set checks on individual languages

2024-10-18 20:49:03 +00:00 · 2023-11-18 18:38:20 -05:00
81 changed files with 393 additions and 849 deletions
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@ -31,12 +31,6 @@ jobs:
          pr-labels: |                  # Labels to be set on the PR
            dependencies
            automated
          pr-body: |
            Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
            ```
            {{ env.GIT_COMMIT_MESSAGE }}
            ```
      - name: Check the Flake
        id: check
        run: nix flake check
--- a/README.md
+++ b/README.md
@ -41,30 +41,6 @@ configuration may be difficult to translate to a non-Nix system.
 | ---      | ---                                         | ---                                  |
 | Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
 # Diagram
 ![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/ed3e7202-09c4-4a9c-9b14-0272c01647f6)
 - [flake.nix](./flake.nix)
 - [hosts](./hosts/)
 - [modules](./modules/)
 ---
 # Unique Configurations
 This repo contains a few more elaborate elements of configuration.
 - [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
 and source-controlled plugins, differing based on installed LSPs, for example.
 - [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
 dynamically on enabled services rendered with Nix.
 - [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
 - Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
 agenix.
 - Base16 [colorschemes](./colorscheme/) applied to multiple applications,
 including Firefox userChrome.
 ---
 # Installation
--- a/apps/loadkey.nix
+++ b/apps/loadkey.nix
@ -5,7 +5,6 @@
  program = builtins.toString (pkgs.writeShellScript "loadkey" ''
    printf "\nEnter the seed phrase for your SSH key...\n"
    printf "\nThen press ^D when complete.\n\n"
    mkdir -p ~/.ssh/
    ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
    printf "\n\nContinuing activation.\n\n"
  '');
--- a/docs/installation.md
+++ b/docs/installation.md
@ -49,24 +49,19 @@ move the `windows/alacritty.yml` file to
 To get started on a bare macOS installation, first install Nix:
 ```bash
-curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+sh -c "$(curl -L https://nixos.org/nix/install)"
 ```
-Launch a new shell. Then use Nix to switch to the macOS configuration:
+Then use Nix to build nix-darwin:
 ```bash
-sudo rm /etc/bashrc
+nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
-sudo rm /etc/nix/nix.conf
+./result/bin/darwin-installer
 nix \
    --extra-experimental-features flakes \
    --extra-experimental-features nix-command \
    run nix-darwin -- switch \
    --flake github:nmasur/dotfiles#lookingglass
 ```
-Once installed, you can continue to update the macOS configuration:
+Then switch to the macOS configuration:
 ```bash
-darwin-rebuild switch --flake ~/dev/personal/dotfiles
+darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
 ```
--- a/flake.lock
+++ b/flake.lock
@ -17,14 +17,31 @@
        "type": "github"
      }
    },
    "age": {
      "flake": false,
      "locked": {
        "lastModified": 1672087018,
        "narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
        "owner": "FiloSottile",
        "repo": "age",
        "rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
        "type": "github"
      },
      "original": {
        "owner": "FiloSottile",
        "ref": "v1.1.1",
        "repo": "age",
        "type": "github"
      }
    },
    "baleia-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1704551058,
+        "lastModified": 1681806450,
-        "narHash": "sha256-0NmiGzMFvL1awYOVtiaSd+O4sAR524x68xwWLgArlqs=",
+        "narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
        "owner": "m00qek",
        "repo": "baleia.nvim",
-        "rev": "6d9cbdaca3a428bc7296f838fdfce3ad01ee7495",
+        "rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
        "type": "github"
      },
      "original": {
@ -36,44 +53,28 @@
    "bufferline-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1706180994,
+        "lastModified": 1695205521,
-        "narHash": "sha256-/iGzUDJaodkUyWpwim8UtwaRuarfu/Nk6wxVApk+QxY=",
+        "narHash": "sha256-MQMpXMgUpZA0E9TunzjXeOQxDWSCTogXbvi9VJnv4Kw=",
        "owner": "akinsho",
        "repo": "bufferline.nvim",
-        "rev": "d6cb9b7cac52887bcac65f8698e67479553c0748",
+        "rev": "6ecd37e0fa8b156099daedd2191130e083fb1490",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
-        "ref": "v4.5.0",
+        "ref": "v4.4.0",
        "repo": "bufferline.nvim",
        "type": "github"
      }
    },
    "bypass-paywalls-clean": {
      "flake": false,
      "locked": {
        "lastModified": 1706005203,
        "narHash": "sha256-9vku2FK5dXAnb2R/YHTKIHgc+Ckqza1qAH0kOw0Uryg=",
        "owner": "magnolia1234",
        "repo": "bpc-uploads",
        "rev": "245899e6b06e30ce36f26b37b8045b6c5b0ac8de",
        "type": "gitlab"
      },
      "original": {
        "owner": "magnolia1234",
        "repo": "bpc-uploads",
        "type": "gitlab"
      }
    },
    "cmp-nvim-lsp-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1702205473,
+        "lastModified": 1687494203,
-        "narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
+        "narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
        "owner": "hrsh7th",
        "repo": "cmp-nvim-lsp",
-        "rev": "5af77f54de1b16c34b23cba810150689a3a90312",
+        "rev": "44b16d11215dce86f253ce0c30949813c0a90765",
        "type": "github"
      },
      "original": {
@ -89,11 +90,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706405065,
+        "lastModified": 1699704228,
-        "narHash": "sha256-femlVBNWgr9a6HfBUzhBF/9S8VBlaHDKcEm8B89O+zc=",
+        "narHash": "sha256-NApWG385goidsXmsakWgFRjvbH+aw/n1CGGHn/UuXsc=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "0108864c15bb68ad57d17fb2e7d3a3e025751d79",
+        "rev": "0f1ad801387445fdda01d080db8ecf169be8e793",
        "type": "github"
      },
      "original": {
@ -110,11 +111,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706302763,
+        "lastModified": 1699734195,
-        "narHash": "sha256-Le1wk75qlzOSfzDk8vqYxSdoEyr/ORIbMhziltVNGYw=",
+        "narHash": "sha256-T7Q2ke4LJx16wos828YMqKnCCK3kxey0PdqH+LxVMV8=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "f7424625dc1f2e4eceac3009cbd1203d566feebc",
+        "rev": "89fd5b51f0725f9775ca9999d53a0a3e5d936490",
        "type": "github"
      },
      "original": {
@ -126,16 +127,15 @@
    "fidget-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1704696337,
+        "lastModified": 1699890088,
-        "narHash": "sha256-uAX/RGfOmsUIUaDepNwUpK8MBaTMBJ4rLZ69y0MwpNE=",
+        "narHash": "sha256-H0hK0Ym9dow/0PlEpM/o0AcZ74tAiTtDtEwpbbz7Jfo=",
        "owner": "j-hui",
        "repo": "fidget.nvim",
-        "rev": "3a93300c076109d86c7ce35ec67a8034ae6ba9db",
+        "rev": "36916518b16d80c48f4b3d88765734bf0842493c",
        "type": "github"
      },
      "original": {
        "owner": "j-hui",
        "ref": "v1.2.0",
        "repo": "fidget.nvim",
        "type": "github"
      }
@ -147,11 +147,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706402627,
+        "lastModified": 1699663243,
-        "narHash": "sha256-lq2g41A527U2qJ1A9socjFPBOJ1/PM+Mftj3t7D/lhM=",
+        "narHash": "sha256-Plj2ypGV/5714enFtb4O5c3vXKvHUzoksgRx3zFmIJ4=",
        "owner": "bandithedoge",
        "repo": "nixpkgs-firefox-darwin",
-        "rev": "912228b33c72703badb20a309518e1e09af302c3",
+        "rev": "63df8ec2d300da9912ae5b56b74e7aa574b6de0c",
        "type": "github"
      },
      "original": {
@ -181,11 +181,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1687709756,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
        "type": "github"
      },
      "original": {
@ -199,11 +199,29 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1685518550,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1694529238,
        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
        "type": "github"
      },
      "original": {
@ -235,11 +253,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706306660,
+        "lastModified": 1699748018,
-        "narHash": "sha256-lZvgkHtVeduGByPb0Tz9LpAi4olfkEm8XPgv0o7GRsk=",
+        "narHash": "sha256-28rwXnxgscLkeII6wj44cuP6RuiynhzZSa424ZwGt/s=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "b2f56952074cb46e93902ecaabfb04dd93733434",
+        "rev": "50e582b9f91e409ffd2e134017445d376659b32e",
        "type": "github"
      },
      "original": {
@ -252,14 +270,14 @@
    "nextcloud-cookbook": {
      "flake": false,
      "locked": {
-        "lastModified": 1702545935,
+        "lastModified": 1679666795,
-        "narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
+        "narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
        "type": "tarball",
-        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
+        "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
+        "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
      }
    },
    "nextcloud-external": {
@ -278,42 +296,52 @@
    "nextcloud-news": {
      "flake": false,
      "locked": {
-        "lastModified": 1703426420,
+        "lastModified": 1695883388,
-        "narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
+        "narHash": "sha256-cfJkKRNSz15L4E3w1tnEb+t4MrVwVzb8lb6vCOA4cK4=",
        "type": "tarball",
-        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
+        "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
+        "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
      }
    },
-    "nextcloud-snappymail": {
+    "nil": {
-      "flake": false,
+      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1706414864,
+        "lastModified": 1691372739,
-        "narHash": "sha256-UeZXoZFEPJj7zEVNTXJ3IYNt/wI7VFq3Pjh1ubMHCBo=",
+        "narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
-        "type": "tarball",
+        "owner": "oxalica",
-        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
