add sqlite for restores

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
add token to cache-merge
2025-03-10 12:33:33 -04:00 · 2025-03-10 09:49:19 -04:00 · 2025-03-10 09:48:44 -04:00 · 2025-03-10 01:23:20 -04:00 · 2025-03-10 01:06:56 -04:00 · 2025-03-10 00:48:57 -04:00
60 changed files with 1034 additions and 1092 deletions
--- a/.github/settings.yml
+++ b/.github/settings.yml
@ -4,44 +4,60 @@ repository:
  # The name of the repository. Changing this will rename the repository
  name: nix-dotfiles
  # A short description of the repository that will show up on GitHub
  description: RAD-Dev Infra
  # A URL with more information about the repository
  # homepage: "https://nix-community.org"
  # A comma-separated list of topics to set on the repository
  topics: "nixos"
  # Either `true` to make the repository private, or `false` to make it public.
  private: false
  # Either `true` to enable issues for this repository, `false` to disable them.
  has_issues: true
  # Either `true` to enable projects for this repository, or `false` to disable them.
  # If projects are disabled for the organization, passing `true` will cause an API error.
  has_projects: true
  # Either `true` to enable the wiki for this repository, `false` to disable it.
  has_wiki: false
  # Either `true` to enable downloads for this repository, `false` to disable them.
  has_downloads: false
  # Updates the default branch for this repository.
  default_branch: main
  # Either `true` to allow squash-merging pull requests, or `false` to prevent
  # squash-merging.
  allow_squash_merge: true
  # Either `true` to allow merging pull requests with a merge commit, or `false`
  # to prevent merging pull requests with merge commits.
  allow_merge_commit: false
  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
  # rebase-merging.
  allow_rebase_merge: true
  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
  delete_branch_on_merge: true
  # Either `true` to enable automated security fixes, or `false` to disable
  # automated security fixes.
  enable_automated_security_fixes: true
  # Either `true` to enable vulnerability alerts, or `false` to disable
  # vulnerability alerts.
  enable_vulnerability_alerts: true
  allow_auto_merge: true
 # Labels: define labels for Issues and Pull Requests
 #
 labels:
@ -88,39 +104,53 @@ labels:
  - name: automated
    color: '#42b528'
    description: PR was automatically generated (through a bot or CI/CD)
 # Milestones: define milestones for Issues and Pull Requests
 milestones:
  - title: Go-Live
    description: >-
-        All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated
+      All requirements for official go-live:
      - Automated testing via Hydra/Actions
      - Automated deployments via Hydra/Actions
      - 90+% testing coverage
      - Functional formatter with custom rules
      - palatine-hill is fully stable, enough so that jeeves can be migrated
    # The state of the milestone. Either `open` or `closed`
    state: open
  - title: Jeeves Migration
    description: >-
-        Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support
+      Test common use-cases for Jeeves
      - Quadro GPU support
      - Multi-GPU support
      - Plex support
      - Docker support
      - ZFS support
 # Collaborators: give specific users access to this repository.
 # See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
 collaborators:
-# - username: numtide-bot
+  # - username: numtide-bot
-# Note: `permission` is only valid on organization-owned repositories.
+  # Note: `permission` is only valid on organization-owned repositories.
-# The permission to grant the collaborator. Can be one of:
+  # The permission to grant the collaborator. Can be one of:
-# * `pull` - can pull, but not push to or administer this repository.
+  # * `pull` - can pull, but not push to or administer this repository.
-# * `push` - can pull and push, but not administer this repository.
+  # * `push` - can pull and push, but not administer this repository.
-# * `admin` - can pull, push and administer this repository.
+  # * `admin` - can pull, push and administer this repository.
-# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+  # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
-# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
+  # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
-# permission: push
+  # permission: push
 # See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
 teams:
-# - name: admin
+  # - name: admin
-# The permission to grant the team. Can be one of:
+    # The permission to grant the team. Can be one of:
-# * `pull` - can pull, but not push to or administer this repository.
+    # * `pull` - can pull, but not push to or administer this repository.
-# * `push` - can pull and push, but not administer this repository.
+    # * `push` - can pull and push, but not administer this repository.
-# * `admin` - can pull, push and administer this repository.
+    # * `admin` - can pull, push and administer this repository.
-# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+    # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
-# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
+    # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
-# permission: admin
+    # permission: admin
 branches:
  # gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
@ -135,6 +165,7 @@ branches:
  # `Maximum pull requests to merge`: 5
  # `Only merge non-failing pull requests`: true
  # `Consider check failed after`: 60 minutes
  - name: main
    # https://docs.github.com/en/rest/reference/repos#update-branch-protection
    # Branch Protection settings. Set to null to disable
--- a/.github/workflows/cache-merge.yml
+++ b/.github/workflows/cache-merge.yml
@ -0,0 +1,90 @@
 name: Nix CI
 on:
  push:
    # don't run on tags, run on commits
    # https://github.com/orgs/community/discussions/25615
    tags-ignore:
      - "**"
    branches:
      - main
  merge_group:
  schedule:
    - cron: 0 0 * * *
  workflow_dispatch:
 jobs:
  # Merge similar `individual` caches
  # Purge `individual` caches and old `common` caches
  # Save new `common` caches
  merge-similar-caches:
    name: Merge similar caches
    strategy:
      matrix:
        os: [ubuntu-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout this repo
        uses: actions/checkout@v4
      - name: Install nix
        uses: https://github.com/DeterminateSystems/nix-installer-action@main
      - run: nix profile install nixpkgs#sqlite
      - uses: nix-community/cache-nix-action@v6
        name: create and purge common cache
        with:
          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}
          # if no hit on the primary key, restore individual caches that match `ci.yaml`
          restore-prefixes-all-matches: |
            similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # do purge caches
          purge: true
          # purge old versions of the `common` cache and any versions of individual caches
          purge-prefixes: |
            similar-cache-${{ matrix.os }}-common-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 0
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES  }}
      - uses: nix-community/cache-nix-action@v6
        name: purge some individual caches
        with:
          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}
          # if no hit on the primary key, restore individual caches that match `ci.yaml`
          restore-prefixes-all-matches: |
            similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # do purge caches
          purge: true
          # purge old versions of the `common` cache and any versions of individual caches
          purge-prefixes: |
            similar-cache-${{ matrix.os }}-individual-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 259200
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES  }}
  # Check that the `common` cache is restored correctly
  merge-similar-caches-check:
    name: Check a `common` cache is restored correctly
    needs: merge-similar-caches
    strategy:
      matrix:
        os: [ubuntu-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout this repo
        uses: actions/checkout@v4
      - name: Install nix
        uses: https://github.com/DeterminateSystems/nix-installer-action@main
      - run: nix profile install nixpkgs#sqlite
      - name: Restore Nix store
        uses: nix-community/cache-nix-action@v6
        with:
          primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('flake.lock') }}
--- a/.github/workflows/flake-health-checks.yml
+++ b/.github/workflows/flake-health-checks.yml
@ -5,12 +5,30 @@ on:
  pull_request:
    branches: ["main"]
  merge_group:
 jobs:
  health-check:
    name: "Perform Nix flake checks"
-        runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]
    steps:
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: actions/checkout@v4
      - run: nix profile install nixpkgs#sqlite
      - name: Restore Nix store
        id: restore
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
@ -18,24 +36,59 @@ jobs:
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
          skip-push: "true"
-            - uses: actions/checkout@v4
+
      - run: nix flake check --accept-flake-config
      - run: nix ./utils/attic-push.bash
-    # build-checks:
+
-    #     name: "Build nix outputs"
+  build-checks:
-    #     runs-on: ubuntu-latest
+    name: "Build nix outputs"
-    #     steps:
+    runs-on: ${{ matrix.os }}
-    #         - uses: DeterminateSystems/nix-installer-action@main
+    strategy:
-    #         - name: Setup Attic cache
+      matrix:
-    #           uses: ryanccn/attic-action@v0
+        os: [ubuntu-latest]
-    #           with:
+    steps:
-    #             endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+      - uses: DeterminateSystems/nix-installer-action@main
-    #             cache: ${{ secrets.ATTIC_CACHE }}
+
-    #             token: ${{ secrets.ATTIC_TOKEN }}
+      - uses: actions/checkout@v4
