flake.lock

@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754091436,
+        "lastModified": 1749398372,
-        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
+        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
+        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
         "type": "github"
       },
       "original": {
@@ -228,11 +228,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753592768,
+        "lastModified": 1752544374,
-        "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
+        "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fc3add429f21450359369af74c2375cb34a2d204",
+        "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e",
         "type": "github"
       },
       "original": {
@@ -300,11 +300,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1754744872,
+        "lastModified": 1752659960,
-        "narHash": "sha256-rcMHMs+dFWaDXev092gfxTfxHEWcUY/6SRV+cseNevQ=",
+        "narHash": "sha256-AP/Gds8b1hhU50prgLjYSv5qpy9D8E6Xre/r/gb3K8M=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "346fc31bcc4d2dbcc3e8ce8dbb622e4255ff54b7",
+        "rev": "8e3f7bbada0cf637d23de4200c6e1a5a157de9cc",
         "type": "github"
       },
       "original": {
@@ -333,11 +333,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1754742008,
+        "lastModified": 1752656275,
-        "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=",
+        "narHash": "sha256-tTRMyGxqHF5IkYcnvHbwCgRBRUBhvRapxtuUfrN/8Ic=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39",
+        "rev": "7b065f8618f63b7cf761ebe05a2cebd556113a6c",
         "type": "github"
       },
       "original": {
@@ -364,11 +364,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1754689972,
+        "lastModified": 1752436162,
-        "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=",
+        "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a",
+        "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
         "type": "github"
       },
       "original": {
@@ -380,11 +380,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1754689972,
+        "lastModified": 1752436162,
-        "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=",
+        "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a",
+        "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
         "type": "github"
       },
       "original": {
@@ -395,11 +395,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1754214453,
+        "lastModified": 1751984180,
-        "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=",
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
         "type": "github"
       },
       "original": {
@@ -419,11 +419,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1754262585,
+        "lastModified": 1752010420,
-        "narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=",
+        "narHash": "sha256-fboKrq2WeEC2Y4LaZNiiH2dptUYHtSbYhzE0FTN/u+M=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256",
+        "rev": "a11133507a930dfd235324cdf776bdb5e6ddd717",
         "type": "github"
       },
       "original": {
@@ -469,11 +469,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753771532,
+        "lastModified": 1749730855,
-        "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=",
+        "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "2a65adaf2c0c428efb0f4a2bc406aab466e96a06",
+        "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742",
         "type": "github"
       },
       "original": {
@@ -502,11 +502,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754328224,
+        "lastModified": 1752544651,
-        "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=",
+        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4",
+        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
         "type": "github"
       },
       "original": {
@@ -536,11 +536,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1754599117,
+        "lastModified": 1752599753,
-        "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=",
+        "narHash": "sha256-8ppgjqbFc/697OXgMntMhk+kAQF4BHBog73oP6Xds8Y=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "312dec38b2231b21f36903d1bdce96daa11548ff",
+        "rev": "a35db84c7568c75f3ec665fdcd962cc9c52b6c0a",
         "type": "github"
       },
       "original": {
@@ -718,11 +718,11 @@
     "xwayland-satellite-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1754533920,
+        "lastModified": 1752338000,
-        "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=",
+        "narHash": "sha256-Fxlp/yKtynug0jyuauAmvZU2SzHCfwlwWf85j+IvQ0U=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c",
+        "rev": "ba78881a68182ce338041846164cbfed0d70935c",
         "type": "github"
       },
       "original": {
@@ -736,11 +736,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1754540523,
+        "lastModified": 1752293576,
-        "narHash": "sha256-Wgv2qVckt8q11/xErY7hYdLAPcoOnZ0BkMLqyXegCzQ=",
+        "narHash": "sha256-84tAzrC/kioWRmG0jLt1HWRP/wHON7zjLtXCwWRNI/g=",
         "owner": "youwen5",
         "repo": "zen-browser-flake",
-        "rev": "451454de40a4433174153e823994fe2ecd3c869e",
+        "rev": "1a40cdcb093a0025631ef692caa53130f821dd77",
         "type": "github"
       },
       "original": {

flake.nix

@@ -84,7 +84,6 @@
       alpine = mkConf {
         nixos-modules = [
           ./hardware/alpine.nix
-          ./nixos/services/fail2ban.nix
           ./nixos/services/anki.nix
           ./nixos/services/forgejo.nix
           ./nixos/services/vaultwarden.nix

