use ghidra-bin cause debugger works

comment out gtk config
flake update
2025-02-04 10:11:36 -05:00 · 2025-02-02 16:09:55 -05:00 · 2025-02-02 15:26:01 -05:00 · 2025-02-02 15:25:04 -05:00 · 2025-02-02 10:52:53 -05:00 · 2025-02-01 23:40:16 -05:00
75 changed files with 3161 additions and 877 deletions
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@ -0,0 +1,126 @@
 name: build and cache machines and homes
 on:
  workflow_dispatch:
  push:
  pull_request:
 jobs:
  build-machines:
    strategy:
      matrix:
        machine:
          - chunk
          - ytnix
          - titan
        os:
          - ubuntu-latest
    runs-on: ${{ matrix.os }}
    continue-on-error: true
    steps:
      - name: Maximize build disk space
        uses: easimon/maximize-build-space@v10
        with:
          overprovision-lvm: true
          swap-size-mb: 1024
          remove-dotnet: 'true'
          remove-android: 'true'
          remove-haskell: 'true'
          remove-codeql: 'true'
          remove-docker-images: 'true'
          build-mount-path: /nix
      - name: Install Nix
        uses: cachix/install-nix-action@v30
        with:
          install_url: https://releases.nixos.org/nix/nix-2.25.4/install
          extra_nix_config: 'accept-flake-config = true'
      - name: Sync repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - uses: cachix/cachix-action@v14
        with:
          name: cything
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
          useDaemon: false
          installCommand: nix profile install nixpkgs#cachix
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ vars.ATTIC_ENDPOINT }}
          cache: ${{ vars.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Restore and cache Nix store
        uses: nix-community/cache-nix-action@v5.1.0
        with:
          # restore and save a cache using this key
          primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
          # if there's no cache hit, restore a cache by this prefix
          restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}-
          # do purge caches
          purge: true
          # purge all versions of the cache
          purge-prefixes: nix-${{ runner.os }}-
          # created more than this number of seconds ago relative to the start of the `Post Restore` phase
          purge-last-accessed: 86400
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
          # always save the cache
          save-always: true
      - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
  build-homes:
    strategy:
      matrix:
        home:
          - yt@ytnix
          - yt@chunk
        os:
          - ubuntu-latest
          # - macos-latest
    runs-on: ${{ matrix.os }}
    continue-on-error: true
    steps:
      - name: Maximize build disk space
        uses: easimon/maximize-build-space@v10
        with:
          overprovision-lvm: true
          swap-size-mb: 1024
          remove-dotnet: 'true'
          remove-android: 'true'
          remove-haskell: 'true'
          remove-codeql: 'true'
          remove-docker-images: 'true'
          build-mount-path: /nix
      - uses: nixbuild/nix-quick-install-action@master
      - name: Sync repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - uses: cachix/cachix-action@v14
        with:
          name: cything
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
          useDaemon: false
          installCommand: nix profile install nixpkgs#cachix
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ vars.ATTIC_ENDPOINT }}
          cache: ${{ vars.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Restore and cache Nix store
        uses: nix-community/cache-nix-action@v5.1.0
        with:
          # restore and save a cache using this key
          primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
          # if there's no cache hit, restore a cache by this prefix
          restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}-
          # do purge caches
          purge: true
          # purge all versions of the cache
          purge-prefixes: nix-${{ runner.os }}-
          # created more than this number of seconds ago relative to the start of the `Post Restore` phase
          purge-last-accessed: 86400
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
          # always save the cache
          save-always: true
      - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@ -0,0 +1,59 @@
 name: build and cache packages
 on:
  workflow_dispatch:
    inputs:
      package:
        description: "package to build"
        required: false
        type: string
 jobs:
  build-packages:
    strategy:
      matrix:
        package:
          - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr
          - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact
          - ${{ inputs.package }}
        os:
          - ubuntu-latest
          - macos-latest
          - ubuntu-24.04-arm
    runs-on: ${{ matrix.os }}
    continue-on-error: true
    steps:
      - name: Install Nix
        uses: cachix/install-nix-action@v30
      - name: Sync repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - uses: cachix/cachix-action@v14
        with:
          name: cything
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
          useDaemon: false
          installCommand: nix profile install nixpkgs#cachix
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ vars.ATTIC_ENDPOINT }}
          cache: ${{ vars.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Restore and cache Nix store
        uses: nix-community/cache-nix-action@v5.1.0
        with:
          # restore and save a cache using this key
          primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
          # if there's no cache hit, restore a cache by this prefix
          restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}-
          # do purge caches
          purge: true
          # purge all versions of the cache
          purge-prefixes: nix-${{ runner.os }}-
          # created more than this number of seconds ago relative to the start of the `Post Restore` phase
          purge-last-accessed: 86400
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never
          # always save the cache
          save-always: true
      - run: nix build -L ${{ matrix.package }}
--- a/.sops.yaml
+++ b/.sops.yaml
@ -93,3 +93,23 @@ creation_rules:
      - age:
          - *yt
          - *cy
  - path_regex: secrets/services/attic.yaml
    key_groups:
      - age:
          - *chunk
          - *cy
  - path_regex: secrets/services/garage.yaml
    key_groups:
      - age:
          - *chunk
          - *cy
  - path_regex: secrets/services/tailscale.yaml
    key_groups:
      - age:
          - *chunk
          - *cy
  - path_regex: secrets/yt/(.*).yaml$
    key_groups:
      - age:
          - *yt
          - *cy
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2024 Cy Pokhrel
+Copyright (c) 2025 Cy
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -2,8 +2,7 @@
  description = "cy's flake";
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -12,19 +11,103 @@
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    treefmt.url = "github:numtide/treefmt-nix";
+    treefmt = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/latest";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.4.1";
+      url = "github:nix-community/lanzaboote/master";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.crane.follows = "crane";
      inputs.flake-compat.follows = "flake-compat";
      inputs.flake-parts.follows = "flake-parts";
      inputs.rust-overlay.follows = "rust-overlay";
    };
    nixvim = {
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-parts.follows = "flake-parts";
      inputs.flake-compat.follows = "flake-compat";
      inputs.home-manager.follows = "home-manager";
      inputs.treefmt-nix.follows = "treefmt";
    };
    flake-parts = {
      url = "github:hercules-ci/flake-parts";
      inputs.nixpkgs-lib.follows = "nixpkgs";
    };
    niri = {
      url = "github:sodiboo/niri-flake";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.nixpkgs-stable.follows = "nixpkgs";
    };
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    impermanence.url = "github:nix-community/impermanence";
+    conduwuit = {
      url = "github:girlbossceo/conduwuit";
      inputs = {
        nixpkgs.follows = "nixpkgs";
        crane.follows = "crane";
        flake-compat.follows = "flake-compat";
        flake-utils.follows = "flake-utils";
      };
    };
    lix-module = {
      url = "git+https://git.lix.systems/lix-project/nixos-module";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
      inputs.lix.follows = "lix";
    };
    lix = {
      url = "git+https://git.lix.systems/lix-project/lix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-compat.follows = "flake-compat";
    };
    nix-ld = {
      url = "github:nix-community/nix-ld";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    plasma-manager = {
      url = "github:nix-community/plasma-manager";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
-    nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
+    nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR
-    nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
+
    nvim-github-theme = {
      url = "github:projekt0n/github-nvim-theme";
      flake = false;
    };
    # deduplication
    flake-utils.url = "github:numtide/flake-utils";
    crane.url = "github:ipetkov/crane";
    flake-compat.url = "github:edolstra/flake-compat";
  };
  nixConfig = {
    extra-substituters = [
      "https://cache.cything.io/central"
      "https://niri.cachix.org"
      "https://nix-community.cachix.org"
      "https://cache.garnix.io"
      "https://cything.cachix.org"
      "https://aseipp-nix-cache.global.ssl.fastly.net"
    ];
    extra-trusted-public-keys = [
      "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
      "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
      "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
    ];
    builders-use-substitutes = true;
  };
  outputs =
@ -32,132 +115,137 @@
      self,
      nixpkgs,
      home-manager,
      treefmt,
      disko,
      flake-parts,
      ...
    }@inputs:
-    let
+    flake-parts.lib.mkFlake { inherit inputs; } (
-      lib = nixpkgs.lib;
+      { ... }:
-      inherit (self) outputs;
+      {
        imports = [
          inputs.treefmt.flakeModule
        ];
        debug = true;
        systems = [
          "x86_64-linux"
        ];
        perSystem =
          {
            inputs',
            ...
          }:
          {
            treefmt = {
              projectRootFile = "flake.nix";
              programs.nixfmt.enable = true;
              programs.stylua.enable = true;
              programs.yamlfmt.enable = true;
              programs.typos.enable = true;
              programs.shellcheck.enable = true;
-      systems = [ "x86_64-linux" ];
+              settings.global.excludes = [
-      forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
+                "secrets/*"
-
+                "**/*.png" # tries to format a png file
-      overridePkgsFromFlake =
+              ];
-        pkgs: flake: pkgNames:
+            };
        let
          pkgs' = import flake { inherit (pkgs) system config; };
          pkgNames' = builtins.map (lib.splitString ".") pkgNames;
          pkgVals = builtins.map (
            path:
            let
              package = lib.getAttrFromPath path pkgs';
            in
            lib.setAttrByPath path package
          ) pkgNames';
        in
        lib.foldl' lib.recursiveUpdate { } pkgVals;
      overlayPkgsFromFlake =
        flake: pkgNames: _final: prev:
        overridePkgsFromFlake prev flake pkgNames;
      overlays = [
        (overlayPkgsFromFlake inputs.nixpkgs-stable [
          "prometheus" # fails to build on unstable
        ])
      ];
      pkgsFor = lib.genAttrs systems (
        system:
        import nixpkgs {
          inherit system overlays;
          config = {
            allowUnfree = true;
          };
        }
      );
-      treefmtEval = forEachSystem (
+        flake =
-        pkgs:
+          let
-        treefmt.lib.evalModule pkgs {
+            pkgs = import nixpkgs {
-          projectRootFile = "flake.nix";
+              config.allowUnfree = true;
-          programs.nixfmt.enable = true;
+              system = "x86_64-linux";
-          programs.stylua.enable = true;
+              overlays = [
