hosts: kabtop: remove hardware module

secrets: rekey
hosts: kabtopci: fix path and add mount script
2024-06-11 17:56:04 +02:00 · 2024-06-11 17:55:44 +02:00 · 2024-06-11 17:14:24 +02:00 · 2024-06-09 15:40:51 +02:00 · 2024-06-09 15:17:55 +02:00 · 2024-06-09 11:01:05 +02:00
54 changed files with 875 additions and 534 deletions
--- a/disko/mount.sh
+++ b/disko/mount.sh
@@ -0,0 +1,11 @@
 #!/usr/bin/env bash
 disk="/dev/vda"
 mountpoint="/mnt"
 mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
 mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
 mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
 mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
 mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
 mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1715290355,
+        "lastModified": 1716561646,
-        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
        "type": "github"
      },
      "original": {
@@ -31,11 +31,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711299236,
+        "lastModified": 1717535930,
-        "narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
+        "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "880573f80d09e18a11713f402b9e6172a085449f",
+        "rev": "55e7754ec31dac78980c8be45f8a28e80e370946",
        "type": "github"
      },
      "original": {
@@ -66,28 +66,6 @@
        "type": "github"
      }
    },
    "devshell": {
      "inputs": {
        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1713532798,
        "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@@ -104,36 +82,6 @@
        "type": "github"
      }
    },
    "flake-compat_2": {
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "revCount": 57,
        "type": "tarball",
        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
      }
    },
    "flake-compat_3": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -142,11 +90,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709336216,
+        "lastModified": 1717285511,
-        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
        "type": "github"
      },
      "original": {
@@ -155,42 +103,6 @@
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715865404,
        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-root": {
      "locked": {
        "lastModified": 1713493429,
        "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
        "owner": "srid",
        "repo": "flake-root",
        "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
        "type": "github"
      },
      "original": {
        "owner": "srid",
        "repo": "flake-root",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
@@ -227,24 +139,6 @@
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@@ -267,28 +161,6 @@
        "type": "github"
      }
    },
    "gitignore_2": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "pre-commit-hooks",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -317,11 +189,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715930644,
+        "lastModified": 1717525419,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "a7117efb3725e6197dd95424136f79147aa35e5b",
        "type": "github"
      },
      "original": {
@@ -337,37 +209,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1715381426,
+        "lastModified": 1717527182,
-        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
+        "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
+        "rev": "845a5c4c073f74105022533907703441e0464bc3",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_3": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715930644,
        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-24.05",
        "repo": "home-manager",
        "type": "github"
      }
@@ -395,11 +246,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716107076,
+        "lastModified": 1717685136,
-        "narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
+        "narHash": "sha256-S+C/DX5HOhlhJAmcGxbB+Tv6oqZOkr3z/WzPuydXI14=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
+        "rev": "fd13986ede9b94c50e84aecb2c88863e297bbb52",
        "type": "github"
      },
      "original": {
@@ -421,11 +272,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1713369831,
+        "lastModified": 1717801791,
-        "narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
+        "narHash": "sha256-CEotbHLdhkltv8OsHojqN1cJynVMNOX+0lJgqIoD6Gk=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
+        "rev": "e8850266af6aedfd73c46c7518fd54c1f6c89e7b",
        "type": "github"
      },
      "original": {
@@ -444,11 +295,11 @@
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1715787097,
+        "lastModified": 1717441449,
-        "narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
+        "narHash": "sha256-juxjgmLnFbl+/hhIO2cVtIa6caCO4pLKlZWUMwAOznM=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
+        "rev": "e3a4dd5b381fb580804105594cc9c71dc45abdb5",
        "type": "github"
      },
      "original": {
@@ -457,27 +308,6 @@
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715901937,
        "narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
@@ -502,11 +332,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1716034089,
+        "lastModified": 1717828156,
-        "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
+        "narHash": "sha256-YvstO0lobf3JWQuAfZCLYRTROC2ZDEgtWeQtWbO49p4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
+        "rev": "057a7996d012f342a38a26261ee529cebb1755ef",
        "type": "github"
      },
      "original": {
@@ -518,16 +348,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1716061101,
+        "lastModified": 1717696253,
-        "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
+        "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
+        "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -550,11 +380,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1715961556,
+        "lastModified": 1717602782,
-        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
+        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
        "type": "github"
      },
      "original": {
@@ -564,71 +394,12 @@
        "type": "github"
      }
    },
    "nixvim": {
      "inputs": {
        "devshell": "devshell",
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_2",
        "flake-root": "flake-root",
        "home-manager": "home-manager_3",
        "nix-darwin": "nix-darwin",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "pre-commit-hooks": "pre-commit-hooks",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
        "lastModified": 1716125991,
        "narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
        "owner": "nix-community",
        "repo": "nixvim",
        "rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixvim",
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ],
        "nixpkgs-stable": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715870890,
        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "flake-utils": [
          "lanzaboote",
          "flake-utils"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
@@ -637,11 +408,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1710923068,
+        "lastModified": 1717664902,
-        "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
+        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
+        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
        "type": "github"
      },
      "original": {
@@ -661,8 +432,7 @@
        "microvm": "microvm",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs-unstable": "nixpkgs-unstable"
        "nixvim": "nixvim"
      }
    },
    "rust-overlay": {
@@ -677,11 +447,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711246447,
+        "lastModified": 1717726729,
-        "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
+        "narHash": "sha256-2WDKLjVRKWXbadnJHSOUb46PTq3D5nS89vhHTphRw1M=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
+        "rev": "7f52ac9ae95bd60c0780d6e32baea22e542e11e1",
        "type": "github"
      },
      "original": {
@@ -750,42 +520,6 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715940852,
        "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
  inputs =                                                                  # All flake references used to build my NixOS setup. These are dependencies.
    {
      nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
-      nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
      nixos-hardware.url = "github:NixOS/nixos-hardware/master";
      microvm = {
@@ -23,7 +23,7 @@
      impermanence.url = "github:nix-community/impermanence";
      home-manager = {                                                      # User Package Management
-        url = "github:nix-community/home-manager/release-23.11";
+        url = "github:nix-community/home-manager/release-24.05";
        inputs.nixpkgs.follows = "nixpkgs";
      };
@@ -47,28 +47,23 @@
          inputs.nixpkgs.follows = "nixpkgs";
       };
       nixvim = {
           url = "github:nix-community/nixvim";
           inputs.nixpkgs.follows = "nixpkgs-unstable";
       };
    };
-  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
+  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
-    let                                                                     # Variables that can be used in the config files
+    rec {
      user = "kabbone";
      userdmz = "diablo";
      userserver = "mephisto";
      location = "$HOME/.setup";
    in                                                                      # Use above variables in ...
    {
        nixosConfigurations = (                                               # NixOS configurations
          import ./hosts {                                                    # Imports ./hosts/default.nix
            inherit (nixpkgs) lib;
-          inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim;   # Also inherit home-manager so it does not need to be defined here.
