automated: Update flake.lock

Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
Merge pull request 'automated: Update flake.lock' (#132 ) from update-flake-lock into main
2025-08-25 01:36:27 +00:00 · 2025-08-10 19:10:20 -04:00 · 2025-08-10 22:37:48 +00:00 · 2025-08-01 00:58:33 -04:00 · 2025-08-01 00:40:10 -04:00 · 2025-08-01 00:16:57 -04:00
37 changed files with 495 additions and 257 deletions
--- a/.github/workflows/flake-health-checks.yml
+++ b/.github/workflows/flake-health-checks.yml
@@ -6,8 +6,8 @@ on:
        branches: ["main"]
    merge_group:
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
+    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    cancel-in-progress: true
 jobs:
    health-check:
        name: "Perform Nix flake checks"
--- a/.github/workflows/flake-update.yml
+++ b/.github/workflows/flake-update.yml
@@ -5,8 +5,8 @@ on:
    schedule:
        - cron: "00 12 * * *"
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
+    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    cancel-in-progress: true
 jobs:
    update_lockfile:
        runs-on: ubuntu-latest
--- a/.github/workflows/lock-health-checks.yml
+++ b/.github/workflows/lock-health-checks.yml
@@ -6,8 +6,8 @@ on:
        branches: ["main"]
    merge_group:
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
+    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    cancel-in-progress: true
 jobs:
    health-check:
        name: "Check health of `flake.lock`"
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -49,3 +49,9 @@ creation_rules:
            - *admin_alice
          age:
            - *palatine-hill
+    - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
+      key_groups:
+        - pgp:
+            - *admin_alice
+          age:
+            - *palatine-hill
--- a/flake.lock
+++ b/flake.lock
@@ -37,11 +37,11 @@
    "base16-helix": {
      "flake": false,
      "locked": {
-        "lastModified": 1736852337,
-        "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
+        "lastModified": 1752979451,
+        "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",
        "owner": "tinted-theming",
        "repo": "base16-helix",
-        "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
+        "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",
        "type": "github"
      },
      "original": {
@@ -75,11 +75,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1748730131,
-        "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=",
+        "lastModified": 1756008219,
+        "narHash": "sha256-r5n8O8luhLd/Oz+O2FBWG9lZwtn+qRYzI1idi+zpflk=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0",
+        "rev": "b89c9248de0b09addc7a310e0339521bdca2db82",
        "type": "gitlab"
      },
      "original": {
@@ -92,11 +92,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1744642301,
-        "narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
+        "lastModified": 1748383148,
+        "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
+        "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
        "type": "github"
      },
      "original": {
@@ -124,11 +124,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1754487366,
+        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
        "type": "github"
      },
      "original": {
@@ -145,11 +145,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1751413152,
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
        "type": "github"
      },
      "original": {
@@ -194,32 +194,6 @@
        "type": "github"
      }
    },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": [
-          "stylix",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore_2",
-        "nixpkgs": [
-          "stylix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1742649964,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@@ -241,41 +215,19 @@
        "type": "github"
      }
    },
-    "gitignore_2": {
-      "inputs": {
-        "nixpkgs": [
-          "stylix",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1744584021,
-        "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
+        "lastModified": 1748186689,
+        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
+        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
        "type": "github"
      },
      "original": {
        "owner": "GNOME",
-        "ref": "48.1",
+        "ref": "48.2",
        "repo": "gnome-shell",
        "type": "github"
      }
@@ -287,11 +239,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748737919,
-        "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
+        "lastModified": 1756022458,
+        "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5675a9686851d9626560052a032c4e14e533c1fa",
+        "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740",
        "type": "github"
      },
      "original": {
@@ -330,11 +282,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747572947,
-        "narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=",
+        "lastModified": 1755680610,
+        "narHash": "sha256-g7/g5o0spemkZCzPa8I21RgCmN0Kv41B5z9Z5HQWraY=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "910dad4c5755c1735d30da10c96d9086aa2a608d",
+        "rev": "04721247f417256ca96acf28cdfe946cf1006263",
        "type": "github"
      },
      "original": {
@@ -383,11 +335,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748751003,
-        "narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
+        "lastModified": 1756008611,
+        "narHash": "sha256-rfTBWuTXi9/X7GhtF562FKNXKh2kvKb6dwI5lV1SjPE=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
+        "rev": "52dec1cb33a614accb9e01307e17816be974d24d",
        "type": "github"
      },
      "original": {
@@ -427,11 +379,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748776124,
-        "narHash": "sha256-vs2cMCHX9wnWJutXhQyWkWOpMF/Xbw0ZAUAFGsKLifA=",
+        "lastModified": 1751591814,
+        "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "e989a41092f6f0375e7afb789bc97cb30d01fdb8",
+        "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
        "type": "github"
      },
      "original": {
@@ -448,11 +400,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747663185,
-        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