-    #             skip-push: "true"
+
-    #         - uses: actions/checkout@v4
+      - run: nix profile install nixpkgs#sqlite
-    #         - name: Build all outputs
+
-    #           run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
+      - name: Restore Nix store
-    #         - name: Push to Attic
+        id: restore
-    #           run: nix ./utils/attic-push.bash
+        uses: nix-community/cache-nix-action@v6
-    #           continue-on-error: true
+        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
          skip-push: "true"
      - name: Build all outputs
        run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
      - name: Push to Attic
        run: nix ./utils/attic-push.bash
        continue-on-error: true
      - name: Save Nix store
        if: steps.restore.outputs.hit == 'false'
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # do purge caches
          purge: true
          # purge all versions of the individual cache
          purge-prefixes: similar-cache-${{ matrix.os }}-individual-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 0
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
--- a/.github/workflows/flake-update.yml
+++ b/.github/workflows/flake-update.yml
@ -7,12 +7,25 @@ on:
 jobs:
  update_lockfile:
    runs-on: ubuntu-latest
-        #if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
+    if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install nix
        uses: https://github.com/DeterminateSystems/nix-installer-action@main
      - run: nix profile install nixpkgs#sqlite
      - name: Restore Nix store
        id: restore
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
@ -20,8 +33,10 @@ jobs:
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
          skip-push: "true"
      - name: Get pre-snapshot of evaluations
        run: nix ./utils/eval-to-drv.sh pre
      - name: Update flake.lock
        id: update
        run: |
@ -36,15 +51,22 @@ jobs:
          echo "EOF" >> $GITHUB_ENV
          rm update.log
      - name: Get post-snapshot of evaluations
        run: nix ./utils/eval-to-drv.sh post
      - name: Calculate diff
        run: nix ./utils/diff-evals.sh
-            - name: Read file contents
+
-              id: read_file
+      - name: Read diff into environment
-              uses: guibranco/github-file-reader-action-v2@latest
+        run: |
-              with:
+          delimiter="$(openssl rand -hex 8)"
-                path: "post-diff"
+          {
          echo "POSTDIFF<<${delimiter}"
          cat post-diff
          echo "${delimiter}"
          } >> $GITHUB_ENV
      - name: Write PR body template
        uses: https://github.com/DamianReeves/write-file-action@v1.3
        with:
@ -57,7 +79,7 @@ jobs:
            ```
            ```
-                    ${{ steps.read_file.outputs.contents }}
+            {{ env.POSTDIFF }}
            ```
            Auto-generated by [update.yml][1] with the help of
@ -65,16 +87,19 @@ jobs:
            [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
            [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
      - name: Generate PR body
        uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
        with:
          files: "pr_body.template"
          output-filename: "pr_body.md"
      - name: Save PR body
        id: pr_body
        uses: juliangruber/read-file-action@v1
        with:
          path: "pr_body.md"
      - name: Remove temporary files
        run: |
          rm pr_body.template
@ -82,6 +107,7 @@ jobs:
          rm pre.json
          rm post.json
          rm post-diff
      - name: Create Pull Request
        id: create-pull-request
        # uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
@ -95,14 +121,31 @@ jobs:
            automated: Update `flake.lock`
            ${{ steps.pr_body.outputs.content }}
          branch: update-flake-lock
          delete-branch: true
          pr-labels: |                  # Labels to be set on the PR
            dependencies
            automated
      - name: Push to Attic
        run: nix ./utils/attic-push.bash
        continue-on-error: true
      - name: Save Nix store
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # do purge caches
          purge: true
          # purge all versions of the individual cache
          purge-prefixes: similar-cache-${{ matrix.os }}-individual-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 0
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
      - name: Print PR number
        run: |
          echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
--- a/.github/workflows/lock-health-checks.yml
+++ b/.github/workflows/lock-health-checks.yml
@ -5,6 +5,7 @@ on:
  pull_request:
    branches: ["main"]
  merge_group:
 jobs:
  health-check:
    name: "Check health of `flake.lock`"
--- a/.github/workflows/nix-fmt.yml
+++ b/.github/workflows/nix-fmt.yml
@ -5,6 +5,7 @@ on:
  pull_request:
    branches: ["main"]
  merge_group:
 jobs:
  health-check:
    name: "Perform Nix format checks"
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,6 +1,7 @@
 keys:
  # The PGP keys in keys/
  - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
  # Generate AGE keys from SSH keys with:
  #   ssh-keygen -A
  #   nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
@ -10,8 +11,10 @@ keys:
    #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
  - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
  # cspell:enable
 servers: &servers
  - *palatine-hill
 # add new users by executing: sops users/<user>/secrets.yaml
 # then have someone already in the repo run the below
 #
@ -26,12 +29,14 @@ creation_rules:
          - *palatine-hill
          - *artemision
          - *artemision-home
  - path_regex: systems/palatine-hill/secrets.*\.yaml$
    key_groups:
      - pgp: 
          - *admin_alice
        age:
          - *palatine-hill
  - path_regex: systems/artemision/secrets.*\.yaml$
    key_groups:
      - pgp:
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,7 +1,5 @@
 {
-  "cSpell.enableFiletypes": [
+  "cSpell.enableFiletypes": ["nix"],
    "nix"
  ],
  "cSpell.words": [
    "aarch",
    "abmlevel",
--- a/README.md
+++ b/README.md
@ -14,7 +14,9 @@ to onboard a new user or system.
 Although we are not actively looking for new members to join in on this repo,
 we are not strictly opposed. Please reach out to
-[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
+[@ahuston-0](https://github.com/ahuston-0) or
 [@RichieCahill](https://github.com/RichieCahill)
 for further information.
 ## Repo Structure
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
 | Branch Name      | Use Case                                                                                                                                                                                                                      |
 |------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | main             | protected branch which all machines pull from, do not try to push directly                                                                                                                                                    |
-| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use                                                                                                                                                       |
+| feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use                                                                                                                                                       |
-| fixup/\<item>   | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical                                                                                         |
+| fixup/\<item\>   | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical                                                                                         |
-| hotfix/\<item>  | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
+| hotfix/\<item\>  | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
-| urgent/\<item>  | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues                                                                                                           |
+| urgent/\<item\>  | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues                                                                                                           |
-| exp/\<item>     | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches                                                                                                  |
+| exp/\<item\>     | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches                                                                                                  |
-| merge/\<item>   | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch                                          |
+| merge/\<item\>   | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch                                          |
 ### Review Process
@ -107,7 +107,8 @@ rules.
 We allow secrets to be embedded in the repository using `sops-nix`. As part of
 the process everything is encrypted, however adding a new user is a change
 that every existing SOPS user needs to participate in. Please reach out to
-[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
+[@ahuston-0](https://github.com/ahuston-0) or
 [@RichieCahill](https://github.com/RichieCahill) if you are interested
 in using secrets on your machines.
 ## CI/CD
--- a/docs/sample-setup.sh
+++ b/docs/sample-setup.sh
@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
    lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
 fi
 if [ $CREATEPARTS = "Y" ]; then
    # Create partition table
    sudo parted "/dev/$DRIVE" -- mklabel gpt
@ -121,7 +123,7 @@ fi
 DOTS="/mnt/root/dotfiles"
 GC="git -C $DOTS"
 sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
-sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git .
+sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
 sudo $GC checkout "$FEATUREBRANCH"
 # Create ssh keys
@ -179,4 +181,4 @@ Host github.com
        IdentityFile /root/.ssh/id_ed25519_ghdeploy
 EOF
 printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
-sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git'
+sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'
--- a/flake.lock
+++ b/flake.lock
@ -69,17 +69,20 @@
    },
    "firefox-addons": {
      "inputs": {
        "flake-utils": [
          "flake-utils"
        ],
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1744500178,
+        "lastModified": 1740974607,
-        "narHash": "sha256-hHXOb7UW0JyNb96ZEuNj75f4hd4T+6ZZ76ir4Yc2okw=",
+        "narHash": "sha256-YbAnhXYYOjG8OHX7v4BGj/tDQiFgkwe4JsqCjbFYjB0=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "42722da72350b489b83940fcfb45769a66fdc50b",
+        "rev": "093c063a23aa38f31082a554f03899127750aee3",
        "type": "gitlab"
      },
      "original": {
@ -92,11 +95,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1743774811,
+        "lastModified": 1739223196,
-        "narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=",
+        "narHash": "sha256-vAxN2f3rvl5q62gQQjZGVSvF93nAsOxntuFz+e/655w=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e",
+        "rev": "a89108e6272426f4eddd93ba17d0ea101c34fb21",
        "type": "github"
      },
      "original": {
@ -124,11 +127,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1740872218,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
        "type": "github"
      },
      "original": {
@ -229,11 +232,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1737465171,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
        "type": "github"
      },
      "original": {
@ -309,11 +312,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744498625,
+        "lastModified": 1740845322,
-        "narHash": "sha256-pL52uCt9CUoTTmysGG91c2FeU7XUvpB7Cep6yon2vDk=",
+        "narHash": "sha256-AXEgFj3C0YJhu9k1OhbRhiA6FnDr81dQZ65U3DhaWpw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "db56335ca8942d86f2200664acdbd5b9212b26ad",
+        "rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
        "type": "github"
      },
      "original": {
@ -322,27 +325,6 @@
        "type": "github"
      }
    },
    "hydra": {
      "inputs": {
        "nix": "nix",
        "nix-eval-jobs": "nix-eval-jobs",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1744212707,
        "narHash": "sha256-hl9t+RAEO2Jc1lVsR4OvbwG5LTyDo0wkZZ4s7zUGsxU=",
        "ref": "add-gitea-pulls",
        "rev": "33a935e8ef44e07c709328235ed48c4b4de03483",
        "revCount": 4364,
        "type": "git",
        "url": "https://nayeonie.com/ahuston-0/hydra"
      },
      "original": {
        "ref": "add-gitea-pulls",
        "type": "git",
        "url": "https://nayeonie.com/ahuston-0/hydra"
      }
    },
    "hyprland-contrib": {
      "inputs": {
        "nixpkgs": [
@ -350,11 +332,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743417258,
+        "lastModified": 1740923452,
-        "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
+        "narHash": "sha256-iQNkVG0368H3kiwSYSs1N6sU7GhHSmx0b9y+Z+eO1+c=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
+        "rev": "6f0d5e16c534aeda47d99b4d20bb2a22bfc60c23",
        "type": "github"
      },
      "original": {
@ -363,59 +345,6 @@
        "type": "github"
      }
    },
    "nix": {
      "inputs": {
        "flake-compat": [
          "hydra"
        ],
        "flake-parts": [
          "hydra"
        ],
        "git-hooks-nix": [
          "hydra"
        ],
        "nixpkgs": [
          "hydra",
          "nixpkgs"
        ],
        "nixpkgs-23-11": [
          "hydra"
        ],
        "nixpkgs-regression": [
          "hydra"
        ]
      },
      "locked": {
        "lastModified": 1744030329,
        "narHash": "sha256-r+psCOW77vTSTNbxTVrYHeh6OgB0QukbnyUVDwg8s4I=",
        "owner": "NixOS",
        "repo": "nix",
        "rev": "a4962f73b5fc874d4b16baef47921daf349addfc",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "2.28-maintenance",
        "repo": "nix",
        "type": "github"
      }
    },
    "nix-eval-jobs": {
      "flake": false,
      "locked": {
        "lastModified": 1744018595,
        "narHash": "sha256-v5n6t49X7MOpqS9j0FtI6TWOXvxuZMmGsp2OfUK5QfA=",
        "owner": "nix-community",
        "repo": "nix-eval-jobs",
        "rev": "cba718bafe5dc1607c2b6761ecf53c641a6f3b21",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-eval-jobs",
        "type": "github"
      }
    },
    "nix-index-database": {
      "inputs": {
        "nixpkgs": [
@ -423,11 +352,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744518957,
+        "lastModified": 1740886574,
-        "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=",
+        "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd",
+        "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5",
        "type": "github"
      },
      "original": {
@ -459,11 +388,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1740947705,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "507911df8c35939050ae324caccc7cf4ffb76565",
        "type": "github"
      },
      "original": {
@ -474,11 +403,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1744366945,
+        "lastModified": 1740646007,
-        "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=",
+        "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1",
+        "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
        "type": "github"
      },
      "original": {
@ -497,11 +426,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744378369,
+        "lastModified": 1741017582,
-        "narHash": "sha256-aCK79lB4Txu20YmQIf126CxsubgmeICpDiG6bsEMzrU=",
+        "narHash": "sha256-2tscHztx6UxqeQTK0U1kLM74+6mSzROMNYJpKRDLMPM=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "d331edb6574306211b8f5a652a40fcfe1913194c",
+        "rev": "c7c9219eb6ff26c203d22ba733e9e988499290f0",
        "type": "github"
      },
      "original": {
@ -512,63 +441,44 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1743987495,
+        "lastModified": 1740981371,
-        "narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=",
+        "narHash": "sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371",
+        "rev": "1d2fe0135f360c970aee1d57a53f816f3c9bddae",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
-        "ref": "nixos-24.11-small",
+        "ref": "nixos-unstable-small",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1740872140,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=",
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1744440957,
+        "lastModified": 1735563628,
-        "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1744501611,
        "narHash": "sha256-H+Q/R9FKEuuBRjjgwP6GBPfQMA7rzH7UJm/+HSYZm5o=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "208645bf60302e4eea10f9b038043205b423de21",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable-small",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -583,11 +493,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1743884191,
+        "lastModified": 1740408283,
-        "narHash": "sha256-foVcginhVvjg8ZnTzY5wwMeZ4wjJ8yX66PW5kgyivPE=",
+        "narHash": "sha256-2xECnhgF3MU9YjmvOkrRp8wRFo2OjjewgCtlfckhL5s=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "fde90f5f52e13eed110a0e53a2818a2b09e4d37c",
+        "rev": "496a4a11162bdffb9a7b258942de138873f019f7",
        "type": "github"
      },
      "original": {
@ -607,11 +517,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1740915799,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
        "type": "github"
      },
      "original": {
@ -627,13 +537,12 @@
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "hydra": "hydra",
        "hyprland-contrib": "hyprland-contrib",
        "nix-index-database": "nix-index-database",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixos-modules": "nixos-modules",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "pre-commit-hooks": "pre-commit-hooks",
        "rust-overlay": "rust-overlay",
@ -650,11 +559,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744513456,
+        "lastModified": 1740969088,
-        "narHash": "sha256-NLVluTmK8d01Iz+WyarQhwFcXpHEwU7m5hH3YQQFJS0=",
+        "narHash": "sha256-BajboqzFnDhxVT0SXTDKVJCKtFP96lZXccBlT/43mao=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "730fd8e82799219754418483fabe1844262fd1e2",
+        "rev": "20fdb02098fdda9a25a2939b975abdd7bc03f62d",
