use ghidra-bin cause debugger works

Signed-off-by: cy <cy@cy7.sh>

.sops.yaml

@@ -108,3 +108,8 @@ creation_rules:
       - age:
           - *chunk
           - *cy
+  - path_regex: secrets/yt/(.*).yaml$
+    key_groups:
+      - age:
+          - *yt
+          - *cy

flake.lock

@@ -369,11 +369,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736143030,
+        "lastModified": 1738453229,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
         "type": "github"
       },
       "original": {
@@ -562,11 +562,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738178313,
+        "lastModified": 1738448366,
-        "narHash": "sha256-/8TLf6LkXGRGERzcWMNDeXjYaHSbexmfV+ofheo7K6k=",
+        "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "420a0d9506b5dac4d86a68b9ef8e763624ad86c6",
+        "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93",
         "type": "github"
       },
       "original": {
@@ -683,11 +683,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1738174211,
+        "lastModified": 1738446528,
-        "narHash": "sha256-eYmp1mKM4kULV1W+EBtCPk6LmKWl2REivaYfGRl+AWo=",
+        "narHash": "sha256-NYL/r7EXSyYP7nXuYGvGYMI9QtztGjVaKKofBt/pCv8=",
         "ref": "refs/heads/main",
-        "rev": "64e33a7e09a0d1faacf2fd3f6ebd647fe4d8346a",
+        "rev": "a51380645f61b33d37a536b596d16c481f7b84a6",
-        "revCount": 17329,
+        "revCount": 17342,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/lix"
       },
@@ -737,11 +737,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1738156024,
+        "lastModified": 1738502867,
-        "narHash": "sha256-D3cox2cbtFauXz1skDTkJwSU0272wY6wRwiFNm5TV/c=",
+        "narHash": "sha256-92cVHcxV7j00BquLo5I4G8EwKzrq2AlHuD3AQV9r+T8=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "541920ede8b5d48f110c94d858a1ddf283eac3b9",
+        "rev": "cf0be7affb15e21727d137c029146fe7df2bc6d0",
         "type": "github"
       },
       "original": {
@@ -770,11 +770,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1738148186,
+        "lastModified": 1738479340,
-        "narHash": "sha256-Yd2xKbZ8S4LC5sxPleuutlX0RbKnI93LhciVhneNBHQ=",
+        "narHash": "sha256-sutel7RKfu9eIJsjswSzptCIvKELbXQCSldt0PtwSd0=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "1d3820a064f1f3b686eb6e8a1aab155681a96457",
+        "rev": "d5592743cb04cef3fe50c987b7ba9349c5090dbd",
         "type": "github"
       },
       "original": {
@@ -832,11 +832,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738033138,
+        "lastModified": 1738277753,
-        "narHash": "sha256-qlIM8A3bdL9c6PexhpS+QyZLO9y/8a3V75HVyJgDE5Q=",
+        "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "349a74c66c596ef97ee97b4d80a3ca61227b6120",
+        "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9",
         "type": "github"
       },
       "original": {
@@ -883,6 +883,26 @@
         "type": "github"
       }
     },
+    "nix-ld": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737361468,
+        "narHash": "sha256-+CtIrQZ22MOAOHcpg1zbhX/fVkmEc8A8lYVpXAbXElQ=",
+        "owner": "nix-community",
+        "repo": "nix-ld",
+        "rev": "7f15f8622b63b907fef137689f4528a9447d9377",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-ld",
+        "type": "github"
+      }
+    },
     "nix2container": {
       "flake": false,
       "locked": {
@@ -1045,11 +1065,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1738178544,
+        "lastModified": 1738487426,
-        "narHash": "sha256-UbM+zJFlze877N5j2YMLKYFX7t05VvmuNX2M0vJ7RfI=",
+        "narHash": "sha256-hnB0V0R/aKASnTBeTthFvW60uydv1xswWD4weqSuSfg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "975ac0ab33ee7fea64842047a96f5d679d90913c",
+        "rev": "8ed1fafea6a613d962f6a84c1153d34dc8b06d83",
         "type": "github"
       },
       "original": {
@@ -1082,11 +1102,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738184667,
+        "lastModified": 1738517265,
-        "narHash": "sha256-+pG3UJVAdVCF3nGRpy5n/tbCzGa64DCWOC8hAxnssD0=",
+        "narHash": "sha256-ZzulGUIHZhvcSHx+1ucCJkIcn27r9H+cSzCCpKxJcls=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "2f5374c3dcd06c750c36798bce6bccdf8a25bc89",
+        "rev": "56d0c4579e022b44a3e324f722fa23a6f4295798",
         "type": "github"
       },
       "original": {
@@ -1105,11 +1125,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737924095,
+        "lastModified": 1738445998,
-        "narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=",
+        "narHash": "sha256-wF2ZcRKF37re161jrXtNyjGMBDsIFtPeDvmIVfp8f7w=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18",
+        "rev": "381d84a7422a4dbfef6a9c7703dbaf42036ae1c3",
         "type": "github"
       },
       "original": {
@@ -1134,6 +1154,29 @@
         "type": "github"
       }
     },
+    "plasma-manager": {
+      "inputs": {
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736549395,
+        "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=",
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks": {
       "flake": false,
       "locked": {
@@ -1207,10 +1250,12 @@
         "lix": "lix",
         "lix-module": "lix-module",
         "niri": "niri",
+        "nix-ld": "nix-ld",
         "nixpkgs": "nixpkgs_5",
         "nixpkgs-garage": "nixpkgs-garage",
         "nixvim": "nixvim",
         "nvim-github-theme": "nvim-github-theme",
+        "plasma-manager": "plasma-manager",
         "rust-overlay": "rust-overlay",
         "sops-nix": "sops-nix",
         "treefmt": "treefmt"
@@ -1240,11 +1285,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738117527,
+        "lastModified": 1738463259,
-        "narHash": "sha256-GFviGfaezjGLFUlxdv3zyC7rSZvTXqwcG/YsF6MDkOw=",
+        "narHash": "sha256-+5QJpiRpkh1ALvKcMEpPyGwkPZfaynsYF4SFdNW5UfQ=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "6a3dc6ce4132bd57359214d986db376f2333c14d",
+        "rev": "e2bb8c205a069514535f083742c7da8dfb6e02b9",
         "type": "github"
       },
       "original": {
@@ -1260,11 +1305,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737411508,
+        "lastModified": 1738291974,
-        "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=",
+        "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4",
+        "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
         "type": "github"
       },
       "original": {

flake.nix

@@ -68,6 +68,15 @@
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-compat.follows = "flake-compat";
     };
+    nix-ld = {
+      url = "github:nix-community/nix-ld";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    plasma-manager = {
+      url = "github:nix-community/plasma-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
 
     nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR
 
@@ -136,7 +145,7 @@
 
               settings.global.excludes = [
                 "secrets/*"
-                "**/*.png" # tries to format a png file??
+                "**/*.png" # tries to format a png file
               ];
             };
           };
@@ -169,7 +178,8 @@
                     ./modules
                     inputs.lanzaboote.nixosModules.lanzaboote
                     inputs.niri.nixosModules.niri
-                    inputs.lix-module.nixosModules.default # broken
+                    inputs.lix-module.nixosModules.default
+                    inputs.nix-ld.nixosModules.nix-ld
                   ];
                 };
                 chunk = lib.nixosSystem {
@@ -213,6 +223,7 @@
                     ./home/yt/ytnix.nix
                     inputs.nixvim.homeManagerModules.nixvim
                     inputs.niri.homeModules.config
+                    inputs.plasma-manager.homeManagerModules.plasma-manager
                   ];
                 };
 

home/kitty.nix

@@ -67,4 +67,6 @@
       "kitty_mod+o>l" = "kitten hints --type linenum";
     };
   };
+
+  programs.zsh.shellAliases."ssh" = "kitten ssh";
 }

home/niri/default.nix

@@ -102,6 +102,7 @@ in
           { app-id = "com.mitchellh.ghostt"; }
           { app-id = "org.kde.okular"; }
           { app-id = "kitty"; }
+          { app-id = "VSCodium"; }
         ];
         default-column-width.proportion = .5;
       }

home/plasma.nix

@@ -0,0 +1,80 @@
+{ ... }:
+{
+  programs.plasma = {
+    enable = true;
+    overrideConfig = true;
+    immutableByDefault = true;
+    workspace = {
+      lookAndFeel = "org.ide.breezedark.desktop";
+      cursor = {
+        theme = "Bibata-Modern-Classic";
+        size = 23;
+      };
+    };
+
+    fonts = {
+      general = {
+        family = "IBM Plex Mono";
+        pointSize = 12;
+      };
+    };
+
+    input.keyboard = {
+      numlockOnStartup = "on";
+      options = [ "ctrl:nocaps" ];
+    };
+
+    # Meta key is actually the Super key in KDE
+
+    hotkeys.commands = {
+      "launch-terminal" = {
+        name = "launch terminal";
+        key = "Meta+Return";
+        command = "kitty";
+      };
+      "launch-browser" = {
+        name = "launch browser";
+        key = "Meta+B";
+        command = "librewolf";
+      };
+    };
+
+    shortcuts = {
+      kwin = {
+        "Switch Window Down" = "Meta+J";
+        "Switch Window Left" = "Meta+H";
+        "Switch Window Right" = "Meta+L";
+        "Switch Window Up" = "Meta+K";
+        "Window Quick Tile Down" = "Meta+Shift+J";
+        "Window Quick Tile Left" = "Meta+Shift+H";
+        "Window Quick Tile Right" = "Meta+Shift+L";
+        "Window Quick Tile Up" = "Meta+Shift+K";
+        "Window Close" = "Meta+Ctrl+Q";
+        "Window Maximize" = "Meta+W";
+        "Window Minimize" = "Meta+Shift+-";
+        "Window Fullscreen" = "Meta+F";
+        "Window Shrink Horizontal" = "Meta+-";
+      };
+
+      ksmserver = {
+        "Lock Session" = [
+          "Screensaver"
+          "Meta+Ctrl+L"
+        ];
+      };
+    };
+
+    configFile = {
+      # save RAM
+      baloofilerc."Basic Settings"."Indexing-Enabled" = false;
+    };
+
+    # looks like KDE overrides services.logind settings
+    powerdevil.AC = {
+      whenLaptopLidClosed = "hibernate";
+    };
+    powerdevil.battery = {
+      whenLaptopLidClosed = "hibernate";
+    };
+  };
+}

home/vscode.nix

@@ -11,7 +11,8 @@
       jnoortheen.nix-ide
       editorconfig.editorconfig
       github.github-vscode-theme
-      github.codespaces
+      github.copilot
+      rust-lang.rust-analyzer
     ];
     userSettings = {
       "workbench.colorTheme" = "GitHub Dark Default";

home/yt/ytnix.nix

@@ -1,5 +1,6 @@
 {
   pkgs,
+  lib,
   ...
 }:
 {
@@ -10,6 +11,7 @@
     ../irssi.nix
     ../kitty.nix
     ../vscode.nix
+    ../plasma.nix
   ];
   home = {
     username = "yt";
@@ -20,24 +22,27 @@
 
   systemd.user.startServices = "sd-switch";
 
-  qt = {
+  # keep this commented when using plasma
-    enable = true;
+  # otherwise "system settings" in KDE will not function
-    platformTheme.name = "kde";
+  # qt = {
-    style.name = "breeze-dark";
+  #   enable = true;
-    style.package = pkgs.kdePackages.breeze;
+  #   platformTheme.name = "kde";
-  };
+  #   style.name = "breeze-dark";
+  #   style.package = pkgs.kdePackages.breeze;
+  # };
 
-  gtk = {
+  # this one too
-    enable = true;
+  # gtk = {
-    theme = {
+  #   enable = true;
-      package = pkgs.adw-gtk3;
+  #   theme = {
-      name = "adw-gtk3-dark";
+  #     package = pkgs.adw-gtk3;
-    };
+  #     name = "adw-gtk3-dark";
-    iconTheme = {
+  #   };
-      package = pkgs.adwaita-icon-theme;
+  #   iconTheme = {
-      name = "Adwaita";
+  #     package = pkgs.adwaita-icon-theme;
-    };
+  #     name = "Adwaita";
-  };
+  #   };
+  # };
 
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
@@ -106,8 +111,19 @@
     nixpkgs-review
     just
     hugo
-    ghidra
+    ghidra-bin
     sequoia
+    sccache
+    awscli2
+    lldb
+    (cutter.withPlugins (p: with p; [
+      rz-ghidra
+      jsdec
+      sigdb
+    ]))
+    ida-free
+    patchelf
+    radare2
   ];
 
   programs.waybar.enable = true;
@@ -145,8 +161,6 @@
     '';
   };
 
-  services.gnome-keyring.enable = true;
-
   programs.direnv = {
     enable = true;
     nix-direnv.enable = true;
@@ -164,5 +178,19 @@
   home.sessionVariables = {
     # to make ghidra work on xwayland
     _JAVA_AWT_WM_NONREPARENTING = 1;
+
+    # sccache stuff
+    RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
+    SCCACHE_BUCKET = "sccache";
+    SCCACHE_REGION = "earth";
+    SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
+    SCCACHE_ALLOW_CORE_DUMPS = "true";
+    SCCACHE_S3_USE_SSL = "true";
+    SCCACHE_CACHE_MULTIARCH = "true";
+    SCCACHE_LOG_LEVEL = "warn";
+    AWS_DEFAULT_REGION = "earth";
+    AWS_ENDPOINT_URL = "https://s3.cy7.sh";
+    AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
+    AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
   };
 }

home/zsh/default.nix

@@ -89,8 +89,8 @@
       "ga" = "git add";
       "gaa" = "git add --all";
       "gb" = "git branch";
-      "gc" = "git commit --verbose -s";
+      "gc" = "git commit --verbose";
-      "gcmsg" = "git commit -s --message";
+      "gcmsg" = "git commit --message";
       "gd" = "git diff";
       "gdca" = "git diff --cached";
       "gds" = "git diff --staged";

hosts/chunk/default.nix

@@ -1,6 +1,4 @@
 {
-  config,
-  lib,
   pkgs,
   ...
 }:
@@ -206,6 +204,4 @@
   };
   virtualisation.oci-containers.backend = "podman";
   environment.enableAllTerminfo = true;
-
-  my.soju.enable = true;
 }

hosts/chunk/forgejo.nix

@@ -33,6 +33,10 @@
 
   services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
     import common
+
+    # renamed repo
+    uri replace /cy/infra /cy/nixos-config
+
     reverse_proxy localhost:3000
   '';
   services.caddy.virtualHosts."git.cything.io".extraConfig = ''

hosts/chunk/garage.nix

@@ -8,6 +8,12 @@
       s3_api = {
         s3_region = "earth";
         api_bind_addr = "[::]:3900";
+        root_domain = ".s3.cy7.sh";
+      };
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = ".web.s3.cy7.sh";
+        index = "index.html";
       };
       admin.api_bind_addr = "[::]:3903";
       rpc_bind_addr = "[::]:3901";
@@ -17,8 +23,21 @@
     environmentFile = config.sops.secrets."garage/env".path;
   };
 
-  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
+  services.caddy.virtualHosts = {
+    "s3.cy7.sh" = {
+      serverAliases = [ "*.s3.cy7.sh" ];
+      extraConfig = ''
         import common
         reverse_proxy localhost:3900
       '';
+    };
+    "*.web.s3.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy localhost:3902
+    '';
+    "admin.s3.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy localhost:3903
+    '';
+  };
 }

hosts/ytnix/default.nix

@@ -36,6 +36,14 @@
     "tailscale/auth" = {
       sopsFile = ../../secrets/services/tailscale.yaml;
     };
+    "aws/key_id" = {
+      sopsFile = ../../secrets/yt/aws.yaml;
+      owner = "yt";
+    };
+    "aws/key_secret" = {
+      sopsFile = ../../secrets/yt/aws.yaml;
+      owner = "yt";
+    };
   };
 
   boot = {
@@ -166,6 +174,8 @@
     haskell-language-server
     ghc
     sbctl # secure boot
+    wine-wayland
+    wine64
   ];
 
   environment.sessionVariables = {
@@ -179,6 +189,12 @@
   services.displayManager = {
     enable = true;
     autoLogin.user = "yt";
+    defaultSession = "plasma";
+    sddm = {
+      enable = true;
+      wayland.enable = true;
+      autoNumlock = true;
+    };
   };
 
   fonts.packages = with pkgs; [
@@ -268,12 +284,56 @@
   programs.virt-manager.enable = true;
 
   services.usbmuxd.enable = true;
-  programs.nix-ld.enable = true;
+  programs.nix-ld.dev = {
+    enable = true;
+    # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./<binary>
+    libraries = with pkgs; [
+      mesa
+      extest
+      stdenv.cc.cc
+      libGL
+      fontconfig
+      libxkbcommon
+      zlib
+      libxml2
+      dbus
+      freetype
+      egl-wayland
+      waylandpp
+      cairo
+      xcb-util-cursor
+      libplist
+      p11-kit
+      kdePackages.qtwayland
+      qt6.qtwayland
+      libsForQt5.qt5.qtwayland
+      xorg.libX11
+      xorg.libxcb
+      xorg.xcbutilwm
+      xorg.xcbutilimage
+      xorg.xcbutilkeysyms
+      xorg.xcbutilrenderutil
+      xorg.libXScrnSaver
+      xorg.libXcomposite
+      xorg.libXcursor
+      xorg.libXdamage
+      xorg.libXext
+      xorg.libXfixes
+      xorg.libXi
+      xorg.libXrandr
+      xorg.libXrender
+      xorg.libXtst
+      xorg.libxkbfile
+      xorg.libxshmfence
+    ];
+  };
   programs.evolution.enable = true;
 
   xdg.portal = {
     enable = true;
     wlr.enable = true;
+    xdgOpenUsePortal = true;
+    extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ];
   };
 
   programs.obs-studio = {
@@ -330,4 +390,9 @@
     startAgent = true;
     enableAskPassword = true;
   };
+
+  services.desktopManager.plasma6 = {
+    enable = true;
+    enableQt5Integration = true;
+  };
 }

modules/caddy.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 let
@@ -14,6 +15,14 @@ in
   config = lib.mkIf cfg.enable {
     services.caddy = {
       enable = true;
+      package = pkgs.caddy.withPlugins {
+        plugins = [
+          # error message will tell you the correct version tag to use
+          # (still need the @ to pass nix config check)
+          "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
+        ];
+        hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
+      };
       logFormat = lib.mkForce "level INFO";
       acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
       extraConfig = ''
@@ -22,6 +31,10 @@ in
           header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
         }
       '';
+      globalConfig = ''
+        acme_dns cloudflare {$CLOUDFLARE_KEY}
+      '';
+      environmentFile = config.sops.secrets."caddy/env".path;
     };
   };
 }

modules/default.nix

@@ -3,6 +3,5 @@
   imports = [
     ./backup.nix
     ./caddy.nix
-    ./soju.nix
   ];
 }

modules/soju.nix

@@ -1,23 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.soju;
-in
-{
-  options.my.soju = {
-    enable = lib.mkEnableOption "soju";
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.soju = {
-      enable = true;
-      # should be fine since caddy will provide TLS
-      listen = [ "irc+insecure://127.0.0.1:6667" ];
-      hostName = "soju.cy7.sh";
-    };
-
-    services.caddy.virtualHosts."soju.cy7.sh".extraConfig = ''
-      import common
-      reverse_proxy 127.0.0.1:6667
-    '';
-  };
-}

secrets/services/caddy.yaml

@@ -1,5 +1,5 @@
 caddy:
-    env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str]
+    env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +33,8 @@ sops:
             Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
             AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-17T03:25:37Z"
+    lastmodified: "2025-01-30T17:26:39Z"
-    mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str]
+    mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4

secrets/yt/aws.yaml

@@ -0,0 +1,32 @@
+aws:
+    key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str]
+    key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT
+            T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL
+            dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R
+            azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO
+            HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu
+            dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv
+            Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0
+            UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
+            j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-30T17:45:09Z"
+    mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4