+        "lastModified": 1751903740,
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -463,11 +415,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1748634340,
-        "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
+        "lastModified": 1755330281,
+        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
+        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
        "type": "github"
      },
      "original": {
@@ -486,11 +438,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748287559,
-        "narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=",
+        "lastModified": 1755975430,
+        "narHash": "sha256-yrnDLjYh0Ff1/o+3Wd4htrKTzwd0Q3ig/FyB0WaVJo0=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4",
+        "rev": "c3a53d3f810be234d66fe0fcddbadb469ef14e12",
        "type": "github"
      },
      "original": {
@@ -501,11 +453,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1748762463,
-        "narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=",
+        "lastModified": 1756050191,
+        "narHash": "sha256-lMtTT4rv5On7D0P4Z+k7UkvbAKKuVGRbJi/VJeRCQwI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda",
+        "rev": "759dcc6981cd4aa222d36069f78fe7064d563305",
        "type": "github"
      },
      "original": {
@@ -517,11 +469,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "lastModified": 1753579242,
+        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
        "type": "github"
      },
      "original": {
@@ -532,11 +484,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1748421225,
-        "narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
+        "lastModified": 1751274312,
+        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
+        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
        "type": "github"
      },
      "original": {
@@ -555,15 +507,14 @@
        "nixpkgs": [
          "stylix",
          "nixpkgs"
-        ],
-        "treefmt-nix": "treefmt-nix"
+        ]
      },
      "locked": {
-        "lastModified": 1746056780,
-        "narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
+        "lastModified": 1751906969,
+        "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "d476cd0972dd6242d76374fcc277e6735715c167",
+        "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25",
        "type": "github"
      },
      "original": {
@@ -583,11 +534,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747372754,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "lastModified": 1755960406,
+        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
        "type": "github"
      },
      "original": {
@@ -627,11 +578,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748746145,
-        "narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=",
+        "lastModified": 1756003222,
+        "narHash": "sha256-lmEMhIIbjt8Wp1EYbNqCojuU9ygyDFv8Tu0X1k8qIMc=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c",
+        "rev": "88ceedecde53e809b4bf8b5fd10d181889d9bac7",
        "type": "github"
      },
      "original": {
@@ -647,11 +598,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747603214,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "lastModified": 1754988908,
+        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
        "type": "github"
      },
      "original": {
@@ -667,15 +618,8 @@
        "base16-helix": "base16-helix",
        "base16-vim": "base16-vim",
        "firefox-gnome-theme": "firefox-gnome-theme",
-        "flake-compat": [
-          "flake-compat"
-        ],
        "flake-parts": "flake-parts_2",
-        "git-hooks": "git-hooks",
        "gnome-shell": "gnome-shell",
-        "home-manager": [
-          "home-manager"
-        ],
        "nixpkgs": [
          "nixpkgs"
        ],
@@ -688,11 +632,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1748717073,
-        "narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=",
+        "lastModified": 1755997543,
+        "narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c",
+        "rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8",
        "type": "github"
      },
      "original": {
@@ -767,11 +711,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1744974599,
-        "narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
+        "lastModified": 1750770351,
+        "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
+        "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
        "type": "github"
      },
      "original": {
@@ -783,11 +727,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1745111349,
-        "narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
+        "lastModified": 1751159871,
+        "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
+        "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
        "type": "github"
      },
      "original": {
@@ -799,11 +743,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1725758778,
-        "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
+        "lastModified": 1751158968,
+        "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
+        "rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
        "type": "github"
      },
      "original": {
@@ -812,28 +756,6 @@
        "type": "github"
      }
    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "stylix",
-          "nur",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1733222881,
-        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "type": "github"
-      }
-    },
    "wired-notify": {
      "inputs": {
        "flake-parts": [
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,14 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    #lix-module = {
+    #  url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
+    #  inputs = {
+    #    nixpkgs.follows = "nixpkgs";
+    #    flake-utils.follows = "flake-utils";
+    #  };
+    #};
+
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -119,8 +127,6 @@
    stylix = {
      url = "github:danth/stylix";
      inputs = {
-        flake-compat.follows = "flake-compat";
-        home-manager.follows = "home-manager";
        nixpkgs.follows = "nixpkgs";
      };
    };
@@ -167,6 +173,29 @@
      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);