+            inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote;   # Also inherit home-manager so it does not need to be defined here.
            nix.allowedUsers = [ "@wheel" ];
            security.sudo.execWheelOnly = true;
          }
        );
        hydraJobs = {
          "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
          "desktop" = nixosConfigurations.desktop.config.system.build.toplevel;
        };
    };
 }
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -185,7 +185,7 @@
  system = {                                # NixOS settings
    autoUpgrade = {                         # Allow auto update
-      enable = true;
+      enable = false;
      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
      randomizedDelaySec = "5m";
      allowReboot = true;
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -11,9 +11,14 @@
 #            └─ ./home.nix 
 #
-{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
+{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
 let
  user = "kabbone";
  userdmz = "diablo";
  userserver = "mephisto";
  location = "$HOME/.setup";
  system = "x86_64-linux";                                  # System architecture
  pkgs = import nixpkgs {
@@ -28,14 +33,14 @@ in
 {
  desktop = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      lanzaboote.nixosModules.lanzaboote
      #nixvim.nixosModules.nixvim
      ./desktop
      ./configuration_desktop.nix
      ../modules/hardware/hydraCache.nix
      ../modules/hardware/remoteBuilder.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
@@ -60,9 +65,8 @@ in
      agenix.nixosModules.default
      ./laptop
      ./configuration_desktop.nix
-      ../modules/hardware/remoteClient.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-gpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
@@ -85,7 +89,7 @@ in
      lanzaboote.nixosModules.lanzaboote
      ./steamdeck
      ./configuration_desktop.nix
-      ../modules/hardware/remoteClient.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
@@ -152,7 +156,7 @@ in
      agenix.nixosModules.default
      ./nasbackup
      ./configuration_desktop.nix
-      ../modules/hardware/remoteClient.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
@@ -174,7 +178,7 @@ in
      agenix.nixosModules.default
      ./jupiter
      ./configuration_desktop.nix
-      ../modules/hardware/remoteClient.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
@@ -189,6 +193,27 @@ in
    ];
  };
  kabtopci = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./kabtopci
      ./configuration_server.nix
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
        };
      }
    ];
  };
  dmz = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -17,7 +17,7 @@
 #           └─ default.nix
 #
-{ config, nixpkgs, pkgs, user, lib, nixvim, ... }:
+{ config, nixpkgs, pkgs, user, lib, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
@@ -68,7 +68,7 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
@@ -79,15 +79,15 @@
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
-    #avahi = {                               # Needed to find wireless printer
+    avahi = {                               # Needed to find wireless printer
-    #  enable = true;
+      enable = true;
-    #  nssmdns = true;
+      nssmdns4 = true;
-    #  publish = {                           # Needed for detecting the scanner
+      publish = {                           # Needed for detecting the scanner
-    #    enable = true;
+        enable = true;
-    #    addresses = true;
+        addresses = true;
-    #    userServices = true;
+        userServices = true;
-    #  };
+      };
-    #};
+    };
    hardware.openrgb = {
        enable = true;
        motherboard = "amd";
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -36,7 +36,6 @@
      #yubioath-flutter
      nitrokey-app
      kicad
      yuzu-mainline
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
--- a/hosts/dmz/default.nix
+++ b/hosts/dmz/default.nix
@@ -24,8 +24,7 @@
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
-    (import ../../modules/services/dmz) ++                       # Server Services
+    (import ../../modules/services/dmz);                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -48,7 +47,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@@ -83,11 +83,14 @@
          "10-lan" = {
              matchConfig.Name = "enp6s18";
              ntp = [ "192.168.101.1" ];
-              domains = [ "home.opel-online.de" ];
+              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
              dns = [
                "192.168.101.1"
              ];
          };
      };
  };
@@ -97,7 +100,7 @@
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
-      allowedTCPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
    };
  };
--- a/hosts/home.nix
+++ b/hosts/home.nix
@@ -81,6 +81,7 @@
      # Flatpak
      prusa-slicer
      orca-slicer
      #vscodium
      (vscode-with-extensions.override {
          vscode = vscodium;
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -53,7 +53,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
@@ -61,7 +61,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -24,8 +24,7 @@
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++  # kvm module options
-    (import ../../modules/services/server) ++                       # Server Services
+    (import ../../modules/services/server)                     # Server Services
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -62,22 +61,22 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    #avahi = {                               # Needed to find wireless printer
-      enable = true;
+    #  enable = true;
-      nssmdns = true;