        "type": "github"
      },
      "original": {
@ -670,11 +579,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744518500,
+        "lastModified": 1739262228,
-        "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=",
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
        "type": "github"
      },
      "original": {
@ -711,11 +620,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1744540857,
+        "lastModified": 1740959323,
-        "narHash": "sha256-cDC9TBD++zBsUx9X2VhJOjxXclmY8YpSqpKHaVLEXVA=",
+        "narHash": "sha256-UtSKsLCWwA4wPFm7mgl33qeu8sj0on9Hyt3YhDWWkAM=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "379ba613a68fafdd756db370f0ef878a0d3a7308",
+        "rev": "489833b201a84488c6b4371a261fdbcafa6abcb6",
        "type": "github"
      },
      "original": {
@ -791,11 +700,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1742851696,
+        "lastModified": 1740351358,
-        "narHash": "sha256-sR4K+OVFKeUOvNIqcCr5Br7NLxOBEwoAgsIyjsZmb8s=",
+        "narHash": "sha256-Hdk850xgAd3DL8KX0AbyU7tC834d3Lej1jOo3duWiOA=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "c37771c4ae8ff1667e27ddcf24991ebeb94a4e77",
+        "rev": "a1bc2bd89e693e7e3f5764cfe8114e2ae150e184",
        "type": "github"
      },
      "original": {
@ -807,11 +716,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1743296873,
+        "lastModified": 1740272597,
-        "narHash": "sha256-8IQulrb1OBSxMwdKijO9fB70ON//V32dpK9Uioy7FzY=",
+        "narHash": "sha256-/etfUV3HzAaLW3RSJVwUaW8ULbMn3v6wbTlXSKbcoWQ=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "af5152c8d7546dfb4ff6df94080bf5ff54f64e3a",
+        "rev": "b6c7f46c8718cc484f2db8b485b06e2a98304cd0",
        "type": "github"
      },
      "original": {
@ -871,11 +780,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743305055,
+        "lastModified": 1730615238,
-        "narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=",
+        "narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=",
        "owner": "Toqozz",
        "repo": "wired-notify",
-        "rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6",
+        "rev": "1632418aa15889343028261663e81d8b5595860e",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -5,7 +5,7 @@
    substituters = [
      "https://cache.nixos.org/?priority=1&want-mass-query=true"
      "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
-      # "https://attic.nayeonie.com/nix-cache"
+      "https://attic.nayeonie.com/nix-cache"
    ];
    trusted-substituters = [
      "https://cache.nixos.org"
@ -15,11 +15,9 @@
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
+      "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
    ];
    trusted-users = [ "root" ];
    allow-import-from-derivation = true;
    fallback = true;
  };
  inputs = {
@ -28,8 +26,7 @@
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    #nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    #nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
    systems.url = "github:nix-systems/default";
    # attic = {
@ -60,13 +57,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    hydra = {
      url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
      # inputs = {
      #   nixpkgs.follows = "nixpkgs";
      # };
    };
    hyprland-contrib = {
      url = "github:hyprwm/contrib";
      inputs.nixpkgs.follows = "nixpkgs";
@ -137,7 +127,7 @@
      systems = [
        "x86_64-linux"
        # disable arm for now as hydra isn't set up for it
-        # "aarch64-linuxa
+        # "aarch64-linux"
      ];
      forEachSystem = lib.genAttrs systems;
@ -153,13 +143,13 @@
          lib = self;
        }
      );
-      inherit (lib.adev.systems) genSystems getImages;
+      inherit (lib.rad-dev.systems) genSystems getImages;
      inherit (self) outputs; # for hydra
    in
    rec {
      inherit lib; # for allowing use of custom functions in nix repl
-      hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
+      #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
      nixosConfigurations = genSystems inputs outputs src (src + "/systems");
--- a/hydra/jobsets.nix
+++ b/hydra/jobsets.nix
@ -19,6 +19,7 @@ let
  prs = readJSONFile pulls;
  refs = readJSONFile branches;
  repo = "RAD-Development/nix-dotfiles";
  # template for creating a job
  makeJob =
@ -27,7 +28,6 @@ let
      keepnr ? 3,
      description,
      flake,
      enabled ? 1,
    }:
    {
      inherit
@ -35,8 +35,8 @@ let
        flake
        schedulingshares
        keepnr
        enabled
        ;
      enabled = 1;
      type = 1;
      hidden = false;
      checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
      emailoverride = "";
    };
-  giteaHost = "ssh://gitea@nayeonie.com:2222";
+  # Create a hydra job for a branch
  repo = "ahuston-0/nix-dotfiles";
  # # Create a hydra job for a branch
  jobOfRef =
    name:
    { ref, ... }:
@ -57,7 +55,7 @@ let
        name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
        value = makeJob {
          description = "Branch ${name}";
-          flake = "git+${giteaHost}/${repo}?ref=${ref}";
+          flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
        };
      };
@ -66,8 +64,7 @@ let
    name = if info.draft then "draft-${id}" else "pr-${id}";
    value = makeJob {
      description = "PR ${id}: ${info.title}";
-      flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}";
+      flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
      enabled = info.state == "open";
    };
  };
--- a/hydra/spec.json
+++ b/hydra/spec.json
@ -1,7 +1,7 @@
 {
  "enabled": 1,
  "hidden": false,
-  "description": "ahuston-0's personal server infra",
+  "description": "RAD Development infrastructure",
  "nixexprinput": "nixexpr",
  "nixexprpath": "hydra/jobsets.nix",
  "checkinterval": 60,
@ -12,7 +12,7 @@
  "type": 0,
  "inputs": {
    "nixexpr": {
-      "value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main",
+      "value": "https://github.com/RAD-Development/nix-dotfiles main",
      "type": "git",
      "emailresponsible": false
    },
@ -22,13 +22,13 @@
      "emailresponsible": false
    },
    "pulls": {
-      "type": "giteapulls",
+      "type": "githubpulls",
-      "value": "nayeonie.com ahuston-0 nix-dotfiles https",
+      "value": "RAD-Development nix-dotfiles",
      "emailresponsible": false
    },
    "branches": {
-      "type": "gitea_refs",
+      "type": "github_refs",
-      "value": "nayeonie.com ahuston-0 nix-dotfiles heads https -",
+      "value": "RAD-Development nix-dotfiles heads -",
      "emailresponsible": false
    }
  }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,7 +1,7 @@
 { lib, ... }:
 {
-  # create adev namespace for lib
+  # create rad-dev namespace for lib
-  adev = rec {
+  rad-dev = rec {
    systems = import ./systems.nix { inherit lib; };
    container-utils = import ./container-utils.nix { inherit lib; };
--- a/lib/systems.nix
+++ b/lib/systems.nix
@ -176,7 +176,7 @@ rec {
          (configPath + "/configuration.nix")
        ]
        ++ modules
-        ++ (lib.adev.fileList (src + "/modules"))
+        ++ (lib.rad-dev.fileList (src + "/modules"))
        ++ genWrapper sops genSops args
        ++ genWrapper home genHome args
        ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
            // import configPath { inherit inputs; }
          );
        }
-      ) (lib.adev.lsdir path)
+      ) (lib.rad-dev.lsdir path)
    );
  # gets all the images of a specified format
--- a/modules/autopull.nix
+++ b/modules/autopull.nix
@ -61,7 +61,7 @@ in
    lib.mkIf cfg.enable {
      environment.systemPackages =
        [ pkgs.git ]
-        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
+        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
          pkgs.openssh
        ];
--- a/modules/kub_net.nix
+++ b/modules/kub_net.nix
@ -1,10 +1,10 @@
 { lib, config, ... }:
 let
-  cfg = config.services.adev.k3s-net;
+  cfg = config.services.rad-dev.k3s-net;
 in
 {
  options = {
-    services.adev.k3s-net = {
+    services.rad-dev.k3s-net = {
      enable = lib.mkOption {
        default = false;
        example = true;
--- a/modules/update.nix
+++ b/modules/update.nix
@ -10,10 +10,10 @@
  };
  system.autoUpgrade = {
-    enable = lib.mkDefault true;
+    enable = lib.mkDefault false;
    flags = [ "--accept-flake-config" ];
    randomizedDelaySec = "1h";
    persistent = true;
-    flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
+    flake = "github:RAD-Development/nix-dotfiles";
  };
 }
--- a/modules/yubikey.nix
+++ b/modules/yubikey.nix
@ -5,11 +5,11 @@
  ...
