add sqlite for restores

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

.github/settings.yml

@@ -4,44 +4,60 @@ repository:
 
   # The name of the repository. Changing this will rename the repository
   name: nix-dotfiles
+
   # A short description of the repository that will show up on GitHub
   description: RAD-Dev Infra
+
   # A URL with more information about the repository
   # homepage: "https://nix-community.org"
 
   # A comma-separated list of topics to set on the repository
   topics: "nixos"
+
   # Either `true` to make the repository private, or `false` to make it public.
   private: false
+
   # Either `true` to enable issues for this repository, `false` to disable them.
   has_issues: true
+
   # Either `true` to enable projects for this repository, or `false` to disable them.
   # If projects are disabled for the organization, passing `true` will cause an API error.
   has_projects: true
+
   # Either `true` to enable the wiki for this repository, `false` to disable it.
   has_wiki: false
+
   # Either `true` to enable downloads for this repository, `false` to disable them.
   has_downloads: false
+
   # Updates the default branch for this repository.
   default_branch: main
+
   # Either `true` to allow squash-merging pull requests, or `false` to prevent
   # squash-merging.
   allow_squash_merge: true
+
   # Either `true` to allow merging pull requests with a merge commit, or `false`
   # to prevent merging pull requests with merge commits.
   allow_merge_commit: false
+
   # Either `true` to allow rebase-merging pull requests, or `false` to prevent
   # rebase-merging.
   allow_rebase_merge: true
+
   # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
   delete_branch_on_merge: true
+
   # Either `true` to enable automated security fixes, or `false` to disable
   # automated security fixes.
   enable_automated_security_fixes: true
+
   # Either `true` to enable vulnerability alerts, or `false` to disable
   # vulnerability alerts.
   enable_vulnerability_alerts: true
+
   allow_auto_merge: true
+
 # Labels: define labels for Issues and Pull Requests
 #
 labels:
@@ -88,16 +104,29 @@ labels:
   - name: automated
     color: '#42b528'
     description: PR was automatically generated (through a bot or CI/CD)
+
 # Milestones: define milestones for Issues and Pull Requests
 milestones:
   - title: Go-Live
     description: >-
-        All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated
+      All requirements for official go-live:
+      - Automated testing via Hydra/Actions
+      - Automated deployments via Hydra/Actions
+      - 90+% testing coverage
+      - Functional formatter with custom rules
+      - palatine-hill is fully stable, enough so that jeeves can be migrated
     # The state of the milestone. Either `open` or `closed`
     state: open
   - title: Jeeves Migration
     description: >-
-        Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support
+      Test common use-cases for Jeeves
+      - Quadro GPU support
+      - Multi-GPU support
+      - Plex support
+      - Docker support
+      - ZFS support
+
+
 # Collaborators: give specific users access to this repository.
 # See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
 collaborators:
@@ -121,6 +150,7 @@ teams:
     # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
     # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
     # permission: admin
+
 branches:
   # gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
 
@@ -135,6 +165,7 @@ branches:
   # `Maximum pull requests to merge`: 5
   # `Only merge non-failing pull requests`: true
   # `Consider check failed after`: 60 minutes
+
   - name: main
     # https://docs.github.com/en/rest/reference/repos#update-branch-protection
     # Branch Protection settings. Set to null to disable

.github/workflows/cache-merge.yml

@@ -0,0 +1,90 @@
+name: Nix CI
+on:
+  push:
+    # don't run on tags, run on commits
+    # https://github.com/orgs/community/discussions/25615
+    tags-ignore:
+      - "**"
+    branches:
+      - main
+  merge_group:
+  schedule:
+    - cron: 0 0 * * *
+  workflow_dispatch:
+
+jobs:
+  # Merge similar `individual` caches
+  # Purge `individual` caches and old `common` caches
+  # Save new `common` caches
+  merge-similar-caches:
+    name: Merge similar caches
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout this repo
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: https://github.com/DeterminateSystems/nix-installer-action@main
+
+      - run: nix profile install nixpkgs#sqlite
+
+      - uses: nix-community/cache-nix-action@v6
+        name: create and purge common cache
+        with:
+          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}
+          # if no hit on the primary key, restore individual caches that match `ci.yaml`
+          restore-prefixes-all-matches: |
+            similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # do purge caches
+          purge: true
+          # purge old versions of the `common` cache and any versions of individual caches
+          purge-prefixes: |
+            similar-cache-${{ matrix.os }}-common-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES  }}
+
+      - uses: nix-community/cache-nix-action@v6
+        name: purge some individual caches
+        with:
+          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}
+          # if no hit on the primary key, restore individual caches that match `ci.yaml`
+          restore-prefixes-all-matches: |
+            similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # do purge caches
+          purge: true
+          # purge old versions of the `common` cache and any versions of individual caches
+          purge-prefixes: |
+            similar-cache-${{ matrix.os }}-individual-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 259200
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES  }}
+
+  # Check that the `common` cache is restored correctly
+  merge-similar-caches-check:
+    name: Check a `common` cache is restored correctly
+    needs: merge-similar-caches
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout this repo
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: https://github.com/DeterminateSystems/nix-installer-action@main
+
+      - run: nix profile install nixpkgs#sqlite
+
+      - name: Restore Nix store
+        uses: nix-community/cache-nix-action@v6
+        with:
+          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}