-          programs.yamlfmt.enable = true;
+                inputs.niri.overlays.niri
-          programs.typos.enable = true;
+                inputs.rust-overlay.overlays.default
-          programs.shellcheck.enable = true;
+              ] ++ import ./overlay;
-          programs.deadnix.enable = true;
+            };
-
+          in
-          settings.global.excludes = [ "secrets/*" ];
+          {
-        }
+            nixosConfigurations =
-      );
+              let
-    in
+                lib = nixpkgs.lib;
-    {
+              in
      formatter = forEachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
      checks = forEachSystem (pkgs: {
        formatting = treefmtEval.${pkgs.system}.config.build.check self;
      });
      nixosConfigurations =
        let
          pkgs = pkgsFor.x86_64-linux;
        in
        {
          ytnix = lib.nixosSystem {
            specialArgs = { inherit inputs outputs; };
            modules = [
              {
-                nixpkgs = { inherit pkgs; };
+                ytnix = lib.nixosSystem {
-              }
+                  specialArgs = { inherit inputs; };
-              ./hosts/ytnix
+                  modules = [
-              inputs.sops-nix.nixosModules.sops
+                    {
-              ./modules
+                      nixpkgs = { inherit pkgs; };
-              inputs.lanzaboote.nixosModules.lanzaboote
+                    }
-            ];
+                    ./hosts/ytnix
-          };
+                    inputs.sops-nix.nixosModules.sops
                    ./modules
                    inputs.lanzaboote.nixosModules.lanzaboote
                    inputs.niri.nixosModules.niri
                    inputs.lix-module.nixosModules.default
                    inputs.nix-ld.nixosModules.nix-ld
                  ];
                };
                chunk = lib.nixosSystem {
                  specialArgs = { inherit inputs; };
                  modules = [
                    {
                      nixpkgs = { inherit pkgs; };
                      disabledModules = [
                        "services/web-servers/garage.nix"
                      ];
                    }
                    ./hosts/chunk
                    inputs.sops-nix.nixosModules.sops
                    ./modules
                    (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix")
                  ];
                };
-          chunk = lib.nixosSystem {
+                titan = lib.nixosSystem {
-            specialArgs = { inherit inputs outputs; };
+                  specialArgs = { inherit inputs; };
-            modules = [
+                  modules = [
                    {
                      nixpkgs = { inherit pkgs; };
                    }
                    ./hosts/titan
                    disko.nixosModules.disko
                    inputs.sops-nix.nixosModules.sops
                    ./modules
                  ];
                };
              };
            homeConfigurations =
              let
                lib = home-manager.lib;
              in
              {
-                nixpkgs = { inherit pkgs; };
+                "yt@ytnix" = lib.homeManagerConfiguration {
-              }
+                  inherit pkgs;
-              ./hosts/chunk
+                  extraSpecialArgs = { inherit inputs; };
-              inputs.sops-nix.nixosModules.sops
+                  modules = [
-              ./modules
+                    ./home/yt/ytnix.nix
-              inputs.impermanence.nixosModules.impermanence
+                    inputs.nixvim.homeManagerModules.nixvim
-            ];
+                    inputs.niri.homeModules.config
                    inputs.plasma-manager.homeManagerModules.plasma-manager
                  ];
                };
                "yt@chunk" = lib.homeManagerConfiguration {
                  inherit pkgs;
                  extraSpecialArgs = { inherit inputs; };
                  modules = [
                    ./home/yt/chunk.nix
                    inputs.nixvim.homeManagerModules.nixvim
                  ];
                };
                "codespace@codespace" = lib.homeManagerConfiguration {
                  inherit pkgs;
                  extraSpecialArgs = { inherit inputs; };
                  modules = [
                    ./home/yt/codespace.nix
                    inputs.nixvim.homeManagerModules.nixvim
                  ];
                };
              };
          };
-
+      }
-          titan = lib.nixosSystem {
+    );
            specialArgs = { inherit inputs outputs; };
            modules = [
              {
                nixpkgs = { inherit pkgs; };
              }
              ./hosts/titan
              disko.nixosModules.disko
              inputs.sops-nix.nixosModules.sops
              ./modules
            ];
          };
        };
      homeConfigurations = {
        "yt@ytnix" = home-manager.lib.homeManagerConfiguration {
          pkgs = pkgsFor.x86_64-linux;
          extraSpecialArgs = { inherit inputs outputs; };
          modules = [
            ./home/yt/ytnix.nix
          ];
        };
        "yt@chunk" = home-manager.lib.homeManagerConfiguration {
          pkgs = pkgsFor.x86_64-linux;
          extraSpecialArgs = { inherit inputs outputs; };
          modules = [
            ./home/yt/chunk.nix
          ];
        };
      };
    };
 }
--- a/garnix.yaml
+++ b/garnix.yaml
@ -0,0 +1,6 @@
 builds:
  include:
    - 'nixosConfigurations.*'
    - 'homeConfigurations.*'
    - '*.aarch64-linux.*'
    - '*.x86_64-linux.*'
--- a/home/foot.nix
+++ b/home/foot.nix
@ -17,40 +17,32 @@
        blink = "yes";
        blink-rate = 500;
        beam-thickness = 1.5;
        color = "161821 c6c8d1";
      };
      mouse = {
        hide-when-typing = "yes";
      };
      colors = {
        background = "161821";
        foreground = "c6c8d1";
-
+        background = "161821";
-        selection-background = "1e2132";
+        regular0 = "1e2132";
        selection-foreground = "c6c8d1";
        regular0 = "161821";
        bright0 = "6b7089";
        regular1 = "e27878";
        bright1 = "e98989";
        regular2 = "b4be82";
        bright2 = "c0ca8e";
        regular3 = "e2a478";
        bright3 = "e9b189";
        regular4 = "84a0c6";
        bright4 = "91acd1";
        regular5 = "a093c7";
        bright5 = "ada0d3";
        regular6 = "89b8c2";
        bright6 = "95c4ce";
        regular7 = "c6c8d1";
        bright0 = "6b7089";
        bright1 = "e98989";
        bright2 = "c0ca8e";
        bright3 = "e9b189";
        bright4 = "91acd1";
        bright5 = "ada0d3";
        bright6 = "95c4ce";
        bright7 = "d2d4de";
        selection-foreground = "161821";
        selection-background = "c6c8d1";
      };
      key-bindings = {
--- a/home/ghostty.nix
+++ b/home/ghostty.nix
@ -0,0 +1,20 @@
 { ... }:
 {
  programs.ghostty = {
    enable = true;
    enableZshIntegration = true;
    clearDefaultKeybinds = true;
    settings = {
      theme = "iceberg-dark";
      font-family = "IBM Plex Mono";
      font-size = "12";
      window-decoration = false;
      confirm-close-surface = false;
      keybind = [
        "ctrl+q=quit"
        "ctrl+shift+c=copy_to_clipboard"
        "ctrl+shift+v=paste_from_clipboard"
      ];
    };
  };
 }
--- a/home/irssi.nix
+++ b/home/irssi.nix
@ -0,0 +1,22 @@
 { ... }:
 {
  programs.irssi = {
    enable = true;
    networks.liberachat = {
      nick = "cy7";
      server = {
        address = "irc.libera.chat";
        port = 6697;
        autoConnect = true;
      };
      channels = {
        nixos.autoJoin = true;
        linux.autoJoin = true;
        rust.autoJoin = true;
      };
    };
    extraConfig = ''
      ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } )
    '';
  };
 }
--- a/home/kitty.nix
+++ b/home/kitty.nix
@ -0,0 +1,72 @@
 { pkgs, ... }:
 {
  programs.kitty = {
    enable = true;
    font = {
      name = "IBM Plex Mono";
      package = pkgs.ibm-plex;
      size = 12;
    };
    themeFile = "GitHub_Dark";
    settings = {
      enable_audio_bell = true;
      # how many windows should be open before kitty asks
      # for confirmation
      confirm_os_window_close = 0;
      clear_all_shortcuts = true;
      # will probably lower this later but the max allowed is actually 4GB
      # this is NOT stored in memory and can only be viewed with scrollback_pager
      "scrollback_pager_history_size" = "1024";
      # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399
      "scrollback_pager" = "bat --pager='less -FR +G'";
      "scrollback_lines" = 20000;
    };
    keybindings = {
      # kitty_mod is ctrl+shift by default
      "kitty_mod+c" = "copy_to_clipboard";
      "kitty_mod+v" = "paste_from_clipboard";
      # "ctrl+q" = "quit";
      "kitty_mod+m" = "show_scrollback";
      # windows
      "kitty_mod+h" = "neighboring_window left";
      "kitty_mod+alt+h" = "move_window left";
      "kitty_mod+l" = "neighboring_window right";
      "kitty_mod+alt+l" = "move_window right";
      "kitty_mod+j" = "neighboring_window down";
      "kitty_mod+alt+j" = "move_window down";
      "kitty_mod+k" = "neighboring_window up";
      "kitty_mod+alt+k" = "move_window up";
      "ctrl+f3" = "detach_window new-tab";
      "ctrl+f4" = "detach_window tab-left";
      "ctrl+f5" = "load_config_file";
      "ctrl+alt+l" = "next_layout";
      "ctrl+alt+t" = "goto_layout tall";
      "ctrl+alt+s" = "goto_layout stack";
      "kitty_mod+enter" = "new_window_with_cwd";
      "kitty_mod+r" = "resize_window";
      # tabs
      "kitty_mod+n" = "next_tab";
      "kitty_mod+p" = "previous_tab";
      "kitty_mod+alt+n" = "move_tab_forward";
      "kitty_mod+alt+p" = "move_tab_backward";
      "kitty_mod+w" = "close_tab";
      "kitty_mod+t" = "new_tab_with_cwd";
      "ctrl+f2" = "detach_tab";
      # hints
      # > basically means the preceding key is a prefix (think tmux)
      "kitty_mod+o>o" = "open_url_with_hints";
      "kitty_mod+o>p" = "kitten hints --type path --program -";
      "kitty_mod+o>n" = "kitten hints --type line --program -";
      "kitty_mod+o>w" = "kitten hints --type word --program -";
      "kitty_mod+o>h" = "kitten hints --type hash --program -";
      "kitty_mod+o>l" = "kitten hints --type linenum";
    };
  };
  programs.zsh.shellAliases."ssh" = "kitten ssh";
 }
--- a/home/niri/default.nix
+++ b/home/niri/default.nix
@ -0,0 +1,210 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  wallpaper = "${./nixos-c-book.png}";
  terminal = "kitty";
  menu = [
    "fuzzel"
    "-w"
    "100"
  ];
  browser = "librewolf";
  file-manager = "thunar";
  clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy";
 in
 {
  programs.niri.settings = {
    prefer-no-csd = true;
    input.keyboard.xkb.options = "ctrl:nocaps";
    spawn-at-startup = [
      { command = [ "${lib.getExe pkgs.waybar}" ]; }
      {
        command = [
          "${lib.getExe pkgs.swaybg}"
          "-m"
          "fill"
          "-i"
          wallpaper
        ];
      }
      { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; }
      {
        command = [
          "wl-paste"
          "--watch"
          "cliphist"
          "store"
        ];
      }
    ];
    hotkey-overlay.skip-at-startup = true;
    input = {
      touchpad = {
        tap = true;
        dwt = true;
        natural-scroll = true;
        click-method = "clickfinger";
      };
      warp-mouse-to-focus = false;
      focus-follows-mouse.enable = false;
    };
    environment = {
      DISPLAY = ":0"; # for xwayland-satellite
      ANKI_WAYLAND = "1";
    };
    layout = {
      gaps = 0;
      focus-ring = {
        width = 4;
        active.color = "#4c7899";
        inactive.color = "#333333";
      };
      always-center-single-column = true;
      border.enable = false;
    };
    window-rules = [
      {
        matches = [
          { app-id = "mpv"; }
          { app-id = "Bitwarden"; }
          {
            app-id = "ghidra-Ghidra";
            # pop-up windows
            title = "^win(.*)";
          }
        ];
        open-floating = true;
      }
      {
        matches = [
          {
            app-id = "anki";
            title = "Add";
          }
        ];
        default-column-width.proportion = .25;
      }
      {
        matches = [
          { app-id = "foot"; }
          {
            app-id = "anki";
            title = "^Browse";
          }
          { app-id = "com.mitchellh.ghostt"; }
          { app-id = "org.kde.okular"; }
          { app-id = "kitty"; }
          { app-id = "VSCodium"; }
        ];
