Merge commit 'caf1394' into development

update remote keys
2026-01-10 15:42:13 +01:00 · 2026-01-10 15:40:07 +01:00
39 changed files with 409 additions and 611 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +0,0 @@
 result*
 .gcroots
--- a/README.md
+++ b/README.md
@@ -1,5 +1,3 @@
 see TODO.md for my aspirations
 ## usage
 ### install
--- a/TODO.md
+++ b/TODO.md
@@ -1,20 +0,0 @@
 - add other remote
 - fully automate remote provisioning (remote keys)
 - fix ipv6 on remotes
 - modularize home manager
 - add services?
    - 0x0
    - forgejo
    - matrix homeserver
    - matrix webclient
    - radicale
    - tor relay
    - wireguard as vpn
 - add home functionality
    - better term emulator
    - switch browser?
        - chromium: much better sandboxing
        - ladybird: be an early tester, contribute
        - glide: sexier tridactyl implementation
        - browsh: the GOAT
    - get mouse out of here
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1770165109,
+        "lastModified": 1762618334,
-        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
        "type": "github"
      },
      "original": {
@@ -23,28 +23,6 @@
        "type": "github"
      }
    },
    "anki-cli": {
      "inputs": {
        "fenix": "fenix",
        "naersk": "naersk",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1776540672,
        "narHash": "sha256-D43SN81mM21icdtK/9JDwaXsIhFv+gm4G8KXhJDCxsQ=",
        "ref": "refs/heads/master",
        "rev": "bcd83506ea691861562ade66ce23f57b27e57ee2",
        "revCount": 12,
        "type": "git",
        "url": "https://git.mtgmonkey.net/Andromeda/anki-cli.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.mtgmonkey.net/Andromeda/anki-cli.git"
      }
    },
    "base16": {
      "inputs": {
        "fromYaml": "fromYaml"
@@ -151,59 +129,35 @@
        "type": "github"
      }
    },
-    "fenix": {
+    "disko": {
      "inputs": {
        "nixpkgs": [
          "anki-cli",
          "nixpkgs"
-        ],
+        ]
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1776153734,
+        "lastModified": 1746728054,
-        "narHash": "sha256-QvkVX4Go+BnNgQQLc5Ma3WNBZOG5Jpdqsy8Ri0/CbSQ=",
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
        "owner": "nix-community",
-        "repo": "fenix",
+        "repo": "disko",
-        "rev": "a8b0e62fb39299fbeb1aa365f4b57e2c258a178e",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "repo": "fenix",
+        "ref": "latest",
-        "type": "github"
+        "repo": "disko",
      }
    },
    "fenix_2": {
      "inputs": {
        "nixpkgs": [
          "anki-cli",
          "naersk",
          "nixpkgs"
        ],
        "rust-analyzer-src": "rust-analyzer-src_2"
      },
      "locked": {
        "lastModified": 1752475459,
        "narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=",
        "owner": "nix-community",
        "repo": "fenix",
        "rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "fenix",
        "type": "github"
      }
    },
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1775176642,
+        "lastModified": 1764724327,
-        "narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=",
+        "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "179704030c5286c729b5b0522037d1d51341022c",
+        "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
        "type": "github"
      },
      "original": {
@@ -215,15 +169,15 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1767039857,
+        "lastModified": 1761588595,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
-        "owner": "NixOS",
+        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
@@ -273,11 +227,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769996383,
+        "lastModified": 1760948891,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
        "type": "github"
      },
      "original": {
@@ -294,11 +248,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775087534,
+        "lastModified": 1763759067,
-        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
+        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
+        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
        "type": "github"
      },
      "original": {
@@ -336,11 +290,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775585728,
+        "lastModified": 1763988335,
-        "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
+        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "580633fa3fe5fc0379905986543fd7495481913d",
+        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
        "type": "github"
      },
      "original": {
@@ -374,18 +328,20 @@
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1767737596,
+        "host": "gitlab.gnome.org",
-        "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
+        "lastModified": 1764524476,
        "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
+        "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
-        "type": "github"
+        "type": "gitlab"
      },
      "original": {
        "host": "gitlab.gnome.org",
        "owner": "GNOME",
        "ref": "gnome-49",
        "repo": "gnome-shell",
-        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
+        "type": "gitlab"
        "type": "github"
      }
    },
    "home-manager": {
@@ -416,32 +372,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776562531,
+        "lastModified": 1766980997,
-        "narHash": "sha256-Lh5Ns9DI67E+lSMOCGK0S+mFPy0mz0yOGiJTUXiR9JI=",
+        "narHash": "sha256-oegDNAvyQwaG3GqSi4U5jpKM7SYHGESGVIuKMRV/lbw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5b56ad02dc643808b8af6d5f3ff179e2ce9593f4",
+        "rev": "7a7b43c7231a439d248179ba8d561dd6cd81799b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_3": {
      "inputs": {
        "nixpkgs": [
          "impermanence",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1768598210,
        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
        "type": "github"
      },
      "original": {
@@ -451,16 +386,12 @@
      }
    },
    "impermanence": {
      "inputs": {
        "home-manager": "home-manager_3",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1769548169,
+        "lastModified": 1737831083,
-        "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
@@ -471,11 +402,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1770419553,
+        "lastModified": 1758834834,
-        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
+        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
+        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
        "type": "github"
      },
      "original": {
@@ -484,46 +415,20 @@
        "type": "github"
      }
    },
    "naersk": {
      "inputs": {
        "fenix": "fenix_2",
        "nixpkgs": [
          "anki-cli",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1776193198,
        "narHash": "sha256-U4w4GpgYt72z8pBKMDaqzlnPJRxI9pn+8tr7SOAxocE=",
        "owner": "nix-community",
        "repo": "naersk",
        "rev": "e4e2ee6c9af67ecd4abb102fc32b9e49c70d92ff",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "naersk",
        "type": "github"
      }
    },
    "ndg": {
      "inputs": {
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_2"
          "nvf",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1768214250,
+        "lastModified": 1765720983,
-        "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=",
+        "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=",
        "owner": "feel-co",
        "repo": "ndg",
-        "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8",