+        "repo": "nil",
        "rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
        "type": "github"
      },
      "original": {
-        "type": "tarball",
+        "owner": "oxalica",
-        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
+        "ref": "2023-08-09",
        "repo": "nil",
        "type": "github"
      }
    },
    "nix2vim": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1706407735,
+        "lastModified": 1685980282,
-        "narHash": "sha256-Q5Lv4FlKVmMXd91ujh6FUxCsoAU2Q8KPU+ipTZPkTjE=",
+        "narHash": "sha256-uQyVaoqkiocA8bXKMfrgizuKmz0hUzHye5owFoUd2AQ=",
        "owner": "gytis-ivaskevicius",
        "repo": "nix2vim",
-        "rev": "84584da274869fb8177e8ef2d0b9d975bbb82489",
+        "rev": "3836a348503ae27340c7f83f0bc7bcb907f3781d",
        "type": "github"
      },
      "original": {
@ -345,11 +373,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706085261,
+        "lastModified": 1696058303,
-        "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
+        "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
+        "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
        "type": "github"
      },
      "original": {
@ -360,11 +388,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1706191920,
+        "lastModified": 1699099776,
-        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
+        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
+        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
        "type": "github"
      },
      "original": {
@ -374,6 +402,22 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1697851979,
        "narHash": "sha256-lJ8k4qkkwdvi+t/Xc6Fn74kUuobpu9ynPGxNZR6OwoA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "5550a85a087c04ddcace7f892b0bdc9d8bb080c8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "null-ls-nvim-src": {
      "flake": false,
      "locked": {
@ -392,11 +436,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1706405996,
+        "lastModified": 1699751149,
-        "narHash": "sha256-hJbt3cTW0ma3k/kZ51F/T9MijyJxR1S3ZIeQHL2JPYw=",
+        "narHash": "sha256-hcWsurEJSVYWHoI5YvB5ZVaCY+Sg2Qd0ZumKn7dLjI0=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "ab8cf147ee2254ef91e87ff7272524975fcbba3f",
+        "rev": "ff495b6b6763bcb879b97c105eedc1db23260bab",
        "type": "github"
      },
      "original": {
@ -408,16 +452,16 @@
    "nvim-lspconfig-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1701687137,
+        "lastModified": 1675639052,
-        "narHash": "sha256-qFjFofA2LoD4yRfx4KGfSCpR3mDkpFaagcm+TVNPqco=",
+        "narHash": "sha256-B8IgpypxzCACZ5VcqM6KiWyClaN+KrmemtkwMznmj5Y=",
        "owner": "neovim",
        "repo": "nvim-lspconfig",
-        "rev": "cf3dd4a290084a868fac0e2e876039321d57111c",
+        "rev": "255e07ce2a05627d482d2de77308bba51b90470c",
        "type": "github"
      },
      "original": {
        "owner": "neovim",
-        "ref": "v0.1.7",
+        "ref": "v0.1.6",
        "repo": "nvim-lspconfig",
        "type": "github"
      }
@ -425,11 +469,11 @@
    "nvim-tree-lua-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1705818283,
+        "lastModified": 1699755272,
-        "narHash": "sha256-EKAzWIT2Qs65Il1pwgpkFsCogFViapUiSHcZgVy+QsY=",
+        "narHash": "sha256-EZQ9HC6EArwQnfJbn4C8WnM2yQrO/FOXZu91ue43xTY=",
        "owner": "kyazdani42",
        "repo": "nvim-tree.lua",
-        "rev": "7bdb220d0fe604a77361e92cdbc7af1b8a412126",
+        "rev": "874ae6e9445a5eb5ba430e5fd10212450a261ad7",
        "type": "github"
      },
      "original": {
@ -441,11 +485,11 @@
    "nvim-treesitter-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1706392286,
+        "lastModified": 1699694083,
-        "narHash": "sha256-JWGTIuhyTUok4QsML63eUragDoqKkyk5tBuv25lmbg8=",
+        "narHash": "sha256-MBSjwHmh4JCwa4mNuADcWaBgMhPnroDxz93eBE9ifOY=",
        "owner": "nvim-treesitter",
        "repo": "nvim-treesitter",
-        "rev": "458ce4d16c1771fc601ec10a87820acae9981f6d",
+        "rev": "075a64addc33390028ea124a1046a43497f05cd1",
        "type": "github"
      },
      "original": {
@ -458,22 +502,22 @@
    "proton-ge": {
      "flake": false,
      "locked": {
-        "lastModified": 1700610476,
+        "lastModified": 1699415676,
-        "narHash": "sha256-IoClZ6hl2lsz9OGfFgnz7vEAGlSY2+1K2lDEEsJQOfU=",
+        "narHash": "sha256-3XniKYf/KDRDYhTwffkktbmoISwOtGIABF28bsp8QHA=",
        "type": "tarball",
-        "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
+        "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
+        "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz"
      }
    },
    "root": {
      "inputs": {
        "Comment-nvim-src": "Comment-nvim-src",
        "age": "age",
        "baleia-nvim-src": "baleia-nvim-src",
        "bufferline-nvim-src": "bufferline-nvim-src",
        "bypass-paywalls-clean": "bypass-paywalls-clean",
        "cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
        "darwin": "darwin",
        "disko": "disko",
@ -484,7 +528,7 @@
        "nextcloud-cookbook": "nextcloud-cookbook",
        "nextcloud-external": "nextcloud-external",
        "nextcloud-news": "nextcloud-news",
-        "nextcloud-snappymail": "nextcloud-snappymail",
+        "nil": "nil",
        "nix2vim": "nix2vim",
        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
@ -503,12 +547,37 @@
        "tree-sitter-puppet": "tree-sitter-puppet",
        "tree-sitter-python": "tree-sitter-python",
        "tree-sitter-rasi": "tree-sitter-rasi",
-        "tree-sitter-vimdoc": "tree-sitter-vimdoc",
+        "vscode-terraform-snippets": "vscode-terraform-snippets",
        "wallpapers": "wallpapers",
        "wsl": "wsl",
        "zenyd-mpv-scripts": "zenyd-mpv-scripts"
      }
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "nil",
          "flake-utils"
        ],
        "nixpkgs": [
          "nil",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1688783586,
        "narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "7a29283cc242c2486fc67f60b431ef708046d176",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -539,19 +608,34 @@
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "telescope-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1701167040,
+        "lastModified": 1697004956,
-        "narHash": "sha256-H5RpyWMluE+Yxg7xFX43AZTVW+Yg70DF3FmEGXBUSNg=",
+        "narHash": "sha256-7SqYFnfCjotOBhuX6Wx1IOhgMKoxaoI1a4SKz1d5RVM=",
        "owner": "nvim-telescope",
        "repo": "telescope.nvim",
-        "rev": "d90956833d7c27e73c621a61f20b29fdb7122709",
+        "rev": "7011eaae0ac1afe036e30c95cf80200b8dc3f21a",
        "type": "github"
      },
      "original": {
        "owner": "nvim-telescope",
-        "ref": "0.1.5",
+        "ref": "0.1.4",
        "repo": "telescope.nvim",
        "type": "github"
      }
@ -559,11 +643,11 @@
    "telescope-project-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1701464478,
+        "lastModified": 1699263681,
-        "narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
+        "narHash": "sha256-SxtjDnvObVLl1+rpsmUDbhsgpCnNGa40NbNFlMzTRVY=",
        "owner": "nvim-telescope",
        "repo": "telescope-project.nvim",
-        "rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
+        "rev": "5460c6c60d48618c5c746e5b1cad4c3e8262fdae",
        "type": "github"
      },
      "original": {
@ -575,16 +659,16 @@
    "toggleterm-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1701858874,
+        "lastModified": 1695636777,
-        "narHash": "sha256-vJApw7XY2wOX9InfWcah+hkNxBfS1+kQUWr4ITxRmgA=",
+        "narHash": "sha256-o8xzoo7OuYrPnKlfrupQ24Ja9hZy1qQVnvwO0FO+4zM=",
        "owner": "akinsho",
        "repo": "toggleterm.nvim",
-        "rev": "cbd041d91b90cd3c02df03fe6133208888f8e008",
+        "rev": "faee9d60428afc7857e0927fdc18daa6c409fa64",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
-        "ref": "v2.9.0",
+        "ref": "v2.8.0",
        "repo": "toggleterm.nvim",
        "type": "github"
      }
@ -592,11 +676,11 @@
    "tree-sitter-bash": {
      "flake": false,
      "locked": {
-        "lastModified": 1705686017,
+        "lastModified": 1696959291,
-        "narHash": "sha256-+Mpks0FyQLl26TX63J6WhaAl/QDUR1k9wSUY5SFwL+w=",
+        "narHash": "sha256-VP7rJfE/k8KV1XN1w5f0YKjCnDMYU1go/up0zj1mabM=",
        "owner": "tree-sitter",
        "repo": "tree-sitter-bash",
-        "rev": "f7239f638d3dc16762563a9027faeee518ce1bd9",
+        "rev": "7331995b19b8f8aba2d5e26deb51d2195c18bc94",
        "type": "github"
      },
      "original": {
@ -609,11 +693,11 @@
    "tree-sitter-ini": {
      "flake": false,
      "locked": {
-        "lastModified": 1699877527,
+        "lastModified": 1690815608,
-        "narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=",
+        "narHash": "sha256-IIpKzpA4q1jpYVZ75VZaxWHaqNt8TA427eMOui2s71M=",
        "owner": "justinmk",
        "repo": "tree-sitter-ini",
-        "rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5",
+        "rev": "7f11a02fb8891482068e0fe419965d7bade81a68",
        "type": "github"
      },
      "original": {
@ -658,11 +742,11 @@
    "tree-sitter-python": {
      "flake": false,
      "locked": {
-        "lastModified": 1700218345,
+        "lastModified": 1696990675,
-        "narHash": "sha256-hXNxa895SyNOG7PH2vAIkWbcMjZDjWYDsCafBZuvnT0=",
+        "narHash": "sha256-nQ4HU5ysQjht9USFGRmW/+PLFTzPgi+6G68/uupMMRk=",
        "owner": "tree-sitter",
        "repo": "tree-sitter-python",
-        "rev": "4bfdd9033a2225cc95032ce77066b7aeca9e2efc",
+        "rev": "82f5c9937fe4300b4bec3ee0e788d642c77aab2c",
        "type": "github"
      },
      "original": {
@ -688,19 +772,19 @@
        "type": "github"
      }
    },
-    "tree-sitter-vimdoc": {
+    "vscode-terraform-snippets": {
      "flake": false,
      "locked": {
-        "lastModified": 1705491128,
+        "lastModified": 1614849738,
-        "narHash": "sha256-q5Ln8WPFrtKBfZnaAAlMh3Q/eczEt6wCMZAtx+ISCKg=",