home/default.nix

@@ -6,6 +6,7 @@
 }: {
   imports = [
     ./programs/neovim/.
+    ./programs/helix.nix
     ./programs/git.nix
     ./programs/lf/.
     ./programs/zsh.nix

home/desktop/niri/default.nix

@@ -59,24 +59,6 @@
         NIXOS_OZONE_WL = "1";
         DISPLAY = ":1";
       };
-      outputs."DP-3" = {
-        mode = {
-          width = 1920;
-          height = 1080;
-          refresh = 143.855;
-        };
-        variable-refresh-rate = true;
-        scale = 1.0;
-      };
-      outputs."HDMI-A-1" = {
-        mode = {
-          width = 3840;
-          height = 2160;
-          refresh = 120.0;
-        };
-        variable-refresh-rate = true;
-        scale = 2.5;
-      };
       binds = with config.lib.niri.actions; {
         "Mod+Return".action.spawn = [(lib.getExe config.programs.terminal)];
         "Mod+O".action.spawn = [(lib.getExe pkgs.cosmic-files)];

home/programs/graphical.nix

@@ -1,11 +1,7 @@
-{
+{pkgs, inputs, user, ...}: {
-  pkgs,
-  inputs,
-  user,
-  ...
-}: {
   imports = [
     ./mpv.nix
+    ./vscode.nix
   ];
 
   home.packages = with pkgs; [
@@ -18,10 +14,15 @@
 
     # tools
     inkscape
+    kdePackages.okular
     gimp3
     libreoffice
+    dbeaver-bin
+    zed-editor
+    insomnia
 
     # entertainment
+    kdePackages.kasts
     shortwave
     youtube-music
     transmission_4-gtk
@@ -72,4 +73,5 @@
     enable = true;
     package = pkgs.brave;
   };
+
 }

home/programs/work.nix

@@ -5,9 +5,6 @@
 }: let
   modifier = config.windowManager.modifierKey;
 in {
-  imports = [
-    ./vscode.nix
-  ];
   roles.email = {
     enable = true;
     email = "tristan.beedell@cryoserver.com";

lib/nixvim.nix

@@ -28,7 +28,6 @@ in {
     scrolloff = 4;
     smoothscroll = true;
     ignorecase = true;
-    winborder = "rounded";
 
     undofile = true;
     undodir = lua ''vim.fn.expand("$HOME/.local/share/nvim/undo")'';
@@ -73,10 +72,10 @@ in {
       options.desc = "copy to clipboard";
     }
     {
-      mode = "n";
+      key = "<leader>ca";
-      options.desc = "LSP Format";
+      action = ''
-      key = "<leader>cf";
+        require("actions-preview").code_actions
-      action = luaFunc "vim.lsp.buf.format({async = true;})";
+      '';
     }
     {
       key = "<C-Tab>";

nixos/services/arr.nix

@@ -1,20 +1,20 @@
-{
+{config, lib, user, ...}: let
-  config,
-  lib,
-  user,
-  ...
-}: let
   inherit (config) sops;
   inherit (sops) templates placeholder;
 in {
+  nixpkgs.config.permittedInsecurePackages = [
+    "aspnetcore-runtime-6.0.36"
+    "aspnetcore-runtime-wrapped-6.0.36"
+    "dotnet-sdk-6.0.428"
+    "dotnet-sdk-wrapped-6.0.428"
+  ];
   users.users.${user}.extraGroups = ["media"];
   users.groups.media = {
     gid = 979;
   };
-  services.prowlarr = {
+  services.jackett = {
     enable = true;
   };
-  services.flaresolverr.enable = true;
   services.lidarr = {
     enable = true;
     group = "media";
@@ -27,13 +27,21 @@ in {
     enable = true;
     group = "media";
   };
-  services.bazarr = {
-    enable = true;
-    group = "media";
-  };
   services.jellyseerr.enable = true;
+  sops.secrets.sonarr-sslkey = {
+    sopsFile = ../../certs/alpine.prawn-justice.ts.net.key;
+    format = "binary";
+    owner = "nginx";
+  };
+  # this was fun to figure out, but pointless atm.
+  services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = {
+    forceSSL = true;
+    sslCertificateKey = config.sops.secrets.sonarr-sslkey.path;
+    sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt;
+  };
   # probably easier if i just put this in a nixos-container
   virtualisation.oci-containers.containers.transmission = {
+    autoStart = false;
     image = "docker.io/haugene/transmission-openvpn:5.3.2";
     ports = ["9091:9091"];
     volumes = [
@@ -41,7 +49,7 @@ in {
       "/home/tristan/pods/transmission/config:/config"
       "/mnt/storage/media/unsorted:/data/completed"
     ];
-    environmentFiles = [templates."transmission/env".path];
+    environmentFiles = [ templates."transmission/env".path ];
     environment = {
       PUID = "1000";
       PGID = toString config.users.groups.media.gid;
@@ -71,43 +79,4 @@ in {
       OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"}
     '';
   };
-
-  sops.secrets."sonarr/api_key" = {};
-  sops.secrets."radarr/api_key" = {};
-  sops.secrets."prowlarr/api_key" = {};
-  services.prometheus.exporters.exportarr-sonarr = {
-    enable = true;
-    url = "http://localhost:${toString config.services.sonarr.settings.server.port}/sonarr";
-    port = 9708;
-    apiKeyFile = config.sops.secrets."sonarr/api_key".path;
-  };
-  services.prometheus.exporters.exportarr-radarr = {
-    enable = true;
-    url = "http://localhost:${toString config.services.radarr.settings.server.port}";
-    port = 9709;
-    apiKeyFile = config.sops.secrets."radarr/api_key".path;
-  };
-  services.prometheus.exporters.exportarr-prowlarr = {
-    enable = true;
-    url = "http://localhost:${toString config.services.prowlarr.settings.server.port}";
-    port = 9710;
-    apiKeyFile = config.sops.secrets."prowlarr/api_key".path;
-  };
-  services.prometheus = {
-    enable = true;
-    scrapeConfigs = [
-      {
-        job_name = "exportarr";
-        static_configs = [
-          {
-            targets = [
-              "localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
-              "localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
-              "localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
-            ];
-          }
-        ];
-      }
-    ];
-  };
 }

nixos/services/authentik.nix

@@ -10,7 +10,7 @@
   };
   authentik-config = {
     autoStart = true;
-    image = "ghcr.io/goauthentik/server:2025.6.3";
+    image = "ghcr.io/goauthentik/server:2025.6.0";
     volumes = ["/home/tristan/pods/authentik/media:/media"];
     environment = {
       AUTHENTIK_POSTGRESQL__USER = postgres.user;

nixos/services/fail2ban.nix

@@ -1,5 +0,0 @@
-{...}: {
-  services.fail2ban = {
-    enable = true;
-  };
-}

nixos/services/grafana.nix

@@ -48,7 +48,7 @@ in {
       {
         name = "synapse";
         url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
-        sha256 = "sha256:16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb";
+        sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
       }
       ];
     }];

nixos/services/loki.nix

@@ -21,77 +21,78 @@ in {
       storage_config."filesystem".directory = "/tmp/loki/chunks";
       common = {
         ring = {
+          instance_addr = "127.0.0.1";
           kvstore.store = "inmemory";
         };
         replication_factor = 1;
         path_prefix = "/tmp/loki";
       };
-      # https://grafana.com/docs/loki/latest/configure/#limits_config
       limits_config = {
         ingestion_rate_strategy = "local";
-        ingestion_rate_mb = 128;
+        ingestion_rate_mb = 24;
-        ingestion_burst_size_mb = 256;
+        ingestion_burst_size_mb = 36;
-        max_streams_per_user = 0;
-        max_global_streams_per_user = 0;
       };
     };
   };
-  services.prometheus.scrapeConfigs = [
+  services.prometheus.scrapeConfigs = [{
-    {
     job_name = "loki";
     static_configs = [
       {
         targets = ["localhost:3100"];
       }
     ];
-    }
+  }];
-  ];
+  services.promtail = {
-  services.alloy = {
     enable = true;
-    extraFlags = [
+    # https://grafana.com/docs/loki/latest/send-data/promtail/configuration/
-      "--server.http.listen-addr=100.106.241.122:12345"
+    configuration = {
+      server = {
+        http_listen_port = 9080;
+        grpc_listen_port = 0;
+      };
+      clients = [
+        {url = "http://localhost:3100/loki/api/v1/push";}
+      ];
+      scrape_configs = [
+        {
+          job_name = "system";
+          journal = {
+            path = "/var/log/journal/";
+          };
+          relabel_configs = [
+            {
+              source_labels = ["__journal_message"];
+              target_label = "message";
+              regex = "(.+)";
+            }
+            {
+              source_labels = ["__journal__systemd_unit"];
+              target_label = "systemd_unit";
+              regex = "(.+)";
+            }
+            {
+              source_labels = ["__journal__systemd_user_unit"];
+              target_label = "systemd_user_unit";
+              regex = "(.+)";
+            }
+            {
+              source_labels = ["__journal__transport"];
+              target_label = "transport";
+              regex = "(.+)";
+            }
+            {
+              source_labels = ["__journal__priority_keyword"];
+              target_label = "severity";
+              regex = "(.+)";
+            }
+          ];
+        }
       ];
     };
-  environment.etc."alloy/config.alloy" = {
-    text = ''
-      discovery.relabel "system" {
-        targets = []
-
-        rule {
-          source_labels = ["__journal__systemd_unit", "__journal__systemd_user_unit"]
-          regex         = "(.+)"
-          target_label  = "systemd_unit"
-        }
-
-        rule {
-          source_labels = ["__journal__priority_keyword"]
-          regex         = "(.+)"
-          target_label  = "severity"
-        }
-      }
-
-      loki.source.journal "system" {
-        max_age       = "1h0m0s"
-        path          = "/var/log/journal/"
-        relabel_rules = discovery.relabel.system.rules
-        forward_to    = [loki.write.default.receiver]
-        labels        = {}
-      }
-
-      loki.write "default" {
-        endpoint {
-          url = "http://localhost:3100/loki/api/v1/push"
-        }
-        max_streams = 64
-      }
-
-    '';
   };
-  services.grafana.provision.datasources.settings.datasources = [
+  services.grafana.provision.datasources.settings.datasources = [{
-    {
     name = "Loki";
     type = "loki";
     url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
-    }
+  }];
-  ];
 }

nixos/services/nfs.nix

@@ -1,13 +0,0 @@
-{config, ...}: {
-  services.nfs = {
-    settings = {
-      mountd.manage-gids = true;
-    };
-    server = {
-      enable = true;
-      exports = ''
-        /mnt/storage/media 100.106.241.122/8(rw,fsid=root)
-      '';
-    };
-  };
-}

nixos/services/prometheus.nix

@@ -29,8 +29,7 @@ in {
     ];
     rules = [
       (builtins.toJSON {
-        groups = [
+        groups = [{
-          {
           name = "node";
           rules = [
             {
@@ -42,21 +41,16 @@ in {
               expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
             }
           ];
-          }
+        }];
-        ];
       })
     ];
-    alertmanagers = [
+    alertmanagers = [ {
-      {
+      static_configs = [ {
-        static_configs = [
-          {
         targets = [
           "localhost:9093"
         ];
-          }
+      } ];
-        ];
+    } ];
-      }
-    ];
     exporters = {
       postgres = {
         enable = true;
@@ -64,35 +58,39 @@ in {
       };
     };
     alertmanager = {
-      enable = false;
+      enable = true;
       configuration = {
-        route = {
+        receivers = [{
-          receiver = "alertmanager-ntfy";
+          name = "ntfy";
-          routes = [{
+          webhook_configs = [{
-            matchers = [
+            url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
-              ''node_filesystem_device_error != 0''
-            ];
           }];
+        }];
+        route = {
+          receiver = "ntfy";
+          # routes = [{
+          #   matchers = [
+          #     ''node_filesystem_device_error != 0''
+          #   ];
+          # }];
         };
       };
     };
-    alertmanager-ntfy = {
+    # alertmanager-ntfy = {
-      enable = false;
+    #   enable = true;
-      settings = {
+    #   settings = {
-        ntfy = {
+    #     ntfy = {
-          baseurl = "https://up.tristans.cloud";
+    #       baseurl = "https://up.tristans.cloud";
-          notification = {
+    #       notification = {
-            topic = "alert";
+    #         topic = "alert";
+    #       };
+    #     };
+    #   };
+    # };
   };
-        };
+  services.grafana.provision.datasources.settings.datasources = [{
-      };
-    };
-  };
-  services.grafana.provision.datasources.settings.datasources = [
-    {
     name = "Prometheus";
     type = "prometheus";
     url = "http://localhost:${toString prometheus.port}";
-    }
+  }];
-  ];
 }

nixos/services/samba.nix

@@ -1,52 +0,0 @@
-{...}: {
-  users.users.guest = {
-    extraGroups = ["media"];
-    isNormalUser = true;
-  };
-  services.samba = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      global = {
-        "workgroup" = "WORKGROUP";
-        "server string" = "Tristan's Media Server";
-        "netbios name" = "alpine";
-        "security" = "user";
-        #"use sendfile" = "yes";
-        #"max protocol" = "smb2";
-        # note: localhost is the ipv6 localhost ::1
-        "hosts allow" = "192.168.1. 127.0.0.1 localhost";
-        "hosts deny" = "0.0.0.0/0";
-        "guest account" = "guest";
-        "map to guest" = "bad user";
-      };
-      "Music" = {
-        "path" = "/mnt/storage/media/Music";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "guest only" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-      };
-    };
-  };
-
-  services.samba-wsdd = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  services.avahi = {
-    publish.enable = true;
-    publish.userServices = true;
-    # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
-    nssmdns4 = true;
-    # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
-    enable = true;
-    openFirewall = true;
-  };
-
-  networking.firewall.enable = true;
-  networking.firewall.allowPing = true;
-}

nixos/services/synapse/default.nix

@@ -63,7 +63,6 @@ in {
   services.matrix-synapse = {
     enable = true;
     extraConfigFiles = [templates."synapse/secrets.yaml".path];
-    # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
     settings = {
       signing_key_path = secrets."synapse/signing_key".path;
       server_name = domain;

pkgs/mpv-skipsilence.nix

@@ -10,7 +10,7 @@ buildLua {
 
   src = fetchgit {
     url = "https://codeberg.org/ferreum/mpv-skipsilence.git";
-    hash = "sha256-+sOMWFFumJUk5gFE1iCTvWub3PWzYOkulXJLCGS4fYA=";
+    hash = "sha256-fg8vfeb68nr0bTBIvr0FnRnoB48/kV957pn22tWcz1g=";
   };
   passthru.updateScript = gitUpdater {};
 

secrets/secrets.yaml

@@ -33,13 +33,11 @@ transmission:
         OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str]
         OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str]
 namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str]
-sonarr:
-    api_key: ENC[AES256_GCM,data:mBq+ndbhDtErh/sytTybutes7btHMIkg6wT9C7t4M9I=,iv:JicYavIQJpnmYbFpO+AVOTwrp2DeOB5xWBROwSYNF4Y=,tag:xmlaKpdn8A9s/HpdsBR+0g==,type:str]
-radarr:
-    api_key: ENC[AES256_GCM,data:iHDX/wLjde/6dj6+ORJaAnFCzXn82DXUWy3yh6fkmiQ=,iv:NcgRPa6Cy9tKLKYJ4OGr2cdW5smvpHbiXtBYJlEqOfw=,tag:BJ1YeMLXrhuDrZKsB5Z4YQ==,type:str]
-prowlarr:
-    api_key: ENC[AES256_GCM,data:p1KRHilxv8qSy8NEKQlBy8ppXDxmQDeZXAzRYyc7psA=,iv:HyK3YEKLvE01fLCkxR89G96uViAegIPi7Xb43mFeWlQ=,tag:B8pNOT9+2rPUqVL+rTDRHg==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
     age:
         - recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q
           enc: |
@@ -50,7 +48,8 @@ sops:
             S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x
             UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-19T18:47:49Z"
+    lastmodified: "2025-01-18T02:00:29Z"
-    mac: ENC[AES256_GCM,data:xgsPA3TDBZ4C6aQVYoamOz2fi2iEaiUtT2eOFUnldBB4Wt+YNM4b4RVavXnlND1vOat9FtRzjmvI1rlkxoPV95tZz4B4QDfH/LUBWCwiOnZdLwrd4W0VWJLSxcX/hAmZ7qnGMpA7/G/0d45A2y0yMHJ3KGfqTsCikE/MPwrQbkg=,iv:1GEIIYygolYOGfS2LG1CmZCnacLaeOfBw+TGeh713DQ=,tag:E7mrU7xK2Zppq9QCwKdveQ==,type:str]
+    mac: ENC[AES256_GCM,data:x3J0tRfNynM2qlB4YUUAUMYI/94opN1kJ1j0kOyeZ1GZHx+EA4dQZif4nPQOERo+5xRt8C4YXVDZEnCjD1TpQE6LYik0n0iY+84sY5fSr2SYiXzq2P72Tk7BzBklI9/zjndeJLJbydTJDMzOCvdEWIfHYZsHODnKXBO9pYwjAqU=,iv:z+QD93t72S2w0CqMV5sQk9oK9LMnQAxyaiExmqEcSp0=,tag:dbtyHUQ+n2EQvHEkQa7zrw==,type:str]
+    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.9.2