flake: update, fixes GHSA-g3g9-5vj6-r3gj

flake: change channel to small. update.
defiant/vaultwarden: unpublish
2026-04-08 09:28:51 +02:00 · 2026-04-04 22:34:20 +02:00 · 2026-03-29 15:52:03 +02:00 · 2026-03-13 09:56:47 +01:00 · 2026-02-20 17:47:29 +01:00 · 2026-02-18 18:12:13 +01:00
27 changed files with 285 additions and 79 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,6 +3,7 @@ keys:
  - &host_burnham age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
  - &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
  - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
  - &host_leonard age1djj3jvt0usurh43t8jsrs74t5pvj54w77vy7qgln9ykckag233eqyth4fl
  - &host_morn age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
  - &user_felixalb_sisko age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
  - &user_felixalb_worf age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
@@ -41,6 +42,14 @@ creation_rules:
      - *user_felixalb_sisko
      - *user_felixalb_worf
  - path_regex: secrets/leonard/[^/]+\.yaml$
    key_groups:
    - age:
      - *host_leonard
      - *bw_recovery
      - *user_felixalb_sisko
      - *user_felixalb_worf
  - path_regex: secrets/morn/[^/]+\.yaml$
    key_groups:
    - age:
--- a/common/auto-upgrade.nix
+++ b/common/auto-upgrade.nix
@@ -7,7 +7,7 @@
    flags = [
      # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs.
      "--refresh"
-      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.11"
+      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.11-small"
      "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable"
      "--no-write-lock-file"
    ];
--- a/common/pwndbg-gdb-alias.nix
+++ b/common/pwndbg-gdb-alias.nix
@@ -1,8 +0,0 @@
 { pwndbg }:
 # "$ coredumpctl gdb" always runs "gdb" from your path.
 pwndbg.overrideAttrs ({ installPhase ? "", ... }: {
  installPhase = installPhase + ''
    ln -s $out/bin/pwndbg $out/bin/gdb
  '';
 })
--- a/common/wireguard-peers.nix
+++ b/common/wireguard-peers.nix
@@ -1,10 +1,4 @@
 [
  { # Sulu
    publicKey = "j6YVekgGS4nhL5zUiOTeK2BVQkYGlTQaiUpwcqQyfRk=";
    allowedIPs = [
      "10.100.0.3/32"
    ];
  }
  { # Worf
    publicKey = "kW8SyzCh2tw8GzZV6bPn+IQVNUoUhseNfEm3rHnR1So=";
    allowedIPs = [
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "extra-config": {
      "locked": {
-        "lastModified": 1745649002,
+        "lastModified": 1775160379,
-        "narHash": "sha256-XNBExt3+U3o4lip+yj6oorCEPZ9Qe8PzBSFM5ZzVtSA=",
+        "narHash": "sha256-xrY3E3RTHP/c8MRKtciVbpXrgPCEnSQeNK4dCF53i9E=",
        "ref": "refs/heads/main",
-        "rev": "50c9c15db2b309d299b1c19089c962979e01f45b",
+        "rev": "66b4e90b64ecfacc1fff901f3197388f70bc53c8",
-        "revCount": 13,
+        "revCount": 15,
        "type": "git",
        "url": "file:///home/felixalb/nix-extra-config"
      },
@@ -56,11 +56,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764776959,
+        "lastModified": 1775425411,
-        "narHash": "sha256-d+5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA=",
+        "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e1680d594a9281651cbf7d126941a8c8e2396183",