+        "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936",
        "type": "github"
      },
      "original": {
        "owner": "feel-co",
        "ref": "refs/tags/v2.6.0",
        "repo": "ndg",
        "type": "github"
      }
@@ -531,11 +436,11 @@
    "nix-zulip": {
      "flake": false,
      "locked": {
-        "lastModified": 1775149560,
+        "lastModified": 1764583012,
-        "narHash": "sha256-UoF4z9JL0J5hh3d33ToZKY8ve1R3+3X7bPMVXxN2oMw=",
+        "narHash": "sha256-6ht4dtI1TBDAaB/Tatq+FcPexaZTBWuRiJGnioCDx5c=",
        "ref": "refs/heads/main",
-        "rev": "0ee7f76d6d40f550e10041932aa73ea03b9915cd",
+        "rev": "a9dd0f80d775745f1d88055f24d944562db97c5e",
-        "revCount": 90,
+        "revCount": 67,
        "type": "git",
        "url": "https://git.afnix.fr/nix-zulip/nix-zulip"
      },
@@ -554,11 +459,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776557524,
+        "lastModified": 1766321686,
-        "narHash": "sha256-mOIdjVcnB+IOdJu5FBvRJMD6gQSl7JZJopSiaW1bEdc=",
+        "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "fdb1be9b5064df55d5fe27247932aa0c01cd71d4",
+        "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3",
        "type": "gitlab"
      },
      "original": {
@@ -569,11 +474,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768564909,
+        "lastModified": 1766651565,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
        "type": "github"
      },
      "original": {
@@ -585,20 +490,40 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1776169885,
+        "lastModified": 1764242076,
-        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "noshell": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1717396029,
        "narHash": "sha256-NPIhvnTYkJZqTY+aabbZ6CAaMAgG6IISvh7GZo1MTfQ=",
        "owner": "viperML",
        "repo": "noshell",
        "rev": "4d194d838a50ea106cd0e47c024e47afc154ab42",
        "type": "github"
      },
      "original": {
        "owner": "viperML",
        "repo": "noshell",
        "type": "github"
      }
    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
@@ -607,11 +532,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776587421,
+        "lastModified": 1767026366,
-        "narHash": "sha256-rO2dca1U5xao5BMg+Os2HySVmQlq5hR49NNrGc9dEkg=",
+        "narHash": "sha256-TqJXPpEPYfeFCbraquNdrB1dJYuEqV474Npv8UcNxrs=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "11f5d7471f1999a8130e953209765a19f2fb74e5",
+        "rev": "1f8c02a96c58c0dd90f2de45440b9ef01571abc3",
        "type": "github"
      },
      "original": {
@@ -632,11 +557,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775228139,
+        "lastModified": 1764773531,
-        "narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=",
+        "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "601971b9c89e0304561977f2c28fa25e73aa7132",
+        "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
        "type": "github"
      },
      "original": {
@@ -657,11 +582,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1776539146,
+        "lastModified": 1766596669,
-        "narHash": "sha256-zuaO3Gi+HUf4Udv6wiCsK29SKh/Q6kwacpTn8gIwyZY=",
+        "narHash": "sha256-9C72hpMDa99n4MbqZqsBkrBQZe+HEN9lnu7Sme67nmU=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "2809f4d43071e124f316ecf6dd0c68302f1078af",
+        "rev": "ef1f22efaf4aa37ba9382a7d1807fa8ac9c097fd",
        "type": "github"
      },
      "original": {
@@ -677,69 +602,35 @@
        ]
      },
      "locked": {
-        "lastModified": 1776592848,
+        "lastModified": 1766543224,
-        "narHash": "sha256-xpoDCBLPNViU9kxDr8f2z1MuPLvrmCkrJxymUuanv88=",
+        "narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
-        "ref": "refs/heads/pages",
+        "owner": "celenityy",
-        "rev": "1c69c28a9b6184529c0f756a386c6fbfde35a150",
+        "repo": "Phoenix",
-        "revCount": 2812,
+        "rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
-        "type": "git",
+        "type": "github"
        "url": "https://codeberg.org/andromeda-fp/Phoenix"
      },
      "original": {
-        "rev": "1c69c28a9b6184529c0f756a386c6fbfde35a150",
+        "owner": "celenityy",
-        "type": "git",
+        "repo": "Phoenix",
-        "url": "https://codeberg.org/andromeda-fp/Phoenix"
+        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "anki-cli": "anki-cli",
+        "disko": "disko",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "nix-zulip": "nix-zulip",
        "nixos-mailserver": "nixos-mailserver",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "noshell": "noshell",
        "nur": "nur",
        "nvf": "nvf",
        "phoenix": "phoenix",
        "stylix": "stylix"
      }
    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
        "lastModified": 1776115521,
        "narHash": "sha256-N/R1//Xd8vr84LtyTy8CVz7V2n9NJXXlJEODSunLE9c=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
        "rev": "5205b52ea60dd49c7e33dd2ad1a3e7ef55bb30ec",
        "type": "github"
      },
      "original": {
        "owner": "rust-lang",
        "ref": "nightly",
        "repo": "rust-analyzer",
        "type": "github"
      }
    },
    "rust-analyzer-src_2": {
      "flake": false,
      "locked": {
        "lastModified": 1752428706,
        "narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
        "rev": "591e3b7624be97e4443ea7b5542c191311aa141d",
        "type": "github"
      },
      "original": {
        "owner": "rust-lang",
        "ref": "nightly",
        "repo": "rust-analyzer",
        "type": "github"
      }
    },
    "stylix": {
      "inputs": {
        "base16": "base16",
@@ -754,17 +645,18 @@
        ],
        "nur": "nur_2",
        "systems": "systems_3",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
        "tinted-schemes": "tinted-schemes",
        "tinted-tmux": "tinted-tmux",
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1776170745,
+        "lastModified": 1766603026,
-        "narHash": "sha256-Tl1aZVP5EIlT+k0+iAKH018GLHJpLz3hhJ0LNQOWxCc=",
+        "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=",
        "owner": "nix-community",
        "repo": "stylix",
-        "rev": "e3861617645a43c9bbefde1aa6ac54dd0a44bfa9",
+        "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430",
        "type": "github"
      },
      "original": {
@@ -818,6 +710,23 @@
        "type": "github"
      }
    },
    "tinted-foot": {
      "flake": false,
      "locked": {
        "lastModified": 1726913040,
        "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
        "owner": "tinted-theming",
        "repo": "tinted-foot",
        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
        "type": "github"
      },
      "original": {
        "owner": "tinted-theming",
        "repo": "tinted-foot",
        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
        "type": "github"
      }
    },
    "tinted-kitty": {
      "flake": false,
      "locked": {
@@ -837,11 +746,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1772661346,
+        "lastModified": 1763914658,
-        "narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=",
+        "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "13b5b0c299982bb361039601e2d72587d6846294",
+        "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
        "type": "github"
      },
      "original": {
@@ -853,11 +762,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1772934010,
+        "lastModified": 1764465359,
-        "narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=",
+        "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d",