+        "narHash": "sha256-v392tyzXV+zyBNt5OCB2NBCK7JcByrTa5Ne/nFtSCJI=",
-        "owner": "neovim",
+        "owner": "run-at-scale",
-        "repo": "tree-sitter-vimdoc",
+        "repo": "vscode-terraform-doc-snippets",
-        "rev": "ed8695ad8de39c3f073da130156f00b1148e2891",
+        "rev": "6ab3e44b566e660f38922cf908e6e547eaa5d4b4",
        "type": "github"
      },
      "original": {
-        "owner": "neovim",
+        "owner": "run-at-scale",
-        "repo": "tree-sitter-vimdoc",
+        "repo": "vscode-terraform-doc-snippets",
        "type": "github"
      }
    },
@ -723,17 +807,15 @@
    "wsl": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_2"
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1706071294,
+        "lastModified": 1699549513,
-        "narHash": "sha256-mpt86O5GQxKQoIg4nzKz810PeXjGSEFb4rW+shXbRco=",
+        "narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "31346e340e828f79be23d9c83ec1674b152f17bc",
+        "rev": "0e4c17efebff955471f169fffbb7e8cd62ada498",
        "type": "github"
      },
      "original": {
@ -745,11 +827,11 @@
    "zenyd-mpv-scripts": {
      "flake": false,
      "locked": {
-        "lastModified": 1706283438,
+        "lastModified": 1650625438,
-        "narHash": "sha256-hpLZDtt5q18aZ8d9LHfT852wtBosKUTJ7Bx+cbjBLcg=",
+        "narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
        "owner": "zenyd",
        "repo": "mpv-scripts",
-        "rev": "7100d19d18d111ce77fc9e6e8947c0d542a86397",
+        "rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -14,10 +14,7 @@
    };
    # Used for Windows Subsystem for Linux compatibility
-    wsl = {
+    wsl.url = "github:nix-community/NixOS-WSL";
      url = "github:nix-community/NixOS-WSL";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Used for user packages and dotfiles
    home-manager = {
@ -59,10 +56,16 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Nix language server
    nil = {
      url = "github:oxalica/nil/2023-08-09";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Neovim plugins
    nvim-lspconfig-src = {
      # https://github.com/neovim/nvim-lspconfig/tags
-      url = "github:neovim/nvim-lspconfig/v0.1.7";
+      url = "github:neovim/nvim-lspconfig/v0.1.6";
      flake = false;
    };
    cmp-nvim-lsp-src = {
@ -74,12 +77,10 @@
      flake = false;
    };
    baleia-nvim-src = {
      # https://github.com/m00qek/baleia.nvim/tags
      url = "github:m00qek/baleia.nvim";
      flake = false;
    };
    Comment-nvim-src = {
      # https://github.com/numToStr/Comment.nvim/releases
      url = "github:numToStr/Comment.nvim/v0.8.0";
      flake = false;
    };
@ -89,8 +90,7 @@
      flake = false;
    };
    telescope-nvim-src = {
-      # https://github.com/nvim-telescope/telescope.nvim/releases
+      url = "github:nvim-telescope/telescope.nvim/0.1.4";
      url = "github:nvim-telescope/telescope.nvim/0.1.5";
      flake = false;
    };
    telescope-project-nvim-src = {
@ -98,26 +98,27 @@
      flake = false;
    };
    toggleterm-nvim-src = {
-      # https://github.com/akinsho/toggleterm.nvim/tags
+      url = "github:akinsho/toggleterm.nvim/v2.8.0";
      url = "github:akinsho/toggleterm.nvim/v2.9.0";
      flake = false;
    };
    bufferline-nvim-src = {
-      # https://github.com/akinsho/bufferline.nvim/releases
+      url = "github:akinsho/bufferline.nvim/v4.4.0";
      url = "github:akinsho/bufferline.nvim/v4.5.0";
      flake = false;
    };
    nvim-tree-lua-src = {
      url = "github:kyazdani42/nvim-tree.lua";
      flake = false;
    };
    vscode-terraform-snippets = {
      url = "github:run-at-scale/vscode-terraform-doc-snippets";
      flake = false;
    };
    hmts-nvim-src = {
      url = "github:calops/hmts.nvim";
      flake = false;
    };
    fidget-nvim-src = {
-      # https://github.com/j-hui/fidget.nvim/tags
+      url = "github:j-hui/fidget.nvim";
      url = "github:j-hui/fidget.nvim/v1.2.0";
      flake = false;
    };
@ -146,10 +147,6 @@
      url = "github:Fymyte/tree-sitter-rasi";
      flake = false;
    };
    tree-sitter-vimdoc = {
      url = "github:neovim/tree-sitter-vimdoc";
      flake = false;
    };
    # MPV Scripts
    zenyd-mpv-scripts = {
@ -157,19 +154,18 @@
      flake = false;
    };
    # Age encryption (pin because of failed builds)
    age = {
      url = "github:FiloSottile/age/v1.1.1";
      flake = false;
    };
    # GE version of Proton for game compatibility
    # Alternatively, could consider using https://github.com/fufexan/nix-gaming
    proton-ge = {
      # https://github.com/GloriousEggroll/proton-ge-custom/releases
      url =
-        "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz";
+        "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-23/GE-Proton8-23.tar.gz";
      flake = false;
    };
    # Firefox addon from outside the extension store
    bypass-paywalls-clean = {
      # https://gitlab.com/magnolia1234/bpc-uploads/-/commits/master/?ref_type=HEADS
      url = "gitlab:magnolia1234/bpc-uploads";
      flake = false;
    };
@ -177,7 +173,7 @@
    nextcloud-news = {
      # https://github.com/nextcloud/news/releases
      url =
-        "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz";
+        "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz";
      flake = false;
    };
    nextcloud-external = {
@ -187,15 +183,9 @@
      flake = false;
    };
    nextcloud-cookbook = {
-      # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
+      # https://github.com/nextcloud/cookbook/releases
      url =
-        "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz";
+        "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
      flake = false;
    };
    nextcloud-snappymail = {
      # https://github.com/the-djmaze/snappymail/releases
      url =
        "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz";
      flake = false;
    };
@ -218,7 +208,6 @@
        dotfilesRepo = "https://github.com/nmasur/dotfiles";
        hostnames = {
          git = "git.${baseName}";
          influxdb = "influxdb.${baseName}";
          metrics = "metrics.${baseName}";
          prometheus = "prom.${baseName}";
          paperless = "paper.${baseName}";
@ -242,10 +231,8 @@
        (import ./overlays/mpv-scripts.nix inputs)
        (import ./overlays/nextcloud-apps.nix inputs)
        (import ./overlays/betterlockscreen.nix)
        (import ./overlays/age.nix inputs)
        (import ./overlays/proton-ge.nix inputs)
        (import ./overlays/gh-collaborators.nix)
        (import ./overlays/bypass-paywalls-clean.nix inputs)
        (import ./overlays/terraform.nix)
      ];
      # System types to support.
--- a/hosts/README.md
+++ b/hosts/README.md
@ -12,15 +12,3 @@ These are the individual machines managed by this flake.
 | [swan](./swan/default.nix)                 | Home server         |
 | [tempest](./tempest/default.nix)           | Linux desktop       |
 ## NixOS Workflow
 Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
 the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
 function in that hosts file will be called by the NixOS module system during a
 nixos-rebuild.
 Each module in the each host's `modules` list is either a function or an
 attrset. The attrsets will simply apply values to options that have been
 declared in the config by other modules. Meanwhile, the functions will be
 passed various arguments, several of which you will see listed at the top of
 each of their files.
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -1,8 +1,6 @@
 # The Flame
 # System configuration for an Oracle free server
 # See [readme](../README.md) to explain how this file works.
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 # These days, probably use nixos-anywhere instead.
@ -52,7 +50,6 @@ inputs.nixpkgs.lib.nixosSystem {
      theme = { colors = (import ../../colorscheme/gruvbox).dark; };
      # Programs and services
      atuin.enable = true;
      cloudflare.enable = true; # Proxy traffic with Cloudflare
      dotfiles.enable = true; # Clone dotfiles
      neovim.enable = true;
@ -61,7 +58,6 @@ inputs.nixpkgs.lib.nixosSystem {
      services.grafana.enable = true;
      services.openssh.enable = true;
      services.victoriametrics.enable = true;
      services.influxdb2.enable = true;
      services.gitea.enable = true;
      services.vaultwarden.enable = true;
      services.minecraft-server.enable = true; # Setup Minecraft server
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@ -1,8 +1,6 @@
 # The Hydra
 # System configuration for WSL
 # See [readme](../README.md) to explain how this file works.
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
--- a/hosts/lookingglass/default.nix
+++ b/hosts/lookingglass/default.nix
@ -4,7 +4,7 @@
 { inputs, globals, overlays, ... }:
 inputs.darwin.lib.darwinSystem {
-  system = "aarch64-darwin";
+  system = "x86_64-darwin";
  specialArgs = { };
  modules = [
    ../../modules/common
@ -25,7 +25,6 @@ inputs.darwin.lib.darwinSystem {
        dark = true;
      };
      mail.user = globals.user;
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      mail.enable = true;
@ -40,7 +39,6 @@ inputs.darwin.lib.darwinSystem {
      python.enable = true;
      rust.enable = true;
      lua.enable = true;
      obsidian.enable = true;
      kubernetes.enable = true;
      _1password.enable = true;
      slack.enable = true;
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@ -1,8 +1,6 @@
 # The Swan
 # System configuration for my home NAS server
 # See [readme](../README.md) to explain how this file works.
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
@ -68,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem {
      theme = { colors = (import ../../colorscheme/gruvbox).dark; };
      # Programs and services
      atuin.enable = true;
      neovim.enable = true;
      cloudflare.enable = true;
      dotfiles.enable = true;
@ -83,7 +80,6 @@ inputs.nixpkgs.lib.nixosSystem {
      services.vmagent.enable = true;
      services.samba.enable = true;
      services.paperless.enable = true;
      services.postgresql.enable = true;
