home-manager/gui: Disable ligatures in kitty

home-manager/gui: Use rofi-wayland
2024-11-06 13:08:19 +00:00 · 2024-11-04 14:59:17 +00:00
92 changed files with 2423 additions and 3343 deletions
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -6,7 +6,7 @@ on:
 jobs:
  check:
-    name: Check, build and cache nixfiles
+    name: Check, build and cache Nix flake
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
@@ -25,23 +25,15 @@ jobs:
            extra-trusted-public-keys = nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4=
      - name: Check flake
-        run: nix flake check --no-build
+        run: nix flake check
-
+      - name: Build the world
      - name: Build (and cache) the world
        id: build
        run: |
          path=$(nix build --no-link .#ci.x86_64-linux --json | jq -r .[0].outputs.out)
          echo "path=$path" >> "$GITHUB_OUTPUT"
      - name: Push to cache
        env:
          HARMONIA_SSH_KEY: ${{ secrets.HARMONIA_SSH_KEY }}
        run: |
-          nix eval --json --apply "builtins.attrNames" .#ci.x86_64-linux | jq -cr '.[]' | while read job; do
+          ci/push-to-cache.sh "${{ steps.build.outputs.path }}"
            echo "::group::Build $job"
            nix build --no-link .#ci.x86_64-linux."$job"
            echo "::endgroup::"
            echo "::group::Cache $job"
            ci/push-to-cache.sh "$(nix eval --raw .#ci.x86_64-linux."$job")"
            echo "::endgroup::"
          done
          echo "Building and caching CI derivation"
          nix build --no-link .#ciDrv.x86_64-linux
          UPDATE_PROFILE=1 ci/push-to-cache.sh "$(nix eval --raw .#ciDrv.x86_64-linux)"
--- a/ci/push-to-cache.sh
+++ b/ci/push-to-cache.sh
@@ -22,10 +22,8 @@ path="$1"
 echo "Pushing $path to cache..."
 nix copy --no-check-sigs --to "$STORE_URI" "$path"
 if [ -n "$UPDATE_PROFILE" ]; then
 echo "Updating profile..."
 remote_cmd nix-env -p "$REMOTE_STORE"/nix/var/nix/profiles/nixfiles --set "$path"
 echo "Collecting garbage..."
-  remote_cmd nix-collect-garbage --delete-older-than 60d
+remote_cmd nix-collect-garbage --delete-older-than 30d
 fi
--- a/devshell/commands.nix
+++ b/devshell/commands.nix
@@ -77,12 +77,7 @@ in
      name = "build-n-switch";
      category = "tasks";
      help = "Shortcut to nixos-rebuild for this flake";
-      command = ''
+      command = ''doas nixos-rebuild --flake . "$@"'';
        # HACK: Upstream changes in Git + Nix makes this necessary
        # https://github.com/NixOS/nix/issues/10202
        doas git config --global --add safe.directory "$PWD"
        doas nixos-rebuild --flake . "$@"
      '';
    }
    {
      name = "run-vm";
@@ -120,17 +115,29 @@ in
      help = "Build home-manager configuration";
      command = ''nix build "''${@:2}" ".#homeConfigurations.\"$1\".activationPackage"'';
    }
    {
      name = "update-inputs";
      category = "tasks";
      help = "Update flake inputs";
      command = ''
        args=()
        for f in "$@"; do
          args+=(--update-input "$f")
        done
        nix flake lock "''${args[@]}"
      '';
    }
    {
      name = "update-nixpkgs";
      category = "tasks";
      help = "Update nixpkgs flake inputs";
-      command = ''nix flake update nixpkgs-{unstable,stable,mine,mine-stable}'';
+      command = ''update-inputs nixpkgs-{unstable,stable,mine,mine-stable}'';
    }
    {
      name = "update-home-manager";
      category = "tasks";
      help = "Update home-manager flake inputs";
-      command = ''nix flake update home-manager-{unstable,stable}'';
+      command = ''update-inputs home-manager-{unstable,stable}'';
    }
    {
      name = "update-installer";
--- a/devshell/default.nix
+++ b/devshell/default.nix
@@ -11,7 +11,7 @@ in
    NIX_USER_CONF_FILES = toString (pkgs.writeText "nix.conf"
      ''
-        experimental-features = nix-command flakes ca-derivations
+        experimental-features = nix-command flakes ca-derivations repl-flake
        connect-timeout = 5
        fallback = true
        ${lib.my.c.nix.cache.conf}
--- a/flake.lock
+++ b/flake.lock
@@ -8,14 +8,14 @@
          "ragenix",
          "nixpkgs"
        ],
-        "systems": "systems_6"
+        "systems": "systems_8"
      },
      "locked": {
-        "lastModified": 1723293904,
+        "lastModified": 1707830867,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
        "type": "github"
      },
      "original": {
@@ -24,77 +24,111 @@
        "type": "github"
      }
    },
    "attic": {
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "nixpkgs-stable": [
          "nixpkgs-stable"
        ]
      },
      "locked": {
        "lastModified": 1720542474,
        "narHash": "sha256-aKjJ/4l2I9+wNGTaOGRsuS3M1+IoTibqgEMPDikXm04=",
        "owner": "zhaofengli",
        "repo": "attic",
        "rev": "6139576a3ce6bb992e0f6c3022528ec233e45f00",
        "type": "github"
      },
      "original": {
        "owner": "zhaofengli",
        "repo": "attic",
        "type": "github"
      }
    },
    "boardie": {
      "inputs": {
        "devshell": "devshell",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
-        "pyproject-nix": "pyproject-nix"
+        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1757170758,
+        "lastModified": 1718746012,
-        "narHash": "sha256-FyO+Brz5eInmdAkG8B2rJAfrNGMCsDQ8BPflKV2+r5g=",
+        "narHash": "sha256-sp9vGl3vWXvD/C2JeMDi5nbW6CkKIC3Q2JMGKwexYEs=",
-        "owner": "devplayer0",
+        "ref": "refs/heads/master",
-        "repo": "boardie",
+        "rev": "ea24100bd4a914b9e044a2085a3785a6bd3a3833",
-        "rev": "ed5fd520d5bf122871b5508dd3c1eda28d6e515d",
+        "revCount": 5,
-        "type": "github"
+        "type": "git",
        "url": "https://git.nul.ie/dev/boardie"
      },
      "original": {
-        "owner": "devplayer0",
+        "type": "git",
-        "repo": "boardie",
+        "url": "https://git.nul.ie/dev/boardie"
        "type": "github"
      }
    },
    "borgthin": {
      "inputs": {
        "devshell": "devshell_2",
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_6",
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1732994213,
        "narHash": "sha256-3v8cTsPB+TIdWmc1gmRNd0Mi0elpfi39CXRsA/2x/Oo=",
        "owner": "devplayer0",
        "repo": "borg",
        "rev": "795f5009445987d42f32de1b49fdeb2d88326a64",
        "type": "github"
      },
      "original": {
        "owner": "devplayer0",
        "repo": "borg",
        "type": "github"
      }
    },
    "copyparty": {
      "inputs": {
        "flake-utils": "flake-utils_5",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-mine"
        ]
      },
      "locked": {
-        "lastModified": 1757362872,
+        "lastModified": 1692446555,
-        "narHash": "sha256-juUSWjxX8y2gueU34BpkQipUlhZRFJNLFccdprle0iM=",
+        "narHash": "sha256-Uzl8TiGKVBCjwYhkprSwbcu8xlcQwnDNIqsk9rM+P9w=",
-        "owner": "9001",
+        "owner": "devplayer0",
-        "repo": "copyparty",
+        "repo": "borg",
-        "rev": "e09f3c9e2c3dccf8f3912539e04dd840b10b51ee",
+        "rev": "44a3dc19b014ebc8d33db0b3e145ed7bfc9a0cb7",
        "type": "github"
      },
      "original": {
-        "owner": "9001",
+        "owner": "devplayer0",
-        "repo": "copyparty",
+        "repo": "borg",
        "type": "github"
      }
    },
    "crane": {
      "inputs": {
        "nixpkgs": [
          "attic",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1725409566,
+        "lastModified": 1717025063,
-        "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
+        "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
+        "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "crane_2": {
      "inputs": {
        "nixpkgs": [
          "ragenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1708794349,
        "narHash": "sha256-jX+B1VGHT0ruHHL5RwS8L21R6miBn4B6s9iVyUJsJJY=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "2c94ff9a6fbeb9f3ea0107f28688edbe9c81deaa",
        "type": "github"
      },
      "original": {
@@ -128,18 +162,18 @@
    },
    "deploy-rs": {
      "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1756719547,
+        "lastModified": 1718194053,
-        "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=",
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
        "type": "github"
      },
      "original": {
@@ -150,7 +184,7 @@
    },
    "devshell": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
@@ -169,7 +203,7 @@
    },
    "devshell-tools": {
      "inputs": {
-        "flake-utils": "flake-utils_9",
+        "flake-utils": "flake-utils_11",
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
@@ -188,8 +222,8 @@
    },
    "devshell_2": {
      "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_5",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1671489820,
@@ -207,16 +241,17 @@
    },
    "devshell_3": {
      "inputs": {
        "flake-utils": "flake-utils_7",
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
-        "lastModified": 1741473158,
+        "lastModified": 1713532798,
-        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+        "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+        "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
        "type": "github"
      },
      "original": {
@@ -228,11 +263,27 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1673956053,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@@ -242,15 +293,12 @@
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1701680307,
+        "lastModified": 1667395993,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
@@ -278,6 +326,42 @@
      }
    },
    "flake-utils_11": {
      "inputs": {
        "systems": "systems_10"
      },
      "locked": {
        "lastModified": 1709126324,
        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_12": {
      "inputs": {
        "systems": "systems_11"
      },
      "locked": {
        "lastModified": 1705309234,
        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_13": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -293,6 +377,24 @@
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_2"
      },
@@ -310,7 +412,25 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "flake-utils_4": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_5": {
      "locked": {
        "lastModified": 1642700792,
        "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@@ -325,7 +445,7 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_6": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -340,49 +460,16 @@
        "type": "github"
      }
    },
    "flake-utils_5": {
      "locked": {
        "lastModified": 1678901627,
        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_6": {
      "inputs": {
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_7": {
      "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_6"
      },
      "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1701680307,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
@@ -410,15 +497,12 @@
      }
    },
    "flake-utils_9": {
      "inputs": {
        "systems": "systems_8"
      },
      "locked": {
-        "lastModified": 1709126324,
+        "lastModified": 1659877975,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
        "type": "github"
      },
      "original": {
@@ -456,16 +540,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1756679287,
+        "lastModified": 1719827415,
-        "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=",
+        "narHash": "sha256-pvh+1hStXXAZf0sZ1xIJbWGx4u+OGBC1rVx6Wsw0fBw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8",
+        "rev": "f2e3c19867262dbe84fdfab42467fc8dd83a2005",
        "type": "github"
      },
      "original": {
        "id": "home-manager",
-        "ref": "release-25.05",
+        "ref": "release-23.11",
        "type": "indirect"
      }
    },
@@ -476,11 +560,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757075491,
+        "lastModified": 1720734513,
-        "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
+        "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
+        "rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
        "type": "github"
      },
      "original": {
@@ -490,11 +574,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1737831083,
+        "lastModified": 1719091691,
-        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
        "type": "github"
      },
      "original": {
@@ -503,35 +587,41 @@
        "type": "github"
      }
    },
-    "libnetRepo": {
+    "nix-github-actions": {
-      "flake": false,
+      "inputs": {
        "nixpkgs": [
          "boardie",
          "poetry2nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1745053097,
+        "lastModified": 1703863825,
-        "narHash": "sha256-BEW57utyWCqP4U+MzCXFqbvEC8LE3iZv5dsPMrmTJ9Q=",
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
-        "owner": "oddlama",
+        "owner": "nix-community",
-        "repo": "nixos-extra-modules",
+        "repo": "nix-github-actions",
-        "rev": "7565d8554b0fc9d621851150e7939d34a3a8cd6c",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
-        "owner": "oddlama",
+        "owner": "nix-community",
-        "repo": "nixos-extra-modules",
+        "repo": "nix-github-actions",
        "type": "github"
      }
    },
    "nixGL": {
      "inputs": {
-        "flake-utils": "flake-utils_7",
+        "flake-utils": "flake-utils_9",
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
-        "lastModified": 1752054764,
+        "lastModified": 1713543440,
-        "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
+        "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
        "owner": "nix-community",
        "repo": "nixGL",
-        "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
+        "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
        "type": "github"
      },
      "original": {
@@ -558,11 +648,11 @@
    },
    "nixpkgs-mine": {
      "locked": {
-        "lastModified": 1757173087,
+        "lastModified": 1724669894,
-        "narHash": "sha256-NYXuC8xUUbvtwbaC1aLdpQKHzQtQ2XB3VkK0hfYTPd8=",
+        "narHash": "sha256-oHDWt37dN3Bq12E016HDw0rnjBlRg51hg66b7qG6cro=",
        "owner": "devplayer0",
        "repo": "nixpkgs",
-        "rev": "06e4c8cd503ed73806744b39368393df38b36bb7",
+        "rev": "01d95eaee35f63ed8e48dedb573f48a1a3028f88",
        "type": "github"
      },
      "original": {
@@ -574,11 +664,11 @@
    },
    "nixpkgs-mine-stable": {
      "locked": {
-        "lastModified": 1757173155,
+        "lastModified": 1720987393,
-        "narHash": "sha256-aDNAiQQsrgS/coVOqLbtILpOUouE6jp/wqAsO8Dta/o=",
+        "narHash": "sha256-aq1reu43552gD+QRyxAMlimAX9+YbGpAIyw82jg0eWY=",
        "owner": "devplayer0",
        "repo": "nixpkgs",
-        "rev": "8a1a03f2d17918a6d51746371031a8fe4014c549",
+        "rev": "154ab603fb2b794b437f233853aeb3c75f101049",
        "type": "github"
      },
      "original": {
@@ -590,26 +680,26 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1757020766,
+        "lastModified": 1720535198,
-        "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
+        "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
+        "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.05",
+        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1756787288,
+        "lastModified": 1723175592,
-        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
        "type": "github"
      },
      "original": {
@@ -619,6 +709,22 @@
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1718632497,
        "narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c58b4a9118498c1055c5908a5bbe666e56abe949",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable-small",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1643381941,
        "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=",
@@ -634,20 +740,6 @@
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1673606088,
        "narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1709309926,
@@ -680,43 +772,44 @@
        "type": "github"
      }
    },
-    "pyproject-nix": {
+    "poetry2nix": {
      "inputs": {
-        "nixpkgs": [
+        "flake-utils": "flake-utils_4",
-          "boardie",
+        "nix-github-actions": "nix-github-actions",
-          "nixpkgs"
+        "nixpkgs": "nixpkgs_2",
-        ]
+        "systems": "systems_4",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1756395552,
+        "lastModified": 1718726452,
-        "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=",
+        "narHash": "sha256-w4hJSYvACz0i5XHtxc6XNyHwbxpisN13M2kA2Y7937o=",
-        "owner": "pyproject-nix",
+        "owner": "nix-community",
-        "repo": "pyproject.nix",
+        "repo": "poetry2nix",
-        "rev": "030dffc235dcf240d918c651c78dc5f158067b51",
+        "rev": "53e534a08c0cd2a9fa7587ed1c3e7f6aeb804a2c",
        "type": "github"
      },
      "original": {
-        "owner": "pyproject-nix",
+        "owner": "nix-community",
-        "repo": "pyproject.nix",
+        "repo": "poetry2nix",
        "type": "github"
      }
    },
    "ragenix": {
      "inputs": {
        "agenix": "agenix",
-        "crane": "crane",
+        "crane": "crane_2",
-        "flake-utils": "flake-utils_8",
+        "flake-utils": "flake-utils_10",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1731774781,
+        "lastModified": 1725195663,
-        "narHash": "sha256-vwsUUYOIs8J6weeSK1n1mbZf8fgvygGUMsadx0JmG70=",
+        "narHash": "sha256-vnmQ0tMkQpiOW5xvM9WVVDLr4OjYKquq0iOaAlPriqA=",
        "owner": "devplayer0",
        "repo": "ragenix",
-        "rev": "ec4115da7b67c783b1091811e17dbcba50edd1c6",
+        "rev": "58820d99352a5e7067ec98374b8c4519c8e225b6",
        "type": "github"
      },
      "original": {
@@ -728,16 +821,15 @@
    },
    "root": {
      "inputs": {
        "attic": "attic",
        "boardie": "boardie",
        "borgthin": "borgthin",
        "copyparty": "copyparty",
        "deploy-rs": "deploy-rs",
        "devshell": "devshell_3",
-        "flake-utils": "flake-utils_6",
+        "flake-utils": "flake-utils_8",
        "home-manager-stable": "home-manager-stable",
        "home-manager-unstable": "home-manager-unstable",
        "impermanence": "impermanence",
        "libnetRepo": "libnetRepo",
        "nixGL": "nixGL",
        "nixpkgs-mine": "nixpkgs-mine",
        "nixpkgs-mine-stable": "nixpkgs-mine-stable",
@@ -749,17 +841,21 @@
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "ragenix",
          "flake-utils"
        ],
        "nixpkgs": [
          "ragenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1725675754,
+        "lastModified": 1708740535,
-        "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
+        "narHash": "sha256-NCTw235XwSDbeTAtAwg/hOeNOgwYhVq7JjDdbkOgBeA=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
+        "rev": "9b24383d77f598716fa0cbb8b48c97249f5ee1af",
        "type": "github"
      },
      "original": {
@@ -770,7 +866,7 @@
    },
    "sbt": {
      "inputs": {
-        "flake-utils": "flake-utils_11",
+        "flake-utils": "flake-utils_13",
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
@@ -790,18 +886,18 @@
    "sharry": {
      "inputs": {
        "devshell-tools": "devshell-tools",
-        "flake-utils": "flake-utils_10",
+        "flake-utils": "flake-utils_12",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "sbt": "sbt"
      },
      "locked": {
-        "lastModified": 1741328331,
+        "lastModified": 1720592125,
-        "narHash": "sha256-OtsHm9ykxfAOMRcgFDsqFBBy5Wu0ag7eq1qmTIluVcw=",
+        "narHash": "sha256-vR89LefkY8mBPWxDTQ8SNg6Z7/J6Yga80T4kSb6MNdk=",
        "owner": "eikek",
        "repo": "sharry",
-        "rev": "6203b90f9a76357d75c108a27ad00f323d45c1d0",
+        "rev": "604b20517150599cb05dbe178cd35cd10659aa4c",
        "type": "github"
      },
      "original": {
@@ -825,6 +921,36 @@
        "type": "github"
      }
    },
    "systems_10": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_11": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
@@ -865,9 +991,8 @@
        "type": "github"
      },
      "original": {
-        "owner": "nix-systems",
+        "id": "systems",
-        "repo": "default",
+        "type": "indirect"
        "type": "github"
      }
    },
    "systems_5": {
@@ -945,16 +1070,38 @@
        "type": "github"
      }
    },
-    "utils": {
+    "treefmt-nix": {
      "inputs": {
-        "systems": "systems_3"
+        "nixpkgs": [
          "boardie",
          "poetry2nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1718522839,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -3,22 +3,17 @@
  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    # libnet.url = "github:reo101/nix-lib-net";
    libnetRepo = {
      url = "github:oddlama/nixos-extra-modules";
      flake = false;
    };
    devshell.url = "github:numtide/devshell";
    devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "nixpkgs/nixos-25.05";
+    nixpkgs-stable.url = "nixpkgs/nixos-23.11";
    nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
    nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
    home-manager-unstable.url = "home-manager";
    home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
-    home-manager-stable.url = "home-manager/release-25.05";
+    home-manager-stable.url = "home-manager/release-23.11";
    home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
    # Stuff used by the flake for build / deployment
@@ -30,7 +25,7 @@
    # Stuff used by systems
    impermanence.url = "github:nix-community/impermanence";
-    boardie.url = "github:devplayer0/boardie";
+    boardie.url = "git+https://git.nul.ie/dev/boardie";
    boardie.inputs.nixpkgs.follows = "nixpkgs-unstable";
    nixGL.url = "github:nix-community/nixGL";
    nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -39,10 +34,10 @@
    sharry.url = "github:eikek/sharry";
    sharry.inputs.nixpkgs.follows = "nixpkgs-unstable";
    borgthin.url = "github:devplayer0/borg";
-    # TODO: Update borgthin so this works
+    borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";
-    # borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";
+    attic.url = "github:zhaofengli/attic";
-    copyparty.url = "github:9001/copyparty";
+    attic.inputs.nixpkgs.follows = "nixpkgs-unstable";
-    copyparty.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    attic.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
  };