+    #  nssmdns = true;
-      publish = {                           # Needed for detecting the scanner
+    #  publish = {                           # Needed for detecting the scanner
-        enable = true;
+    #    enable = true;
-        addresses = true;
+    #    addresses = true;
-        userServices = true;
+    #    userServices = true;
-      };
+    #  };
-    };
+    #};
    fail2ban = {
        enable = true;
        maxretry = 5;
--- a/hosts/kabtopci/default.nix
+++ b/hosts/kabtopci/default.nix
@@ -0,0 +1,45 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # Docker
    (import ../../modules/services/kabtopci);                       # Server Services
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
    grub = {
        enable = true;
        device = "/dev/vda";
    };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
  };
 }
--- a/hosts/kabtopci/hardware-configuration.nix
+++ b/hosts/kabtopci/hardware-configuration.nix
@@ -0,0 +1,108 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")];
  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  swapDevices = [  ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kabtopci";
    domain = "ci.kabtop.de";
    networkmanager = {
      enable = false;
    };
    interfaces = {
      ens3 = {
        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
        ipv4.addresses = [ {
            address = "195.90.221.87";
            prefixLength = 22;
        } ];
        ipv6.addresses = [ {
            address = "2a00:6800:3:d5b::2";
            prefixLength = 64;
        } ];
      };
    };
    defaultGateway = "195.90.220.1";
    defaultGateway6 = {
      address = "2a00:6800:3::1";
      interface = "ens3";
    };
    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtopci/home.nix
+++ b/hosts/kabtopci/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -65,7 +65,7 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
@@ -86,7 +86,7 @@
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/nas/default.nix
+++ b/hosts/nas/default.nix
@@ -53,7 +53,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
--- a/hosts/nasbackup/default.nix
+++ b/hosts/nasbackup/default.nix
@@ -45,7 +45,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
@@ -53,7 +53,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/nasbackup/hardware-configuration.nix
+++ b/hosts/nasbackup/hardware-configuration.nix
@@ -51,7 +51,6 @@
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 ];
      instances = {
          hf = {
              onCalendar = "hourly";
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -57,22 +57,22 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    #avahi = {                               # Needed to find wireless printer
-      enable = true;
+    #  enable = true;
-      nssmdns = true;
+    #  nssmdns = true;
-      publish = {                           # Needed for detecting the scanner
+    #  publish = {                           # Needed for detecting the scanner
-        enable = true;
+    #    enable = true;
-        addresses = true;
+    #    addresses = true;
-        userServices = true;
+    #    userServices = true;
-      };
+    #  };
-    };
+    #};
    fail2ban = {
        enable = true;
        maxretry = 5;
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -66,7 +66,7 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      #pinentryFlavor = "curses";
+      #pinentryPackage = pkgs.pinentry-curses;
    };
  };
--- a/modules/hardware/backup.nix
+++ b/modules/hardware/backup.nix
@@ -10,6 +10,5 @@
        roles = [ "source" "info" "send" ];
      }
    ];
    extraPackages = [ pkgs.lz4 ];
  };
 }
--- a/modules/hardware/hydraCache.nix
+++ b/modules/hardware/hydraCache.nix
@@ -0,0 +1,19 @@
 { config, lib, pkgs, ... }:
 {
  nix = {
    settings = {
      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
      ];
      extra-substituters = [
        "https://cache.home.opel-online.de"
      ];
      extra-trusted-substituters = [
        "https://cache.home.opel-online.de"
      ];
    };
  };
 }
--- a/modules/programs/alacritty.nix
+++ b/modules/programs/alacritty.nix
@@ -22,10 +22,6 @@
          #bold = { style = "Bold"; };
 #         size = 8;
        };
        offset = {                            # Positioning
          x = -1;
          y = 0;
        };
      };
    };
  };
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -1,11 +1,91 @@
 { lib, config, pkgs, ... }:
 {
-    services.hydra = {
+    services = {
      hydra = {
        enable = true;
-      hydraURL = "http://localhost:3000";
+        hydraURL = "https://hydra.home.opel-online.de";
        listenHost = "127.0.0.1";
        notificationSender = "hydra@localhost";
        useSubstitutes = true;
        minimumDiskFree = 30;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "home.opel-online.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@opel-online.de";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
        dnsResolver = "9.9.9.9:53";
      };
      certs = {
        "home.opel-online.de" = {
          domain = "*.home.opel-online.de";
          dnsProvider = "netcup";
          environmentFile = config.age.secrets."services/acme/opel-online".path;
          webroot = null;
        };
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = "http:// https://";
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
    age.secrets."services/acme/opel-online" = {
      file = ../../../secrets/services/acme/opel-online.age;
      owner = "acme";
    };
 }
--- a/modules/services/kabtopci/default.nix
+++ b/modules/services/kabtopci/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./microvm.nix
  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/kabtopci/gitea_runner.nix