 }:
 let
-  cfg = config.services.adev.yubikey;
+  cfg = config.services.rad-dev.yubikey;
 in
 {
  options = {
-    services.adev.yubikey = {
+    services.rad-dev.yubikey = {
      enable = lib.mkEnableOption "enable yubikey defaults";
      enable-desktop-app = lib.mkEnableOption "installs desktop application";
    };
--- a/shell.nix
+++ b/shell.nix
@ -38,17 +38,13 @@ forEachSystem (
    };
    # constructs a custom shell with commonly used utilities
-    adev = pkgs.mkShell {
+    rad-dev = pkgs.mkShell {
      packages = with pkgs; [
        deadnix
        pre-commit
        treefmt
        statix
        nixfmt-rfc-style
        jsonfmt
        mdformat
        shfmt
        yamlfmt
      ];
    };
  in
@ -56,7 +52,7 @@ forEachSystem (
    default = pkgs.mkShell {
      inputsFrom = [
        pre-commit
-        adev
+        rad-dev
        sops
      ];
    };
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@ -32,7 +32,7 @@
  };
  boot = {
-    #kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
+    kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
    useSystemdBoot = true;
    default = true;
  };
@ -75,7 +75,7 @@
    fprintd.enable = lib.mkForce false;
    openssh.enable = lib.mkForce false;
-    adev.yubikey = {
+    rad-dev.yubikey = {
      enable = true;
      enable-desktop-app = true;
    };
@ -83,14 +83,11 @@
  users.users.alice.extraGroups = [ "calibre-web" ];
  system.autoUpgrade.enable = false;
  system.stateVersion = "24.05";
  programs.adb.enable = true;
  environment.variables = {
    "KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
  };
  sops = {
    defaultSopsFile = ./secrets.yaml;
    #secrets = {
--- a/systems/artemision/desktop.nix
+++ b/systems/artemision/desktop.nix
@ -7,7 +7,6 @@
    hyprland = {
      enable = true;
      xwayland.enable = true;
      withUWSM = true;
    };
    hyprlock.enable = true;
    gnupg.agent = {
--- a/systems/artemision/programs.nix
+++ b/systems/artemision/programs.nix
@ -18,6 +18,8 @@
    croc
    deadnix
    direnv
    discord
    discord-canary
    easyeffects
    eza
    fanficfare
@ -42,7 +44,6 @@
    kitty
    kubectl
    kubernetes-helm
    libreoffice-fresh
    libtool
    lsof
    lynis
--- a/systems/palatine-hill/attic/default.nix
+++ b/systems/palatine-hill/attic/default.nix
@ -62,58 +62,58 @@
  # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
  # configured default webstore for this on root user separately
-  systemd = {
+  # systemd = {
-    services = {
+  #   services = {
-      attic-watch-store = {
+  #     attic-watch-store = {
-        wantedBy = [ "multi-user.target" ];
+  #       wantedBy = [ "multi-user.target" ];
-        after = [
+  #       after = [
-          "network-online.target"
+  #         "network-online.target"
-          "docker.service"
+  #         "docker.service"
-          "atticd.service"
+  #         "atticd.service"
-        ];
+  #       ];
-        requires = [
+  #       requires = [
-          "network-online.target"
+  #         "network-online.target"
-          "docker.service"
+  #         "docker.service"
-          "atticd.service"
+  #         "atticd.service"
-        ];
+  #       ];
-        description = "Upload all store content to binary cache";
+  #       description = "Upload all store content to binary cache";
-        serviceConfig = {
+  #       serviceConfig = {
-          User = "root";
+  #         User = "root";
-          Restart = "always";
+  #         Restart = "always";
-          ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache";
+  #         ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
-        };
+  #       };
-      };
+  #     };
-      attic-sync-hydra = {
+  #     attic-sync-hydra = {
-        after = [
+  #       after = [
-          "network-online.target"
+  #         "network-online.target"
-          "docker.service"
+  #         "docker.service"
-          "atticd.service"
+  #         "atticd.service"
-        ];
+  #       ];
-        requires = [
+  #       requires = [
-          "network-online.target"
+  #         "network-online.target"
-          "docker.service"
+  #         "docker.service"
-          "atticd.service"
+  #         "atticd.service"
-        ];
+  #       ];
-        description = "Force resync of hydra derivations with attic";
+  #       description = "Force resync of hydra derivations with attic";
-        serviceConfig = {
+  #       serviceConfig = {
-          Type = "oneshot";
+  #         Type = "oneshot";
-          User = "root";
+  #         User = "root";
-          ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
+  #         ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
-        };
+  #       };
-      };
+  #     };
-    };
+  #   };
-    timers = {
+  #   timers = {
-      attic-sync-hydra = {
+  #     attic-sync-hydra = {
-        wantedBy = [ "timers.target" ];
+  #       wantedBy = [ "timers.target" ];
-        timerConfig = {
+  #       timerConfig = {
-          OnBootSec = 600;
+  #         OnBootSec = 600;
-          OnUnitActiveSec = 86400;
+  #         OnUnitActiveSec = 86400;
-          Unit = "attic-sync-hydra.service";
+  #         Unit = "attic-sync-hydra.service";
-        };
+  #       };
-      };
+  #     };
-    };
+  #   };
-  };
+  # };
  sops = {
    secrets = {
--- a/systems/palatine-hill/attic/sync-attic.bash
+++ b/systems/palatine-hill/attic/sync-attic.bash
@ -6,5 +6,5 @@ sync_directories=(
 )
 for dir in "${sync_directories[@]}"; do
-  find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \;
+    find "$dir"  -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
 done
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -17,8 +17,8 @@
    ./minio.nix
    ./networking.nix
    ./nextcloud.nix
    ./postgresql.nix
    ./samba.nix
    ./postgresql.nix
    ./zfs.nix
  ];
--- a/systems/palatine-hill/docker/act-runner.nix
+++ b/systems/palatine-hill/docker/act-runner.nix
@ -6,7 +6,6 @@
 let
  vars = import ../vars.nix;
  act_path = vars.primary_act;
  act_config_path = ./act_config.yaml;
 in
 {
  virtualisation.oci-containers.containers = {
@ -21,7 +20,7 @@ in
      };
      ports = [ "8088:8088" ];
      volumes = [
-        "${act_config_path}:/config.yaml"
+        "${act_path}/stable-latest-main/config.yaml:/config.yaml"
        "${act_path}/stable-latest-main/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
@ -43,7 +42,7 @@ in
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
-        "${./act_config.yaml}:/config.yaml"
+        "${act_path}/stable-latest-1/config.yaml:/config.yaml"
        "${act_path}/stable-latest-1/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
@ -65,7 +64,7 @@ in
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
-        "${act_config_path}:/config.yaml"
+        "${act_path}/stable-latest-2/config.yaml:/config.yaml"
        "${act_path}/stable-latest-2/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
@ -76,6 +75,72 @@ in
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };
    act-stable-latest-3 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-3/config.yaml:/config.yaml"
        "${act_path}/stable-latest-3/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-3";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };
    act-stable-latest-4 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-4/config.yaml:/config.yaml"
        "${act_path}/stable-latest-4/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-4";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };
    act-stable-latest-5 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-5/config.yaml:/config.yaml"
        "${act_path}/stable-latest-5/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-5";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };
  };
  systemd = {
@ -103,9 +168,7 @@ in
    "docker/act-runner" = {
      owner = "root";
      restartUnits = [
        "docker-act-stable-latest-main.service"
        "docker-act-stable-latest-1.service"
        "docker-act-stable-latest-2.service"
      ];
    };
  };
--- a/systems/palatine-hill/docker/act_config.yaml
+++ b/systems/palatine-hill/docker/act_config.yaml
@ -1,95 +0,0 @@
 # Example configuration file, it's safe to copy this as the default config file without any modification.
 # You don't have to copy this file to your instance,
 # just run `./act_runner generate-config > config.yaml` to generate a config file.
 log:
    # The level of logging, can be trace, debug, info, warn, error, fatal
    level: debug
 runner:
    # Where to store the registration result.
    file: .runner
    # Execute how many tasks concurrently at the same time.
    capacity: 1
    # Extra environment variables to run jobs.
    envs:
        A_TEST_ENV_NAME_1: a_test_env_value_1
        A_TEST_ENV_NAME_2: a_test_env_value_2
    # Extra environment variables to run jobs from a file.
    # It will be ignored if it's empty or the file doesn't exist.
    env_file: .env
    # The timeout for a job to be finished.
    # Please note that the Gitea instance also has a timeout (3h by default) for the job.
    # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
    timeout: 3h
    # The timeout for the runner to wait for running jobs to finish when shutting down.
    # Any running jobs that haven't finished after this timeout will be cancelled.
    shutdown_timeout: 30m
    # Whether skip verifying the TLS certificate of the Gitea instance.
    insecure: false
    # The timeout for fetching the job from the Gitea instance.
    fetch_timeout: 5s
    # The interval for fetching the job from the Gitea instance.
    fetch_interval: 2s
    # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
    # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
    # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
    # If it's empty when registering, it will ask for inputting labels.
    # If it's empty when execute `daemon`, will use labels in `.runner` file.
    labels:
        - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
        - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
        - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
        #cache:
    # Enable cache server to use actions/cache.
    #enabled: true
    # The directory to store the cache data.
    # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
    #dir: ""
    # The host of the cache server.
    # It's not for the address to listen, but the address to connect from job containers.
    # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
    #host: ""
    # The port of the cache server.
    # 0 means to use a random available port.
    #port: 0
    # The external cache server URL. Valid only when enable is true.
    # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
    # The URL should generally end with "/".
    #external_server: ""
 container:
    # Specifies the network to which the container will connect.
    # Could be host, bridge or the name of a custom network.
    # If it's empty, act_runner will create a network automatically.
    network: ""
    # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
    privileged: false
    # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
    options:
    # The parent directory of a job's working directory.
    # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
    # If the path starts with '/', the '/' will be trimmed.
    # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
    # If it's empty, /workspace will be used.
    workdir_parent:
    # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
    # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
    # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
    # valid_volumes:
    #   - data
    #   - /src/*.json
    # If you want to allow any volume, please use the following configuration:
    # valid_volumes:
    #   - '**'
    valid_volumes: []
    # overrides the docker client host with the specified one.
    # If it's empty, act_runner will find an available docker host automatically.
    # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
    # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
    docker_host: ""
    # Pull docker image(s) even if already present
    force_pull: true
    # Rebuild docker image(s) even if already present
    force_rebuild: false
 host:
    # The parent directory of a job's working directory.
    # If it's empty, $HOME/.cache/act/ will be used.
    workdir_parent:
--- a/systems/palatine-hill/docker/archiveteam.nix
+++ b/systems/palatine-hill/docker/archiveteam.nix
@ -122,7 +122,7 @@ let
    cmd = lib.splitString " " "--concurrent 6 AmAnd0";
  };
-  inherit (lib.adev.container-utils) createTemplatedContainers;
+  inherit (lib.rad-dev.container-utils) createTemplatedContainers;
  vars = import ../vars.nix;
  at_path = vars.primary_archiveteam;
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@ -31,47 +31,47 @@
    default-address-pools = [
      {
        base = "169.254.2.0/23";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.4.0/22";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.8.0/21";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.16.0/20";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.32.0/19";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.64.0/18";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.128.0/18";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.192.0/19";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.224.0/20";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.240.0/21";
-        size = 28;
+        size = "28";
      }
      {
        base = "169.254.248.0/22";
-        size = 28;
+        size = "28";
      }
    ];
    mtu = 9000;
--- a/systems/palatine-hill/docker/minecraft.nix
+++ b/systems/palatine-hill/docker/minecraft.nix
@ -9,31 +9,31 @@ let
    divinejourney = "dj.alicehuston.xyz";
    rlcraft = "rlcraft.alicehuston.xyz";
    arcanum-institute = "arcanum.alicehuston.xyz";
-    # bcg-plus = "bcg.alicehuston.xyz";
+    bcg-plus = "bcg.alicehuston.xyz";
  };
  defaultServer = "rlcraft";
-  # defaultEnv = {
+  defaultEnv = {
-  #   EULA = "true";
+    EULA = "true";
-  #   TYPE = "AUTO_CURSEFORGE";
+    TYPE = "AUTO_CURSEFORGE";
-  #   STOP_SERVER_ANNOUNCE_DELAY = "120";
+    STOP_SERVER_ANNOUNCE_DELAY = "120";
-  #   STOP_DURATION = "600";
+    STOP_DURATION = "600";
-  #   SYNC_CHUNK_WRITES = "false";
+    SYNC_CHUNK_WRITES = "false";
-  #   USE_AIKAR_FLAGS = "true";
+    USE_AIKAR_FLAGS = "true";
-  #   MEMORY = "8GB";
+    MEMORY = "8GB";
-  #   ALLOW_FLIGHT = "true";
+    ALLOW_FLIGHT = "true";
-  #   MAX_TICK_TIME = "-1";
+    MAX_TICK_TIME = "-1";
-  # };
+  };
-  # defaultOptions = [
+  defaultOptions = [
-  #   "--stop-signal=SIGTERM"
+    "--stop-signal=SIGTERM"
-  #   "--stop-timeout=1800"
+    "--stop-timeout=1800"
-  #   "--network=minecraft-net"
+    "--network=minecraft-net"
-  # ];
+  ];
-  # vars = import ../vars.nix;
+  vars = import ../vars.nix;
-  # minecraft_path = "${vars.primary_games}/minecraft";
+  minecraft_path = "${vars.primary_games}/minecraft";
 in
 {
  virtualisation.oci-containers.containers = {
@ -46,7 +46,7 @@ in
      cmd = [
        (
          "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
-          + (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
+          + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
        )
      ];
    };
@ -67,24 +67,24 @@ in
    #   log-driver = "local";
    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
    # };
-    # bcg-plus = {
+    bcg-plus = {
-    #   image = "itzg/minecraft-server:java17";
+      image = "itzg/minecraft-server:java17";
-    #   volumes = [
+      volumes = [
-    #     "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
+        "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
-    #     "${minecraft_path}/bcg-plus/data:/data"
+        "${minecraft_path}/bcg-plus/data:/data"
-    #   ];
+      ];
-    #   hostname = "bcg-plus";
+      hostname = "bcg-plus";
-    #   environment = defaultEnv // {
+      environment = defaultEnv // {
-    #     VERSION = "1.17";
+        VERSION = "1.17";
-    #     CF_SLUG = "bcg";
+        CF_SLUG = "bcg";
-    #     DIFFICULTY = "normal";
+        DIFFICULTY = "normal";
-    #     DEBUG = "true";
+        DEBUG = "true";
-    #     # ENABLE_COMMAND_BLOCK = "true";
+        # ENABLE_COMMAND_BLOCK = "true";
-    #   };
+      };
-    #   extraOptions = defaultOptions;
+      extraOptions = defaultOptions;
-    #   log-driver = "local";
+      log-driver = "local";
-    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
+      environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
-    # };
+    };
  };
  sops = {
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@ -100,7 +100,7 @@ in
      };
      "docker/collabora" = {
        owner = "www-data";
-        restartUnits = [ "docker-collabora-code.service" ];
+        restartUnits = [ "docker-collabora.service" ];
      };
    };
  };
--- a/systems/palatine-hill/docker/watchtower.bash
+++ b/systems/palatine-hill/docker/watchtower.bash
@ -6,7 +6,7 @@ outdated_msg="Project code is out of date and needs to be upgraded. To remedy th
 label="$1"
 label_val="$2"
-if (($# != 2)); then
+if (( $# != 2 )); then
    echo "usage: $0 label label_value"
 fi
--- a/systems/palatine-hill/hydra.nix
+++ b/systems/palatine-hill/hydra.nix
@ -1,6 +1,7 @@
 {
  config,
-  inputs,
+  lib,
  pkgs,
  ...
 }:
 let
@ -42,7 +43,6 @@ in
  services = {
    hydra = {
      enable = true;
      package = inputs.hydra.packages.x86_64-linux.hydra;
      hydraURL = "https://hydra.alicehuston.xyz";
      smtpHost = "alicehuston.xyz";
      notificationSender = "hydra@alicehuston.xyz";
--- a/systems/palatine-hill/postgresql.nix
+++ b/systems/palatine-hill/postgresql.nix
@ -28,26 +28,12 @@ in
      '';
      # initialScript = config.sops.secrets."postgres/init".path;
-      ensureDatabases = [
+      ensureDatabases = [ "atticd" ];
        "atticd"
        "alice"
      ];
      ensureUsers = [
        {
          name = "atticd";
          ensureDBOwnership = true;
        }
        {
          name = "alice";
          ensureDBOwnership = true;
          ensureClauses = {
            superuser = true;
            login = true;
            createrole = true;
            createdb = true;
            replication = true;
          };
        }
      ];
      refreshCollation = true;
@ -62,7 +48,6 @@ in
          "hydra-send-stats"
          "hydra-server"
          "atticd"
          "gitea"
        ];
      };
    };
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@ -27,8 +27,6 @@ acme:
    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
 server-validation:
    webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
 typhon:
    hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -44,8 +42,8 @@ sops:
            cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
            LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-26T05:47:58Z"
+    lastmodified: "2025-03-04T04:53:14Z"
-    mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
+    mac: ENC[AES256_GCM,data:MCucwVPGRMA/hGYS7mwSppkZAQ3wjHJnyeSvSI8YOOD0Xq7mvkMSvKctFHl6h4Cx3ubRvVHf5j35/NQxb+/VhhCPAHWDbqq9O2N0aWhAeybCu0IjruKrJhs76KsXJnNZ9REQQnS1/TNquuvj9FCoqDnrQcFs7M0KJ5m3eUU2h2k=,iv:ZJGJ8CTA8K5FnoKtbogleksB8wDcZtknO07M07Dmpsc=,tag:GMUXJD4U8KQgy9rvzEAMuw==,type:str]
    pgp:
        - created_at: "2024-11-28T18:56:39Z"
          enc: |-
--- a/systems/palatine-hill/typhon.nix
+++ b/systems/palatine-hill/typhon.nix
@ -1,17 +0,0 @@
 { config, ... }:
 let
  vars = import ./vars.nix;
  typhon_path = vars.primary_typhon;
 in
 {
  services.typhon = {
    enable = true;
    hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
    home = typhon_path;
  };
  sops.secrets = {
    "typhon/hashedPassword".owner = "root";
  };
 }
--- a/treefmt.toml
+++ b/treefmt.toml
@ -12,21 +12,3 @@ command = "nixfmt"
 #options = []
 # Glob pattern of files to include
 includes = [ "*.nix" ]
 [formatter.jsonfmt]
 command = "jsonfmt"
 excludes = []
 includes = ["*.json"]
 options = ["-w"]
 [formatter.shfmt]
 command = "shfmt"
 excludes = []
 includes = ["*.sh", "*.bash", "*.envrc", "*.envrc.*"]
 options = ["-i", "2", "-s", "-w"]
 [formatter.yamlfmt]
 command = "yamlfmt"
 excludes = []
 includes = ["*.yaml", "*.yml"]
 options = ["-formatter","indent=4"]
--- a/users/alice/home.nix
+++ b/users/alice/home.nix
@ -16,7 +16,6 @@
      ./home/gammastep.nix
      ./home/doom
      ./home/hypr
      ./home/waybar.nix
      ./non-server.nix
    ];
@ -90,9 +89,6 @@
      nodejs_20
      nodePackages.prettier
      treefmt
      gocryptfs
      awscli2
    ];
  };
--- a/users/alice/home/doom/custom.el
+++ b/users/alice/home/doom/custom.el
@ -22,6 +22,3 @@
 (setq! lsp-nix-nil-max-mem 20000)
 (setq! lsp-nix-nil-formatter ["nixfmt"])
 ;; (add-hook 'python-mode-hook (lambda ()
 ;;                                 (require 'sphinx-doc)
 ;;                                 (sphinx-doc-mode t)))
--- a/users/alice/home/doom/packages.el
+++ b/users/alice/home/doom/packages.el
@ -80,10 +80,3 @@
 (package! pacdiff.el
  :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
 ;;(package! python-docstring-mode
 ;;  :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
 ;;(package! sphinx-doc)
 ;; https://github.com/glyph/python-docstring-mode.git
--- a/users/alice/home/hypr/default.nix
+++ b/users/alice/home/hypr/default.nix
@ -8,7 +8,6 @@
 {
  xdg.configFile = {
    "hypr/hyprland.conf".source = ./hyprland.conf;
    "hypr/show-hide.sh".source = ./show-hide.sh;
  };
  imports = [
--- a/users/alice/home/hypr/hypridle.nix
+++ b/users/alice/home/hypr/hypridle.nix
@ -18,14 +18,14 @@
      listener = [
        {
          timeout = 150; # 2.5min.