      # Allows private remote access over the internet
      cloudflareTunnel = {
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@ -1,8 +1,6 @@
 # The Tempest
 # System configuration for my desktop
 # See [readme](../README.md) to explain how this file works.
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
@ -85,7 +83,6 @@ inputs.nixpkgs.lib.nixosSystem {
      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
      # Programs and services
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      media.enable = true;
@ -108,7 +105,7 @@ inputs.nixpkgs.lib.nixosSystem {
        dwarf-fortress.enable = true;
        enable = true;
        steam.enable = true;
-        legendary.enable = true;
+        legendary.enable = false; # Electron marked as insecure
        lutris.enable = true;
        leagueoflegends.enable = true;
        ryujinx.enable = true;
--- a/modules/common/applications/1password.nix
+++ b/modules/common/applications/1password.nix
@ -9,22 +9,12 @@
    };
  };
-  config = lib.mkIf (config.gui.enable && config._1password.enable) {
+  config = lib.mkIf
-    unfreePackages = [ "1password" "_1password-gui" "1password-cli" ];
+    (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
-    home-manager.users.${config.user} = {
+      unfreePackages = [ "1password" "_1password-gui" ];
-      home.packages = with pkgs; [ _1password-gui ];
+      home-manager.users.${config.user} = {
        home.packages = with pkgs; [ _1password-gui ];
      };
    };
    # https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
    # On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
    # However, the button doesn't work either:
    # https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
    environment.etc."1password/custom_allowed_browsers".text = ''
      ${
        config.home-manager.users.${config.user}.programs.firefox.package
      }/Applications/Firefox.app/Contents/MacOS/firefox
      firefox
    '';
  };
 }
--- a/modules/common/applications/firefox.nix
+++ b/modules/common/applications/firefox.nix
@ -29,23 +29,21 @@
          id = 0;
          name = "default";
          isDefault = true;
          # https://nur.nix-community.org/repos/rycee/
          extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-            (lib.mkIf config._1password.enable onepassword-password-manager)
+            ublock-origin
-            pkgs.bypass-paywalls-clean
+            vimium
            darkreader
            don-t-fuck-with-paste
            facebook-container
            markdownload
            multi-account-containers
            facebook-container
            (lib.mkIf config._1password.enable onepassword-password-manager)
            okta-browser-plugin
            sponsorblock
            reddit-enhancement-suite
            return-youtube-dislikes
            markdownload
            darkreader
            snowflake
-            sponsorblock
+            don-t-fuck-with-paste
-            ublock-origin
+            i-dont-care-about-cookies
            ublacklist
            vimium
            wappalyzer
          ];
          settings = {
--- a/modules/common/applications/obsidian.nix
+++ b/modules/common/applications/obsidian.nix
@ -15,9 +15,8 @@
      home.packages = with pkgs; [ obsidian ];
    };
-    # Broken on 2023-12-11
+    # Broken on 2023-04-16
-    # https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
+    nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
    nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
  };
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -83,10 +83,6 @@
        type = lib.types.str;
        description = "Hostname for Prometheus server.";
      };
      influxdb = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for InfluxDB2 server.";
      };
      secrets = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for passwords and secrets (Vaultwarden).";
--- a/modules/common/mail/aerc.nix
+++ b/modules/common/mail/aerc.nix
@ -68,7 +68,7 @@
            "!" = ":term<space>";
            "|" = ":pipe<space>";
-            "/" = ":search<space>-a<space>";
+            "/" = ":search<space>";
            "\\" = ":filter <space>";
            n = ":next-result<Enter>";
            N = ":prev-result<Enter>";
--- a/modules/common/neovim/config/completion.nix
+++ b/modules/common/neovim/config/completion.nix
@ -9,6 +9,7 @@
    pkgs.vimPlugins.luasnip
    pkgs.vimPlugins.cmp_luasnip
    pkgs.vimPlugins.cmp-rg
    pkgs.vimPlugins.friendly-snippets
  ];
  use.cmp.setup = dsl.callWith {
@ -23,6 +24,13 @@
      end
    '';
    # Enable Luasnip snippet completion
    snippet.expand = dsl.rawLua ''
      function(args)
          require("luasnip").lsp_expand(args.body)
      end
    '';
    # Basic completion keybinds
    mapping = {
      "['<C-n>']" = dsl.rawLua
@ -62,6 +70,7 @@
    sources = [
      { name = "nvim_lua"; } # Fills in common Neovim lua functions
      { name = "nvim_lsp"; } # LSP results
      { name = "luasnip"; } # Snippets
      { name = "path"; } # Shell completion from current PATH
      {
        name = "buffer"; # Grep for text from the current text buffer
@ -110,6 +119,7 @@
            }
            vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
            vim_item.menu = ({
                luasnip = "[Snippet]",
                buffer = "[Buffer]",
                path = "[Path]",
                rg = "[Grep]",
@ -129,6 +139,13 @@
  };
  lua = ''
    -- Load snippets
    -- Check status: :lua require("luasnip").log.open()
    require("luasnip.loaders.from_vscode").lazy_load()
    require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
      builtins.toString pkgs.vscode-terraform-snippets
    }" } })
    -- Use buffer source for `/`
    require('cmp').setup.cmdline("/", {
        sources = {
--- a/modules/common/neovim/config/misc.nix
+++ b/modules/common/neovim/config/misc.nix
@ -69,6 +69,10 @@
    " Remember last position when reopening file
    au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
    " LaTeX options
    au FileType tex inoremap ;bf \textbf{}<Esc>i
    au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
    " Flash highlight when yanking
    au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
  '';
--- a/modules/common/neovim/config/syntax.nix
+++ b/modules/common/neovim/config/syntax.nix
@ -5,7 +5,6 @@
      with pkgs.tree-sitter-grammars;
      [
        tree-sitter-bash
        tree-sitter-c
        tree-sitter-fish
        tree-sitter-ini
        tree-sitter-json
@ -16,9 +15,9 @@
        tree-sitter-puppet
        tree-sitter-rasi
        tree-sitter-toml
        tree-sitter-vimdoc
        tree-sitter-yaml
-      ] ++ (if config.python.enable then [ tree-sitter-python ] else [ ])
+      ] ++ (if config.c.enable then [ tree-sitter-c ] else [ ])
      ++ (if config.python.enable then [ tree-sitter-python ] else [ ])
      ++ (if config.terraform.enable then [ tree-sitter-hcl ] else [ ])))
    pkgs.vimPlugins.vim-matchup # Better % jumping in languages
    pkgs.vimPlugins.playground # Tree-sitter experimenting
--- a/modules/common/shell/atuin.nix
+++ b/modules/common/shell/atuin.nix
@ -1,39 +0,0 @@
 { config, lib, ... }: {
  # Shell history sync
  options.atuin.enable = lib.mkEnableOption "Atuin";
  config = {
    home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
      programs.atuin = {
        enable = true;
        flags = [ "--disable-up-arrow" "--disable-ctrl-r" ];
        settings = {
          auto_sync = true;
          update_check = false;
          sync_address = "https://api.atuin.sh";
          search_mode = "fuzzy";
          filter_mode = "host"; # global, host, session, directory
          search_mode_shell_up_key_binding = "fuzzy";
          filter_mode_shell_up_key_binding = "session";
          style = "compact"; # or auto,full
          show_help = true;
          history_filter = [ ];
          secrets_filter = true;
          enter_accept = false;
          keymap_mode = "vim-normal";
        };
      };
    };
    # Give root user the same setup
    home-manager.users.root.programs.atuin =
      config.home-manager.users.${config.user}.programs.atuin;
  };
 }
--- a/modules/common/shell/default.nix
+++ b/modules/common/shell/default.nix
@ -1,6 +1,5 @@
 { ... }: {
  imports = [
    ./atuin.nix
    ./bash
    ./charm.nix
    ./direnv.nix
--- a/modules/common/shell/fish/functions/fish_user_key_bindings.fish
+++ b/modules/common/shell/fish/functions/fish_user_key_bindings.fish
@ -18,5 +18,3 @@ bind -M insert \cn 'commandline -r "nix shell nixpkgs#"'
 bind -M default \cn 'commandline -r "nix shell nixpkgs#"'
 bind -M insert \x11F nix-fzf
 bind -M default \x11F nix-fzf
 bind -M insert \ch _atuin_search --filter-mode global
 bind -M default \ch _atuin_search --filter-mode global
--- a/modules/common/shell/fzf.nix
+++ b/modules/common/shell/fzf.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ config, ... }: {
  # FZF is a fuzzy-finder for the terminal
@ -16,9 +16,10 @@
                    --search-path $HOME/dev \
                    --type directory \
                    --exact-depth 2 \
                | ${pkgs.proximity-sort}/bin/proximity-sort $PWD \
                | sed 's/\\/$//' \
-                | fzf --tiebreak=index \
+                | fzf \
                    --delimiter '/' \
                    --with-nth 6.. \
            )
            and cd $projdir
            and commandline -f execute
--- a/modules/common/shell/git.nix
+++ b/modules/common/shell/git.nix
@ -35,20 +35,8 @@ in {
          init = { defaultBranch = "master"; };
        };
        ignores = [ ".direnv/**" "result" ];
        includes = [{
          path = "~/.config/git/personal";
          condition = "gitdir:~/dev/personal/";
        }];
      };
      # Personal git config
      # TODO: fix with variables
      xdg.configFile."git/personal".text = ''
        [user]
            name = "Noah Masur"
            email = "7386960+nmasur@users.noreply.github.com"
      '';
      programs.fish.shellAbbrs = {
        g = "git";
        gs = "git status";
@ -70,7 +58,6 @@ in {
          git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
        gcob = "git switch -c";
        gb = "git branch";
        gpd = "git push origin -d";
        gbd = "git branch -d";
        gbD = "git branch -D";
        gr = "git reset";
--- a/modules/common/shell/github.nix
+++ b/modules/common/shell/github.nix
@ -7,7 +7,6 @@
        enable = true;
        gitCredentialHelper.enable = true;
        settings.git_protocol = "https";
        extensions = [ pkgs.gh-collaborators ];
      };
    programs.fish =
@ -15,7 +14,7 @@
        shellAbbrs = {
          ghr = "gh repo view -w";
          gha =
-            "gh run list | head -1 | awk '{ print \\$\\(NF-2\\) }' | xargs gh run view";
+            "gh run list | head -1 | awk '{ print $(NF-2) }' | xargs gh run view";
          grw = "gh run watch";
          grf = "gh run view --log-failed";
          grl = "gh run view --log";
@ -57,7 +56,6 @@
            | fzf \
                --header-lines=1 \
                --layout=reverse \
                --height=100% \
                --bind "ctrl-o:execute:gh repo view -w ''${organization}/{1}" \
                --bind "shift-up:preview-half-page-up" \
                --bind "shift-down:preview-half-page-down" \
--- a/modules/common/shell/nixpkgs.nix
+++ b/modules/common/shell/nixpkgs.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, ... }: {
  home-manager.users.${config.user} = {
    programs.fish = {
@ -60,18 +60,6 @@
      enableFishIntegration = true;
    };
    # Create nix-index if doesn't exist
    home.activation.createNixIndex =
      let cacheDir = "${config.homePath}/.cache/nix-index";
      in lib.mkIf
      config.home-manager.users.${config.user}.programs.nix-index.enable
      (config.home-manager.users.${config.user}.lib.dag.entryAfter
        [ "writeBoundary" ] ''
          if [ ! -d ${cacheDir} ]; then
              $DRY_RUN_CMD ${pkgs.nix-index}/bin/nix-index -f ${pkgs.path}
          fi
        '');
  };
  nix = {
--- a/modules/common/shell/utilities.nix
+++ b/modules/common/shell/utilities.nix
@ -25,8 +25,6 @@ in {
        htop # Show system processes
        killall # Force quit
        inetutils # Includes telnet, whois
        jless # JSON viewer
        jo # JSON output
        jq # JSON manipulation
        lf # File viewer
        qrencode # Generate qr codes
@ -46,11 +44,10 @@ in {
      home.file = {
        ".rgignore".text = ignorePatterns;
        ".fdignore".text = ignorePatterns;
        ".digrc".text = "+noall +answer"; # Cleaner dig commands
      };
      xdg.configFile."fd/ignore".text = ignorePatterns;
      programs.bat = {
        enable = true; # cat replacement
        config = {
--- a/modules/darwin/hammerspoon.nix
+++ b/modules/darwin/hammerspoon.nix
@ -24,9 +24,9 @@
      home.activation.reloadHammerspoon =
        config.home-manager.users.${config.user}.lib.dag.entryAfter
        [ "writeBoundary" ] ''
-          $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()"
+          $DRY_RUN_CMD /usr/local/bin/hs -c "hs.reload()"
          $DRY_RUN_CMD sleep 1
-          $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()"
+          $DRY_RUN_CMD /usr/local/bin/hs -c "hs.console.clearConsole()"
        '';
    };
--- a/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
+++ b/modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
@ -54,19 +54,14 @@ function obj:init()
    end)
    -- Launcher shortcuts