+++ b/modules/services/kabtopci/gitea_runner.nix
@@ -0,0 +1,59 @@
 { lib, config, pkgs, ... }:
 {
    virtualisation = {
      podman ={
        enable = true;
        autoPrune.enable = true;
        dockerCompat = true;
      };
      containers.containersConf.settings = {
        # podman seems to not work with systemd-resolved
        containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
      };
    };
    services.gitea-actions-runner.instances = {
        cirunner = {
            enable = true;
            url = "https://git.kabtop.de";
            name = "CI Kabtop runner";
            tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
            labels = [ 
              "ci"
              "debian-latest:docker://node:18-bullseye"
              "ubuntu-latest:docker://node:16-bullseye"
              "ubuntu-22.04:docker://node:16-bullseye"
              "ubuntu-20.04:docker://node:16-bullseye"
              "ubuntu-18.04:docker://node:16-buster"
              "native:host"
            ];
            hostPackages = with pkgs; [
              bash
              coreutils
              curl
              gawk
              gitMinimal
              gnused
              nodejs
              wget
            ];
            settings = {
             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
               # the default network that also respects our dns server settings
              container.network = "host";
              container.privileged = false;
             # container.valid_volumes = [
             #   "/nix"
             #   "${storeDeps}/bin"
             #   "${storeDeps}/etc/ssl"
             # ];
            };
        };
    };
    age.secrets."services/gitea/cirunner-token" = {
      file = ../../../secrets/services/gitea/cirunner-token.age;
      owner = "gitea-runner";
    };
 }
--- a/modules/services/kabtopci/hydra.nix
+++ b/modules/services/kabtopci/hydra.nix
@@ -0,0 +1,78 @@
 { lib, config, pkgs, ... }:
 {
    services = {
      hydra = {
        enable = true;
        hydraURL = "https://hydra.ci.kabtop.de";
        listenHost = "127.0.0.1";
        notificationSender = "hydra@kabtop.de";
        useSubstitutes = true;
        minimumDiskFree = 30;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@kabtop.de";
        webroot = "/var/lib/acme/acme-challenge";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = "github:";
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
 }
--- a/modules/services/kabtopci/microvm.nix
+++ b/modules/services/kabtopci/microvm.nix
@@ -0,0 +1,129 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
            [( ./gitea_runner.nix )];
          networking = {
            hostName = "${name}";
            firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
            };
          };
          systemd.network = {
              enable = true;
              networks = {
                  "10-lan" = {
                      matchConfig.Name = "*";
                      networkConfig = {
                        DHCP = "yes";
                        IPv6AcceptRA = true;
                      };
                  };
              };
          };
          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
            uid = 2000;
            openssh.authorizedKeys.keys = [
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
            ];
          };
          services = {
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
              hostKeys = [
              {
                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
                  type = "ed25519";
              }
              {
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
              }];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
            systemPackages = with pkgs; [           # Default packages install system-wide
               bash
               coreutils
               curl
               gawk
               gitMinimal
               gnused
               nodejs
               wget
            ];
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/private"
              ];
              files = [
                "/etc/machine-id"
              ];
            };
          };
          microvm = {
            hypervisor = "qemu";
            vcpu = 4;
            mem = 4096;
            balloonMem = 4096;
            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
              type = "user";
              id = "vm-${name}";
              mac = "04:00:00:00:00:02";
            } ];
             shares = [{
              source = "/nix/store";
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
            }
            {
              source = "/etc/vm-persist/${name}";
              mountPoint = "/persist";
              tag = "persist";
              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
          system.stateVersion = "23.05";
        };
      };
    };
  };
 }
--- a/modules/services/server/nextcloud.nix
+++ b/modules/services/server/nextcloud.nix
@@ -9,15 +9,19 @@
        enable = true;
        hostName = "cloud.kabtop.de";
        https = true;
-        package = pkgs.nextcloud27;
+        package = pkgs.nextcloud29;
        database.createLocally = false;
-        logType = "file";
+        notify_push.enable = true;
        caching = {
            redis = true;
            apcu = false;
        };
-        extraOptions = {
+        settings = {
            log_type = "file";
            logfile = "nextcloud.log";
            overwriteprotocol = "https";
            default_phone_region = "DE";
            redis = {
                host = "/run/redis-nextcloud/redis.sock";