-          on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+          on-timeout = "brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
-          on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; # monitor backlight restore.
+          on-resume = "brightnessctl -r"; # monitor backlight restore.
        }
        # turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
        {
          timeout = 150; # 2.5min.
-          on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
+          on-timeout = "brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
-          on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
+          on-resume = "brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
        }
        {
          timeout = 300; # 5min
--- a/users/alice/home/hypr/hyprland.conf
+++ b/users/alice/home/hypr/hyprland.conf
@ -22,9 +22,6 @@ monitor=,preferred,auto,auto
 # exec-once = waybar & hyprpaper & firefox
 exec-once = wired &
 exec-once = wired
 exec-once = systemctl --user start polkit-gnome-authentication-agent-1.service
 # Source a file (multi-file configs)
 # source = ~/.config/hypr/myColors.conf
@ -210,7 +207,3 @@ bind = $mainMod, P, exec, bwm
 # lock screen
 bind = $mainMod, L, exec, loginctl lock-session
 # hide active window
 bind = $mainMod,H,exec,/home/alice/config/hypr/hide_unhide_window.sh h
 # show hide window
 bind = $mainMod,I,exec,/home/alice/config/hypr/hide_unhide_window.sh s
--- a/users/alice/home/hypr/hyprlock.nix
+++ b/users/alice/home/hypr/hyprlock.nix
@ -11,8 +11,7 @@
    settings = {
      general = {
        immediate_render = true;
-        # disabling as config doesn't exist
+        no_fade_in = true;
        #no_fade_in = true;
      };
      background = {
        monitor = "";
@ -55,8 +54,7 @@
        dots_spacing = 0.15; # Scale of dots' absolute size, -1.0 - 1.0
        dots_center = false;
        dots_rounding = -1; # -1 default circle, -2 follow input-field rounding
-        # disabling as config doesn't exist
+        dots_fade_time = 200; # Milliseconds until a dot fully fades in
        # dots_fade_time = 200; # Milliseconds until a dot fully fades in
        dots_text_format = ""; # Text character used for the input indicator. Leave empty for a rectangle that will be rounded via dots_rounding (default).
        # disabling due to stylix
        # outer_color = "rgb(151515)";
@ -72,8 +70,7 @@
        #fail_color = "rgb(204, 34, 34)"; # if authentication failed, changes outer_color and fail message color
        fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>"; # can be set to empty
        fail_timeout = 2000; # milliseconds before fail_text and fail_color disappears
-        # disabling as config doesn't exist
+        fail_transition = 300; # transition time in ms between normal outer_color and fail_color
        #fail_transition = 300; # transition time in ms between normal outer_color and fail_color
        capslock_color = -1;
        numlock_color = -1;
        bothlock_color = -1; # when both locks are active. -1 means don't change outer color (same for above)
--- a/users/alice/home/hypr/show-hide.sh
+++ b/users/alice/home/hypr/show-hide.sh
@ -1,25 +0,0 @@
 #!/usr/bin/env bash
 stack_file="/tmp/hide_window_pid_stack.txt"
 function hide_window() {
  pid=$(hyprctl activewindow -j | jq '.pid')
  hyprctl dispatch movetoworkspacesilent "88,pid:$pid"
  echo "$pid" >>$stack_file
 }
 function show_window() {
  pid=$(tail -1 $stack_file && sed -i '$d' $stack_file)
  [ -z "$pid" ] && exit
  current_workspace=$(hyprctl activeworkspace -j | jq '.id')
  hyprctl dispatch movetoworkspacesilent "$current_workspace,pid:$pid"
 }
 if [ -n "$1" ]; then
  if [ "$1" == "h" ]; then
    hide_window >>/dev/null
  else
    show_window >>/dev/null
  fi
 fi
--- a/users/alice/home/waybar.json
+++ b/users/alice/home/waybar.json
@ -1,40 +0,0 @@
 [
  {
    "height": 20,
    "layer": "top",
    "position": "top",
    "output": [
      "eDP-2",
      "eDP-1",
      "HDMI-0",
      "DP-0"
    ],
    "hyprland/workspaces": {
      "active-only": true,
      "all-outputs": false,
      "show-special": true,
      "move-to-monitor": true,
      "format": "{icon} {windows}",
      "format-window-separator": " ",
      "format-icons": {
        "1": "󰎤",
        "2": "󰎧",
        "3": "󰎪",
        "default": "",
        "empty": "󱓼",
        "urgent": "󱨇"
      },
      "persistent-workspaces": {
        "1": "HDMI-0"
      },
      "on-scroll-down": "hyprctl dispatch workspace e-1",
      "on-scroll-up": "hyprctl dispatch workspace e+1",
      "window-rewrite": {
        "title<Steam>": ""
      },
      "window-rewrite-default": "",
      "window-rewrite-separator": " ",
      "sort-by": "number"
    }
  }
 ]
--- a/users/alice/home/waybar.nix
+++ b/users/alice/home/waybar.nix
@ -2,6 +2,6 @@
 lib.mkIf (!machineConfig.server) {
  programs.waybar = {
    enable = true;
-    settings = builtins.fromJSON (builtins.readFile ./waybar.json);
+    #settings = builtins.fromJSON (import ./waybar.json);
  };
 }
--- a/users/alice/home/zsh.nix
+++ b/users/alice/home/zsh.nix
@ -4,6 +4,7 @@
  programs.zsh = {
    enable = true;
    # autosuggestion.enable = true;
    oh-my-zsh = {
      enable = true;
      plugins = [
--- a/users/alice/non-server.nix
+++ b/users/alice/non-server.nix
@ -64,6 +64,5 @@
    zathura
    obsidian
    libreoffice-qt-fresh
    wlr-randr
  ];
 }
--- a/users/alice/secrets.yaml
+++ b/users/alice/secrets.yaml
@ -2,15 +2,17 @@ alice:
    user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
    #ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
    #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
-    gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
+    gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
    wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
-    attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str]
+    attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
-    attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str]
+    attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
-    attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str]
+    attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
-    attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str]
+    attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
    gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
    gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
          enc: |
@ -39,8 +41,8 @@ sops:
            ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
            7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-07T23:43:57Z"
+    lastmodified: "2025-01-26T04:17:36Z"
-    mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str]
+    mac: ENC[AES256_GCM,data:BJ5d3iqdIBwqtnYOYfmsFqnJDXz67uzJ4UKWrjVUEgr4Nc95tE8mEyV40poZk/wAJGJMSDdRhsPmZI4H1xztkjkTsUCUJ2rR+SZ6gP1VhSEXu7bSvv63+bnajZQi9kZrfN0EZN8TLzzVHVvSVHcNEfbq9STWkZq6zCk9E2cUfhk=,iv:MQ/lQkNi/S3bfz1PegcVfwy06RsxdQwZIU6sdOjkhgU=,tag:l5tK1SUwjTolliPkbfNDHg==,type:str]
    pgp:
        - created_at: "2024-09-05T06:10:22Z"
          enc: |-
@ -55,4 +57,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
    unencrypted_suffix: _unencrypted
-    version: 3.10.1
+    version: 3.9.3
--- a/utils/attic-push.bash
+++ b/utils/attic-push.bash
@ -11,16 +11,18 @@ set -e
 #   | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
 # retrieve all paths
-nix_paths=$(nix path-info --json --all --closure-size |
+nix_paths=$(nix path-info --json --all --closure-size \
-  jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' |
+  | jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' \
-  jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