-    self.launcher:bind("ctrl", "space", function() end)
+    self.launcher:bind("ctrl", "space", function()
    end)
    self.launcher:bind("", "return", function()
        self:switch("@kitty@")
    end)
    self.launcher:bind("", "C", function()
        self:switch("Calendar.app")
    end)
    self.launcher:bind("shift", "D", function()
        hs.execute("launchctl remove com.paloaltonetworks.gp.pangps")
        hs.execute("launchctl remove com.paloaltonetworks.gp.pangpa")
        hs.alert.show("Disconnected from GlobalProtect", nil, nil, 4)
        self.launcher:exit()
    end)
    self.launcher:bind("", "E", function()
        self:switch("Mail.app")
    end)
@ -85,12 +80,6 @@ function obj:init()
    self.launcher:bind("", "P", function()
        self:switch("System Preferences.app")
    end)
    self.launcher:bind("shift", "P", function()
        hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist")
        hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist")
        hs.alert.show("Reconnecting to GlobalProtect", nil, nil, 4)
        self.launcher:exit()
    end)
    self.launcher:bind("", "R", function()
        hs.console.clearConsole()
        hs.reload()
--- a/modules/darwin/hammerspoon/init.lua
+++ b/modules/darwin/hammerspoon/init.lua
@ -1,5 +1,5 @@
 hs.ipc.cliInstall()                   -- Install Hammerspoon CLI program
 hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://github.com/jasonrudolph/ControlEscape.spoon
 hs.loadSpoon("Launcher"):init()
 hs.loadSpoon("DismissAlerts"):init()
 hs.loadSpoon("MoveWindow"):init()
 hs.ipc.cliInstall() -- Install Hammerspoon CLI program
--- a/modules/darwin/homebrew.nix
+++ b/modules/darwin/homebrew.nix
@ -8,15 +8,11 @@
      if ! xcode-select --version 2>/dev/null; then
        $DRY_RUN_CMD xcode-select --install
      fi
-      if ! /opt/homebrew/bin/brew --version 2>/dev/null; then
+      if ! /usr/local/bin/brew --version 2>/dev/null; then
        $DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
      fi
    '';
    # Add homebrew paths to CLI path
    home-manager.users.${config.user}.home.sessionPath =
      [ "/opt/homebrew/bin/" ];
    homebrew = {
      enable = true;
      onActivation = {
@ -28,22 +24,25 @@
        brewfile = true; # Run brew bundle from anywhere
        lockfiles = false; # Don't save lockfile (since running from anywhere)
      };
      taps = [
        "homebrew/cask" # Required for casks
        "homebrew/cask-drivers" # Used for Logitech G-Hub
      ];
      brews = [
        "trash" # Delete files and folders to trash instead of rm
        "openjdk" # Required by Apache Directory Studio
      ];
      casks = [
-        "1password" # 1Password will not launch from Nix on macOS
+        "1password" # 1Password packaging on Nix is broken for macOS
        "apache-directory-studio" # Packaging on Nix is not available for macOS
-        # "gitify" # Git notifications in menu bar (downgrade manually from 4.6.1)
+        "gitify" # Git notifications in menu bar
        "keybase" # GUI on Nix not available for macOS
-        # "logitech-g-hub" # Mouse and keyboard management
+        "logitech-g-hub" # Mouse and keyboard management
        "logitune" # Logitech webcam firmware
        "meetingbar" # Show meetings in menu bar
-        # "obsidian" # Obsidian packaging on Nix is not available for macOS
+        "obsidian" # Obsidian packaging on Nix is not available for macOS
        "scroll-reverser" # Different scroll style for mouse vs. trackpad
-        # "steam" # Not packaged for Nix
+        "steam" # Not packaged for Nix
-        # "epic-games" # Not packaged for Nix
+        "epic-games" # Not packaged for Nix
      ];
    };
--- a/modules/darwin/networking.nix
+++ b/modules/darwin/networking.nix
@ -2,7 +2,7 @@
  config = lib.mkIf pkgs.stdenv.isDarwin {
    networking = {
-      computerName = config.networking.hostName;
+      computerName = "${config.fullName}'\\''s Mac";
      # Adjust if necessary
      # hostName = "";
    };
--- a/modules/darwin/system.nix
+++ b/modules/darwin/system.nix
@ -34,8 +34,8 @@
          # Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)
          AppleKeyboardUIMode = 3;
-          # Only hide menu bar in fullscreen
+          # Automatically show and hide the menu bar
-          _HIHideMenuBar = false;
+          _HIHideMenuBar = true;
          # Expand save panel by default
          NSNavPanelExpandedStateForSaveMode = true;
@ -154,15 +154,11 @@
        echo "Show the ~/Library folder"
        chflags nohidden ~/Library
-        if [ ! $(defaults read com.apple.dock magnification) = "1" ]; then
+        echo "Enable dock magnification"
-            echo "Enable dock magnification"
+        defaults write com.apple.dock magnification -bool true
            defaults write com.apple.dock magnification -bool true
        fi
-        if [ ! $(defaults read com.apple.dock largesize) = "48" ]; then
+        echo "Set dock magnification size"
-            echo "Set dock magnification size"
+        defaults write com.apple.dock largesize -int 48
            defaults write com.apple.dock largesize -int 48
        fi
        echo "Define dock icon function"
        __dock_item() {
@ -184,16 +180,9 @@
            "$(__dock_item /System/Applications/Mail.app)" \
            "$(__dock_item /Applications/zoom.us.app)" \
            "$(__dock_item ${pkgs.discord}/Applications/Discord.app)" \
-            "$(__dock_item ${pkgs.obsidian}/Applications/Obsidian.app)" \
+            "$(__dock_item /Applications/Obsidian.app)" \
            "$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
            "$(__dock_item /System/Applications/System\ Settings.app)"
        echo "MeetingBar settings"
        defaults write leits.MeetingBar eventTimeFormat -string "\"show\""
        defaults write leits.MeetingBar eventTitleFormat -string "\"none\""
        defaults write leits.MeetingBar eventTitleIconFormat -string "\"iconCalendar\""
        defaults write leits.MeetingBar slackBrowser -string "{\"deletable\":true,\"arguments\":\"\",\"name\":\"Slack\",\"path\":\"\"}"
        defaults write leits.MeetingBar zoomBrowser -string "{\"deletable\":true,\"arguments\":\"\",\"name\":\"Zoom\",\"path\":\"\"}"
      '';
    };
--- a/modules/darwin/user.nix
+++ b/modules/darwin/user.nix
@ -9,19 +9,13 @@
    };
    # Used for aerc
    home-manager.users.${config.user} = {
-
+      home.sessionVariables = {
-      # Default shell setting doesn't work
+        XDG_CONFIG_HOME = "${config.homePath}/.config";
-      home.sessionVariables = { SHELL = "${pkgs.fish}/bin/fish"; };
+      };
      # Used for aerc
      xdg.enable = true;
    };
    # Fix for: 'Error: HOME is set to "/var/root" but we expect "/var/empty"'
    home-manager.users.root.home.homeDirectory = lib.mkForce "/var/root";
  };
 }
--- a/modules/darwin/utilities.nix
+++ b/modules/darwin/utilities.nix
@ -2,8 +2,6 @@
 {
  unfreePackages = [ "consul" "vault-bin" ];
  home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
    home.packages = with pkgs; [
@ -13,13 +11,11 @@
      youtube-dl # Convert web videos
      pandoc # Convert text documents
      mpd # TUI slideshows
      mpv # Video player
      gnupg # Encryption
      awscli2
      awslogs
      google-cloud-sdk
      ansible
-      vault-bin
+      vault
      consul
      noti # Create notifications programmatically
      ipcalc # Make IP network calculations
--- a/modules/nixos/graphical/i3.nix
+++ b/modules/nixos/graphical/i3.nix
@ -95,15 +95,13 @@ in {
            # Adjust screen brightness
            "Shift+F12" =
-              # Disable dynamic sleep
+              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
              # https://github.com/rockowitz/ddcutil/issues/323
              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
            "Shift+F11" =
-              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
+              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
            "XF86MonBrightnessUp" =
-              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
+              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
            "XF86MonBrightnessDown" =
-              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
+              "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
            # Media player controls
            "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
--- a/modules/nixos/graphical/rofi/brightness.nix
+++ b/modules/nixos/graphical/rofi/brightness.nix
@ -28,18 +28,17 @@ in {
              -sep ';' \
              -selected-row 1)
      case "$chosen" in
          "$dimmer")
-              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25
+              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 25
              ;;
          "$medium")
-              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75
+              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 75
              ;;
          "$brighter")
-              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100
+              ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 100
              ;;
          *) exit 1 ;;
--- a/modules/nixos/graphical/rofi/power.nix
+++ b/modules/nixos/graphical/rofi/power.nix
@ -31,17 +31,15 @@ in {
            -sep ';' \
            -selected-row 2)
    confirm () {
        ${builtins.readFile ./rofi-prompt.sh}
    }
    case "$chosen" in
        "$power_off")
-            confirm 'Shutdown?' && doas shutdown now
+            ${
              builtins.toString ./rofi-prompt.sh
            } 'Shutdown?' && doas shutdown now
            ;;
        "$reboot")
-            confirm 'Reboot?' && doas reboot
+            ${builtins.toString ./rofi-prompt.sh} 'Reboot?' && doas reboot
            ;;
        "$lock")
@ -53,7 +51,7 @@ in {
            ;;
        "$log_out")
-            confirm 'Logout?' && i3-msg exit
+            ${builtins.toString ./rofi-prompt.sh} 'Logout?' && i3-msg exit
            ;;
        *) exit 1 ;;
--- a/modules/nixos/graphical/rofi/rofi-prompt.sh
+++ b/modules/nixos/graphical/rofi/rofi-prompt.sh
@ -42,6 +42,6 @@ chosen=$(printf '%s;%s\n' "$yes" "$no" |
        -selected-row 1)
 case "$chosen" in
-    "$yes") return 0 ;;
+    "$yes") exit 0 ;;
-    *) return 1 ;;
+    *) exit 1 ;;
 esac
--- a/modules/nixos/hardware/networking.nix
+++ b/modules/nixos/hardware/networking.nix
@ -12,7 +12,7 @@
      domainName = "local";
      ipv6 = false; # Should work either way
      # Resolve local hostnames using Avahi DNS
-      nssmdns4 = true;
+      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
--- a/modules/nixos/services/arr.nix
+++ b/modules/nixos/services/arr.nix
@ -2,7 +2,6 @@
 let
  # This config specifies ports for Prometheus to scrape information
  arrConfig = {
    radarr = {
      exportarrPort = "9707";
@ -42,8 +41,6 @@ in {
      sabnzbd = {
        enable = true;
        group = "media";
        # The config file must be editable within the application
        # It contains server configs and credentials
        configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
      };
      sonarr = {
@ -56,23 +53,16 @@ in {
      };
    };
    # Create a media group to be shared between services
    users.groups.media = { };
    # Give the human user access to the media group
    users.users.${config.user}.extraGroups = [ "media" ];
    # Allows media group to read/write the sabnzbd directory
    users.users.sabnzbd.homeMode = "0770";
-    unfreePackages = [ "unrar" ]; # Required as a dependency for sabnzbd
+    unfreePackages = [ "unrar" ]; # Required for sabnzbd
    # Requires updating the base_url config value in each service
    # If you try to rewrite the URL, the service won't redirect properly
    caddy.routes = [
      {
        # Group means that routes with the same name are mutually exclusive,
        # so they are split between the appropriate services.
        group = "download";
        match = [{
          host = [ config.hostnames.download ];
@ -80,7 +70,6 @@ in {
        }];
        handle = [{
          handler = "reverse_proxy";
          # We're able to reference the url and port of the service dynamically 
          upstreams = [{ dial = arrConfig.sonarr.url; }];
        }];
      }
@ -103,7 +92,6 @@ in {
        }];
        handle = [{
          handler = "reverse_proxy";
          # Prowlarr doesn't offer a dynamic config, so we have to hardcode it
          upstreams = [{ dial = "localhost:9696"; }];
        }];
      }
@ -116,7 +104,6 @@ in {
        handle = [{
          handler = "reverse_proxy";
          upstreams = [{
            # Bazarr only dynamically sets the port, not the host
            dial = "localhost:${
                builtins.toString config.services.bazarr.listenPort
              }";
@ -158,12 +145,10 @@ in {
          Type = "simple";
          DynamicUser = true;
          ExecStart = let
            # Sabnzbd doesn't accept the URI path, unlike the others
            url = if name != "sabnzbd" then
              "http://${attrs.url}/${name}"
            else
              "http://${attrs.url}";
            # Exportarr is trained to pull from the arr services
          in ''
            ${pkgs.exportarr}/bin/exportarr ${name} \
                        --url ${url} \
@ -212,7 +197,7 @@ in {
      prefix = "API_KEY=";
    };
-    # Prometheus scrape targets (expose Exportarr to Prometheus)
+    # Prometheus scrape targets
    prometheus.scrapeTargets = map (key:
      "127.0.0.1:${
        lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig
--- a/modules/nixos/services/backups.nix
+++ b/modules/nixos/services/backups.nix
@ -1,6 +1,3 @@
 # This is my setup for backing up SQlite databases and other systems to S3 or
 # S3-equivalent services (like Backblaze B2).
 { config, lib, ... }: {
  options = {
--- a/modules/nixos/services/bind.nix
+++ b/modules/nixos/services/bind.nix
@ -1,10 +1,3 @@
 # Bind is a DNS service. This allows me to resolve public domains locally so
 # when I'm at home, I don't have to travel over the Internet to reach my
 # server.
 # To set this on all home machines, I point my router's DNS resolver to the
 # local IP address of the machine running this service (swan).
 { config, pkgs, lib, ... }:
 let
@ -23,19 +16,11 @@ in {
  config = lib.mkIf config.services.bind.enable {
    # Normally I block all requests not coming from Cloudflare, so I have to also
    # allow my local network.
    caddy.cidrAllowlist = [ "192.168.0.0/16" ];
    services.bind = {
      # Allow requests coming from these IPs. This way I don't somehow get
      # spammed with DNS requests coming from the Internet.
      cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
      # When making normal DNS requests, forward them to Cloudflare to resolve.
      forwarders = [ "1.1.1.1" "1.0.0.1" ];
      ipv4Only = true;
      # Use rpz zone as an override
@ -62,7 +47,6 @@ in {
    };
    # We must allow DNS traffic to hit our machine as well
    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];
--- a/modules/nixos/services/caddy.nix
+++ b/modules/nixos/services/caddy.nix
@ -1,14 +1,3 @@
 # Caddy is a reverse proxy, like Nginx or Traefik. This creates an ingress
 # point from my local network or the public (via Cloudflare). Instead of a
 # Caddyfile, I'm using the more expressive JSON config file format. This means
 # I can source routes from other areas in my config and build the JSON file
 # using the result of the expression.
 # Caddy helpfully provides automatic ACME cert generation and management, but
 # it requires a form of validation. We are using a custom build of Caddy
 # (compiled with an overlay) to insert a plugin for managing DNS validation
 # with Cloudflare's DNS API.
 { config, pkgs, lib, ... }: {
  options = {
@ -53,17 +42,12 @@
      configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
        apps.http.servers.main = {
          listen = [ ":443" ];
          # These routes are pulled from the rest of this repo
          routes = config.caddy.routes;
          errors.routes = config.caddy.blocks;
-
+          logs = { }; # Uncomment to collect access logs
          logs = { }; # Uncommenting collects access logs
        };
        apps.http.servers.metrics = { }; # Enables Prometheus metrics
        apps.tls.automation.policies = config.caddy.tlsPolicies;
        # Setup logging to file
        logging.logs.main = {
          encoder = { format = "console"; };
          writer = {
@ -74,23 +58,13 @@
          };
          level = "INFO";
        };
      });
    };
    # Allows Caddy to serve lower ports (443, 80)
    systemd.services.caddy.serviceConfig.AmbientCapabilities =
      "CAP_NET_BIND_SERVICE";
    # Required for web traffic to reach this machine
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    # HTTP/3 QUIC uses UDP (not sure if being used)
    networking.firewall.allowedUDPPorts = [ 443 ];
    # Caddy exposes Prometheus metrics with the admin API
    # https://caddyserver.com/docs/api
    prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
  };
--- a/modules/nixos/services/calibre.nix
+++ b/modules/nixos/services/calibre.nix
@ -1,9 +1,3 @@
 # Calibre-web is an E-Book library and management tool.
 # - Exposed to the public via Caddy.
 # - Hostname defined with config.hostnames.books
 # - File directory backed up to S3 on a cron schedule.
 { config, pkgs, lib, ... }:
 let
@ -32,7 +26,6 @@ in {
      };
    };
    # Allow web traffic to Caddy
    caddy.routes = [{
      match = [{ host = [ config.hostnames.books ]; }];
      handle = [{
@ -42,8 +35,6 @@ in {
              builtins.toString config.services.calibre-web.listen.port
            }";
        }];
        # This is required when calibre-web is behind a reverse proxy
        # https://github.com/janeczku/calibre-web/issues/19
        headers.request.add."X-Script-Name" = [ "/calibre-web" ];
      }];
    }];
--- a/modules/nixos/services/cloudflare-tunnel.nix
+++ b/modules/nixos/services/cloudflare-tunnel.nix
@ -1,12 +1,3 @@
 # Cloudflare Tunnel is a service for accessing the network even behind a
 # firewall, through outbound-only requests. It works by installing an agent on
 # our machines that exposes services through Cloudflare Access (Zero Trust),
 # similar to something like Tailscale.
 # In this case, we're using Cloudflare Tunnel to enable SSH access over a web
 # browser even when outside of my network. This is probably not the safest
 # choice but I feel comfortable enough with it anyway.
 { config, lib, ... }:
 # First time setup:
@ -49,28 +40,23 @@
      tunnels = {
        "${config.cloudflareTunnel.id}" = {
          credentialsFile = config.secrets.cloudflared.dest;
          # Catch-all if no match (should never happen anyway)
          default = "http_status:404";
          # Match from ingress of any valid server name to SSH access
          ingress = { "*.masu.rs" = "ssh://localhost:22"; };
        };
      };
    };
    # Grant Cloudflare access to SSH into this server
    environment.etc = {
      "ssh/ca.pub".text = ''
        ${config.cloudflareTunnel.ca}
      '';
-      # Must match the username portion of the email address in Cloudflare
+      # Must match the username of the email address in Cloudflare Access
      # Access
      "ssh/authorized_principals".text = ''
        ${config.user}
      '';
    };
    # Adjust SSH config to allow access from Cloudflare's certificate
    services.openssh.extraConfig = ''
      PubkeyAuthentication yes
      TrustedUserCAKeys /etc/ssh/ca.pub
--- a/modules/nixos/services/cloudflare.nix
+++ b/modules/nixos/services/cloudflare.nix
@ -1,13 +1,5 @@
 # This module is necessary for hosts that are serving through Cloudflare.
 # Cloudflare is a CDN service that is used to serve the domain names and
 # caching for my websites and services. Since Cloudflare acts as our proxy, we
 # must allow access over the Internet from Cloudflare's IP ranges.
 # We also want to validate our HTTPS certificates from Caddy. We'll use Caddy's
 # DNS validation plugin to connect to Cloudflare and automatically create
 # validation DNS records for our generated certificates.
 { config, pkgs, lib, ... }:
 let
@ -67,9 +59,10 @@ in {
        };
      }];
    }];
    # Allow Caddy to read Cloudflare API key for DNS validation
    systemd.services.caddy.serviceConfig.EnvironmentFile =
      config.secrets.cloudflareApi.dest;
    systemd.services.caddy.serviceConfig.AmbientCapabilities =
      "CAP_NET_BIND_SERVICE";
    # API key must have access to modify Cloudflare DNS records
    secrets.cloudflareApi = {
@ -80,7 +73,7 @@ in {
    };
    # Allows Nextcloud to trust Cloudflare IPs
-    services.nextcloud.extraOptions.trusted_proxies = cloudflareIpRanges;
+    services.nextcloud.config.trustedProxies = cloudflareIpRanges;
  };
 }
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -1,6 +1,3 @@
 # This file imports all the other files in this directory for use as modules in
 # my config.
 { ... }: {
  imports = [
@ -16,7 +13,6 @@
    ./gnupg.nix
    ./grafana.nix
    ./honeypot.nix
    ./influxdb2.nix
    ./jellyfin.nix
    ./keybase.nix
    ./mullvad.nix
@ -24,7 +20,6 @@
    ./netdata.nix
    ./nextcloud.nix
    ./paperless.nix
    ./postgresql.nix
    ./prometheus.nix
    ./samba.nix
    ./secrets.nix
--- a/modules/nixos/services/gitea-runner.nix
+++ b/modules/nixos/services/gitea-runner.nix
@ -1,9 +1,3 @@
 # Gitea Actions is a CI/CD service for the Gitea source code server, meaning it
 # allows us to run code operations (such as testing or deploys) when our git
 # repositories are updated. Any machine can act as a Gitea Action Runner, so
 # the Runners don't necessarily need to be running Gitea. All we need is an API
 # key for Gitea to connect to it and register ourselves as a Runner.
 { config, pkgs, lib, ... }:
 {
--- a/modules/nixos/services/gitea.nix
+++ b/modules/nixos/services/gitea.nix
@ -11,21 +11,11 @@ in {
        actions.ENABLED = true;
        metrics.ENABLED = true;
        repository = {
          # Pushing to a repo that doesn't exist automatically creates one as
          # private.
          DEFAULT_PUSH_CREATE_PRIVATE = true;
          # Allow git over HTTP.
          DISABLE_HTTP_GIT = false;
          # Allow requests hitting the specified hostname.
          ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
          # Automatically create viable users/orgs on push.
          ENABLE_PUSH_CREATE_USER = true;
          ENABLE_PUSH_CREATE_ORG = true;
          # Default when creating new repos.
          DEFAULT_BRANCH = "main";
        };
        server = {
@ -35,15 +25,11 @@ in {
          SSH_PORT = 22;
          START_SSH_SERVER = false; # Use sshd instead
          DISABLE_SSH = false;
          # SSH_LISTEN_HOST = "0.0.0.0";
          # SSH_LISTEN_PORT = 122;
        };
        # Don't allow public users to register accounts.
        service.DISABLE_REGISTRATION = true;
        # Force using HTTPS for all session access.
        session.COOKIE_SECURE = true;
        # Hide users' emails.
        ui.SHOW_USER_EMAIL = false;
      };
      extraConfig = null;
@ -53,7 +39,6 @@ in {
    users.users.${config.user}.extraGroups = [ "gitea" ];
    caddy.routes = [
      # Prevent public access to Prometheus metrics.
      {
        match = [{
          host = [ config.hostnames.git ];
@ -64,7 +49,6 @@ in {
          status_code = "403";
        }];