+        "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
        "type": "github"
      },
      "original": {
@@ -135,16 +135,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764677808,
+        "lastModified": 1775610697,
-        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
+        "narHash": "sha256-fw3+p16ZokENxpWPCLR7ngHUPz5lPvZZzKpQUwRgiXE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
+        "rev": "4f9024bce4025dc9a16d9fb27dd258d6cdf52862",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.11",
+        "ref": "nixos-25.11-small",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -178,11 +178,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1764667669,
+        "lastModified": 1775423009,
-        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "418468ac9527e799809c900eda37cbff999199b6",
+        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
@@ -192,6 +192,79 @@
        "type": "github"
      }
    },
    "pwndbg": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "pyproject-build-systems": "pyproject-build-systems",
        "pyproject-nix": "pyproject-nix",
        "uv2nix": "uv2nix"
      },
      "locked": {
        "lastModified": 1771451240,
        "narHash": "sha256-qA8rm0zxrFBVbleYEOJziggyJtZEu1DFeAo3OAkbmB4=",
        "owner": "pwndbg",
        "repo": "pwndbg",
        "rev": "5eb91f443cefb75fae9567aa23931670dc2277a9",
        "type": "github"
      },
      "original": {
        "owner": "pwndbg",
        "repo": "pwndbg",
        "type": "github"
      }
    },
    "pyproject-build-systems": {
      "inputs": {
        "nixpkgs": [
          "pwndbg",
          "nixpkgs"
        ],
        "pyproject-nix": [
          "pwndbg",
          "pyproject-nix"
        ],
        "uv2nix": [
          "pwndbg",
          "uv2nix"
        ]
      },
      "locked": {
        "lastModified": 1763662255,
        "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=",
        "owner": "pyproject-nix",
        "repo": "build-system-pkgs",
        "rev": "042904167604c681a090c07eb6967b4dd4dae88c",
        "type": "github"
      },
      "original": {
        "owner": "pyproject-nix",
        "repo": "build-system-pkgs",
        "type": "github"
      }
    },
    "pyproject-nix": {
      "inputs": {
        "nixpkgs": [
          "pwndbg",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1769936401,
        "narHash": "sha256-kwCOegKLZJM9v/e/7cqwg1p/YjjTAukKPqmxKnAZRgA=",
        "owner": "pyproject-nix",
        "repo": "pyproject.nix",
        "rev": "b0d513eeeebed6d45b4f2e874f9afba2021f7812",
        "type": "github"
      },
      "original": {
        "owner": "pyproject-nix",
        "repo": "pyproject.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "extra-config": "extra-config",
@@ -203,6 +276,7 @@
        "nixpkgs-2211": "nixpkgs-2211",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "pwndbg": "pwndbg",
        "sops-nix": "sops-nix"
      }
    },
@@ -240,6 +314,31 @@
        "repo": "default",
        "type": "github"
      }
    },
    "uv2nix": {
      "inputs": {
        "nixpkgs": [
          "pwndbg",
          "nixpkgs"