                port = 0;
@@ -25,6 +29,7 @@
            "memcache.local" = "\\OC\\Memcache\\Redis";
            "memcache.distributed" = "\\OC\\Memcache\\Redis";
            "memcache.locking" = "\\OC\\Memcache\\Redis";
            "maintenance_window_start" = "1";
        };
        config = {
            dbtype = "pgsql";
@@ -34,8 +39,6 @@
            adminuser = "kabbone"; 
            adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
            dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
            overwriteProtocol = "https";
            defaultPhoneRegion = "DE";
        };
        phpOptions = {
            "opcache.interned_strings_buffer" = "16";
--- a/modules/shell/zsh.nix
+++ b/modules/shell/zsh.nix
@@ -9,7 +9,7 @@
    zsh = {
      enable = true;
      dotDir = ".config/zsh_nix";
-      enableAutosuggestions = true;             # Auto suggest options and highlights syntact, searches in history for options
+      autosuggestion.enable = true;             # Auto suggest options and highlights syntact, searches in history for options
      syntaxHighlighting.enable = true;
      history.size = 10000;
--- a/modules/wm/kde/default.nix
+++ b/modules/wm/kde/default.nix
@@ -16,9 +16,9 @@
    environment.systemPackages = with pkgs; [
      flatpak
-      rocmPackages.clr.icd
+#      rocmPackages.clr.icd
-      rocmPackages.clr
+#      rocmPackages.clr
-      clinfo
+#      clinfo
      libsForQt5.discover
      maliit-keyboard
    ];
--- a/modules/wm/sway/home.nix
+++ b/modules/wm/sway/home.nix
@@ -18,6 +18,7 @@
  wayland.windowManager.sway = {
     enable = true;
     checkConfig = false;
     config = rec {
        menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --";
        left = "m";
--- a/secrets/keys/nixremote.age
+++ b/secrets/keys/nixremote.age
--- a/secrets/keys/nixservepriv.age
+++ b/secrets/keys/nixservepriv.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -20,7 +20,8 @@ let
  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
  server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
-  dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
+  kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
  dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
  hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
  nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
  jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
@@ -58,6 +59,8 @@ let
  ];
  buildServer = [
      hades
      kabtopci
      dmz
  ];
 in
    {
@@ -78,6 +81,7 @@ in
        "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
        "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
        "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
        "services/acme/opel-online.age".publicKeys = buildServer ++ users;
        "keys/nixremote.age".publicKeys = buildClients ++ users;
        "keys/nixservepriv.age".publicKeys = buildServer ++ users;
    }
--- a/secrets/services/acme/opel-online.age
+++ b/secrets/services/acme/opel-online.age
--- a/secrets/services/coturn/static-auth.age
+++ b/secrets/services/coturn/static-auth.age
--- a/secrets/services/gitea/databasePassword.age
+++ b/secrets/services/gitea/databasePassword.age
--- a/secrets/services/gitea/homerunner-token.age
+++ b/secrets/services/gitea/homerunner-token.age
@@ -1,23 +1,21 @@
 age-encryption.org/v1
-> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0
+-> ssh-ed25519 1fxDZw 0HUT1Iujai7TJCCdN2X80080tfrGaW6Uko+zX1Pabhc
-VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA
+jcpujkInglyeqvUmlA7BTvlAWDLqxwZm19zCitOoXno
 -> ssh-rsa VtjGpQ
-Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz
+L7a5HmNRuZ/tcwSLUOk5Lu6tSkHYr6UFh9eM6KY8frcfQ8RNOuNhUD5xyEwAVGXf
-iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL
+KyLr23tmRj/h3M/EfGCxHIWaxyr6ZhsdAOmgkTvoh2TrjdXjEuzANqBk/uMKslp1
-+NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx
+EI25+MrQjxjBPXjIZLRkl+VF3sBz6lEOz4Vy5YZhG99bXJK66HfWFZSmYoKIvzNb
-KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm
+S/JCizrmgzF6D8It8KCz5hY4jDMT1Qkij4B14DP8fDm7XD81ugCB/hGHkkRxS3P5
-MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop
+J3vGmxPFV6iDFhNlY2BXsZuXecLLzZN31u1Md44aBjjryy2og49IRn7w6UtqHgm6
-Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe
+3Iwl322Si/cCyOmS6BjI7RNxhmuJmz5T9JqsfNahGOLFlEoBfrq5cWc55rjyOGal
-KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo
+cfCsp4I4/3FhtFlULmfPXgUyPQXBvwKLvFzkMrnPeqnKAo3ydNCgR0TIYNOND5xx
-U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb
+mLegC4NLaZGKLg5n6HZXtdbX2EZU3MqLcki8sXjx6n1yDSrpnKABIQ+nhp3SQ7ex
-cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg
+UXB2y2mh6runbC8FD5Wwlhl2EYpalynAMCkLwMMprsS/wkQqxiaCHMzQj6PDDt+k
-RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb
+GpRnfzzYJbqUhcPJH+YGB91v7kxBSWCORAl1fB9nmogznnz2fPHgpO810KPsVYyE
-bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ
+6Yj7eqPacItj1neJ5aFrD89P5fSJKL7w9Q1eoXUIUYY
-> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z
+-> piv-p256 grR75w A/YBwM0ZYXI5Hzg5GRi6sKuBGoqNbvpX4uZoOPuUa2zk
-AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk
+415g/yPYDj7k+K5BOBQyrqLNKEbXbRJqHDZzzYlc//g
-> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM
+-> piv-p256 RQguQQ Akiqc7MtjraJ7l98dNAfc+mKcjq0fC98XuP3lFQezAab
-aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8
+PpASEk/Zr+1CPZ+SibwGISbskcmArmz61W8bYD3JR4Y
--- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps
+--- 5wcfHfcO0ifZvrhm6BlZ2tz5oTN8YUr5GjFqQXnVwC4
-XƒŽR0jÙebMB7v6“‚È¦~
+<EFBFBD>ºÔe÷õ%³4NBÄªWíPµM
 ëª€“8<=
 2iŸ¾Š2ìJð]L×íp
--- a/secrets/services/gitea/mailerPassword.age
+++ b/secrets/services/gitea/mailerPassword.age
--- a/secrets/services/gitea/serverrunner-token.age
+++ b/secrets/services/gitea/serverrunner-token.age