+        "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
        "type": "github"
      },
      "original": {
@@ -869,11 +778,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1772909925,
+        "lastModified": 1764464512,
-        "narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=",
+        "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df",
+        "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -4,8 +4,8 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    anki-cli = {
+    disko = {
-      url = "git+https://git.mtgmonkey.net/Andromeda/anki-cli.git";
+      url = "github:nix-community/disko/latest";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
@@ -22,6 +22,10 @@
      url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
      flake = false;
    };
    noshell = {
      url = "github:viperML/noshell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nur = {
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -31,8 +35,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    phoenix = {
-      # TODO when pull #270 gets merged use celenity again
+      url = "github:celenityy/Phoenix";
      url = "git+https://codeberg.org/andromeda-fp/Phoenix?rev=1c69c28a9b6184529c0f756a386c6fbfde35a150";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    stylix = {
@@ -42,12 +45,13 @@
  };
  outputs = {
    agenix,
-    anki-cli,
+    disko,
    home-manager,
    impermanence,
    nixos-mailserver,
    nixpkgs,
    nix-zulip,
    noshell,
    nur,
    nvf,
    phoenix,
@@ -67,20 +71,19 @@
            ./secrets.nix
            ./modules/nixos/common.nix
            agenix.nixosModules.default
            disko.nixosModules.disko
            impermanence.nixosModules.impermanence
            nixos-mailserver.nixosModule
-            nix-zulip'.nixosModules.zulip
+            noshell.nixosModules.default
            phoenix.nixosModules.default
-            ({pkgs, ...}: {
+            nix-zulip'.nixosModules.zulip
            {
              nixpkgs.overlays = [
                agenix.overlays.default
                nur.overlays.default
                nix-zulip'.overlays.default
                (self: super: {
                  anki-cli = anki-cli.packages.${machine.system}.default;
                })
              ];
-            })
+            }
          ]
          ++ machine.modules;
      };
@@ -90,7 +93,6 @@
        {
          home-manager.useGlobalPkgs = true;
          home-manager.extraSpecialArgs = {inherit machine;};
          home-manager.backupFileExtension = "bak";
          home-manager.users =
            builtins.mapAttrs
            (name: value: value)
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,24 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/machines.nix
+++ b/machines.nix
@@ -11,7 +11,6 @@
      # hardware configuration
      # includes `system.stateVersion`
      ./modules/nixos/machines/lenovo.nix
      ./modules/nixos/zram.nix
      # boot process
      # systemd-boot
@@ -20,9 +19,6 @@
      # networking
      ./modules/nixos/laptop.nix
      # vpn
      # ./modules/nixos/openvpn-client.nix
      # ly display manager
      ./modules/nixos/ly.nix
@@ -30,18 +26,7 @@
      ./modules/nixos/sway.nix
      # apps
      # UNFREE
      ./modules/nixos/steam.nix
      # substitutors
      ./substitutors.nix
      {
        services.guix = {
          enable = true;
          stateDir = "/gnu/var";
        };
      }
    ];
  };
  "109-199-104-83" = {
@@ -49,18 +34,32 @@
    system = "x86_64-linux";
    users = [];
    modules = [
      # impermanence
      ./modules/nixos/impermanence.nix
      ./modules/nixos/impermanence-ssh.nix
      # hardware configuration
-      # from gitlab:whitequark/nixos-bite
+      # verbatim as `nixos-generate-config` AND `system.stateVersion`
      ./modules/nixos/machines/109-199-104-83.nix
      ./modules/nixos/disko/remote.nix
      # boot process
      # grub boot on /dev/sda
      ./modules/nixos/boot/109-199-104-83.nix
      # networking
      ./modules/nixos/networking/domains/galaxious.de.nix
      # uses cloud-init to network
      ./modules/nixos/networking/networks/109-199-104-83.nix
      # ssh through port 5522 among other things
      # andromeda@lenovo is the only user allowed access
      ./modules/nixos/networking/hard-ssh.nix
      ./modules/nixos/networking/ssh-as-root.nix
      ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
      # TODO add Impermanence to the following services
      # simple-nixos-mailserver email server
      # mail.domain
      ./modules/nixos/mailserver.nix
@@ -69,13 +68,15 @@
      # webmail.domain
      ./modules/nixos/roundcube.nix
      # BROKEN
      # forgejo
      # git.domain
-      # ./modules/nixos/forgejo.nix
+      ./modules/nixos/forgejo.nix
      # BROKEN
      # zulip chat client
      # chat.domain
      # zulip chat server
      # zulip.domain
      # ./modules/nixos/zulip.nix
    ];
  };
--- a/modules/nixos/boot/109-199-104-83.nix
+++ b/modules/nixos/boot/109-199-104-83.nix
@@ -0,0 +1,9 @@
 {
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  age.identityPaths = [
    "/persist/etc/ssh/ssh_host_ed25519_key"
  ];
 }
--- a/modules/nixos/common.nix
+++ b/modules/nixos/common.nix
@@ -10,8 +10,8 @@
  ];
  # allows users to customize shell in `$XDG_CONFIG_HOME/shell` rather than
-  # needing /etc/shells. Useful for home-manager.
+  # needing /etc/shells. Useful for home-manager. Falls back.
-  # programs.noshell.enable = true;
+  programs.noshell.enable = true;
  # cleans /tmp to maintain a tidy system
  boot.tmp.cleanOnBoot = true;
--- a/modules/nixos/disko/remote.nix
+++ b/modules/nixos/disko/remote.nix
@@ -0,0 +1,64 @@
 {
  disko.devices = {
    disk = {
      disk1 = {
        device = "/dev/sda";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            # legacy boot
            boot = {
              name = "boot";
              size = "1M";
              type = "EF02";
            };
            # efi boot
            esp = {
              name = "ESP";
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            # btrfs
            # root is on nodev
            root = {
              size = "100%";
              content = {
                extraArgs = ["-f"]; # internet told me to, works
                type = "btrfs";
                subvolumes = {
                  # nix store
                  "/nix" = {
                    mountpoint = "/nix";
                  };
                  # persistant directory
                  "/persist" = {
                    mountpoint = "/persist";
                  };
                };
              };
            };
          };
        };
      };
    };
    nodev = {
      # root
      "/" = {
        fsType = "tmpfs";
        mountOptions = [
          "defaults"
          "mode=755" # stops security complaints
        ];
      };
    };
  };
 }
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -7,7 +7,6 @@
      "/var/log"
      "/var/lib/nixos"
      "/var/lib/systemd/coredump"
      "/gnu"
    ];
    files = [
      "/etc/machine-id"
--- a/modules/nixos/laptop.nix
+++ b/modules/nixos/laptop.nix
@@ -7,7 +7,7 @@
  services.blueman.enable = true;
  # locale
-  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.defaultLocale = "de_DE.UTF-8";
  time.timeZone = "Europe/Berlin";
  # networking
--- a/modules/nixos/machines/109-199-104-83.nix
+++ b/modules/nixos/machines/109-199-104-83.nix
@@ -1,38 +1,25 @@
-{modulesPath, ...}: {
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
-  system.stateVersion = "25.11";
+# and may be overwritten by future invocations.  Please make changes
-
+# to /etc/nixos/configuration.nix instead.