        default-column-width.proportion = .5;
      }
      {
        matches = [ { app-id = "librewolf"; } ];
        default-column-width.proportion = .75;
      }
    ];
  };
  programs.niri.settings.binds =
    with config.lib.niri.actions;
    let
      sh = spawn "sh" "-c";
    in
    {
      "Mod+Return".action = spawn terminal;
      "Mod+D".action = spawn menu;
      "Mod+Shift+E".action = quit;
      "Mod+Equal".action = set-column-width "+10%";
      "Mod+Minus".action = set-column-width "-10%";
      "Mod+Shift+Equal".action = set-window-height "+10%";
      "Mod+Shift+Minus".action = set-window-height "-10%";
      "Super+Alt+L".action = spawn "swaylock";
      "Mod+Ctrl+Q".action = close-window;
      "Mod+H".action = focus-column-left;
      "Mod+L".action = focus-column-right;
      "Mod+K".action = focus-window-up;
      "Mod+J".action = focus-window-down;
      "Mod+Shift+H".action = move-column-left;
      "Mod+Shift+L".action = move-column-right;
      "Mod+Shift+K".action = move-window-up;
      "Mod+Shift+J".action = move-window-down;
      "Mod+U".action = focus-workspace-up;
      "Mod+I".action = focus-workspace-down;
      "Mod+Shift+U".action = move-window-to-workspace-up;
      "Mod+Shift+I".action = move-window-to-workspace-down;
      "Mod+W".action = maximize-column;
      "Mod+E".action = set-column-width "50%";
      "Mod+R".action = set-column-width "75%";
      "Mod+Q".action = set-column-width "25%";
      "Mod+C".action = center-column;
      "Mod+Shift+Space".action = toggle-window-floating;
      "Mod+Space".action = switch-focus-between-floating-and-tiling;
      "Print".action = screenshot;
      "Alt+Print".action = screenshot-window;
      "Ctrl+Print".action = screenshot-screen;
      # "Mod+R".action = switch-preset-column-width;
      "Mod+Shift+R".action = switch-preset-window-height;
      "Mod+Ctrl+R".action = reset-window-height;
      "Mod+F".action = fullscreen-window;
      "Mod+WheelScrollDown" = {
        cooldown-ms = 150;
        action = focus-column-right;
      };
      "Mod+WheelScrollUp" = {
        cooldown-ms = 150;
        action = focus-column-left;
      };
      "Mod+Shift+WheelScrollDown" = {
        cooldown-ms = 150;
        action = focus-workspace-down;
      };
      "Mod+Shift+WheelScrollUp" = {
        cooldown-ms = 150;
        action = focus-workspace-up;
      };
      "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+";
      "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-";
      "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
      "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+";
      "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-";
      "Mod+1".action = focus-workspace 1;
      "Mod+2".action = focus-workspace 2;
      "Mod+3".action = focus-workspace 3;
      "Mod+4".action = focus-workspace 4;
      "Mod+5".action = focus-workspace 5;
      "Mod+6".action = focus-workspace 6;
      "Mod+7".action = focus-workspace 7;
      "Mod+8".action = focus-workspace 8;
      "Mod+9".action = focus-workspace 9;
      "Mod+Shift+1".action = move-column-to-workspace 1;
      "Mod+Shift+2".action = move-column-to-workspace 2;
      "Mod+Shift+3".action = move-column-to-workspace 3;
      "Mod+Shift+4".action = move-column-to-workspace 4;
      "Mod+Shift+5".action = move-column-to-workspace 5;
      "Mod+Shift+6".action = move-column-to-workspace 6;
      "Mod+Shift+7".action = move-column-to-workspace 7;
      "Mod+Shift+8".action = move-column-to-workspace 8;
      "Mod+Shift+9".action = move-column-to-workspace 9;
      "Mod+Alt+B".action = spawn browser;
      "Mod+Alt+A".action = spawn "anki";
      "Mod+Alt+F".action = spawn file-manager;
      "Mod+Alt+E".action = spawn "evolution";
      "Mod+P".action = spawn "bitwarden";
      "Mod+Comma".action = sh clipboard;
      "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1";
      "MouseBack".action = spawn "sh" "${./scripts/remote.sh}";
    };
 }
--- a/home/niri/nixos-c-book.png
+++ b/home/niri/nixos-c-book.png
--- a/home/niri/scripts/remote.sh
+++ b/home/niri/scripts/remote.sh
@ -0,0 +1,25 @@
 #!/usr/bin/env bash
 active_window=$(niri msg --json focused-window |jq -r .app_id)
 if [ "$1" = "btn1" ]; then
  if [ "$active_window" = "anki" ]; then
    wtype " "
  elif [ "$active_window" = "kitty" ]; then
    wtype -M ctrl -M shift -k c -m ctrl -m shift
  elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then
    wtype -M alt -P right -p right -m alt
  else
    wtype -M ctrl -k c -m ctrl
  fi
 else
  if [ "$active_window" = "anki" ]; then
    wtype "1"
  elif [ "$active_window" = "kitty" ]; then
    wtype -M ctrl -M shift -k v -m ctrl
  elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then
    wtype -M alt -P left -p left -m alt
  else
    wtype -M ctrl -k v -m ctrl
  fi
 fi
--- a/home/nixvim/default.nix
+++ b/home/nixvim/default.nix
@ -0,0 +1,255 @@
 { pkgs, inputs, ... }:
 {
  programs.nixvim = {
    enable = true;
    plugins.lualine.enable = true;
    opts = {
      number = true;
      relativenumber = true;
      expandtab = true;
      autoindent = true;
      shiftwidth = 2;
      smartindent = true;
      tabstop = 2;
      ignorecase = true;
      incsearch = true;
      smartcase = true;
    };
    colorscheme = "github_dark_tritanopia";
    clipboard.register = "unnamed";
    globals = {
      mapleader = ",";
    };
    extraPlugins = [
      (pkgs.vimUtils.buildVimPlugin {
        name = "github-theme";
        src = inputs.nvim-github-theme;
      })
    ];
    keymaps = [
      {
        action = "<cmd>Neotree toggle<CR>";
        key = "<space>s";
        mode = "n";
        options.silent = true;
      }
      {
        # shortcut to command mode
        action = ":";
        key = ";";
        mode = [
          "n"
          "x"
        ];
        options.silent = true;
      }
      {
        # insert line below without moving cursor
        action = "printf('m`%so<ESC>``', v:count1)";
        key = "<space>o";
        options.expr = true;
        mode = "n";
      }
      {
        # insert line above without moving cursor
        action = "printf('m`%sO<ESC>``', v:count1)";
        key = "<space>O";
        options.expr = true;
        mode = "n";
      }
      # nice emacs bindings
      {
        action = "<HOME>";
        key = "<C-a>";
        mode = "i";
      }
      {
        action = "<END>";
        key = "<C-e>";
        mode = "i";
      }
      # quick chat with copilot
      {
        key = "<leader>ccq";
        action.__raw = ''
          function()
            local input = vim.fn.input("Quick chat: ")
            if input ~= "" then
              require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer })
            end
          end
        '';
        mode = [
          "n"
          "v"
        ];
      }
      # ask perplexity a quick question
      {
        key = "<leader>ccs";
        action.__raw = ''
          function()
            local input = vim.fn.input("Perplexity: ")
            if input ~= "" then
              require("CopilotChat").ask(input, {
                agent = "perplexityai",
                selection = false,
              })
            end
          end
        '';
        mode = [
          "n"
          "v"
        ];
      }
    ];
    plugins.cmp = {
      enable = true;
      settings = {
        formatting.fields = [
          "abbr"
          "kind"
          "menu"
        ];
        experimental = {
          ghost_text = true;
        };
        snippet.expand = ''
          function(args) require('luasnip').lsp_expand(args.body) end
        '';
        sources = [
          { name = "nvim_lsp"; }
          { name = "emoji"; }
          { name = "luasnip"; }
          { name = "buffer"; }
          { name = "path"; }
        ];
        mapping = {
          "<C-h>" = "cmp.mapping.abort()";
          "<C-n>" = "cmp.mapping.select_next_item()";
          "<C-p>" = "cmp.mapping.select_prev_item()";
          "<C-u>" = "cmp.mapping.scroll_docs(-4)";
          "<C-d>" = "cmp.mapping.scroll_docs(4)";
          "<C-k>" = ''
            cmp.mapping(function(fallback)
              if cmp.visible() then
                if require("luasnip").expandable() then
                  require("luasnip").expand()
                else
                  cmp.confirm({
                    select = true,
                  })
                end
              else
                fallback()
              end
            end)
          '';
          # plain tab conflicts with i try to indent
          "<C-Tab>" = ''
            cmp.mapping(function(fallback)
              if require("luasnip").jumpable(1) then
                require("luasnip").jump(1)
              else
                fallback()
              end
            end,{"i","s"})
          '';
          "<S-Tab>" = ''
            cmp.mapping(function(fallback)
              if require("luasnip").jumpable(-1) then
                require("luasnip").jump(-1)
              else
                fallback()
              end
            end,{"i","s"})
          '';
        };
      };
    };
    plugins.lsp = {
      enable = true;
      keymaps.lspBuf = {
        "K" = "hover";
        "gd" = "definition";
        "gD" = "references";
        # "gt" = "type_definition"; # conflicts with switch tab
        "gI" = "type_definition";
        "gi" = "implementation";
      };
      servers = {
        bashls.enable = true;
        lua_ls.enable = true;
        nil_ls = {
          enable = true;
          settings = {
            formatting.command = [
              "nix"
              "fmt"
            ];
            nix.flake.autoArchive = true;
          };
        };
        rust_analyzer = {
          enable = true;
          installRustc = true;
          installCargo = true;
        };
      };
    };
    plugins.treesitter = {
      enable = true;
      nixGrammars = true;
      settings = {
        indent.enable = true;
        auto_install = true;
        highlight.enable = true;
      };
    };
    plugins.fzf-lua = {
      enable = true;
      profile = "fzf-native";
      keymaps = {
        "<leader>ff" = "files";
        "<leader>fg" = "live_grep";
      };
    };
    plugins.neo-tree = {
      enable = true;
      buffers.followCurrentFile.enabled = true;
      window.width = 30;
    };
    plugins.gitsigns = {
      enable = true;
      settings.current_line_blame = true;
    };
    plugins.copilot-chat = {
      enable = true;
      settings = {
        model = "claude-3.5-sonnet";
      };
    };
    plugins.cmp-buffer.enable = true;
    plugins.cmp-emoji.enable = true;
    plugins.cmp-nvim-lsp.enable = true;
    plugins.cmp-path.enable = true;
    plugins.cmp_luasnip.enable = true;
    plugins.luasnip.enable = true;
    plugins.nvim-autopairs.enable = true;
    plugins.rainbow-delimiters.enable = true;
    plugins.web-devicons.enable = true;
    plugins.auto-save.enable = true;
    plugins.indent-blankline.enable = true;
    plugins.undotree.enable = true;
  };
 }
--- a/home/nvim/init.lua
+++ b/home/nvim/init.lua
@ -1,73 +0,0 @@
 require("plugin_specs")
 local keymap = vim.keymap
 local opt = vim.opt
 vim.g.loaded_netrw = 1
 vim.g.loaded_netrwPlugin = 1
 vim.opt.termguicolors = true
 require("nvim-tree").setup()
 require("lualine").setup({
 	options = {
 		theme = "auto",
 		icons_enabled = true,
 		globalstatus = true,
 	},
 })
 require("gitsigns").setup()
 opt.tabstop = 2
 opt.softtabstop = 2
 opt.shiftwidth = 2
 opt.expandtab = true
 opt.relativenumber = true
 opt.ignorecase = true
 opt.smartcase = true
 opt.scrolloff = 3
 opt.confirm = true
 opt.history = 500
 opt.undofile = true
 opt.termguicolors = true
 opt.showmode = false
 opt.mouse = ""
 opt.wrap = false
 opt.clipboard:append("unnamedplus")
 vim.cmd.colorscheme("iceberg")
 keymap.set("n", "<space>s", require("nvim-tree.api").tree.toggle, {
 	desc = "toggle nvim-tree",
 	silent = true,
 })
 -- shortcut to command mode
 keymap.set({ "n", "x" }, ";", ":", { silent = true })
 keymap.set("n", "<space>o", "printf('m`%so<ESC>``', v:count1)", {
 	expr = true,
 	desc = "insert line below without moving cursor",
 })
 keymap.set("n", "<space>O", "printf('m`%sO<ESC>``', v:count1)", {
 	expr = true,
 	desc = "insert line above without moving cursor",
 })
 keymap.set("n", "/", [[/\v]])
 keymap.set("n", "c", '"_c')
 keymap.set("n", "C", '"_C')
 keymap.set("n", "cc", '"_cc')
 keymap.set("x", "c", '"_c')
 keymap.set("x", "p", '"_c<Esc>p')
 -- Break inserted text into smaller undo units when we insert some punctuation chars.