  outputs =
@@ -65,7 +60,7 @@
      # Extend a lib with extras that _must not_ internally reference private nixpkgs. flake-utils doesn't, but many
      # other flakes (e.g. home-manager) probably do internally.
      libOverlay = final: prev: {
-        my = import ./lib { inherit inputs; lib = final; };
+        my = import ./lib { lib = final; };
        flake = flake-utils.lib;
      };
      pkgsLibOverlay = final: prev: { lib = prev.lib.extend libOverlay; };
@@ -96,12 +91,12 @@
        (_: path: mkDefaultSystemsPkgs path (system: {
          overlays = [
            pkgsLibOverlay
            myPkgsOverlay
            inputs.devshell.overlays.default
            inputs.ragenix.overlays.default
-            inputs.deploy-rs.overlays.default
+            inputs.deploy-rs.overlay
            (flakePackageOverlay inputs.home-manager-unstable system)
            inputs.attic.overlays.default
          ];
        }))
        pkgsFlakes;
@@ -111,7 +106,6 @@
        (_: path: mkDefaultSystemsPkgs path (_: {
          overlays = [
            pkgsLibOverlay
            myPkgsOverlay
          ];
@@ -136,7 +130,6 @@
        nixos/boxes/home/palace
        nixos/boxes/home/castle
        nixos/boxes/britway
        nixos/boxes/britnet.nix
        nixos/boxes/kelder
        # Homes
@@ -167,7 +160,7 @@
    # Platform independent stuff
    {
      nixpkgs = pkgs';
-      inherit inputs lib nixfiles;
+      inherit lib nixfiles;
      overlays.default = myPkgsOverlay;
@@ -215,9 +208,8 @@
        systems' = mapAttrs' (n: v: nameValuePair "system-${n}" v) systems;
        packages' = mapAttrs' (n: v: nameValuePair "package-${n}" v) packages;
      in
-        homes' // systems' // packages' // {
+        pkgs.linkFarm "ci" (homes' // systems' // packages' // {
          inherit shell;
-        };
+        });
      ciDrv = pkgs.linkFarm "ci" ci;
    }));
 }
--- a/home-manager/modules/common.nix
+++ b/home-manager/modules/common.nix
@@ -66,7 +66,7 @@ in
        lsd = {
          enable = mkDefault true;
-          enableFishIntegration = mkDefault true;
+          enableAliases = mkDefault true;
        };
        starship = {
@@ -132,8 +132,6 @@ in
        ssh = {
          enable = mkDefault true;
          # TODO: Set after 25.11 releases
          # enableDefaultConfig = false;
          matchBlocks = {
            nix-dev-vm = {
              user = "dev";
@@ -228,8 +226,6 @@ in
      # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options
      nixpkgs = {
        overlays = [
          inputs.libnet.overlays.default
          inputs.deploy-rs.overlay
          inputs.boardie.overlays.default
          inputs.nixGL.overlays.default
--- a/home-manager/modules/gui/default.nix
+++ b/home-manager/modules/gui/default.nix
@@ -1,8 +1,7 @@
 { lib, pkgs', pkgs, config, ... }:
 let
-  inherit (lib) genAttrs mkIf mkMerge mkForce mapAttrs mkOptionDefault;
+  inherit (lib) genAttrs mkIf mkMerge mkForce;
-  inherit (lib.my) mkOpt' mkBoolOpt';
+  inherit (lib.my) mkBoolOpt';
  inherit (lib.my.c) pubDomain;
  cfg = config.my.gui;
@@ -16,42 +15,24 @@ let
    url = "https://distro.ibiblio.org/slitaz/sources/packages/d/doom1.wad";
    hash = "sha256-HX1DvlAeZ9kn5BXguPPinDvzMHXoWXIYFvZSpSbKx3E=";
  };
  subwaySurfers = pkgs.fetchurl {
    url = "https://p.${pubDomain}/video/subway-surfers-smol.mkv";
    hash = "sha256-fMe7TDRNTymRHIJOi7qG3trzu4GP8a3gCDz+FMkX1dY=";
  };
  minecraftParkour = pkgs.fetchurl {
    url = "https://p.${pubDomain}/video/minecraft-parkour-smol.mkv";
    hash = "sha256-723pRm4AsIjY/WFUyAHzTJp+JvH4Pn5hvzF9wHTnOPA=";
  };
-  genLipsum = pkgs.writeScript "lipsum" ''
+  doomsaver = pkgs.runCommand "doomsaver" {
-    #!${pkgs.python3.withPackages (ps: [ ps.python-lorem ])}/bin/python
+    inherit (pkgs) windowtolayer;
    import lorem
    print(lorem.get_paragraph(count=5, sep='\n\n'))
  '';
  doomsaver' = brainrotTextCommand: pkgs.runCommand "doomsaver" {
    inherit (pkgs) windowtolayer tmux terminaltexteffects;
    chocoDoom = pkgs.chocolate-doom2xx;
    ffmpeg = pkgs.ffmpeg-full;
    python = pkgs.python3.withPackages (ps: [ ps.filelock ]);
    inherit doomWad;
    enojy = ./enojy.jpg;
    inherit brainrotTextCommand subwaySurfers minecraftParkour;
  } ''
    mkdir -p "$out"/bin
    substituteAll ${./screensaver.py} "$out"/bin/doomsaver
    chmod +x "$out"/bin/doomsaver
  '';
  doomsaver = doomsaver' cfg.screensaver.brainrotTextCommand;
 in
 {
-  options.my.gui = with lib.types; {
+  options.my.gui = {
    enable = mkBoolOpt' true "Enable settings and packages meant for graphical systems";
    manageGraphical = mkBoolOpt' false "Configure the graphical session";
    standalone = mkBoolOpt' false "Enable settings for fully Nix managed systems";
    screensaver.brainrotTextCommand = mkOpt' (either path str) genLipsum "Command to generate brainrot text.";
  };
  config = mkIf cfg.enable (mkMerge [
@@ -61,8 +42,9 @@ in
            xdg-utils
            font.package
-            nerd-fonts.sauce-code-pro
+            (nerdfonts.override {
-            nerd-fonts.droid-sans-mono
+              fonts = [ "DroidSansMono" "SourceCodePro" ];
            })
            noto-fonts-emoji
            grim
@@ -83,7 +65,6 @@ in
            cmatrix
            doomsaver
            ffmpeg-full
            xournalpp
          ];
        };
@@ -99,7 +80,7 @@ in
          alacritty = {
            enable = true;
            settings = {
-              general.import = [ ./alacritty-xterm.toml ];
+              import = [ ./alacritty-xterm.toml ];
              font = {
                size = font.size;
@@ -206,7 +187,6 @@ in
            wl-clipboard
            wev
            wdisplays
            swaysome
            pavucontrol
            libsecret
@@ -229,36 +209,9 @@ in
        xsession.preferStatusNotifierItems = true;
        wayland = {
          windowManager = {
-            sway =
+            sway = {
            let
              cfg = config.wayland.windowManager.sway.config;
              mod = cfg.modifier;
              renameWs = pkgs.writeShellScript "sway-rename-ws" ''
                focused_ws="$(swaymsg -t get_workspaces | jq ".[] | select(.focused)")"
                focused_num="$(jq -r ".num" <<< "$focused_ws")"
                focused_name="$(jq -r ".name" <<< "$focused_ws")"
                placeholder="$(sed -E 's/[0-9]+: //' <<< "$focused_name")"
                name="$(rofi -dmenu -p "rename ws $focused_num" -theme+entry+placeholder "\"$placeholder\"")"
                if [ -n "$name" ]; then
                  swaymsg rename workspace "$focused_name" to "$focused_num: $name"
                fi
              '';
              clearWsName = pkgs.writeShellScript "sway-clear-ws-name" ''
                focused_ws="$(swaymsg -t get_workspaces | jq ".[] | select(.focused)")"
                focused_num="$(jq -r ".num" <<< "$focused_ws")"
                focused_name="$(jq -r ".name" <<< "$focused_ws")"
                swaymsg rename workspace "$focused_name" to "$focused_num"
              '';
            in
            {
              enable = true;
              xwayland = true;
              extraConfigEarly = ''
                set $mod ${mod}
              '';
              config = {
                input = {
                  "type:touchpad" = {
@@ -273,87 +226,23 @@ in
                modifier = "Mod4";
                terminal = "kitty";
-                keybindings = mapAttrs (k: mkOptionDefault) {
+                keybindings =
-                  "${mod}+Left" = "focus left";
+                  let
-                  "${mod}+Down" = "focus down";
+                    cfg = config.wayland.windowManager.sway.config;
-                  "${mod}+Up" = "focus up";
+                    mod = cfg.modifier;
-                  "${mod}+Right" = "focus right";
+                  in
-
+                  lib.mkOptionDefault {
                  "${mod}+Shift+Left" = "move left";
                  "${mod}+Shift+Down" = "move down";
                  "${mod}+Shift+Up" = "move up";
                  "${mod}+Shift+Right" = "move right";
                  "${mod}+b" = "splith";
                  "${mod}+v" = "splitv";
                  "${mod}+f" = "fullscreen toggle";
                  "${mod}+a" = "focus parent";
                  "${mod}+s" = "layout stacking";
                  "${mod}+w" = "layout tabbed";
                  "${mod}+e" = "layout toggle split";
                  "${mod}+Shift+space" = "floating toggle";
                  "${mod}+space" = "focus mode_toggle";
                  "${mod}+1" = "workspace number 1";
                  "${mod}+2" = "workspace number 2";
                  "${mod}+3" = "workspace number 3";
                  "${mod}+4" = "workspace number 4";
                  "${mod}+5" = "workspace number 5";
                  "${mod}+6" = "workspace number 6";
                  "${mod}+7" = "workspace number 7";
                  "${mod}+8" = "workspace number 8";
                  "${mod}+9" = "workspace number 9";
                  "${mod}+0" = "workspace number 10";
                  "${mod}+Shift+1" =
                    "move container to workspace number 1";
                  "${mod}+Shift+2" =
                    "move container to workspace number 2";
                  "${mod}+Shift+3" =
                    "move container to workspace number 3";
                  "${mod}+Shift+4" =
                    "move container to workspace number 4";
                  "${mod}+Shift+5" =
                    "move container to workspace number 5";
                  "${mod}+Shift+6" =
                    "move container to workspace number 6";
                  "${mod}+Shift+7" =
                    "move container to workspace number 7";
                  "${mod}+Shift+8" =
                    "move container to workspace number 8";
                  "${mod}+Shift+9" =
                    "move container to workspace number 9";
                  "${mod}+Shift+0" =
                    "move container to workspace number 10";
                  "${mod}+Shift+minus" = "move scratchpad";
                  "${mod}+minus" = "scratchpad show";
                  "${mod}+Return" = "exec ${cfg.terminal}";
                  "${mod}+r" = "mode resize";
                    "${mod}+d" = null;
                    "${mod}+l" = "exec ${doomsaver}/bin/doomsaver";
                  "${mod}+q" = "kill";
                  "${mod}+Shift+c" = "reload";
                  "${mod}+Shift+q" = "exec swaynag -t warning -m 'bruh you really wanna kill sway?' -b 'ye' 'systemctl --user stop graphical-session.target && swaymsg exit'";
                  # rofi
                    "${mod}+x" = "exec ${cfg.menu}";
                    "${mod}+Shift+x" = "exec rofi -show drun";
                    "${mod}+q" = "kill";
                    "${mod}+Shift+q" = "exec swaynag -t warning -m 'bruh you really wanna kill sway?' -b 'ye' 'systemctl --user stop graphical-session.target && swaymsg exit'";
                    "${mod}+Shift+d" = ''exec grim - | swappy -f -'';
                    "${mod}+Shift+s" = ''exec grim -g "$(slurp)" - | swappy -f -'';
                    "${mod}+Shift+e" = "exec rofi -show emoji";
                    # Config for this doesn't seem to work :/
                    "${mod}+c" = ''exec rofi -show calc -calc-command "echo -n '{result}' | ${pkgs.wl-clipboard}/bin/wl-copy"'';
                  "${mod}+Shift+r" = "exec ${renameWs}";
                  "${mod}+Shift+n" = "exec ${clearWsName}";
                  # Screenshots
                  "${mod}+Shift+d" = ''exec grim - | swappy -f -'';
                  "${mod}+Shift+s" = ''exec grim -g "$(slurp)" - | swappy -f -'';
                  "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
                  "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
                    "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 5";
                    "XF86AudioLowerVolume" = "exec ${pkgs.pamixer}/bin/pamixer -d 5";
@@ -370,9 +259,6 @@ in
                menu = "rofi -show run";
                bars = mkForce [ ];
              };
              extraConfig = ''
                include ${./swaysome.conf}
              '';
              swaynag = {
                enable = true;
@@ -436,9 +322,8 @@ in
            font = "${font.name} ${toString font.size}";
            plugins = with pkgs; (map (p: p.override { rofi-unwrapped = rofi-wayland-unwrapped; }) [
              rofi-calc
-            ]) ++ [
+              rofi-emoji
-              rofi-emoji-wayland
+            ]);
            ];
            extraConfig = {
              modes = "window,run,ssh,filebrowser,calc,emoji";
              emoji-mode = "copy";
--- a/home-manager/modules/gui/screensaver.py
+++ b/home-manager/modules/gui/screensaver.py
@@ -73,7 +73,7 @@ class TTESaver(Screensaver):
    def wait(self):
        while self.running:
-            effect_cmd = ['@terminaltexteffects@/bin/tte', random.choice(self.effects)]
+            effect_cmd = ['tte', random.choice(self.effects)]
            print(f"$ {self.cmd} | {' '.join(effect_cmd)}")
            content = subprocess.check_output(self.cmd, shell=True, env=self.env, stderr=subprocess.DEVNULL)
@@ -86,51 +86,6 @@ class TTESaver(Screensaver):
        self.running = False
        self.proc.terminate()
 class FFmpegCACASaver(Screensaver):
    @staticmethod
    def command(video, size):
        return ['@ffmpeg@/bin/ffmpeg', '-hide_banner', '-loglevel', 'error',
                '-stream_loop', '-1', '-i', video,
                '-pix_fmt', 'rgb24', '-window_size', f'{size}x{size}',
                '-f', 'caca', '-']
    def __init__(self, video, weight=2):
        cols, lines = os.get_terminal_size()
        # IDK if it's reasonable to do this as "1:1"
        size = lines - 4
        super().__init__(
            self.command(video, size),
            env={'CACA_DRIVER': 'ncurses'},
            weight=weight,
        )
    def stop(self):
        super().stop(kill=True)
 class BrainrotStorySaver(Screensaver):
    def __init__(self, video, text_command, weight=2):
        cols, lines = os.get_terminal_size()
        video_size = lines - 1
        video_command = ' '.join(FFmpegCACASaver.command(video, video_size))
        text_command = (
            f'while true; do {text_command} | '
            f'@terminaltexteffects@/bin/tte --wrap-text --canvas-width=80 --canvas-height={video_size//2} --anchor-canvas=c '
            'print --final-gradient-stops=ffffff; clear; done' )
        self.tmux_session = f'screensaver-{os.urandom(4).hex()}'
        super().__init__(
            ['@tmux@/bin/tmux', 'new-session', '-s', self.tmux_session, '-n', 'brainrot',
             text_command, ';', 'split-window', '-hbl', str(lines), video_command],
            # ['sh', '-c', text_command],
            env={
                'CACA_DRIVER': 'ncurses',
                'SHELL': '/bin/sh',
            },
            weight=weight,
        )
    def stop(self):
        subprocess.check_call(['@tmux@/bin/tmux', 'kill-session', '-t', self.tmux_session])
 class MultiSaver:
    savers = [
        DoomSaver(0),
@@ -145,9 +100,6 @@ class MultiSaver:
        TTESaver('ss -nltu'),
        TTESaver('ss -ntu'),
        TTESaver('jp2a --width=100 @enojy@'),
        BrainrotStorySaver('@subwaySurfers@', '@brainrotTextCommand@'),
        BrainrotStorySaver('@minecraftParkour@', '@brainrotTextCommand@'),
    ]
    state_filename = 'screensaver.json'
--- a/home-manager/modules/gui/swaysome.conf
+++ b/home-manager/modules/gui/swaysome.conf
@@ -4,62 +4,62 @@
 # Change focus between workspaces
-bindsym $mod+Alt+1 exec "swaysome focus 1"
+bindsym --no-warn $mod+1 exec "swaysome focus 1"
-bindsym $mod+Alt+2 exec "swaysome focus 2"
+bindsym --no-warn $mod+2 exec "swaysome focus 2"
-bindsym $mod+Alt+3 exec "swaysome focus 3"
+bindsym --no-warn $mod+3 exec "swaysome focus 3"
-bindsym $mod+Alt+4 exec "swaysome focus 4"
+bindsym --no-warn $mod+4 exec "swaysome focus 4"
-bindsym $mod+Alt+5 exec "swaysome focus 5"
+bindsym --no-warn $mod+5 exec "swaysome focus 5"
-bindsym $mod+Alt+6 exec "swaysome focus 6"
+bindsym --no-warn $mod+6 exec "swaysome focus 6"
-bindsym $mod+Alt+7 exec "swaysome focus 7"
+bindsym --no-warn $mod+7 exec "swaysome focus 7"
-bindsym $mod+Alt+8 exec "swaysome focus 8"
+bindsym --no-warn $mod+8 exec "swaysome focus 8"
-bindsym $mod+Alt+9 exec "swaysome focus 9"
+bindsym --no-warn $mod+9 exec "swaysome focus 9"
-bindsym $mod+Alt+0 exec "swaysome focus 0"
+bindsym --no-warn $mod+0 exec "swaysome focus 0"
 # Focus workspace groups
 bindsym --no-warn $mod+1 exec "swaysome focus-group 1"
 bindsym --no-warn $mod+2 exec "swaysome focus-group 2"
 bindsym --no-warn $mod+3 exec "swaysome focus-group 3"
 bindsym --no-warn $mod+4 exec "swaysome focus-group 4"
 bindsym --no-warn $mod+5 exec "swaysome focus-group 5"
 bindsym --no-warn $mod+6 exec "swaysome focus-group 6"
 bindsym --no-warn $mod+7 exec "swaysome focus-group 7"
 bindsym --no-warn $mod+8 exec "swaysome focus-group 8"
 bindsym --no-warn $mod+9 exec "swaysome focus-group 9"
 bindsym --no-warn $mod+0 exec "swaysome focus-group 0"
 # Move containers between workspaces
-bindsym $mod+Alt+Shift+1 exec "swaysome move 1"
+bindsym --no-warn $mod+Shift+1 exec "swaysome move 1"
-bindsym $mod+Alt+Shift+2 exec "swaysome move 2"
+bindsym --no-warn $mod+Shift+2 exec "swaysome move 2"
-bindsym $mod+Alt+Shift+3 exec "swaysome move 3"
+bindsym --no-warn $mod+Shift+3 exec "swaysome move 3"
-bindsym $mod+Alt+Shift+4 exec "swaysome move 4"
+bindsym --no-warn $mod+Shift+4 exec "swaysome move 4"
-bindsym $mod+Alt+Shift+5 exec "swaysome move 5"
+bindsym --no-warn $mod+Shift+5 exec "swaysome move 5"
-bindsym $mod+Alt+Shift+6 exec "swaysome move 6"
+bindsym --no-warn $mod+Shift+6 exec "swaysome move 6"
-bindsym $mod+Alt+Shift+7 exec "swaysome move 7"
+bindsym --no-warn $mod+Shift+7 exec "swaysome move 7"
-bindsym $mod+Alt+Shift+8 exec "swaysome move 8"
+bindsym --no-warn $mod+Shift+8 exec "swaysome move 8"
-bindsym $mod+Alt+Shift+9 exec "swaysome move 9"
+bindsym --no-warn $mod+Shift+9 exec "swaysome move 9"
-bindsym $mod+Alt+Shift+0 exec "swaysome move 0"
+bindsym --no-warn $mod+Shift+0 exec "swaysome move 0"
 # Focus workspace groups
 bindsym $mod+Alt+1 exec "swaysome focus-group 1"
 bindsym $mod+Alt+2 exec "swaysome focus-group 2"
 bindsym $mod+Alt+3 exec "swaysome focus-group 3"
 bindsym $mod+Alt+4 exec "swaysome focus-group 4"
 bindsym $mod+Alt+5 exec "swaysome focus-group 5"
 bindsym $mod+Alt+6 exec "swaysome focus-group 6"
 bindsym $mod+Alt+7 exec "swaysome focus-group 7"
 bindsym $mod+Alt+8 exec "swaysome focus-group 8"
 bindsym $mod+Alt+9 exec "swaysome focus-group 9"
 bindsym $mod+Alt+0 exec "swaysome focus-group 0"
 # Move containers to other workspace groups
-bindsym --no-warn $mod+Shift+1 exec "swaysome move-to-group 1"
+bindsym $mod+Alt+Shift+1 exec "swaysome move-to-group 1"
-bindsym --no-warn $mod+Shift+2 exec "swaysome move-to-group 2"
+bindsym $mod+Alt+Shift+2 exec "swaysome move-to-group 2"
-bindsym --no-warn $mod+Shift+3 exec "swaysome move-to-group 3"
+bindsym $mod+Alt+Shift+3 exec "swaysome move-to-group 3"
-bindsym --no-warn $mod+Shift+4 exec "swaysome move-to-group 4"
+bindsym $mod+Alt+Shift+4 exec "swaysome move-to-group 4"
-bindsym --no-warn $mod+Shift+5 exec "swaysome move-to-group 5"
+bindsym $mod+Alt+Shift+5 exec "swaysome move-to-group 5"
-bindsym --no-warn $mod+Shift+6 exec "swaysome move-to-group 6"
+bindsym $mod+Alt+Shift+6 exec "swaysome move-to-group 6"
-bindsym --no-warn $mod+Shift+7 exec "swaysome move-to-group 7"
+bindsym $mod+Alt+Shift+7 exec "swaysome move-to-group 7"
-bindsym --no-warn $mod+Shift+8 exec "swaysome move-to-group 8"
+bindsym $mod+Alt+Shift+8 exec "swaysome move-to-group 8"
-bindsym --no-warn $mod+Shift+9 exec "swaysome move-to-group 9"
+bindsym $mod+Alt+Shift+9 exec "swaysome move-to-group 9"
-bindsym --no-warn $mod+Shift+0 exec "swaysome move-to-group 0"
+bindsym $mod+Alt+Shift+0 exec "swaysome move-to-group 0"
 # Move focused container to next output
-bindsym $mod+Alt+Right exec "swaysome next-output"
+bindsym $mod+o exec "swaysome next-output"
 # Move focused container to previous output
-bindsym $mod+Alt+Left exec "swaysome prev-output"
+bindsym $mod+Shift+o exec "swaysome prev-output"
 # Move focused workspace group to next output
-bindsym $mod+Shift+Alt+Right exec "swaysome workspace-group-next-output"
+bindsym $mod+Alt+o exec "swaysome workspace-group-next-output"
 # Move focused workspace group to previous output
-bindsym $mod+Shift+Alt+Left exec "swaysome workspace-group-prev-output"
+bindsym $mod+Alt+Shift+o exec "swaysome workspace-group-prev-output"
 # Init workspaces for every screen
 exec "swaysome init 1"
--- a/lib/constants.nix
+++ b/lib/constants.nix
@@ -13,7 +13,6 @@ rec {
      kea = 404;
      keepalived_script = 405;
      photoprism = 406;
      copyparty = 408;
    };
    gids = {
      matrix-syncv3 = 400;
@@ -23,14 +22,12 @@ rec {
      kea = 404;
      keepalived_script = 405;
      photoprism = 406;
      adbusers = 407;
      copyparty = 408;
    };
  };
  kernel = {
-    lts = pkgs: pkgs.linuxKernel.packages.linux_6_12;
+    lts = pkgs: pkgs.linuxKernel.packages.linux_6_6;
-    latest = pkgs: pkgs.linuxKernel.packages.linux_6_16;
+    latest = pkgs: pkgs.linuxKernel.packages.linux_6_9;
  };
  nginx = rec {
@@ -202,20 +199,11 @@ rec {
        port = 25566;
        dst = aa.simpcraft-staging-oci.internal.ipv4.address;
      }
      {
        port = 25567;
        dst = aa.kevcraft-oci.internal.ipv4.address;
      }
      {
        port = 25568;
        dst = aa.kinkcraft-oci.internal.ipv4.address;
      }
-      # RCON... unsafe?
+      {
-      # {
+        port = 25575;
-      #   port = 25575;
+        dst = aa.simpcraft-oci.internal.ipv4.address;
-      #   dst = aa.simpcraft-oci.internal.ipv4.address;
+      }
      # }
      {
        port = 2456;
@@ -239,27 +227,6 @@ rec {
        dst = aa.simpcraft-oci.internal.ipv4.address;
        proto = "udp";
      }
      {
        port = 25567;
        dst = aa.kevcraft-oci.internal.ipv4.address;
        proto = "udp";
      }
      {
        port = 25568;
        dst = aa.kinkcraft-oci.internal.ipv4.address;
        proto = "udp";
      }
      {
        port = 15636;
        dst = aa.enshrouded-oci.internal.ipv4.address;
        proto = "udp";
      }
      {
        port = 15637;
        dst = aa.enshrouded-oci.internal.ipv4.address;
        proto = "udp";
      }
      {
        port = qclk.wgPort;
@@ -289,8 +256,8 @@ rec {
      "stream"
    ];
    routersPubV4 = [
-      "109.255.108.88"
+      "80.111.122.16"
-      "109.255.108.121"
+      "109.255.252.63"
    ];
    prefixes = with lib.my.net.cidr; rec {
@@ -356,20 +323,6 @@ rec {
    assignedV6 = "2001:19f0:7402:128b:5400:04ff:feac:6e06";
  };
  britnet = {
    domain = "bhx1.int.${pubDomain}";
    pubV4 = "77.74.199.67";
    vpn = {
      port = 51820;
    };
    prefixes = with lib.my.net.cidr; rec {
      vpn = {
        v4 = "10.200.0.0/24";
        v6 = "fdfb:5ebf:6e84::/64";
      };
    };
  };
  tailscale = {
    prefix = {
      v4 = "100.64.0.0/10";
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,11 +1,11 @@
-{ inputs, lib }:
+{ lib }:
 let
  inherit (builtins) length match elemAt filter replaceStrings substring;
  inherit (lib)
    genAttrs mapAttrsToList filterAttrsRecursive nameValuePair types
    mkOption mkOverride mkForce mkIf mergeEqualOption optional
    showWarnings concatStringsSep flatten unique optionalAttrs
-    mkBefore toLower splitString last;
+    mkBefore toLower;
  inherit (lib.flake) defaultSystems;
 in
 rec {
@@ -23,7 +23,7 @@ rec {
  attrsToNVList = mapAttrsToList nameValuePair;
-  inherit ((import "${inputs.libnetRepo}/lib/netu.nix" { inherit lib; }).lib) net;
+  inherit (import ./net.nix { inherit lib; }) net;
  dns = import ./dns.nix { inherit lib; };
  c = import ./constants.nix { inherit lib; };
@@ -53,7 +53,7 @@ rec {
    in mkApp "${app}/bin/${app.meta.mainProgram}";
  flakePackageOverlay' = flake: pkg: system: (final: prev:
    let
-      pkg' = if pkg != null then flake.packages.${system}.${pkg} else flake.packages.${system}.default;
+      pkg' = if pkg != null then flake.packages.${system}.${pkg} else flake.defaultPackage.${system};
      name = if pkg != null then pkg else pkg'.name;
    in
    {
@@ -248,13 +248,12 @@ rec {
  in
  {
    trivial = prev.trivial // {
-      release = "25.09:u-${prev.trivial.release}";
+      release = "24.07:u-${prev.trivial.release}";
-      codeName = "Giving";
+      codeName = "Diffed";
      revisionWithDefault = default: self.rev or default;
      versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}";
    };
  };
  upstreamRelease = last (splitString "-" lib.trivial.release);
  netbootKeaClientClasses = { tftpIP, hostname, systems }:
  let
--- a/lib/net.nix
+++ b/lib/net.nix
--- a/nixos/boxes/britnet.nix
+++ b/nixos/boxes/britnet.nix
@@ -1,191 +0,0 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.britnet) domain pubV4 prefixes;
 in
 {
  nixos.systems.britnet = {
    system = "x86_64-linux";
    nixpkgs = "mine";
    assignments = {
      allhost = {
        inherit domain;
        ipv4 = {
          address = pubV4;
          mask = 24;
          gateway = "77.74.199.1";
        };
        ipv6 = {
          address = "2a12:ab46:5344:99::a";
          gateway = "2a12:ab46:5344::1";
        };
      };
      vpn = {
        ipv4 = {
          address = net.cidr.host 1 prefixes.vpn.v4;
          gateway = null;
        };
        ipv6.address = net.cidr.host 1 prefixes.vpn.v6;
      };
    };
    configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
      let
        inherit (lib) mkMerge mkForce;
        inherit (lib.my) networkdAssignment;
      in
      {
        imports = [
          "${modulesPath}/profiles/qemu-guest.nix"
        ];
        config = mkMerge [
          {
            boot = {
              initrd.availableKernelModules = [
                "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sr_mod" "virtio_blk"
              ];
              loader = {
                systemd-boot.enable = false;
                grub = {
                  enable = true;
                  device = "/dev/vda";
                };
              };
            };
            fileSystems = {
              "/boot" = {
                device = "/dev/disk/by-uuid/457444a1-81dd-4934-960c-650ad16c92b5";
                fsType = "ext4";
              };
              "/nix" = {
                device = "/dev/disk/by-uuid/992c0c79-5be6-45b6-bc30-dc82e3ec082a";
                fsType = "ext4";
              };
              "/persist" = {
                device = "/dev/disk/by-uuid/f020a955-54d5-4098-98ba-d3615781d96a";
                fsType = "ext4";
                neededForBoot = true;
              };
            };
            environment = {
              systemPackages = with pkgs; [
                wireguard-tools
              ];
            };
            services = {
              iperf3 = {
                enable = true;
                openFirewall = true;
              };
              tailscale = {
                enable = true;
                authKeyFile = config.age.secrets."tailscale-auth.key".path;
                openFirewall = true;
                interfaceName = "tailscale0";
                extraUpFlags = [
                  "--operator=${config.my.user.config.name}"
                  "--login-server=https://hs.nul.ie"
                  "--netfilter-mode=off"
                  "--advertise-exit-node"
                  "--accept-routes=false"
                ];
              };
            };
            networking = { inherit domain; };
            systemd.network = {
              netdevs = {
                "30-wg0" = {
                  netdevConfig = {
                    Name = "wg0";
                    Kind = "wireguard";
                  };
                  wireguardConfig = {
                    PrivateKeyFile = config.age.secrets."britnet/wg.key".path;
                    ListenPort = lib.my.c.britnet.vpn.port;
                  };
                  wireguardPeers = [
                    {
                      PublicKey = "EfPwREfZ/q3ogHXBIqFZh4k/1NRJRyq4gBkBXtegNkE=";
                      AllowedIPs = [
                        (net.cidr.host 10 prefixes.vpn.v4)
                        (net.cidr.host 10 prefixes.vpn.v6)
                      ];
                    }
                  ];
                };
              };
              links = {
                "10-veth0" = {
                  matchConfig.PermanentMACAddress = "00:db:d9:62:68:1a";
                  linkConfig.Name = "veth0";
                };
              };
              networks = {
                "20-veth0" = mkMerge [
                  (networkdAssignment "veth0" assignments.allhost)
                  {
                    dns = [ "1.1.1.1" "1.0.0.1" ];
                    routes = [
                      {
                        # Gateway is on a different network for some reason...
                        Destination = "2a12:ab46:5344::1";
                        Scope = "link";
                      }
                    ];
                  }
                ];
                "30-wg0" = mkMerge [
                  (networkdAssignment "wg0" assignments.vpn)
                  {
                    networkConfig.IPv6AcceptRA = mkForce false;
                  }
                ];
              };
            };
            my = {
              server.enable = true;
              secrets = {
                key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIEx+1EC/lN6WKIaOB+O5LJgVHRK962YpZEPQg/m78O";
                files = {
                  "tailscale-auth.key" = {};
                  "britnet/wg.key" = {
                    owner = "systemd-network";
                  };
                };
              };
              firewall = {
                udp.allowed = [ lib.my.c.britnet.vpn.port ];
                trustedInterfaces = [ "tailscale0" ];
                extraRules = ''
                  table inet filter {
                    chain forward {
                      iifname wg0 oifname veth0 accept
                    }
                  }
                  table inet nat {
                    chain postrouting {
                      iifname { tailscale0, wg0 } oifname veth0 snat ip to ${assignments.allhost.ipv4.address}
                      iifname { tailscale0, wg0 } oifname veth0 snat ip6 to ${assignments.allhost.ipv6.address}
                    }
                  }
                '';
              };
            };
          }
        ];
      };
  };
 }
--- a/nixos/boxes/britway/bgp.nix
+++ b/nixos/boxes/britway/bgp.nix
@@ -11,24 +11,23 @@ in
  config = {
    my = {
      secrets.files."britway/bgp-password-vultr.conf" = {
-        owner = "bird";
+        owner = "bird2";
-        group = "bird";
+        group = "bird2";
      };
    };
    environment.etc."bird/vultr-password.conf".source = config.age.secrets."britway/bgp-password-vultr.conf".path;
    systemd = {
-      services.bird.after = [ "systemd-networkd-wait-online@veth0.service" ];
+      services.bird2.after = [ "systemd-networkd-wait-online@veth0.service" ];
      network = {
        config.networkConfig.ManageForeignRoutes = false;
      };
    };
    services = {
-      bird = {
+      bird2 = {
        enable = true;
        package = pkgs.bird2;
        preCheckConfig = ''
          echo '"dummy"' > vultr-password.conf
        '';
--- a/nixos/boxes/britway/default.nix
+++ b/nixos/boxes/britway/default.nix
@@ -106,7 +106,7 @@ in
                  {
                    matchConfig.Name = "as211024";
                    networkConfig.IPv6AcceptRA = mkForce false;
-                    routes = [
+                    routes = map (r: { routeConfig = r; }) [
                      {
                        Destination = lib.my.c.colony.prefixes.all.v4;
                        Gateway = allAssignments.estuary.as211024.ipv4.address;
@@ -123,7 +123,7 @@ in
                        Table = "ts-extra";
                      }
                    ];
-                    routingPolicyRules = [
+                    routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
                      {
                        IncomingInterface = "tailscale0";
                        To = lib.my.c.colony.prefixes.all.v6;
--- a/nixos/boxes/britway/nginx.nix
+++ b/nixos/boxes/britway/nginx.nix
@@ -80,7 +80,7 @@ in
              };
            };
-            "hs.${pubDomain}" = {
+            "ts.${pubDomain}" = {
              locations."/" = {
                proxyPass = "http://localhost:${toString config.services.headscale.port}";
                proxyWebsockets = true;
--- a/nixos/boxes/britway/tailscale.nix
+++ b/nixos/boxes/britway/tailscale.nix
@@ -1,13 +1,24 @@
 { lib, pkgs, config, assignments, allAssignments, ... }:
 let
  inherit (lib) concatStringsSep;
  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.britway) prefixes domain;
-  advRoutes = concatStringsSep "," [
+  # Can't use overrideAttrs because we need to override `vendorHash` within `buildGoModule`
-    lib.my.c.home.prefixes.all.v4
+  headscale = (pkgs.headscale.override {
-    lib.my.c.home.prefixes.all.v6
+    buildGoModule = args: pkgs.buildGoModule (args // rec {
-  ];
+      version = "0.23.0-alpha12";
      src = pkgs.fetchFromGitHub {
        owner = "juanfont";
        repo = "headscale";
        rev = "v${version}";
        hash = "sha256-kZZK0cXnFARxblSMz01TDcBbTorkHGAwGpR+a4/mYfU=";
      };
      patches = [];
      vendorHash = "sha256-EorT2AVwA3usly/LcNor6r5UIhLCdj3L4O4ilgTIC2o=";
      doCheck = false;
    });
  });
  pubNameservers = [
    "1.1.1.1"
    "1.0.0.1"
@@ -25,21 +36,21 @@ in
    services = {
      headscale = {
        enable = true;
        package = headscale;
        settings = {
          disable_check_updates = true;
          unix_socket_permission = "0770";
-          server_url = "https://hs.${pubDomain}";
+          server_url = "https://ts.${pubDomain}";
          database = {
            type = "sqlite3";
            sqlite.path = "/var/lib/headscale/db.sqlite3";
          };
          noise.private_key_path = "/var/lib/headscale/noise_private.key";
          prefixes = with lib.my.c.tailscale.prefix; { inherit v4 v6; };
-          dns = {
+          dns_config = {
            override_local_dns = false;
            # Use IPs that will route inside the VPN to prevent interception
            # (e.g. DNS rebinding filtering)
-            nameservers.split = {
+            restricted_nameservers = {
              "${domain}" = pubNameservers;
              "${lib.my.c.colony.domain}" = with allAssignments.estuary.base; [
                ipv4.address ipv6.address
@@ -53,6 +64,7 @@ in
            };
            magic_dns = true;
            base_domain = "ts.${pubDomain}";
            override_local_dns = false;
          };
          oidc = {
            only_start_if_oidc_is_available = true;
@@ -72,10 +84,9 @@ in
        interfaceName = "tailscale0";
        extraUpFlags = [
          "--operator=${config.my.user.config.name}"
-          "--login-server=https://hs.nul.ie"
+          "--login-server=https://ts.nul.ie"
          "--netfilter-mode=off"
          "--advertise-exit-node"
          "--advertise-routes=${advRoutes}"
          "--accept-routes=false"
        ];
      };
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@@ -252,10 +252,10 @@ in
                  };
                  ipv6Prefixes = [
                    {
-                      Prefix = prefixes.vms.v6;
+                      ipv6PrefixConfig.Prefix = prefixes.vms.v6;
                    }
                  ];
-                  routes = [
+                  routes = map (r: { routeConfig = r; }) [
                    {
                      Destination = prefixes.ctrs.v4;
                      Gateway = allAssignments.shill.routing.ipv4.address;
@@ -327,10 +327,10 @@ in
                };
                ipv6Prefixes = [
                  {
-                    Prefix = prefixes.mail.v6;
+                    ipv6PrefixConfig.Prefix = prefixes.mail.v6;
                  }
                ];
-                routes = [
+                routes = map (r: { routeConfig = r; }) [
                  {
                    Destination = prefixes.mail.v4;
                    Scope = "link";
@@ -350,10 +350,10 @@ in
                };
                ipv6Prefixes = [
                  {
-                    Prefix = prefixes.darts.v6;
+                    ipv6PrefixConfig.Prefix = prefixes.darts.v6;
                  }
                ];
-                routes = [
+                routes = map (r: { routeConfig = r; }) [
                  {
                    Destination = prefixes.darts.v4;
                    Scope = "link";
--- a/nixos/boxes/colony/vms/estuary/bgp.nix
+++ b/nixos/boxes/colony/vms/estuary/bgp.nix
@@ -8,9 +8,8 @@ in
 {
  config = {
    services = {
-      bird = {
+      bird2 = {
        enable = true;
        package = pkgs.bird2;
        # TODO: Clean up and modularise
        config = ''
          define OWNAS = 211024;
@@ -251,87 +250,41 @@ in
            neighbor 2001:7f8:10f::dc49:254 as 56393;
          }
          protocol bgp ixp4_frysix_rs3 from ixp_bgp4 {
            description "Frys-IX route server 3 (IPv4)";
            neighbor 185.1.160.255 as 56393;
          }
          protocol bgp ixp6_frysix_rs3 from ixp_bgp6 {
            description "Frys-IX route server 3 (IPv6)";
            neighbor 2001:7f8:10f::dc49:1 as 56393;
          }
          protocol bgp ixp4_frysix_rs4 from ixp_bgp4 {
            description "Frys-IX route server 4 (IPv4)";
            neighbor 185.1.161.0 as 56393;
          }
          protocol bgp ixp6_frysix_rs4 from ixp_bgp6 {
            description "Frys-IX route server 4 (IPv6)";
            neighbor 2001:7f8:10f::dc49:2 as 56393;
          }
          protocol bgp peer4_frysix_luje from peer_bgp4 {
            description "LUJE.net (on Frys-IX, IPv4)";
-            neighbor 185.1.160.152 as 212855;
+            neighbor 185.1.203.152 as 212855;
          }
          protocol bgp peer6_frysix_luje from peer_bgp6 {
            description "LUJE.net (on Frys-IX, IPv6)";
            neighbor 2001:7f8:10f::3:3f95:152 as 212855;
          }
          protocol bgp peer4_frysix_he from peer_bgp4 {
            description "Hurricane Electric (on Frys-IX, IPv4)";
-            neighbor 185.1.160.154 as 6939;
+            neighbor 185.1.203.154 as 6939;
          }
-
+          protocol bgp peer4_frysix_cloudflare from peer_bgp4 {
-          protocol bgp peer4_frysix_cloudflare1_old from peer_bgp4 {
+            description "Cloudflare (on Frys-IX, IPv4)";
            description "Cloudflare 1 (on Frys-IX, IPv4)";
            neighbor 185.1.203.217 as 13335;
          }
-          protocol bgp peer4_frysix_cloudflare2_old from peer_bgp4 {
+          protocol bgp peer6_frysix_cloudflare from peer_bgp6 {
-            description "Cloudflare 2 (on Frys-IX, IPv4)";
+            description "Cloudflare (on Frys-IX, IPv6)";
            neighbor 185.1.203.109 as 13335;
          }
          protocol bgp peer4_frysix_cloudflare1 from peer_bgp4 {
            description "Cloudflare 1 (on Frys-IX, IPv4)";
            neighbor 185.1.160.217 as 13335;
          }
          protocol bgp peer4_frysix_cloudflare2 from peer_bgp4 {
            description "Cloudflare 2 (on Frys-IX, IPv4)";
            neighbor 185.1.160.109 as 13335;
          }
          protocol bgp peer6_frysix_cloudflare1 from peer_bgp6 {
            description "Cloudflare 1 (on Frys-IX, IPv6)";
            neighbor 2001:7f8:10f::3417:217 as 13335;
          }
          protocol bgp peer6_frysix_cloudflare2 from peer_bgp6 {
            description "Cloudflare 2 (on Frys-IX, IPv6)";
            neighbor 2001:7f8:10f::3417:109 as 13335;
          }
          protocol bgp peer4_frysix_jurrian from peer_bgp4 {
            description "AS212635 aka jurrian (on Frys-IX, IPv4)";
-            neighbor 185.1.160.134 as 212635;
+            neighbor 185.1.203.134 as 212635;
          }
          protocol bgp peer6_frysix_jurrian from peer_bgp6 {
            description "AS212635 aka jurrian (on Frys-IX, IPv6)";
            neighbor 2001:7f8:10f::3:3e9b:134 as 212635;
          }
-
+          protocol bgp peer4_frysix_meta1 from peer_bgp4 {
          protocol bgp peer4_frysix_meta1_old from peer_bgp4 {
            description "Meta 1 (on Frys-IX, IPv4)";
            neighbor 185.1.203.225 as 32934;
          }
          protocol bgp peer4_frysix_meta2_old from peer_bgp4 {
            description "Meta 2 (on Frys-IX, IPv4)";
            neighbor 185.1.203.226 as 32934;
          }
          protocol bgp peer4_frysix_meta1 from peer_bgp4 {
            description "Meta 1 (on Frys-IX, IPv4)";
            neighbor 185.1.160.225 as 32934;
          }
          protocol bgp peer4_frysix_meta2 from peer_bgp4 {
            description "Meta 2 (on Frys-IX, IPv4)";
-            neighbor 185.1.160.226 as 32934;
+            neighbor 185.1.203.226 as 32934;
          }
          protocol bgp peer6_frysix_meta1 from peer_bgp6 {
            description "Meta 1 (on Frys-IX, IPv6)";
@@ -364,36 +317,36 @@ in
            ipv6 { preference (PREFIXP-1); };
          }
-          # protocol bgp peer4_nlix_cloudflare1 from peer_bgp4 {
+          protocol bgp peer4_nlix_cloudflare1 from peer_bgp4 {
-          #   description "Cloudflare NL-ix 1 (IPv4)";
+            description "Cloudflare NL-ix 1 (IPv4)";
-          #   neighbor 193.239.117.14 as 13335;
+            neighbor 193.239.117.14 as 13335;
-          #   ipv4 { preference (PREFPEER-1); };
+            ipv4 { preference (PREFPEER-1); };
-          # }
+          }
-          # protocol bgp peer4_nlix_cloudflare2 from peer_bgp4 {
+          protocol bgp peer4_nlix_cloudflare2 from peer_bgp4 {
-          #   description "Cloudflare NL-ix 2 (IPv4)";
+            description "Cloudflare NL-ix 2 (IPv4)";
-          #   neighbor 193.239.117.114 as 13335;
+            neighbor 193.239.117.114 as 13335;
-          #   ipv4 { preference (PREFPEER-1); };
+            ipv4 { preference (PREFPEER-1); };
-          # }
+          }
-          # protocol bgp peer4_nlix_cloudflare3 from peer_bgp4 {
+          protocol bgp peer4_nlix_cloudflare3 from peer_bgp4 {
-          #   description "Cloudflare NL-ix 3 (IPv4)";
+            description "Cloudflare NL-ix 3 (IPv4)";
-          #   neighbor 193.239.118.138 as 13335;
+            neighbor 193.239.118.138 as 13335;
-          #   ipv4 { preference (PREFPEER-1); };
+            ipv4 { preference (PREFPEER-1); };
-          # }
+          }
-          # protocol bgp peer6_nlix_cloudflare1 from peer_bgp6 {
+          protocol bgp peer6_nlix_cloudflare1 from peer_bgp6 {
-          #   description "Cloudflare NL-ix 1 (IPv6)";
+            description "Cloudflare NL-ix 1 (IPv6)";
-          #   neighbor 2001:7f8:13::a501:3335:1 as 13335;
+            neighbor 2001:7f8:13::a501:3335:1 as 13335;
-          #   ipv6 { preference (PREFPEER-1); };
+            ipv6 { preference (PREFPEER-1); };
-          # }
+          }
-          # protocol bgp peer6_nlix_cloudflare2 from peer_bgp6 {
+          protocol bgp peer6_nlix_cloudflare2 from peer_bgp6 {
-          #   description "Cloudflare NL-ix 2 (IPv6)";
+            description "Cloudflare NL-ix 2 (IPv6)";
-          #   neighbor 2001:7f8:13::a501:3335:2 as 13335;
+            neighbor 2001:7f8:13::a501:3335:2 as 13335;
-          #   ipv6 { preference (PREFPEER-1); };
+            ipv6 { preference (PREFPEER-1); };
-          # }
+          }
-          # protocol bgp peer6_nlix_cloudflare3 from peer_bgp6 {
+          protocol bgp peer6_nlix_cloudflare3 from peer_bgp6 {
-          #   description "Cloudflare NL-ix 3 (IPv6)";
+            description "Cloudflare NL-ix 3 (IPv6)";
-          #   neighbor 2001:7f8:13::a501:3335:3 as 13335;
+            neighbor 2001:7f8:13::a501:3335:3 as 13335;
-          #   ipv6 { preference (PREFPEER-1); };
+            ipv6 { preference (PREFPEER-1); };
-          # }
+          }
          protocol bgp peer4_nlix_jurrian from peer_bgp4 {
            description "AS212635 aka jurrian (on NL-ix, IPv4)";
            neighbor 193.239.117.55 as 212635;
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -164,9 +164,11 @@ in
                    };
                    wireguardPeers = [
                      {
                        wireguardPeerConfig = {
                          PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E=";
                          AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ];
                          PersistentKeepalive = 25;
                        };
                      }
                    ];
                  };
@@ -219,9 +221,6 @@ in
              mkMerge
              [
                (mkIXPConfig "frys-ix" "185.1.203.196/24" "2001:7f8:10f::3:3850:196/64")
                # FrysIX is migrating to a /23
                { "85-frys-ix".address = [ "185.1.160.196/23" ]; }
                (mkIXPConfig "nl-ix" "193.239.116.145/22" "2001:7f8:13::a521:1024:1/64")
                (mkIXPConfig "fogixp" "185.1.147.159/24" "2001:7f8:ca:1::159/64")
              {
@@ -279,10 +278,11 @@ in
                    };
                    ipv6Prefixes = [
                      {
-                        Prefix = prefixes.base.v6;
+                        ipv6PrefixConfig.Prefix = prefixes.base.v6;
                      }
                    ];
-                    routes = flatten ([
+                    routes = map (r: { routeConfig = r; }) (flatten
                      ([
                        {
                          Destination = prefixes.vip1;
                          Gateway = allAssignments.colony.routing.ipv4.address;
@@ -323,7 +323,7 @@ in
                          Destination = prefixes."${pName}".v6;
                          Gateway = allAssignments.colony.internal.ipv6.address;
                        }
-                    ]) [ "vms" "ctrs" "oci" ]));
+                      ]) [ "vms" "ctrs" "oci" ])));
                  }
                ];
@@ -332,7 +332,7 @@ in
                  {
                    matchConfig.Name = "as211024";
                    networkConfig.IPv6AcceptRA = mkForce false;
-                    routes = [
+                    routes = map (r: { routeConfig = r; }) [
                      {
                        Destination = lib.my.c.home.prefixes.all.v4;
                        Gateway = lib.my.c.home.vips.as211024.v4;
@@ -344,8 +344,10 @@ in
                  matchConfig.Name = "kelder";
                  routes = [
                    {
                      routeConfig = {
                        Destination = allAssignments.kelder.estuary.ipv4.address;
                        Scope = "link";
                      };
                    }
                  ];
                };
@@ -402,19 +404,14 @@ in
                      ip6 daddr ${aa.middleman.internal.ipv6.address} tcp dport { http, https, 8448 } accept
                      ${matchInet "tcp dport { http, https } accept" "git"}
-                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport 25565 accept
+                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport { 25565, 25575 } accept
                      ip6 daddr ${aa.simpcraft-staging-oci.internal.ipv6.address} tcp dport 25565 accept
                      ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} tcp dport 25567 accept
                      ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} tcp dport 25568 accept
                      return
                    }
                    chain routing-udp {
                      ip6 daddr ${aa.valheim-oci.internal.ipv6.address} udp dport { 2456-2457 } accept
                      ip6 daddr ${aa.waffletail.internal.ipv6.address} udp dport 41641 accept
                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} udp dport 25565 accept
                      ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept
                      ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} udp dport 25567 accept
                      ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} udp dport 25568 accept
                      return
                    }
                    chain filter-routing {
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -14,7 +14,7 @@ in
          owner = "pdns";
          group = "pdns";
        };
-        "estuary/pdns/recursor.yml" = {
+        "estuary/pdns/recursor.conf" = {
          owner = "pdns-recursor";
          group = "pdns-recursor";
        };
@@ -31,7 +31,7 @@ in
      pdns.recursor = {
        enable = true;
-        extraSettingsFile = config.age.secrets."estuary/pdns/recursor.yml".path;
+        extraSettingsFile = config.age.secrets."estuary/pdns/recursor.conf".path;
      };
    };
@@ -44,37 +44,34 @@ in
      };
      pdns-recursor = {
-        yaml-settings = {
+        dns = {
-          incoming = {
+          address = [
            listen = [
            "127.0.0.1" "::1"
            assignments.base.ipv4.address assignments.base.ipv6.address
          ];
-            allow_from = [
+          allowFrom = [
            "127.0.0.0/8" "::1/128"
            prefixes.all.v4 prefixes.all.v6
          ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]);
            # DNS NOTIFY messages override TTL
            allow_notify_for = authZones;
            allow_notify_from = [ "127.0.0.0/8" "::1/128" ];
        };
-          outgoing = {
+        settings = {
-            source_address = [
+          query-local-address = [
            assignments.internal.ipv4.address
            assignments.internal.ipv6.address
            assignments.base.ipv6.address
          ];
-          };
+          forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
-          recursor = {
+          # DNS NOTIFY messages override TTL
-            forward_zones = map (z: {
+          allow-notify-for = authZones;
-              zone = z;
+          allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
              forwarders = [ "127.0.0.1:5353" ];
            }) authZones;
-            lua_dns_script = pkgs.writeText "pdns-script.lua" ''
+          webserver = true;
          webserver-address = "::";
          webserver-allow-from = [ "127.0.0.1" "::1" ];
          lua-dns-script = pkgs.writeText "pdns-script.lua" ''
            function preresolve(dq)
              if dq.qname:equal("nix-cache.nul.ie") then
                dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.")
@@ -87,13 +84,6 @@ in
            end
          '';
        };
          webservice = {
            webserver = true;
            address = "::";
            allow_from = [ "127.0.0.1" "::1" ];
          };
        };
      };
    };
@@ -163,11 +153,6 @@ in
            simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address}
            simpcraft-staging IN A ${assignments.internal.ipv4.address}
            simpcraft-staging IN AAAA ${allAssignments.simpcraft-staging-oci.internal.ipv6.address}
            enshrouded IN A ${assignments.internal.ipv4.address}
            kevcraft IN A ${assignments.internal.ipv4.address}
            kevcraft IN AAAA ${allAssignments.kevcraft-oci.internal.ipv6.address}
            kinkcraft IN A ${assignments.internal.ipv4.address}
            kinkcraft IN AAAA ${allAssignments.kinkcraft-oci.internal.ipv6.address}
            mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
            mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
--- a/nixos/boxes/colony/vms/git/default.nix
+++ b/nixos/boxes/colony/vms/git/default.nix
@@ -4,7 +4,7 @@ let
  inherit (lib) mkMerge mkDefault;
  inherit (lib.my) net;
  inherit (lib.my.c) pubDomain;
-  inherit (lib.my.c.colony) domain prefixes firewallForwards;
+  inherit (lib.my.c.colony) domain prefixes;
  inherit (lib.my.c.nginx) baseHttpConfig proxyHeaders;
 in
 {
@@ -197,7 +197,6 @@ in
              firewall = {
                tcp.allowed = [ 19999 "http" "https" ];
                nat.forwardPorts."${allAssignments.estuary.internal.ipv4.address}" = firewallForwards allAssignments;
                extraRules = ''
                  table inet filter {
                    chain forward {
--- a/nixos/boxes/colony/vms/git/gitea-actions.nix
+++ b/nixos/boxes/colony/vms/git/gitea-actions.nix
@@ -35,11 +35,6 @@ in
          ];
          url = "https://git.${pubDomain}";
          tokenFile = config.age.secrets."gitea/actions-runner.env".path;
          settings = {
            runner = {
              timeout = "8h";
            };
          };
        };
      };
    };
--- a/nixos/boxes/colony/vms/shill/containers-ext.nix
+++ b/nixos/boxes/colony/vms/shill/containers-ext.nix
@@ -47,10 +47,10 @@ in
        };
        ipv6Prefixes = [
          {
-            Prefix = prefixes.jam.v6;
+            ipv6PrefixConfig.Prefix = prefixes.jam.v6;
          }
        ];
-        routes = [
+        routes = map (r: { routeConfig = r; }) [
          {
            Destination = prefixes.jam.v4;
            Scope = "link";
--- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
@@ -50,6 +50,11 @@ in
                  group = "matrix-synapse";
                };
                "chatterbox/syncv3.env" = {
                  owner = "matrix-syncv3";
                  group = "matrix-syncv3";
                };
                "chatterbox/mautrix-whatsapp.env" = {
                  owner = "mautrix-whatsapp";
                  group = "mautrix-whatsapp";
@@ -75,21 +80,32 @@ in
              matrix-synapse.extraGroups = [
                "mautrix-whatsapp"
              ];
              matrix-syncv3 = {
                isSystemUser = true;
                uid = uids.matrix-syncv3;
                group = "matrix-syncv3";
              };
            };
            groups = {
              matrix-syncv3.gid = gids.matrix-syncv3;
            };
            groups = { };
          };
          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
-            services = { } // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
+            services = {
              matrix-sliding-sync.serviceConfig = {
                # Needs to be able to read its secrets
                DynamicUser = mkForce false;
                User = "matrix-syncv3";
                Group = "matrix-syncv3";
              };
            } // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
              # ffmpeg needed to convert GIFs to video
              path = with pkgs; [ ffmpeg ];
            }));
          };
          # TODO/FIXME: https://github.com/NixOS/nixpkgs/issues/336052
          nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
          services = {
            netdata.enable = true;
            matrix-synapse = {
@@ -177,10 +193,20 @@ in
                app_service_config_files = [
                  "/var/lib/heisenbridge/registration.yml"
                  config.age.secrets."chatterbox/doublepuppet.yaml".path
                  "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
                ];
              };
            };
            matrix-sliding-sync = {
              enable = true;
              createDatabase = false;
              environmentFile = config.age.secrets."chatterbox/syncv3.env".path;
              settings = {
                SYNCV3_BINDADDR = "[::]:8009";
                SYNCV3_SERVER = "http://localhost:8008";
              };
            };
            heisenbridge = {
              enable = true;
@@ -259,12 +285,10 @@ in
                      avatar = "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak";
                    };
                  };
-                  network = {
+                  meta.mode = "messenger";
                    mode = "messenger";
                    displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
                  };
                  bridge = {
                    username_template = "fbm2_{{.}}";
                    displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
                    personal_filtering_spaces = true;
                    delivery_receipts = true;
                    management_room_text.welcome = "Hello, I'm a Messenger bridge bot.";
@@ -307,12 +331,10 @@ in
                      avatar = "mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv";
                    };
                  };
-                  network = {
+                  meta.mode = "instagram";
                    mode = "instagram";
                    displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
                  };
                  bridge = {
                    username_template = "ig_{{.}}";
                    displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
                    personal_filtering_spaces = true;
                    delivery_receipts = true;
                    management_room_text.welcome = "Hello, I'm an Instagram bridge bot.";
@@ -328,7 +350,6 @@ in
                    };
                    permissions = {
                      "@dev:nul.ie" = "admin";
                      "@adzerq:nul.ie" = "user";
                    };
                  };
                };
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
@@ -23,7 +23,7 @@ in
      };
    };
-    configuration = { lib, pkgs, config, allAssignments, ... }:
+    configuration = { lib, pkgs, config, ... }:
    let
      inherit (lib) mkForce;
    in
@@ -39,20 +39,10 @@ in
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53";
            files = {
              "jackflix/photoprism-pass.txt" = {};
              "jackflix/copyparty-pass.txt" = {
                owner = "copyparty";
                group = "copyparty";
            };
          };
        };
          firewall = {
            tcp.allowed = [
              3923
            ];
          };
        };
        users = with lib.my.c.ids; {
          users = {
            "${config.my.user.config.name}".extraGroups = [ "media" ];
@@ -70,16 +60,11 @@ in
              uid = uids.photoprism;
              group = "photoprism";
            };
            copyparty = {
              uid = uids.copyparty;
              extraGroups = [ "media" ];
            };
          };
          groups = {
            media.gid = 2000;
            jellyseerr.gid = gids.jellyseerr;
            photoprism.gid = gids.photoprism;
            copyparty.gid = gids.copyparty;
          };
        };
@@ -138,7 +123,6 @@ in
            };
          };
          flaresolverr.enable = true;
          jackett.enable = true;
          radarr.enable = true;
          sonarr.enable = true;
@@ -166,50 +150,6 @@ in
              PHOTOPRISM_DATABASE_DRIVER = "sqlite";
            };
          };
          copyparty = {
            enable = true;
            package = pkgs.copyparty.override {
              withMagic = true;
            };
            settings = {
              name = "dev-stuff";
              no-reload = true;
              j = 8; # cores
              http-only = true;
              xff-src =
                with allAssignments.middleman.internal;
                [ "${ipv4.address}/32" prefixes.ctrs.v6 ];
              rproxy = 1; # get if from x-forwarded-for
              magic = true; # enable checking file magic on upload
              hist = "/var/cache/copyparty";
              shr = "/share"; # enable share creation
              ed = true; # enable dotfiles
              chmod-f = 664;
              chmod-d = 775;
              e2dsa = true; # file indexing
              e2t = true; # metadata indexing
              og-ua = "(Discord|Twitter|Slack)bot"; # embeds
              theme = 6;
            };
            accounts.dev.passwordFile = config.age.secrets."jackflix/copyparty-pass.txt".path;
            volumes = {
              "/" = {
                path = "/mnt/media/public";
                access = {
                  A = "dev";
                  "r." = "*";
                };
                flags = {
                  shr_who = "no"; # no reason to have shares here
                };
              };
              "/priv" = {
                path = "/mnt/media/stuff";
                access.A = "dev"; # dev has admin access
              };
            };
          };
        };
      };
    };
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
@@ -71,12 +71,14 @@ in
              RouteTable = routeTable;
            };
            wireguardPeers = [
              # AirVPN NL
              {
                # AirVPN NL
                wireguardPeerConfig = {
                  Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
                  PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
                  PresharedKeyFile = config.age.secrets."${pskFile}".path;
                  AllowedIPs = [ "0.0.0.0/0" "::/0" ];
                };
              }
            ];
          };
@@ -92,7 +94,7 @@ in
              matchConfig.Name = "vpn";
              address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
              dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
-              routingPolicyRules = [
+              routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
                {
                  Family = "both";
                  SuppressPrefixLength = 0;
--- a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
@@ -251,9 +251,6 @@ in
              proxyResolveWhileRunning = true;
              sslDhparam = config.age.secrets."dhparams.pem".path;
              appendConfig = ''
                worker_processes auto;
              '';
              # Based on recommended*Settings, but probably better to be explicit about these
              appendHttpConfig = ''
                ${baseHttpConfig}
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -35,6 +35,7 @@ let
      # For clients
      (mkWellKnown "matrix/client" (toJSON {
        "m.homeserver".base_url = "https://matrix.nul.ie";
        "org.matrix.msc3575.proxy".url = "https://matrix-syncv3.nul.ie";
      }))
    ];
  };
@@ -49,7 +50,6 @@ let
    "/.well-known/webfinger".return = "301 https://toot.nul.ie$request_uri";
    "/.well-known/nodeinfo".return = "301 https://toot.nul.ie$request_uri";
    "/.well-known/host-meta".return = "301 https://toot.nul.ie$request_uri";
    "/.well-known/atproto-did".return = "301 https://pds.nul.ie$request_uri";
  };
 in
 {
@@ -80,10 +80,6 @@ in
                  sha256 = "018wh6ps19n7323fi44njzj9yd4wqslc90dykbwfyscv7bgxhlar";
                };
              }
              {
                name = "ssh.pub";
                path = lib.my.c.sshKeyFiles.me;
              }
            ];
          }
          wellKnown
@@ -186,6 +182,10 @@ in
        ];
        useACMEHost = pubDomain;
      };
      "matrix-syncv3.${pubDomain}" = {
        locations."/".proxyPass = "http://chatterbox-ctr.${domain}:8009";
        useACMEHost = pubDomain;
      };
      "element.${pubDomain}" =
      let
@@ -327,15 +327,6 @@ in
        useACMEHost = pubDomain;
      };
      "pds.nul.ie" = {
        locations."/" = {
          proxyPass = "http://toot-ctr.${domain}:3000";
          proxyWebsockets = true;
          extraConfig = proxyHeaders;
        };
        useACMEHost = pubDomain;
      };
      "share.${pubDomain}" = {
        locations."/" = {
          proxyPass = "http://object-ctr.${domain}:9090";
@@ -347,13 +338,16 @@ in
      "stuff.${pubDomain}" = {
        locations."/" = {
-          proxyPass = "http://jackflix-ctr.${domain}:3923";
+          basicAuthFile = config.age.secrets."middleman/htpasswd".path;
          root = "/mnt/media/stuff";
          extraConfig = ''
            fancyindex on;
            fancyindex_show_dotfiles on;
          '';
        };
        useACMEHost = pubDomain;
      };
      "public.${pubDomain}" = {
        onlySSL = false;
        addSSL = true;
        serverAliases = [ "p.${pubDomain}" ];
        locations."/" = {
          root = "/mnt/media/public";
@@ -374,11 +368,6 @@ in
        useACMEHost = pubDomain;
      };
      "mc-map-kink.${pubDomain}" = {
        locations."/".proxyPass = "http://kinkcraft-oci.${domain}:8100";
        useACMEHost = pubDomain;
      };
      "librespeed.${domain}" = {
        locations."/".proxyPass = "http://localhost:8989";
      };
@@ -429,14 +418,6 @@ in
        }
        (ssoServer "generic")
      ];
      "hass.${pubDomain}" = {
        locations."/" = {
          proxyPass = "http://hass-ctr.${home.domain}:8123";
          proxyWebsockets = true;
          extraConfig = proxyHeaders;
        };
        useACMEHost = pubDomain;
      };
    };
    minio =
--- a/nixos/boxes/colony/vms/shill/containers/object.nix
+++ b/nixos/boxes/colony/vms/shill/containers/object.nix
@@ -216,7 +216,7 @@ in
            atticd = {
              enable = false;
-              environmentFile = config.age.secrets."object/atticd.env".path;
+              credentialsFile = config.age.secrets."object/atticd.env".path;
              settings = {
                listen = "[::]:8069";
                allowed-hosts = [ "nix-cache.${pubDomain}" ];
@@ -237,7 +237,7 @@ in
            harmonia = {
              enable = true;
-              signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
+              signKeyPath = config.age.secrets."nix-cache.key".path;
              settings = {
                priority = 30;
              };
--- a/nixos/boxes/colony/vms/shill/containers/toot.nix
+++ b/nixos/boxes/colony/vms/shill/containers/toot.nix
@@ -26,8 +26,6 @@ in
    let
      inherit (lib) mkMerge mkIf genAttrs;
      inherit (lib.my) networkdAssignment systemdAwaitPostgres;
      pdsPort = 3000;
    in
    {
      config = mkMerge [
@@ -38,7 +36,7 @@ in
            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSslLkDe54AKYzxdtKD70zcU72W0EpYsfbdJ6UFq0QK";
-              files = (genAttrs
+              files = genAttrs
                (map (f: "toot/${f}") [
                  "postgres-password.txt"
                  "secret-key.txt"
@@ -50,12 +48,7 @@ in
                (_: with config.services.mastodon; {
                  owner = user;
                  inherit group;
-                })) // {
+                });
                  "toot/pds.env" = {
                    owner = "pds";
                    group = "pds";
                  };
                };
            };
            firewall = {
@@ -63,7 +56,6 @@ in
                19999
                "http"
                pdsPort
              ];
            };
          };
@@ -87,7 +79,7 @@ in
            netdata.enable = true;
            mastodon = mkMerge [
              rec {
-                enable = false;
+                enable = true;
                localDomain = extraConfig.WEB_DOMAIN; # for nginx config
                extraConfig = {
                  LOCAL_DOMAIN = "nul.ie";
@@ -95,9 +87,7 @@ in
                };
                secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path;
-                # TODO: This was removed at some point.
+                otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
                # If we want to bring Mastodon back, this will probably need to be addressd.
                # otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
                vapidPrivateKeyFile = config.age.secrets."toot/vapid-key.txt".path;
                vapidPublicKeyFile = toString (pkgs.writeText
                  "vapid-pubkey.txt"
@@ -165,32 +155,6 @@ in
                };
              };
            };
            bluesky-pds = {
              enable = true;
              environmentFiles = [ config.age.secrets."toot/pds.env".path ];
              settings = {
                PDS_HOSTNAME = "pds.nul.ie";
                PDS_PORT = pdsPort;
                PDS_BLOBSTORE_DISK_LOCATION = null;
                PDS_BLOBSTORE_S3_BUCKET = "pds";
                PDS_BLOBSTORE_S3_ENDPOINT = "https://s3.nul.ie/";
                PDS_BLOBSTORE_S3_REGION = "eu-central-1";
                PDS_BLOBSTORE_S3_ACCESS_KEY_ID = "pds";
                PDS_BLOB_UPLOAD_LIMIT = "52428800";
                PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie";
                PDS_DID_PLC_URL = "https://plc.directory";
                PDS_INVITE_REQUIRED = 1;
                PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app";
                PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app";
                PDS_REPORT_SERVICE_URL = "https://mod.bsky.app";
                PDS_REPORT_SERVICE_DID = "did:plc:ar7c4by46qjdydhdevvrndac";
                PDS_CRAWLERS = "https://bsky.network";
              };
            };
          };
        }
        (mkIf config.my.build.isDevVM {
--- a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
+++ b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
@@ -99,8 +99,6 @@ in
            };
            borgbackup.jobs.vaultwarden = {
              readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];
              paths = [ vwData ];
              repo = "zh2855@zh2855.rsync.net:borg/vaultwarden2";
              doInit = true;
--- a/nixos/boxes/colony/vms/shill/containers/waffletail.nix
+++ b/nixos/boxes/colony/vms/shill/containers/waffletail.nix
@@ -86,7 +86,7 @@ in
            interfaceName = "tailscale0";
            extraUpFlags = [
              "--operator=${config.my.user.config.name}"
-              "--login-server=https://hs.nul.ie"
+              "--login-server=https://ts.nul.ie"
              "--netfilter-mode=off"
              "--advertise-exit-node"
              "--advertise-routes=${advRoutes}"
--- a/nixos/boxes/colony/vms/shill/default.nix
+++ b/nixos/boxes/colony/vms/shill/default.nix
@@ -140,10 +140,10 @@ in
                    };
                    ipv6Prefixes = [
                      {
-                        Prefix = prefixes.ctrs.v6;
+                        ipv6PrefixConfig.Prefix = prefixes.ctrs.v6;
                      }
                    ];
-                    routes = [
+                    routes = map (r: { routeConfig = r; }) [
                      {
                        Destination = lib.my.c.tailscale.prefix.v4;
                        Gateway = allAssignments.waffletail.internal.ipv4.address;
--- a/nixos/boxes/colony/vms/whale2/default.nix
+++ b/nixos/boxes/colony/vms/whale2/default.nix
@@ -52,9 +52,6 @@ in
      valheim-oci = 2;
      simpcraft-oci = 3;
      simpcraft-staging-oci = 4;
      enshrouded-oci = 5;
      kevcraft-oci = 6;
      kinkcraft-oci = 7;
    };
    configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@@ -69,7 +66,6 @@ in
          ./valheim.nix
          ./minecraft
          # ./enshrouded.nix
        ];
        config = mkMerge [
--- a/nixos/boxes/colony/vms/whale2/enshrouded.nix
+++ b/nixos/boxes/colony/vms/whale2/enshrouded.nix
@@ -1,35 +0,0 @@
 { lib, config, allAssignments, ... }:
 let
  inherit (lib) concatStringsSep;
  inherit (lib.my) dockerNetAssignment;
 in
 {
  config = {
    virtualisation.oci-containers.containers = {
      enshrouded = {
        image = "sknnr/enshrouded-dedicated-server@sha256:f163e8ba9caa2115d8a0a7b16c3696968242fb6fba82706d9a77a882df083497";
        environment = {
          SERVER_NAME = "UWUshrouded";
          # SERVER_IP = "::"; # no IPv6?? :(
          TZ = "Europe/Dublin";
        };
        environmentFiles = [ config.age.secrets."whale2/enshrouded.env".path ];
        volumes = [
          "enshrouded:/home/steam/enshrouded/savegame"
        ];
        extraOptions = [
          ''--network=colony:${dockerNetAssignment allAssignments "enshrouded-oci"}''
        ];
      };
    };
    my = {
      secrets.files = {
        "whale2/enshrouded.env" = {};
      };
    };
  };
 }
--- a/nixos/boxes/colony/vms/whale2/minecraft/default.nix
+++ b/nixos/boxes/colony/vms/whale2/minecraft/default.nix
@@ -5,13 +5,12 @@ let
  # devplayer0
  op = "6d7d971b-ce10-435b-85c5-c99c0d8d288c";
  kev = "703b378a-09f9-4c1d-9876-1c9305728c49";
  whitelist = concatStringsSep "," [
    op
    "dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug
    "fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_
    "1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras
-    kev
+    "703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE
    "f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq
    "1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims
    "d53c91df-b6e6-4463-b106-e8427d7a8d01" # BossLonus
@@ -105,87 +104,6 @@ in
      #     ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-staging-oci"}''
      #   ];
      # };
      kevcraft = {
        # 2025.2.1-java21-alpine
        image = "itzg/minecraft-server@sha256:57e319c15e9fee63f61029a65a33acc3de85118b21a2b4bb29f351cf4a915027";
        environment = {
          TYPE = "VANILLA";
          VERSION = "1.20.1";
          SERVER_PORT = "25567";
          QUERY_PORT = "25567";
          EULA = "true";
          ENABLE_QUERY = "true";
          ENABLE_RCON = "true";
          MOTD = "§4§k----- §9K§ae§bv§cc§dr§ea§ff§6t §4§k-----";
          ICON = "/ext/icon.png";
          EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
          WHITELIST = whitelist;
          EXISTING_OPS_FILE = "SYNCHRONIZE";
          OPS = concatStringsSep "," [ op kev ];
          DIFFICULTY = "normal";
          SPAWN_PROTECTION = "0";
          # VIEW_DISTANCE = "20";
          MAX_MEMORY = "4G";
          TZ = "Europe/Dublin";
        };
        environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
        volumes = [
          "kevcraft_data:/data"
          "${./kev.png}:/ext/icon.png:ro"
        ];
        extraOptions = [
          ''--network=colony:${dockerNetAssignment allAssignments "kevcraft-oci"}''
        ];
      };
      kinkcraft = {
        # 2025.5.1-java21-alpine
        image = "itzg/minecraft-server@sha256:de26c7128e3935f3be48fd30283f0b5a6da1b3d9f1a10c9f92502ee1ba072f7b";
        environment = {
          TYPE = "MODRINTH";
          SERVER_PORT = "25568";
          QUERY_PORT = "25568";
          EULA = "true";
          ENABLE_QUERY = "true";
          ENABLE_RCON = "true";
          MOTD = "§4§k----- §9K§ai§bn§ck§dc§er§fa§6f§5t §4§k-----";
          ICON = "/ext/icon.png";
          EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
          WHITELIST = whitelist;
          EXISTING_OPS_FILE = "SYNCHRONIZE";
          OPS = op;
          DIFFICULTY = "normal";
          SPAWN_PROTECTION = "0";
          VIEW_DISTANCE = "20";
          MAX_MEMORY = "6G";
          MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/NGutsQSd/Simpcraft-0.2.1.mrpack";
          TZ = "Europe/Dublin";
        };
        environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
        volumes = [
          "kinkcraft_data:/data"
          "${./icon.png}:/ext/icon.png:ro"
        ];
        extraOptions = [
          ''--network=colony:${dockerNetAssignment allAssignments "kinkcraft-oci"}''
        ];
      };
    };
    services = {
@@ -205,7 +123,6 @@ in
          within = "12H";
          hourly = 48;
        };
        readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];
        # Avoid Minecraft poking the files while we back up
        preHook = rconCommand "save-off";
--- a/nixos/boxes/colony/vms/whale2/minecraft/kev.png
+++ b/nixos/boxes/colony/vms/whale2/minecraft/kev.png
--- a/nixos/boxes/home/castle/default.nix
+++ b/nixos/boxes/home/castle/default.nix
@@ -36,7 +36,7 @@ in
          cpu = {
            amd.updateMicrocode = true;
          };
-          graphics.extraPackages = with pkgs; [
+          opengl.extraPackages = with pkgs; [
            intel-media-driver
          ];
          bluetooth.enable = true;
@@ -150,7 +150,6 @@ in
          mstflint
          qperf
          ethtool
          android-tools
        ];
        nix = {
--- a/nixos/boxes/home/palace/vms/default.nix
+++ b/nixos/boxes/home/palace/vms/default.nix
@@ -188,13 +188,6 @@
                hostBDF = "44:00.4";
              };
            };
            qemuFlags = [
              "device qemu-xhci,id=xhci"
              # Front-right port?
              "device usb-host,hostbus=1,hostport=4"
              # Front-left port
              "device usb-host,hostbus=1,hostport=3"
            ];
          };
        };
      };
--- a/nixos/boxes/home/palace/vms/sfh/containers/default.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/default.nix
@@ -1,6 +1,5 @@
 {
  imports = [
    ./unifi.nix
    ./hass.nix
  ];
 }
--- a/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
@@ -1,262 +0,0 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.home) domain prefixes vips hiMTU;
 in
 {
  nixos.systems.hass = { config, ... }: {
    system = "x86_64-linux";
    nixpkgs = "mine";
    rendered = config.configuration.config.my.asContainer;
    assignments = {
      hi = {
        name = "hass-ctr";
        altNames = [ "frigate" ];
        inherit domain;
        mtu = hiMTU;
        ipv4 = {
          address = net.cidr.host 103 prefixes.hi.v4;
          mask = 22;
          gateway = vips.hi.v4;
        };
        ipv6 = {
          iid = "::5:3";
          address = net.cidr.host (65536*5+3) prefixes.hi.v6;
        };
      };
      lo = {
        name = "hass-ctr-lo";
        inherit domain;
        mtu = 1500;
        ipv4 = {
          address = net.cidr.host 103 prefixes.lo.v4;
          mask = 21;
          gateway = null;
        };
        ipv6 = {
          iid = "::5:3";
          address = net.cidr.host (65536*5+3) prefixes.lo.v6;
        };
      };
    };
    configuration = { lib, config, pkgs, assignments, allAssignments, ... }:
    let
      inherit (lib) mkMerge mkIf mkForce;
      inherit (lib.my) networkdAssignment;
      hassCli = pkgs.writeShellScriptBin "hass-cli" ''
        export HASS_SERVER="http://localhost:${toString config.services.home-assistant.config.http.server_port}"
        export HASS_TOKEN="$(< ${config.age.secrets."hass/cli-token.txt".path})"
        exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@"
      '';
    in
    {
      config = {
        my = {
          deploy.enable = false;
          server.enable = true;
          secrets = {
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpYX2WbYwUqHp8bFFf0eHFrqrR8xp8IheguA054F8V4";
            files = {
              "hass/cli-token.txt" = {
                owner = config.my.user.config.name;
              };
            };
          };
          firewall = {
            tcp.allowed = [ "http" 1883 ];
          };
        };
        environment = {
          systemPackages = with pkgs; [
            usbutils
            hassCli
          ];
        };
        systemd = {
          network.networks = {
            "80-container-host0" = networkdAssignment "host0" assignments.hi;
            "80-container-lan-lo" = networkdAssignment "lan-lo" assignments.lo;
          };
        };
        services = {
          mosquitto = {
            enable = true;
            listeners = [
              {
                omitPasswordAuth = true;
                settings = {
                  allow_anonymous = true;
                };
              }
            ];
          };
          go2rtc = {
            enable = true;
            settings = {
              streams = {
                reolink_living_room = [
                  # "http://reolink-living-room.${domain}/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin#video=copy#audio=copy#audio=opus"
                  "rtsp://admin:@reolink-living-room:554/h264Preview_01_main"
                ];
                webcam_office = [
                  "ffmpeg:device?video=/dev/video0&video_size=1024x576#video=h264"
                ];
              };
            };
          };
          frigate = {
            enable = true;
            hostname = "frigate.${domain}";
            settings = {
              mqtt = {
                enabled = true;
                host = "localhost";
                topic_prefix = "frigate";
              };
              cameras = {
                reolink_living_room = {
                  ffmpeg.inputs = [
                    {
                      path = "rtsp://127.0.0.1:8554/reolink_living_room";
                      input_args = "preset-rtsp-restream";
                      roles = [ "record" "detect" ];
                    }
                  ];
                  detect = {
                    enabled = false;
                  };
                  record = {
                    enabled = true;
                    retain.days = 1;
                  };
                };
                webcam_office = {
                  ffmpeg.inputs = [
                    {
                      path = "rtsp://127.0.0.1:8554/webcam_office";
                      input_args = "preset-rtsp-restream";
                      roles = [ "record" "detect" ];
                    }
                  ];
                  detect.enabled = false;
                  record = {
                    enabled = true;
                    retain.days = 1;
                  };
                };
              };
            };
          };
          home-assistant =
          let
            cfg = config.services.home-assistant;
            pyirishrail = ps: ps.buildPythonPackage rec {
              pname = "pyirishrail";
              version = "0.0.2";
              src = pkgs.fetchFromGitHub {
                owner = "ttroy50";
                repo = "pyirishrail";
                tag = version;
                hash = "sha256-NgARqhcXP0lgGpgBRiNtQaSn9JcRNtCcZPljcL7t3Xc=";
              };
              dependencies = with ps; [
                requests
              ];
              pyproject = true;
              build-system = [ ps.setuptools ];
            };
          in
          {
            enable = true;
            extraComponents = [
              "default_config"
              "esphome"
              "google_translate"
              "met"
              "zha"
              "denonavr"
              "webostv"
              "androidtv_remote"
              "heos"
              "mqtt"
              "wled"
            ];
            extraPackages = python3Packages: with python3Packages; [
              zlib-ng
              isal
              gtts
              (pyirishrail python3Packages)
            ];
            customComponents = with pkgs.home-assistant-custom-components; [
              alarmo
              frigate
            ];
            configWritable = false;
            openFirewall = true;
            config = {
              default_config = {};
              homeassistant = {
                name = "Home";
                unit_system = "metric";
                currency = "EUR";
                country = "IE";
                time_zone = "Europe/Dublin";
                external_url = "https://hass.${pubDomain}";
                internal_url = "http://hass-ctr.${domain}:${toString cfg.config.http.server_port}";
              };
              http = {
                use_x_forwarded_for = true;
                trusted_proxies = with allAssignments.middleman.internal; [
                  ipv4.address
                  ipv6.address
                ];
                ip_ban_enabled = false;
              };
              automation = "!include automations.yaml";
              script = "!include scripts.yaml";
              scene = "!include scenes.yaml";
              sensor = [
                {
                  platform = "irish_rail_transport";
                  name = "To Work from Home";
                  station = "Glenageary";
                  stops_at = "Dublin Connolly";
                  direction = "Northbound";
                }
                {
                  platform = "irish_rail_transport";
                  name = "To Home from Work";
                  station = "Dublin Connolly";
                  stops_at = "Glenageary";
                  direction = "Southbound";
                }
              ];
            };
          };
        };
      };
    };
  };
 }
--- a/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix
@@ -55,8 +55,7 @@ in
          unifi = {
            enable = true;
            openFirewall = true;
-            unifiPackage = pkgs.unifi;
+            unifiPackage = pkgs.unifi8;
            mongodbPackage = pkgs.mongodb-7_0;
          };
        };
      };
--- a/nixos/boxes/home/palace/vms/sfh/default.nix
+++ b/nixos/boxes/home/palace/vms/sfh/default.nix
@@ -29,7 +29,7 @@ in
    configuration = { lib, modulesPath, pkgs, config, assignments, allAssignments, ... }:
    let
-      inherit (lib) mapAttrs mkMerge mkForce;
+      inherit (lib) mapAttrs mkMerge;
      inherit (lib.my) networkdAssignment;
      inherit (lib.my.c) networkd;
      inherit (lib.my.c.home) domain;
@@ -83,12 +83,6 @@ in
          };
        };
        environment = {
          systemPackages = with pkgs; [
            usbutils
          ];
        };
        systemd.network = {
          links = {
            "10-lan-hi" = {
@@ -111,13 +105,6 @@ in
                MTUBytes = toString lib.my.c.home.hiMTU;
              };
            };
            "10-lan-lo-ctrs" = {
              matchConfig = {
                Driver = "virtio_net";
                PermanentMACAddress = "52:54:00:a5:7e:93";
              };
              linkConfig.Name = "lan-lo-ctrs";
            };
          };
          networks = {
@@ -131,28 +118,8 @@ in
              linkConfig.RequiredForOnline = "no";
              networkConfig = networkd.noL3;
            };
            "30-lan-lo-ctrs" = {
              matchConfig.Name = "lan-lo-ctrs";
              linkConfig.RequiredForOnline = "no";
              networkConfig = networkd.noL3;
          };
        };
        };
        systemd.nspawn = {
          hass = {
            networkConfig = {
              MACVLAN = mkForce "lan-hi-ctrs:host0 lan-lo-ctrs:lan-lo";
            };
          };
        };
        systemd.services = {
          "systemd-nspawn@hass".serviceConfig.DeviceAllow = [
            "char-ttyUSB rw"
            "char-video4linux rw"
          ];
        };
        my = {
          secrets = {
@@ -174,17 +141,7 @@ in
          containers.instances =
          let
            instances = {
-              # unifi = {};
+              unifi = {};
              hass = {
                bindMounts = {
                  "/dev/bus/usb/001/002".readOnly = false;
                  "/dev/video0".readOnly = false;
                  "/dev/serial/by-id/usb-Nabu_Casa_Home_Assistant_Connect_ZBT-1_ce549704fe38ef11a2c2e5d154516304-if00-port0" = {
                    readOnly = false;
                    mountPoint = "/dev/ttyUSB0";
                  };
                };
              };
            };
          in
          mkMerge [
--- a/nixos/boxes/home/routing-common/default.nix
+++ b/nixos/boxes/home/routing-common/default.nix
@@ -1,6 +1,7 @@
 index: { lib, allAssignments, ... }:
 let
  inherit (builtins) elemAt;
  inherit (lib) concatStringsSep;
  inherit (lib.my) net mkVLAN;
  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.home) domain vlans prefixes vips routers routersPubV4;
@@ -141,8 +142,8 @@ in
                  onState = [ "configured" ];
                  script = ''
                  #!${pkgs.runtimeShell}
-                  if [ "$IFACE" = "wan-ifb" ]; then
+                  if [ $IFACE = "wan-ifb" ]; then
-                    ${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev "$IFACE"
+                    ${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev $IFACE
                  fi
                  '';
                };
@@ -150,6 +151,28 @@ in
            };
            nginx.enable = true;
            tailscale =
            let
              advRoutes = concatStringsSep "," [
                prefixes.all.v4
                prefixes.all.v6
              ];
            in
            {
              enable = true;
              authKeyFile = config.age.secrets."tailscale-auth.key".path;
              openFirewall = true;
              interfaceName = "tailscale0";
              extraUpFlags = [
                "--operator=${config.my.user.config.name}"
                "--login-server=https://ts.nul.ie"
                "--netfilter-mode=off"
                "--advertise-exit-node"
                "--advertise-routes=${advRoutes}"
                "--accept-routes=false"
              ];
            };
          };
          networking = { inherit domain; };
@@ -276,20 +299,11 @@ in
                  {
                    matchConfig.Name = "as211024";
                    networkConfig.IPv6AcceptRA = mkForce false;
-                    routes = [
+                    routes = map (r: { routeConfig = r; }) [
                      {
                        Destination = lib.my.c.colony.prefixes.all.v4;
                        Gateway = allAssignments.estuary.as211024.ipv4.address;
                      }
                      {
                        Destination = lib.my.c.tailscale.prefix.v4;
                        Gateway = allAssignments.britway.as211024.ipv4.address;
                      }
                      {
                        Destination = lib.my.c.tailscale.prefix.v6;
                        Gateway = allAssignments.britway.as211024.ipv6.address;
                      }
                    ];
                  }
                ];
@@ -301,7 +315,7 @@ in
              {
                "60-lan-hi" = {
-                  routes = [
+                  routes = map (r: { routeConfig = r; }) [
                    {
                      Destination = elemAt routersPubV4 otherIndex;
                      Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4;
@@ -316,6 +330,7 @@ in
            secrets = {
              files = {
                "l2mesh/as211024.key" = {};
                "tailscale-auth.key" = {};
              };
            };
@@ -325,7 +340,7 @@ in
              };
            };
            firewall = {
-              trustedInterfaces = [ "lan-hi" "lan-lo" ];
+              trustedInterfaces = [ "lan-hi" "lan-lo" "tailscale0" ];
              udp.allowed = [ 5353 ];
              tcp.allowed = [ 5353 ];
              nat = {
--- a/nixos/boxes/home/routing-common/dns-blocklist.txt
+++ b/nixos/boxes/home/routing-common/dns-blocklist.txt
@@ -1,74 +0,0 @@
 # Blocklist for LG WebOS Services (US)
 ad.lgappstv.com
 ibis.lgappstv.com
 info.lgsmartad.com
 lgtvsdp.com
 ngfts.lge.com
 rdx2.lgtvsdp.com
 smartshare.lgtvsdp.com
 lgappstv.com
 us.ad.lgsmartad.com
 us.ibs.lgappstv.com
 us.info.lgsmartad.com
 us.lgtvsdp.com
 # Community Contributions
 lgad.cjpowercast.com
 edgesuite.net
 yumenetworks.com
 smartclip.net
 smartclip.com
 # Non-US Entries
 rdx2.lgtvsdp.com
 info.lgsmartad.com
 ibs.lgappstv.com
 lgtvsdp.com
 lgappstv.com
 smartshare.lgtvsdp.com
 # Full Block for Europe and Other Regions
 de.ad.lgsmartad.com
 de.emp.lgsmartplatform.com
 de.ibs.lgappstv.com
 de.info.lgsmartad.com
 de.lgeapi.com
 de.lgtvsdp.com
 de.rdx2.lgtvsdp.com
 eu.ad.lgsmartad.com
 eu.ibs.lgappstv.com
 eu.info.lgsmartad.com
 app-lgwebos.pluto.tv
 it.lgtvsdp.com
 it.lgeapi.com
 it.emp.lgsmartplatform.com
 # LG ThinQ Services
 eic.common.lgthinq.com
 eic.iotservice.lgthinq.com
 eic.service.lgthinq.com
 eic.ngfts.lge.com
 eic.svc-lgthinq-com.aws-thinq-prd.net
 eic.cdpsvc.lgtvcommon.com
 eic.cdpbeacon.lgtvcommon.com
 eic.cdplauncher.lgtvcommon.com
 eic.homeprv.lgtvcommon.com
 eic.lgtviot.com
 eic.nudge.lgtvcommon.com
 eic.rdl.lgtvcommon.com
 eic.recommend.lgtvcommon.com
 eic.service.lgtvcommon.com
 gb-lgeapi-com.esi-prd.net
 gb.lgeapi.com
 lgtvonline.lge.com
 lg-channelplus-de-beacons.xumo.com
 lg-channelplus-de-mds.xumo.com
 lg-channelplus-eu-beacons.xumo.com
 lg-channelplus-eu-mds.xumo.com
 kr-op-v2.lgthinqhome.com
 ngfts.lge.com
 noti.lgthinq.com
 objectcontent.lgthinq.com
 # Update Server Block
 #snu.lge.com
--- a/nixos/boxes/home/routing-common/dns.nix
+++ b/nixos/boxes/home/routing-common/dns.nix
@@ -19,7 +19,7 @@ in
          owner = "pdns";
          group = "pdns";
        };
-        "home/pdns/recursor.yml" = {
+        "home/pdns/recursor.conf" = {
          owner = "pdns-recursor";
          group = "pdns-recursor";
        };
@@ -28,79 +28,53 @@ in
      pdns.recursor = {
        enable = true;
-        extraSettingsFile = config.age.secrets."home/pdns/recursor.yml".path;
+        extraSettingsFile = config.age.secrets."home/pdns/recursor.conf".path;
      };
    };
    services = {
      pdns-recursor = {
-        yaml-settings = {
+        dns = {
-          incoming = {
+          address = [
            listen = [
            "127.0.0.1" "::1"
            assignments.hi.ipv4.address assignments.hi.ipv6.address
            assignments.lo.ipv4.address assignments.lo.ipv6.address
          ];
-            allow_from = [
+          allowFrom = [
            "127.0.0.0/8" "::1/128"
            prefixes.hi.v4 prefixes.hi.v6
            prefixes.lo.v4 prefixes.lo.v6
          ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]);
        };
        settings = {
          query-local-address = [
            "0.0.0.0"
            "::"
          ];
          forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
          # DNS NOTIFY messages override TTL
-            allow_notify_for = authZones;
+          allow-notify-for = authZones;
-            allow_notify_from = [ "127.0.0.0/8" "::1/128" ];
+          allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
          };
-          outgoing = {
+          webserver = true;
-            source_address = [ "0.0.0.0" "::" ];
+          webserver-address = "::";
-          };
+          webserver-allow-from = [ "127.0.0.1" "::1" ];
          recursor = {
            forward_zones = map (z: {
              zone = z;
              forwarders = [ "127.0.0.1:5353" ];
            }) authZones;
            lua_dns_script = pkgs.writeText "pdns-script.lua" ''
              blocklist = newDS()
          lua-dns-script = pkgs.writeText "pdns-script.lua" ''
            -- Disney+ doesn't like our IP space...
            function preresolve(dq)
              local name = dq.qname:toString()
                -- Disney+ doesn't like our IP space...
              if dq.qtype == pdns.AAAA and (string.find(name, "disneyplus") or string.find(name, "disney-plus") or string.find(name , "disney.api")) then
                dq.rcode = 0
                return true
              end
                if blocklist:check(dq.qname) then
                  if dq.qtype == pdns.A then
                    dq:addAnswer(dq.qtype, "127.0.0.1")
                  elseif dq.qtype == pdns.AAAA then
                    dq:addAnswer(dq.qtype, "::1")
                  end
                  return true
                end
              return false
            end
              for line in io.lines("${./dns-blocklist.txt}") do
                entry = line:gsub("%s+", "")
                if entry ~= "" and string.sub(entry, 1, 1) ~= "#" then
                  blocklist:add(entry)
                end
              end
          '';
        };
          webservice = {
            webserver = true;
            address = "::";
            allow_from = [ "127.0.0.1" "::1" ];
          };
        };
      };
    };
@@ -232,9 +206,6 @@ in
            ups IN A ${net.cidr.host 20 prefixes.lo.v4}
            palace-kvm IN A ${net.cidr.host 21 prefixes.lo.v4}
            reolink-living-room IN A ${net.cidr.host 45 prefixes.lo.v4}
            nixlight IN A ${net.cidr.host 46 prefixes.lo.v4}
            ${lib.my.dns.fwdRecords {
              inherit allAssignments names;
              domain = config.networking.domain;
--- a/nixos/boxes/home/routing-common/dns_update.py
+++ b/nixos/boxes/home/routing-common/dns_update.py
@@ -2,7 +2,7 @@
 import argparse
 import subprocess
-import cloudflare
+import CloudFlare
 def main():
    parser = argparse.ArgumentParser(description='Cloudflare DNS update script')
@@ -19,22 +19,17 @@ def main():
    if args.api_token_file:
        with open(args.api_token_file) as f:
            cf_token = f.readline().strip()
    cf = cloudflare.Cloudflare(api_token=cf_token)
-    zones = list(cf.zones.list(name=args.zone))
+    cf = CloudFlare.CloudFlare(token=cf_token)
    zones = cf.zones.get(params={'name': args.zone})
    assert zones, f'Zone {args.zone} not found'
-    assert len(zones) == 1, f'More than one zone found for {args.zone}'
+    records = cf.zones.dns_records.get(zones[0]['id'], params={'name': args.record})
    zone = zones[0]
    records = list(cf.dns.records.list(zone_id=zone.id, name=args.record, type='A'))
    assert records, f'Record {args.record} not found in zone {args.zone}'
    assert len(records) == 1, f'More than one record found for {args.record}'
    record = records[0]
    print(f'Updating {args.record} -> {address}')
-    cf.dns.records.edit(
+    cf.zones.dns_records.patch(
-        zone_id=zone.id, dns_record_id=record.id,
+        zones[0]['id'], records[0]['id'],
-        type='A', content=address)
+        data={'type': 'A', 'name': args.record, 'content': address})
 if __name__ == '__main__':
    main()
--- a/nixos/boxes/home/routing-common/kea.nix
+++ b/nixos/boxes/home/routing-common/kea.nix
@@ -132,37 +132,6 @@ in
                  hw-address = "24:8a:07:a8:fe:3a";
                  ip-address = net.cidr.host 40 prefixes.lo.v4;
                }
                {
                  # avr
                  hw-address = "8c:a9:6f:30:03:6b";
                  ip-address = net.cidr.host 41 prefixes.lo.v4;
                }
                {
                  # tv
                  hw-address = "00:a1:59:b8:4d:86";
                  ip-address = net.cidr.host 42 prefixes.lo.v4;
                }
                {
                  # android tv
                  hw-address = "b8:7b:d4:95:c6:74";
                  ip-address = net.cidr.host 43 prefixes.lo.v4;
                }
                {
                  # hass-panel
                  hw-address = "80:30:49:cd:d7:51";
                  ip-address = net.cidr.host 44 prefixes.lo.v4;
                }
                {
                  # reolink-living-room
                  hw-address = "ec:71:db:30:69:a4";
                  ip-address = net.cidr.host 45 prefixes.lo.v4;
                }
                {
                  # nixlight
                  hw-address = "00:4b:12:3b:d3:14";
                  ip-address = net.cidr.host 46 prefixes.lo.v4;
                }
              ];
            }
          ];
--- a/nixos/boxes/home/routing-common/keepalived.nix
+++ b/nixos/boxes/home/routing-common/keepalived.nix
@@ -61,7 +61,12 @@ in
        v6Alive = pingScriptFor "v6" [ "2606:4700:4700::1111" "2001:4860:4860::8888" "2600::" ];
      };
      vrrpInstances = {
-        v4 = mkVRRP "v4" 51;
+        v4 = mkVRRP "v4" 51 // {
          extraConfig = ''
            notify_master "${config.systemd.package}/bin/systemctl start tailscaled.service" root
            notify_backup "${config.systemd.package}/bin/systemctl stop tailscaled.service" root
          '';
        };
        v6 = (mkVRRP "v6" 52) // {
          extraConfig = ''
            notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
--- a/nixos/boxes/home/routing-common/mstpd.nix
+++ b/nixos/boxes/home/routing-common/mstpd.nix
@@ -24,8 +24,8 @@ in
        onState = [ "routable" ];
        script = ''
          #!${pkgs.runtimeShell}
-          if [ "$IFACE" = "lan" ]; then
+          if [ $IFACE = "lan" ]; then
-            ${mstpd}/sbin/mstpctl setforcevers "$IFACE" rstp
+            ${mstpd}/sbin/mstpctl setforcevers $IFACE rstp
          fi
        '';
      };
--- a/nixos/boxes/home/stream.nix
+++ b/nixos/boxes/home/stream.nix
@@ -45,12 +45,12 @@
        services = {
          mjpg-streamer = {
-            enable = false;
+            enable = true;
            inputPlugin = "input_uvc.so";
            outputPlugin = "output_http.so -w @www@ -n -p 5050";
          };
          octoprint = {
-            enable = false;
+            enable = true;
            host = "::";
            extraConfig = {
              plugins = {
--- a/nixos/boxes/kelder/containers/acquisition/default.nix
+++ b/nixos/boxes/kelder/containers/acquisition/default.nix
@@ -26,7 +26,7 @@ in
      config = {
        # Hardware acceleration for Jellyfin
-        hardware.graphics = {
+        hardware.opengl = {
          enable = true;
          extraPackages = with pkgs; [
            vaapiIntel
@@ -78,14 +78,6 @@ in
          };
        };
        nixpkgs.config.permittedInsecurePackages = [
          # FIXME: This is needed for Sonarr
          "aspnetcore-runtime-wrapped-6.0.36"
          "aspnetcore-runtime-6.0.36"
          "dotnet-sdk-wrapped-6.0.428"
          "dotnet-sdk-6.0.428"
        ];
        services = {
          transmission = {
            enable = true;
--- a/nixos/boxes/kelder/containers/acquisition/networking.nix
+++ b/nixos/boxes/kelder/containers/acquisition/networking.nix
@@ -73,12 +73,14 @@ in
              RouteTable = routeTable;
            };
            wireguardPeers = [
              # AirVPN IE
              {
                # AirVPN IE
                wireguardPeerConfig = {
                  Endpoint = "146.70.94.2:1637";
                  PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
                  PresharedKeyFile = config.age.secrets."${pskFile}".path;
                  AllowedIPs = [ "0.0.0.0/0" "::/0" ];
                };
              }
            ];
          };
@@ -95,7 +97,7 @@ in
              matchConfig.Name = "vpn";
              address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ];
              dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
-              routingPolicyRules = [
+              routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
                {
                  Family = "both";
                  SuppressPrefixLength = 0;
--- a/nixos/boxes/kelder/containers/spoder/default.nix
+++ b/nixos/boxes/kelder/containers/spoder/default.nix
@@ -92,14 +92,12 @@ in
          nextcloud = {
            enable = true;
-            # TODO: Might need to do some bullshit to go from Nextcloud 28 (?) to 30
+            package = pkgs.nextcloud29;
            package = pkgs.nextcloud30;
            datadir = "/mnt/storage/nextcloud";
            hostName = "cloud.${domain}";
            https = true;
            config = {
              adminpassFile = config.age.secrets."kelder/nextcloud-root.txt".path;
              dbtype = "sqlite";
            };
            settings = {
              updatechecker = false;
--- a/nixos/boxes/kelder/default.nix
+++ b/nixos/boxes/kelder/default.nix
@@ -121,7 +121,8 @@ in
            samba = {
              enable = true;
-              settings = {
+              enableNmbd = true;
              shares = {
                storage = {
                  path = "/mnt/storage";
                  browseable = "yes";
@@ -130,8 +131,6 @@ in
                  "directory mask" = "0775";
                };
              };
              nmbd.enable = true;
            };
            samba-wsdd.enable = true;
@@ -181,10 +180,12 @@ in
                  };
                  wireguardPeers = [
                    {
                      wireguardPeerConfig = {
                        PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU=";
                        Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}";
                        AllowedIPs = [ "0.0.0.0/0" ];
                        PersistentKeepalive = 25;
                      };
                    }
                  ];
                };
@@ -212,7 +213,7 @@ in
                  address = with assignments.estuary; [
                    (with ipv4; "${address}/${toString mask}")
                  ];
-                  routingPolicyRules = [
+                  routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
                    {
                      Family = "both";
                      SuppressPrefixLength = 0;
--- a/nixos/boxes/tower/default.nix
+++ b/nixos/boxes/tower/default.nix
@@ -14,7 +14,7 @@
          cpu = {
            intel.updateMicrocode = true;
          };
-          graphics.extraPackages = with pkgs; [
+          opengl.extraPackages = with pkgs; [
            intel-media-driver
          ];
          bluetooth.enable = true;
@@ -177,7 +177,7 @@
              programs = {
                fish = {
                  shellAbbrs = {
-                    tsup = "doas tailscale up --login-server=https://hs.nul.ie --accept-routes";
+                    tsup = "doas tailscale up --login-server=https://ts.nul.ie --accept-routes";
                  };
                };
              };
@@ -190,6 +190,10 @@
                config = {
                  input."1:1:AT_Translated_Set_2_keyboard".xkb_layout = "ie";
                  output.eDP-1.scale = "1";
                  keybindings = lib.mkOptionDefault {
                    "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
                    "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
                  };
                };
              };
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -23,7 +23,7 @@ let
      pkgs = pkgs'.${config'.nixpkgs}.${config'.system};
      allPkgs = mapAttrs (_: p: p.${config'.system}) pkgs';
-      modules' = [ hmFlakes.${config'.home-manager}.nixosModules.default ] ++ (attrValues cfg.modules);
+      modules' = [ hmFlakes.${config'.home-manager}.nixosModule ] ++ (attrValues cfg.modules);
    in
    # Import eval-config ourselves since the flake now force-sets lib
    import "${pkgsFlake}/nixos/lib/eval-config.nix" {
--- a/nixos/installer.nix
+++ b/nixos/installer.nix
@@ -31,10 +31,8 @@
            server.enable = true;
          };
          image = {
            baseName = "jackos-installer";
          };
          isoImage = {
            isoBaseName = "jackos-installer";
            volumeID = "jackos-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
            edition = "devplayer0";
            appendToMenuLabel = " /dev/player0 Installer";
@@ -63,8 +61,8 @@
          };
          networking = {
-            # Will be set dynamically, but need something to satisfy `/etc/os-release` stuff
+            # Will be set dynamically
-            hostName = "installer";
+            hostName = "";
            useNetworkd = false;
          };
--- a/nixos/modules/_list.nix
+++ b/nixos/modules/_list.nix
@@ -14,7 +14,7 @@
    network = ./network.nix;
    pdns = ./pdns.nix;
    nginx-sso = ./nginx-sso.nix;
-    gui = ./gui;
+    gui = ./gui.nix;
    l2mesh = ./l2mesh.nix;
    borgthin = ./borgthin.nix;
    nvme = ./nvme;
--- a/nixos/modules/borgthin.nix
+++ b/nixos/modules/borgthin.nix
@@ -1,4 +1,4 @@
-{ inputs, lib, pkgs, config, ... }:
+{ lib, pkgs, config, ... }:
 let
  inherit (builtins) substring match;
  inherit (lib)
@@ -127,9 +127,7 @@ in
    enable = mkBoolOpt' false "Whether to enable borgthin jobs";
    lvmPackage = mkOpt' package pkgs.lvm2 "Packge containing LVM tools";
    thinToolsPackage = mkOpt' package pkgs.thin-provisioning-tools "Package containing thin-provisioning-tools";
-    # Really we should use the version from the overlay, but the package is quite far behind...
+    package = mkOpt' package pkgs.borgthin "borgthin package";
    # Not bothering to update until Borg 2.0 releases
    package = mkOpt' package inputs.borgthin.packages.${config.nixpkgs.system}.borgthin "borgthin package";
    jobs = mkOpt' (attrsOf jobType) { } "borgthin jobs";
  };
--- a/nixos/modules/build.nix
+++ b/nixos/modules/build.nix
@@ -221,8 +221,8 @@ in
      memorySize = dummyOption;
      qemu.options = dummyOption;
    };
    image.baseName = dummyOption;
    isoImage = {
      isoBaseName = dummyOption;
      volumeID = dummyOption;
      edition = dummyOption;
      appendToMenuLabel = dummyOption;
--- a/nixos/modules/common.nix
+++ b/nixos/modules/common.nix
@@ -12,7 +12,7 @@ in
    inputs.impermanence.nixosModule
    inputs.ragenix.nixosModules.age
    inputs.sharry.nixosModules.default
-    inputs.copyparty.nixosModules.default
+    inputs.attic.nixosModules.atticd
  ];
  config = mkMerge [
@@ -41,7 +41,6 @@ in
      nix = {
        package = pkgs'.mine.nix;
        channel.enable = false;
        settings = with lib.my.c.nix; {
          trusted-users = [ "@wheel" ];
          experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
@@ -66,12 +65,10 @@ in
      };
      nixpkgs = {
        overlays = [
-          inputs.deploy-rs.overlays.default
+          inputs.deploy-rs.overlay
          inputs.sharry.overlays.default
-          # TODO: Re-enable when borgthin is updated
+          inputs.borgthin.overlays.default
          # inputs.borgthin.overlays.default
          inputs.boardie.overlays.default
          inputs.copyparty.overlays.default
        ];
        config = {
          allowUnfree = true;
@@ -148,10 +145,7 @@ in
        fish.enable = mkDefault true;
        # TODO: This is expecting to look up the channel for the database...
        command-not-found.enable = mkDefault false;
-        vim = {
+        vim.defaultEditor = true;
          enable = true;
          defaultEditor = true;
        };
      };
      services = {
@@ -246,7 +240,9 @@ in
    }
    (mkIf config.services.kmscon.enable {
      fonts.fonts = with pkgs; [
-        nerd-fonts.sauce-code-pro
+        (nerdfonts.override {
          fonts = [ "SourceCodePro" ];
        })
      ];
    })
  ];
--- a/nixos/modules/containers.nix
+++ b/nixos/modules/containers.nix
@@ -15,7 +15,6 @@ let
    passAsFile = [ "code" ];
    code = ''
      #include <stdio.h>
      #include <stdlib.h>
      #include <signal.h>
      #include <unistd.h>
      #include <systemd/sd-daemon.h>
--- a/nixos/modules/gui/default.nix
+++ b/nixos/modules/gui/default.nix
@@ -4,12 +4,6 @@ let
  inherit (lib.my) mkBoolOpt';
  cfg = config.my.gui;
  androidUdevRules = pkgs.runCommand "udev-rules-android" {
    rulesFile = ./android-udev.rules;
  } ''
    install -D "$rulesFile" "$out"/lib/udev/rules.d/51-android.rules
  '';
 in
 {
  options.my.gui = with lib.types; {
@@ -18,7 +12,7 @@ in
  config = mkIf cfg.enable {
    hardware = {
-      graphics.enable = mkDefault true;
+      opengl.enable = mkDefault true;
    };
    systemd = {
@@ -32,12 +26,6 @@ in
      pam.services.swaylock-plugin = {};
    };
    users = {
      groups = {
        adbusers.gid = lib.my.c.ids.gids.adbusers;
      };
    };
    environment.systemPackages = with pkgs; [
      # for pw-jack
      pipewire.jack
@@ -56,12 +44,8 @@ in
      gnome = {
        gnome-keyring.enable = true;
      };
      udisks2.enable = true;
      udev = {
        packages = [
          androidUdevRules
        ];
        extraRules = ''
          # Nvidia
          SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="wheel"
@@ -69,8 +53,6 @@ in
          SUBSYSTEM=="usb", ATTR{idVendor}=="057e", MODE="0664", GROUP="wheel"
          # FT
          SUBSYSTEM=="usb", ATTR{idVendor}=="0403", MODE="0664", GROUP="wheel"
          # /dev/player0
          SUBSYSTEM=="usb", ATTR{idVendor}=="6969", MODE="0664", GROUP="wheel"
        '';
      };
    };
@@ -104,13 +86,5 @@ in
        ];
      };
    };
    my = {
      user = {
        config = {
          extraGroups = [ "adbusers" ];
        };
      };
    };
  };
 }
--- a/nixos/modules/gui/android-udev.rules
+++ b/nixos/modules/gui/android-udev.rules
--- a/nixos/modules/l2mesh.nix
+++ b/nixos/modules/l2mesh.nix
@@ -44,8 +44,10 @@ let
      toString (mesh.baseMTU - overhead);
      bridgeFDBs = mapAttrsToList (n: peer: {
        bridgeFDBConfig = {
          MACAddress = "00:00:00:00:00:00";
          Destination = peer.addr;
        };
      }) otherPeers;
    };
  };
--- a/nixos/modules/netboot/default.nix
+++ b/nixos/modules/netboot/default.nix
@@ -5,23 +5,10 @@ let
  cfg = config.my.netboot;
  # Newer releases don't boot on desktop?
  ipxe = pkgs.ipxe.overrideAttrs (o: rec {
    version = "1.21.1-unstable-2024-06-27";
    src = pkgs.fetchFromGitHub {
      owner = "ipxe";
      repo = "ipxe";
      rev = "b66e27d9b29a172a097c737ab4d378d60fe01b05";
      hash = "sha256-TKZ4WjNV2oZIYNefch7E7m1JpeoC/d7O1kofoNv8G40=";
    };
    # This upstream patch (in newer versions) is needed for newer GCC
    patches = (if (o ? patches) then o.patches else []) ++ [ ./fix-uninitialised-var.patch ];
  });
  tftpRoot = pkgs.linkFarm "tftp-root" [
    {
      name = "ipxe-x86_64.efi";
-      path = "${ipxe}/ipxe.efi";
+      path = "${pkgs.ipxe}/ipxe.efi";
    }
  ];
  menuFile = pkgs.runCommand "menu.ipxe" {
@@ -30,11 +17,10 @@ let
    substituteAll ${./menu.ipxe} "$out"
  '';
-  bootBuilder = pkgs.replaceVarsWith {
+  bootBuilder = pkgs.substituteAll {
    src = ./netboot-loader-builder.py;
    isExecutable = true;
    replacements = {
    inherit (pkgs) python3;
    bootspecTools = pkgs.bootspec;
    nix = config.nix.package.out;
@@ -49,7 +35,6 @@ let
      fi
    '';
  };
  };
 in
 {
  options.my.netboot = with lib.types; {
--- a/nixos/modules/netboot/fix-uninitialised-var.patch
+++ b/nixos/modules/netboot/fix-uninitialised-var.patch
@@ -1,48 +0,0 @@
 From 7f75d320f6d8ac7ec5185b2145da87f698aec273 Mon Sep 17 00:00:00 2001
 From: Michael Brown <mcb30@ipxe.org>
 Date: Mon, 2 Sep 2024 12:24:57 +0100
 Subject: [PATCH] [etherfabric] Fix use of uninitialised variable in
 falcon_xaui_link_ok()
 The link status check in falcon_xaui_link_ok() reads from the
 FCN_XX_CORE_STAT_REG_MAC register only on production hardware (where
 the FPGA version reads as zero), but modifies the value and writes
 back to this register unconditionally.  This triggers an uninitialised
 variable warning on newer versions of gcc.
 Fix by assuming that the register exists only on production hardware,
 and so moving the "modify-write" portion of the "read-modify-write"
 operation to also be covered by the same conditional check.
 Signed-off-by: Michael Brown <mcb30@ipxe.org>
 ---
 src/drivers/net/etherfabric.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)
 diff --git a/src/drivers/net/etherfabric.c b/src/drivers/net/etherfabric.c
 index b40596beae7..be30b71f79f 100644
 --- a/src/drivers/net/etherfabric.c
 +++ b/src/drivers/net/etherfabric.c
@@ -2225,13 +2225,16 @@ falcon_xaui_link_ok ( struct efab_nic *efab )
 		sync = ( sync == FCN_XX_SYNC_STAT_DECODE_SYNCED );
 		link_ok = align_done && sync;
 -	}
 -	/* Clear link status ready for next read */
 -	EFAB_SET_DWORD_FIELD ( reg, FCN_XX_COMMA_DET, FCN_XX_COMMA_DET_RESET );
 -	EFAB_SET_DWORD_FIELD ( reg, FCN_XX_CHARERR, FCN_XX_CHARERR_RESET);
 -	EFAB_SET_DWORD_FIELD ( reg, FCN_XX_DISPERR, FCN_XX_DISPERR_RESET);
 -	falcon_xmac_writel ( efab, &reg, FCN_XX_CORE_STAT_REG_MAC );
 +		/* Clear link status ready for next read */
 +		EFAB_SET_DWORD_FIELD ( reg, FCN_XX_COMMA_DET,
 +				       FCN_XX_COMMA_DET_RESET );
 +		EFAB_SET_DWORD_FIELD ( reg, FCN_XX_CHARERR,
 +				       FCN_XX_CHARERR_RESET );
 +		EFAB_SET_DWORD_FIELD ( reg, FCN_XX_DISPERR,
 +				       FCN_XX_DISPERR_RESET );
 +		falcon_xmac_writel ( efab, &reg, FCN_XX_CORE_STAT_REG_MAC );
 +	}
 	has_phyxs = ( efab->phy_op->mmds & ( 1 << MDIO_MMD_PHYXS ) );
 	if ( link_ok && has_phyxs ) {
--- a/nixos/modules/network.nix
+++ b/nixos/modules/network.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, ... }:
 let
-  inherit (lib) flatten optional mkIf mkDefault mkMerge versionAtLeast;
+  inherit (lib) flatten optional mkIf mkDefault mkMerge;
 in
 {
  config = mkMerge [
@@ -12,6 +12,14 @@ in
        useNetworkd = mkDefault true;
      };
      systemd = {
        additionalUpstreamSystemUnits = [
          # TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It
          # hasn't been updated in 2 years...
          "systemd-networkd-wait-online@.service"
        ];
      };
      services.resolved = {
        domains = [ config.networking.domain ];
        # Explicitly unset fallback DNS (Nix module will not allow for a blank config)
--- a/nixos/modules/nvme/default.nix
+++ b/nixos/modules/nvme/default.nix
@@ -4,6 +4,11 @@ let
  inherit (lib.my) mkOpt';
  cfg = config.my.nvme;
  nvme-cli = pkgs.nvme-cli.override {
    libnvme = pkgs.libnvme.overrideAttrs (o: {
      patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ];
    });
  };
  hostNQN = "nqn.2014-08.org.nvmexpress:uuid:${cfg.uuid}";
  etc = prefix: {
@@ -23,7 +28,7 @@ in
  config = mkIf (cfg.uuid != null) {
    environment = {
      systemPackages = [
-        pkgs.nvme-cli
+        nvme-cli
      ];
      etc = etc "";
    };
@@ -39,6 +44,10 @@ in
            ip = "${iproute2}/bin/ip";
            nvme = "${nvme-cli}/bin/nvme";
          };
          extraConfig = ''
            DefaultTimeoutStartSec=20
            DefaultDeviceTimeoutSec=20
          '';
          network = {
            enable = true;
@@ -53,25 +62,14 @@ in
            serviceConfig = {
              Type = "oneshot";
-              ExecStart = "${pkgs.nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn} -q ${hostNQN}";
+              ExecStart = "${nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn}";
              Restart = "on-failure";
              RestartSec = 10;
            };
            wantedBy = [ "initrd-root-device.target" ];
          };
        # TODO: Remove when 25.11 releases
        } // (if (lib.versionAtLeast lib.my.upstreamRelease "25.11") then {
          settings.Manager = {
            DefaultTimeoutStartSec = 20;
            DefaultDeviceTimeoutSec = 20;
        };
        } else {
          extraConfig = ''
            DefaultTimeoutStartSec=20
            DefaultDeviceTimeoutSec=20
          '';
        });
      };
    };
  };
--- a/nixos/modules/pdns.nix
+++ b/nixos/modules/pdns.nix
@@ -1,7 +1,7 @@
 { lib, pkgs, config, ... }:
 let
  inherit (builtins) isList;
-  inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep getExe;
+  inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep;
  inherit (lib.my) mkBoolOpt' mkOpt';
  # Yoinked from nixos/modules/services/networking/pdns-recursor.nix
@@ -165,7 +165,7 @@ let
  extraSettingsOpt = with lib.types; mkOpt' (nullOr str) null "Path to extra settings (e.g. for secrets).";
  baseAuthSettings = pkgs.writeText "pdns.conf" (settingsToLines cfg.auth.settings);
-  baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.yaml-settings;
+  baseRecursorSettings = pkgs.writeText "pdns-recursor.conf" (settingsToLines config.services.pdns-recursor.settings);
  generateSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then ''
    oldUmask="$(umask)"
    umask 006
@@ -174,14 +174,6 @@ let
  '' else ''
    cp "${base}" "${dst}"
  '';
  generateYamlSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then ''
    oldUmask="$(umask)"
    umask 006
    ${getExe pkgs.yaml-merge} "${base}" "${cfg."${type}".extraSettingsFile}" > "${dst}"
    umask "$oldUmask"
  '' else ''
    cp "${base}" "${dst}"
  '';
  namedConf = pkgs.writeText "pdns-named.conf" ''
    options {
@@ -323,9 +315,9 @@ in
    (mkIf cfg.recursor.enable {
      systemd.services.pdns-recursor = {
        preStart = ''
-          ${generateYamlSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.yml"}
+          ${generateSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.conf"}
        '';
-        serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no" ];
+        serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor" ];
      };
      services.pdns-recursor = {
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@@ -147,15 +147,6 @@ in
            "/var/lib/systemd"
            { directory = "/root/.cache/nix"; mode = "0700"; }
            # Including these unconditionally due to infinite recursion problems...
            {
              directory = "/etc/lvm/archive";
              mode = "0700";
            }
            {
              directory = "/etc/lvm/backup";
              mode = "0700";
            }
          ];
          files = [
            "/etc/machine-id"
@@ -269,6 +260,18 @@ in
        my.tmproot.persistence.config.files =
          concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
      })
      (mkIf config.services.lvm.enable {
        my.tmproot.persistence.config.directories = [
          {
            directory = "/etc/lvm/archive";
            mode = "0700";
          }
          {
            directory = "/etc/lvm/backup";
            mode = "0700";
          }
        ];
      })
      (mkIf (config.security.acme.certs != { }) {
        my.tmproot.persistence.config.directories = [
          {
@@ -537,72 +540,6 @@ in
        ];
      })
      (persistSimpleSvc "octoprint")
      (mkIf (config.services.borgbackup.jobs != { }) {
        my.tmproot.persistence.config.directories = [
          "/var/lib/borgbackup"
          "/var/cache/borgbackup"
        ];
        services.borgbackup.package = pkgs.borgbackup.overrideAttrs (o: {
          makeWrapperArgs = o.makeWrapperArgs ++ [
            "--set-default BORG_BASE_DIR /var/lib/borgbackup"
            "--set-default BORG_CONFIG_DIR /var/lib/borgbackup/config"
            "--set-default BORG_CACHE_DIR /var/cache/borgbackup"
          ];
        });
      })
      (mkIf (config.services ? "bluesky-pds" && config.services.bluesky-pds.enable) {
        my.tmproot.persistence.config.directories = [
          {
            directory = "/var/lib/pds";
            mode = "0750";
            user = "pds";
            group = "pds";
          }
        ];
      })
      (mkIf config.services.home-assistant.enable {
        my.tmproot.persistence.config.directories = [
          {
            directory = config.services.home-assistant.configDir;
            mode = "0750";
            user = "hass";
            group = "hass";
          }
        ];
      })
      (mkIf config.services.frigate.enable {
        my.tmproot.persistence.config.directories = [
          {
            directory = "/var/lib/frigate";
            mode = "0755";
            user = "frigate";
            group = "frigate";
          }
          {
            directory = "/var/cache/frigate";
            mode = "0755";
            user = "frigate";
            group = "frigate";
          }
        ];
      })
      (mkIf config.services.copyparty.enable {
        my.tmproot.persistence.config.directories = [
          {
            directory = "/var/lib/copyparty";
            mode = "0755";
            user = "copyparty";
            group = "copyparty";
          }
          {
            directory = "/var/cache/copyparty";
            mode = "0755";
            user = "copyparty";
            group = "copyparty";
          }
        ];
      })
    ]))
  ]);
--- a/pkgs/chocolate-doom2xx/default.nix
+++ b/pkgs/chocolate-doom2xx/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, autoreconfHook, pkg-config, SDL1, SDL_mixer, SDL_net
+{ lib, stdenv, autoreconfHook, pkg-config, SDL, SDL_mixer, SDL_net
 , fetchFromGitHub, fetchpatch, python3 }:
 stdenv.mkDerivation rec {
@@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
    # for documentation
    python3
  ];
-  buildInputs = [ (SDL1.override { cacaSupport = true; }) SDL_mixer SDL_net ];
+  buildInputs = [ (SDL.override { cacaSupport = true; }) SDL_mixer SDL_net ];
  enableParallelBuilding = true;
  meta = {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -8,7 +8,9 @@ in
  vfio-pci-bind = callPackage ./vfio-pci-bind.nix { };
  librespeed-go = callPackage ./librespeed-go.nix { };
  # modrinth-app = callPackage ./modrinth-app { };
  glfw-minecraft = callPackage ./glfw-minecraft { };
  chocolate-doom2xx = callPackage ./chocolate-doom2xx { };
  windowtolayer = callPackage ./windowtolayer.nix { };
  swaylock-plugin = callPackage ./swaylock-plugin.nix { };
  terminaltexteffects = callPackage ./terminaltexteffects.nix { };
 }
--- a/pkgs/glfw-minecraft/default.nix
+++ b/pkgs/glfw-minecraft/default.nix
@@ -0,0 +1,6 @@
 { lib, glfw-wayland-minecraft, ... }:
 glfw-wayland-minecraft.overrideAttrs (o: {
  patches = [
    ./suppress-wayland-errors.patch
  ];
 })
--- a/pkgs/glfw-minecraft/suppress-wayland-errors.patch
+++ b/pkgs/glfw-minecraft/suppress-wayland-errors.patch
@@ -0,0 +1,43 @@
 diff --git a/src/wl_window.c b/src/wl_window.c
 index 7c509896..db9a6451 100644
 --- a/src/wl_window.c
 +++ b/src/wl_window.c
@@ -2115,25 +2115,21 @@ void _glfwSetWindowTitleWayland(_GLFWwindow* window, const char* title)
 void _glfwSetWindowIconWayland(_GLFWwindow* window,
                                int count, const GLFWimage* images)
 {
 -    _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
 -                    "Wayland: The platform does not support setting the window icon");
 +    fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window icon\n");
 }
 void _glfwGetWindowPosWayland(_GLFWwindow* window, int* xpos, int* ypos)
 {
     // A Wayland client is not aware of its position, so just warn and leave it
     // as (0, 0)
 -
 -    _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
 -                    "Wayland: The platform does not provide the window position");
 +    fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not provide the window position\n");
 }
 void _glfwSetWindowPosWayland(_GLFWwindow* window, int xpos, int ypos)
 {
     // A Wayland client can not set its position, so just warn
 -    _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
 -                    "Wayland: The platform does not support setting the window position");
 +    fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window position\n");
 }
 void _glfwGetWindowSizeWayland(_GLFWwindow* window, int* width, int* height)
@@ -2359,8 +2355,7 @@ void _glfwRequestWindowAttentionWayland(_GLFWwindow* window)
 void _glfwFocusWindowWayland(_GLFWwindow* window)
 {
 -    _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
 -                    "Wayland: The platform does not support setting the input focus");
 +    fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the input focus\n");
 }
 void _glfwSetWindowMonitorWayland(_GLFWwindow* window,
--- a/pkgs/terminaltexteffects.nix
+++ b/pkgs/terminaltexteffects.nix
@@ -0,0 +1,19 @@
 { lib
 , python3Packages
 , fetchPypi
 }:
 python3Packages.buildPythonApplication rec {
  pname = "terminaltexteffects";
  version = "0.10.1";
  pyproject = true;
  src = fetchPypi {
    inherit pname version;
    hash = "sha256-NyWPfdgLeXAxKPJOzB7j4aT+zjrURN59CGcv0Vt99y0=";
  };
  build-system = with python3Packages; [
    poetry-core
  ];
 }
--- a/pkgs/windowtolayer.nix
+++ b/pkgs/windowtolayer.nix
@@ -1,25 +1,18 @@
 { lib
 , fetchFromGitLab
 , rustPlatform
 , python3
 , rustfmt
 }:
 rustPlatform.buildRustPackage rec {
  pname = "windowtolayer";
-  version = "97ebd079";
+  version = "a5b89c3c";
  nativeBuildInputs = [
    python3
    rustfmt
  ];
  src = fetchFromGitLab {
    domain = "gitlab.freedesktop.org";
    owner = "mstoeckl";
    repo = pname;
-    rev = "97ebd0790b13bf00afb0c53a768397882fd2e831";
+    rev = "a5b89c3c047297fd574932860a6c89e9ea02ba5d";
-    hash = "sha256-XjbhZEoE5NPBofyJe7OSsE7MWgzjyRjBqiEzaQEuRrU=";
+    hash = "sha256-rssL2XkbTqUvJqfUFhzULeE4/VBzjeBC5iZWSJ8MJ+M=";
  };
-  cargoHash = "sha256-M0BVSUEFGvjgX+vSpwzvaEGs0i80XOTCzvbV4SzYpLc=";
+  cargoHash = "sha256-XHmLsx9qdjlBz4xJFFiO24bR9CMw1o5368K+YMpMIBA=";
 }
--- a/secrets/britnet/wg.key.age
+++ b/secrets/britnet/wg.key.age
@@ -1,13 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNqUFR5ZyBVVkI0
 dE5YN1pJWExzLzltcmhna2tJUmdRNjZ1Y1hwbzdtRE0wa2hReTNBCk4ydmNFK0FF
 b0RUdVl3a3d4amhKSEVhZWZPeHZDenBiTXpkVVFiNXFXNGsKLT4gWDI1NTE5IG9i
 K0ZrNEc5SVlyWU1EbXdlbWppRG1DdjFRbTBCREY2OUxrMmVqNHhSazQKVnRaVmVn
 MFBRL1dWeFNOaEwyU2szb1lOVzF1enQwdmVZZWRJcHd5MHdFbwotPiB2Wy1gUV8/
 LWdyZWFzZSBdSDFebHsgKkBkVzl+KnggJTEKdlhrdzVpMHYxUUliQnhaYXNaVWNR
 S3NxbjhFMEFGamZkRU1RNURhcmwzOGxFbGxXelhOdDBWTHBSY1hBcGFtUwpkampi
 WnhzMDcxTk1seWZ6VURZb1l1QU1GdwotLS0gRFNpcXpDUFZLTXFJN3Z0bEJQd280
 WGROWUVvdSt3ZUdBbmRNcGFhRE9BWQoDDlPEY/t2eapa4Xbv8FcW6gdLzQn7Y2cH
 5UwD+0CTF3JdUpxWUIx9RWFleHekkt8j1+2/oO+m7+24yCg5mdqTJ3ZIwu9uk1eI
 0As8IA==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/chatterbox/syncv3.env.age
+++ b/secrets/chatterbox/syncv3.env.age
@@ -0,0 +1,16 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpCM2U2USBQMEJB
 VVhIL2ViVUx1Ym9IbFV1UW52NjZYMmJlYmpjY0RuMzhiclJVS0ZnCkY5dEZHTHlC
 K29uamorWWNJSVV0VlVJNG1VNm9GQ3VPdldJRDNSODVoOVUKLT4gWDI1NTE5IEM0
 UVQvLzFYRTRRMldWSnNnd3V3aXJTeS8vZ1hkdENYVHk1QVVaQVEyQnMKVmN4OUFH
 WCtVSW9tREV5RExycnFJejk5UW91dzd5Rm8vcFBTT0ZCdytFWQotPiBCPC0lLTJW
 LS1ncmVhc2UgRSBjOlg5a0pdQSBSb2YKN0pkalY4VlFDMm8vZzJpQUV4TmdSRHA2
 dnB4UzJaWTRXeDdmKzFrUGVMSEFlbFhlNFFycFRQU005d1I2Si9VUQpHbDVxcGxn
 SVdjZzduSGluYlZnY3lmZmtnOWJYKzkydDhKU0VCNmNvV0EKLS0tIGdaUkpGNy9P
 Y3BGVGVJenJkTG51c3Z3WFU0eTFXT09pSVFseGRLMmxJVU0KhH9EjbL0zv821Yox
 FXc54SXGEkq97qPi3xIoPydWd3FbIuftAhe0xPFGfUOO5/zDni4h+PoNJs2hnkOK
 kHhxtaOj1S6RulI/eYLK/fJjl2aRrTaRFN0TGhFwz5X8HOQe2+Qrq/9wT7pyzOFU
 LsMwe71OhTjA5XrBTawU9QkWjPx2LZyb/WEkzlLOCGoHTUm4X03xY/1UeHVYZt2k
 wbLses0JHK1h2ttWnO5y68LovZWJqFdIjoCCkgfo0nNUD5i+e51xEju9OBJMngj+
 LnPb6YCqFh4Fxy09WORD0A==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/estuary/pdns/recursor.conf.age
+++ b/secrets/estuary/pdns/recursor.conf.age
@@ -0,0 +1,12 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyA4bGQr
 dzJZbU4reWI1Sk45QTR3UkRoc0NvaDBFcUwrVWlCYWUrcWtYZGpNCm1PWjVzRVlt
 UDFKY2ZSZTg4S2pVZ0pDNzR1WklYQ3pEclJZLy9kKzdGTGsKLT4gWDI1NTE5IHFO
 TXVRK2d3azg2cHpRanhUNXp6YnRsZW1MUDJqc3l1bnNYNUhHaTIzMVkKWXp1M09H
 TnJIazRmb0tOSnE1Q0E1dERiaHZCQkh2YzE1cS9zRUhwaEovMAotPiBzPj5nLWdy
 ZWFzZQozSThRWnJCcVFFRHpoSi9tZnZMdnJoRlFud2VISHBHSThMem9qZVVWdS9C
 VFBDVEVzbUVCdFU2Qy9PaGdyc0FaCmk3UFZma2ZiR3hmWG1sa053bDBnY04yZ1VZ
 TW9jZwotLS0gMDVSaE5aakxHenFPVXpXa1JxczlWQ2x2VGNuQzdwaWZFTTFTaUp6
 cnRmZwoomylfwjD5A3N21/mk1Wtt8f4bsK747iZz7KT34kqmoX597rbGYxyip5lg
 VLZV6CY4LLRjnnSKoC2hIXU0dgudAmvxhztuaQ42fOc=
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/estuary/pdns/recursor.yml.age
+++ b/secrets/estuary/pdns/recursor.yml.age
@@ -1,12 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyB0RnVq
 RUpSZy9qZ29DemdnWjdscHMvelRYUGF0YVZlNDFtdzFRdVljbGpZCjdWcE50ck44
 NVBsbVk3SmR6cHhHdkJ0TWI2S2ppOUtnK3pMK28xeTc0KzgKLT4gWDI1NTE5IHIy
 SEUxOCtjK3VFMEozblB1T00yRTE3c3dRSXIydmJHdmEvL25yMStOUVEKbE1XdU4z
 L1lLcEJWY2w2WXRWbmVIN0ZBRVl1R1dhNk10MWtheTRCYjloZwotPiBXXXRKcS1n
 cmVhc2UgRUBEWyBwamZsOVQKZ09pVGdWUG02WmxUcGNBN3RnbE42V05xRDE2azMr
 WHd3VEt0NmwvZnI1dXdiSjNvaStsNTZmUEhwbUp5cVlieQpSYmhUVm1GbEJVdXo3
 ZwotLS0gSkFZMFdiRHBjWFJsR3pqcytYZkEza3dsZ0ZyaDkxdmliZ3RUOFErUXlt
 cwq9gj+Fg4p2D1548J+bhvJ0re9uVm9TZ9lJSqmj5tMxWRS9aN1j9BlhmK/RnEG9
 KcodvBiyqibzauS4KC18xLLu986hK2gn3857waXn/AIp+p8BIA2J9M2M
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/hass/cli-token.txt.age
+++ b/secrets/hass/cli-token.txt.age
@@ -1,16 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFQrc2JHQSBmTlVp
 RnlKNE9ySGo4L2h3VXBXRzIyZGdqU0RtUWk4ZmJVcGNKZ3BqTmpjCjJtQjUyTmJN
 dkpsbVI3M01mQlNPSEI0U1lVeUJTMVlXUlpheGxVblhUbUkKLT4gWDI1NTE5IG5K
 K0F3QWxJaW5CbW5TZElEVklIeUJxS0JCc2IxaFI5dVZrbDc3NDZGV2MKOVR6M0k5
 eW5HWDQrT3Rtb0tIM1EyajI1V0dKbHBLb0tVNU9nb21OUjcxYwotPiA5anw6bk56
 dC1ncmVhc2UgPCVeLiZyIH4KTGFRWHBGZFBJUElONUZLb3pJeXNZeXhoakYwT3BM
 TW9kUXBhOGhNbHh1Q1RPRTlCRnhSckg5NEUxWk5MVHJucQp4YlFDcVRzK2V5bWVT
 V0xLQjN1SjVTaWNJajJaTjRrQTd2VHlMRy82TExXbAotLS0gVE5YZVhTWXl4VUN2
 WUpidkJLV1JDU0R2QkdHZE5ZbCt2K2FlbGNjK0ZlNApzDh+kgAy4SBqC51mJi+VX
 ON8wbwLVTQRs1H30eyWNzt/3MO++eS4AoZUKQZUxURwXfhV0t0zd5/MlByBsqaHR
 +W6O/9Dp8e/8GYSX3D892r1LKN0AYHgcKeKwEtJojt5CTNJS2IgU6UxZhTliqAEc
 NkfxvcoAEHhGhPOudEIX2SgjrgVGJA8MYm6/46zAolZws3TWim3NEgJpb9tWXpvi
 1f/MXuxiowplF+PqCsd1EGzpXKsvADq6Rwyxpo6CbJzrq+GhFrTHF+LRkzjWx6JE
 LUsZwDqOZUY=
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/home/pdns/recursor.conf.age
+++ b/secrets/home/pdns/recursor.conf.age
@@ -0,0 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBlODZr
 RHpJcFdFaVNYM0x1d3QxVmhKTFBkMndrakFYS3FxWk00YWxXejNzCkFqWFlCWUt2
 cGluRGtxODQzbElhRWt1TGFVeTE1UU5SSkdZejJzNVdhZ3cKLT4gc3NoLWVkMjU1
 MTkgcytxUmZnIFRpeVNsT2Jqc2I4dzB3cEFWK2ZEZlpJQklWSnhJM3o0Ukhsc1lz
 REZ0VFkKWWJPckVSNlZHREJIVVgwNVNBSkpSbHRPcUxIWVo4ZTlyVkovTGRpZThL
 MAotPiBYMjU1MTkgUGxhR2d3TVh1dnJwQjNoY0pjV09halZKZFhybVk3Vjk3Tmwr
 bDd5ckp6MApBcW8zbUl1SnhmOXZwOFRNUG1EZUNacDlXdXJSbWFUeG5GNjM3eXJo
 RmR3Ci0+IDstZ3JlYXNlICRoICVbfmU2fQpFYzNyZXBxVU5jT3JSY1NFMGEzUnVF
 WFQ2MmR2SGQ0Vnd6V0VxQlp5bE5LZ2NML2hyd09LOEVPL2lGREdLR3FMCmVGN09J
 OUNscVh1d0VSdwotLS0gbTB1NnZ4Q3B6WE1KVzJjbmVwL2dEVjc4WnRXZTlYbFBG
 T3htUHBWang2awr0OgkUO6XPZji5ZBNpqGwOlwpa605t38QCmFSXvPQhvT4Gj/0+
 rUvg7zWf5Yb4c86EDD05CsqGEUQTOKEz08z0lewN5kuFfZmrYQY=
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/home/pdns/recursor.yml.age
+++ b/secrets/home/pdns/recursor.yml.age
@@ -1,14 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBJSU1V
 M1QyaWcvcFJlUlJEcDVvblJGcXJDWk11RDhCZzBkY2Qyc2lDQW5jCjJVRVBWMTZy
 SHNTZG9ZSnZ3RjRqUE9Ub3JKZERkcTZpeEhSUlppTmVsZm8KLT4gc3NoLWVkMjU1
 MTkgcytxUmZnIFFsbm1oNk1jNndoU0J3SkdFSkNhSGNVRjdQb2JSUFBnczVwdlF0
 bDVhaVUKaFBzSHF3THNiL09Ib2ZhOFlyNVY0Q1ZwOUMwczZiQW9jVlNwanRYek1P
 WQotPiBYMjU1MTkgcEppMVBpbmRGS1h5RUgwNkZPZ0dXWVpkdXlZcFc5S3dQaDA4
 THdhUm9oTQpLbUpTaVVuQ29Zc3FuQ2MyaFcvTkxVK1l1T3V0L3FZSXZBS2dlY2hM
 VUNVCi0+IENcLWdyZWFzZSAnNGJjfiB1IHB3QDpUIHsoQi57Ilw9CnkxdFRqWVZi
 ZFdHQXJwNGZuNDg2Q3cKLS0tIDJSNmthczc1U2xxSlVKZDBLc1BHNnFMV3MwK3Qr
 ckJDL204d210NW1Pb2sKCC+sa8uPupC3Rv+o12XT/wTmLsKhtaE/bbshPCDIHUFn
 cpTwpY96JsCShAjSb6n7Xt6FgTKTFt2iDsGQ6+sLp0AJ2quxRaoxmqaFVsz4p8BL
 gF0On7LgZg==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/jackflix/copyparty-pass.txt.age
+++ b/secrets/jackflix/copyparty-pass.txt.age
@@ -1,11 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyA4Qk8z
 SkhFWWMyaGM1c2luVzZzbWNvT0ZsS09yN0w1N01oY0tldWFXZnhVCkM0YzBVZUM1
 MmRzdFlCL1o5ZTdkTjkxQ1YyQ0kwbnJ0eVRuYUpQNWw2c0EKLT4gWDI1NTE5IGli
 dkp5RjZRSmROMEtQeWJiVkt2UktxdTAwUzZBRW9XajFDblFqZ3ZVR0EKYzFubnp0
 UHo5WlViYTNwbXFBd01qM0R4Wk82MTV1TzJsVVczdGRNSFRBQQotPiAnLWdyZWFz