        ],
        "pyproject-nix": [
          "pwndbg",
          "pyproject-nix"
        ]
      },
      "locked": {
        "lastModified": 1769957392,
        "narHash": "sha256-6PkqwwYf5K2CHi2V+faI/9pqjfz/HxUkI/MVid6hlOY=",
        "owner": "pyproject-nix",
        "repo": "uv2nix",
        "rev": "d18bc50ae1c3d4be9c41c2d94ea765524400af75",
        "type": "github"
      },
      "original": {
        "owner": "pyproject-nix",
        "repo": "uv2nix",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,8 @@
  description = "Felixalb System flake";
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; # Remember to update ./common/auto-upgrade.nix
+    # Nixpkgs and friends
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11-small"; # Remember to update ./common/auto-upgrade.nix
    nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-25.11-darwin";
    nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
@@ -13,13 +14,17 @@
    home-manager.url = "github:nix-community/home-manager/release-25.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    # Other inputs
    extra-config.url = "git+file:///home/felixalb/nix-extra-config";
    matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; # TODO: Lock to release
    matrix-synapse-next.inputs.nixpkgs.follows = "nixpkgs";
    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
    nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
-    extra-config.url = "git+file:///home/felixalb/nix-extra-config";
+    pwndbg.url = "github:pwndbg/pwndbg";
    pwndbg.inputs.nixpkgs.follows = "nixpkgs";
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -27,16 +32,17 @@
  outputs = {
    self
    , extra-config
    , home-manager
    , matrix-synapse-next
    , nix-minecraft
    , nix-darwin
    , nix-minecraft
    , nixpkgs
    , nixpkgs-2211
    , nixpkgs-darwin
    , nixpkgs-unstable
    , pwndbg
    , sops-nix
    , extra-config
  , ... }@inputs:
    let
      pkgs-overlay = final: prev: {
@@ -50,7 +56,8 @@
          config.allowUnfree = true;
        };
-        pwndbg-gdb-alias = prev.callPackage ./common/pwndbg-gdb-alias.nix { };
+        pwndbg = pwndbg.packages."${prev.system}".default;
        securecrt = prev.callPackage ./common/securecrt.nix { };
      };
    in
--- a/home/base.nix
+++ b/home/base.nix
@@ -48,9 +48,10 @@
      };
    };
    ignores = [
      "*~"
      "*.swp"
      "*~"
      ".DS_Store"
      ".gdb_history"
      ".vscode"
    ];
  };
--- a/hosts/challenger/backup.nix
+++ b/hosts/challenger/backup.nix
@@ -65,9 +65,6 @@
      timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    };
    # Transmission metadata/config
    transmission = localJob "transmission" [ "/var/lib/transmission" ];
    # TODO: timemachine
  };
@@ -76,7 +73,6 @@
  sops.secrets."restic/media" = { };
  sops.secrets."restic/nextcloud" = { };
  sops.secrets."restic/postgres" = { };
  sops.secrets."restic/transmission" = { };
  environment.systemPackages = with pkgs; [
    restic
--- a/hosts/challenger/services/audiobookshelf.nix
+++ b/hosts/challenger/services/audiobookshelf.nix
@@ -4,9 +4,12 @@ let
  host = "127.0.1.2";
  port = 5016;
 in {
  fileSystems = {
    "/var/lib/audiobookshelf" = {
      device = "/tank/media/audiobookshelf/config";
      depends = [ "/tank/media/audiobookshelf" ];
      fsType = "none";
      options = [ "bind" ];
    };
  };
--- a/hosts/challenger/services/calibre.nix
+++ b/hosts/challenger/services/calibre.nix
@@ -26,6 +26,7 @@ in {
    calibre-web = {
      enable = true;
      package = pkgs.unstable.calibre-web;
      user = "calibre-server";
      listen.ip = "127.0.0.1";
      listen.port = 5010;
--- a/hosts/defiant/services/dyndns.nix
+++ b/hosts/defiant/services/dyndns.nix
@@ -5,7 +5,7 @@
  services.domeneshop-dyndns = {
    enable = true;
-    domain = "site3.feal.no";
+    domain = "site2.feal.no";
    netrcFile = config.sops.secrets."domeneshop/netrc".path;
  };
 }
--- a/hosts/defiant/services/monitoring/prometheus.nix
+++ b/hosts/defiant/services/monitoring/prometheus.nix
@@ -18,10 +18,10 @@ in {
          {
            targets = [
              "challenger.home.feal.no:9100"
              "constellation.home.feal.no:9100"
              "defiant.home.feal.no:9100"
              "leonard.home.feal.no:9100"
              "morn.home.feal.no:9100"
              "scotty.home.feal.no:9100"
              "sisko.home.feal.no:9100"
            ];
          }
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@@ -31,6 +31,15 @@ in {
    defaults.email = "felix@albrigtsen.it";
  };
  # security.acme.certs."domainname" = {
  #   dnsProvider = "domeneshop";
  #   environmentFile = config.sops.secrets."domeneshop/acme".path;
  #   webroot = null;
  # }
  sops.secrets."domeneshop/acme" = {
    group = "nginx";
  };
  # Publicly exposed services:
  services.nginx.virtualHosts = let
--- a/hosts/defiant/services/vaultwarden.nix
+++ b/hosts/defiant/services/vaultwarden.nix
@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.vaultwarden;
-  domain = "pw.feal.no";
+  domain = "pw.home.feal.no";
  address = "127.0.1.2";
  port = 3011;
  wsPort = 3012;
@@ -43,13 +43,17 @@ in {
  services.postgresqlBackup.databases = [ "vaultwarden" ];
  security.acme.certs."pw.home.feal.no" = {
    dnsProvider = "domeneshop";
    environmentFile = config.sops.secrets."domeneshop/acme".path;
    webroot = null;
  };
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    listen = [
-      { addr = "192.168.10.175"; port = 43443; ssl = true; }
+      { addr = "192.168.10.175"; port = 443; ssl = true; }
-      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+      { addr = "192.168.10.175"; port = 80; ssl = false; }
    ];
    extraConfig = ''
--- a/hosts/defiant/services/wireguard.nix
+++ b/hosts/defiant/services/wireguard.nix
@@ -22,17 +22,7 @@ in {
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
      '';
-      peers = [
+      peers = (import ../../../common/wireguard-peers.nix);
        { # Burnham
          publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo=";
          persistentKeepalive = 60;
          allowedIPs = [
            "10.100.0.2/32"
            "192.168.11.0/24"
          ];
          #endpoint = "site2.feal.no:51902";
        }
      ] ++ (import ../../../common/wireguard-peers.nix);
    };
  };
 }
--- a/hosts/fa-t14-2025/hardware-configuration.nix
+++ b/hosts/fa-t14-2025/hardware-configuration.nix
@@ -17,10 +17,12 @@
  powerManagement.enable = true;
  services.power-profiles-daemon.enable = true;
-  services.logind.lidSwitch = "suspend-then-hibernate";
+  services.logind.settings.Login = {
-  services.logind.lidSwitchDocked = "ignore";
+    HandleLidSwitch = "suspend-then-hibernate";
-  services.logind.powerKey = "suspend-then-hibernate";
+    HandleLidSwitchDocked = "ignore";
-  services.logind.powerKeyLongPress = "poweroff";
+    HandlwPowerKey = "suspend-then-hibernate";
    HandlePowerKeyLongPress = "poweroff";
  };
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/75dd0e39-9411-48c9-822d-bf3c897d0f61";
--- a/hosts/fa-t14-2025/home.nix
+++ b/hosts/fa-t14-2025/home.nix
@@ -29,11 +29,12 @@ in {
    w3m
    nixpkgs-2211.remmina
-    (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
+    unstable.microsoft-edge
-      installPhase = installPhase + ''
+    # (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
-        ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
+    #   installPhase = installPhase + ''
-      '';
+    #     ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
-    }))
+    #   '';
    # }))
    # Window Manager Extras
    bibata-cursors
@@ -63,13 +64,14 @@ in {
      package = pkgs.aerc;
    };
    firefox.enable = true;
-    git.extraConfig.user.email = emailAddress;
+    git.settings.user.email = emailAddress;
    rbw = {
      enable = true;
      settings = {
        base_url = "https://vault.mktv.no";
        email = emailAddress;
        pinentry = pkgs.pinentry-rofi;
        lock_timeout = 60*60*8;
      };
    };
    rofi = {
@@ -78,7 +80,10 @@ in {
      theme = "Arc-Dark";
    };
    zsh = {
-      shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
+      shellAliases = {
        "kssh" = "ssh -t controlnode ssh";
        "rebuild" = "sudo nixos-rebuild switch --flake /config";
      };
      prezto.pmodules = [ "ssh" ];
    };
  };
--- a/hosts/leonard/backup.nix
+++ b/hosts/leonard/backup.nix
@@ -0,0 +1,43 @@
 { config, pkgs, lib, ... }:
 {
  services.restic.backups = let
    localJob = name: paths: {
      inherit paths;
      repository = "/mnt/feal-syn1/backup/leonard/${name}"; # TODO - Mount first
      passwordFile = config.sops.secrets."restic/${name}".path;
      initialize = true;
      pruneOpts = [
        "--keep-daily 3"
        "--keep-weekly 4"
        "--keep-monthly 3"
      ];
    };
    cloudJob = name: paths: {
      inherit paths;
      # "rsyncnet" connection details specified in /root/.ssh/config
      extraOptions = [ "rclone.program=\"ssh rsyncnet\"" ];
      # repository = "rclone::/${name}";
      repository = "rclone:";
      passwordFile = config.sops.secrets."restic/${name}".path;
      initialize = true;
      pruneOpts = [
        # rsync.net keeps daily snapshots
        "--keep-weekly 4"
        "--keep-monthly 36"
      ];
    };
  in {
    # TODO - local NAS backups
    mysql-remote = (cloudJob "postgres" [ "/var/backup/mysql" ]) // {
      timerConfig.OnCalendar = "01:30"; # 1h after mysqlBackup
    };
    # WIP
    # postgres-remote = (cloudJob "postgres" [ "/tank/backup/postgresql" ]) // {
    #   timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    # };
  };
  sops.secrets."restic/mysql" = { };
  sops.secrets."restic/postgres" = { };
 }
--- a/hosts/leonard/configuration.nix
+++ b/hosts/leonard/configuration.nix
@@ -8,6 +8,7 @@
      ../../common/auto-upgrade.nix
      ./hardware-configuration.nix
      ./backup.nix
      ./services/mysql.nix
      ./services/nginx.nix
      ./services/postgresql.nix
--- a/hosts/leonard/services/mysql.nix
+++ b/hosts/leonard/services/mysql.nix
@@ -6,5 +6,8 @@
    package = pkgs.mariadb;
  };
-  # TODO: services.mysqlBackup
+  services.mysqlBackup = {
    enable = true;
    calendar = "00:30:00";
  };
 }
--- a/hosts/leonard/services/www-amalie-mansaker-no/site.nix
+++ b/hosts/leonard/services/www-amalie-mansaker-no/site.nix
@@ -6,8 +6,8 @@ stdenv.mkDerivation {
    url = "https://git.feal.no/amalieem/amalie.mansaker.no.git";
    fetchSubmodules = true;
-    rev = "58265a25b37bf2286e0704e02ab3dde56a348d8b";
+    rev = "15142c93da33414a0be49384a03b704ad95e31be";
-    hash = "sha256-dPcv0AGjsWqDCWCjV2PeklBrWsIawLAccRQEYe3teOM=";
+    hash = "sha256-oq5NC11UDYjYKToPsEXovCiIBD5adamVwi3scOFzpHM=";
  };
  nativeBuildInputs = [ hugo ];
--- a/hosts/leonard/services/www-kinealbrigtsen-no.nix
+++ b/hosts/leonard/services/www-kinealbrigtsen-no.nix
@@ -20,6 +20,9 @@
      };
    }
  ];
  services.mysqlBackup.databases = [
    "www_kinealbrigtsen_no"
  ];
  services.phpfpm.pools.www-kinealbrigtsen-no = {
    user = "www-kinealbrigtsen-no";
--- a/hosts/sisko/home.nix
+++ b/hosts/sisko/home.nix
@@ -37,7 +37,7 @@
    exiftool
    ghidra
-    # pwndbg-gdb-alias # Broken in 25.05
+    pwndbg-gdb-alias
    snicat
    # Window Manager Extras
--- a/secrets/challenger/challenger.yaml
+++ b/secrets/challenger/challenger.yaml
@@ -9,7 +9,6 @@ restic:
    media: ENC[AES256_GCM,data:JwIX2r/ebE+LMS49s1xqbRjA8yfMRDEAnln5eN57L4o=,iv:zqxeEv7ogujMqBPZnRF7STDjVlKqMa1rGLjMY5iusgU=,tag:O9PofkyovSYH7qlX6r97DQ==,type:str]
    nextcloud: ENC[AES256_GCM,data:O7qT07ns9FodnZu63cPwBqHGslfMIafFvyPPrTrYEdk=,iv:fJ7A5gLThuVumnteL1P82Gq1EtiSAPGXoCZgzJKqVQs=,tag:Hp/kI3TeZQCaM+gP1W1i7w==,type:str]
    postgres: ENC[AES256_GCM,data:AZv28LIbGC2oAKjbU1H4gaCZF28utJJFXlKNO/BkL0U=,iv:xOJCIoFGtnEqV80rmiBBMa3dMZnPjaDIce+MAZkGZdo=,tag:dLTwE004KGfP3z9EoMVCCw==,type:str]
    transmission: ENC[AES256_GCM,data:UUf8/WV7Q7vbs05lEeqflcSj0uH9abilFF1daATyrwU=,iv:WQZ7hGRQ3/3t34aO7K5Az1AOZtR6qG4p1CqZTdsEqZA=,tag:2ELh2bYVi1sgW66FbSnVHg==,type:str]
 sops:
    age:
        - recipient: age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
@@ -48,7 +47,7 @@ sops:
            aXkxd2s2WUV0WnV6TGFodXhyNmN1eE0KfOnhI4/4rS5cD+UXuGV4AyZm32LoUw5O
            PVdfXxuksQl5jQ7BJv4cyBe7F/cb+Knd8F37T/5OqxEbtm3bBUfmyw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-18T21:43:12Z"
+    lastmodified: "2026-02-06T18:23:49Z"
-    mac: ENC[AES256_GCM,data:Bt5CrMY2Etl3iSZRVl58PN1ogYpLn3eXhuVCB0j4MKMphyLVJP1qxiQimpa5wriycJKqwBwvCDzJ7pLTxpHDOZaG6R3YfNYPEZlLAIiyOjZvF1ZBTbnF7cFp0thDuzPoFlEHeTFmY6Pe5GwXmSeUFo4ijghvbsFQ5IYXfWNoYz0=,iv:NCwLoI9g7poYbCME0/fUOZegMNOhc3ZvGpAhYoVeLMc=,tag:fiops2KveC/u3Nrmrftk/Q==,type:str]
+    mac: ENC[AES256_GCM,data:oDVM/CvFK+hpmaDcgabNPunyMOLrD0UW6ELIDOKyUGn4e+n/9F2zVVryJR4YqiUNDheLAmVzxJ0raGh5SSmDlETGmY0eKAwk9iCE4s5JtU5QLjaMQwtcC2i+DFgTi5hzvQgYqMXS5sTnldWs0SYlcp1rXsl0KnCA9GcVgdSPjgg=,iv:fjDYA/kyTa2TNRIRXN4zSTStIf52bpYQIdx9vSZjc5k=,tag:PAfTMWY1Jz+fKECZIUYHQQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/secrets/defiant/defiant.yaml
+++ b/secrets/defiant/defiant.yaml
@@ -5,6 +5,7 @@ matrix:
    slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
 domeneshop:
    netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
    acme: ENC[AES256_GCM,data:hESj6E3E9QI3mo0WxkLtk9elQNJ/878cecjHDCQJz9OQTG+rnlsCG5GhLOENcKlbhtZTkV8qsRSDO+3L2sdOEpe4eNuPnytxJycOrwZ3pr1F1FOBoWbkWX9F0xSf/7RxsetbrtlscnjaXYYdMBAAe3thkAXvca+0ZkZC/R4=,iv:/++qO2N4xczNvGjyZfG8JBF7KABa+GB+diO0jLTeQeA=,tag:08E7O/voRSNc7wt8upJojQ==,type:str]
 hedgedoc:
    env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
 vaultwarden:
@@ -58,7 +59,7 @@ sops:
            ZVp5RHU2U1ppakJCMFozWUNGSXhvNkkKDVPJGjPDaX+n3v27PBdMyk9kuzXnRIop
            h5XGRkJHTC4emo8zgKpBfByEb2fkBSL3k2ffZbVYtxrpupVBmT1Uqw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-14T22:36:00Z"
+    lastmodified: "2026-03-29T13:20:56Z"
-    mac: ENC[AES256_GCM,data:H//LCiMw1wE7IDFvKf/QEhOlAjx83R4bxGCE9g4lG0dg2V9LD2bWOq2FVGUrMxw350Rj8CFIWaS5ZolGOvUetbDiQTlqayXi7OArGKBkJphoAdr2rskGYVULmB90a4wp1Fq9oIW2ZjbeURQkwybGJzBTCXFRNWp1VcY1STxzlR8=,iv:DWNLKAcscWIUZ9n46I3dssCM7416oGdsY/mPy1YzrJA=,tag:Q03jAMKSDJw5HmFb9i3Hxg==,type:str]
+    mac: ENC[AES256_GCM,data:1nf8TodfK9B85SOql0enViCNQGU+diIfWhBWN+RrUFVX/5snso76j+/XlhSU7vck9Z+LB2f+2p4GyMbC0Y8CRMyiiszoINlOE1EljYI+iUZuj8iKUfOvtOAEUk1MXahu7Z8yYDD89aFQ47CoHEVaYnIzZQIrqvJauKilt9TpiO0=,iv:fC8wInBTPnUa+6L04nfv3tt5ohggwjZrnrO5vjiGIYo=,tag:jcjWezEriykPl44iRxgd0Q==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.12.1
--- a/secrets/leonard/leonard.yaml
+++ b/secrets/leonard/leonard.yaml
@@ -0,0 +1,45 @@
 restic:
    mysql: ENC[AES256_GCM,data:eu666roPHKu5vH/LbxW9MToINgr+ilcdW0ttOZ4zul0=,iv:SpZ6TI8mwC78rVxmPcEyp7m63RsDyUCPVM5ydzR7Aoo=,tag:vjFsoTwwiaXTSIZ9nm4tTA==,type:str]
    postgres: ENC[AES256_GCM,data:x8Z8avO2EsT/1AOPHeMX2Js9/PFlfKODSpa3DUp34OE=,iv:WLhkIwRkKlp/YMN7V6xX00+7n34pq45dGnvyvzkR2rk=,tag:jJU48KU11KbNm1ejMiLb6g==,type:str]
 sops:
    age:
        - recipient: age1djj3jvt0usurh43t8jsrs74t5pvj54w77vy7qgln9ykckag233eqyth4fl
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSM1owTEVLeEhobDEzQll5
            ejVyb3UzS0F0eDF3RnFMNWRhT2RXTTNLNjBrCnROUHE2REFGOGY4TFhVOE5lYlZB
            UXN2Qk4vTDl0b0RRNmNLRVNkeGpqQ00KLS0tIGFlQkNqMlFmSDZ6Qk1QSHRnR2JO
            L29iaDdTWFJ0L3REbDhvNEVIeGlQVE0KnsKH6C7mWlHb81aY+U9RUE3qEV9qeaWw
            yCip5jRKD4gFgtMNLYTp3UsUPTojRGUuWEyHTLdXyDzQodtxi2rvmA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age146z3h3flw7spy5thznak8k5jh6yd68k9qrrehg8sdcwmyjv3vd7qvahdur
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S25TZVY3MDlQNWN5ODEz
            SHIrUXhZMTQvSW1nenhnMEpsMStySkxYVGxJCnE0bW90a202aUZ2eDl2YVA1dXc2
            RjlMSGVlSVlHSVNYOS9UY3JkczFQNlUKLS0tIGRzc1ZLZ0lzYm5iRzlSWG8zT0Rl
            ckJzRXh3ZFdYS0FCTTQwUnBzRlB2S3MKRRfqGAYC+VGesmgV7BcJ57UHayzQRmsB
            SPI9k3QheBFgjI/Oo//kctiZvphtyDopGdJfV2EFX+yFJk1vC0vwQA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUnJJUmMxQVBzdTRaZjAv
            NmFxUzFLUFRzNnRpUzhtVUhGcUh2anQxYzB3CjRLeFFnQ1NKc1c0MmVsenFXSDR0
            SlVwZGFwRFQxSDVYL2NPSXdrVWRYY1UKLS0tIG5uemNXUkJyNExrMkNKQU84MWdP
            NGN0c2lKTGJQa2tMamRWTUMwdVBWb1UKNxKhDvi0mbzF0eX5V/e3SDMCNEjb81z4
            z0y1R/rwlym7YDP00S0j2/PSQuYX7zRFFqikiYle2rR+CNG4LtU2jQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNHBNRm80ZjhTWUlRZEJQ
            MEdPbjZ2SGp3T0NQdmRiVmxSN3NNR3Fmd0I0Ckk5UXpYYmtSNThua2thV1ZrS0FF
            R2MvMWNvYmFGZlM3ZTVwY1RkUXNPYXcKLS0tIEVJNElhUG5tTzlZaVpNQVc5dWsv
            YkdCRlZncE8yYUVGYzVzSjNEeUU5VzAKGE1gMpKpt+O1+zx6s5nyfIbh1sYDnQxB
            ksYLDyLXPyjcn5aFpbQ5MLoUQN1rvZK0TB3b2OTL8AJ8vThtx9SKwA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-01-25T22:56:53Z"
    mac: ENC[AES256_GCM,data:U0ClvqjPYyO83Zq/IMwzfDmZME5ZPqqAIVRaBc0lAFszTV3Ga+Gx9fIuVjECkFKFuxz0pIOsYgJMl8IFlDi7XfH6BArbP7lTc99kW0/3EV9AnwvYIqFgX3jEaE2l7fRsStB+LD/Km93tppC0M6xqSCHxa/UXtR54e/cxwm+1PgY=,iv:llhk1vwjDuqr0io5edjxWy3fBu03XYEhoUaUeErBvys=,tag:BSJ/Yy1bhE1iJhTiMEfzOA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/shells/ctf.nix
+++ b/shells/ctf.nix
@@ -1,5 +1,6 @@
 let
  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
  # TODO: Add github:pwndbg/pwndbg
 in { pkgs ? import <nixpkgs> {} }:
  pkgs.mkShell {
    nativeBuildInputs = with pkgs; [
@@ -48,7 +49,6 @@ in { pkgs ? import <nixpkgs> {} }:
      # stegsolve
      gdb
      metasploit
      pwndbg
      pwninit
      ropgadget
      sage
@@ -56,5 +56,4 @@ in { pkgs ? import <nixpkgs> {} }:
      tcpdump
      wireshark
    ];
 }
Author	SHA1	Message	Date
Felix Albrigtsen	670f5b6559	flake: update, fixes GHSA-g3g9-5vj6-r3gj	2026-04-08 09:28:51 +02:00
Felix Albrigtsen	05ca36c4fa	flake: change channel to small. update.	2026-04-04 22:34:20 +02:00
Felix Albrigtsen	d3776db311	defiant/vaultwarden: unpublish	2026-03-29 15:52:03 +02:00
Felix Albrigtsen	d117a6422c	flake: update. fa-t14-2025: minor fixes	2026-03-13 09:56:47 +01:00
Felix Albrigtsen	42d69bb8c5	flake: fix pwndbg	2026-02-20 17:47:29 +01:00
Felix Albrigtsen	4e93e8dc04	challenger/audiobookshelf: fix mount again. challenger: other minor updates	2026-02-18 18:12:13 +01:00
Felix Albrigtsen	7d8a3a10dc	flake: bump inputs	2026-02-04 18:11:49 +01:00
Felix Albrigtsen	14ff95a90d	fa-t14-2025: minor home-manager changes	2026-01-26 12:39:52 +01:00
Felix Albrigtsen	f8ca64ee28	WIP: leonard: add backup.nix, mysqlBackup	2026-01-26 00:15:44 +01:00
Felix Albrigtsen	97b7cb8e53	flake: update	2026-01-24 20:22:48 +01:00
Felix Albrigtsen	0ffb502f68	defiant/wireguard: deprecate old peers	2025-12-31 20:59:58 +01:00
Felix Albrigtsen	27596cfcee	defiant/dyndns: change domain name	2025-12-31 20:21:01 +01:00
Felix Albrigtsen	ec9811bf31	prometheus: add constellation	2025-12-16 07:48:24 +01:00
Felix Albrigtsen	7c9efc9638	leonard: update amalie-mansaker-no	2025-12-12 20:18:06 +01:00
Felix Albrigtsen	ad36469dd2	Merge pull request 'nixos-25.11' (#6 ) from nixos-25.11 into main Reviewed-on: #6	2025-12-08 21:07:41 +01:00