 local undo_ch = { ",", ".", "!", "?", ";", ":" }
 for _, ch in ipairs(undo_ch) do
 	keymap.set("i", ch, ch .. "<c-g>u")
 end
 keymap.set("i", "<C-A>", "<HOME>")
 keymap.set("i", "<C-E>", "<END>")
--- a/home/nvim/lazy-lock.json
+++ b/home/nvim/lazy-lock.json
@ -1,24 +0,0 @@
 {
  "LuaSnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
  "cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" },
  "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
  "cmp-omni": { "branch": "main", "commit": "4ef610bbd85a5ee4e97e09450c0daecbdc60de86" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
  "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" },
  "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" },
  "fzf-lua": { "branch": "main", "commit": "e724f5080b94ae685978919c971b3371b1b48a60" },
  "gitsigns.nvim": { "branch": "main", "commit": "5f808b5e4fef30bd8aca1b803b4e555da07fc412" },
  "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" },
  "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" },
  "lazy.nvim": { "branch": "main", "commit": "7e6c863bc7563efbdd757a310d17ebc95166cef3" },
  "lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" },
  "nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" },
  "nvim-cmp": { "branch": "main", "commit": "b555203ce4bd7ff6192e759af3362f9d217e8c89" },
  "nvim-lspconfig": { "branch": "master", "commit": "ff2b85abaa810f6611233dbe6d31c07510ebf43d" },
  "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" },
  "nvim-treesitter": { "branch": "master", "commit": "17678b00fa5c2712890a0ec2e269d0a4de1207df" },
  "nvim-web-devicons": { "branch": "master", "commit": "c1a86a2c386c55efc02fa2ec2c3a914af653d954" },
  "tokyonight.nvim": { "branch": "main", "commit": "45d22cf0e1b93476d3b6d362d720412b3d34465c" },
  "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" }
 }
--- a/home/nvim/lua/config/fzf.lua
+++ b/home/nvim/lua/config/fzf.lua
@ -1,21 +0,0 @@
 local keymap = vim.keymap
 local fzf = require("fzf-lua")
 keymap.set("n", "<leader>ff", fzf.files, { silent = true })
 keymap.set("n", "<leader>fr", fzf.oldfiles, { silent = true })
 keymap.set("n", "<leader>fc", fzf.resume, { silent = true })
 keymap.set("n", "<leader>fs", fzf.treesitter, { silent = true })
 keymap.set("n", "<leader>fg", fzf.grep_project, { silent = true })
 fzf.setup({
 	"fzf-native",
 	keymap = {
 		fzf = {
 			["ctrl-u"] = "half-page-up",
 			["ctrl-d"] = "half-page-down",
 			["ctrl-j"] = "preview-page-down",
 			["ctrl-k"] = "preview-page-up",
 		},
 	},
 })
--- a/home/nvim/lua/config/hop.lua
+++ b/home/nvim/lua/config/hop.lua
@ -1,16 +0,0 @@
 local hop = require("hop")
 local keymap = vim.keymap
 hop.setup({
 	case_insensitive = true,
 	char2_fallback_key = "<CR>",
 	quit_key = "<Esc",
 })
 keymap.set({ "n", "v", "o" }, "<C-t>", "", {
 	silent = true,
 	noremap = true,
 	callback = function()
 		hop.hint_char1()
 	end,
 })
--- a/home/nvim/lua/config/lsp.lua
+++ b/home/nvim/lua/config/lsp.lua
@ -1,76 +0,0 @@
 local lsp = vim.lsp
 local diagnostic = vim.diagnostic
 local keymap = vim.keymap
 keymap.set("n", "gd", lsp.buf.definition)
 keymap.set("n", "<space>rn", lsp.buf.rename)
 keymap.set("n", "gr", lsp.buf.references)
 keymap.set("n", "[d", diagnostic.goto_prev)
 keymap.set("n", "]d", diagnostic.goto_next)
 diagnostic.config({
 	signs = false,
 })
 local lspconfig = require("lspconfig")
 local capabilities = require("cmp_nvim_lsp").default_capabilities()
 lspconfig.pylsp.setup({ capabilities = capabilities })
 lspconfig.clangd.setup({ capabilities = capabilities })
 lspconfig.vimls.setup({ capabilities = capabilities })
 lspconfig.bashls.setup({ capabilities = capabilities })
 lspconfig.rust_analyzer.setup({
 	capabilities = capabilities,
 })
 lspconfig.gopls.setup({
 	settings = {
 		gopls = {
 			analyses = {
 				unusedparams = true,
 			},
 			staticcheck = true,
 			gofumpt = true,
 		},
 	},
 	capabilities = capabilities,
 })
 lspconfig.lua_ls.setup({
 	capabilities = capabilities,
 	on_init = function(client)
 		if client.workspace_folders then
 			local path = client.workspace_folders[1].name
 			if vim.uv.fs_stat(path .. "/.luarc.json") or vim.uv.fs_stat(path .. "/.luarc.jsonc") then
 				return
 			end
 		end
 		client.config.settings.Lua = vim.tbl_deep_extend("force", client.config.settings.Lua, {
 			runtime = {
 				-- Tell the language server which version of Lua you're using
 				-- (most likely LuaJIT in the case of Neovim)
 				version = "LuaJIT",
 			},
 			-- Make the server aware of Neovim runtime files
 			workspace = {
 				checkThirdParty = false,
 				library = {
 					vim.env.VIMRUNTIME,
 					-- Depending on the usage, you might want to add additional paths here.
 					-- "${3rd}/luv/library"
 					-- "${3rd}/busted/library",
 				},
 				-- or pull in all of 'runtimepath'. NOTE: this is a lot slower
 				-- library = vim.api.nvim_get_runtime_file("", true)
 			},
 		})
 	end,
 	settings = {
 		Lua = {},
 	},
 })
 lspconfig.nixd.setup({ capabilities = capabilities })
 lspconfig.sqls.setup({ capabilities = capabilities })
 lspconfig.hls.setup({ capabilities = capabilities })
--- a/home/nvim/lua/config/nvim-cmp.lua
+++ b/home/nvim/lua/config/nvim-cmp.lua
@ -1,54 +0,0 @@
 local cmp = require("cmp")
 local luasnip = require("luasnip")
 cmp.setup({
 	snippet = {
 		expand = function(args)
 			require("luasnip").lsp_expand(args.body)
 		end,
 	},
 	mapping = {
 		["<C-h"] = cmp.mapping.abort(),
 		["<C-k>"] = cmp.mapping(function(fallback)
 			if cmp.visible() then
 				if luasnip.expandable() then
 					luasnip.expand()
 				else
 					cmp.confirm({
 						select = true,
 					})
 				end
 			else
 				fallback()
 			end
 		end),
 		["<C-n>"] = cmp.mapping(function(fallback)
 			if luasnip.locally_jumpable(1) then
 				luasnip.jump(1)
 			elseif cmp.visible() then
 				cmp.select_next_item()
 			else
 				fallback()
 			end
 		end, { "i", "s" }),
 		["<C-p>"] = cmp.mapping(function(fallback)
 			if luasnip.locally_jumpable(-1) then
 				luasnip.jump(-1)
 			elseif cmp.visible() then
 				cmp.select_prev_item()
 			else
 				fallback()
 			end
 		end, { "i", "s" }),
 	},
 	sources = cmp.config.sources({
 		{ name = "nvim_lsp" },
 		{ name = "luasnip" },
 	}, {
 		{ name = "buffer" },
 		{ name = "path" },
 	}),
 })
--- a/home/nvim/lua/plugin_specs.lua
+++ b/home/nvim/lua/plugin_specs.lua
@ -1,99 +0,0 @@
 -- Bootstrap lazy.nvim
 local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
 if not (vim.uv or vim.loop).fs_stat(lazypath) then
 	local lazyrepo = "https://github.com/folke/lazy.nvim.git"
 	local out = vim.fn.system({ "git", "clone", "--filter=blob:none", "--branch=stable", lazyrepo, lazypath })
 	if vim.v.shell_error ~= 0 then
 		vim.api.nvim_echo({
 			{ "Failed to clone lazy.nvim:\n", "ErrorMsg" },
 			{ out, "WarningMsg" },
 			{ "\nPress any key to exit..." },
 		}, true, {})
 		vim.fn.getchar()
 		os.exit(1)
 	end
 end
 vim.opt.rtp:prepend(lazypath)
 vim.g.mapleader = ","
 local plugin_specs = {
 	{
 		"nvim-treesitter/nvim-treesitter",
 		build = ":TSUpdate",
 		event = "VeryLazy",
 	},
 	{
 		"neovim/nvim-lspconfig",
 		event = { "BufRead", "BufNewFile" },
 		config = function()
 			require("config.lsp")
 		end,
 	},
 	{
 		"hrsh7th/nvim-cmp",
 		event = "VeryLazy",
 		dependencies = {
 			"hrsh7th/cmp-nvim-lsp",
 			"hrsh7th/cmp-path",
 			"hrsh7th/cmp-buffer",
 			"hrsh7th/cmp-omni",
 			"hrsh7th/cmp-cmdline",
 			"saadparwaiz1/cmp_luasnip",
 		},
 		config = function()
 			require("config.nvim-cmp")
 		end,
 	},
 	{
 		"L3MON4D3/LuaSnip",
 		version = "v2.*",
 		build = "make install_jsregexp",
 	},
 	{ "stevearc/dressing.nvim", event = "VeryLazy" },
 	{
 		"nvim-tree/nvim-tree.lua",
 		lazy = false,
 		dependencies = {
 			"nvim-tree/nvim-web-devicons",
 		},
 	},
 	{
 		"ibhagwan/fzf-lua",
 		dependencies = { "nvim-tree/nvim-web-devicons" },
 		config = function()
 			require("config.fzf")
 		end,
 	},
 	{ "windwp/nvim-autopairs", event = "InsertEnter", config = true },
 	{ "tpope/vim-commentary", event = "VeryLazy" },
 	{ "folke/tokyonight.nvim", lazy = false, priority = 1000 },
 	{ "lewis6991/gitsigns.nvim" },
 	{ "nvim-lualine/lualine.nvim", dependencies = { "nvim-tree/nvim-web-devicons" } },
 	{
 		"smoka7/hop.nvim",
 		version = "*",
 		config = function()
 			require("config.hop")
 		end,
 	},
 	{ "cocopon/iceberg.vim" },
 }
 require("lazy").setup({
 	spec = plugin_specs,
 	rocks = { enabled = true },
 })
--- a/home/plasma.nix
+++ b/home/plasma.nix
@ -0,0 +1,80 @@
 { ... }:
 {
  programs.plasma = {
    enable = true;
    overrideConfig = true;
    immutableByDefault = true;
    workspace = {
      lookAndFeel = "org.ide.breezedark.desktop";
      cursor = {
        theme = "Bibata-Modern-Classic";
        size = 23;
      };
    };
    fonts = {
      general = {
        family = "IBM Plex Mono";
        pointSize = 12;
      };
    };
    input.keyboard = {
      numlockOnStartup = "on";
      options = [ "ctrl:nocaps" ];
    };
    # Meta key is actually the Super key in KDE
    hotkeys.commands = {
      "launch-terminal" = {
        name = "launch terminal";
        key = "Meta+Return";
        command = "kitty";
      };
      "launch-browser" = {
        name = "launch browser";
        key = "Meta+B";
        command = "librewolf";
      };
    };
    shortcuts = {
      kwin = {
        "Switch Window Down" = "Meta+J";
        "Switch Window Left" = "Meta+H";
        "Switch Window Right" = "Meta+L";
        "Switch Window Up" = "Meta+K";
        "Window Quick Tile Down" = "Meta+Shift+J";
        "Window Quick Tile Left" = "Meta+Shift+H";
        "Window Quick Tile Right" = "Meta+Shift+L";
        "Window Quick Tile Up" = "Meta+Shift+K";
        "Window Close" = "Meta+Ctrl+Q";
        "Window Maximize" = "Meta+W";
        "Window Minimize" = "Meta+Shift+-";
        "Window Fullscreen" = "Meta+F";
        "Window Shrink Horizontal" = "Meta+-";
      };
      ksmserver = {
        "Lock Session" = [
          "Screensaver"
          "Meta+Ctrl+L"
        ];
      };
    };
    configFile = {
      # save RAM
      baloofilerc."Basic Settings"."Indexing-Enabled" = false;
    };
    # looks like KDE overrides services.logind settings
    powerdevil.AC = {
      whenLaptopLidClosed = "hibernate";
    };
    powerdevil.battery = {
      whenLaptopLidClosed = "hibernate";
    };
  };
 }
--- a/home/sway/config
+++ b/home/sway/config
@ -26,7 +26,7 @@ floating_modifier $mod normal
 default_border pixel
 smart_borders on
 focus_follows_mouse always
-mouse_warping container
+# mouse_warping container
 bindsym $mod+Return exec $term
 bindsym $mod+Ctrl+q kill
@ -121,13 +121,11 @@ bindsym $mod+Control+l exec $lock
 font pango:$font_family $font_size
-for_window [app_id=mpv] inhibit_idle open
+for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable
 for_window [class="pomatez"] floating enable, sticky enable
 for_window [class="PacketTracer"] floating enable, border normal
 for_window [app_id="LibreWolf" title="^Extension"] floating enable
 for_window [floating] border csd
 for_window [app_id="org.keepassxc.KeePassXC"] floating enable
 for_window [app_id="Bitwarden"] floating enable
 for_window [app_id=anki title="Add"] floating enable
 bar {
 	swaybar_command waybar
--- a/home/vscode.nix
+++ b/home/vscode.nix
@ -0,0 +1,40 @@
 { pkgs, ... }:
 {
  programs.vscode = {
    enable = true;
    package = pkgs.vscodium;
    enableUpdateCheck = false;
    enableExtensionUpdateCheck = false;
    mutableExtensionsDir = false;
    extensions = with pkgs.vscode-extensions; [
      vscodevim.vim
      jnoortheen.nix-ide
      editorconfig.editorconfig
      github.github-vscode-theme
      github.copilot
      rust-lang.rust-analyzer
    ];
    userSettings = {
      "workbench.colorTheme" = "GitHub Dark Default";
      "files.autoSave" = "afterDelay";
      "nix.enableLanguageServer" = true;
      "nix.serverPath" = "nixd";
      "editor.fontFamily" = "IBM Plex Mono";
      "editor.fontSize" = 16;
      "editor.wordWrap" = "on";
      # vim mode settings
      "vim.handleKeys" = {
        "<C-b>" = false; # file tree toggle
      };
      "vim.normalModeKeyBindings" = [
        {
          "before" = [ ";" ];
          "after" = [ ":" ];
          "silent" = true;
        }
      ];
      "workbench.startupEditor" = "none";
    };
  };
 }
--- a/home/waybar/config
+++ b/home/waybar/config
@ -6,8 +6,8 @@
 		"margin-left": 0,
 		"margin-right": 0,
 		"margin-top": 0,
-    "modules-left": ["sway/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar
+    "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar
-    "modules-center": ["sway/window"], // Set modules for the center of the bar
+    "modules-center": ["niri/window"], // Set modules for the center of the bar
    "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar
    "clock#time": {
    "format": "<span color=\"#7aa2f7\"> </span>{:%H:%M:%S}",
@ -71,7 +71,7 @@
    "on-click": "pavucontrol",
 		"interval": 4,
  },
-  "sway/window": {
+  "niri/window": {
    "max-length": 64,
  },
  "tray": {
--- a/home/yt/chunk.nix
+++ b/home/yt/chunk.nix
@ -16,8 +16,6 @@
  systemd.user.startServices = "sd-switch";
  home.packages = with pkgs; [
-    bottom
+    attic-server
    btop
    foot.terminfo
  ];
 }
--- a/home/yt/codespace.nix
+++ b/home/yt/codespace.nix
@ -0,0 +1,22 @@
 {
  pkgs,
  ...