      nixosConfigurations = genSystems inputs outputs src (src + "/systems");
+      homeConfigurations = {
+        "alice" = inputs.home-manager.lib.homeManagerConfiguration {
+          pkgs = import nixpkgs { system = "x86_64-linux"; };
+          modules = [
+            inputs.stylix.homeModules.stylix
+            inputs.sops-nix.homeManagerModules.sops
+            inputs.nix-index-database.homeModules.nix-index
+            {
+              nixpkgs.config = {
+                allowUnfree = true;
+                allowUnfreePredicate = _: true;
+              };
+            }
+            ./users/alice/home.nix
+          ];
+          extraSpecialArgs = {
+            inherit inputs outputs;
+            machineConfig = {
+              server = false;
+            };
+          };
+        };
+      };
      images = {
        install-iso = getImages nixosConfigurations "install-iso";
        iso = getImages nixosConfigurations "iso";
--- a/hydra/jobs.nix
+++ b/hydra/jobs.nix
@@ -10,6 +10,9 @@ let
  getCfg = _: cfg: cfg.config.system.build.toplevel;
  hostToAgg = _: cfg: cfg;

+  getHome = _: cfg: cfg.config.home.activationPackage;
+  homeToAgg = _: cfg: cfg;
+
  # get per-system check derivation (with optional postfix)
  mapSystems =
    {
@@ -22,11 +25,16 @@ rec {
  inherit (outputs) formatter devShells checks;

  host = lib.mapAttrs getCfg outputs.nixosConfigurations;
+  home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage

  hosts = pkgs.releaseTools.aggregate {
    name = "hosts";
    constituents = lib.mapAttrsToList hostToAgg host;
  };
+  homes = pkgs.releaseTools.aggregate {
+    name = "homes";
+    constituents = lib.mapAttrsToList homeToAgg home;
+  };

  devChecks = pkgs.releaseTools.aggregate {
    name = "devChecks";
--- a/lib/systems.nix
+++ b/lib/systems.nix
@@ -156,6 +156,7 @@ rec {
      modules ? [ ],
      server ? true,
      sops ? true,
+      lix ? false,
      system ? "x86_64-linux",
    }@args:
    lib.nixosSystem {
@@ -168,19 +169,20 @@ rec {
          system
          ;
      };
-      modules =
-        [
-          inputs.nixos-modules.nixosModule
-          (genHostName hostname)
-          (configPath + "/hardware.nix")
-          (configPath + "/configuration.nix")
-        ]
-        ++ modules
-        ++ (lib.adev.fileList (src + "/modules"))
-        ++ genWrapper sops genSops args
-        ++ genWrapper home genHome args
-        ++ genWrapper true genUsers args
-        ++ genWrapper (system != "x86_64-linux") genNonX86 args;
+      modules = [
+        inputs.nixos-modules.nixosModule
+        inputs.nix-index-database.nixosModules.nix-index
+        (genHostName hostname)
+        (configPath + "/hardware.nix")
+        (configPath + "/configuration.nix")
+      ]
+      ++ modules
+      ++ (lib.adev.fileList (src + "/modules"))
+      ++ genWrapper sops genSops args
+      ++ genWrapper home genHome args
+      ++ genWrapper true genUsers args
+      #++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
+      ++ genWrapper (system != "x86_64-linux") genNonX86 args;
    };

  # a convenience function for automatically generating NixOS systems by reading a directory via constructSystem
--- a/modules/autopull.nix
+++ b/modules/autopull.nix
@@ -59,11 +59,12 @@ in
      repos = lib.filterAttrs (_: { enable, ... }: enable) cfg.repo;
    in
    lib.mkIf cfg.enable {
-      environment.systemPackages =
-        [ pkgs.git ]
-        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
-          pkgs.openssh
-        ];
+      environment.systemPackages = [
+        pkgs.git
+      ]
+      ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
+        pkgs.openssh
+      ];

      systemd.services = lib.mapAttrs' (
        _:
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -35,10 +35,11 @@ in
  config.boot = lib.mkIf cfg.default {
    supportedFilesystems = [ cfg.filesystem ];
    tmp.useTmpfs = true;
-    kernelParams =
-      [ "nordrand" ]
-      ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
-      ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
+    kernelParams = [
+      "nordrand"
+    ]
+    ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
+    ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
    initrd = {
      kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
      network = lib.mkIf cfg.fullDiskEncryption {
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -0,0 +1,11 @@
+{
+  ...
+}:
+
+{
+  users.groups = {
+    users = {
+      gid = 100;
+    };
+  };
+}
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@@ -60,12 +60,13 @@

    fwupd = {
      enable = true;
-      package =
-        (import (builtins.fetchTarball {
-          url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
-          sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
-        }) { inherit (pkgs) system; }).fwupd;
+      # package =
+      #   (import (builtins.fetchTarball {
+      #     url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
+      #     sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
+      #   }) { inherit (pkgs) system; }).fwupd;
    };
+    mullvad-vpn.enable = true;

    fprintd.enable = lib.mkForce false;
    openssh.enable = lib.mkForce false;
--- a/systems/artemision/default.nix
+++ b/systems/artemision/default.nix
@@ -3,6 +3,7 @@
  system = "x86_64-linux";
  home = true;
  sops = true;
+  lix = true;
  server = false;
  users = [ "alice" ];
  modules = [
--- a/systems/artemision/programs.nix
+++ b/systems/artemision/programs.nix
@@ -53,7 +53,6 @@
    # nbt explorer?
    ncdu
    nemo-with-extensions
-    neofetch
    neovim
    nix-init
    nix-output-monitor
--- a/systems/palatine-hill/attic/default.nix
+++ b/systems/palatine-hill/attic/default.nix
@@ -10,10 +10,6 @@
    attic-client
  ];