  # Hardware
  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
  fileSystems."/" = {
    device = "/dev/sda1";
    fsType = "ext4";
  };
  boot.loader.grub.device = "/dev/sda";
  boot.loader.timeout = 30;
  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
  boot.initrd.kernelModules = ["nvme"];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  # Networking
  networking = {
    useNetworkd = true;
    usePredictableInterfaceNames = true;
  };
  systemd.network = {
    enable = true;
    networks."40-wan" = {
      matchConfig.Name = "enx0050565f4fff";
      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
      routes = [
 {
-          Gateway = "109.199.96.1";
+  config,
-          GatewayOnLink = true;
+  lib,
-        }
+  pkgs,
-        {Gateway = "fe80::1";}
+  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
-      dns = ["2020:fe::10" "9.9.9.10"];
+
-    };
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
-  };
+  boot.initrd.kernelModules = [];
  boot.kernelModules = [];
  boot.extraModulePackages = [];
  swapDevices = [];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  system.stateVersion = "26.05";
 }
--- a/modules/nixos/machines/lenovo.nix
+++ b/modules/nixos/machines/lenovo.nix
@@ -8,7 +8,6 @@
  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
  boot.initrd.kernelModules = [];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
@@ -18,29 +17,7 @@
    options = ["subvol=root"];
  };
-  boot.initrd.systemd = {
+  boot.initrd.postResumeCommands = lib.mkAfter ''
    services.impermanent-btrfs = {
      description = "saves old root and makes new one";
      unitConfig.DefaultDependencies = false;
      serviceConfig = {
        Type = "oneshot";
        StandardOutput = "journal+console";
        StandardError = "journal+console";
      };
      requiredBy = [
        "initrd.target"
      ];
      before = [
        "sysroot.mount"
      ];
      requires = [
        "initrd-root-device.target"
      ];
      after = [
        "initrd-root-device.target"
        "local-fs-pre.target"
      ];
      script = ''
    mkdir /btrfs_tmp
    mount ${config.fileSystems."/".device} /btrfs_tmp
    if [[ -e /btrfs_tmp/root ]]; then
@@ -70,18 +47,6 @@
    rm -r /btrfs_tmp/root/persist
    umount /btrfs_tmp
  '';
    };
    extraBin = {
      "mkdir" = "${pkgs.coreutils}/bin/mkdir";
      "date" = "${pkgs.coreutils}/bin/date";
      "stat" = "${pkgs.coreutils}/bin/stat";
      "mv" = "${pkgs.coreutils}/bin/mv";
      "cp" = "${pkgs.coreutils}/bin/cp";
      "rm" = "${pkgs.coreutils}/bin/rm";
      "btrfs" = "${pkgs.btrfs-progs}/bin/btrfs";
      # find, mount, umount already there
    };
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -2,14 +2,10 @@
  mailserver = {
    enable = true;
    stateVersion = 3;
    # domain bs
    fqdn = "mail.${config.networking.domain}";
    domains = ["${config.networking.domain}"];
    x509.useACMEHost = config.mailserver.fqdn;
    loginAccounts = {
      # test acc
      "test@${config.networking.domain}" = {
        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
      };
@@ -19,17 +15,6 @@
      };
    };
  };
  # put dkim key into /etc for declarability
  mailserver.dkimKeyDirectory = "/etc/dkim";
  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
    source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
    mode = "600";
    user = config.services.rspamd.user;
    group = config.services.rspamd.group;
  };
  # does acme for me
  services.nginx = {
    enable = true;
    virtualHosts = {
@@ -37,14 +22,18 @@
        forceSSL = true;
        enableACME = true;
      };
      "${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "mtgmonket@gmail.com";
  };
  environment.persistence."/persist" = {
    directories = [
      "/var/dkim"
      "/var/vmail"
      "/var/lib/redis-rspamd"
      "/var/lib/acme"
    ];
  };
 }
--- a/modules/nixos/networking/hard-ssh.nix
+++ b/modules/nixos/networking/hard-ssh.nix
@@ -4,6 +4,7 @@
    allowSFTP = false;
    ports = [5522];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = true;
    };
--- a/modules/nixos/networking/networks/109-199-104-83.nix
+++ b/modules/nixos/networking/networks/109-199-104-83.nix
@@ -0,0 +1,15 @@
 {
  networking = {
    useDHCP = false;
    hostName = "109-199-104-83";
    firewall = {
      enable = true;
      allowedTCPPorts = [80 443];
      allowedUDPPorts = [80 443];
    };
  };
  services.cloud-init = {
    enable = true;
    network.enable = true;
  };
 }
--- a/modules/nixos/roundcube.nix
+++ b/modules/nixos/roundcube.nix
@@ -9,4 +9,8 @@
      $config['smtp_pass'] = "%p";
    '';
  };
  environment.persistence."/persist".directories = [
    "/var/lib/roundcube"
    "/var/lib/postgresql"
  ];
 }
--- a/modules/nixos/zram.nix
+++ b/modules/nixos/zram.nix
@@ -1,8 +0,0 @@
 {
  zramSwap = {
    enable = true;
    priority = 100;
    algorithm = "zstd";
    memoryPercent = 75;
  };
 }
--- a/modules/nixos/zulip.nix
+++ b/modules/nixos/zulip.nix
@@ -8,47 +8,25 @@
    # host domain
    host = "chat.${config.networking.domain}";
-    # secrets; head rolled on keyboard for all :)
+    # secrets
    camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
    rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
    secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
    sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
    avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
-
+    extraSecrets = {
-    # TODO check for parity with `mailserver-acc-admin-pw.age`
+      email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
-    extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
+    };
    # settings
    zulipSettings = rec {
-      # email users
+      EMAIL_USE_TLS = true;
-      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
+      EMAIL_PORT = 587;
      EMAIL_HOST_USER = ZULIP_ADMINISTRATOR;
      # configure mailserver port
      EMAIL_HOST = config.mailserver.fqdn;
      EMAIL_USE_SSL = true;
      EMAIL_PORT = 465;
      # setting to allow realm creation; probably unsafe, might delete later :3
      OPEN_REALM_CREATION = true;
      # send all noreply emails from `admin@galaxious.de`
      # TODO configure admin to send from any address
      ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
      NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;
-
+      OPEN_REALM_CREATION = true;
      # domain name
      EXTERNAL_HOST = config.services.zulip.host;
      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
    };
  };
  # persist
  environment.persistence."/persist".directories = [
    # messages
    "/var/lib/rabbitmq"
    # uploads
    "/var/lib/zulip"
    # contrived, but in the store a couple layers down
    # "/var/lib/redis-zulip"
  ];
 }
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,12 +1,10 @@
 {
  age.secrets = {
    andromeda-pw.file = ./secrets/andromeda-pw.age;
    conduit-secretFile.file = ./secrets/conduit-secretFile.age;
    "dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
    mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
-    "mailserver-acc-zulip+admin-pw".file = "${./secrets}/mailserver-acc-zulip+admin-pw.age";
+    "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
    zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
    zulip-camoKey.file = ./secrets/zulip-camoKey.age;
    zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age;
@@ -18,7 +16,7 @@
    ssh = {
      andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
      lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
-      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkg4vbyGDxrAtKFK7Pecr/qDK9cUjv+kfhQMjO6M/Ft root@vmi2998419";
+      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjbjFrGZD98tAb8tnayeGjkcsJ17nAdREugZub3AWz root@109-199-104-83";
    };
  };
 }
--- a/secrets/andromeda-pw.age
+++ b/secrets/andromeda-pw.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg geMV+A9hasvKDnYiQMQWpz2o9mkUhX/Qmc1m4uvKIBs
+-> ssh-ed25519 mT2fyg lpbWxTU6p0TLqdrqEAJLZp9lMuGZiTwZviuMBSq8dAI
-3vYZmwZPDVwqYRe2GHmxPXXx4qSWa3eqcWuH+sKWEYw
+hapEREw5ZqDrUsGYFbVy3ZybfxKv7cKtgsCIRUJNMeQ
-> ssh-ed25519 UHxfvA FzNzq3yYNeDZ5x/g3cRVEaRu0txR3RORSeNFssrVuyc
+-> ssh-ed25519 UHxfvA SrK+1CTq/fkEj/KlSHM+9iQq7AcNFjDwwwEVenbKSCs
-dRQGhtVRMC65sHqlmxSXjwpsxtCqhifkVNWvBrrB4b8
+zVNGyZbWQCrgmQ/uNCv23O6i6GfDdOoYHPN0E7A0XbE
--- bHi+Q07PCpmPzalAkbaN+/H1tXLyJNbpBs3VMpDnSnU
+--- KpfV8+Snrp9R69h5TVphgzvxEsDgaXI1Wva8iq5Y0Mk
-+y¾2‚µÊZ4å<34>'RÔ”ÅÍPX—òR;HŠ”ÞHÆÏw‡éF7dÎñÖO¥<>ß€•ïs«.„ó<E2809E>J<EFBFBD>èärXqB¬ûPÉ¢™XÖ<58>ËÈE‘£»%¿¡Öè+(ä^=øÙöeugïêS;“2
+<ivÆ‘Þj¯/zíë—¹mÂ…ÿ?±û½ÿù~\£=Õ5žL˜M”¤D¬ù¬Ãêûã(H$‰Ëã^<5E>f¾9‹º;ÀjˆaV8Èq“wµeôë£Œ<C2A3>%Û‡ªU
--- a/secrets/conduit-secretFile.age
+++ b/secrets/conduit-secretFile.age
@@ -1,10 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 mT2fyg k+ePDybTbw1Pwy6P8+5HlGg6oCWQsTKVT4j/WUpZcCI
 F2ySmW8tJ1BDBvLbqtrTMrnPkESAtwXBgzcQ7nVh8+A
 -> ssh-ed25519 UHxfvA /RzKa63+zOkHudFPCS1hLxj4PjGZCtZ2UIIK0mdItBQ
 TqdH3kQgMCEtG+rxx+dR+5/tcw05s63Dc1UFflRkoMA
 -> ssh-ed25519 ZwF9sQ FvquxZ8PsmsoV06o4dBsKZOq46S08Rn1aT3Aco9TuDg
 UnBKQCYXPa897ahVsj90XsVPuU4RKQ8RmMStY8BuubQ
 --- MbfHHesbaIlXIg5jziBe4YG95I85ZuikuJLc9F/TEeQ
 L("Ùß%DYÅ$°Ový¤:G5ÏzèWsœ¡šÏ‹pï<>/ËúðV¹}ëû2xˆ«gRT‰Ã3|Pµ°/§n¼•òÆcIq(7Q-W[ä»ÐØL]ØE¥LS%y3w}¶Œµ°€°“Ütµ/£¿äO /<<3C>þm ÜfþCôn’4”ºÑPyÚ'%+NY´à›B@>œF<>ÐÒ	è`,æ-–¯0Ox)<1D>á
 Ä)kT”ÍVòBxYì‹ 
--- a/secrets/dkim-galaxious.de.mail.key.age
+++ b/secrets/dkim-galaxious.de.mail.key.age
--- a/secrets/mailserver-acc-admin-pw.age
+++ b/secrets/mailserver-acc-admin-pw.age
--- a/secrets/mailserver-acc-test-pw.age
+++ b/secrets/mailserver-acc-test-pw.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg gUoqW4Oc/4kGV97GqzjBgoAGbDlPr30HQjCSi95IakU
+-> ssh-ed25519 mT2fyg BHPXb0yAMGIMJoEFJFzq5YQrlj7C0IyXcIKHtEbQmiw
-WLqdKLGAY//HKMhiWeOEbRkVTUm+bNcGCRwvZ+jxFiQ
+0ilGBqIPjzYe0l6N/PXdTWW3spJZIsIBC0B62wdutNc
-> ssh-ed25519 UHxfvA w82yDFitNUAnKzT/0mPNIm4Od9YLwDK+JIHBd6qRsSQ
+-> ssh-ed25519 UHxfvA 4KodpMUl2mkRcsKY7EzoMgIeWQ0yqyW+NqQheyHd6w0
-uHYX5DugH0tLqLR1phnyYBNiP2XOV2Hj9tw63+MD1JI
+JMei4drWd0VG/qHDAlucoFtYlDAv/whTKrs23q9YX+c
-> ssh-ed25519 ZwF9sQ 6dTsOKixioy+ypnpWm1YtKYPrHcS/RSKsoq3o2bnjk8
+-> ssh-ed25519 EL/Tyg Ip6g9rPqiKDUlmrBO+Bfu+VAi6rx90zUBxzbKupXHXE
-WYED7jkCVNLBaputl0JcfEz8GOX4doUNEihj6ZHx8Eo
+AK9id0HQqWPzNrK3AVox4vUO4mQlI/uZY7+ez8992K4
--- XOUmVi4QpCXDy4yVCZuwiv8Sg+LOsX9vfydM6OqGfTM
+--- rhCvXjaEy9bzdG5UTR6HcQvHfioEJi4H0BFjyrQopLc
-»?A³Ý'©p…@¶cUØ£Ì8º“1&9aXgÔyj°(óýz+$P36£<36>#ÂºîƒÊrçRDÊŒ7ªß¥.óÖ\:Ãþpcß<63>œÇp¯Ø€GÓ&+”Öb¢|ž’ß<E28099>6¢ é’Ý»YŽ
+ÞñÙ ŸJl¼O¹Wñ¿u1ú•Ê€…÷ŽË±¬XÊd1	“[²éƒ||Bt‡\µ ™h¾#ŒÝÑ£'åb£™Aðîz"n1\Áõq0£—a<E28094>:Ñ®T‚¢ëEGÑ	bø Cy÷†7Uá‰W
--- a/secrets/mailserver-acc-zulip+admin-pw.age
+++ b/secrets/mailserver-acc-zulip+admin-pw.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg vcICwHDjTfVHh0+Ip1XKs/6Fo0H1i5lTjBAw1M4NSHA
+-> ssh-ed25519 mT2fyg /YSp9eYFPJT5Vj1lkw19CfDCW8bauZ2b1BiMtdZKTnY
-ZzxDjKEUdmyhFjPivAslXxr7tZnj7CVTcffuIhVdekI
+sJL2tL8nmh7q/8raA6Nnha2J9witk3994fxyvGcmBoA
-> ssh-ed25519 UHxfvA UPc1hBrbx37a4wn/XBxjwQLOk1M0HnHbHpqAQFUhnn8
+-> ssh-ed25519 UHxfvA 68lyvttT185FSxrJLdAv2Qdb9/50Dn8zL5K5v7knz2A
-girao3TUDhFe1knuCUtYOh39ukXumjd7s1qzXXLGPjQ
+hrT93PeA+zX+ilXUjVuNQQi3nHED/ksmY82x89gJxj0
-> ssh-ed25519 ZwF9sQ O2QJh1Zsdu0tIA90pTv5NrfcXDAcYFyduq8AtTG7Ujs
+-> ssh-ed25519 EL/Tyg RDA+VpzH1QetDunca2R3KyzvBs0c1Hyp/BCDSGB+DQc
-ahnpyUSFuSwW1Zx7WzqDXFJtYCaUfwJdCyyr5enLz5I
+o9k3z0FO/VXubhug6eeSDRwed2zvu+pbWeed6cKOun0
--- fYyjQduWvTrenIiJtljSkEZXuyTRWJOvx9LeWoI3ew0
+--- 8dCuX7j1i7EiXtF6jILoMUt8RxxBXnMgDqvqp2uMSOk
-…ußß˜LÒ8ïÎ:ÂT·$…<10> ñJë´+LÄ?„zÇÍü5rL(MìýÁÑiÀý˜<C3BD>ˆFÀ’N‚±.W+ß·U28Èd$µ<>¯<EFBFBD>Á£‘8Üõm¡4:‘N´<g)©Š‰Ä&Í$Jþ=‚Ævœ
+€‚××ýÓ.ã‚Úg5†ˆT<CB86>oek'—nÎ-7:±šàXEúa£ú¢÷pbíRéådQš¢±çåª<þ)n^q·yõEJ·
 Ë¬ëà«³a<18>e9u·ë’*N$€èXõVÉÈmgŒ(ÃŠ†& 
--- a/secrets/mtgmonkey-pw.age
+++ b/secrets/mtgmonkey-pw.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,14 +8,6 @@ in {
  "andromeda-pw.age".publicKeys = [andromeda lenovo];
  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
  # contains the following env
  # CONDUIT_JWT_SECRET
  # CONDUIT_TURN_SECRET
  "conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # dkim private keys
  "dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # mail account passwords
  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
--- a/secrets/zulip-avatarSaltKey.age
+++ b/secrets/zulip-avatarSaltKey.age
--- a/secrets/zulip-camoKey.age
+++ b/secrets/zulip-camoKey.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg cz2kWYGsZU08Sh3+mJHqhTC9lhqHvwzmgIHu+SUkVxU