 ZSAuPzVDCm1SZkdDMHRjT2NBVXI5ektKZ1R3dXhMUEVRblhBdC9mclFZSitSODI0
 OHZzZThEQnlBY25lVnFTQXRaV2FIYTIKeHkrY1NRCi0tLSBhUFgvd1BUbFlJeEFO
 RWRBQzcrT0ZFMG5SZVliNlZnK2N2VDJVV05UTkhBCrZM7RtMrOVIGIpod8aU4GLn
 0KBGTSq6kE01+f1kmTZDAKHx/LhiWgHYKLxTLW4VpYnUCg==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/tailscale-auth.key.age
+++ b/secrets/tailscale-auth.key.age
@@ -1,18 +1,18 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNqUFR5ZyArUnBS
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBtay96
-MCtjZERmK2IwTm16eGcrZFF5QlpYZU9VbUNzbHZ2VDBoZkJkam0wCndDdmhHc2pu
+encxaVJmQWhqenRmVjZkdDVFdnNINENTT0RLUGxsUkdoK1pvMjBjCjUycDh3ZTAr
-TFFiT3MzcU13YklrdFpiRW1ZSU4zUGFQbXF3ellUU3U3bUkKLT4gc3NoLWVkMjU1
+QnN5MkdaY1ozR1pRNGVVL0pQZWtYMXd0dlo3cnNiQWhjSkUKLT4gc3NoLWVkMjU1
-MTkgRExNZUZnIE9EbUtYRFg0Z0xuVGNRM2pad3FFVGRDVTA3ZE50SHlvT1ZrU1NW
+MTkgWk5xSW9nIDIvNFZURjZQeW4wRkpqZS9YRXhhRFYwMmx3Mks4czJidFo3elht
-b3VYREkKL0dPV3RGMHYyUW9jSlJhTU5yTnR3L0pHVjZTNWpoaGJiSmlPVWlDYlFv
+ZVhBejQKTXpqUGVHcytSbENoc3hQZ01wcXBQMklMNU1XTnp4TmtvenFoaGphS3Qz
-RQotPiBzc2gtZWQyNTUxOSBPRXFNc2cgRkwrZEY4RjAxYzhpbEE2eU0ya2N4emE5
+MAotPiBzc2gtZWQyNTUxOSBzK3FSZmcgV2J4TlhYQXVwdisyWmF1QTkzUXUvNEVt
-T0NlUnJwUi8vdVlJWlVOWEZESQo0OFdldUdML0hoR0NENHp2UktCTFhOYkxUZyti
+ZTRoM0ppQVdFZDFsUCtYbnlUUQpqWmYxYTZ3ZnFVYk5SSWN5QUt4MFlUMFFrdDUx
-OGlhS3V1RnFUdHhVT0JvCi0+IFgyNTUxOSBOcnEzanBFWnltMUwwd3VBd3Jablk1
+MjF6b1lDbkVaMElnLzNNCi0+IHNzaC1lZDI1NTE5IE9FcU1zZyByNWNDQkRmMHlD
-Z3hDU283RVJxSlkzKy9JQW1adVVVCmtnSjVTTSsxblpsczMzR2NldlFlTFk0S210
+NFExRVk3MHhjYnREcXh2ZmVDMnNEaE5lWks2azlHTEVnCnNXQm94eTJPVk1mYmxZ
-T1AxV1RQRjhDSU1CQ2p6M1UKLT4gVnNOLWdyZWFzZSB1fDAgYy1xRSBESjoyIDJz
+U1RqRTE1bDVHNFY2c0VQS1QyQWx6TGRYL01HRzAKLT4gWDI1NTE5IFMrZnlnNTQ1
-CkdRcWxTa1NHVkJDcUVmeDlIVEZTcW13N0I4ek5jTjliQ2t6Zk9nRkloQmhSY3hG
+UFdQZ0RnRUdiMkNTaXhjRnVFcUpULzJveFNyd2FGcmVJaDAKU2hzZ0NxYzU4ZEgv
-TUdJekhXdlRzUGJ6WU8zRXgKZXFGUGgrTndSQmVyMFcyL2J0bEdKY09paTkzRHd0
+VnRqNlJIRmFHSisyWWlaTGVtbDFITHljWGt2b0V3bwotPiBbNFpCbn0tZ3JlYXNl
-R1ZWVVVuaDljWE4zK00rdllOdGRVTzVZTnFtT1p0WlZOYgpGdwotLS0gd3dvU08x
+IDxDeCBKbiBBP0ImJCBQClJBV2gwUy9ldUU0MUFPczFRTXVEeHR4akZqTEEKLS0t
-SzJkdjAvQys5Mnp0dDZQUWp1dzZ3U2tuYUpqR09xeTJnSzVDTQooXx8cndfMYlmf
+IFY1Z0V5Z1Z2U0Q4alFmaFV5bnY3QjRxOTlkTWRRL0hVTlRiWWk2MWdXdVkKS8oI
-7eCLssPnHKj7KKgUfiihj91X8pokJR/++wQSarMdRtFB0S0MpDs/khwgG0HkmrKp
+z3Eyu1ZdBwLrTINoorZTBBgx8vp5iIdUevCg4dyH3WnkW/DHXZuuRGSH6xiSAroH
-XB1jureGwJs7gmJ6gafKCKSkBv9Jkaw=
+JI5toFkwp3ZHWcodcYNvyP7ECRBsTyuCk7aRPgnZ
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/toot/pds.env.age
+++ b/secrets/toot/pds.env.age
@@ -1,18 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDYySmNjQSBONnFw
 QVduaWJac2hVVDl0bHY5dXFQSkFUNGlWaTNUbGkxN3d1RWpSZGdRCmpBZ2pLZHZ0
 V21EenE0U3lYblp3dTFyRlRrMGVjWGpxdVVRWW5pcnpCVlUKLT4gWDI1NTE5IEx0
 QUM0aEVsbCtLd3ZmS0kyb0Q3d2RuVW1oc2pHSFpMbUZHY2VXYlhYR28KSHhraW9K
 RXArS1lia0NsMWkvRFhTVEduM1M0c2JnYmduY0ZmSjhCN1M1YwotPiAlL1lJLWdy
 ZWFzZSAhVCpkTAplMU5KckU1K2diWnBreG9LbERtbGJZQjZwK0lOZjJHcEJyMWZp
 c1lxL1UvbTE5QzRIMm9wSXFmY2xUSzhBMEJiCmgxUQotLS0gOUhYVERseXJlVksr
 SEZtby92YUIrTG4ra0hneklheFBERHhqSlFlT0YwVQr5gAYwgdPqUqW2XEtN7+ZR
 VblX1NFXjMLljiGcW+ZlMXHIaKMxizPr+S/6U183e4wiUUqcpipnznnslhm/Zkny
 iHmW37pnNC0T9kctqOXeEjqsQxAMo2YKFroxo1iK0YvN+VyoIDSYMDKu8uDe1Cna
 rabi42KfdZNDjtPLrJyHSo2cCdnDUeWalAjQ3eQqn4y85gfPZq8kZcwvK6SmurDN
 GkwxXpZpSd6MdY4fIaaBEwe7WY9hq4fE7WgcQaz5yG47F+ArCwWauAz38+309XHj
 omsDSzj1jrN7T4kr2gjtUX227NrCw3REHYRNN6IQK/6fDNyPF1wbLFpXU4dnANLT
 OdMRnsDRPafNLAOYn0pgCVcVs0KLpaJvy3KLevVt2MZEtSZe/S+ys28H3JJCB8qz
 igaX3gw9+W8by4ET864fpFgufJrpufVvdz/MZ1207YHz1URQACWRtFKwnwfzP45+
 l47Y4s+xy34V+IXLJduEQdQ0ZHqKmTv02BjEjqksBwZswjI0EbTvD3Nsiw==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/user-passwd.txt.age
+++ b/secrets/user-passwd.txt.age
@@ -1,74 +1,72 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNqUFR5ZyBlbHl0
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBVUDR4
-S0lQbXBKVGpNNnJOUS9TSlp0U0EvYWFVanN3N0RMb1JudEdwYVQ4CnJGdklzeEFy
+Um1XS00yUDFIRnYyZzg2KzYzanBIMWFNTmV1MVF6ei8rZDBiTXowCnBBRFEyQU14
-RmxjamNyUWszYjFGb0ZZbk9EQVdERERtckpqczVscjdmUE0KLT4gc3NoLWVkMjU1
+ZU5MdSt0NnRJdUMyMyt6dVlOWHBqUnkvRWNmMjNRUENKeTgKLT4gc3NoLWVkMjU1
-MTkgRExNZUZnIGR4czhRYjUyU29JbnFnRk5IeXliNzZzMVMya1ZuS2tkUlFVTkxU
+MTkgM2JCM1pnIHFyc2laWnBTQU0rcThOamJTcEtlUGNsSW8reTc2eTJjbVBkZlJu
-aFd0VWsKenprWWQ0UEdaUGhvRlJUbnU1T2h1czZBK1dpOGwwcjJxc2p6ejV1RnM0
+cXEzbUUKcmFrTEVjaXY2a0lJNEtCWXNjTUsxNENkSWZmZUJhRm5ydWZ6WlJ1aDdR
-RQotPiBzc2gtZWQyNTUxOSAzYkIzWmcgMHB6dzVFQ3FtaWErVWNyRXo3WnNhT2NF
+RQotPiBzc2gtZWQyNTUxOSBxKzBYY3cgRVBuOEJ4K0NRVjdLdFhIU2Y3ZGQwL3F4
-eldUVWtOaVlWOTVwcVVaOUlGMApJUDUzNmhKbUxleTV6SjV0Zmk3dno0STVIRDIv
+clFjMVNsOWNvTU8wVlRoNG5CZwpycFRlMzFjZ0drN0t5QXpoMkJ4aERMYkxVSFhU
-SUkyd1M2Z21mdUtMUXIwCi0+IHNzaC1lZDI1NTE5IHErMFhjdyBnRFBPRnNSa0Nn
+STJTdUNzeWtkUmFMTHVBCi0+IHNzaC1lZDI1NTE5IFpCM2U2USBBRUhnNlNzbDVX
-UTlpR1Y4OU1UQmNLRnRWaGxzU3RBV0c1bG90K2I5QUQ0CjArUFlGS1B2RkVKSEtP
+Q1ArRENrZzBrNkhhSUd5dEZnM2oxRUtmYWx2L1NtbG53ClZIalNsaUNBUUtKWGpT
-ajRpUUNlMkRPN3pxaEkrZ1M3RndxRDZ6U09Wc2cKLT4gc3NoLWVkMjU1MTkgWkIz
+dTM3VExldm0xRXJoSWZ0SU4vdWk5SDlZTEFPczQKLT4gc3NoLWVkMjU1MTkgajY3
-ZTZRIFRPdXRTeEVvUTM1dlQzMll2VDFkUlY2eEFRcnRrc1lNeDZDbFE1a3BjaDgK
+RlhRIGR0VkhtNWxCK2xSYUNlS2hhdzRldEVZRDQwNmVnN0dtRTdOamFSM1Jqek0K
-MytBM0Y2Mmo2M1JOWExLQy8xTm9SR05WcmxrV2xBZ0RpeXQxeGVkZ1VZcwotPiBz
+YS9uWGMyY3JzeUZCWkhLTzk4d1dxT0NkbEQ3UnlWOStCdUh0bkg3K2N3TQotPiBz
-c2gtZWQyNTUxOSBqNjdGWFEgYUw5cnJabnhhdU9lN0NPVXVUazRnVWpzcUVtM3VR
+c2gtZWQyNTUxOSBjMFROYVEgYXJhZUdOeEphOGxkMTZmamJxdmMrTElkYkFScVA3
-bWQxNVVSQTN5N3hXRQp0blhXUC94TlRPbS9Ba2N1eVM0QkNNblJBa1hJYjZ1Y1lM
+alExSC9TVTJzeUFqNApsZXo1cC9wdnp3Zml4bG52ekFHMEUyU29acFFJeU1VN3Mr
-UDhWbUd5bWNVCi0+IHNzaC1lZDI1NTE5IGMwVE5hUSA0TXowVjA0N2FvcER6OEts
+ZlorWC9VWDZzCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyBTenhVdjNncGxudDJ2Y3lw
-VTVwa0UzUEtsY005WDhmaU8zZ3VLaXQvaVRJCjB4cjJiMHVGM3hyWlg0OHhaT0lu
+K0JIOFJDd2VVQzFkWGc1STROdFZqbnUrYlJnCk5MTWxRYVRPcUFjMmdySEJ5Rndy
-K2NJQWVndzYrSDAyK25NMklSVUI4S28KLT4gc3NoLWVkMjU1MTkgbjhDcFV3IFNE
+TzdnNGErNnBRa1dTSFVFekxQUitOYTAKLT4gc3NoLWVkMjU1MTkgakk4UkFnIGtL
-Q1NZbnpqUkdiaktnYkxZdzZrYUVqWDEvYnMvOTJqSUpybERTNk9uQ0kKYlMzZkVu
+c1psRWRRN1hNZUNiVHFmR3JGVm1jUWJtdm91ZVR6M01zNmhGdW9pRTAKNGpwek8w
-SXVtaWk2WEtDMEpwZFM3ZVIyWHQwUWNOZjVRS0I0ZjN5MklHYwotPiBzc2gtZWQy
+QkRnSkZXUjhEMEpPaUdkeGwxZDRGbTRSMjg1Z1pMdEVSaTJEdwotPiBzc2gtZWQy
-NTUxOSBqSThSQWcgWTZIMCtNMCtzTFpROHpBMnA3b2s2UFE2dDZGbnlxU2VxMlkz
+NTUxOSBoTWE0bncgYmRqR1FRaDdQQ09ZZHQwWmQxVUJ2QWdLYjdoRlNLU09GYUNi
-aGJFUzV6awpKNDhobHQrTCs4cUVpNE5wblJMako3bU5tVldjVDBjVlJOOHhkUTNk
+ajJhMWx5QQo3ZWFNWjMvTzNxSXJjeTY5cTNMWmk0K0IzZ053Mmd6T1hhaVFTVVBj
-NFdrCi0+IHNzaC1lZDI1NTE5IFQrc2JHQSBTbVlBTXIzQ09SOHRJakZXK3NkT1Uy
+NHBrCi0+IHNzaC1lZDI1NTE5IGV5cTNkZyBXbUdJKzdMZDF1NW1pTi94aUtjNGpo
-RFgrUTZncSsyK3p5WlVDSFNwM2lFClErRHk4Qmp2VlIvZW8rV2lNME53ZFlIUmVC
+aGVLbno0RzE1MXlURTJJQ3hRb1dVClg5K2FwRHBvcXIwVUl1U21GSnJsSmJmMGZN
-bXF5RlVvV2FUM3ZmeWpaQzgKLT4gc3NoLWVkMjU1MTkgaE1hNG53IDBINGhyMDBy
+cmdBcmRiRERzcjJmZzV4Q2sKLT4gc3NoLWVkMjU1MTkgN1dROVBBIEIrays1YUJN
-bkp0RWpTU0F6Uk1kaXllRHBHbXF2QWUwNkN1U0tEWE53VGsKdi9QRlhwRCtyQkRq
+TkRMS01oVzQyZEJuSjFPTTV4YkZSMDdTV0UvZE4rZ1U3SFEKWEZSL0g0dmFnelJC
-cng1Wk1rZkx2NnJTMUxGajN3b2Z3SG0zd0ptcklCZwotPiBzc2gtZWQyNTUxOSBl
+S3VGZDlaTHhJQ3NaaEc2aUsvRmdKdjRNZ1VXMExmQQotPiBzc2gtZWQyNTUxOSBn
-eXEzZGcgcnQ4WUFMcGRtL1BvYTkxWU12WTdkT1lLRmJlZXZ4cWtHNG54QVo0dDYw
+U3hQMFEgODNUUEg4M0hLL3RSUXk4M3dGV0tZNjJXQWxabmxLanF0Slc0WWMyUkNo
-RQp2NkMwbTROZTBuRUVLNEs3L3BmOTZ2S3dDL0hUbm5OaHZXbjVCRG15bExnCi0+
+bwpCMGlaZDdodk4zeDROczVFc0FxM25qMFdicWZZSVpjb2tiT081bUVUTGFzCi0+
-IHNzaC1lZDI1NTE5IDdXUTlQQSBPL0t1ZWptTm5YQXIwc3ZNUGhkaVM5QU1DMkNL
+IHNzaC1lZDI1NTE5IFZGY3c1ZyBKanVnSDI0bUhvS3RVbzdSc0s2TmQzSVdEczRF
-NU1WSFlTT05KOWR3dGhJCmdTTEIrNEZma3E0UzArMndqVEgzWnVLNzl0TjhsbG9P
+eU1CazZPM094eEt1ZGp3Cm1HWGluLzhoRUtNRDZOcVJDVUR1R3dneHNHa1M1VGpH
-OE9aRVk1Ung1cEkKLT4gc3NoLWVkMjU1MTkgZ1N4UDBRIGJNazFtRThSVVVvb3dP
+YWF3TDQ5cS9saFUKLT4gc3NoLWVkMjU1MTkgaGtidHZnIHJLN2dJQnA4eGo5SnU3
-RHV5WGxCbktDK3c5aEhiYkphNU4zUnVNUVNNV2sKbWZJYkNSZFMvTDI1WVg5SnJV
+SkttSlM2YXNERXJOYjc1Tlo4NnhFakdYT0dqUWMKQllrZm83NHJrYmtWaytCc1VI
-bUFSY2JsNDJBc253dlN5Y2Nqdm9TbU9IawotPiBzc2gtZWQyNTUxOSBWRmN3NWcg
+aVhESUtYeHpoT0JmdStSRURMZ0JldlQwYwotPiBzc2gtZWQyNTUxOSBldDJ6cFEg
-eEo0dmRNWVpuVGdxRHpXc09tUDZldFRKcTBIMVVWcXdmVFRhZnZmenBETQpJWHVp
+d3NnSXpMRzU0QjBBL0c4SGw5Znl6d3hRdWxvbHdXZCtIeVdnU1F6MFVVQQpiQjVX
-NWJNRWhacHlMbHlQcjEzdEZWdUVpbGg0N2pqMjcvTk92UDJpNUlvCi0+IHNzaC1l
+TSsycGZqMVNWajZHcFkyN2JwY2RqcGRlNitRWXgxWnN5TzlpU1lRCi0+IHNzaC1l
-ZDI1NTE5IGhrYnR2ZyB0SFJGRE03T3lnTUJZakVCcnQxVklPNXhzak94eU5KUzNX
+ZDI1NTE5IFpiTEpXQSB3VmFwR2ZqR2p4OXlpSnQrbExqTktkaEJ4emxLM2ZZbGdx
-L216SCtUWEVzCmRrS2Rlc1JiNEg1KzExaUsrNHJuSDlTcU5Oa0J4QVZKVmNBRGFP
+U0drOWtxUGprClgyYnd1M1NQem1rZkxwUk5tVXBLNGVDMFVjNjc5Lys4N0RsajZN
-ZWlqUjAKLT4gc3NoLWVkMjU1MTkgZXQyenBRIEFhMFVxZ3RRbk4za2t5cWtwVjVi
+eG9LeEEKLT4gc3NoLWVkMjU1MTkgWk5xSW9nIFl3QUlPNnVHNXNwQ2sxRUEycFda
-Qm9ucVdMekVsSHEwSWlML0JIdmQ2SFkKWW5mWnQvRWlaT3hJLzJyTE5RdTNUMWNM
+TkJsUmx0dCtRdnRVRVAzY3pPbm1LM0EKbVZDMHBSOFBiMFVQbkxHOGpkQjhrbDRJ
-SDB4TjVKZCtDN0tCR1NhdnRqbwotPiBzc2gtZWQyNTUxOSBaYkxKV0EgV1loMWZx
+YUN0M2JPOW1PbjVtQURaUnVFbwotPiBzc2gtZWQyNTUxOSBxTGpxeVEgUXc5TUxn
-OHhKelNvNzErMDc4cUE5amgycTFTem5lVmlGYTk5bUM2T2dEUQpkMVQ0VS80Y3Jt
+YXk2ai9EbHdVeFVsUk96bHZIRFdlcDFqYkxLQ3FJaFBQVG93bwpTSFJ5dmJiN2tt
-QTZUVnNZV0daczM0Titvc3Q1T2JiTVZYV2tXOW4xV0VRCi0+IHNzaC1lZDI1NTE5
+TVlLUlBhb3VmSG8zVHNYdC9HVjcwN3JUVVVWN3BFUkhvCi0+IHNzaC1lZDI1NTE5
-IFpOcUlvZyAzMnZ2NjR1R2R2UlJNZjNvOU9RckR0MEtnbllyYVJPSUZtUDNWSU5k
+IEJhUWxSZyAxYkNsekljV0s1ZWR2eVZnSk9Oc2QvWjE2a2dMaldDYzJRU0FWUVE0
-U3c4Ckgza2txalJhOW14c1dGZ0VTc3EzK2NpOUJaVWhqN2lMWU9HL3hMSWlJUVkK
+Z0FvCnk5UlhrT0ZaK3FXTThVY0RKZlE0d0FTajJLRCtSNWdvWjd5V3hZNEg4dUkK
-LT4gc3NoLWVkMjU1MTkgcUxqcXlRIHMxNStVTnY1TUZJaHlXQnNTSFhXditsWnVF
+LT4gc3NoLWVkMjU1MTkgcytxUmZnIHA5cGpXWlMvTlVreDNremhCa1FDUlFVYk45
-Y2ZKRWZ5UXVPZUVKY2VjakEKV1N3ODVFYXROTzFReWE5Y1A5MkpXUjJVc00wVVd3
+OHhjaUhYTWZVa3dySzNLeW8KNXZnZzFPNC8zMExuMG4yUTJFMDgxTFdGdDZ6VVl1
-ZUpzTC9rRGdOWUpxWQotPiBzc2gtZWQyNTUxOSBCYVFsUmcganpkWlpaWlRVQ3Vp
+WEFGUC9zNVgrd2RRdwotPiBzc2gtZWQyNTUxOSA2MkpjY0EgMG51elJWRWRDNzRM
-Y2hvbkpld2kzdzVtdERHajBNUTEyM0NOWlp0WkxtRQp1MEJUKzFUSW9tWjluVU9Y
+SERza2RiNFBoOHc1eCt0SWtmUy90dGl0VEd6QTJENApodnNBM1FkUlZ2ZjB6b1Np
-clBzNFpzdU83MXdGN2dJSGducnplbEd4M1JNCi0+IHNzaC1lZDI1NTE5IHMrcVJm
+QWNXdjVoNFlsa0NOQWp6TUw2TVQrU3VNRlVZCi0+IHNzaC1lZDI1NTE5IC9oeC9k
-ZyBSRW1pZWFhQkpQRTFYTG9IZnVmWmx6S2pNUll4MGhtRFd1Y0ZhS25JNFZVCjhU
+QSBxdlhXM3Rqb3J4YjVDUzdhUUVYQlFvSTJjZXA5MHBYY0NXWVR0VzllR2hzCkU2
-UDhoOTlTUEtqbytZMjZ2NlozcnZTNXVNcVA3cU1TRmtsL1g4bEhKUzgKLT4gc3No
+K2xCY2tGeEJjK1dMYkhCZ29pR3EzYndWUXF4bWorNC83d1E3U3luMFUKLT4gc3No
-LWVkMjU1MTkgNjJKY2NBIElSSXZjc3J5cWNwOHFNV281YzBrVzc2TlVwMnRwb0NJ
+LWVkMjU1MTkgV3pMR0hBIGg1MjIydFM3YlM3aWVFR0h4TytwRWxYWTVkTXN4VkdW
-dEdST0s4MEhmQnMKaTNEdkFjRktCZHNCY3FsWE5UbFo1R3lXSlI2NE5MR25neWJ4
+TnJ0bXQ0WTduQUEKemtad2lsTTlPUEtUaVpFLzNPVFhqd3VpeWJWbDFyayt2VVhy
-NTlsSllxWQotPiBzc2gtZWQyNTUxOSAvaHgvZEEgOExaRjJiNTJkUGFxZllSK1Uz
+Q0FSb01rRQotPiBzc2gtZWQyNTUxOSBISi9KN0EgTkdKZUx2U1NTODZzTlpJb2xT
-eWxQTmtxOVFPZkVFb2w2Z0tmZVpwTndDWQpuRFlqZWdaQjZaT1BZSmllVzB5NWhY
+VFptQ3hWOS9BMCsyZXdsM3ErMXhtaHlFQQoyUnp3RW81VUh6OVRQcGhJOXYxNXRR
-MmhHaWtZOXFERzhSRWRXWk5TR1RRCi0+IHNzaC1lZDI1NTE5IFd6TEdIQSBtZW04
+NHNGT3ZIU2ZQb2c5aEg0UmhRcG13Ci0+IHNzaC1lZDI1NTE5IE9FcU1zZyBLMi9r
-eWlNWU9JOXYvcVlsb1JXM2JKRlREeXJXNHd6MlkvazZrSzdscG5BCnZzWUFwb3lK
+bmFyTnBCU1lsdUpDWTJsd3ltRzAxZmw5eDNqVUtjMkR0OGF1dVRjCndrNmVHcmYy
-dUhkcDZNakFPN0RMRG5LQzdqU1UzNlJ6eGRGSGlhYUx0YXMKLT4gc3NoLWVkMjU1
+c0lQOFM5SjBjN1ZqZXk1Vkk3RzA0b3JtaWZrdDBmdmFrYXcKLT4gc3NoLWVkMjU1
-MTkgSEovSjdBIDBaNzZGVkdaVWlWNk4yVW5UdnFCZ2xWUEtIc2QzQmJTMnlINVF1
+MTkgL0VKWHZnIEV6eVNrNEZvVWhPMXppeFpmSEt1Y2NqcmtUOXAxQ1lOWVdtcnlm
-V093UmsKcXNhSnlnWHQrRzVSU296NENDN29aMUN5VlRIcittdGNySGhvMHZlT0xl
+R3B3VFEKVXJJRWlmOFVHZ3hyWWhLZE03VlNlM0M4ejFDYjM1b1c0YWhMMVcrRXlH
-NAotPiBzc2gtZWQyNTUxOSBPRXFNc2cgNUFSc045eUVqQWI3MXB4Tkd2RndDS2Na
+bwotPiBYMjU1MTkgUkRPY2JrSGZYeGNVWldVbTAzbkdtbHdUS1hoZXg2R2JEOGtC
-VGJrblFLaENPVlZucFdGRGFDTQp6dlRHTnRLSFkxb1RFdmxGS09Jenh2Q25VZ2ha
+ckZSOWV3TQpGejNQOUlxb05oWE9hRWdjbzI2a0NKVkpHMG1PMWlMWVZpYkVQNlpx
-QWQ4YUNjdVNJbW8vVGVrCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBGM2lrUG1DWUx3
+c2xRCi0+ICwlLDsrbWYtZ3JlYXNlIE8mcz1jaywgeiJbOE9FeyAjXFl4Ugo1c2VM
-YndZWWdobVo3TjZHTDNabmdsa3ZHcndwUXVZSVg5T0VZCjNYdlFYSHBsWjBTWXlS
+THdsOFlhODVMV3JsYzY3QU5Hb1BJTHBWNFEvalRHN3lXQlBBZFVvQXRIdXpXYVpU
-V0lSZkpwVE05eU1LcFBEbWdXWEZ0U0tSTkthQnMKLT4gWDI1NTE5IDF5SmczUWpo
+b0NLRG40WWhMQ2hDCnZyS1d6SGxGekIzWUs2Uk5XSFRscTIrTTEwNzJKMExGcG5m
-bkdmWS9SamxtTTF1eVJnc1QxUGJiUjQwR1VSTmdxMEtqQzAKeTF0NWp6dG1CWGNy
+UWR0MWtBNnk4bDBYYStVQzFwZDlWRzRDNXJVZm0KajVrCi0tLSBkQ044Z3A5R0dt
-VVVXVGFLV3dkWWo2YTVkZmtXcHRZai9FSDVBSmJhbwotPiAmJC1ncmVhc2UgaWU3
+S0htaUZaSzdPOTNCcXZrSWFVVHlTZk0zejBuT21yQzFBCo6rc9fznstf3eXBRUA8
-YGkpVSBNV0ZfIDM1fltQdzBcCmZYRXB1NEVMNkVqWVF3Ci0tLSB2RVRFYmVGVklB
+73MZAYqSnJ5wVMrYrwGfT9lXvKbHCOvkgjUI6Ieo0nuw+aZpXoV3t9HfZv62UEll
-bGFiUTBKYlMrRitvN2NnUkhScTMvWml6ZzRKU3ZIeEtvChoKB2c5roTC97pdDOi6
+ZZVu+ieRCZqOOqZKKZ3TCP24vdXun8Tu+3YK8fyn88QSRH/0ZMnqI9FXbtsUhsF8
-aPFIaTyOu9NZ4ESwwRjpEgB0D6GP2r7YR3CnxVyXa4sCFUnTF8dLUkABFnSeNeQZ
+2o7m7Fn48B0nVKy16HZyBsksknAuZCkfS/JOkgI=
 M64tM6J+tZAyJa9IKaTgSqvQaGYHHYinygNvf6BShCK4nPUJu0cV6gFtqFle0MWA
 Rez5eRMFH/M2aubhwBeDyHG4WRelkt7oMVXyY6U=
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/whale2/enshrouded.env.age
+++ b/secrets/whale2/enshrouded.env.age
@@ -1,12 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBQc3dL
 bkttTXJPWnZzYVJ6OUc2cjJvZWJLWHk2QXYvRU9TL3RBTmFmQ1dNClRtaUwvcDJa
 c3h6eXpPR3dKSVZDVHJzNjR4b0Y5K3Zadk5vTkZiZS9RYkEKLT4gWDI1NTE5IE9R
 Y0g2bEJsNmdLaVJteDJaakFMZEdxRU55N2pNbzhkakxuRVFmdVN0ajQKZXZrRHdu
 WFFwMUFkUmJQbm9ONlFRWGdMWmtsWHlOaWVjMGtMdVM1YmdoUQotPiAwIm5PWS1n
 cmVhc2UgUUosbyl4CkFIWDA4L3YwOFBYVUFMZnB6U3VkNFJQVFlEMThVeTV4bHlu
 QmF2TFBobmtJS1hERUtSZld2UEZyb29nNEdGdWEKenliMmhQL1VrY2dFS3VzSEZB
 dm1jT2xOQkxnbCtBV21WT3ZMVjl0WEpPWQotLS0gckNCZEp3VU56eTFFR1ZzbTc3
 WTRIcVZGY0Z1YlNUS3l0cWJ1TW5YUjF6SQoqTDq/up9Q3tQnNJdsnfiwYqA5LW6G
 nKJXGbpnt3dpXxv/1+KRgF6pVKVQtyNFncQW7SC6K4uFw7iv6A==
 -----END AGE ENCRYPTED FILE-----
Author	SHA1	Message	Date
Jack O'Sullivan	3c6ee6a967	home-manager/gui: Disable ligatures in kitty Some checks failed CI / Check, build and cache Nix flake (push) Failing after 2m7s Details	2024-11-06 13:08:19 +00:00
Jack O'Sullivan	2b5bbf75e0	home-manager/gui: Use `rofi-wayland` Some checks failed CI / Check, build and cache Nix flake (push) Failing after 2m16s Details	2024-11-04 14:59:17 +00:00