      }
      # Allow access to primary server.
      {
        match = [{ host = [ config.hostnames.git ]; }];
        handle = [{
@ -79,7 +63,6 @@ in {
      }
    ];
    # Scrape the metrics endpoint for Prometheus.
    prometheus.scrapeTargets = [
      "127.0.0.1:${
        builtins.toString config.services.gitea.settings.server.HTTP_PORT
--- a/modules/nixos/services/gnupg.nix
+++ b/modules/nixos/services/gnupg.nix
@ -1,5 +1,3 @@
 # GPG is an encryption tool. This isn't really in use for me at the moment.
 { config, pkgs, lib, ... }: {
  options.gpg.enable = lib.mkEnableOption "GnuPG encryption.";
--- a/modules/nixos/services/grafana.nix
+++ b/modules/nixos/services/grafana.nix
@ -7,7 +7,6 @@ in {
  config = lib.mkIf config.services.grafana.enable {
    # Allow Grafana to connect to email service
    secrets.mailpass-grafana = {
      source = ../../../private/mailpass-grafana.age;
      dest = "${config.secretsDirectory}/mailpass-grafana";
--- a/modules/nixos/services/honeypot.nix
+++ b/modules/nixos/services/honeypot.nix
@ -1,10 +1,7 @@
-# This is a tool for blocking IPs of anyone who attempts to scan all of my
+{ config, lib, pkgs, ... }:
 # ports.
 # Currently has some issues that don't make this viable.
 { config, lib, pkgs, ... }:
 # Taken from:
 # https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html
--- a/modules/nixos/services/influxdb2.nix
+++ b/modules/nixos/services/influxdb2.nix
@ -1,61 +0,0 @@
 # InfluxDB is a timeseries database similar to Prometheus. While
 # VictoriaMetrics can also act as an InfluxDB, this version of it allows for
 # infinite retention separate from our other metrics, which can be nice for
 # recording health information, for example.
 { config, lib, ... }: {
  config = {
    services.influxdb2 = {
      provision = {
        enable = true;
        initialSetup = {
          bucket = "default";
          organization = "main";
          passwordFile = config.secrets.influxdb2Password.dest;
          retention = 0; # Keep data forever
          tokenFile = config.secrets.influxdb2Token.dest;
          username = "admin";
        };
      };
      settings = { };
    };
    # Create credentials file for InfluxDB admin
    secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
      source = ../../../private/influxdb2-password.age;
      dest = "${config.secretsDirectory}/influxdb2-password";
      owner = "influxdb2";
      group = "influxdb2";
      permissions = "0440";
    };
    systemd.services.influxdb2Password-secret =
      lib.mkIf config.services.influxdb2.enable {
        requiredBy = [ "influxdb2.service" ];
        before = [ "influxdb2.service" ];
      };
    secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
      source = ../../../private/influxdb2-token.age;
      dest = "${config.secretsDirectory}/influxdb2-token";
      owner = "influxdb2";
      group = "influxdb2";
      permissions = "0440";
    };
    systemd.services.influxdb2Token-secret =
      lib.mkIf config.services.influxdb2.enable {
        requiredBy = [ "influxdb2.service" ];
        before = [ "influxdb2.service" ];
      };
    caddy.routes = lib.mkIf config.services.influxdb2.enable [{
      match = [{ host = [ config.hostnames.influxdb ]; }];
      handle = [{
        handler = "reverse_proxy";
        upstreams = [{ dial = "localhost:8086"; }];
      }];
    }];
  };
 }
--- a/modules/nixos/services/jellyfin.nix
+++ b/modules/nixos/services/jellyfin.nix
@ -1,6 +1,3 @@
 # Jellyfin is a self-hosted video streaming service. This means I can play my
 # server's videos from a webpage, mobile app, or TV client.
 { config, pkgs, lib, ... }: {
  config = lib.mkIf config.services.jellyfin.enable {
@ -9,7 +6,6 @@
    users.users.jellyfin = { isSystemUser = true; };
    caddy.routes = [
      # Prevent public access to Prometheus metrics.
      {
        match = [{
          host = [ config.hostnames.stream ];
@ -20,7 +16,6 @@
          status_code = "403";
        }];
      }
      # Allow access to normal route.
      {
        match = [{ host = [ config.hostnames.stream ]; }];
        handle = [{
@ -52,9 +47,6 @@
    users.users.jellyfin.extraGroups =
      [ "render" "video" ]; # Access to /dev/dri
    # Fix issue where Jellyfin-created directories don't allow access for media group
    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
    # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
    prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
--- a/modules/nixos/services/keybase.nix
+++ b/modules/nixos/services/keybase.nix
@ -1,23 +1,23 @@
 # Keybase is an encrypted communications tool with a synchronized encrypted
 # filestore that can be mounted onto a machine's filesystem.
 { config, pkgs, lib, ... }: {
  options.keybase.enable = lib.mkEnableOption "Keybase.";
  config = lib.mkIf config.keybase.enable {
-    home-manager.users.${config.user} = lib.mkIf config.keybase.enable {
+    services.keybase.enable = true;
-
+    services.kbfs = {
-      services.keybase.enable = true;
+      enable = true;
-      services.kbfs = {
+      # enableRedirector = true;
-        enable = true;
+      mountPoint = "/run/user/1000/keybase/kbfs";
-        mountPoint = "keybase";
+    };
-      };
+    security.wrappers.keybase-redirector = {
-
+      setuid = true;
-      # https://github.com/nix-community/home-manager/issues/4722
+      owner = "root";
-      systemd.user.services.kbfs.Service.PrivateTmp = lib.mkForce false;
+      group = "root";
      source = "${pkgs.kbfs}/bin/redirector";
    };
    home-manager.users.${config.user} = {
      home.packages = [ (lib.mkIf config.gui.enable pkgs.keybase-gui) ];
      home.file = let
        ignorePatterns = ''
--- a/modules/nixos/services/mullvad.nix
+++ b/modules/nixos/services/mullvad.nix
@ -1,5 +1,3 @@
 # Mullvad is a VPN service. This isn't currently in use for me at the moment.
 { config, pkgs, lib, ... }: {
  options.mullvad.enable = lib.mkEnableOption "Mullvad VPN.";
--- a/modules/nixos/services/n8n.nix
+++ b/modules/nixos/services/n8n.nix
@ -1,6 +1,3 @@
 # n8n is an automation integration tool for connecting data from services
 # together with triggers.
 { config, lib, ... }: {
  options = {
--- a/modules/nixos/services/netdata.nix
+++ b/modules/nixos/services/netdata.nix
@ -1,6 +1,3 @@
 # Netdata is an out-of-the-box monitoring tool that exposes many different
 # metrics. Not currently in use, in favor of VictoriaMetrics and Grafana.
 { config, lib, ... }: {
  options.netdata.enable = lib.mkEnableOption "Netdata metrics.";
--- a/modules/nixos/services/nextcloud.nix
+++ b/modules/nixos/services/nextcloud.nix
@ -3,7 +3,7 @@
  config = lib.mkIf config.services.nextcloud.enable {
    services.nextcloud = {
-      package = pkgs.nextcloud28; # Required to specify
+      package = pkgs.nextcloud27; # Required to specify
      configureRedis = true;
      datadir = "/data/nextcloud";
      database.createLocally = true;
@ -13,26 +13,18 @@
      config = {
        adminpassFile = config.secrets.nextcloud.dest;
        dbtype = "mysql";
        extraTrustedDomains = [ config.hostnames.content ];
        trustedProxies = [ "127.0.0.1" ];
      };
-      extraOptions = {
+      extraOptions = { default_phone_region = "US"; };
        default_phone_region = "US";
        # Allow access when hitting either of these hosts or IPs
        trusted_domains = [ config.hostnames.content ];
        trusted_proxies = [ "127.0.0.1" ];
      };
      extraAppsEnable = true;
      extraApps = with config.services.nextcloud.package.packages.apps; {
        inherit calendar contacts;
        # These apps are defined and pinned by overlay in flake.
        news = pkgs.nextcloudApps.news;
        external = pkgs.nextcloudApps.external;
        cookbook = pkgs.nextcloudApps.cookbook;
        snappymail = pkgs.nextcloudApps.snappymail;
      };
      phpOptions = {
        "opcache.interned_strings_buffer" = "16";
        "output_buffering" = "0";
      };
      phpOptions = { "opcache.interned_strings_buffer" = "16"; };
    };
    # Don't let Nginx use main ports (using Caddy instead)
@ -55,10 +47,7 @@
            handle = [
              {
                handler = "vars";
-                # Grab the webroot out of the written config
+                root = config.services.nextcloud.package;
                # The webroot is a symlinked combined Nextcloud directory
                root =
                  config.services.nginx.virtualHosts.${config.services.nextcloud.hostName}.root;
              }
              {
                handler = "headers";
@ -67,6 +56,13 @@
              }
            ];
          }
          {
            match = [{ path = [ "/nix-apps*" "/store-apps*" ]; }];
            handle = [{
              handler = "vars";
              root = config.services.nextcloud.home;
            }];
          }
          # Reroute carddav and caldav traffic
          {
            match =
--- a/modules/nixos/services/paperless.nix
+++ b/modules/nixos/services/paperless.nix
@ -1,5 +1,3 @@
 # Paperless-ngx is a document scanning and management solution.
 { config, lib, ... }: {
  config = lib.mkIf config.services.paperless.enable {
@ -7,7 +5,7 @@
    services.paperless = {
      mediaDir = "/data/generic/paperless";
      passwordFile = config.secrets.paperless.dest;
-      settings = {
+      extraConfig = {
        PAPERLESS_OCR_USER_ARGS =
          builtins.toJSON { invalidate_digital_signatures = true; };
@ -17,10 +15,7 @@
      };
    };
-    # Allow Nextcloud and user to see files
+    users.users.paperless.extraGroups = [ "generic" ];
    users.users.nextcloud.extraGroups =
      lib.mkIf config.services.nextcloud.enable [ "paperless" ];
    users.users.${config.user}.extraGroups = [ "paperless" ];
    caddy.routes = [{
      match = [{
@ -48,24 +43,6 @@
      before = [ "paperless.service" ];
    };
    # Fix permissions on a regular schedule
    systemd.timers.paperless-permissions = {
      timerConfig = {
        OnCalendar = "*-*-* *:0/5"; # Every 5 minutes
        Unit = "paperless-permissions.service";
      };
      wantedBy = [ "timers.target" ];
    };
    # Fix paperless shared permissions
    systemd.services.paperless-permissions = {
      description = "Allow group access to paperless files";
      serviceConfig = { Type = "oneshot"; };
      script = ''
        find ${config.services.paperless.mediaDir} -type f -exec chmod 640 -- {} +
      '';
    };
  };
 }
--- a/modules/nixos/services/postgresql.nix
+++ b/modules/nixos/services/postgresql.nix
@ -1,22 +0,0 @@
 { config, pkgs, lib, ... }: {
  services.postgresql = {
    package = pkgs.postgresql_15;
    settings = { };
    identMap = "";
    ensureUsers = [{
      name = config.user;
      ensureClauses = {
        createdb = true;
        createrole = true;
        login = true;
      };
    }];
  };
  home-manager.users.${config.user}.home.packages =
    lib.mkIf config.services.postgresql.enable [
      pkgs.pgcli # Postgres client with autocomplete
    ];