@@ -1,23 +1,21 @@
 age-encryption.org/v1
-> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE
+-> ssh-ed25519 0qfOZA enugxksioeFkWvLRKcDyPrbUEt9LXsASTKOBqKgsnw0
-a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ
+s3WdVVIIXBse+EZO607sqVRRejLgzFwXMdjgLZzdVDA
 -> ssh-rsa VtjGpQ
-Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00
+mTUJr92J0ZSEDFiuEYbMjyEY2bNIErlvqR1BfUsq4qnQxwFbIxDhlKGybiIhrBJb
-P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg
+xm/Pk3TUjkh/KxFWNV3ZuCsLd5mNgvPvvJ+aOnaeXQ1+rRXsPZwgWxpU3ZELND4C
-McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/
+kD5P4F3gmBinYFbm9sJHaYhdh9WKLVhE7fKwT6X4KbPGcTnycBiQsTCyxhLA98bj
-vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl
+ZgWvmMF08YOgoAacgFHgZzA/DXAV5VcsnhFjLOOBHCTfXI+MGcXLRYQWBSIrjQHJ
-0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS
+X0RDr0W4B8LiNQ2iiW2ASYK5olQs93VZio8sRBLrJqHjCNYkBGiSIYwv2UFdOSB7
-SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm
+igcW++FtBz9c7g5JbtU0JRoCCeyID6yG/t6MCm/wOgL/caKlNxUmPsM5bNQwExwW
-q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu
+bmXFYwzx5hM6uG0+8hUvyrbqVGMAgN9SHmnRUy/2WPs6YBVKTHyvGu/oVnify5xZ
-l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO
+7M2kQxwx6nOKT4a70u63DrDbvd3UrwIn/2jukiwY06P+uwps2lVnf+p3B3RrzYsE
-21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX
+He0xPwR56y8lXff5HAEA+S7KqnbIzZ0aAr0TC/COQ8nnT/PTr1cPWr0zB0yYWOJW
-Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz
+QAp63f6JqTDUb5ODje6zrGPPekDAZtkNsdgq6qKoHzM2ZHXxb5NMSbVMpXH0TCty
-ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I
+dBi55sMWfK41c27KziVSHC8buF/0ZtnBF2NFVIqXu0A
-> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r
+-> piv-p256 grR75w A1Qb1JBvzfhB02mUokGs8UZT10vB12RHr8VrS8Rs6nOl
-4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M
+WMXfauWrrswhgnEjSL8r2bIieDJGshHULd0l30iuzOk
-> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI
+-> piv-p256 RQguQQ AkCto6VAvKVFWUPRRp3M0iQtLL6s9yIYUYjpBQecjCml
-KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4
+4LoTQ0Y5j5dyPYFrS+UvPCuJWzZJ5OVQBQWFIZU36ek
--- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ
+--- HdU/eWJvqLOhNdj63ZRmaXfTgi4R0usp3FsbERETe88
-að$ß-“¼|‚h.cr38ÓÉÁéPwú3üÝNhà„†B¬j	!z^<5E>² bÄ8cªâ½m‘sç¤
+µdåhˆælâˆNß;îöý‹VH£'ê-2g/giµIlè–¹Lë¡Ê¢ìAäžI3OÌ»Äòé‡7ìÚ]û™<¬=ûÏ)Ó C@©‰<C2A9>ë{É‹<C389>
 –\Ü3û»ÐÕfòx3|ùNeÍ
 =:³
--- a/secrets/services/matrix/mautrix-signal.age
+++ b/secrets/services/matrix/mautrix-signal.age
--- a/secrets/services/matrix/mautrix-telegram.age
+++ b/secrets/services/matrix/mautrix-telegram.age
--- a/secrets/services/matrix/mautrix-whatsapp.age
+++ b/secrets/services/matrix/mautrix-whatsapp.age
--- a/secrets/services/matrix/signal-registration.age
+++ b/secrets/services/matrix/signal-registration.age
--- a/secrets/services/matrix/synapse.age
+++ b/secrets/services/matrix/synapse.age
--- a/secrets/services/matrix/telegram-registration.age
+++ b/secrets/services/matrix/telegram-registration.age
--- a/secrets/services/matrix/whatsapp-registration.age
+++ b/secrets/services/matrix/whatsapp-registration.age
--- a/secrets/services/nextcloud/adminpassFile.age
+++ b/secrets/services/nextcloud/adminpassFile.age
@@ -1,23 +1,23 @@
 age-encryption.org/v1
-> ssh-ed25519 neExcQ 8cKmhu5xTxTuvVbBhVZM2W2qzRQRVX9BSojcK6YgCys
+-> ssh-ed25519 neExcQ En4r80Zjlg1ClqZgn6ZrB2P1QFl+DFp9gf6KWEIJdkc
-kwfUlvEPLVbaq/rjQAu4s2NhGbxFfdEeLyU1eUH2gF0
+Y+w3sTwCu456QP4kwfiA2hWAiCeh90FmMTXyIrdMHFQ
-> ssh-ed25519 WiIaQQ TvRNnifxg4OPDvwvuUIdJgwrpj8KegqfjVEB/in9UEw
+-> ssh-ed25519 WiIaQQ QLCHeNwzAGGXAB3kkjQAUchnUu4pon8js9gwlEcSC0Q
-U0iqVaHbZS/SvCH4UAzjJQ9nPiHv779v6s5PwjTxf5k
+htCKqKAdOzZHAHe1hssvD0MTmthMpRB8hNx+I6M+gfk
 -> ssh-rsa VtjGpQ
-QZHM+/KssZmfX436QJGBGbhlx36oxCg4jgdbRwa/acI2s6ppawdnFzyWZBhv/Xzk
+eZ0KT3qWmlANpmjWboJca4T3CAPNSl0QFK0thKZArL6MIr9Yn/a+Wvr81SlYhc8k
-wYcT9c2ciuy/aEx6uX7fSAiKQbfq0d9KEp+d2xwlpL02656hJ3Jya3U4RApvEFeC
+ftnYOSTTq6XsRDxQ6DrN66+x1/zJSOBygw3/2IEjDyarMacV3YiiNaGMQC7OUmma
-lNjyWgLKuyxYeC20f3/NMg2AnickMicbw4WCzG+HWnVCnxDe2JW+ZbXPsoBg9IbW
+SCwXdmw5PAwWqcyzBzb9rlZLdTjYmqVEaSC0ReaVF3qQOnFmVvSaLDOZwYcvl2qK
-BO05nRKB0jonuA5NDvHZ+a/1xf/4qarj9vmwnsoK7jU6TGK2r+iPHuppC/LTgofm
+xhfIrWhp/csvMm7/fU2WOqVNkkx/7zn0qAT8crKhdx2SC52LmOjpa5heARfkpD2+
-2kXKDP/gpRpIblHr2QukoGeWmXPGeF5PXXCPC5eor1jAhwrBTBY1hL29mhb6mK5M
+rvbzMmDkDAbQk2MEtRyxUhi0kYY791dLMn9Wv9S3Hsv3+wZB5YtLUeFrsGl+4koS
-qvX5wvayHgIHvX73fn2oexepc3QXjazCKSdVSykj/s0N0//0fbtYJe8qIbgfeNen
+7SMeAOIhBn+TLX9w8M2ydPnD1Jp0PRWndpxZoqOCOnp393Avv31Q+ohF4V5JghwR
-Lvn9DgsDvQfC83Iikh3r3V4RtmHiD12gA3qxc3tZSQLftbedTbylGnMmCZr2c9w0
+PHK6sJiczVsaZeeHLY6TC35unVtmPMHmIjbVwG6amPCXNzuw8eF4SpZnDPI0ifMr
-4396ZfUfjXk2Px/XCiy6WBghW62QQ4Q6fGYWBViL1OWCoudNNRCfD72E3jdfj2l2
+uw3nNr02rPQC0lPEdltBXgRj5EiR8OymeS/FFJ4sCpx5G3ZjS0SakbK6F0Y+dcQz
-cScM+huEDU58dxpHM/6yLT+97Tta7JDpgz2ueMUfKFCUnopKNKBPoaZfFzvi+nCw
+QLprpFm5w4EwnuinzwpK+WQRikowuLaF2gP3Nt3rT2bcoGYV1XjehJaTTm037YGW
-vRHVdt5CpN4oJc+mokWCGNt4fK5nyvyO6nDe9cHel91sfS2nCiukf8IKmEDlZQGd
+0Gv7N54wt1tI0AZWCQU+hFrNennzpJHeMwZ4qjiEbrd1mO7YPoJaNvIcMbQfnxMK
-jEMLZjAkuEHwa8Powxi14egunANQPgLSM5EuStDmhlU
+WQUWd6N2x+wlcoG5CoOOlFp6W3oaiKuEZxDrRAQ/RO4
-> piv-p256 grR75w A2nunTE+4FmZOKWQhinSlizVprH0lX81NKsVEDijzDQK
+-> piv-p256 grR75w AqMFmmDlrvEGlcUU78ik0tBPIvPv0HqZHAGEo7hEDhQZ
-8+Rdpp1JCxbbxeTVl0WGpQHDlqb5e22zLbBkwBPDYkc
+3ag//Rv9l3XG3fUkjEnZeIJbwrfv7jUacclhx3d3KrM
-> piv-p256 RQguQQ Ar8nU9oNd+TEfTsdIM4ka/J4IArbeQKfn2W93TYOkajJ
+-> piv-p256 RQguQQ A8lVXDBZqjbRPeCzfKm+UGEBzd1e+NIlHgWsfBTir3v1
-5YnDAocS0lDBrO/M6sNWyn/Vxa1qLiudf2Via9UOUW4
+Wc/PFCooD9is8CNwADtiEZYsn4A+qks5mBnPi/x6jKM
--- yDdPOHLA10Rxzl+kEyCUx/lmLZaVWucWY1Sj9rdo4hU
+--- MOjlIMMtopwq0writNAt2sTH+xO5erY9Y0+oV1DZLt8
-Bÿ—ós”dGÈÿ´m`ÄÎ),NU@þˆ³a˜Pv(½®rMôû
+憫阘朻留6すW民妨堫溅戱)頴鏡隑\鲳>德bj机<05>
--- a/secrets/services/nextcloud/dbpassFile.age
