mOZTqxuFaF5T4NMkcIeViCBmRwUMTl/8a36X+n/MYxRoznHCQmg8zKubDuykVJfBmFwxbUc9tx8PeodnWeiASOV7FvBie47yq+NyBGItJXAK14SxLE9T2sxRchJWcrQBcekZdZ5Mej20lfUlcAGkwfUc0e54xsv1K3oY,iv:5157BQmbfuF5EYbDHCy/TmnTYErIwmgXO8RaX6f18xs=,tag:T2eZN46Qd6RgLWk4kbYgPQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b2YzSDdaU3R5TUdqS3Nv
            eUYraFBiZlZ1TXBqYzlWNUNYOFlyMzJvWEE4ClJ6R25CRXRUZ2FDTFY2ZmJIRkRX
            WVJCSy83N2JUNzRuT3VuSUF1OTV2TUkKLS0tIEZ5cVg1V2o0MkdmWEx1emJVdjZ0
            RkZFL2tRNW9RdnAwalE2ZzVQcnljRFUKRyN8ahv9ZI63m8ycl74GZ59lyAXUsKmi
            tfPqQvL1oTtJr3hzwy2bkctXQLYjGvsMyZt2tiWpy5vLc1MrxlqVDQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-21T08:16:40Z"
    mac: ENC[AES256_GCM,data:VkXpCPQB4RypDrK31pYWXeOcl8ulis6fMF1q/SLCg2wXnL0jFrmAFp78C+ers9xFhbnUnMbVc/ZJIVKfa0g94WV3jJbn4+HB0GPWQCz7LwhmG5XEY5O5sFLuDCcHb/epZvDbCsEQeiq+TGDHp6TtdL8qDF+hE2k8qfsy570wocU=,iv:HQleJtHWQ5uk4+Witn2aaqh0SvXqomfiSO/ExgPzVag=,tag:hlBmboddR8GDAmBpETi0Ow==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/secrets/peerix.yaml
+++ b/nixy/secrets/peerix.yaml
@ -0,0 +1,22 @@
 peerix:
    private: ENC[AES256_GCM,data:Oi8H5nqJ0Bf45wQepCjdZNHBOv4AlPxNN7L5Th3gcRQlW1FS77nusIWGSUvlmL2a5LTN0FV36o2GFPrrhiwmvnkQwuSZKc9VeDTf7SX0RRL1NLmRR/zy4WsRNJFxlqtjahieqg==,iv:6hJwqcdPayZaYZhJ0OfYLAtmeVndLEfeYZjUq5/3qJE=,tag:MiAfg8aZAHNYbB0JwcdStg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMEIyck1xbVJ4Zm56Z3dM
            OGsxa1p0TGIvRE5DYXZzTDM3YUZFVTAxbUUwCllPd0FOUlRiZW5wT2QvLzZXYjRr
            S1A5WjZxLzNYQ1ZWVFFQTzRwMFQweFEKLS0tIHNoZUpHS2dDNmFKc3ZVNFZuUFU4
            L0M0MitMeDg1ZWYxcDNCQlVGUjRKeFkKvD2SKnuh517o2knPr2SOWq3kubMyI7UV
            j6HgXVbHUDjmKl2dY+YVTnmxrK54E+Q6iiu7mQnvLdzxYBK/EiNt9w==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-21T08:17:51Z"
    mac: ENC[AES256_GCM,data:v4KQq3Y5ZxsyMxR+FS1BZkH/bPTIIHfQu800U44odaNycIbWnuwCnLWGyJK6Por76bWALycGppDbHPKKW/N1I1XLy/EAXo02+nhHNvKVi2cXSXciuEPc/Cl+6TbP39lx4+EOM8CZoNZ8HAiS3QPy2bwZdMjEw/OHl8TqlN07q9s=,iv:PIcv/b6t+54/yCTZj+12Yep15ors/wXNUnaXjLjpVbM=,tag:JxO5M3OYaWzqgf4gUhCzzg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/secrets/wg_preshared.yaml
+++ b/nixy/secrets/wg_preshared.yaml
@ -0,0 +1,21 @@
 wg_preshared: ENC[AES256_GCM,data:k+aFYDNMojf5kktn6KJ4F5mH5oGdqxdF0MO88NcYpai9USnH394XRL9ASvs=,iv:L5LIXbADhrivKjK/V0E5QpRT7BDsktwIuKHgY+2qr84=,tag:pCW1naU/ygxAIDYWV2hHPQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHZvYy9TTmVEb2ZSTncy
            ckJ1bXZGWVdJSkVHMGx2Vk5ZNlZ3Q2wzVFQ0Cmg1M3hKNFhnZk5nTE54RTdyR0Vs
            NVRiTEltSnkxdmhhdGlycHNPWjFLbncKLS0tIE02NVJRZTd0VmowT1c4cjhKNlZk
            Q01BQWNSVWtIMnFXRWpxR3JDMU8zYTAKIbfpM8uUb09cUlA8YWtgEOL5zvWf5omv
            baZINiAu0/f1avYmW6Qb+aLa2ALrSZaotj46Uwd9Lb5mtjJ/8v9IOg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-20T18:12:20Z"
    mac: ENC[AES256_GCM,data:4PWjwxOO0UuNsevCbzCLaiW7C+So4mEGivd9GzyLKx2JlkNFVB8wqPrY1Rl1ANMrT+7LKc8tVOA4zbweNc9idFG4y5DcvnDSieqKu9v1MeEMHqNpz5TTLbCP81g7qegjI/WKul2kaWIdPaioI/f5x2E6rEYnzFv+Di2mc3W+Qcc=,iv:iE9sali0O3sQIhOw30RGR/4ZQsAPcSxq1qxosfasojU=,tag:+9AOwph5A4oDXsK6Z3YeZA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/secrets/wg_privkey.yaml
+++ b/nixy/secrets/wg_privkey.yaml
@ -0,0 +1,21 @@
 wg_privkey: ENC[AES256_GCM,data:XL9FU1kZXvBJfwyt3HpQe8k8zg9HT6Xm0BdjNMduSu9uAgcHbglpLc/qTB0=,iv:QgX1VsmLUsDozFXmzDVPukjPNTa4Lnh806AQ4qdgpa8=,tag:RNVlDbtx8vAAbG0rinLVOw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSnkyM1ZrcnEvM3VHL0Nk
            THhUUDdGU2s5UFgrVGZ3WXhkYTRIVTlaeGs4CjR4eVpmRy9qUkZSWkpFZDZHRDZI
            ZWRXSmMzL2RWZkVrSlFPcC9ueGpDVFkKLS0tIDZWbENyS2hrSCtlNlBHaE56QTha
            eFJmWXk1SVJEbDJOc1Q1VFlzVS8yODgKFXRAtR+67x0dkQTqZPtMT0Hd+aW+5K17
            S/lhuHRhITt3woQnecVPMYklgJJlsyQ6blKhJw8dvhbVWWThZ853rQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-21T08:18:59Z"
    mac: ENC[AES256_GCM,data:xPKsGZD5RKT/WMRupe4YTgoiUQRFq77KQyGaazeY1GEPI117gWxRHEpiyCLnfhZWcaekPWoXosm32wRLwDAXM/Femk567i5uKKG2wAqApWbc+FXTQ71w/CFr9uEWFApBjpEHpuBBaFV23qJfylsqeMp9r52d9Sp5eDQC4RJead0=,iv:oiNoZ/bqQUe+luqeuldw1M0KB2d4C5T7kXy+mLFZNZQ=,tag:5pK22TYGwbBNyWlfd/Ufxw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/secrets/wg_privkey_proton.yaml
+++ b/nixy/secrets/wg_privkey_proton.yaml
@ -0,0 +1,22 @@
 wg_privkey_proton: ENC[AES256_GCM,data:qVVd+1s2T3sKDi03V+eMvgqW8LAVl/yEKwtG2EMn8NhBCN7RvlttC5SeIDM=,iv:/QcrtmMjCzZRulumIz5u9oxyaRt+HUq96ZiP8ecpvAo=,tag:1DCaJqVGfg3sfvKTQnmzZA==,type:str]
 wg_endpoint_proton: ENC[AES256_GCM,data:ggoWnB6nGjGc/kSOaCo=,iv:1r5J6SO5JYH7+bMhE2lGwfFETVFeS61eCXtej0Pl07M=,tag:p+0hhQ/vqZzZML24YReA0g==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdXZpL1lrOEYyYVdFTzNJ
            SHhXRVc5Y0o4ZzN2THRjM215UWczVjZOTXg4CjBJZ2VxN0t0ZFgzTmJMeXo5SWZk
            UjRlNmdRTVVPbHVEeXM3TWhoS0pSUTQKLS0tIEtkTURBc1A3d2lTalhmeEoxUkZj
            K3BHZnUzN3ZrL1dFQk8rWFpZR05pbFUKObrnIpY3NR1o3/lKhTfVpQU+eQRTi7wF
            SAjGZ5BRdCi5x1VWRxiT1Fvjqkm7kBEQFvdSvbqW2UK6lVHtWgt2Vg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-12T13:30:18Z"
    mac: ENC[AES256_GCM,data:3UqJGcNGPZDlLA3a0uNHUI0ykDC0ByxAR2ZsrsbWQMv3BS6zyBuc+zpTHQZoIPGsAMUetuB3OuA0IQNll3abg6u2AadEQBUf1PYMWlo58txLYlAs/q0g+575F+LhDSgmDMKOFXz4HqbFP0RYTHkPnmjWPMWWY3G9o6B3Iaw5+Kc=,iv:massJRpGcH4pDZxJrpQYy80XVViyw+qFsZ8Sk9Xze08=,tag:eDvuNadKGKBS/3jauvnuFQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/nixy/ssh_pubkey
+++ b/nixy/ssh_pubkey
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPNCxE/8z02lVOC1unJbPMH+Ma+KRJfmz33oUfz3hKc root@nixy
--- a/nixy/wg_pubkey
+++ b/nixy/wg_pubkey
@ -0,0 +1 @@
 oHVmhw80daHjDjo7nwt/Y9eKBaH5FoTiVeukwDObijM=
--- a/nixy/wg_pubkey_nx
+++ b/nixy/wg_pubkey_nx
@ -0,0 +1 @@
 eoYSDh27qQFpvOcDmuVFzSTuPnrHQYXDMqatKmDAth0=
--- a/packages/bubblewrap/default.nix
+++ b/packages/bubblewrap/default.nix
@ -0,0 +1,56 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  docbook_xsl,
  libxslt,
  meson,
  ninja,
  pkg-config,
  bash-completion,
  libcap,
  libselinux,
 }:
 stdenv.mkDerivation rec {
  pname = "bubblewrap";
  version = "0.8.0";
  src = fetchFromGitHub {
    owner = "rhendric";
    repo = "bubblewrap";
    rev = "23ff0f875b3a0200c1796daa01173ecec7deaf88";
    hash = "sha256-EWsuAGsShaHEmLi0jUHX2bFQZkinIOsRbgB7tZSfq8E=";
  };
  postPatch = ''
    substituteInPlace tests/libtest.sh \
      --replace "/var/tmp" "$TMPDIR"
  '';
  nativeBuildInputs = [
    docbook_xsl
    libxslt
    meson
    ninja
    pkg-config
  ];
  buildInputs = [
    bash-completion
    libcap
    libselinux
  ];
  # incompatible with Nix sandbox
  doCheck = false;
  meta = with lib; {
    changelog = "https://github.com/containers/bubblewrap/releases/tag/${src.rev}";
    description = "Unprivileged sandboxing tool";
    homepage = "https://github.com/containers/bubblewrap";
    license = licenses.lgpl2Plus;
    maintainers = with maintainers; [ dotlambda ];
    platforms = platforms.linux;
    mainProgram = "bwrap";
  };
 }
--- a/packages/viber/default.nix
+++ b/packages/viber/default.nix
@ -0,0 +1,171 @@
 {
  alsa-lib,
  brotli,
  cups,
  curl,
  bubblewrap,
  bash,
  writeShellScriptBin,
  dbus,
  dpkg,
  expat,
  fetchurl,
  fontconfig,
  freetype,
  glib,
  gst_all_1,
  harfbuzz,
  krb5,
  lcms,
  lib,
  libcap,
  libevent,
  libGL,
  libGLU,
  libopus,
  libpulseaudio,
  libwebp,
  libxkbcommon,
  libxml2,
  libxslt,
  makeWrapper,
  mesa,
  nspr,
  nss,
  openssl,
  snappy,
  stdenv,
  systemd,
  wayland,
  xorg,
  zlib,
  zstd,
  ...
 }:
 stdenv.mkDerivation {
  pname = "viber";
  version = "23.2.0.3";
  src = fetchurl {
    # Official link: https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb
    url = "https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb";
    hash = "sha256-9WHiI2WlsgEhCPkrQoAunmF6lSb2n5RgQJ2+sdnSShM=";
  };
  nativeBuildInputs = [ makeWrapper ];
  buildInputs = [ dpkg ];
  dontUnpack = true;
  libPath = lib.makeLibraryPath [
    alsa-lib
    brotli
    cups
    curl
    dbus
    expat
    fontconfig
    freetype
    glib
    gst_all_1.gst-plugins-bad
    gst_all_1.gst-plugins-base
    gst_all_1.gstreamer
    harfbuzz
    krb5
    lcms
    libcap
    libevent
    libGLU
    libGL
    libopus
    libpulseaudio
    libwebp
    libxkbcommon
    libxml2
    libxslt
    mesa
    nspr
    nss
    openssl
    snappy
    stdenv.cc.cc
    systemd
    wayland
    zlib
    zstd
    xorg.libICE
    xorg.libSM
    xorg.libX11
    xorg.libxcb
    xorg.libXcomposite
    xorg.libXcursor
    xorg.libXdamage
    xorg.libXext
    xorg.libXfixes
    xorg.libXi
    xorg.libXrandr
    xorg.libXrender
    xorg.libXScrnSaver
    xorg.libXtst
    xorg.xcbutilimage
    xorg.xcbutilkeysyms
    xorg.xcbutilrenderutil
    xorg.xcbutilwm
    xorg.libxkbfile
  ];
  installPhase =
    let
      viberWrap = writeShellScriptBin "viberWrap" ''
        ${bubblewrap}/bin/bwrap --bind / / \
        --dev /dev \
        --tmpfs $HOME \
        --bind  $HOME/.ViberPC/ $HOME/.ViberPC \
        --bind  $HOME/Downloads/ $HOME/Downloads \
        $@
      '';
    in
    ''
      dpkg-deb -x $src $out
      mkdir -p $out/bin
      # Soothe nix-build "suspicions"
      chmod -R g-w $out
      for file in $(find $out -type f \( -perm /0111 -o -name \*.so\* \) ); do
        patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$file" || true
        patchelf --set-rpath $libPath:$out/opt/viber/lib $file || true
      done
      # qt.conf is not working, so override everything using environment variables
      wrapProgram $out/opt/viber/Viber \
        --set QT_PLUGIN_PATH "$out/opt/viber/plugins" \
        --set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \
        --set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale" \
        --set QML2_IMPORT_PATH "$out/opt/viber/qml"
      echo "#!${bash}/bin/bash" > $out/bin/viber
      echo "${viberWrap}/bin/viberWrap $out/opt/viber/Viber" >> $out/bin/viber
      chmod +x $out/bin/viber
      mv $out/usr/share $out/share
      rm -rf $out/usr
      # Fix the desktop link
      substituteInPlace $out/share/applications/viber.desktop \
        --replace /opt/viber/Viber $out/opt/viber/Viber \
        --replace /usr/share/ $out/share/
    '';
  dontStrip = true;
  dontPatchELF = true;
  meta = {
    homepage = "https://www.viber.com";
    description = "An instant messaging and Voice over IP (VoIP) app";
    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
    license = lib.licenses.unfree;
    platforms = [ "x86_64-linux" ];
    maintainers = with lib.maintainers; [ jagajaga ];
  };
 }
--- a/secrets/peerix.yaml
+++ b/secrets/peerix.yaml
@ -1,31 +0,0 @@
 peerix:
    private: ENC[AES256_GCM,data:WlWrX0kxeElaGvFllg2EkgfDsj1bkRwD9xMTWQevktDQaRd3IdVD9IwFZcwgTgS4hVM6gy9Q/VWX3M12vKaLdaKeTR/PMOQGCov291w12cAFIg/pYINp+511a9aHqFaIZx0WeA==,iv:Ni0M4Tikcbs6NsanYunOKn1R8jLlC59NiDbqNVPW7gM=,tag:POSZ9OgkLZyvnN8vn8OgDQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbWcxaHVYUjVydnZVZkJa
            MFA1TDJFcmtpUis2SXBWNjh5QjI0WkgydHhBCklzVFRlZ0VoSitISlpIaVFJaHRZ
            enNFaFl1MkRaQUtpb1JUOUNJaXJDT00KLS0tIHZBeGc2ejR4bkcxVjhrWDYyOVpk
            V28zVWZsTFpJVHY3bHdqR3dGMHNqWncKcjvVw61Zfh0yXKikjnrlq1CIoN7wDiiQ
            5FDAzjdTMGLOXvrxtfKEJ0RUP8/ANJ+b69pJTBl8To4qIAFGKU0syg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1smcrg45udmvl5w8306qec07lqqzjplwx3l8f80tcewpkh7r3h5yqgenrqd
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUnNveWIrOEE4UnlGNnpN
            WE5oN1hrOTlma0ZWUDc5ZG5pcUFOV1BJam5nCnhiaFRJVjcreDFiTU85RlJzK0tT
            eURJdHAwWXVZU2xHbTdsOVc4VjJOaUUKLS0tIGJ2c3JxVGFZWHdCY1p3M1VRNGlk
            enVTczYxcjNPZkFHTG5RZEtRTTRJOUEKNTPZFBwdnKNmalgPqpJew8ucwQZ3yK+8
            6Zqv3POnq68ms4nFelQynDYDAEK/maN+qYdo8qgFi14pz87liVF/Ug==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-07-03T20:12:05Z"
    mac: ENC[AES256_GCM,data:kcfnNiu88VTYGgxfSRIkqK8MXS7Gcan9oXxc+UM6/c7yCj35ogNGtDxJmJ4O1Gov2LrP3+lbhyHjOeQBYN06JmE+3o3SV/bIZ5HUWMYqmj+yO1sG8ugSx2NAgSMKmyESlrZTZvN9Z9Z8JocmN1TtyA9Uip7/URfGOXaIFYYDLwE=,iv:bxRoXN4DEIi4B2bCxKcImKp1rfkps4RxP3UbjBePjPw=,tag:x4yXtvmoOrFEadhZmbJjAQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
		`@ -1 +0,0 @@`
			`NixOS configuration using nix flakes and home-manager`
		`@ -0,0 +1,3 @@`
							`NixOS configuration using nix flakes and home-manager`

							`Main repository found at: https://git.project-cloud.net/asmir/nixos_flake_config`
		`@ -0,0 +1 @@`
							`g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=`
		`@ -0,0 +1 @@`
							`kbmzzQc3bBpkjE7K/ohycZtx+ml+dzVYOQ2xM0/bzzQ=`
		`@ -0,0 +1 @@`
							`xhjJdIXtTBNhtSoehsi6p+znIgOfMRetl5/wtnMxJGk=`
		`@ -0,0 +1 @@`
							`peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=`
		`@ -0,0 +1 @@`
							`S+tL/pTm4D7bsWj/dhpPXHYxcye/DuNMguLD5l1ACEU=`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPNCxE/8z02lVOC1unJbPMH+Ma+KRJfmz33oUfz3hKc root@nixy`
		`@ -0,0 +1 @@`
							`oHVmhw80daHjDjo7nwt/Y9eKBaH5FoTiVeukwDObijM=`
		`@ -0,0 +1 @@`
							`eoYSDh27qQFpvOcDmuVFzSTuPnrHQYXDMqatKmDAth0=`