+-> ssh-ed25519 mT2fyg F5X75uA03GCdN5hiq4K6GPkjZOEGNxmZ71X8Gx0VeFY
-bDFcYokAEj4UulAtYNvW9inoRJzoD+z1lSCQRcpyd7o
+nURLjoD+R284PtDudfVRVwByEP836e+rhQyggmZG5Jg
-> ssh-ed25519 UHxfvA 0npgMgYOhrxSgprdVNXIRFtrkeMWL5xEoaOjg0MAu0M
+-> ssh-ed25519 UHxfvA 6hSu9W0aRzw6lzOg8VtnR19/byrMv3Ioc3dY/HQD3Qc
-53VyXcDQxM7hoGt1deuJfKuOkKwz0P++JvUHOW7PxpQ
+bTaLokq4Gn/tpCM7b10ME5MPR0oR3QyAKmlhXlrhLJw
-> ssh-ed25519 ZwF9sQ F+Hx3aJDjCAPe4wEhBg8kjZla/iF92kzFWfdh1ll0BU
+-> ssh-ed25519 EL/Tyg 4k+vFxHeqISiWexGj5IAvXRpWdheKDJ/8b9dy8EYVHU
-yUFzyxm40BVyIKLR/LfB2mTwNzIpPxJ0Ix1/x6vYVjg
+eRBAnmIxuXtgi7dVTHfH0Q9h8KsyrVD0tTK0PlXO0EE
--- PMzNF3mxVzePmAZBtX36NtPf04L7x30kCjv69G6nMSQ
+--- ZLCSwwY0oD0L1nwBKhZlRmDG4dj6MdjXZFQoITaECDg
-¼¡žˆÈ
+èoÓˆÏlÎÀŽNq«[ïªJ)&7¯`:Þ¸`©×†ÿDµë/JåÙ±Fö[<12>©Aù#–Z»ÇÁLÿy²)"gtßÍ*%4ôá˜¨ÍO¢9Î‘v
--- a/secrets/zulip-extraSecrets-email_password.age
+++ b/secrets/zulip-extraSecrets-email_password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg eVTpn6pJgpLbIqorjaLhK+VRCcVIjYZEWkUqSmSWQQU
+-> ssh-ed25519 mT2fyg 6o7tjdOI24SQ/wAIw6DhF59ZSCY+5weRUxCqQso6PnI
-j5C4x3gBgVoVmOZicfNu6r7QVebx8jFcWlvy0/Ku4jI
+1OdvoW2M8etjWYM87ZW2muKpNUV+iOFY8NCd1Wopjkk
-> ssh-ed25519 UHxfvA Hnf8ZGN4cpyeR4VVEaQbatDP3mDj7XsfoTrpzYmLjDA
+-> ssh-ed25519 UHxfvA ksk6McR1jrkxTmGqMnkhM0b41+AZc26LoainR5CGmC8
-2lCD8WzjiIxYhSa69Jb1QO2tjFBikffBuMszpD2W1y0
+AZTynapDNQ8aLFx7Rcu3dLVxJnuKcb8Emak9SjEOQcU
-> ssh-ed25519 ZwF9sQ 9Z6NdJ1Aeexe4NZmV/PO6ChB1B36U4MZura/jHgaxns
+-> ssh-ed25519 EL/Tyg ZQaWIGPt41SwnQpGFnAadZmC/bVuTJx2v15GMmqjlU4
-V/xIoskMZQIIZGNwWK0THfhWX1dKk0cG8stawVJfCZo
+3/S32mze090ThCPZF/lDs3xvsaAKNgfrM7I09WUGtsk
--- FNvKumqiJ1HBogji3Orpzo+gr0ug4ZxJUqBjaBuMgj8
+--- aRUPFhqwkRAzL2sQW4UJPPhV/EEvWCmXLE7PjHMLtnU
-uó*àaPj"µ2wÔ6Þø<C39E>C§_p=;$œ%²‡SœˆkÏžE¾oª-8
+Ûàš×ØßmÑa_VX#!Ü[dà[ÁüÐö£®×s½M”!©/þb[ãJÄÝ[
--- a/secrets/zulip-rabbitmqPassword.age
+++ b/secrets/zulip-rabbitmqPassword.age
@@ -1,9 +1,11 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg uUrI8E1hJ4i9HvhuiIOkS1mq3ndb0+XGKt28QxykWFo
+-> ssh-ed25519 mT2fyg zafxexSagQeL9Upbgi6UCWKIWN93OIViw3U/aFn6p28
-pfgscE+abzJJCebpnwbJqwX44hpEalpAXqaxpFFZxZA
+jEUjCPoCuIHJ1ICP8gkHj4kWQaTAhEtoS4QDJLCQQek
-> ssh-ed25519 UHxfvA PHnGkUxtgDq7Ga+ncROQm9SL3Nuc1TsbMY6ygi8GHQ4
+-> ssh-ed25519 UHxfvA UiU/MjBeFl7r0HIjMqTMSYGGa/S84ZpyEXMoyKhrMwc
-oqkbG58Ic498g/WXAEyyqF3KiP/+3gHWPhq6YjE678w
+sCCXk319YR7WOd2YGjl+hgi4xk+yE7eyN9Z6I1qDu40
-> ssh-ed25519 ZwF9sQ FI2MOOEgVUKaNh5kVzcB47uWkbVpqFEXguw9K+qER38
+-> ssh-ed25519 EL/Tyg 4YvWb6Ht4w6jtJZ7ROXzOLDIKjK0H5nDJSFADTcYiDg
-t0TkUx2KcGh0VWs9rpWTEcQtDcnzFvf9JPtzi+xaJWI
+pDaPf5o6dFfE+J6CsEG4grI1DmBGuLCPcOys5q28pHo
--- kaUIyFhjX4STKsMWF895pyYy8x2Jec4nkPJaZfm1hb0
+--- rtPaK/w9Hla1apU/p3m+oORkmorylxOokUf64Le6A08
-äí…'ñ*—9.°‰|¿¢ÚÛQ°ÔØ›‡gr”ê†@Û*Î›Û…`O)Ëœp'Z2Õ³W!ŽÌ÷a!²Þ?VäIÓ(€õ±zæ˜
+´-sNŸß}üv
 lQw•¿‰
 +·¬>ÉŽ®™·#	€ºîcÄ»þ&Œûµuºë—‹(F—S*ªÒ@k'(›¸KzÆ³¼Â©P<C2A9>K
--- a/secrets/zulip-secretKey.age
+++ b/secrets/zulip-secretKey.age
--- a/secrets/zulip-sharedSecretKey.age
+++ b/secrets/zulip-sharedSecretKey.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg 4WzB2cKVeTprMRbzzeWqvUieOAqmge52lLEVJXg8tGA
+-> ssh-ed25519 mT2fyg 2nDDyTFBWePI5AQn2gKWA3bJRJLkdY642nO+lP3VHgk
-RH32zi4PfJKPycdps995m8AX6WuVMVERYrMqJzQwim8
+L3QjA1urvUsFQ7D282BvfB2nRvDfQ2dDgPU//579Dzs
-> ssh-ed25519 UHxfvA OQCGh+cRuROC9FxKYGQy4dZSXcTkMdR4UAslUDnIxEs
+-> ssh-ed25519 UHxfvA BPbkHPRgQWlWfP3XdQYso1R7IWt/mXk00z6AKb1YeTs
-wTxR9650mpxfuDlfcRXUJ/Gk5K1N0HQAfvhpEQIBLHY
+uzUc7K+G3nyX6Amjab0nuSqUAIqze+qWzmhL4NWFv9M
-> ssh-ed25519 ZwF9sQ PlG426CbQYbRwM7NqMtXIyMnZzucT/lgLqkmznIM9EM
+-> ssh-ed25519 EL/Tyg oKcrvdDUPqVBFPKO5XtN3wHlS0/VQ65JoDf3BZHKNz0
-3Xgy9OoejdHtU7aiXFz3xm1JLMY6gJMGqUq93yLKxS4
+nNnPODexacfxehSra59D/QSePJ0ReN8t5CVbOwRwuDU
--- G7bINjEQ5e6AAYex0W9GPc4Djn9yd0+J1lmSYYNBwz0
+--- yBSSTuxraK6ijWNnC9zJfIzrVHLOu4neg60ZvbFKyuM
-é#1†Eu¥˜ý³UGnÚCA›¬4ã]¸nÞõóIãŸI8a/w„KõF©b‘÷Éø<C389>S+OªÚ…a`ð€.>†Žiç¿« Ëï’ÃÔØ]
+Ò;||Âã‘õ¾<>ððˆÆe!Üä@¼¥ÏÅ%<Úh·õD)ßï¯®æJH‰@4¯
 tþ£J
--- a/substitutors.nix
+++ b/substitutors.nix
@@ -1,8 +0,0 @@
 {
  # spectrum
  nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
  nix.settings.trusted-public-keys = [
    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
  ];
 }
--- a/users.nix
+++ b/users.nix
@@ -3,7 +3,9 @@
  lib,
  machine,
  ...
-}: {
+}: let
  machines = import ./machines.nix;
 in {
  users.users =
    builtins.mapAttrs
    (name: value: lib.mkIf (builtins.elem name machine.users) value)
@@ -13,9 +15,8 @@
        description = "andromeda";
        hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path;
        extraGroups = [
-          "networkmanager" # network configuration
+          "networkmanager"
-          "wheel" # serial
+          "wheel"
          "dialout" # access to serial ports
        ];
      };
    };
@@ -26,22 +27,17 @@
      "andromeda" = {
        directories = [
          ".backups"
          ".gnupg"
          ".local/share/AAAAXY"
          ".local/share/Anki2"
          ".local/share/chat.fluffy.fluffychat"
          ".local/share/Mindustry"
          ".local/share/Steam"
          ".local/share/zoxide"
          ".ssh"
          ".steam"
          "conf"
          "Downloads"
          "conf_v1"
          "pp"
        ];
        files = [
          ".bash_history"
          ".brush_history"
        ];
      };
    }
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -18,6 +18,7 @@
    };
 in {
  imports = [./stylix.nix];
  xdg.configFile."shell".source = lib.getExe pkgs.brush;
  xdg.configFile."sway/config".source = lib.mkForce sway_config;
  wayland.windowManager.sway.enable = true;
  home = {
@@ -25,35 +26,25 @@ in {
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "26.05";
    packages = [
      pkgs.aaaaxy
      pkgs.acpi
      pkgs.agenix
      pkgs.alacritty
      pkgs.anki
      pkgs.anki-cli
      pkgs.brightnessctl
      pkgs.brush
      pkgs.dust
      pkgs.fluffychat
      pkgs.fzf
      pkgs.gdb
      pkgs.geeqie
      pkgs.glow
      pkgs.grim
      pkgs.hexdump
      pkgs.http-server
      pkgs.jmtpfs
      pkgs.mindustry-wayland
      pkgs.nasm
      pkgs.nix-output-monitor
      pkgs.npins
      pkgs.ranger
      pkgs.rip2
      pkgs.ripgrep
      pkgs.slurp
      pkgs.tokei
      pkgs.tree
-      pkgs.wget
+      pkgs.zoxide
      pkgs.xxd
    ];
    file.${background-path}.source = config.stylix.image;
  };
@@ -61,7 +52,6 @@ in {
    alacritty.enable = true;
    bash = {
      enable = true;
      enableCompletion = false;
      shellAliases = {
        neofetch = "fastfetch";
        ls = lib.mkForce "lsd";
@@ -73,6 +63,7 @@ in {
      };
      bashrcExtra = ''
        PS1="\u@\h:\w$"
        eval "$(zoxide init bash)"
      '';
    };
    btop = {
@@ -100,23 +91,6 @@ in {
      };
    };
    fastfetch.enable = true;
    firefox = {
      enable = true;
      package = pkgs.firefox.override {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username} = {
        extensions = {
          force = true;
          packages = [
            pkgs.nur.repos.rycee.firefox-addons.tridactyl
          ];
        };
        settings = {
          "extensions.autoDisableScopes" = 0;
        };
      };
    };
    git = {
      enable = true;
      settings = {
@@ -128,15 +102,20 @@ in {
      };
    };
    gh.enable = true;
    gpg = {
      enable = true;
    };
    home-manager.enable = true;
    firefox = {
      enable = true;
      package = pkgs.firefox.override {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username}.extensions.packages = [
        pkgs.nur.repos.rycee.firefox-addons.tridactyl
      ];
    };
    lsd.enable = true;
    nvf = {
      enable = true;
      settings.vim = {
        startPlugins = [pkgs.vimPlugins.parinfer-rust];
        autocomplete.nvim-cmp.enable = false;
        formatter.conform-nvim = {
          enable = true;
@@ -204,12 +183,6 @@ in {
            enable = true;
            lsp.enable = true;
          };
          rust = {
            enable = true;
            format.enable = true;
            lsp.enable = true;
            treesitter.enable = true;
          };
        };
        lineNumberMode = "relative";
        options = {
@@ -226,13 +199,5 @@ in {
      };
    };
    ssh.enable = true;
    zoxide = {
      enable = true;
      enableBashIntegration = true;
    };
  };
  services.gpg-agent = {
    enable = true;
    pinentry.package = pkgs.pinentry-curses;
  };
 }
--- a/users/andromeda/sway_config
+++ b/users/andromeda/sway_config
@@ -55,12 +55,6 @@ bindsym $mod+Shift+8 move container to workspace number 8
 bindsym $mod+Shift+9 move container to workspace number 9
 bindsym $mod+Shift+0 move container to workspace number 0
 seat * hide_cursor 100
 input type:touchpad events disabled
 bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
 bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
 bindsym $mod+f fullscreen
 bindsym $mod+Shift+space floating toggle
 bindsym $mod+Shift+minus move scratchpad
@@ -70,8 +64,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
 bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
 bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
 bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
-bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
-bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
 default_border none
 font pango:monospace 0.001
Author	SHA1	Message	Date
andromeda	03f5bbf2c0	Merge commit 'caf1394' into development	2026-01-10 15:42:13 +01:00
andromeda	caf139425f	update remote keys	2026-01-10 15:40:07 +01:00