+++ b/secrets/services/nextcloud/dbpassFile.age
@@ -1,23 +1,24 @@
 age-encryption.org/v1
-> ssh-ed25519 neExcQ VfWt68buOl2UetDKcQWuWRSOeJi4HhQxiZVI4lIfcUU
+-> ssh-ed25519 neExcQ UMc/GuY30kFauSyPWxxYDNXT34thxHxaxKkPAorjdlo
-GTWI83cLyP2Kjd6twRpaWpBq+U/BYcfDJeljQ1CZ1bw
+CTYKrDC5rIHYmF3jo+0YBua+Nbqj4EAG7GvgA4Sf6so
-> ssh-ed25519 WiIaQQ nqwbWtevakrHk3sODtw7l40klSb4cIyi4uSsnpcS8QI
+-> ssh-ed25519 WiIaQQ OmuyNeMkttBmrX0/r0uXB8ztD0IVVgT6x9s3j6ae01g
-PxfriZ8CdPhPTNtjQL3lsyjfjkpBsnmJc0TRNM1pyHM
+PjkPRMbGvliVSygR2/wuy/gIeWODXJ2CXioIF0khDZU
 -> ssh-rsa VtjGpQ
-QRSdhHdAcGlw2c1hxGNmtAp5tPcjQ7CI+v9JkOyOH9W9KF3uOfshrpkz/psFPd+s
+YIAz7QEZ4LNTmvAS50LgoFfXbr/6OVV1WH31AGSd53oVSmv+Q+yFrdv8tPORv83P
-6eqQDAwEAgla4pO6FHj/H2PK9KDHY3j2e8BZyvJ8ZsefUsSAYJ92hcD3fdISL+kc
+0+UxaiRMSrhvK82BMzISCSxVkd+LQUXI9C94Nc/ojxX93l0qneBwN8+UZ6AO3Seh
-+FMx4Dlm9LSeGGqElbPotyU69t2O/WLF01HqLDVgHrlyTzWvQMhvATA5Yzcj1Izb
+qGoh3Kz6J58DmOr4EbX+wM3b/2uuu1AlVO5kKc1bnPYEL1iTB+xkawfARUqa7zzr
-0AlA7IOE174E448/Ovo5a2T+DF0w2vLEPruH90Kvs2lui+i8yC3StgBwB6flmSfc
+fDhjksQUj0aHyRnla6c1olq9FO9oac+GuuALKpiVTK+rKo91cxhzrMdsWB3y3ZFp
-dSR5qO0XCZ8gK/kkdsz2iZonsBCbEugQayN+EoE8vop6YlPW36EtO8IJnVnKmVEX
+BT1u4Abow8hsNc9OEktRr+EIScng7WQJ0eLQ9L3YheEwQJ/yLcZ7o48j0ABFpVIr
-vy/Rj3dubm5Wsp2hAyeXSXx3ity5fdSJ3TVY7TiPLPlt1yik3Wggtv0DlgZK0AML
+VoQOwmYCah2tsVvime3je0Q5e5gIsuHXAKWBlXsLk7ypFt+bpGyybBKSc9HJkpiG
-x1OJbrZRrzDZKYzxXw69+lOiV5XfVUfk9PXC+IAj3xf/dEz93b6Pief+PbOQg+tz
+4Dx+0cOjdSOQMLBIziIJg/gRDEFTRPIfNOupHn4s4n7JT4W3qK4/3ZenEONYe+m5
-INDWkL67/Yx6rEf41iLCsQananBV16IeM2SndRyrmT/1OCcLUR/8xqBHfOg/K0kp
+39FtKlol1Cae2J7a3O+Nen7uctaEPMQ5IszF8ACKyOYtKKra5dNxF0TwWwnVZl1T
-lHL7D7/neqRh2E8KOEciHgWFqWT/tV5XpyZVvA8OiYLoVbmLG55q4pexrDfQ9OgT
+5noGRCCO/JTuwfs9pioNUTSPU9lZPqbnI55DiZzukH8g/0SsIOri+8iw7XAVgdel
-ZDIL94VjiBDH5BmPfxLhRZP/58EhLSDH3WziIWnv6Y2Y1bAl5qiRU4tEV0RCHqyJ
+gNbY2d1mSTjjQ/Mx63U40fgC7YKqYRGY1VeKCEvVTnP+Ue0qLTHmiRflxLv9ZwLZ
-xEeLcqI5uFwDmmt881zlyAb38oQCGq/YRXhGygwwn18
+AlQQXxLmBl1PZiXCJMitppcVx11e04fevz31c1XBa58
-> piv-p256 grR75w Ayt9mI1/BJg96jlkLVjf7xhDoklNuoFe3ZeKLYzFqDPO
+-> piv-p256 grR75w A72KoqK+771SubG5cSFdavf38YqrlbKdr+wHcM1q+EjF
-S3vFS+S4ZVC2O00P5u5GKaLtbabBPUCuuFNFFxcmmUw
+5AzV1VNLpqVuyOu805GK35+ysaHuq2vrKRU7K9YeTUU
-> piv-p256 RQguQQ AqsDGN35gXkyWaKSRVATyt1Ap5gzLKiAx+UHwhVXdhhG
+-> piv-p256 RQguQQ A8llvet0yt0L+Alp9vauictZ5J8d8xrMUnJC4D2NEbqq
-YUqypxYBQ2RYbnMclNa8PSLV6atbVRCho4wHUCZegkU
+X2B0Qyb1A+d1K5h0fgasyKiGJeM60eYfgwKuNBi2wWw
--- Bay62OwVx/Q8Nf5MHRu7VOWzwh1LtkWbxQytL16Y5Zg
+--- rqgiOhrzshOYM+kjspQnZ1bIDMVE6fsVI5W8+LvvlyE
-Én(/GZvÞÑ ç!ï¦¾™¡<E284A2>fs×à–#…¯Âv5”K_àètûk‰ë³s7PÈÚèßÂÉk
+]~–G<E28093>y<EFBFBD>šN!¾¨´éèºÂã`cv½¬nð.<2E>Á£¡¬*C
 tÄå<>
--- a/secrets/services/nextcloud/onlyofficedb.age
+++ b/secrets/services/nextcloud/onlyofficedb.age
@@ -1,24 +1,23 @@
 age-encryption.org/v1
-> ssh-ed25519 neExcQ XvGpJsiChcxBbL7c5CK2mUvdFHV5ypmx5tpWVfwuESg
+-> ssh-ed25519 neExcQ syhT5cOvQjaovEzuwtp72bIoWxOzgVCYJPJ5c7NlOCs
-1WI2nm5/oPtCqXD0N2WStDOh91UT7IIS4/vFwWL6UA8
+eHgYoVUbbNL3Mag3T+d/+55CEPtkUo8Rjn5TOOC52hg
-> ssh-ed25519 WiIaQQ SLJfhzdJpYzzzqFqrR67GrAuTWFJYfX10iidobo5xxs
+-> ssh-ed25519 WiIaQQ PvORdbqvGQY1+P7hWyEdxJfWGDBgpRzn94IRQ0BqXmQ
-KF+r/AOKKLHqSf1h5AOJd/3IZTKm442ejUnWVhk04/o
+90E0HvRPdOQMrNFSBXribQegGBL/55agX6vq/RvLSXY
 -> ssh-rsa VtjGpQ
-AKdJLoXUUX82mhV84R8noG1qLnD/uvArV0gsYxJuS0hTnkZOyxV1XgqgH6UrgaUw
+LPybYGkzAp6tYx0irERxyenucSAsPW69TUEPy2CMsGlEgjOTvjPG+Vbvg+Y2+jVC
-G6Q7aYbiNYMA4+6rhyWOnH8I5QRcCVEK5y8jtiyTEU3QaPAXVhEq1NpfzrsyHd7w
+mnE25fuz81hsfpXKbvzwY9/7EqTlZUd9oKFkHg6Qvza9hP9erue/nPNCpFwXcEE5
-CB8mfSSAG9jE1owvuuubxEqx4YKu1oH9kh37GIeKmJlz67qJGqT6BnRMMxpU46xA
+tU4SeLt2l8TsgS3x0Z2x6TkLby1kO/cKYo/F5s+SFYl4XsAXTxRckvGt6rkGZbYD
-C0+c/3CURj4N4fFtxWNVpxb8v4tUYRmA1Jq/FnqqdAqFIyw466eQVglT8YDQJvHs
+v+PXhpBHstImS73gFPnooMpvVE2ECpF+c7SCOzjnvREP3Cl39WX66FpJSlOGg42R
-ufyR7Gnbk94qvXXg5G878eviQL2T+c/xEtVEyLeHs017dNq5FxeBBzEMwqAKshCh
+7YlO1STJ39PE5A/uF6QsnXb3ZXIxG6Xq6fZysjsBF5I5AAumswGXx2d4AthRmrJ2
-OtH4AJt+U0Rzq0JTIpRH/0V1exK1PM/9DL1KBQPAlfUBb9iYwKsQo6LieXS+Qowo
+CDgHZvIeaCFnYT5QamzTOoi0RlvS1jzazHsETI53+tDPkm2STWCVnqUJNvjxCqSK
-qMTPD3xSfOD6uzmKhXCdWKZWZT6S2hwHjeXzXjYjkhErjbwjj5c2v4UpXpwdVlNN
+iBeAwJ0qzLZAy0RhaCh4Y7G6iKohMRJffFSGURT06Q80G/bck7lSeXdENe/OHayE
-zocqPxVGCplFuiME0vLsuztiWtei2yH9ZgFKxNS/kxm8GfhyelAnAQng3r25YYwZ
+sqgEuOEfo4StcGm37ng8tXvbliBGwS387DNhIceBgtBSSdMcv9RgtS49ZwGW9vFM
-nLgGP0bcADAgwgXGTFxlyY2qoM9MKgnbjhtfwImLlF+WbC+IOUwBDklSgq830MKO
+cE9Uo0bq90O9aetlsVDezr8+eB+CPVYKlLf4aeCZsvXp2M+BSeg1S0HXJXtV91/B
-ZQVccNwuZoO+jivXpfGM4XApK7pUXlz/0nc8jRE7u2zXpXLqv+fLXxgTXFYlrogT
+nMW9oVKY78ZlyNVfcVqI232aew31gL2x+0fogGR2f35Ifj1DRX16VsKrntqtz+bY
-66dmjeUBrB/kMS2IP52ZdpdO3eGY1a75H5W+DtMeAOU
+EQNjnD9V+FBervR0Ktd2Z8MWerLSFDpgCkai7J9FnJo
-> piv-p256 grR75w A4Gic6auHqevWiBh3WizXvYxjX6e6JToxNBXEMM5SZxL
+-> piv-p256 grR75w A0qVHsKtbCez6OnEWxxPl3rnNAt+K7Pm59l9x+3eD+NX
-0epbF/vqJyp3Cn4Hr3ay751J1I089Hxus1vn8jgCa8g
+22mZm4Nh5shFCMnOg53b6MmtgRodBoQ9vWKq/syaBZw
-> piv-p256 RQguQQ A12b6QQk3G0/ksYw0D0Rfx0DKMYK5Lnfi2q2tdtMoEfr
+-> piv-p256 RQguQQ AwarzhuRha8S+NAbX60sEcqy+UVI0r3bH96ZjEUX0q1Z
-zqAf5KbFsPpemu2I9YaBNipQsiz2Lo3JbuxZ1gMNQl4
+8lV1GXuYBr5KAAv0/e3rE9S2GIY9dTh6eNgKZ+2ML78
--- a92cT7ctHL8S0/tTCY/rkfy94THEcoaIEPL3vLrW9Z8
+--- R1CnHKU/ARtD8dNqspcDwaOPXdtjgbgpuWRwOJa4swg
-ú
+€BÐ=@ ŠA.)²õßD]hÄ·Õx!Ô¦š1ðÎZãp~ÜE|¢…†¹¢Úû—Ù8
 u+	Tò®:¦MëäÏµOã+tôX'§r…ï
--- a/secrets/services/nextcloud/onlyofficejwt.age
+++ b/secrets/services/nextcloud/onlyofficejwt.age
@@ -1,23 +1,24 @@
 age-encryption.org/v1
-> ssh-ed25519 neExcQ 39vMfysEahyydxnqENrwNOZi9yWpZSIWsNQxkMFBQik
+-> ssh-ed25519 neExcQ PzqM1FMh0onFfVSTQq8GW0xmctrZQtnZzdofvCbYvQM
-bvJK5Gya20UhZ/dWKHAQZ7CPa7v/pISwB90WJejYA5k
+ilNa/YO8rfztqW51dguTMSkkFITGPiFtrollMqjqxAU
-> ssh-ed25519 WiIaQQ KZ6RU6kDjHVfy5YwlmjQhH6YBVkJqrRonUl02iYA2m0
+-> ssh-ed25519 WiIaQQ moFaxjs1DieJuu9tUeT6zpkbI1zTyKvDo8DiaqvHY0s