-  systemd.services.atticd.environment = {
-    RUST_LOG = "INFO";
-  };
-
  services = {
    atticd = {
      enable = true;
@@ -71,6 +67,9 @@
  # configured default webstore for this on root user separately
  systemd = {
    services = {
+      atticd.environment = {
+        RUST_LOG = "INFO";
+      };
      attic-watch-store = {
        wantedBy = [ "multi-user.target" ];
        after = [
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -17,6 +17,7 @@
    ./minio.nix
    ./networking.nix
    ./nextcloud.nix
+    #./plex
    ./postgresql.nix
    ./samba.nix
    ./zfs.nix
@@ -52,21 +53,42 @@
        vaapiVdpau
        libvdpau-va-gl
        intel-compute-runtime
-        intel-media-sdk
+        vpl-gpu-rt # replaces intel-media-sdk
      ];
    };
  };

-  environment.systemPackages = with pkgs; [
-    chromedriver
-    chromium
-    docker-compose
-    intel-gpu-tools
-    jellyfin-ffmpeg
-    jq
-    yt-dlp
-    yq
-  ];
+  environment = {
+    systemPackages = with pkgs; [
+      chromedriver
+      chromium
+      docker-compose
+      filebot
+      intel-gpu-tools
+      jellyfin-ffmpeg
+      jq
+      yt-dlp
+      yq
+    ];
+    etc = {
+      # Creates /etc/lynis/custom.prf
+      "lynis/custom.prf" = {
+        text = ''
+          skip-test=BANN-7126
+          skip-test=BANN-7130
+          skip-test=DEB-0520
+          skip-test=DEB-0810
+          skip-test=FIRE-4513
+          skip-test=HRDN-7222
+          skip-test=KRNL-5820
+          skip-test=LOGG-2190
+          skip-test=LYNIS
+          skip-test=TOOL-5002
+        '';
+        mode = "0440";
+      };
+    };
+  };

  services = {
    samba.enable = true;
--- a/systems/palatine-hill/docker/act-runner.nix
+++ b/systems/palatine-hill/docker/act-runner.nix
@@ -12,6 +12,7 @@ in
  virtualisation.oci-containers.containers = {
    act-stable-latest-main = {
      image = "gitea/act_runner:latest";
+      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
@@ -35,6 +36,7 @@ in

    act-stable-latest-1 = {
      image = "gitea/act_runner:latest";
+      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
@@ -57,6 +59,7 @@ in

    act-stable-latest-2 = {
      image = "gitea/act_runner:latest";
+      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
--- a/systems/palatine-hill/docker/arr.nix
+++ b/systems/palatine-hill/docker/arr.nix
@@ -0,0 +1,124 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    bazarr = {
+      image = "ghcr.io/linuxserver/bazarr:latest";
+      ports = [ "6767:6767" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/bazarr:/config"
+        "${vars.primary_plex_storage}/data:/data"
+      ];
+      autoStart = true;
+    };
+    prowlarr = {
+      image = "ghcr.io/linuxserver/prowlarr:latest";
+      ports = [ "9696:9696" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
+      autoStart = true;
+    };
+    radarr = {
+      image = "ghcr.io/linuxserver/radarr:latest";
+      ports = [ "7878:7878" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/radarr:/config"
+        "${vars.primary_plex_storage}/data:/data"
+      ];
+      autoStart = true;
+    };
+    sonarr = {
+      image = "ghcr.io/linuxserver/sonarr:latest";
+      ports = [ "8989:8989" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/sonarr:/config"
+        "${vars.primary_plex_storage}/data:/data"
+      ];
+      autoStart = true;
+    };
+    lidarr = {
+      image = "ghcr.io/linuxserver/lidarr:latest";
+      ports = [ "8686:8686" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/lidarr:/config"
+        "${vars.primary_plex_storage}/data:/data"
+      ];
+      autoStart = true;
+    };
+    readarr = {
+      image = "ghcr.io/linuxserver/readarr:latest";
+      ports = [ "8787:8787" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/readarr:/config"
+        "${vars.primary_plex_storage}/data:/data"
+      ];
+      autoStart = true;
+    };
+    unpackerr = {
+      image = "golift/unpackerr:latest";
+      user = "600:100";
+      environment = {
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.primary_docker}/unpackerr:/config"
+        "${vars.primary_plex_storage}:/data"
+      ];
+      autoStart = true;
+    };
+
+    overseerr = {
+      image = "lscr.io/linuxserver/overseerr";
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [ "${vars.primary_docker}/overseerr:/config" ];
+      # TODO: remove ports later since this is going through web
+      ports = [ "5055:5055" ]; # Web UI port
+      dependsOn = [
+        "radarr"
+        "sonarr"
+      ];
+      extraOptions = [ "--network=haproxy-net" ];
+      autoStart = true;
+    };
+  };
+}
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@@ -8,6 +8,7 @@
 {
  imports = [
    ./act-runner.nix
+    ./arr.nix
    # temp disable archiveteam for tiktok archiving
    #./archiveteam.nix
    # ./books.nix
--- a/systems/palatine-hill/docker/glances.nix
+++ b/systems/palatine-hill/docker/glances.nix
@@ -8,6 +8,7 @@ in
  virtualisation.oci-containers.containers = {
    glances = {
      image = "nicolargo/glances:latest-full";
+      pull = "always";
      extraOptions = [
        "--pid=host"
        "--network=haproxy-net"
--- a/systems/palatine-hill/docker/minecraft.nix
+++ b/systems/palatine-hill/docker/minecraft.nix
@@ -39,6 +39,7 @@ in
  virtualisation.oci-containers.containers = {
    mc-router = {
      image = "itzg/mc-router:latest";
+      pull = "always";
      extraOptions = [
        "--network=haproxy-net"
        "--network=minecraft-net"
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@@ -9,6 +9,8 @@ let
  nextcloud-base = {
    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
    image = "nextcloud-nextcloud";
+    # pull = "always";
+    # do NOT enable pull here, this image is generated based on a custom docker image
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
@@ -32,6 +34,7 @@ in
    };
    redis = {
      image = "redis:latest";
+      pull = "always";
      user = "600:600";
      volumes = [
        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
@@ -47,6 +50,7 @@ in
    };
    go-vod = {
      image = "radialapps/go-vod:latest";
+      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
@@ -58,6 +62,7 @@ in
    };
    collabora-code = {
      image = "collabora/code:latest";
+      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        aliasgroup1 = "https://collabora.nayenoie.com:443";
--- a/systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
+++ b/systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
--- a/systems/palatine-hill/docker/restic.nix
+++ b/systems/palatine-hill/docker/restic.nix
@@ -10,7 +10,7 @@ in
      image = "restic/rest-server:latest";
      volumes = [ "${restic_path}:/data" ];
      environment = {
-        OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
+        OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
      };
      ports = [ "8010:8000" ];
      extraOptions = [
--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@@ -1,7 +1,8 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:

 let
  delugeBase = {
+    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
@@ -19,18 +20,31 @@ let
  deluge_path = "${torr_path}/deluge";
  delugevpn_path = "${torr_path}/delugevpn";

-  genSopsConf = file: {
+  #genSopsConfWg = file: {
+  #  "${file}" = {
+  #    format = "binary";
+  #    sopsFile = ./wg/${file};
+  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
+  #    owner = "docker-service";
+  #    group = "users";
+  #    restartUnits = [ "docker-delugeVPN.service" ];
+  #  };
+  #};
+
+  genSopsConfOvpn = file: {
    "${file}" = {
      format = "binary";
-      sopsFile = ./wg/${file};
-      path = "${delugevpn_path}/config/wireguard/configs/${file}";
+      sopsFile = ./openvpn/${file};
+      path = "${delugevpn_path}/config/openvpn/configs/${file}";
      owner = "docker-service";
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };
+
  };
 in
 {
+
  virtualisation.oci-containers.containers = {
    deluge = delugeBase // {
      image = "binhex/arch-deluge";
@@ -45,25 +59,26 @@ in
      ];
    };
    delugeVPN = delugeBase // {
-      image = "binhex/arch-delugevpn";
-      extraOptions = [
-        "--privileged=true"
-        "--sysctl"
-        "net.ipv4.conf.all.src_valid_mark=1"
-      ];
+      image = "binhex/arch-delugevpn:latest";
+      capabilities = {
+        NET_ADMIN = true;
+      };
+      autoRemoveOnStop = false;
      environment = delugeBase.environment // {
        VPN_ENABLED = "yes";
-        VPN_CLIENT = "wireguard";
-        VPN_PROV = "custom";
+        VPN_CLIENT = "openvpn";
+        VPN_PROV = "protonvpn";
        ENABLE_PRIVOXY = "yes";
        LAN_NETWORK = "192.168.0.0/16";
-        NAME_SERVERS = "194.242.2.9";
+        ENABLE_STARTUP_SCRIPTS = "yes";
+        #NAME_SERVERS = "194.242.2.9";
+        #NAME_SERVERS = "9.9.9.9";
        # note, delete /config/perms.txt to force a bulk permissions update
-
      };
+      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
      volumes = [
        "${delugevpn_path}/config:/config"
-        "${delugevpn_path}/data:/data"
+        "${deluge_path}/data:/data" # use common torrent path yuck
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
@@ -71,6 +86,9 @@ in
        "8119:8118"
        "39275:39275"
        "39275:39275/udp"
+        "48346:48346"
+        "48346:48346/udp"
+
      ];
    };
  };
@@ -79,25 +97,34 @@ in
    serviceConfig = {
      ExecStartPre = [
        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
-          + "-type l -not -name wg0.conf "
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+          + "-type l -not -name network.ovpn "
          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
-          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
-          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
+        )
+        (
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+          + "-type l "
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
        )
      ];
-      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
+      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
    };
  };

-  sops.secrets =
-    (genSopsConf "se-mma-wg-001.conf")
-    // (genSopsConf "se-mma-wg-002.conf")
-    // (genSopsConf "se-mma-wg-003.conf")
-    // (genSopsConf "se-mma-wg-004.conf")
-    // (genSopsConf "se-mma-wg-005.conf")
-    // (genSopsConf "se-mma-wg-101.conf")
-    // (genSopsConf "se-mma-wg-102.conf")
-    // (genSopsConf "se-mma-wg-103.conf");
+  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
+    "docker/delugevpn" = {
+      owner = "docker-service";
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
+    };
+    "docker/protonvpn-start-script" = {
+      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
+      owner = "docker-service";
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
+    };
+  };
 }
--- a/systems/palatine-hill/firewall.nix
+++ b/systems/palatine-hill/firewall.nix
@@ -24,6 +24,15 @@

    # collabora
    9980
+
+    # arr
+    6767
+    9696
+    7878
+    8989
+    8686
+    8787
+    5055
  ];

 }
--- a/systems/palatine-hill/hydra.nix
+++ b/systems/palatine-hill/hydra.nix
@@ -82,10 +82,10 @@ in
      '';
    };

-    nix-serve = {
-      enable = true;
-      secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
-    };
+    # nix-serve = {
+    #   enable = true;
+    #   secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
+    # };
    prometheus = {
      enable = true;
      webExternalUrl = "https://prom.alicehuston.xyz";
@@ -134,7 +134,7 @@ in
  sops = {
    secrets = {
      "hydra/environment".owner = "hydra";
-      "nix-serve/secret-key".owner = "root";
+      # "nix-serve/secret-key".owner = "root";
      "alice/gha-hydra-token" = {
        sopsFile = ../../users/alice/secrets.yaml;
        owner = "hydra";
--- a/systems/palatine-hill/plex/default.nix
+++ b/systems/palatine-hill/plex/default.nix
@@ -0,0 +1,28 @@
+{
+  pkgs,
+  ...
+}:
+let
+  vars = import ../vars.nix;
+in
+{
+  services.plex = {
+    enable = true;
+    dataDir = vars.primary_plex;
+  };
+  systemd.services.plex_permission = {
+    description = "maintains plex permissions";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
+    };
+  };
+  systemd.timers.plex_permission = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnBootSec = "1h";
+      OnCalendar = "daily 03:00";
+      Unit = "plex_permission.service";
+    };
+  };
+}
--- a/systems/palatine-hill/plex/plex_permission.sh
+++ b/systems/palatine-hill/plex/plex_permission.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+plex_dir="/ZFS/ZFS-primary/plex"
+
+chown docker-service:users -R "$plex_dir"
+find "$plex_dir" -type f -exec chmod 664 {} \;
+find "$plex_dir" -type d -exec chmod 775 {} \;
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -23,6 +23,8 @@ docker:
    redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
    act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
    collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
+    delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
+    protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
 acme:
    bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -41,8 +43,8 @@ sops:
            cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
            LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-30T04:36:41Z"
-    mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str]
+    lastmodified: "2025-06-01T23:54:50Z"
+    mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str]
    pgp:
        - created_at: "2024-11-28T18:56:39Z"
          enc: |-
--- a/systems/palatine-hill/vars.nix
+++ b/systems/palatine-hill/vars.nix
@@ -17,4 +17,6 @@ rec {
  primary_nextcloud = "${zfs_primary}/nextcloud";
  primary_redis = "${zfs_primary}/redis";
  primary_torr = "${zfs_primary}/torr";
+  primary_plex = "${zfs_primary}/plex";
+  primary_plex_storage = "${zfs_primary}/plex_storage";
 }
--- a/systems/selinunte/programs.nix
+++ b/systems/selinunte/programs.nix
@@ -52,7 +52,6 @@
    # nbt explorer?
    ncdu
    nemo-with-extensions
-    neofetch
    neovim
    nix-init
    nix-output-monitor
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@@ -14,5 +14,7 @@ import ../default.nix {
    ;
  publicKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588"
  ];
 }
--- a/users/alice/home.nix
+++ b/users/alice/home.nix
@@ -7,18 +7,17 @@
 }:

 {
-  imports =
-    [
-      ./home/zsh.nix
-      ./home/git.nix
-    ]
-    ++ lib.optionals (!machineConfig.server) [
-      ./home/gammastep.nix
-      ./home/doom
-      ./home/hypr
-      ./home/waybar.nix
-      ./non-server.nix
-    ];
+  imports = [
+    ./home/zsh.nix
+    ./home/git.nix
+  ]
+  ++ lib.optionals (!machineConfig.server) [
+    ./home/gammastep.nix
+    ./home/doom
+    ./home/hypr
+    ./home/waybar.nix
+    ./non-server.nix
+  ];

  home = {
    # # Adds the 'hello' command to your environment. It prints a friendly
@@ -55,7 +54,6 @@
      file
      sqlite
      ncdu
-      neofetch
      onefetch
      hyfetch
      smartmontools
@@ -76,6 +74,7 @@
      nix-prefetch
      nix-tree
      nh
+      home-manager

      # doom emacs dependencies
      fd
@@ -148,6 +147,9 @@
        };
      };
    };
+    fastfetch = {
+      enable = true;
+    };
  };

  services.ssh-agent.enable = true;
--- a/users/alice/home/zsh.nix
+++ b/users/alice/home/zsh.nix
@@ -72,7 +72,7 @@
      "sgc" = "sudo git -C /root/dotfiles";
      ## SSH
      "ssh-init" =
-        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
+        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";

      ## Backups
      "borgmatic-backup-quick" =
--- a/users/default.nix
+++ b/users/default.nix
@@ -14,6 +14,7 @@
  hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
  openssh.authorizedKeys.keys = publicKeys;
  extraGroups = [
+    "users"
    "wheel"
    "media"
    (lib.mkIf config.networking.networkmanager.enable "networkmanager")
--- a/utils/eval-to-drv.sh
+++ b/utils/eval-to-drv.sh
@@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
 parent_path=$(dirname "$script_path")
 out_path="$parent_path/$1.json"

-nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path"
+nix run git+https://nayeonie.com/ahuston-0/flake-update-diff --fallback -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path"
Author	SHA1	Message	Date
github-actions[bot]	c13c3d5f8f	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m32s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 15m29s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-08-25 01:36:27 +00:00
ahuston-0	a18179b5bb	Merge pull request 'automated: Update `flake.lock`' (#132 ) from update-flake-lock into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 9m37s Details Check Nix flake / Perform Nix flake checks (push) Successful in 14m38s Details Update flakes / update_lockfile (push) Failing after 36s Details Reviewed-on: #132	2025-08-10 19:10:20 -04:00
github-actions[bot]	6f240dfc0f	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m31s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 15m20s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-08-10 22:37:48 +00:00
ahuston-0	ef9cff8e52	Merge pull request 'update flake lock, disable extra stylix inputs, fix homemodule for nix index database' (#131 ) from update_flake_lock_action into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 9m27s Details Check Nix flake / Perform Nix flake checks (push) Successful in 16m5s Details Update flakes / update_lockfile (push) Failing after 12m34s Details Reviewed-on: #131	2025-08-01 00:58:33 -04:00
ahuston-0	b829225998	migrate to fastfetch All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m47s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 17m56s Details	2025-08-01 00:40:10 -04:00
ahuston-0	195eaeab4f	update intel-media-sdk to vpl-gpu-rt All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m40s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 22m50s Details	2025-08-01 00:16:57 -04:00
ahuston-0	4376cd1ced	update flake lock, disable extra stylix inputs, fix homemodule for nix index database Some checks failed Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m39s Details Check Nix flake / Perform Nix flake checks (pull_request) Failing after 18m57s Details	2025-08-01 00:03:47 -04:00
ahuston-0	5a54f8e153	Merge pull request 'automated: Update `flake.lock`' (#129 ) from update-flake-lock into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 9m55s Details Check Nix flake / Perform Nix flake checks (push) Failing after 14m37s Details Reviewed-on: #129	2025-07-31 23:51:28 -04:00
github-actions[bot]	e0e1159c20	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m31s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 15m2s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-07-11 12:22:10 +00:00
ahuston-0	2df1ef27e1	Merge pull request 'feature/home-config' (#130 ) from feature/home-config into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 9m39s Details Check Nix flake / Perform Nix flake checks (push) Successful in 14m38s Details Update flakes / update_lockfile (push) Failing after 23m0s Details Reviewed-on: #130	2025-07-08 01:26:38 -04:00
ahuston-0	f4ff5a6251	remove lix, add homes to hydra All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m40s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 14m52s Details	2025-07-08 01:10:59 -04:00
ahuston-0	8f8bb999a3	make restic repos private	2025-07-04 18:11:28 -04:00
ahuston-0	f11b0f9e0a	add home-manager module for non-nixos systems	2025-07-04 14:36:37 -04:00
ahuston-0	1ba29c6d07	Merge pull request 'feature/lix' (#128 ) from feature/lix into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 9m23s Details Check Nix flake / Perform Nix flake checks (push) Successful in 15m22s Details Update flakes / update_lockfile (push) Successful in 21m33s Details Reviewed-on: #128	2025-07-04 13:56:48 -04:00
ahuston-0	bb81c54d45	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	70037306ec	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	c310e8b5c3	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	afccd339e9	add lix to artemision	2025-07-04 13:56:48 -04:00
ahuston-0	8b5c833785	fix lix linting error	2025-07-04 13:56:48 -04:00
ahuston-0	b5841dd58e	Merge pull request 'automated: Update `flake.lock`' (#127 ) from update-flake-lock into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 9m38s Details Check Nix flake / Perform Nix flake checks (push) Successful in 14m44s Details Reviewed-on: #127	2025-07-04 11:19:47 -04:00
github-actions[bot]	49b684bf53	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m32s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 14m31s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-07-04 12:21:53 +00:00