 }:
 {
  imports = [
    ./common.nix
  ];
  home = {
    username = "codespace";
    homeDirectory = "/home/codespace";
    stateVersion = "24.05";
  };
  programs.home-manager.enable = true;
  systemd.user.startServices = "sd-switch";
  home.packages = with pkgs; [
    foot.terminfo
    attic-client
  ];
 }
--- a/home/yt/common.nix
+++ b/home/yt/common.nix
@ -3,21 +3,21 @@
  imports = [
    ../tmux.nix
    ../zsh
    ../nixvim
  ];
  home.sessionVariables = {
    "EDITOR" = "nvim";
  };
  xdg.configFile = {
    nvim.source = ../nvim;
  };
  home.packages = with pkgs; [
    man-pages
    man-pages-posix
    man
    man-db
    attic-client
    bottom
    btop
  ];
  programs.zoxide.options = [ "--cmd cd" ];
@ -27,11 +27,10 @@
  };
  programs.zoxide.enable = true;
  programs.eza.enable = true;
  programs.neovim.enable = true;
  programs.git = {
    enable = true;
    userName = "cy";
-    userEmail = "hi@cything.io";
+    userEmail = "cy@cy7.sh";
    delta = {
      enable = true;
      options = {
@ -45,7 +44,11 @@
        rebase = true;
        autostash = true;
      };
-      merge.tool = "vimdiff";
+      merge = {
        tool = "vimdiff";
        keepBackup = false;
        prompt = false;
      };
      rebase = {
        stat = true;
        autoStash = true;
@ -53,12 +56,10 @@
        updateRefs = true;
      };
      help.autocorrect = 1;
-      mergetool = {
+      "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'";
        prompt = false;
        path = "nvim-open";
      };
    };
  };
  programs.ripgrep.enable = true;
  programs.man.generateCaches = true;
  programs.fd.enable = true;
 }
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -1,11 +1,17 @@
 {
  pkgs,
  lib,
  ...
 }:
 {
  imports = [
    ./common.nix
    ../foot.nix
    ../niri
    ../irssi.nix
    ../kitty.nix
    ../vscode.nix
    ../plasma.nix
  ];
  home = {
    username = "yt";
@ -16,31 +22,34 @@
  systemd.user.startServices = "sd-switch";
-  qt = {
+  # keep this commented when using plasma
-    enable = true;
+  # otherwise "system settings" in KDE will not function
-    platformTheme.name = "gtk";
+  # qt = {
-    style.name = "adwaita-dark";
+  #   enable = true;
-    style.package = pkgs.adwaita-qt;
+  #   platformTheme.name = "kde";
-  };
+  #   style.name = "breeze-dark";
  #   style.package = pkgs.kdePackages.breeze;
  # };
-  gtk = {
+  # this one too
-    enable = true;
+  # gtk = {
-    cursorTheme = {
+  #   enable = true;
-      package = pkgs.bibata-cursors;
+  #   theme = {
-      name = "Bibata-Modern";
+  #     package = pkgs.adw-gtk3;
-    };
+  #     name = "adw-gtk3-dark";
-    theme = {
+  #   };
-      package = pkgs.adw-gtk3;
+  #   iconTheme = {
-      name = "adw-gtk3-dark";
+  #     package = pkgs.adwaita-icon-theme;
-    };
+  #     name = "Adwaita";
-    iconTheme = {
+  #   };
-      package = pkgs.adwaita-icon-theme;
+  # };
      name = "Adwaita";
    };
  };
-  home.sessionVariables = {
+  home.pointerCursor = {
-    ANKI_WAYLAND = "1";
+    package = pkgs.bibata-cursors;
    name = "Bibata-Modern-Classic";
    size = 23;
    gtk.enable = true;
    x11.enable = true;
  };
  home.packages = with pkgs; [
@ -50,9 +59,7 @@
    bitwarden-desktop
    bitwarden-cli
    fastfetch
    discord
    nwg-look
    element-desktop
    kdePackages.gwenview
    kdePackages.okular
    kdePackages.qtwayland
@ -71,7 +78,7 @@
    bash-language-server
    sqlite
    usbutils
-    llvmPackages_19.clang-tools
+    clang-tools
    calibre
    tor-browser
    wtype
@ -80,7 +87,6 @@
    rclone
    go
    rustup
    clang_19
    pwgen
    lua-language-server
    gnumake
@ -95,6 +101,29 @@
    trezorctl
    trezor-agent
    q
    opentofu
    terraform-ls
    gdb
    clang
    seahorse
    github-cli
    fuzzel
    nixpkgs-review
    just
    hugo
    ghidra-bin
    sequoia
    sccache
    awscli2
    lldb
    (cutter.withPlugins (p: with p; [
      rz-ghidra
      jsdec
      sigdb
    ]))
    ida-free
    patchelf
    radare2
  ];
  programs.waybar.enable = true;
@ -117,7 +146,6 @@
  };
  xdg.configFile = {
    sway.source = ../sway;
    rofi.source = ../rofi;
    waybar.source = ../waybar;
    mpv.source = ../mpv;
@ -132,4 +160,37 @@
      miniflux-passwordfile /run/secrets/newsboat/miniflux
    '';
  };
  programs.direnv = {
    enable = true;
    nix-direnv.enable = true;
  };
  programs.git.extraConfig = {
    user = {
      signingKey = "~/.ssh/id.key";
    };
    gpg.format = "ssh";
    commit.gpgsign = true;
    core.sshCommand = "ssh -i ~/.ssh/id.key";
  };
  home.sessionVariables = {
    # to make ghidra work on xwayland
    _JAVA_AWT_WM_NONREPARENTING = 1;
    # sccache stuff
    RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
    SCCACHE_BUCKET = "sccache";
    SCCACHE_REGION = "earth";
    SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
    SCCACHE_ALLOW_CORE_DUMPS = "true";
    SCCACHE_S3_USE_SSL = "true";
    SCCACHE_CACHE_MULTIARCH = "true";
    SCCACHE_LOG_LEVEL = "warn";
    AWS_DEFAULT_REGION = "earth";
    AWS_ENDPOINT_URL = "https://s3.cy7.sh";
    AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
    AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
  };
 }
--- a/home/zsh/default.nix
+++ b/home/zsh/default.nix
@ -15,7 +15,7 @@
      highlighters = [ "brackets" ];
    };
    autocd = true;
-    defaultKeymap = "emacs";
+    defaultKeymap = "viins";
    initExtraFirst = ''
      if [[ -r "''\${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''\${(%):-%n}.zsh" ]]; then
@ -39,11 +39,14 @@
    initExtra = ''
      # disable control+s to pause terminal
      unsetopt FLOW_CONTROL
-      # manually integrate fzf cause we need to make sure zsh-vi-mode
+
-      # won't override C-r
+      # useful emacs mode bindings
-      function zvm_after_init() {
+      bindkey -M viins "^E" end-of-line
-        eval "$(${pkgs.fzf}/bin/fzf --zsh)"
+      bindkey -M viins "^A" beginning-of-line
-      }
+      bindkey -M viins "^B" backward-char
      # accept one word completion
      bindkey -M viins "^S" forward-word
      # fzf-tab stuff
      # set description format to enable group support
@ -60,11 +63,6 @@
      source ${./p10k.zsh}
    '';
    plugins = with pkgs; [
      {
        name = "vi-mode";
        src = zsh-vi-mode;
        file = "share/zsh-vi-mode/zsh-vi-mode.plugin.zsh";
      }
      {
        name = "powerlevel10k";
        src = zsh-powerlevel10k;
@ -84,9 +82,9 @@
      "ta" = "tmux new-session -A -s";
      "se" = "sudoedit";
      "s" = "sudo";
-      "nrs" = "sudo nixos-rebuild switch --flake .";
+      "nrs" = "sudo nixos-rebuild switch -L --flake .";
-      "nrt" = "sudo nixos-rebuild test --flake .";
+      "nrt" = "sudo nixos-rebuild test -L --flake .";
-      "hrs" = "home-manager switch --flake .";
+      "hrs" = "home-manager switch -L --flake .";
      "g" = "git";
      "ga" = "git add";
      "gaa" = "git add --all";
@ -109,8 +107,9 @@
    };
  };
-  programs.fzf.enableZshIntegration = false; # manually integrated see above
+  programs.fzf.enableZshIntegration = true;
  programs.zoxide.enableZshIntegration = true;
  programs.eza.enableZshIntegration = true;
  programs.nix-index.enableZshIntegration = false;
  programs.direnv.enableZshIntegration = false;
 }
--- a/hosts/chunk/Caddyfile
+++ b/hosts/chunk/Caddyfile
@ -1,62 +0,0 @@
 {
  acme_ca https://acme.zerossl.com/v2/DV90
  acme_eab {
    key_id {$EAB_KEY_ID}
    mac_key {$EAB_MAC_KEY}
  }
 }
 (common) {
  encode zstd gzip
  header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 }
 git.cy7.sh, git.cything.io {
  import common
  reverse_proxy unix//run/gitlab/gitlab-workhorse.socket
 }
 rss.cything.io {
  import common
  reverse_proxy localhost:8080
 }
 photos.cy7.sh {
  import common
  reverse_proxy localhost:2283
 }
 chat.cything.io {
  import common
  reverse_proxy localhost:8448
 }
 pass.cy7.sh {
  import common
  reverse_proxy localhost:8081
 }
 dns.cything.io {
  import common
  reverse_proxy localhost:8082
 }
 pad.cything.io {
  import common
  reverse_proxy localhost:8085
 }
 red.cything.io {
  import common
  reverse_proxy localhost:8087
 }
 grafana.cything.io {
  import common
  reverse_proxy localhost:8088
 }
 element.cything.io {
  import common
  reverse_proxy localhost:8089
 }
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -21,4 +21,9 @@
      ];
    };
  };
  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8082
  '';
 }
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -0,0 +1,39 @@
 { config, ... }:
 {
  services.atticd = {
    enable = true;
    environmentFile = config.sops.secrets."attic/env".path;
    settings = {
      listen = "[::]:8090";
      api-endpoint = "https://cache.cything.io/";
      allowed-hosts = [ "cache.cything.io" ];
      require-proof-of-possession = false;
      compression.type = "zstd";
      database.url = "postgresql:///atticd?host=/run/postgresql";
      storage = {
        type = "local";
        path = "/mnt/attic";
      };
      garbage-collection = {
        default-retention-period = "3 months";
      };
      chunking = {
        nar-size-threshold = 0; # disables chunking
        min-size = 0;
        avg-size = 0;
        max-size = 0;
        concurrent-chunk-uploads = 32;
      };
    };
  };
  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8090
  '';
 }
--- a/hosts/chunk/conduwuit.nix
+++ b/hosts/chunk/conduwuit.nix
@ -1,12 +1,18 @@
-{ pkgs, ... }:
+{ inputs, ... }:
 {
  services.conduwuit = {
    enable = true;
-    package = pkgs.callPackage ../../pkgs/conduwuit.nix { };
+    package =
      inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised;
    settings.global = {
      port = [ 8448 ];
      server_name = "cything.io";
      allow_check_for_updates = true;
    };
  };
  services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8448
  '';
 }
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -1,6 +1,4 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
@ -9,7 +7,6 @@
    ../common.nix
    ../zsh.nix
    ./hardware-configuration.nix
    ./gitlab.nix
    ./backup.nix
    ./rclone.nix
    ./postgres.nix
@ -21,10 +18,13 @@
    ./vaultwarden.nix
    ./wireguard.nix
    ./grafana.nix
-    ./tor.nix
+    ./conduwuit.nix
    ./conduit.nix
    ./immich.nix
    ./element.nix
    ./attic.nix
    ./forgejo.nix
    ./garage.nix
    ./tailscale.nix
  ];
  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -59,33 +59,25 @@
    "miniflux/env" = {
      sopsFile = ../../secrets/services/miniflux.yaml;
    };
    "gitlab/root" = {
      sopsFile = ../../secrets/services/gitlab.yaml;
      owner = config.users.users.git.name;
    };
    "gitlab/secret" = {
      sopsFile = ../../secrets/services/gitlab.yaml;
      owner = config.users.users.git.name;
    };
    "gitlab/jws" = {
      sopsFile = ../../secrets/services/gitlab.yaml;
      owner = config.users.users.git.name;
    };
    "gitlab/db" = {
      sopsFile = ../../secrets/services/gitlab.yaml;
      owner = config.users.users.git.name;
    };
    "gitlab/otp" = {
      sopsFile = ../../secrets/services/gitlab.yaml;
      owner = config.users.users.git.name;
    };
    "rsyncnet/id_ed25519" = {
-      sopsFile = ../../secrets/de3911/chunk.yaml;
+      sopsFile = ../../secrets/zh5061/chunk.yaml;
    };
    "attic/env" = {
      sopsFile = ../../secrets/services/attic.yaml;
    };
    "garage/env" = {
      sopsFile = ../../secrets/services/garage.yaml;
    };
    "tailscale/auth" = {
      sopsFile = ../../secrets/services/tailscale.yaml;
    };
  };
-  boot.loader.grub.enable = true;
+  boot = {
-  boot.loader.grub.device = "/dev/vda";
+    loader.grub.enable = true;
    loader.grub.device = "/dev/vda";
    kernelPackages = pkgs.linuxPackages_latest;
  };
  system.stateVersion = "24.05";
@ -132,12 +124,6 @@
    address = "31.59.129.1";
    interface = "ens18";
  };
  networking.nameservers = [
    "127.0.0.1"
    "::1"
  ];
  time.timeZone = "America/Toronto";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
@ -160,6 +146,13 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix"
  ];
  # for forgejo
  users.users.git = {
    isNormalUser = true;
    home = "/var/lib/forgejo";
    group = "git";
  };
  users.groups.git = { };
  environment.systemPackages = with pkgs; [
    vim
@ -169,6 +162,7 @@
    tmux
    file
    sops
    attic-server
  ];
  environment.variables = {
@ -187,11 +181,13 @@
  programs.gnupg.agent.enable = true;
  programs.git.enable = true;
-  services.caddy = {
+  my.caddy.enable = true;
-    enable = true;
+  services.caddy.virtualHosts."cy7.sh" = {
-    configFile = ./Caddyfile;
+    serverAliases = [ "www.cy7.sh" ];
-    environmentFile = config.sops.secrets."caddy/env".path;
+    extraConfig = ''
-    logFormat = lib.mkForce "level INFO";
+      import common
      redir https://cything.io temporary
    '';
  };
  # container stuff
@ -207,4 +203,5 @@
    };
  };
  virtualisation.oci-containers.backend = "podman";
  environment.enableAllTerminfo = true;
 }
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -7,4 +7,9 @@
      port = 8112;
    };
  };
  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8112
  '';
 }
--- a/hosts/chunk/element.nix
+++ b/hosts/chunk/element.nix
@ -7,9 +7,12 @@
  virtualisation.oci-containers.containers.element = {
    image = "vectorim/element-web";
    autoStart = true;
-    ports = [ "127.0.0.1:8089:80" ];
+    ports = [ "127.0.0.1:8089:8089" ];
    pull = "newer";
    networks = [ "element-net" ];
    environment = {
      ELEMENT_WEB_PORT = "8089";
    };
  };
  systemd.services.create-element-net = {
@ -22,4 +25,9 @@
      ${pkgs.podman}/bin/podman network create element-net
    '';
  };
  services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8089
  '';
 }
--- a/hosts/chunk/forgejo.nix
+++ b/hosts/chunk/forgejo.nix
@ -0,0 +1,53 @@
 { pkgs, ... }:
 {
  services.forgejo = {
    enable = true;
    package = pkgs.forgejo; # uses forgejo-lts by default
    user = "git";
    group = "git";
    settings = {
      server = {
        ROOT_URL = "https://git.cy7.sh";
        HTTP_PORT = 3000;
        HTTP_ADDR = "127.0.0.1";
        DOMAIN = "git.cy7.sh";
        LANDING_PAGE = "explore";
      };
      session.COOKIE_SECURE = true;
      service.DISABLE_REGISTRATION = true;
      ui = {
        AMBIGUOUS_UNICODE_DETECTION = false;
        DEFAULT_THEME = "forgejo-dark";
      };
      actions.ENABLED = false;
      repository.ENABLE_PUSH_CREATE_USER = true;
      indexer.REPO_INDEXER_ENABLED = true;
    };
    database = {
      type = "postgres";
      socket = "/run/postgresql";
      user = "git";
      name = "git";
    };
  };
  services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
    import common
    # renamed repo
    uri replace /cy/infra /cy/nixos-config
    reverse_proxy localhost:3000
  '';
  services.caddy.virtualHosts."git.cything.io".extraConfig = ''
    import common
    # wrap in route so things are evaluated in the order written
    route {
      # rewrite gitlab URIs to make it work with forgejo
      uri path_regexp /-/ /
      uri replace /blob/ /src/
      redir https://git.cy7.sh{uri} permanent
    }
  '';
 }
--- a/hosts/chunk/garage.nix
+++ b/hosts/chunk/garage.nix
@ -0,0 +1,43 @@
 { config, pkgs, ... }:
 {
  services.garage = {
    enable = true;
    package = pkgs.garage;
    settings = {
      data_dir = "/mnt/garage";
      s3_api = {
        s3_region = "earth";
        api_bind_addr = "[::]:3900";
        root_domain = ".s3.cy7.sh";
      };
      s3_web = {
        bind_addr = "[::]:3902";
        root_domain = ".web.s3.cy7.sh";
        index = "index.html";
      };
      admin.api_bind_addr = "[::]:3903";
      rpc_bind_addr = "[::]:3901";
      replication_factor = 1;
      db_engine = "lmdb";
    };
    environmentFile = config.sops.secrets."garage/env".path;
  };
  services.caddy.virtualHosts = {
    "s3.cy7.sh" = {
      serverAliases = [ "*.s3.cy7.sh" ];
      extraConfig = ''
        import common
        reverse_proxy localhost:3900
      '';
    };
    "*.web.s3.cy7.sh".extraConfig = ''
      import common
      reverse_proxy localhost:3902
    '';
    "admin.s3.cy7.sh".extraConfig = ''
      import common
      reverse_proxy localhost:3903
    '';
  };
 }
--- a/hosts/chunk/gitlab.nix
+++ b/hosts/chunk/gitlab.nix
@ -8,7 +8,7 @@
    group = "git";
    port = 443; # this *not* the port gitlab will run on
    puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma
-    sidekiq.concurrency = 10;
+    sidekiq.concurrency = 5;
    databaseUsername = "git"; # needs to be same as user
    initialRootEmail = "hi@cything.io";
    initialRootPasswordFile = config.sops.secrets."gitlab/root".path;
@ -24,5 +24,12 @@
      skip = [ "db" ];
      keepTime = 48; # hours
    };
    extraConfig = {
      gitlab = {
        # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database
        default_color_mode = 2;
      };
      prometheus.enabled = false;
    };
  };
 }
--- a/hosts/chunk/grafana.nix
+++ b/hosts/chunk/grafana.nix
@ -31,4 +31,9 @@
      }
    ];
  };
  services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8088
  '';
 }
--- a/hosts/chunk/hardware-configuration.nix
+++ b/hosts/chunk/hardware-configuration.nix
@ -22,10 +22,9 @@
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/persistent" = {
+  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
    fsType = "ext4";
    neededForBoot = true;
  };
  swapDevices = [ ];
--- a/hosts/chunk/hedgedoc.nix
+++ b/hosts/chunk/hedgedoc.nix
@ -16,4 +16,9 @@
      protocolUseSSL = true;
    };
  };
  services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8085
  '';
 }
--- a/hosts/chunk/immich.nix
+++ b/hosts/chunk/immich.nix
@ -95,4 +95,9 @@ in
      ${pkgs.podman}/bin/podman network create immich-net
    '';
  };
  services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:2283
  '';
 }
--- a/hosts/chunk/impermanence.nix
+++ b/hosts/chunk/impermanence.nix
@ -1,20 +0,0 @@
 {...}: {
  environment.persistence."/persistent" = {
    enable = true;
    hideMounts = true;
    directories = [
      "/var/log"
      "/opt"
      "/var/lib"
      "/root/.config/borg" # nonce
      # used a hack to disable cache
      # see https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
      "/root/.cache/borg"
      "/root/.config/sops"
    ];
    files = [
      "/etc/machine-id"
    ];
  };
 }
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@ -5,8 +5,13 @@
    adminCredentialsFile = config.sops.secrets."miniflux/env".path;
    config = {
      PORT = 8080;
-      BASE_URL = "https://rss.cything.io";
+      BASE_URL = "https://rss.cy7.sh";
      FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
    };
  };
  services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8080
  '';
 }
--- a/hosts/chunk/postgres.nix
+++ b/hosts/chunk/postgres.nix
@ -1,6 +1,5 @@
 {
  pkgs,
  lib,
  ...
 }:
 {
@ -11,13 +10,14 @@
    enableTCPIP = true;
    ensureDatabases = [
      "hedgedoc"
      "atticd"
    ];
    ensureUsers = [
      {
        name = "atticd";
        ensureDBOwnership = true;
      }
    ];
    authentication = lib.mkForce ''
      local all all trust
      host  all all 127.0.0.1/32 trust
      host  all all ::1/128 trust
      host  all all 172.18.0.0/16 trust
    '';
  };
  services.postgresqlBackup = {
    enable = true;
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -1,6 +1,7 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 {
@ -14,41 +15,46 @@
    serviceConfig = {
      Type = "notify";
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
-      ExecStart = "${pkgs.rclone}/bin/rclone mount --config ${
+      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
        config.sops.secrets."rclone/config".path
-      } --cache-dir /var/cache/rclone --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos ";
+      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos ";
-      ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/photos";
+      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos";
    };
  };
-  # systemd.services.nextcloud-mount = {
+  systemd.services.attic-mount = {
-  #   enable = true;
+    enable = true;
-  #   description = "Mount the nextcloud data remote";
+    description = "Mount the attic data remote";
-  #   after = ["network-online.target"];
+    requires = [ "network-online.target" ];
-  #   requires = ["network-online.target"];
+    after = [ "network-online.target" ];
-  #   wantedBy = ["default.target"];
+    requiredBy = [ "atticd.service" ];
-  #   serviceConfig = {
+    before = [ "atticd.service" ];
-  #     Type = "notify";
+    serviceConfig = {
-  #     ExecStartPre = "/usr/bin/env mkdir -p /mnt/nextcloud";
+      Type = "notify";
-  #     ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud";
+      ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
-  #     ExecStop = "/bin/fusermount -u /mnt/nextcloud";
+      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
-  #     EnvironmentFile = config.sops.secrets."rclone/env".path;
+        config.sops.secrets."rclone/config".path
-  #   };
+      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic ";
-  # };
+      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
    };
  };
  systemd.services.garage-mount = {
    enable = true;
    description = "Mount the garage data remote";
    requires = [ "network-online.target" ];
    after = [ "network-online.target" ];
    requiredBy = [ "garage.service" ];
    before = [ "garage.service" ];
    serviceConfig = {
      Type = "notify";
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
        config.sops.secrets."rclone/config".path
      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
    };
  };
  #   systemd.services.jellyfin-mount = {
  #     enable = true;
  #     description = "Mount the jellyfin data remote";
  #     after = ["network-online.target"];
  #     requires = ["network-online.target"];
  #     requiredBy = ["jellyfin.service"];
  #     serviceConfig = {
  #       Type = "notify";
  #       ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
  #       ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
  #       ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
  #       EnvironmentFile = config.sops.secrets."rclone/env".path;
  #     };
  #   };
  programs.fuse.userAllowOther = true;
 }
--- a/hosts/chunk/redlib.nix
+++ b/hosts/chunk/redlib.nix
@ -10,4 +10,9 @@
      REDLIB_ROBOTS_DISABLE_INDEXING = "on";
    };
  };
  services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8087
  '';
 }
--- a/hosts/chunk/tailscale.nix
+++ b/hosts/chunk/tailscale.nix
@ -0,0 +1,13 @@
 { config, ... }:
 {
  services.tailscale = {
    enable = true;
    authKeyFile = config.sops.secrets."tailscale/auth".path;
    extraUpFlags = [
      "--advertise-exit-node"
      "--accept-dns=false"
    ];
    useRoutingFeatures = "server";
    openFirewall = true;
  };
 }
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@ -10,4 +10,9 @@
      DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
    };
  };
  services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8081
  '';
 }
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -1,10 +1,29 @@
-{ ... }:
+{ inputs, ... }:
 {
  nix = {
    settings = {
      experimental-features = "nix-command flakes";
      auto-optimise-store = true;
      flake-registry = "";
      trusted-users = [
        "root"
        "@wheel"
      ];
      trusted-public-keys = [
        "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
        "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
        "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
      ];
      substituters = [
        "https://aseipp-nix-cache.global.ssl.fastly.net"
        "https://cache.cything.io/central"
        "https://niri.cachix.org"
        "https://nix-community.cachix.org"
        "https://cache.garnix.io"
        "https://cything.cachix.org"
      ];
    };
    channel.enable = false;
    optimise = {
@ -17,9 +36,20 @@
      persistent = true;
      options = "--delete-older-than 14d";
    };
    extraOptions = ''
      builders-use-substitutes = true
    '';
    registry.nixpkgs.flake = inputs.nixpkgs;
  };
  time.timeZone = "America/Toronto";
  networking.firewall.logRefusedConnections = false;
  networking.nameservers = [
    # quad9
    "2620:fe::fe"
    "2620:fe::9"
    "9.9.9.9"
    "149.112.112.112"
  ];
  # this is true by default and mutually exclusive with
  # programs.nix-index
--- a/hosts/titan/Caddyfile
+++ b/hosts/titan/Caddyfile
@ -13,12 +13,16 @@
 cything.io {
  import common
  reverse_proxy localhost:8084
  header /.well-known/matrix/* Content-Type application/json
  header /.well-known/matrix/* Access-Control-Allow-Origin *
-  respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"}
+  header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD
-  respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}}
+  header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept
  route {
    respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"}
    respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}}
    redir https://cy7.sh/posts{uri} permanent
  }
 }
 www.cything.io {
--- a/hosts/titan/default.nix
+++ b/hosts/titan/default.nix
@ -30,7 +30,7 @@
      sopsFile = ../../secrets/borg/titan.yaml;
    };
    "rsyncnet/id_ed25519" = {
-      sopsFile = ../../secrets/de3911/titan.yaml;
+      sopsFile = ../../secrets/zh5061/titan.yaml;
    };
  };
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -1,7 +1,6 @@
 {
  config,
  pkgs,
  inputs,
  lib,
  ...
 }:
@ -10,12 +9,7 @@
    ./hardware-configuration.nix
    ../common.nix
    ../zsh.nix
-    {
+    ./tailscale.nix
      disabledModules = [
        "services/backup/btrbk.nix"
      ];
    }
    (inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix")
  ];
  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -33,12 +27,23 @@
      sopsFile = ../../secrets/wireguard/yt.yaml;
    };
    "rsyncnet/id_ed25519" = {
-      sopsFile = ../../secrets/de3911/yt.yaml;
+      sopsFile = ../../secrets/zh5061/yt.yaml;
    };
    "newsboat/miniflux" = {
      sopsFile = ../../secrets/newsboat.yaml;
      owner = "yt";
    };
    "tailscale/auth" = {
      sopsFile = ../../secrets/services/tailscale.yaml;
    };
    "aws/key_id" = {
      sopsFile = ../../secrets/yt/aws.yaml;
      owner = "yt";
    };
    "aws/key_secret" = {
      sopsFile = ../../secrets/yt/aws.yaml;
      owner = "yt";
    };
  };
  boot = {
@ -48,7 +53,7 @@
      efi.canTouchEfiVariables = false; # toggle when installing
    };
    tmp.cleanOnBoot = true;
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxKernel.packages.linux_zen;
    extraModulePackages = with config.boot.kernelPackages; [
      rtl8821ce
    ];
@ -65,6 +70,7 @@
      pkiBundle = "/var/lib/sbctl";
    };
    kernel.sysctl."kernel.sysrq" = 1;
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };
  networking = {
@ -84,10 +90,6 @@
      dns = "none";
      wifi.backend = "iwd";
    };
    nameservers = [
      "31.59.129.225"
      "2a0f:85c1:840:2bfb::1"
    ];
    resolvconf.enable = true;
    firewall = {
      allowedUDPPorts = [ 51820 ]; # for wireguard
@ -139,6 +141,7 @@
    "wheel"
    "libvirtd"
    "docker"
    "disk"
  ];
  environment.systemPackages = with pkgs; [
@ -171,6 +174,8 @@
    haskell-language-server
    ghc
    sbctl # secure boot
    wine-wayland
    wine64
  ];
  environment.sessionVariables = {
@ -179,12 +184,17 @@
  system.stateVersion = "24.05";
  services.gnome.gnome-keyring.enable = true;
  programs.gnupg.agent.enable = true;
  services.displayManager = {
    enable = true;
    autoLogin.user = "yt";
    defaultSession = "plasma";
    sddm = {
      enable = true;
      wayland.enable = true;
      autoNumlock = true;
    };
  };
  fonts.packages = with pkgs; [
@ -200,11 +210,6 @@
  };
  services.blueman.enable = true;
  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
  };
  my.backup = {
    enable = true;
    jobName = "ytnixRsync";
@ -223,15 +228,15 @@
  services.btrbk.instances.local = {
    onCalendar = "hourly";
    # only create snapshots automatically. backups are triggered manually with `btrbk resume`
    snapshotOnly = true;
    settings = {
-      # only create snapshots automatically. backups are triggered manually with `btrbk resume`
+      snapshot_preserve_min = "latest";
      snapshot_preserve = "7d";
      snapshot_preserve_min = "2d";
      target_preserve = "*d";
      target_preserve_min = "no";
      target = "/mnt/external/btr_backup/ytnix";
      stream_compress = "zstd";
      stream_compress_level = "8";
      snapshot_dir = "/snapshots";
      subvolume = {
        "/home" = { };
@ -279,12 +284,56 @@
  programs.virt-manager.enable = true;
  services.usbmuxd.enable = true;
-  programs.nix-ld.enable = true;
+  programs.nix-ld.dev = {
    enable = true;
    # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./<binary>
    libraries = with pkgs; [
      mesa
      extest
      stdenv.cc.cc
      libGL
      fontconfig
      libxkbcommon
      zlib
      libxml2
      dbus
      freetype
      egl-wayland
      waylandpp
      cairo
      xcb-util-cursor
      libplist
      p11-kit
      kdePackages.qtwayland
      qt6.qtwayland
      libsForQt5.qt5.qtwayland
      xorg.libX11
      xorg.libxcb
      xorg.xcbutilwm
      xorg.xcbutilimage
      xorg.xcbutilkeysyms
      xorg.xcbutilrenderutil
      xorg.libXScrnSaver
      xorg.libXcomposite
      xorg.libXcursor
      xorg.libXdamage
      xorg.libXext
      xorg.libXfixes
      xorg.libXi
      xorg.libXrandr
      xorg.libXrender
      xorg.libXtst
      xorg.libxkbfile
      xorg.libxshmfence
    ];
  };
  programs.evolution.enable = true;
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    xdgOpenUsePortal = true;
    extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ];
  };
  programs.obs-studio = {
@ -327,4 +376,23 @@
  };
  services.trezord.enable = true;
  programs.niri.enable = true;
  programs.niri.package = pkgs.niri-unstable;
  programs.xwayland.enable = true;
  services.udev.extraHwdb = ''
    SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
  '';
  programs.ssh = {
    askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
    startAgent = true;
    enableAskPassword = true;
  };
  services.desktopManager.plasma6 = {
    enable = true;
    enableQt5Integration = true;
  };
 }
--- a/hosts/ytnix/tailscale.nix
+++ b/hosts/ytnix/tailscale.nix
@ -0,0 +1,13 @@
 { config, ... }:
 {
  services.tailscale = {
    enable = true;
    authKeyFile = config.sops.secrets."tailscale/auth".path;
    openFirewall = true;
    useRoutingFeatures = "client";
    extraUpFlags = [
      "--exit-node=100.122.132.30"
      "--accept-dns=false"
    ];
  };
 }
--- a/18
+++ b/18
@ -0,0 +1,18 @@
 update:
    git branch -D update || true
    git switch -c update
    nix flake update
    git add flake.lock
    git commit -s -m "flake update"
    git push -f
    git switch main
 upgrade:
    git switch update
    sudo nixos-rebuild switch -L --flake . --use-substitutes
    nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes
    nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes
    home-manager -L switch --flake .