-GGsCI2D1tN4lGpsHJph6pq9N8UYdG2mfIY3U9urTR08
+YMeeYW+E50SEuCBr0ggsbZSMGIrbK0FGe8VmZBKs76s
 -> ssh-rsa VtjGpQ
-a0oXJCsFZdtpHuZIASZUp5C96ZP1QU1I3RSpIe59hnnpGLbXZE2qntXBfQ9ojkBW
+EVsNggfyDRuslqwmv/gImlGV9mdSUgqNxaxQqQGGIeOJ0YyJHcWZByczJwsc6xxj
-bgNdxvAcWLaYAiCbe6Bo3S9+Q2svJQlEqIZ59o2H9jh+swSoLfWgi0Blo/56B0GQ
+nXMCyj5BpzHmCcTnRG4EiPe5ZzAtp85AkgphiSSzZUyxcoYQdDJvOYShwjO2zIIf
-UrltI0ftMhM20TaszHwmVhvo3yODcZpNhjAMNVkQuAov9BSQdgGRgivBnt1FfYYI
+cvy2eNi2KnwGozylu0C2e4wUjvXV401Y5/c4qnYDiFID/Xb9uHHdOw11CKd7LNA
-f6nqfrE5JVoemk72Ip4jQFVWylK7drEU9W2WlwOsF9zkHOJxdNWiaaHpmnsgOEzA
+fJhhX4Vo0HA1IiiDnDtDDLi6HiLxz5tYHUiwpGswi+PVnjkyWUQCZy/xHF0PmuhI
-BIdVqYZTtRElqDKM3j4SdE7hL6i4fIb4QAsfX5XI09eUDQLSRGF2o3lqQ4FVx+hb
+Z+v9CVrz1lwJL68n1roTCkIuqw/rK9rAdiGcG6/Vs1ZNHtDH3OEOQqt7kQ/NcvnI
-YE31vr6yQEObTCbrf7zmKIK5UwgQbMf8+WbCxDdxF7FqTKrg7jVhPtu+n6UsJlzv
+OCfl6+x5NH5jOfvMgCzvZ0gAOfNLIp5ucmKd2mBqjvH88uYXunbS3thElDk9JpPA
-CXsJkKYZwyESZ5oNjCyqYkkkQP0JChl886OPFY507/Xn3gl3qj/Sh7FZyUuLZ92X
+Et0/ul7NH1qpOf2M8WmTw2bGbSu4WOTyyje+onLMUBuP1VhgvKBBEAWLUiDLFYUg
-aTHCJ5AHGwQKFnVO1YLXWDcn0F3NIq90YHJ1NsxNvNXZJmcCyBTMtDJGq3q/6Xqz
+qfKYWUtYBtsVyWyNZ0SsyASE/erTmHrG3rsDF6zigaVkR5eLp08Ihtd082e+2rej
-qXpVoT/9XHHStrKYvi2lut/PFMC6nciixmiNaVbE5Aok5eNhG8wUTsUVRIr8+O/i
+eBZIvVpxqYx2qLeUZQ7WbGxSzMr/8gupGoSz02xijU1RoLHpkkWg1L6jQ6Kn1CV1
-07aQBeg7RJ7lW6oQ4/kdfufQbQHuQNchQzkdvQf3azXCXBTJ/+Z6uQuVg32MVsjq
+NnIVDAcainxqONWb/Lie8slyHA0JlQ/OwuxTmEpnWCkntpcjfI+7jRGMOkafizZw
-fRO2BtrWjsAVThpeVAdfQb2b43wmL9HBhivqYaBK1gI
+h6AJ93Zzaf+DgdRDrDI/hJLv8+KFu3b7MAi5igBnREk
-> piv-p256 grR75w A9sg2H7x+75AK9ErkbqMkC06KEDy2Q34seCXCGUguz6H
+-> piv-p256 grR75w Ah9G0uCSRD274KZuWP5BTXXXnG3kHqscqzxfdQHvjdf2
-1TchlkXOzymAT+eDr4bpwugeLQ7gAKRvdYC2xcd9DL8
+GFVKRjelHN91KJ2D0k4VIaCFdYMvld7WftnoQzlLxTY
-> piv-p256 RQguQQ A364N/An/SMqBAp0yrLB0/osdlmz/MgZFG4RB6Os2fLX
+-> piv-p256 RQguQQ AzTeCht0CzL9Ri6iNYQ7YnCBMz6cdzIDF4RWfWOGyrIE
-V4qtGLbpJrTTFWCfTMcWpuVUiLflDdxXkMqPOtG1R/k
+L5zwoQXxBhYWANjvIEr8lWZn2h7VLrtwq1x2X8oSitg
--- O4Xqa0RavBa09l9txN/oIQjAeZIYsur2UsxaSRmhAdE
+--- dKa6XX5q0nhCjTaNRCLuKYogM7roKgNNe7l5oQl2VnM
-«à´<>`˜Ñò°DkÚÊ/9¤ÊÀo Qz–#fINª¶J<C2B6>ú3•KoÚµ@§>·Zzê²Ip•ÃÚhäû
+é=w×<07>ä˜HÜ‹(š²¹»FÇìÇ¼A'»¦§
 U‘ÃyO
--- a/secrets/services/postgresql/initScript.age
+++ b/secrets/services/postgresql/initScript.age
Author	SHA1	Message	Date
Kabbone	2cab296188	hosts: kabtop: remove hardware module	2024-06-11 17:56:04 +02:00
Kabbone	9751a6bf52	secrets: rekey	2024-06-11 17:55:44 +02:00
Kabbone	5c7d579c44	hosts: kabtopci: fix path and add mount script	2024-06-11 17:14:24 +02:00
Kabbone	998c9aa54d	hosts: small fixes on kabtopci prototype	2024-06-09 15:40:51 +02:00
Kabbone	8c59339b50	hosts: small fixes on kabtopci prototype	2024-06-09 15:17:55 +02:00
Kabbone	8617ddbd3a	hosts: add kabtopci prototype	2024-06-09 11:01:05 +02:00
Kabbone	b4c7b1762b	hydra: fix jobs	2024-06-08 19:32:33 +02:00
Kabbone	a119ae47f0	server: services: nextcloud add maintenance window	2024-06-08 16:04:00 +02:00
Kabbone	60118fc7f7	server: services: update mautrix-signal	2024-06-08 15:47:37 +02:00
Kabbone	64a5c3e34f	server: services: update mautrix-signal	2024-06-08 15:43:47 +02:00
Kabbone	a5886eb6d0	server: services: nextcloud: rework for new structure	2024-06-08 14:48:57 +02:00
Kabbone	ca8c0c8a17	services: hydra: add allowed uris	2024-06-08 14:47:20 +02:00
Kabbone	1d4a80ff86	hosts: laptop: hardware: intel-cpu already imports gpu	2024-06-08 14:30:43 +02:00
Kabbone	e32635ebb7	flake update	2024-06-08 14:07:29 +02:00
Kabbone	964379114f	hosts: correct avahi	2024-06-04 21:11:04 +02:00
Kabbone	6b5f86c9ab	dmz: services: nginx: add recommendedSettings and fix Hydra	2024-06-04 21:06:44 +02:00
Kabbone	d7c142e2ab	apps: alacritty: remove offset	2024-06-04 19:42:43 +02:00
Kabbone	90201b355c	hydra: add desktop job	2024-06-04 19:01:29 +02:00
Kabbone	2ee496c5e9	hydra: add desktop job	2024-06-03 21:35:31 +02:00
Kabbone	a901a661f9	services: hydraCache: add substituter and remove rocm from steamdeck	2024-06-03 21:29:23 +02:00
Kabbone	3500f3d3a8	flake update with code adjustments	2024-06-03 20:24:22 +02:00
Kabbone	7fe7eeabf9	apps: desktop: add orca-slicer	2024-06-03 18:31:33 +02:00
Kabbone	b952606f1f	flake remove nixvim and update to 24.05	2024-06-03 18:31:00 +02:00
Kabbone	2e7b1499cb	services: hydraCache: typo	2024-06-02 21:32:33 +02:00
Kabbone	8b07092084	services: hydraCache: update address	2024-06-02 21:30:27 +02:00
Kabbone	c8b76b289a	hosts: dmz: acme: use quad9	2024-06-02 18:36:56 +02:00
Kabbone	54aeb48839	hosts: dmz: acme: increase propagation timeout, use wildcard	2024-06-02 12:27:03 +02:00
Kabbone	5824207566	hosts: dmz: acme: increase propagation timeout	2024-05-31 21:40:26 +02:00
Kabbone	9d795ae38e	hosts: dmz: nix-serve: add reverse proxy	2024-05-31 20:56:09 +02:00
Kabbone	2b30c68a54	hosts: dmz: nix-serve: add reverse proxy	2024-05-31 20:42:16 +02:00
Kabbone	cb7412e749	hosts: dmz: acme: set timeouts	2024-05-31 20:02:54 +02:00
Kabbone	e8f6f4e96f	services: hydra: fix reverse proxy and firewall	2024-05-31 19:46:43 +02:00
Kabbone	40fdd49224	services: hydra: create acme and reverse proxy -- fix api	2024-05-31 18:31:12 +02:00
Kabbone	b1cf3d2399	services: hydra: create acme and reverse proxy -- fix path and api	2024-05-31 18:27:51 +02:00
Kabbone	01091ff377	services: hydra: create acme and reverse proxy	2024-05-31 18:07:39 +02:00
Kabbone	b20dc93d47	hosts: desktops: disable auto upgrade	2024-05-29 10:01:06 +02:00
Kabbone	fa914bce1d	test hydra jobs test hydra jobs test hydra jobs test hydra jobs test hydra jobs hydra add signing key flake restructure secrets: rekey secrets: rekey hydra fix key path hydra fix key path services: hydra: typo in nix.conf	2024-05-29 09:58:44 +02:00
Kabbone	9f9d8e3a3b	flake update	2024-05-26 09:30:09 +02:00
Kabbone	e02e66a4bb	hosts: steamdeck: add hydraCache	2024-05-26 09:14:01 +02:00