.github/workflows/flake-health-checks.yml

@@ -5,12 +5,30 @@ on:
   pull_request:
     branches: ["main"]
   merge_group:
+
 jobs:
   health-check:
     name: "Perform Nix flake checks"
-        runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
     steps:
       - uses: DeterminateSystems/nix-installer-action@main
+
+      - uses: actions/checkout@v4
+
+      - run: nix profile install nixpkgs#sqlite
+
+      - name: Restore Nix store
+        id: restore
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # save a new cache every time `ci.yaml` changes
+          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
+          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
+
       - name: Setup Attic cache
         uses: ryanccn/attic-action@v0
         with:
@@ -18,14 +36,33 @@ jobs:
           cache: ${{ secrets.ATTIC_CACHE }}
           token: ${{ secrets.ATTIC_TOKEN }}
           skip-push: "true"
-            - uses: actions/checkout@v4
+
       - run: nix flake check --accept-flake-config
+
       - run: nix ./utils/attic-push.bash
+
   build-checks:
     name: "Build nix outputs"
-        runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
     steps:
       - uses: DeterminateSystems/nix-installer-action@main
+
+      - uses: actions/checkout@v4
+
+      - run: nix profile install nixpkgs#sqlite
+
+      - name: Restore Nix store
+        id: restore
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # save a new cache every time `ci.yaml` changes
+          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
+          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
+
       - name: Setup Attic cache
         uses: ryanccn/attic-action@v0
         with:
@@ -33,9 +70,25 @@ jobs:
           cache: ${{ secrets.ATTIC_CACHE }}
           token: ${{ secrets.ATTIC_TOKEN }}
           skip-push: "true"
-            - uses: actions/checkout@v4
+
       - name: Build all outputs
         run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
+
       - name: Push to Attic
         run: nix ./utils/attic-push.bash
         continue-on-error: true
+
+      - name: Save Nix store
+        if: steps.restore.outputs.hit == 'false'
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # save a new cache every time `ci.yaml` changes
+          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # do purge caches
+          purge: true
+          # purge all versions of the individual cache
+          purge-prefixes: similar-cache-${{ matrix.os }}-individual-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never

.github/workflows/flake-update.yml

@@ -7,12 +7,25 @@ on:
 jobs:
   update_lockfile:
     runs-on: ubuntu-latest
-        #if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
+    if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+
       - name: Install nix
         uses: https://github.com/DeterminateSystems/nix-installer-action@main
+
+      - run: nix profile install nixpkgs#sqlite
+
+      - name: Restore Nix store
+        id: restore
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # save a new cache every time `ci.yaml` changes
+          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
+          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
+
       - name: Setup Attic cache
         uses: ryanccn/attic-action@v0
         with:
@@ -20,8 +33,10 @@ jobs:
           cache: ${{ secrets.ATTIC_CACHE }}
           token: ${{ secrets.ATTIC_TOKEN }}
           skip-push: "true"
+
       - name: Get pre-snapshot of evaluations
         run: nix ./utils/eval-to-drv.sh pre
+
       - name: Update flake.lock
         id: update
         run: |
@@ -36,15 +51,22 @@ jobs:
           echo "EOF" >> $GITHUB_ENV
 
           rm update.log
+
       - name: Get post-snapshot of evaluations
         run: nix ./utils/eval-to-drv.sh post
+
       - name: Calculate diff
         run: nix ./utils/diff-evals.sh
-            - name: Read file contents
+
-              id: read_file
+      - name: Read diff into environment
-              uses: guibranco/github-file-reader-action-v2@latest
+        run: |
-              with:
+          delimiter="$(openssl rand -hex 8)"
-                path: "post-diff"
+          {
+          echo "POSTDIFF<<${delimiter}"
+          cat post-diff
+          echo "${delimiter}"
+          } >> $GITHUB_ENV
+
       - name: Write PR body template
         uses: https://github.com/DamianReeves/write-file-action@v1.3
         with:
@@ -57,7 +79,7 @@ jobs:
             ```
 
             ```
-                    ${{ steps.read_file.outputs.contents }}
+            {{ env.POSTDIFF }}
             ```
 
             Auto-generated by [update.yml][1] with the help of
@@ -65,16 +87,19 @@ jobs:
 
             [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
             [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
+
       - name: Generate PR body
         uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
         with:
           files: "pr_body.template"
           output-filename: "pr_body.md"
+
       - name: Save PR body
         id: pr_body
         uses: juliangruber/read-file-action@v1
         with:
           path: "pr_body.md"
+
       - name: Remove temporary files
         run: |
           rm pr_body.template
@@ -82,6 +107,7 @@ jobs:
           rm pre.json
           rm post.json
           rm post-diff
+
       - name: Create Pull Request
         id: create-pull-request
         # uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
@@ -95,14 +121,31 @@ jobs:
             automated: Update `flake.lock`
 
             ${{ steps.pr_body.outputs.content }}
+
           branch: update-flake-lock
           delete-branch: true
           pr-labels: |                  # Labels to be set on the PR
             dependencies
             automated
+
       - name: Push to Attic
         run: nix ./utils/attic-push.bash
         continue-on-error: true
+
+      - name: Save Nix store
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # save a new cache every time `ci.yaml` changes
+          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
+          # do purge caches
+          purge: true
+          # purge all versions of the individual cache
+          purge-prefixes: similar-cache-${{ matrix.os }}-individual-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+
       - name: Print PR number
         run: |
           echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."