    git switch main
    git merge update
    git branch -d update
--- a/modules/backup.nix
+++ b/modules/backup.nix
@ -2,7 +2,6 @@
  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 let
@ -31,13 +30,6 @@ let
  ];
 in
 {
  imports = [
    {
      disabledModules = [ "services/backup/borgbackup.nix" ];
    }
    (inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
  ];
  options.my.backup = {
    enable = lib.mkEnableOption "backup";
    paths = lib.mkOption {
@ -52,7 +44,7 @@ in
    };
    repo = lib.mkOption {
      type = lib.types.str;
-      description = "Borg repository to backup to. This is appended to `de3911@de3911.rsync.net:borg/`.";
+      description = "Borg repository to backup to. This is appended to `zh5061@zh5061.rsync.net:borg/`.";
    };
    startAt = lib.mkOption {
      type = lib.types.str;
@ -76,7 +68,7 @@ in
  config = lib.mkIf cfg.enable {
    programs.ssh.knownHostsFiles = [
      (pkgs.writeText "rsyncnet-keys" ''
-        de3911.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo
+        zh5061.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
      '')
    ]; # needs to be a list
@ -87,7 +79,7 @@ in
      persistentTimer = true;
      paths = defaultPaths ++ cfg.paths;
      exclude = defaultExclude ++ cfg.exclude;
-      repo = "de3911@de3911.rsync.net:borg/" + cfg.repo;
+      repo = "zh5061@zh5061.rsync.net:borg/" + cfg.repo;
      encryption = {
        mode = "repokey-blake2";
        passCommand = "cat ${cfg.passFile}";
@ -96,6 +88,7 @@ in
        BORG_RSH = "ssh -i ${cfg.sshKeyFile}";
        BORG_REMOTE_PATH = "borg1";
        BORG_EXIT_CODES = "modern";
        BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
      };
      compression = "auto,zstd,8";
      extraCreateArgs = [
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -0,0 +1,40 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.caddy;
 in
 {
  options.my.caddy = {
    enable = lib.mkEnableOption "caddy reverse proxy";
  };
  config = lib.mkIf cfg.enable {
    services.caddy = {
      enable = true;
      package = pkgs.caddy.withPlugins {
        plugins = [
          # error message will tell you the correct version tag to use
          # (still need the @ to pass nix config check)
          "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
        ];
        hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
      };
      logFormat = lib.mkForce "level INFO";
      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
      extraConfig = ''
        (common) {
          encode zstd gzip
          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
        }
      '';
      globalConfig = ''
        acme_dns cloudflare {$CLOUDFLARE_KEY}
      '';
      environmentFile = config.sops.secrets."caddy/env".path;
    };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -2,5 +2,6 @@
 {
  imports = [
    ./backup.nix
    ./caddy.nix
  ];
 }
--- a/overlay/attic/default.nix
+++ b/overlay/attic/default.nix
@ -0,0 +1,23 @@
 final: prev: {
  attic-client = prev.attic-client.override (old: {
    rustPlatform = old.rustPlatform // {
      buildRustPackage =
        args:
        old.rustPlatform.buildRustPackage (
          args
          // {
            version = "0.1.1";
            src = final.fetchFromGitHub {
              owner = "cything";
              repo = "attic";
              rev = "d660c85bdb6bb10499a23a846a13107ea0c72769";
              hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg=";
            };
            cargoLock = null;
            cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
            useFetchCargoVendor = true;
          }
        );
    };
  });
 }
--- a/overlay/conduwuit/default.nix
+++ b/overlay/conduwuit/default.nix
@ -0,0 +1,44 @@
 final: prev:
 let
  newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
  newRustPlatform = final.makeRustPlatform {
    cargo = newRust;
    rustc = newRust;
  };
 in
 {
  conduwuit = prev.conduwuit.override (old: {
    rustPlatform = newRustPlatform // {
      buildRustPackage =
        args:
        newRustPlatform.buildRustPackage (
          args
          // {
            version = "0.5.0-rc2";
            src = final.fetchFromGitHub {
              owner = "girlbossceo";
              repo = "conduwuit";
              rev = "5b8464252c2c03edf65e43153be026dbb768a12a";
              hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=";
            };
            doCheck = false;
            cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80=";
            # unstable has this set to "conduit"
            meta.mainProgram = "conduwuit";
            buildFeatures = [
              "brotli_compression"
              "element_hacks"
              "gzip_compression"
              "release_max_log_level" # without this feature to enable debug logging
              "sentry_telemetry"
              "systemd"
              "zstd_compression"
              "jemalloc"
              "io_uring"
            ];
          }
        );
    };
  });
 }
--- a/overlay/conduwuit/rust-toolchain.toml
+++ b/overlay/conduwuit/rust-toolchain.toml
@ -0,0 +1,28 @@
 # This is the authoritiative configuration of this project's Rust toolchain.
 #
 # Other files that need upkeep when this changes:
 #
 # * `Cargo.toml`
 # * `flake.nix`
 #
 # Search in those files for `rust-toolchain.toml` to find the relevant places.
 # If you're having trouble making the relevant changes, bug a maintainer.
 [toolchain]
 channel = "1.84.0"
 profile = "minimal"
 components = [
    # For rust-analyzer
    "rust-src",
    "rust-analyzer",
    # For CI and editors
    "rustfmt",
    "clippy",
 ]
 targets = [
    #"x86_64-apple-darwin",
    "x86_64-unknown-linux-gnu",
    "x86_64-unknown-linux-musl",
    "aarch64-unknown-linux-musl",
    #"aarch64-apple-darwin",
 ]
--- a/overlay/default.nix
+++ b/overlay/default.nix
@ -0,0 +1,9 @@
 let
  overlays = [
    ./conduwuit
    ./attic
    ./vscode.nix
  ];
  importedOverlays = map (m: import m) overlays;
 in
 importedOverlays
--- a/overlay/vscode.nix
+++ b/overlay/vscode.nix
@ -0,0 +1,14 @@
 final: prev: {
  vscode-extensions = prev.vscode-extensions // {
    github = prev.vscode-extensions.github // {
      codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension {
        mktplcRef = {
          publisher = "github";
          name = "codespaces";
          version = "1.17.3";
          hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w=";
        };
      };
    };
  };
 }
--- a/secrets/rclone.yaml
+++ b/secrets/rclone.yaml
@ -1,5 +1,5 @@
 rclone:
-    config: ENC[AES256_GCM,data:mvbvhlePt87lZl5AWyq5l0hwop4wHdY5pY82EMyzz+KtW7DKmi/3txVuNJ/GjcDWIY9HxklDDrIbN/r+prVvl/OEquHg+YLn/0w7njWDsqIEO+GwDCUBAaZqZtc94LVkI4SYXuE1Jl5wyWy0qaqkvR3kd91bC5ABoTKXnr2yxiTIIH9M2QyXMYy2/zDI3Ux6t5+vO6kze/d1kVmxpzzNyYrPDflQgR4o94P0hDAsnOJa2MW9S10mIsOU5h61IuILm5XHWgTAgNiyEGVA/nFOsu1Ny8bUXCcWtwWNZkNmkkL7lgIpnzbm09DmKWHn18I9+nyWaYxmuKn/g9rxPPBduzg77CHyLtQv55ZI+5hsZrkPHKfoMqJrjkz3zCU/XplCrR21cHVM1Yo1LRDWcCrIzmNQiqTzBHY0QGuLPqdYtG3mcLrwwuBE8uvQt3YJ7FQHuq8vERHsq/PHBigndstGvXpfkQmn33/tAZCBPvZEKHakJ9bFyol/lPm+sbOIAaCqf0FFDSL5l3m0PiUHfZRPTS8bm+rTNPfQBclFGbwmNmvofxsCcbnJEZpqRBK38tMOp08cBjcKGyyb21Wpy8Qx1igWOVb71Rn13VfCdYFO4JoLVAX1r9uI8b3kW4qOMYY66iEnBCLbgK+81Dk+bzy+ilWQQiTYuW/lo+Dx4vPoLfIwVmgo3ooY282t0huxCi2edjq9llo+NOd63o8yNKhbAJlBPAigqAA53aqndLUka17CwXKKhT+k+zChu/ZlkQ6viPo6HJq+1rymYoK4KUrjTvXiAr+8eYpT/qJ2tTK7rCysFZhGuRlwP1Xk5z0=,iv:WXPH8jBHdqM2TL8xtFmvvXujmaNYR6AKlyJgfYVRf44=,tag:60WucstY5TAq+B8GrIOQfA==,type:str]
+    config: ENC[AES256_GCM,data:/GFMFowcU2940P3n/4qQEmAflNyn/s7kujrv1SmStpsVfoiqklD0aB77wh2n7nxzL+Yg98e+L1MADSUTkc1e1uAfc6NwhB62HzKuEvZwCCRs/WZas8ZMuB5cVQUtxl1kRoqLWVxUaaVQU/qsjEFj4uA/dnOe/PSR9DYOnAA7PiHFFP4rtD0/tfhsdjNUiKY62n/yVDRTNJmQ7f14jR2OPby65Xu6Upi77XvOeFDy6LMyOcAH8UF9QTw5+4r5nosOA+H9SFc4Y+BAVnboBi7McrLYtz9SAiaYFQAqT4/nbNSSfvdnvuMSNMxpW88L/UnRxtEHfAYCEyUQD+GaDIEt2vSRQLWHJB6znMxnMXi5U/S9gCP7/NdcSvCh9SkrnHmRW9dQg3euGkuaVkpiYQoORyzk7RrxjFOKHCpU4gaaLD6FBrkkJHY8zDL/176aZKBgIpFaHlQN/TVwEByVDEUfEZ4Z+Af528rBjZ/W8gV9kgYzBECQ8Mgw5/HVSwO1fvVuFQedV5pz/TxIrd9V1t1W8XDN9UYgnfctQDch2oQMA1iCVuV2Mm7I8Ew4ikNeCy5qBgBq3MfDSlpCmqeiqSuCR1V0O7FeyWgV46cm+ORVCgkAvYUH9xy8ARYEVRjK1aogjFwc+e8GhK976fvI1Lt9aE6c87AdJd58kP/LiS0So6d4VWfTZUNX1sdpZA7y2G5oSu7PRGfR94unzqzmRhbMPACvKnoLPUnod8Sw93vLu7y+QGI9zl4oICPT8GF8k1kfVdqGLWjB5i91RAJInbpkG3jeHciE3I7RC2gVNufdEmkpRx2bt7kLw30ede0=,iv:V+Kd3HRD6kfM8TTjBbmc/uQbo2iafDV5u6FtnhFSTQs=,tag:e9WX+hD2UNvnsQhCuMebUA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -33,8 +33,8 @@ sops:
            aExPM3ZCL0kvMWpZZlFuTGMvU0pQNEEKTxkA30B3nPOO1Q0ZRiZZKicqvEpJoOL5
            B/PchzkTvSbjPGz55r+Qq3oTHTQ4bwxpZ7T1hMyMcXhws+oftol5/g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-30T21:01:01Z"
+    lastmodified: "2025-01-06T23:47:39Z"
-    mac: ENC[AES256_GCM,data:K9HJyxbipXb9oAiJQH+pm8hwQd6TqkJbOflFJDO1AoejYeJB5qyeGYmEgQ2l4sBmKrGetiyG5+qOaAPrKZoLeqtwyM8SxnLDUQ8dQLzEHnHGixlilkLyI4AxlznvkfVvcSjOfughVb2G4N5xIcaIWLT1+zAiweb7hoB55LGOSG8=,iv:xt1DXi4ZhIBPO9o5m4Uf8Z6B7SmbU3FGuvp5t+WgJns=,tag:WFACS8fCHOvNBAWXHZoD6A==,type:str]
+    mac: ENC[AES256_GCM,data:Yg/CiK3pZL+RPYHFVIMZj4pmDzenOpYj8slK/XL28+5IdQ/BBIETXgCz0JjN7p7li2sYGMnKv5DDa6NhCYOGhexmTxKzumAAjYNLrZamDaDBxXs+FnN6cBxytM2eEc+GFBazl0nEPPBulZNoDsFK1TpIFnMAClVjRe1y37cNXXQ=,iv:Rlxci8NVLzF9yDro30mDkymyiv30slcLKYCMIZv3y+o=,tag:a+m9ZcA/ttxiR/JXUPLfSQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/secrets/services/attic.yaml
+++ b/secrets/services/attic.yaml
--- a/secrets/services/caddy.yaml
+++ b/secrets/services/caddy.yaml
@ -1,5 +1,5 @@
 caddy:
-    env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str]
+    env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -33,8 +33,8 @@ sops:
            Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
            AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-17T03:25:37Z"
+    lastmodified: "2025-01-30T17:26:39Z"
-    mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str]
+    mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
--- a/secrets/services/garage.yaml
+++ b/secrets/services/garage.yaml
@ -0,0 +1,31 @@
 garage:
    env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj
            TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu
            VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53
            elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I
            IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2
            bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo
            eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa
            WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV
            7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-08T20:44:32Z"
    mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/secrets/services/tailscale.yaml
+++ b/secrets/services/tailscale.yaml
@ -0,0 +1,31 @@
 tailscale:
    auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr
            c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly
            V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx
            UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW
            1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP
            R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r
            TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3
            em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4
            kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-24T05:26:20Z"
    mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.3
--- a/secrets/yt/aws.yaml
+++ b/secrets/yt/aws.yaml
@ -0,0 +1,32 @@
 aws:
    key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str]
    key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT
            T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL
            dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R
            azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO
            HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu
            dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv
            Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0
            UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
            j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-30T17:45:09Z"
    mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/secrets/zh5061/chunk.yaml
+++ b/secrets/zh5061/chunk.yaml
--- a/secrets/zh5061/titan.yaml
+++ b/secrets/zh5061/titan.yaml
--- a/secrets/zh5061/yt.yaml
+++ b/secrets/zh5061/yt.yaml