ahuston-0	bb85894ae7	Merge pull request 'add parthenon key' (#126 ) from feature/add-parthenon into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 12s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m5s Details Update flakes / update_lockfile (push) Successful in 22m15s Details Reviewed-on: #126	2025-07-04 01:05:05 -04:00
ahuston-0	09ae81d71e	add parthenon key	2025-07-04 01:05:05 -04:00
ahuston-0	afa3cb8ca2	Merge pull request 'automated: Update `flake.lock`' (#125 ) from update-flake-lock into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 8s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m53s Details Reviewed-on: #125	2025-07-04 00:58:29 -04:00
github-actions[bot]	055f6d3509	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 32s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m45s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-07-03 12:15:15 +00:00
ahuston-0	cd54e7e381	Merge pull request 'automated: Update `flake.lock`' (#121 ) from update-flake-lock into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 14s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m4s Details Update flakes / update_lockfile (push) Successful in 15m10s Details Reviewed-on: #121	2025-06-29 18:01:50 -04:00
github-actions[bot]	6b9619f3e9	automated: Update `flake.lock` Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-06-29 18:01:50 -04:00
ahuston-0	726ff95163	Merge pull request 'Update utils/eval-to-drv.sh' (#124 ) from ahuston-0-patch-2 into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 17s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m7s Details Update flakes / update_lockfile (push) Failing after 13m34s Details Reviewed-on: #124	2025-06-28 15:30:04 -04:00
ahuston-0	8e806a9e83	Update utils/eval-to-drv.sh All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 13s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m46s Details	2025-06-28 15:15:17 -04:00
ahuston-0	7e56be3e73	Merge pull request 'Update systems/palatine-hill/docker/nextcloud.nix' (#123 ) from ahuston-0-patch-1 into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 13s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m26s Details Update flakes / update_lockfile (push) Failing after 2m47s Details Reviewed-on: #123	2025-06-16 00:10:12 -04:00
ahuston-0	7a4bace017	Update systems/palatine-hill/docker/nextcloud.nix All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 16s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 6m7s Details	2025-06-15 16:13:04 -04:00
ahuston-0	a731ab8f6b	Merge pull request 'Update users/alice/default.nix' (#122 ) from feature/add-pc into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 1m6s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m29s Details Update flakes / update_lockfile (push) Failing after 2m24s Details Reviewed-on: #122	2025-06-11 12:44:11 -04:00
ahuston-0	d3c0a06e59	Update users/alice/default.nix All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 14s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m16s Details	2025-06-11 12:38:47 -04:00
ahuston-0	c2679bf795	Merge pull request 'automated: Update `flake.lock`' (#119 ) from update-flake-lock into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 11s Details Check Nix flake / Perform Nix flake checks (push) Successful in 3m45s Details Update flakes / update_lockfile (push) Failing after 3m19s Details Reviewed-on: #119	2025-06-09 02:09:52 -04:00
github-actions[bot]	f3ddc65a66	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 17s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 4m11s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-06-08 12:10:47 +00:00
ahuston-0	ac210e99c3	Merge pull request 'feature/add-overseerr' (#120 ) from feature/add-overseerr into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 8s Details Check Nix flake / Perform Nix flake checks (push) Successful in 3m32s Details Update flakes / update_lockfile (push) Successful in 10m43s Details Reviewed-on: #120	2025-06-03 01:03:59 -04:00
ahuston-0	3a5178028e	add arr Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	a999eeef4e	enable pmp	2025-06-03 01:03:59 -04:00
ahuston-0	663640a4f7	newer -> always Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	d9303c47d3	newer -> always Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	f81e84adee	deref symlink scripts Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	0df73370bb	add pull=newer and disable autoRemoveOnStop for delugeVPN Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	f2551ca4df	add logging for protonvpn script	2025-06-03 01:03:59 -04:00
ahuston-0	794d15211c	enable startup scripts	2025-06-03 01:03:59 -04:00
ahuston-0	74c952d787	enable startup scripts	2025-06-03 01:03:59 -04:00
ahuston-0	5e6241e127	enable startup scripts	2025-06-03 01:03:59 -04:00
ahuston-0	2853321304	add users group	2025-06-03 01:03:59 -04:00
ahuston-0	7834c8226a	add startup script	2025-06-03 01:03:59 -04:00
ahuston-0	56cc36194d	fix ovpn	2025-06-03 01:03:59 -04:00
ahuston-0	8c6eae85ac	fix ovpn	2025-06-03 01:03:59 -04:00
ahuston-0	f29f341aca	disable plex	2025-06-03 01:03:59 -04:00
ahuston-0	8d61596306	add ovpn file Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	b173fe623e	fix capabilities	2025-06-03 01:03:59 -04:00
ahuston-0	701778b2ed	switch deluge to openvpn	2025-06-03 01:03:59 -04:00
ahuston-0	91a92f82a5	add various plex/arr services, remove nix-serve, add lynis config Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-03 01:03:59 -04:00
ahuston-0	36479499d6	Merge pull request 'fix settings' (#118 ) from feature/vesktop into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 10s Details Check Nix flake / Perform Nix flake checks (push) Successful in 4m49s Details Update flakes / update_lockfile (push) Successful in 11m57s Details Reviewed-on: #118	2025-06-01 14:30:30 -04:00