+  | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
 readarray -t nix_path_array < <(echo "$nix_paths")
 batchsize=1000
-for ((i = 0; i < ${#nix_path_array[@]}; i += batchsize)); do
+for((i=0; i < ${#nix_path_array[@]}; i+=batchsize))
-  part=("${nix_path_array[@]:i:batchsize}")
+do
    part=( "${nix_path_array[@]:i:batchsize}" )
    attic push nix-cache "${part[@]}"
 done
--- a/utils/attic-token.bash
+++ b/utils/attic-token.bash
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-if (($# != 3)); then
+if (( $# != 3 )); then
   echo "usage: $0 <cache/cache group> <cache pattern> <token type>"
   exit 1
 fi
@ -10,25 +10,25 @@ cache_pattern="$2"
 token_type="$3"
 case $token_type in
-"cache-creator")
+    "cache-creator")
        atticd-atticadm make-token --sub "$cache-cache-creator" --validity "1y" \
            --pull "$cache_pattern" --push "$cache_pattern" --delete "$cache_pattern" \
            --create-cache "$cache_pattern" --configure-cache "$cache_pattern" \
            --configure-cache-retention "$cache_pattern" --destroy-cache "$cache_pattern"
        ;;
-"admin")
+    "admin")
        atticd-atticadm make-token --sub "$cache-admin" --validity "1y" --pull "$cache_pattern" \
            --push "$cache_pattern" --configure-cache "$cache_pattern" \
            --configure-cache-retention "$cache_pattern"
        ;;
-"writer")
+    "writer")
        atticd-atticadm make-token --sub "$cache-writer" --validity "1y" --pull "$cache_pattern" \
            --push "$cache_pattern"
        ;;
-"reader")
+    "reader")
        atticd-atticadm make-token --sub "$cache-reader" --validity "1y" --pull "$cache_pattern"
        ;;
-*)
+    *)
        echo "invalid token type: $token_type"
        echo "available options: cache-creator, admin, writer, reader"
        exit 1
--- a/utils/fetch-docker.sh
+++ b/utils/fetch-docker.sh
@ -18,6 +18,6 @@ images=(
 )
 IFS=","
 while read -r name tag arch os relpath; do
-  nix-prefetch-docker --image-name "$name" --image-tag "$tag" --arch "$arch" --os "$os" --quiet >"$parent_path/$relpath"
+    nix-prefetch-docker --image-name "$name" --image-tag "$tag" --arch "$arch" --os "$os" --quiet > "$parent_path/$relpath"
    git --no-pager diff "$parent_path/$relpath"
-done <<<"${images[@]}"
+done<<< "${images[@]}"
--- a/utils/sops-mergetool-new.sh
+++ b/utils/sops-mergetool-new.sh
@ -2,10 +2,7 @@
 # Rename CLI parameters to friendlier names
 # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
-base="$1"
+base="$1"; local_="$2"; remote="$3"; merged="$4"
 local_="$2"
 remote="$3"
 merged="$4"
 # Load the mergetool scripts
 TOOL_MODE=merge
@ -23,7 +20,7 @@ merged_decrypted="${base_decrypted/_BASE_/_MERGED_}"
 backup_decrypted="${base_decrypted/_BASE_/_BACKUP_}"
 # If anything goes wrong, then delete our decrypted files
-handle_trap_exit() {
+handle_trap_exit () {
  rm $base_decrypted || true
  rm $local_decrypted || true
  rm $remote_decrypted || true
@ -33,12 +30,12 @@ handle_trap_exit() {
 trap handle_trap_exit EXIT
 # Decrypt our file contents
-sops --decrypt --show-master-keys "$base" >"$base_decrypted"
+sops --decrypt --show-master-keys "$base" > "$base_decrypted"
-sops --decrypt --show-master-keys "$local_" >"$local_decrypted"
+sops --decrypt --show-master-keys "$local_" > "$local_decrypted"
-sops --decrypt --show-master-keys "$remote" >"$remote_decrypted"
+sops --decrypt --show-master-keys "$remote" > "$remote_decrypted"
 # Create a merge-diff to compare against
-git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" >"$merged_decrypted"
+git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" > "$merged_decrypted"
 cp "$merged_decrypted" "$backup_decrypted"
 # Set up variables for the mergetool
@ -51,7 +48,7 @@ MERGED="$merged_decrypted"
 BACKUP="$backup_decrypted"
 # Override `check_unchanged` with a custom script
-check_unchanged() {
+check_unchanged () {
  # If the contents haven't changed, then fail
  if test "$MERGED" -nt "$BACKUP"; then
    return 0
@ -64,4 +61,5 @@ check_unchanged() {
 run_merge_tool "${mergetool}" true
 # Re-encrypt content
-sops --encrypt "$merged_decrypted" >"$merged"
+sops --encrypt "$merged_decrypted" > "$merged"
--- a/utils/sops-mergetool.sh
+++ b/utils/sops-mergetool.sh
@ -6,10 +6,7 @@ set -x
 # Rename our variables to friendlier equivalents
 # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
-base="$1"
+base="$1"; local_="$2"; remote="$3"; merged="$4"
 local_="$2"
 remote="$3"
 merged="$4"
 echo "$base"
 echo "$local_"
@ -21,7 +18,7 @@ echo "$merged"
 mergetool="$(git config --get merge.tool)"
 GIT_DIR="$(git --exec-path)"
 if test "$mergetool" = ""; then
-  echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2
+  echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
  exit 1
 fi
@ -35,7 +32,7 @@ merged_decrypted="${base_decrypted/_BASE_/_MERGED_}"
 backup_decrypted="${base_decrypted/_BASE_/_BACKUP_}"
 # If anything goes wrong, then delete our decrypted files
-handle_trap_exit() {
+handle_trap_exit () {
  rm $base_decrypted || true
  rm $local_decrypted || true
  rm $remote_decrypted || true
@ -45,13 +42,13 @@ handle_trap_exit() {
 trap handle_trap_exit EXIT
 # Decrypt our file contents
-sops --decrypt --show-master-keys "$base" >"$base_decrypted"
+sops --decrypt --show-master-keys "$base" > "$base_decrypted"
-sops --decrypt --show-master-keys "$local_" >"$local_decrypted"
+sops --decrypt --show-master-keys "$local_" > "$local_decrypted"
-sops --decrypt --show-master-keys "$remote" >"$remote_decrypted"
+sops --decrypt --show-master-keys "$remote" > "$remote_decrypted"
 # Create a merge-diff to compare against
 set +e
-git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" >"$merged_decrypted"
+git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" > "$merged_decrypted"
 set -e
 cp "$merged_decrypted" "$backup_decrypted"
@ -69,7 +66,7 @@ source "$GIT_DIR/git-mergetool--lib"
 source "$GIT_DIR/mergetools/$mergetool"
 # Override `check_unchanged` with a custom script
-check_unchanged() {
+check_unchanged () {
  # If the contents haven't changed, then fail
  if test "$MERGED" -nt "$BACKUP"; then
    return 0
@ -85,4 +82,5 @@ merge_cmd
 set -eu
 # Re-encrypt content
-sops --encrypt "$merged_decrypted" >"$merged"
+sops --encrypt "$merged_decrypted" > "$merged"
Author	SHA1	Message	Date
ahuston-0	474184baa7	add sqlite for restores Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-03-10 12:33:33 -04:00
ahuston-0	fd826be6da	add token to cache-merge Some checks failed Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 14s Details Check Nix formatting / Perform Nix format checks (pull_request) Has been cancelled Details Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Has been cancelled Details Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Has been cancelled Details	2025-03-10 09:49:19 -04:00
ahuston-0	ea16a83c2e	add token to cache-merge	2025-03-10 09:48:44 -04:00
ahuston-0	050b4c9b2f	reorder oops All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 27s Details Check Nix formatting / Perform Nix format checks (pull_request) Successful in 2m51s Details Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Successful in 2h16m35s Details Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Successful in 7m59s Details	2025-03-10 01:23:20 -04:00
ahuston-0	ea5616416a	remove cache max limit	2025-03-10 01:06:56 -04:00
ahuston-0	2a0fe0b106	fix os matrix? Some checks failed Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Has been cancelled Details Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Has been cancelled Details Check Nix formatting / Perform Nix format checks (pull_request) Has been cancelled Details Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 10s Details	2025-03-10 00:48:57 -04:00