.github/workflows/lock-health-checks.yml

@@ -5,6 +5,7 @@ on:
   pull_request:
     branches: ["main"]
   merge_group:
+
 jobs:
   health-check:
     name: "Check health of `flake.lock`"

.github/workflows/nix-fmt.yml

@@ -5,6 +5,7 @@ on:
   pull_request:
     branches: ["main"]
   merge_group:
+
 jobs:
   health-check:
     name: "Perform Nix format checks"

.sops.yaml

@@ -1,6 +1,7 @@
 keys:
   # The PGP keys in keys/
   - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
+
   # Generate AGE keys from SSH keys with:
   #   ssh-keygen -A
   #   nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
@@ -10,8 +11,10 @@ keys:
     #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
   - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
   # cspell:enable
+
 servers: &servers
   - *palatine-hill
+
 # add new users by executing: sops users/<user>/secrets.yaml
 # then have someone already in the repo run the below
 #
@@ -26,12 +29,14 @@ creation_rules:
           - *palatine-hill
           - *artemision
           - *artemision-home
+
   - path_regex: systems/palatine-hill/secrets.*\.yaml$
     key_groups:
       - pgp: 
           - *admin_alice
         age:
           - *palatine-hill
+
   - path_regex: systems/artemision/secrets.*\.yaml$
     key_groups:
       - pgp:

.vscode/settings.json

@@ -1,7 +1,5 @@
 {
-  "cSpell.enableFiletypes": [
+  "cSpell.enableFiletypes": ["nix"],
-    "nix"
-  ],
   "cSpell.words": [
     "aarch",
     "abmlevel",

docs/CONTRIBUTING.md

@@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
 | Branch Name      | Use Case                                                                                                                                                                                                                      |
 |------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | main             | protected branch which all machines pull from, do not try to push directly                                                                                                                                                    |
-| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use                                                                                                                                                       |
+| feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use                                                                                                                                                       |
-| fixup/\<item>   | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical                                                                                         |
+| fixup/\<item\>   | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical                                                                                         |
-| hotfix/\<item>  | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
+| hotfix/\<item\>  | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
-| urgent/\<item>  | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues                                                                                                           |
+| urgent/\<item\>  | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues                                                                                                           |
-| exp/\<item>     | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches                                                                                                  |
+| exp/\<item\>     | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches                                                                                                  |
-| merge/\<item>   | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch                                          |
+| merge/\<item\>   | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch                                          |
 
 ### Review Process
 

docs/sample-setup.sh

@@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
     lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
 fi
 
+
+
 if [ $CREATEPARTS = "Y" ]; then
     # Create partition table
     sudo parted "/dev/$DRIVE" -- mklabel gpt

flake.lock

@@ -78,11 +78,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1742773104,
+        "lastModified": 1740974607,
-        "narHash": "sha256-dAhrL+gEjNN5U/Sosy7IrX0Y0qPA0U7Gp9TBhqEliNU=",
+        "narHash": "sha256-YbAnhXYYOjG8OHX7v4BGj/tDQiFgkwe4JsqCjbFYjB0=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "d74460da63a8c08a69a1f143b04f2ab1a6b2f5c2",
+        "rev": "093c063a23aa38f31082a554f03899127750aee3",
         "type": "gitlab"
       },
       "original": {
@@ -95,11 +95,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1741628778,
+        "lastModified": 1739223196,
-        "narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
+        "narHash": "sha256-vAxN2f3rvl5q62gQQjZGVSvF93nAsOxntuFz+e/655w=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
+        "rev": "a89108e6272426f4eddd93ba17d0ea101c34fb21",
         "type": "github"
       },
       "original": {
@@ -127,11 +127,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1741352980,
+        "lastModified": 1740872218,
-        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
+        "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
+        "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
         "type": "github"
       },
       "original": {
@@ -232,11 +232,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741379162,
+        "lastModified": 1737465171,
-        "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
+        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
         "type": "github"
       },
       "original": {
@@ -312,11 +312,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742771635,
+        "lastModified": 1740845322,
-        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
+        "narHash": "sha256-AXEgFj3C0YJhu9k1OhbRhiA6FnDr81dQZ65U3DhaWpw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
+        "rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742213523,
+        "lastModified": 1740923452,
-        "narHash": "sha256-I8JVdQRu8eWvY5W8XWYZkdd5pojDHkxeqQV7mMIsbhs=",
+        "narHash": "sha256-iQNkVG0368H3kiwSYSs1N6sU7GhHSmx0b9y+Z+eO1+c=",
         "owner": "hyprwm",
         "repo": "contrib",
-        "rev": "bd81329944be53b0ffb99e05864804b95f1d7c65",
+        "rev": "6f0d5e16c534aeda47d99b4d20bb2a22bfc60c23",
         "type": "github"
       },
       "original": {
@@ -352,11 +352,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742701275,
+        "lastModified": 1740886574,
-        "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
+        "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
+        "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5",
         "type": "github"
       },
       "original": {
@@ -388,11 +388,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1740947705,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "507911df8c35939050ae324caccc7cf4ffb76565",
         "type": "github"
       },
       "original": {
@@ -403,11 +403,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1742806253,
+        "lastModified": 1740646007,
-        "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
+        "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
+        "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
         "type": "github"
       },
       "original": {
@@ -426,11 +426,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742419596,
+        "lastModified": 1741017582,
-        "narHash": "sha256-+Bw1HR4oX6vUbCMhwWbW+Nr20F+UesNdUd7b17s3ESE=",
+        "narHash": "sha256-2tscHztx6UxqeQTK0U1kLM74+6mSzROMNYJpKRDLMPM=",
         "owner": "SuperSandro2000",
         "repo": "nixos-modules",
-        "rev": "82491ff311152b87fe7cfbdaf545f727e0750aa9",
+        "rev": "c7c9219eb6ff26c203d22ba733e9e988499290f0",
         "type": "github"
       },
       "original": {
@@ -441,11 +441,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742800061,
+        "lastModified": 1740981371,
-        "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
+        "narHash": "sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
+        "rev": "1d2fe0135f360c970aee1d57a53f816f3c9bddae",
         "type": "github"
       },
       "original": {
@@ -457,31 +457,28 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1740877520,
+        "lastModified": 1740872140,
-        "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
+        "narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=",
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
-        "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
-        "type": "github"
       },
       "original": {
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
-        "type": "github"
       }
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1742751704,
+        "lastModified": 1735563628,
-        "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=",
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -496,11 +493,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1741693509,
+        "lastModified": 1740408283,
-        "narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=",
+        "narHash": "sha256-2xECnhgF3MU9YjmvOkrRp8wRFo2OjjewgCtlfckhL5s=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "5479646b2574837f1899da78bdf9a48b75a9fb27",
+        "rev": "496a4a11162bdffb9a7b258942de138873f019f7",
         "type": "github"
       },
       "original": {
@@ -520,11 +517,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1740915799,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
         "type": "github"
       },
       "original": {
@@ -562,11 +559,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742783666,
+        "lastModified": 1740969088,
-        "narHash": "sha256-IwdSl51NL6V0f+mYXZR0UTKaGleOsk9zV3l6kt5SUWw=",
+        "narHash": "sha256-BajboqzFnDhxVT0SXTDKVJCKtFP96lZXccBlT/43mao=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "60766d63c227d576510ecfb5edd3a687d56f6bc7",
+        "rev": "20fdb02098fdda9a25a2939b975abdd7bc03f62d",
         "type": "github"
       },
       "original": {
@@ -582,11 +579,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742700801,
+        "lastModified": 1739262228,
-        "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
         "type": "github"
       },
       "original": {
@@ -623,11 +620,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1742753562,
+        "lastModified": 1740959323,
-        "narHash": "sha256-EBXgl3sPi5AQUM58XGuuC8HQl/Df+Dbt6pOLInInJ/k=",
+        "narHash": "sha256-UtSKsLCWwA4wPFm7mgl33qeu8sj0on9Hyt3YhDWWkAM=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "d9df91c55643a8b5229a3ae3a496a30f14965457",
+        "rev": "489833b201a84488c6b4371a261fdbcafa6abcb6",
         "type": "github"
       },
       "original": {
@@ -703,11 +700,11 @@
     "tinted-schemes": {
       "flake": false,
       "locked": {
-        "lastModified": 1741468895,
+        "lastModified": 1740351358,
-        "narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
+        "narHash": "sha256-Hdk850xgAd3DL8KX0AbyU7tC834d3Lej1jOo3duWiOA=",
         "owner": "tinted-theming",
         "repo": "schemes",
-        "rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
+        "rev": "a1bc2bd89e693e7e3f5764cfe8114e2ae150e184",
         "type": "github"
       },
       "original": {
@@ -719,11 +716,11 @@
     "tinted-tmux": {
       "flake": false,
       "locked": {
-        "lastModified": 1740877430,
+        "lastModified": 1740272597,
-        "narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
+        "narHash": "sha256-/etfUV3HzAaLW3RSJVwUaW8ULbMn3v6wbTlXSKbcoWQ=",
         "owner": "tinted-theming",
         "repo": "tinted-tmux",
-        "rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
+        "rev": "b6c7f46c8718cc484f2db8b485b06e2a98304cd0",
         "type": "github"
       },
       "original": {

flake.nix

@@ -26,8 +26,7 @@
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     #nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable";
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    #nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
     systems.url = "github:nix-systems/default";
 
     # attic = {

modules/update.nix

@@ -10,10 +10,10 @@
   };
 
   system.autoUpgrade = {
-    enable = lib.mkDefault true;
+    enable = lib.mkDefault false;
     flags = [ "--accept-flake-config" ];
     randomizedDelaySec = "1h";
     persistent = true;
-    flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
+    flake = "github:RAD-Development/nix-dotfiles";
   };
 }

shell.nix

@@ -45,10 +45,6 @@ forEachSystem (
         treefmt
         statix
         nixfmt-rfc-style
-        jsonfmt
-        mdformat
-        shfmt
-        yamlfmt
       ];
     };
   in

systems/artemision/configuration.nix

@@ -32,7 +32,7 @@
   };
 
   boot = {
-    #kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
+    kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
     useSystemdBoot = true;
     default = true;
   };
@@ -83,14 +83,11 @@
 
   users.users.alice.extraGroups = [ "calibre-web" ];
 
+  system.autoUpgrade.enable = false;
   system.stateVersion = "24.05";
 
   programs.adb.enable = true;
 
-  environment.variables = {
-    "KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
-  };
-
   sops = {
     defaultSopsFile = ./secrets.yaml;
     #secrets = {

systems/artemision/desktop.nix

@@ -7,7 +7,6 @@
     hyprland = {
       enable = true;
       xwayland.enable = true;
-      withUWSM = true;
     };
     hyprlock.enable = true;
     gnupg.agent = {

systems/artemision/programs.nix

@@ -18,6 +18,8 @@
     croc
     deadnix
     direnv
+    discord
+    discord-canary
     easyeffects
     eza
     fanficfare
@@ -42,7 +44,6 @@
     kitty
     kubectl
     kubernetes-helm
-    libreoffice-fresh
     libtool
     lsof
     lynis

systems/palatine-hill/docker/act-runner.nix

@@ -6,7 +6,6 @@
 let
   vars = import ../vars.nix;
   act_path = vars.primary_act;
-  act_config_path = ./act_config.yaml;
 in
 {
   virtualisation.oci-containers.containers = {
@@ -21,7 +20,7 @@ in
       };
       ports = [ "8088:8088" ];
       volumes = [
-        "${act_config_path}:/config.yaml"
+        "${act_path}/stable-latest-main/config.yaml:/config.yaml"
         "${act_path}/stable-latest-main/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
       ];
@@ -43,7 +42,7 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${./act_config.yaml}:/config.yaml"
+        "${act_path}/stable-latest-1/config.yaml:/config.yaml"
         "${act_path}/stable-latest-1/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
       ];
@@ -65,7 +64,7 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${act_config_path}:/config.yaml"
+        "${act_path}/stable-latest-2/config.yaml:/config.yaml"
         "${act_path}/stable-latest-2/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
       ];
@@ -76,6 +75,72 @@ in
       environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
       log-driver = "local";
     };
+
+    act-stable-latest-3 = {
+      image = "gitea/act_runner:latest";
+      extraOptions = [
+        "--stop-signal=SIGINT"
+      ];
+      labels = {
+        "com.centurylinklabs.watchtower.enable" = "true";
+        "com.centurylinklabs.watchtower.scope" = "act-runner";
+      };
+      volumes = [
+        "${act_path}/stable-latest-3/config.yaml:/config.yaml"
+        "${act_path}/stable-latest-3/data:/data"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+      environment = {
+        CONFIG_FILE = "/config.yaml";
+        GITEA_RUNNER_NAME = "stable-latest-3";
+      };
+      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
+      log-driver = "local";
+    };
+
+    act-stable-latest-4 = {
+      image = "gitea/act_runner:latest";
+      extraOptions = [
+        "--stop-signal=SIGINT"
+      ];
+      labels = {
+        "com.centurylinklabs.watchtower.enable" = "true";
+        "com.centurylinklabs.watchtower.scope" = "act-runner";
+      };
+      volumes = [
+        "${act_path}/stable-latest-4/config.yaml:/config.yaml"
+        "${act_path}/stable-latest-4/data:/data"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+      environment = {
+        CONFIG_FILE = "/config.yaml";
+        GITEA_RUNNER_NAME = "stable-latest-4";
+      };
+      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
+      log-driver = "local";
+    };
+
+    act-stable-latest-5 = {
+      image = "gitea/act_runner:latest";
+      extraOptions = [
+        "--stop-signal=SIGINT"
+      ];
+      labels = {
+        "com.centurylinklabs.watchtower.enable" = "true";
+        "com.centurylinklabs.watchtower.scope" = "act-runner";
+      };
+      volumes = [
+        "${act_path}/stable-latest-5/config.yaml:/config.yaml"
+        "${act_path}/stable-latest-5/data:/data"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+      environment = {
+        CONFIG_FILE = "/config.yaml";
+        GITEA_RUNNER_NAME = "stable-latest-5";
+      };
+      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
+      log-driver = "local";
+    };
   };
 
   systemd = {
@@ -103,9 +168,7 @@ in
     "docker/act-runner" = {
       owner = "root";
       restartUnits = [
-        "docker-act-stable-latest-main.service"
         "docker-act-stable-latest-1.service"
-        "docker-act-stable-latest-2.service"
       ];
     };
   };

systems/palatine-hill/docker/act_config.yaml

@@ -1,95 +0,0 @@
-# Example configuration file, it's safe to copy this as the default config file without any modification.
-# You don't have to copy this file to your instance,
-# just run `./act_runner generate-config > config.yaml` to generate a config file.
-log:
-    # The level of logging, can be trace, debug, info, warn, error, fatal
-    level: debug
-runner:
-    # Where to store the registration result.
-    file: .runner
-    # Execute how many tasks concurrently at the same time.
-    capacity: 1
-    # Extra environment variables to run jobs.
-    envs:
-        A_TEST_ENV_NAME_1: a_test_env_value_1
-        A_TEST_ENV_NAME_2: a_test_env_value_2
-    # Extra environment variables to run jobs from a file.
-    # It will be ignored if it's empty or the file doesn't exist.
-    env_file: .env
-    # The timeout for a job to be finished.
-    # Please note that the Gitea instance also has a timeout (3h by default) for the job.
-    # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
-    timeout: 3h
-    # The timeout for the runner to wait for running jobs to finish when shutting down.
-    # Any running jobs that haven't finished after this timeout will be cancelled.
-    shutdown_timeout: 30m
-    # Whether skip verifying the TLS certificate of the Gitea instance.
-    insecure: false
-    # The timeout for fetching the job from the Gitea instance.
-    fetch_timeout: 5s
-    # The interval for fetching the job from the Gitea instance.
-    fetch_interval: 2s
-    # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
-    # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
-    # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
-    # If it's empty when registering, it will ask for inputting labels.
-    # If it's empty when execute `daemon`, will use labels in `.runner` file.
-    labels:
-        - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
-        - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
-        - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
-        #cache:
-    # Enable cache server to use actions/cache.
-    #enabled: true
-    # The directory to store the cache data.
-    # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
-    #dir: ""
-    # The host of the cache server.
-    # It's not for the address to listen, but the address to connect from job containers.
-    # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
-    #host: ""
-    # The port of the cache server.
-    # 0 means to use a random available port.
-    #port: 0
-    # The external cache server URL. Valid only when enable is true.
-    # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
-    # The URL should generally end with "/".
-    #external_server: ""
-container:
-    # Specifies the network to which the container will connect.
-    # Could be host, bridge or the name of a custom network.
-    # If it's empty, act_runner will create a network automatically.
-    network: ""
-    # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
-    privileged: false
-    # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
-    options:
-    # The parent directory of a job's working directory.
-    # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
-    # If the path starts with '/', the '/' will be trimmed.
-    # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
-    # If it's empty, /workspace will be used.
-    workdir_parent:
-    # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
-    # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
-    # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
-    # valid_volumes:
-    #   - data
-    #   - /src/*.json
-    # If you want to allow any volume, please use the following configuration:
-    # valid_volumes:
-    #   - '**'
-    valid_volumes: []
-    # overrides the docker client host with the specified one.
-    # If it's empty, act_runner will find an available docker host automatically.
-    # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
-    # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
-    docker_host: ""
-    # Pull docker image(s) even if already present
-    force_pull: true
-    # Rebuild docker image(s) even if already present
-    force_rebuild: false
-host:
-    # The parent directory of a job's working directory.
-    # If it's empty, $HOME/.cache/act/ will be used.
-    workdir_parent:

systems/palatine-hill/docker/default.nix

@@ -31,47 +31,47 @@
     default-address-pools = [
       {
         base = "169.254.2.0/23";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.4.0/22";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.8.0/21";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.16.0/20";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.32.0/19";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.64.0/18";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.128.0/18";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.192.0/19";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.224.0/20";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.240.0/21";
-        size = 28;
+        size = "28";
       }
       {
         base = "169.254.248.0/22";
-        size = 28;
+        size = "28";
       }
     ];
     mtu = 9000;

systems/palatine-hill/docker/minecraft.nix

@@ -9,31 +9,31 @@ let
     divinejourney = "dj.alicehuston.xyz";
     rlcraft = "rlcraft.alicehuston.xyz";
     arcanum-institute = "arcanum.alicehuston.xyz";
-    # bcg-plus = "bcg.alicehuston.xyz";
+    bcg-plus = "bcg.alicehuston.xyz";
   };
 
   defaultServer = "rlcraft";
 
-  # defaultEnv = {
+  defaultEnv = {
-  #   EULA = "true";
+    EULA = "true";
-  #   TYPE = "AUTO_CURSEFORGE";
+    TYPE = "AUTO_CURSEFORGE";
-  #   STOP_SERVER_ANNOUNCE_DELAY = "120";
+    STOP_SERVER_ANNOUNCE_DELAY = "120";
-  #   STOP_DURATION = "600";
+    STOP_DURATION = "600";
-  #   SYNC_CHUNK_WRITES = "false";
+    SYNC_CHUNK_WRITES = "false";
-  #   USE_AIKAR_FLAGS = "true";
+    USE_AIKAR_FLAGS = "true";
-  #   MEMORY = "8GB";
+    MEMORY = "8GB";
-  #   ALLOW_FLIGHT = "true";
+    ALLOW_FLIGHT = "true";
-  #   MAX_TICK_TIME = "-1";
+    MAX_TICK_TIME = "-1";
-  # };
+  };
 
-  # defaultOptions = [
+  defaultOptions = [
-  #   "--stop-signal=SIGTERM"
+    "--stop-signal=SIGTERM"
-  #   "--stop-timeout=1800"
+    "--stop-timeout=1800"
-  #   "--network=minecraft-net"
+    "--network=minecraft-net"
-  # ];
+  ];
 
-  # vars = import ../vars.nix;
+  vars = import ../vars.nix;
-  # minecraft_path = "${vars.primary_games}/minecraft";
+  minecraft_path = "${vars.primary_games}/minecraft";
 in
 {
   virtualisation.oci-containers.containers = {
@@ -67,24 +67,24 @@ in
     #   log-driver = "local";
     #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
     # };
-    # bcg-plus = {
+    bcg-plus = {
-    #   image = "itzg/minecraft-server:java17";
+      image = "itzg/minecraft-server:java17";
-    #   volumes = [
+      volumes = [
-    #     "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
+        "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
-    #     "${minecraft_path}/bcg-plus/data:/data"
+        "${minecraft_path}/bcg-plus/data:/data"
-    #   ];
+      ];
-    #   hostname = "bcg-plus";
+      hostname = "bcg-plus";
-    #   environment = defaultEnv // {
+      environment = defaultEnv // {
-    #     VERSION = "1.17";
+        VERSION = "1.17";
-    #     CF_SLUG = "bcg";
+        CF_SLUG = "bcg";
-    #     DIFFICULTY = "normal";
+        DIFFICULTY = "normal";
-    #     DEBUG = "true";
+        DEBUG = "true";
-    #     # ENABLE_COMMAND_BLOCK = "true";
+        # ENABLE_COMMAND_BLOCK = "true";
-    #   };
+      };
-    #   extraOptions = defaultOptions;
+      extraOptions = defaultOptions;
-    #   log-driver = "local";
+      log-driver = "local";
-    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
+      environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
-    # };
+    };
   };
 
   sops = {

systems/palatine-hill/docker/nextcloud.nix

@@ -100,7 +100,7 @@ in
       };
       "docker/collabora" = {
         owner = "www-data";
-        restartUnits = [ "docker-collabora-code.service" ];
+        restartUnits = [ "docker-collabora.service" ];
       };
     };
   };

treefmt.toml

@@ -12,21 +12,3 @@ command = "nixfmt"
 #options = []
 # Glob pattern of files to include
 includes = [ "*.nix" ]
-
-[formatter.jsonfmt]
-command = "jsonfmt"
-excludes = []
-includes = ["*.json"]
-options = ["-w"]
-
-[formatter.shfmt]
-command = "shfmt"
-excludes = []
-includes = ["*.sh", "*.bash", "*.envrc", "*.envrc.*"]
-options = ["-i", "2", "-s", "-w"]
-
-[formatter.yamlfmt]
-command = "yamlfmt"
-excludes = []
-includes = ["*.yaml", "*.yml"]
-options = ["-formatter","indent=4"]

users/alice/home.nix

@@ -16,7 +16,6 @@
       ./home/gammastep.nix
       ./home/doom
       ./home/hypr
-      ./home/waybar.nix
       ./non-server.nix
     ];
 

users/alice/home/hypr/default.nix

@@ -8,7 +8,6 @@
 {
   xdg.configFile = {
     "hypr/hyprland.conf".source = ./hyprland.conf;
-    "hypr/show-hide.sh".source = ./show-hide.sh;
   };
 
   imports = [

users/alice/home/hypr/hypridle.nix

@@ -18,14 +18,14 @@
       listener = [
         {
           timeout = 150; # 2.5min.
-          on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+          on-timeout = "brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
-          on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; # monitor backlight restore.
+          on-resume = "brightnessctl -r"; # monitor backlight restore.
         }
         # turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
         {
           timeout = 150; # 2.5min.
-          on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
+          on-timeout = "brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
-          on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
+          on-resume = "brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
         }
         {
           timeout = 300; # 5min

users/alice/home/hypr/hyprland.conf

@@ -22,9 +22,6 @@ monitor=,preferred,auto,auto
 # exec-once = waybar & hyprpaper & firefox
 exec-once = wired &
 
-exec-once = wired
-exec-once = systemctl --user start polkit-gnome-authentication-agent-1.service
-
 # Source a file (multi-file configs)
 # source = ~/.config/hypr/myColors.conf
 
@@ -210,7 +207,3 @@ bind = $mainMod, P, exec, bwm
 
 # lock screen
 bind = $mainMod, L, exec, loginctl lock-session
-# hide active window
-bind = $mainMod,H,exec,/home/alice/config/hypr/hide_unhide_window.sh h
-# show hide window
-bind = $mainMod,I,exec,/home/alice/config/hypr/hide_unhide_window.sh s

users/alice/home/hypr/hyprlock.nix

@@ -11,8 +11,7 @@
     settings = {
       general = {
         immediate_render = true;
-        # disabling as config doesn't exist
+        no_fade_in = true;
-        #no_fade_in = true;
       };
       background = {
         monitor = "";
@@ -55,8 +54,7 @@
         dots_spacing = 0.15; # Scale of dots' absolute size, -1.0 - 1.0
         dots_center = false;
         dots_rounding = -1; # -1 default circle, -2 follow input-field rounding
-        # disabling as config doesn't exist
+        dots_fade_time = 200; # Milliseconds until a dot fully fades in
-        # dots_fade_time = 200; # Milliseconds until a dot fully fades in
         dots_text_format = ""; # Text character used for the input indicator. Leave empty for a rectangle that will be rounded via dots_rounding (default).
         # disabling due to stylix
         # outer_color = "rgb(151515)";
@@ -72,8 +70,7 @@
         #fail_color = "rgb(204, 34, 34)"; # if authentication failed, changes outer_color and fail message color
         fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>"; # can be set to empty
         fail_timeout = 2000; # milliseconds before fail_text and fail_color disappears
-        # disabling as config doesn't exist
+        fail_transition = 300; # transition time in ms between normal outer_color and fail_color
-        #fail_transition = 300; # transition time in ms between normal outer_color and fail_color
         capslock_color = -1;
         numlock_color = -1;
         bothlock_color = -1; # when both locks are active. -1 means don't change outer color (same for above)

users/alice/home/hypr/show-hide.sh

@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-stack_file="/tmp/hide_window_pid_stack.txt"
-
-function hide_window() {
-  pid=$(hyprctl activewindow -j | jq '.pid')
-  hyprctl dispatch movetoworkspacesilent "88,pid:$pid"
-  echo "$pid" >>$stack_file
-}
-
-function show_window() {
-  pid=$(tail -1 $stack_file && sed -i '$d' $stack_file)
-  [ -z "$pid" ] && exit
-
-  current_workspace=$(hyprctl activeworkspace -j | jq '.id')
-  hyprctl dispatch movetoworkspacesilent "$current_workspace,pid:$pid"
-}
-
-if [ -n "$1" ]; then
-  if [ "$1" == "h" ]; then
-    hide_window >>/dev/null
-  else
-    show_window >>/dev/null
-  fi
-fi

users/alice/home/waybar.json

@@ -1,40 +0,0 @@
-[
-  {
-    "height": 20,
-    "layer": "top",
-    "position": "top",
-    "output": [
-      "eDP-2",
-      "eDP-1",
-      "HDMI-0",
-      "DP-0"
-    ],
-    "hyprland/workspaces": {
-      "active-only": true,
-      "all-outputs": false,
-      "show-special": true,
-      "move-to-monitor": true,
-      "format": "{icon} {windows}",
-      "format-window-separator": " ",
-      "format-icons": {
-        "1": "󰎤",
-        "2": "󰎧",
-        "3": "󰎪",
-        "default": "",
-        "empty": "󱓼",
-        "urgent": "󱨇"
-      },
-      "persistent-workspaces": {
-        "1": "HDMI-0"
-      },
-      "on-scroll-down": "hyprctl dispatch workspace e-1",
-      "on-scroll-up": "hyprctl dispatch workspace e+1",
-      "window-rewrite": {
-        "title<Steam>": ""
-      },
-      "window-rewrite-default": "",
-      "window-rewrite-separator": " ",
-      "sort-by": "number"
-    }
-  }
-]

users/alice/home/waybar.nix

@@ -2,6 +2,6 @@
 lib.mkIf (!machineConfig.server) {
   programs.waybar = {
     enable = true;
-    settings = builtins.fromJSON (builtins.readFile ./waybar.json);
+    #settings = builtins.fromJSON (import ./waybar.json);
   };
 }

users/alice/non-server.nix

@@ -64,6 +64,5 @@
     zathura
     obsidian
     libreoffice-qt-fresh
-    wlr-randr
   ];
 }

users/alice/secrets.yaml

@@ -8,7 +8,6 @@ alice:
     attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
     attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
     attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
-    gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -42,8 +41,8 @@ sops:
             ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
             7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-18T22:08:52Z"
+    lastmodified: "2025-01-26T04:17:36Z"
-    mac: ENC[AES256_GCM,data:3Hr8FyzfZvvtyusqdDOjggDGFlBwyOq2VND+/jtNbY5i5JPK+qTkamn98IKkcHSPooaIVzEAek91fZDo90mYRhCzEwfbLATmFXPHsZHUg+5nD8VzcNUWQDb2/ey4RPhzTMtXfY9v9wdIcTdBKYKSZ61puptSX8nJ2S74ag6B5AY=,iv:J+VxUvwWE496DqTsVXdlpxgkf8zGT9uDvt6RLrmc0n0=,tag:X2Qg3DDzOTBDqo+6eQPHvw==,type:str]
+    mac: ENC[AES256_GCM,data:BJ5d3iqdIBwqtnYOYfmsFqnJDXz67uzJ4UKWrjVUEgr4Nc95tE8mEyV40poZk/wAJGJMSDdRhsPmZI4H1xztkjkTsUCUJ2rR+SZ6gP1VhSEXu7bSvv63+bnajZQi9kZrfN0EZN8TLzzVHVvSVHcNEfbq9STWkZq6zCk9E2cUfhk=,iv:MQ/lQkNi/S3bfz1PegcVfwy06RsxdQwZIU6sdOjkhgU=,tag:l5tK1SUwjTolliPkbfNDHg==,type:str]
     pgp:
         - created_at: "2024-09-05T06:10:22Z"
           enc: |-
@@ -58,4 +57,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.9.3

utils/attic-push.bash

@@ -11,15 +11,17 @@ set -e
 #   | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
 
 # retrieve all paths
-nix_paths=$(nix path-info --json --all --closure-size |
+nix_paths=$(nix path-info --json --all --closure-size \
-  jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' |
+  | jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' \
-  jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
+  | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
+
 
 readarray -t nix_path_array < <(echo "$nix_paths")
 
 batchsize=1000
 
-for ((i = 0; i < ${#nix_path_array[@]}; i += batchsize)); do
+for((i=0; i < ${#nix_path_array[@]}; i+=batchsize))
+do
     part=( "${nix_path_array[@]:i:batchsize}" )
 
     attic push nix-cache "${part[@]}"

utils/sops-mergetool-new.sh

@@ -2,10 +2,7 @@
 
 # Rename CLI parameters to friendlier names
 # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
-base="$1"
+base="$1"; local_="$2"; remote="$3"; merged="$4"
-local_="$2"
-remote="$3"
-merged="$4"
 
 # Load the mergetool scripts
 TOOL_MODE=merge
@@ -65,3 +62,4 @@ run_merge_tool "${mergetool}" true
 
 # Re-encrypt content
 sops --encrypt "$merged_decrypted" > "$merged"
+

utils/sops-mergetool.sh

@@ -6,10 +6,7 @@ set -x
 
 # Rename our variables to friendlier equivalents
 # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
-base="$1"
+base="$1"; local_="$2"; remote="$3"; merged="$4"
-local_="$2"
-remote="$3"
-merged="$4"
 
 echo "$base"
 echo "$local_"
@@ -21,7 +18,7 @@ echo "$merged"
 mergetool="$(git config --get merge.tool)"
 GIT_DIR="$(git --exec-path)"
 if test "$mergetool" = ""; then
-  echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2
+  echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
   exit 1
 fi
 
@@ -86,3 +83,4 @@ set -eu
 
 # Re-encrypt content
 sops --encrypt "$merged_decrypted" > "$merged"
+