 }
--- a/modules/nixos/services/prometheus.nix
+++ b/modules/nixos/services/prometheus.nix
@ -1,9 +1,3 @@
 # Prometheus is a timeseries database that exposes system and service metrics
 # for use in visualizing, monitoring, and alerting (with Grafana).
 # Instead of running traditional Prometheus, I generally run VictoriaMetrics as
 # a more efficient drop-in replacement.
 { config, pkgs, lib, ... }: {
  options.prometheus = {
--- a/modules/nixos/services/samba.nix
+++ b/modules/nixos/services/samba.nix
@ -1,5 +1,3 @@
 # Samba is a Windows-compatible file-sharing service.
 { config, lib, ... }: {
  config = {
--- a/modules/nixos/services/sshd.nix
+++ b/modules/nixos/services/sshd.nix
@ -1,5 +1,3 @@
 # SSHD service for allowing SSH access to my machines.
 { config, pkgs, lib, ... }: {
  options = {
--- a/modules/nixos/services/transmission.nix
+++ b/modules/nixos/services/transmission.nix
@ -1,6 +1,3 @@
 # Transmission is a bittorrent client, which can run in the background for
 # automated downloads with a web GUI.
 { config, pkgs, lib, ... }: {
  options = {
--- a/modules/nixos/services/vaultwarden.nix
+++ b/modules/nixos/services/vaultwarden.nix
@ -1,7 +1,3 @@
 # Vaultwarden is an implementation of the Bitwarden password manager backend
 # service, which allows for self-hosting the synchronization of a Bitwarden
 # password manager client.
 { config, pkgs, lib, ... }:
 let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
--- a/modules/nixos/services/victoriametrics.nix
+++ b/modules/nixos/services/victoriametrics.nix
@ -1,6 +1,3 @@
 # VictoriaMetrics is a more efficient drop-in replacement for Prometheus and
 # InfluxDB (timeseries databases built for monitoring system metrics).
 { config, pkgs, lib, ... }:
 let
--- a/modules/nixos/services/wireguard.nix
+++ b/modules/nixos/services/wireguard.nix
@ -1,6 +1,3 @@
 # Wireguard is a VPN protocol that can be setup to create a mesh network
 # between machines on different LANs. This is currently not in use in my setup.
 { config, pkgs, lib, ... }: {
  options.wireguard.enable = lib.mkEnableOption "Wireguard VPN setup.";
--- a/overlays/age.nix
+++ b/overlays/age.nix
@ -0,0 +1,9 @@
 # Pin age because it is failing to build
 # https://github.com/NixOS/nixpkgs/pull/265753
 inputs: _final: prev: {
  age = prev.age.overrideAttrs (old: {
    src = inputs.age;
    doCheck = false; # https://github.com/FiloSottile/age/issues/517
  });
 }
--- a/overlays/bypass-paywalls-clean.nix
+++ b/overlays/bypass-paywalls-clean.nix
@ -1,20 +0,0 @@
 inputs: _final: prev: {
  # Based on:
  # https://git.sr.ht/~rycee/nur-expressions/tree/master/item/pkgs/firefox-addons/default.nix#L34
  bypass-paywalls-clean = let addonId = "magnolia@12.34";
  in prev.stdenv.mkDerivation rec {
    pname = "bypass-paywalls-clean";
    version = "3.4.9.0";
    src = inputs.bypass-paywalls-clean + "/bypass_paywalls_clean-latest.xpi";
    preferLocalBuild = true;
    allowSubstitutes = true;
    buildCommand = ''
      dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
      mkdir -p "$dst"
      install -v -m644 "${src}" "$dst/${addonId}.xpi"
    '';
  };
 }
--- a/overlays/caddy.nix
+++ b/overlays/caddy.nix
@ -31,7 +31,7 @@ in {
    src = prev.caddy.src;
-    vendorHash = "sha256:pr2MI2Nv9y357lCEEh6aNdmD9FiCaJIkRfHaoWgdQIE=";
+    vendorSha256 = "sha256:0KfMzTt4lNzVfoCfDHhC2ue3OWICkFCHuhREiM2JPMY=";
    overrideModAttrs = (_: {
      preBuild = ''
--- a/overlays/gh-collaborators.nix
+++ b/overlays/gh-collaborators.nix
@ -1,25 +0,0 @@
 _final: prev: {
  gh-collaborators = prev.buildGo120Module rec {
    pname = "gh-collaborators";
    version = "2.0.2";
    src = prev.fetchFromGitHub {
      owner = "katiem0";
      repo = "gh-collaborators";
      rev = version;
      sha256 = "sha256-sz5LHkwZ28aA2vbMnFMzAlyGiJBDZm7jwDQYxgKBPLU=";
    };
    vendorHash = "sha256-rsRDOgJBa8T6+bC/APcmuRmg6ykbIp9pwRnJ9rrfHEs=";
    ldflags = [
      "-s"
      "-w"
      "-X github.com/katiem0/gh-collaborators/cmd.Version=${version}"
      # "-X main.Version=${version}"
    ];
  };
 }
--- a/overlays/neovim-plugins.nix
+++ b/overlays/neovim-plugins.nix
@ -16,6 +16,9 @@ let
 in {
  nil = inputs.nil.packages.${prev.system}.nil;
  vscode-terraform-snippets = inputs.vscode-terraform-snippets;
  nvim-lspconfig = withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig;
  cmp-nvim-lsp = withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp;
  null-ls-nvim = withSrc prev.vimPlugins.null-ls-nvim inputs.null-ls-nvim;
--- a/overlays/nextcloud-apps.nix
+++ b/overlays/nextcloud-apps.nix
@ -16,11 +16,6 @@ inputs: _final: prev: {
      sha256 = inputs.nextcloud-cookbook.narHash;
      license = "agpl3Plus";
    };
    snappymail = prev.fetchNextcloudApp {
      url = inputs.nextcloud-snappymail.outPath;
      sha256 = inputs.nextcloud-snappymail.narHash;
      license = "agpl3Plus";
    };
  };
 }
--- a/overlays/terraform.nix
+++ b/overlays/terraform.nix
@ -1,12 +0,0 @@
 # Fix for Terraform and Consul on Darwin:
 # https://github.com/NixOS/nixpkgs/pull/275534/files
 _final: prev: {
  girara = prev.girara.overrideAttrs (old: {
    mesonFlags = [
      "-Ddocs=disabled"
      (prev.lib.mesonEnable "tests"
        ((prev.stdenv.buildPlatform.canExecute prev.stdenv.hostPlatform)
          && (!prev.stdenv.isDarwin)))
    ];
  });
 }
--- a/overlays/tree-sitter.nix
+++ b/overlays/tree-sitter.nix
@ -32,11 +32,6 @@ inputs: _final: prev: {
      version = "0.1.1";
      src = inputs.tree-sitter-rasi;
    };
    tree-sitter-vimdoc = prev.tree-sitter.buildGrammar {
      language = "vimdoc";
      version = "2.1.0";
      src = inputs.tree-sitter-vimdoc;
    };
  };
 }
--- a/private/influxdb2-password.age
+++ b/private/influxdb2-password.age
@ -1,14 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBhUEdQ
 ejFtQWFabkl3YTJmUmRDS2M1elBrMU5yVHhWWlFLMHdOdlNsNEFRCmREU3ZZWlZi
 R1RLQVorT2dDbFRXc2toMExpNWR1WUEvaVlzUFJ5ZUU3azQKLT4gc3NoLWVkMjU1
 MTkgWXlTVU1RIDY5OGpSWlFTT2EvUzV4ajQwUG5YL3loSWhGbjV6U2J4TkFhQm5Y
 RWhvMXcKbUVpQm5wRmtLRGV2SWYzb2c3dnZYREdRSnRtdjJJcjRKTk0rbnMyZmVB
 cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd0o4WGhTQnlkVGhhWG44MmQ1UXFVWjFO
 MS9JcVpEOEIvd3ZuNmVmN2d3dwpYNXF5V05WbHRobVlIWVM2VHN1TjcyVG81cHp1
 V0pnWTduZFFWQks2ZFY0Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBkWXlRejFNdHJk
 azg0aUpzL1JMSWUvWkdXUmpLc3pVUEZTNGFwTG0rRlNrCjMyVTE5c1pjRlowVlJ4
 YmFtRzEzV1dCU0FoeUJPMjQzWHErc0h4RWhLbDgKLS0tIHhzK20vTzFPdVROVW44
 MkNhb2VWZHBqeXY0MWZuTDFUMXdNazMwTG8yZTQK1CrrD2tin/3ZhV2D1XJvkbUN
 2Nw4ASdPdRXaQJw5CMhlrW6rgSnC81j0249F7D7ZfAlo62ANOfLyL9Lv2FVGzg==
 -----END AGE ENCRYPTED FILE-----
--- a/private/influxdb2-token.age
+++ b/private/influxdb2-token.age
@ -1,14 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmTnVo
 eFlINGttSEZYTlZucVVWemlMMk0reHNKcjF3SmhCQllXdmw5RzBBCnl0NWZVb1ZW
 MWRzc05pNVVWTlRyNzNRaDlYTm5TSVF3ZGNMclhyY0R3bUkKLT4gc3NoLWVkMjU1
 MTkgWXlTVU1RIEppTjJPUmxlamdLY2xxRVBwcFBmTTdOM3dLU3h3YnA2TlhRWXRu
 OGJrR28KMW9JQUFDcXFLOTk4NDVHQmJucEZuOElLaG5Eb1lyK1NGTUJaMkFONit1
 dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgZkF5MVNGK3FRV2JPVDFGMkY5SWxGWVVK
 YThUVFk2VGZZNXN6UWx3eFJ6MAp0d3NGWTRuLzNOb0VxdVUvZ1YwR0lWemc2NDR2
 VFI2eWRjS242SEJrQWx3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBpY2JoaGRKY0ZR
 Y2txWFM1ODJyaW03b0xuRGlJMkVidEVZMGdiU1pTZ1hVCk0yeGF6VWU5LzF0Z1dL
 cnlDUCtLL01EWWo2Q0dYcjdtSjRtSnFjUHNWdzAKLS0tIEI4aWpNc0xqU3ZsLzcz
 TThFNXd0YjQ2MEMzc0JOQXZnTnBaTVg0V1hITzgK8GYZG8/fGXk6ELSB6rnLX0ke
 QqiztfVnV/fpgEgJ/K60Ea3aBe3ELpejzFKZfno+jesvnL5DCMGz7QRRpnThLQ==
 -----END AGE ENCRYPTED FILE-----
--- a/templates/python/flake.nix
+++ b/templates/python/flake.nix
@ -11,7 +11,7 @@
    inputs.pypi-deps-db.follows = "pypi-deps-db";
  };
-  outputs = { nixpkgs, mach-nix, ... }:
+  outputs = { self, nixpkgs, mach-nix }:
    let
      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
      forAllSystems = f: