defiant: update to nixos 26.05

common: disable promtail (deprecated). Point auto-upgrade to upgrade branch
worf: re-add spotify
2026-05-31 22:04:48 +02:00 · 2026-05-31 19:04:12 +02:00 · 2026-05-31 17:21:24 +02:00 · 2026-05-31 17:16:51 +02:00 · 2026-05-31 11:07:15 +02:00 · 2026-05-28 12:05:41 +02:00
42 changed files with 482 additions and 177 deletions
@@ -3,6 +3,7 @@ keys:
  - &host_burnham age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
  - &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
  - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
+  - &host_leonard age1djj3jvt0usurh43t8jsrs74t5pvj54w77vy7qgln9ykckag233eqyth4fl
  - &host_morn age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
  - &user_felixalb_sisko age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
  - &user_felixalb_worf age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
@@ -41,6 +42,14 @@ creation_rules:
      - *user_felixalb_sisko
      - *user_felixalb_worf

+  - path_regex: secrets/leonard/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_leonard
+      - *bw_recovery
+      - *user_felixalb_sisko
+      - *user_felixalb_worf
+
  - path_regex: secrets/morn/[^/]+\.yaml$
    key_groups:
    - age:
@@ -6,7 +6,7 @@

  networking = {
    domain = lib.mkDefault "home.feal.no";
-    nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
+    nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" ];
    useDHCP = lib.mkDefault false;
  };

@@ -35,6 +35,7 @@

  environment.systemPackages = with pkgs; [
    bottom
+    diffr
    eza
    file
    git
@@ -44,6 +45,7 @@
    iotop
    lm_sensors
    nix-output-monitor
+    nixfmt
    p7zip
    python3
    ripgrep
@@ -3,11 +3,11 @@
 {
  system.autoUpgrade = {
    enable = true;
-    flake = "git+https://git.feal.no/felixalb/nixos-config.git";
+    flake = "git+https://git.feal.no/felixalb/nixos-config.git?ref=nixos-26.05"; # TODO - restore to main
    flags = [
      # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs.
      "--refresh"
-      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.11"
+      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-26.05-small"
      "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable"
      "--no-write-lock-file"
    ];
@@ -17,41 +17,6 @@ in {
    '';
  };

-  services.promtail = {
-    enable = true;
-    configuration = {
-      server = {
-        http_listen_port = 28183;
-        grpc_listen_port = 0;
-      };
-      clients = [
-        {
-          url = "http://${metricsHost}:3100/loki/api/v1/push";
-        }
-      ];
-      scrape_configs = [
-        {
-          job_name = "systemd-journal";
-          journal = {
-            max_age = "12h";
-            labels = {
-              job = "systemd-journal";
-              host = config.networking.hostName;
-            };
-          };
-          relabel_configs = [
-            {
-              source_labels = [ "__journal__systemd_unit" ];
-              target_label = "unit";
-            }
-            {
-              source_labels = [ "__journal_priority_keyword" ];
-              target_label = "level";
-            }
-          ];
-        }
-      ];
-    };
-  };
+  # TODO: Configure fluent-bit or rsyslog

 }
@@ -0,0 +1,44 @@
+# Credit https://git.pvv.ntnu.no/oysteikt 2026
+
+{
+  openssh,
+  fetchurl,
+  lib
+}:
+
+openssh.overrideAttrs (prev: rec {
+  # Old crypto was removed in v10.0
+  version = "9.9p2";
+  src = fetchurl {
+    url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
+    hash = "sha256-karbYD4IzChe3fll4RmdAlhfqU2ZTWyuW0Hhch4hVnM=";
+  };
+
+  configureFlags = prev.configureFlags ++ [
+    "--enable-dsa-keys"
+  ];
+
+  # Broken patches, meant for 10.3p :p
+  patches = lib.filter (x: !(lib.any (suf: lib.hasSuffix suf (baseNameOf x)) [
+    "dont_create_privsep_path.patch"
+    "pkcs11-fix-pinentry.patch"
+    "pkcs11-tests-allow-module-path.patch"
+    "ssh-agent-tests-increase-timeout.patch"
+  ])) prev.patches;
+
+  # We actually needed the `dont_create_privsep_path` one :3
+  postPatch = prev.postPatch + ''
+    substituteInPlace Makefile.in \
+      --replace-fail '$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)' '''
+  '';
+
+  # Tihi
+  doInstallCheck = false;
+  postFixup = ''
+    rm -rf $out/libexec $out/etc
+    rm $out/bin/ssh-* $out/bin/sshd $out/bin/sftp
+    cd $out/bin
+    for filename in *; do mv {,old}"$filename"; done;
+  '';
+})
+
@@ -1,8 +0,0 @@
-{ pwndbg }:
-
-# "$ coredumpctl gdb" always runs "gdb" from your path.
-pwndbg.overrideAttrs ({ installPhase ? "", ... }: {
-  installPhase = installPhase + ''
-    ln -s $out/bin/pwndbg $out/bin/gdb
-  '';
-})
@@ -1,10 +1,4 @@
 [
-  { # Sulu
-    publicKey = "j6YVekgGS4nhL5zUiOTeK2BVQkYGlTQaiUpwcqQyfRk=";
-    allowedIPs = [
-      "10.100.0.3/32"
-    ];
-  }
  { # Worf
    publicKey = "kW8SyzCh2tw8GzZV6bPn+IQVNUoUhseNfEm3rHnR1So=";
    allowedIPs = [
@@ -2,11 +2,11 @@
  "nodes": {
    "extra-config": {
      "locked": {
-        "lastModified": 1745649002,
-        "narHash": "sha256-XNBExt3+U3o4lip+yj6oorCEPZ9Qe8PzBSFM5ZzVtSA=",
+        "lastModified": 1775160379,
+        "narHash": "sha256-xrY3E3RTHP/c8MRKtciVbpXrgPCEnSQeNK4dCF53i9E=",
        "ref": "refs/heads/main",
-        "rev": "50c9c15db2b309d299b1c19089c962979e01f45b",
-        "revCount": 13,
+        "rev": "66b4e90b64ecfacc1fff901f3197388f70bc53c8",
+        "revCount": 15,
        "type": "git",
        "url": "file:///home/felixalb/nix-extra-config"
      },
@@ -31,24 +31,6 @@
        "type": "github"
      }
    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -56,16 +38,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1764776959,
-        "narHash": "sha256-d+5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA=",
+        "lastModified": 1779726825,
+        "narHash": "sha256-RUkMrREjKDQrA+dA9+xZviGAxM5W1aVdyOr/bSYpHrE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e1680d594a9281651cbf7d126941a8c8e2396183",
+        "rev": "b179bde238977f7d4454fc770b1a727eaf55111c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.11",
+        "ref": "release-26.05",
        "repo": "home-manager",
        "type": "github"
      }
@@ -97,16 +79,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1764161084,
-        "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
+        "lastModified": 1779036909,
+        "narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=",
        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "e95de00a471d07435e0527ff4db092c84998698e",
+        "rev": "56c666e108467d87d13508936aade6d567f2a501",
        "type": "github"
      },
      "original": {
        "owner": "nix-darwin",
-        "ref": "nix-darwin-25.11",
+        "ref": "nix-darwin-26.05",
        "repo": "nix-darwin",
        "type": "github"
      }
@@ -114,17 +96,17 @@
    "nix-minecraft": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
+        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1764813963,
-        "narHash": "sha256-Vs7Mamto+T8r1evk9myHepgHGNJkS2Kr0BF64NIei94=",
+        "lastModified": 1780113881,
+        "narHash": "sha256-AMOOt682Odr4GZwCwZ08/Q/21/Sh3DxfmOAoiQbTKhk=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "491200d6848402bbab1421cccbc15a46f08c7f78",
+        "rev": "d9bd57f218cda7d6aac4b52546240da0df76a1f9",
        "type": "github"
      },
      "original": {
@@ -135,22 +117,23 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764677808,
-        "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
+        "lastModified": 1780203844,
+        "narHash": "sha256-K5sT4jTpGs15ADhviMKNBH38REpPf5Q6mM1+N6cArVE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
+        "rev": "b51242d7d43689db2f3be91bd05d5b24fbb469c4",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.11",
+        "ref": "nixos-26.05-small",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-2211": {
      "locked": {
+        "lastModified": 1658083977,
        "narHash": "sha256-yqLXI+viN5+Vx5YpG9gNapKL3/+P6Pkprc36xNdyqSU=",
        "type": "tarball",
        "url": "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"
@@ -162,27 +145,27 @@
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1764806471,
-        "narHash": "sha256-NsPsz003eWD8wp8vj5BnQzPoDyeQKRUfS2dvan2Y30M=",
+        "lastModified": 1780020239,
+        "narHash": "sha256-ik+V883hTc6GG7TzjxMdhEoMV0hCbQPfsRtNsB1qWUQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6707b1809330d0f912f5813963bb29f6f194ee81",
+        "rev": "c85dc29a9bcafa665b8ce0654ca019cdb05e63c6",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixpkgs-25.11-darwin",
+        "ref": "nixpkgs-26.05-darwin",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1764667669,
-        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
+        "lastModified": 1779560665,
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "418468ac9527e799809c900eda37cbff999199b6",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
        "type": "github"
      },
      "original": {
@@ -192,6 +175,79 @@
        "type": "github"
      }
    },
+    "pwndbg": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pyproject-build-systems": "pyproject-build-systems",
+        "pyproject-nix": "pyproject-nix",
+        "uv2nix": "uv2nix"
+      },
+      "locked": {
+        "lastModified": 1780187278,
+        "narHash": "sha256-vIC3RsPexOT2zcacHBcIQ5CPrPIisSLiMBS6tblGLDw=",
+        "owner": "pwndbg",
+        "repo": "pwndbg",
+        "rev": "07a27367b17e2b7172d6c7a2b891e4c5471275b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pwndbg",
+        "repo": "pwndbg",
+        "type": "github"
+      }
+    },
+    "pyproject-build-systems": {
+      "inputs": {
+        "nixpkgs": [
+          "pwndbg",
+          "nixpkgs"
+        ],
+        "pyproject-nix": [
+          "pwndbg",
+          "pyproject-nix"
+        ],
+        "uv2nix": [
+          "pwndbg",
+          "uv2nix"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763662255,
+        "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=",
+        "owner": "pyproject-nix",
+        "repo": "build-system-pkgs",
+        "rev": "042904167604c681a090c07eb6967b4dd4dae88c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pyproject-nix",
+        "repo": "build-system-pkgs",
+        "type": "github"
+      }
+    },
+    "pyproject-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "pwndbg",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1769936401,
+        "narHash": "sha256-kwCOegKLZJM9v/e/7cqwg1p/YjjTAukKPqmxKnAZRgA=",
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
+        "rev": "b0d513eeeebed6d45b4f2e874f9afba2021f7812",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "extra-config": "extra-config",
@@ -203,6 +259,7 @@
        "nixpkgs-2211": "nixpkgs-2211",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-unstable": "nixpkgs-unstable",
+        "pwndbg": "pwndbg",
        "sops-nix": "sops-nix"
      }
    },
@@ -213,11 +270,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764483358,
-        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
+        "lastModified": 1777944972,
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
        "type": "github"
      },
      "original": {
@@ -240,6 +297,31 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "uv2nix": {
+      "inputs": {
+        "nixpkgs": [
+          "pwndbg",
+          "nixpkgs"
+        ],
+        "pyproject-nix": [
+          "pwndbg",
+          "pyproject-nix"
+        ]
+      },
+      "locked": {
+        "lastModified": 1769957392,
+        "narHash": "sha256-6PkqwwYf5K2CHi2V+faI/9pqjfz/HxUkI/MVid6hlOY=",
+        "owner": "pyproject-nix",
+        "repo": "uv2nix",
+        "rev": "d18bc50ae1c3d4be9c41c2d94ea765524400af75",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pyproject-nix",
+        "repo": "uv2nix",
+        "type": "github"
+      }
    }
  },
  "root": "root",
@@ -2,24 +2,29 @@
  description = "Felixalb System flake";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; # Remember to update ./common/auto-upgrade.nix
-    nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-25.11-darwin";
+    # Nixpkgs and friends
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05-small"; # Remember to update ./common/auto-upgrade.nix
+    nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-26.05-darwin";
    nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

-    nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11";
+    nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05";
    nix-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin";

-    home-manager.url = "github:nix-community/home-manager/release-25.11";
+    home-manager.url = "github:nix-community/home-manager/release-26.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

+    # Other inputs
+    extra-config.url = "git+file:///home/felixalb/nix-extra-config";
+
    matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; # TODO: Lock to release
    matrix-synapse-next.inputs.nixpkgs.follows = "nixpkgs";

    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
    nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";

-    extra-config.url = "git+file:///home/felixalb/nix-extra-config";
+    pwndbg.url = "github:pwndbg/pwndbg";
+    pwndbg.inputs.nixpkgs.follows = "nixpkgs";

    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -27,16 +32,17 @@

  outputs = {
    self
+    , extra-config
    , home-manager
    , matrix-synapse-next
-    , nix-minecraft
    , nix-darwin
+    , nix-minecraft
    , nixpkgs
    , nixpkgs-2211
    , nixpkgs-darwin
    , nixpkgs-unstable
+    , pwndbg
    , sops-nix
-    , extra-config
  , ... }@inputs:
    let
      pkgs-overlay = final: prev: {
@@ -50,8 +56,11 @@
          config.allowUnfree = true;
        };

-        pwndbg-gdb-alias = prev.callPackage ./common/pwndbg-gdb-alias.nix { };
+        pwndbg = pwndbg.packages."${prev.system}".default;
+
        securecrt = prev.callPackage ./common/securecrt.nix { };
+
+        oldssh = prev.callPackage ./common/oldssh.nix { };
      };
    in
    {
@@ -10,7 +10,6 @@
      bat
      bottom
      # ncdu
-      neofetch
      pwgen
      sshfs
      sshuttle
@@ -48,9 +47,10 @@
      };
    };
    ignores = [
-      "*~"
      "*.swp"
+      "*~"
      ".DS_Store"
+      ".gdb_history"
      ".vscode"
    ];
  };
@@ -24,16 +24,19 @@ in {
      nvim-treesitter

      coc-css
-      coc-go
      coc-html
      coc-json
      coc-nvim

      vim-nix
      vim-puppet
+
+      go-nvim
    ];

    withNodeJs = true;
+    withPython3 = true;
+    withRuby = false;

    extraConfig = ''
      let mapleader = ','
@@ -65,9 +65,6 @@
      timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    };

-    # Transmission metadata/config
-    transmission = localJob "transmission" [ "/var/lib/transmission" ];
-
    # TODO: timemachine
  };

@@ -76,7 +73,6 @@
  sops.secrets."restic/media" = { };
  sops.secrets."restic/nextcloud" = { };
  sops.secrets."restic/postgres" = { };
-  sops.secrets."restic/transmission" = { };

  environment.systemPackages = with pkgs; [
    restic
@@ -15,6 +15,7 @@
      # ./services/archivebox.nix
      ./services/audiobookshelf.nix
      ./services/calibre.nix
+      ./services/frigate.nix
      ./services/jellyfin.nix
      ./services/komga.nix
      ./services/nextcloud.nix
@@ -4,9 +4,12 @@ let
  host = "127.0.1.2";
  port = 5016;
 in {
+
  fileSystems = {
    "/var/lib/audiobookshelf" = {
      device = "/tank/media/audiobookshelf/config";
+      depends = [ "/tank/media/audiobookshelf" ];
+      fsType = "none";
      options = [ "bind" ];
    };
  };
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+{
+  fileSystems = {
+    "/var/lib/frigate" = {
+      device = "/tank/nvr/frigate";
+      depends = [ "/tank/nvr/frigate" ];
+      options = [ "bind" ];
+    };
+  };
+
+  services.frigate = {
+    enable = true;
+    hostname = "frigate.home.feal.no";
+    vaapiDriver = "nvidia";
+    checkConfig = false;
+    settings = {
+      # auth.reset_admin_password = true;
+      motion.enabled = true;
+      record.enabled = true;
+      # snapshots.enabled = true;
+      # detect = {
+      #   enabled = true;
+      #   fps = 5;
+      # };
+
+      cameras = {
+        driveway = {
+          ffmpeg.inputs = [
+            {
+              path = "rtsp://admin:placeholder@192.168.10.40/streaming/channels/101";
+              roles = [
+                "detect"
+                "record"
+              ];
+            }
+          ];
+        };
+      };
+    };
+  };
+
+  systemd.services.frigate.serviceConfig = {
+    # Allow GPU use
+    PrivateDevices = false;
+
+    # Allow cpuinfo
+    ProcSubset = "all";
+  };
+}
@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 let
  domain = "komga.home.feal.no";
-  port = 5001;
+  port = 5004;
 in {
  services.komga = {
    enable = true;
@@ -11,7 +11,7 @@
    recommendedGzipSettings = true;
    recommendedOptimisation = true;

-    virtualHosts."cloud.feal.no".default = true;
+    virtualHosts."jf.feal.no".default = true;
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -3,7 +3,11 @@
  # Boot drives are defined in ./hardware-configuration.nix

  boot = {
-    zfs.extraPools = [ "tank" ];
+    zfs = {
+      extraPools = [ "tank" ];
+      forceImportRoot = false;
+    };
+
    supportedFilesystems = [ "zfs" ];
  };
  services.prometheus.exporters.zfs.enable = true;
@@ -11,6 +11,7 @@
  fileSystems."/var/lib/libvirt/images" = {
    device = "/tank/iso";
    options = [ "bind" ];
+    fsType = "auto";
  };

  # On a gui-enabled machine, connect with:
@@ -5,7 +5,7 @@

  services.domeneshop-dyndns = {
    enable = true;
-    domain = "site3.feal.no";
+    domain = "site2.feal.no";
    netrcFile = config.sops.secrets."domeneshop/netrc".path;
  };
 }
@@ -9,10 +9,15 @@ in {

    # TODO: Migrate sqlite to postgres

-    settings.server = {
-      domain = "grafana.home.feal.no";
-      http_port = 2342;
-      http_addr = "127.0.0.1";
+    settings = {
+      server = {
+        domain = "grafana.home.feal.no";
+        http_port = 2342;
+        http_addr = "127.0.0.1";
+      };
+      security = {
+        secret_key = "SW2YcwTIb9zpOOhoPsMm"; # TODO - Rotate
+      };
    };

    provision = {
@@ -18,10 +18,10 @@ in {
          {
            targets = [
              "challenger.home.feal.no:9100"
+              "constellation.home.feal.no:9100"
              "defiant.home.feal.no:9100"
              "leonard.home.feal.no:9100"
              "morn.home.feal.no:9100"
-              "scotty.home.feal.no:9100"
              "sisko.home.feal.no:9100"
            ];
          }
@@ -1,12 +1,13 @@
 { config, pkgs, ... }:

 {
-  services.prometheus.exporters.snmp = {
-    enable = true;
-    configurationPath = ./snmp-exporter-conf.yml;
-    # snmp.yml is built from
-    # https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml
-    # and
-    # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf
-  };
+  # TODO - Fix. Broken in 26.05
+  # services.prometheus.exporters.snmp = {
+  #   enable = true;
+  #   configurationPath = ./snmp-exporter-conf.yml;
+  #   # snmp.yml is built from
+  #   # https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml
+  #   # and
+  #   # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf
+  # };
 }
@@ -31,6 +31,15 @@ in {
    defaults.email = "felix@albrigtsen.it";
  };

+  # security.acme.certs."domainname" = {
+  #   dnsProvider = "domeneshop";
+  #   environmentFile = config.sops.secrets."domeneshop/acme".path;
+  #   webroot = null;
+  # };
+  sops.secrets."domeneshop/acme" = {
+    group = "nginx";
+  };
+
  # Publicly exposed services:

  services.nginx.virtualHosts = let
@@ -54,15 +63,40 @@ in {
      '';
    } // overrides;
  in {
-    "amalie.mansaker.no" = publicProxy "http://leonard.home.feal.no/" { };
    "cloud.feal.no" = publicProxy "" {
+      listen = [
+        { addr = "192.168.10.175"; port = 43443; ssl = true; }
+        { addr = "192.168.10.175"; port = 43080; ssl = false; }
+        # Note: cloud.feal.no is overriden in the local DNS, to allow use through Wireguard VPN
+        { addr = "192.168.10.175"; port =   443; ssl = true; }
+        { addr = "192.168.10.175"; port =    80; ssl = false; }
+      ];
      locations."/" = {
        proxyPass = "http://challenger.home.feal.no";
        extraConfig = ''
          client_max_body_size 8G;
        '';
      };
+      extraConfig = ''
+          # Direct local traffic and NAT Hairpin
+          allow 192.168.10.0/24;
+
+          # Wireguard
+          allow 10.100.0.0/24;
+
+          # AS16185
+          allow 82.146.64.0/19;
+          allow 217.31.96.0/20;
+          allow 185.166.44.0/22;
+
+          # NTNU
+          allow 129.241.0.0/16;
+
+          deny all;
+      '';
    };
+
+    "amalie.mansaker.no" = publicProxy "http://leonard.home.feal.no/" { };
    "feal.no" = publicProxy "http://leonard.home.feal.no/" { serverAliases = [ "www.feal.no" ]; };
    "git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" { default = true; };
    "iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
@@ -70,4 +104,10 @@ in {
    "kinealbrigtsen.no" = publicProxy "http://leonard.home.feal.no/" { serverAliases = [ "www.kinealbrigtsen.no" ]; };
    "wiki.wackattack.eu" = publicProxy "http://leonard.home.feal.no/" { };
  };
+
+  security.acme.certs."cloud.feal.no" = {
+    dnsProvider = "domeneshop";
+    environmentFile = config.sops.secrets."domeneshop/acme".path;
+    webroot = null;
+  };
 }
@@ -4,7 +4,7 @@ let
  dnsHost = "192.168.10.175";
  webuiListen = "127.0.1.2:5053";
 in {
-  # Flame - Homelab dashboard/linktree
+  # Pihole - Ad-blocking DNS recursor and authoritative DNS/DHCP
  virtualisation.oci-containers.containers = {
    pihole = {
      image = "pihole/pihole";
@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.vaultwarden;
-  domain = "pw.feal.no";
+  domain = "pw.home.feal.no";
  address = "127.0.1.2";
  port = 3011;
  wsPort = 3012;
@@ -43,13 +43,17 @@ in {

  services.postgresqlBackup.databases = [ "vaultwarden" ];

+  security.acme.certs."pw.home.feal.no" = {
+    dnsProvider = "domeneshop";
+    environmentFile = config.sops.secrets."domeneshop/acme".path;
+    webroot = null;
+  };
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
-
    listen = [
-      { addr = "192.168.10.175"; port = 43443; ssl = true; }
-      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+      { addr = "192.168.10.175"; port = 443; ssl = true; }
+      { addr = "192.168.10.175"; port = 80; ssl = false; }
    ];

    extraConfig = ''
@@ -22,17 +22,7 @@ in {
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
      '';

-      peers = [
-        { # Burnham
-          publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo=";
-          persistentKeepalive = 60;
-          allowedIPs = [
-            "10.100.0.2/32"
-            "192.168.11.0/24"
-          ];
-          #endpoint = "site2.feal.no:51902";
-        }
-      ] ++ (import ../../../common/wireguard-peers.nix);
+      peers = (import ../../../common/wireguard-peers.nix);
    };
  };
 }
@@ -17,10 +17,12 @@

  powerManagement.enable = true;
  services.power-profiles-daemon.enable = true;
-  services.logind.lidSwitch = "suspend-then-hibernate";
-  services.logind.lidSwitchDocked = "ignore";
-  services.logind.powerKey = "suspend-then-hibernate";
-  services.logind.powerKeyLongPress = "poweroff";
+  services.logind.settings.Login = {
+    HandleLidSwitch = "suspend-then-hibernate";
+    HandleLidSwitchDocked = "ignore";
+    HandlwPowerKey = "suspend-then-hibernate";
+    HandlePowerKeyLongPress = "poweroff";
+  };

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/75dd0e39-9411-48c9-822d-bf3c897d0f61";
@@ -13,6 +13,7 @@ in {
    chromium
    dig
    element-desktop
+    gnumeric
    hunspellDicts.en_US
    hunspellDicts.nb_NO
    iperf3
@@ -20,6 +21,7 @@ in {
    libreoffice
    mpv
    oauth2ms
+    oldssh
    openssl
    openvpn
    pavucontrol
@@ -29,11 +31,12 @@ in {
    w3m
    nixpkgs-2211.remmina

-    (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
-      installPhase = installPhase + ''
-        ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
-      '';
-    }))
+    unstable.microsoft-edge
+    # (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
+    #   installPhase = installPhase + ''
+    #     ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
+    #   '';
+    # }))

    # Window Manager Extras
    bibata-cursors
@@ -63,13 +66,14 @@ in {
      package = pkgs.aerc;
    };
    firefox.enable = true;
-    git.extraConfig.user.email = emailAddress;
+    git.settings.user.email = emailAddress;
    rbw = {
      enable = true;
      settings = {
        base_url = "https://vault.mktv.no";
        email = emailAddress;
        pinentry = pkgs.pinentry-rofi;
+        lock_timeout = 60*60*8;
      };
    };
    rofi = {
@@ -78,7 +82,11 @@ in {
      theme = "Arc-Dark";
    };
    zsh = {
-      shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
+      shellAliases = {
+        "kssh" = "ssh -t controlnode ssh";
+        "ossh" = "oldssh -oHostKeyAlgorithms=+ssh-dss -oCiphers=+aes256-cbc -oKexAlgorithms=+diffie-hellman-group14-sha1";
+        "rebuild" = "sudo nixos-rebuild switch --flake /config";
+      };
      prezto.pmodules = [ "ssh" ];
    };
  };
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+{
+  services.restic.backups = let
+    localJob = name: paths: {
+      inherit paths;
+      repository = "/mnt/feal-syn1/backup/leonard/${name}"; # TODO - Mount first
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 4"
+        "--keep-monthly 3"
+      ];
+    };
+    cloudJob = name: paths: {
+      inherit paths;
+      # "rsyncnet" connection details specified in /root/.ssh/config
+      extraOptions = [ "rclone.program=\"ssh rsyncnet\"" ];
+      # repository = "rclone::/${name}";
+      repository = "rclone:";
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        # rsync.net keeps daily snapshots
+        "--keep-weekly 4"
+        "--keep-monthly 36"
+      ];
+    };
+  in {
+    # TODO - local NAS backups
+    mysql-remote = (cloudJob "postgres" [ "/var/backup/mysql" ]) // {
+      timerConfig.OnCalendar = "01:30"; # 1h after mysqlBackup
+    };
+    # WIP
+    # postgres-remote = (cloudJob "postgres" [ "/tank/backup/postgresql" ]) // {
+    #   timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
+    # };
+
+  };
+
+  sops.secrets."restic/mysql" = { };
+  sops.secrets."restic/postgres" = { };
+}
@@ -8,6 +8,7 @@
      ../../common/auto-upgrade.nix
      ./hardware-configuration.nix

+      ./backup.nix
      ./services/mysql.nix
      ./services/nginx.nix
      ./services/postgresql.nix
@@ -22,6 +23,7 @@
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;

  networking = {
    hostName = "leonard";
@@ -15,7 +15,10 @@
      fsType = "ext4";
    };

-  swapDevices = [ ]; # TODO
+  swapDevices = [ {
+    device = "/swapfile";
+    size = 4*1024;
+  } ];

  networking.useDHCP = lib.mkDefault false;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
@@ -6,5 +6,8 @@
    package = pkgs.mariadb;
  };

-  # TODO: services.mysqlBackup
+  services.mysqlBackup = {
+    enable = true;
+    calendar = "00:30:00";
+  };
 }
@@ -6,8 +6,8 @@ stdenv.mkDerivation {
    url = "https://git.feal.no/amalieem/amalie.mansaker.no.git";
    fetchSubmodules = true;

-    rev = "58265a25b37bf2286e0704e02ab3dde56a348d8b";
-    hash = "sha256-dPcv0AGjsWqDCWCjV2PeklBrWsIawLAccRQEYe3teOM=";
+    rev = "f5ff8133b9d31de0de7386be8831de0d0fab6f95";
+    hash = "sha256-fld2f9PW1vwnals6kUerXzqGP/anMs7abstaYfaXO4Q=";
  };

  nativeBuildInputs = [ hugo ];
@@ -20,6 +20,9 @@
      };
    }
  ];
+  services.mysqlBackup.databases = [
+    "www_kinealbrigtsen_no"
+  ];

  services.phpfpm.pools.www-kinealbrigtsen-no = {
    user = "www-kinealbrigtsen-no";
@@ -24,7 +24,10 @@
      options = [ "fmask=0077" "dmask=0077" ];
    };

-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/swapfile";
+    size = 4*1024;
+  } ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -37,7 +37,7 @@

    exiftool
    ghidra
-    # pwndbg-gdb-alias # Broken in 25.05
+    pwndbg
    snicat

    # Window Manager Extras
@@ -26,7 +26,7 @@
    prismlauncher
    restic
    snicat
-    # spotify # TODO - broken in 25.11
+    spotify
    tldr
    w3m
    zellij
@@ -9,7 +9,6 @@ restic:
    media: ENC[AES256_GCM,data:JwIX2r/ebE+LMS49s1xqbRjA8yfMRDEAnln5eN57L4o=,iv:zqxeEv7ogujMqBPZnRF7STDjVlKqMa1rGLjMY5iusgU=,tag:O9PofkyovSYH7qlX6r97DQ==,type:str]
    nextcloud: ENC[AES256_GCM,data:O7qT07ns9FodnZu63cPwBqHGslfMIafFvyPPrTrYEdk=,iv:fJ7A5gLThuVumnteL1P82Gq1EtiSAPGXoCZgzJKqVQs=,tag:Hp/kI3TeZQCaM+gP1W1i7w==,type:str]
    postgres: ENC[AES256_GCM,data:AZv28LIbGC2oAKjbU1H4gaCZF28utJJFXlKNO/BkL0U=,iv:xOJCIoFGtnEqV80rmiBBMa3dMZnPjaDIce+MAZkGZdo=,tag:dLTwE004KGfP3z9EoMVCCw==,type:str]
-    transmission: ENC[AES256_GCM,data:UUf8/WV7Q7vbs05lEeqflcSj0uH9abilFF1daATyrwU=,iv:WQZ7hGRQ3/3t34aO7K5Az1AOZtR6qG4p1CqZTdsEqZA=,tag:2ELh2bYVi1sgW66FbSnVHg==,type:str]
 sops:
    age:
        - recipient: age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
@@ -48,7 +47,7 @@ sops:
            aXkxd2s2WUV0WnV6TGFodXhyNmN1eE0KfOnhI4/4rS5cD+UXuGV4AyZm32LoUw5O
            PVdfXxuksQl5jQ7BJv4cyBe7F/cb+Knd8F37T/5OqxEbtm3bBUfmyw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-18T21:43:12Z"
-    mac: ENC[AES256_GCM,data:Bt5CrMY2Etl3iSZRVl58PN1ogYpLn3eXhuVCB0j4MKMphyLVJP1qxiQimpa5wriycJKqwBwvCDzJ7pLTxpHDOZaG6R3YfNYPEZlLAIiyOjZvF1ZBTbnF7cFp0thDuzPoFlEHeTFmY6Pe5GwXmSeUFo4ijghvbsFQ5IYXfWNoYz0=,iv:NCwLoI9g7poYbCME0/fUOZegMNOhc3ZvGpAhYoVeLMc=,tag:fiops2KveC/u3Nrmrftk/Q==,type:str]
+    lastmodified: "2026-02-06T18:23:49Z"
+    mac: ENC[AES256_GCM,data:oDVM/CvFK+hpmaDcgabNPunyMOLrD0UW6ELIDOKyUGn4e+n/9F2zVVryJR4YqiUNDheLAmVzxJ0raGh5SSmDlETGmY0eKAwk9iCE4s5JtU5QLjaMQwtcC2i+DFgTi5hzvQgYqMXS5sTnldWs0SYlcp1rXsl0KnCA9GcVgdSPjgg=,iv:fjDYA/kyTa2TNRIRXN4zSTStIf52bpYQIdx9vSZjc5k=,tag:PAfTMWY1Jz+fKECZIUYHQQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
@@ -5,6 +5,7 @@ matrix:
    slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
 domeneshop:
    netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
+    acme: ENC[AES256_GCM,data:hESj6E3E9QI3mo0WxkLtk9elQNJ/878cecjHDCQJz9OQTG+rnlsCG5GhLOENcKlbhtZTkV8qsRSDO+3L2sdOEpe4eNuPnytxJycOrwZ3pr1F1FOBoWbkWX9F0xSf/7RxsetbrtlscnjaXYYdMBAAe3thkAXvca+0ZkZC/R4=,iv:/++qO2N4xczNvGjyZfG8JBF7KABa+GB+diO0jLTeQeA=,tag:08E7O/voRSNc7wt8upJojQ==,type:str]
 hedgedoc:
    env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
 vaultwarden:
@@ -58,7 +59,7 @@ sops:
            ZVp5RHU2U1ppakJCMFozWUNGSXhvNkkKDVPJGjPDaX+n3v27PBdMyk9kuzXnRIop
            h5XGRkJHTC4emo8zgKpBfByEb2fkBSL3k2ffZbVYtxrpupVBmT1Uqw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-14T22:36:00Z"
-    mac: ENC[AES256_GCM,data:H//LCiMw1wE7IDFvKf/QEhOlAjx83R4bxGCE9g4lG0dg2V9LD2bWOq2FVGUrMxw350Rj8CFIWaS5ZolGOvUetbDiQTlqayXi7OArGKBkJphoAdr2rskGYVULmB90a4wp1Fq9oIW2ZjbeURQkwybGJzBTCXFRNWp1VcY1STxzlR8=,iv:DWNLKAcscWIUZ9n46I3dssCM7416oGdsY/mPy1YzrJA=,tag:Q03jAMKSDJw5HmFb9i3Hxg==,type:str]
+    lastmodified: "2026-03-29T13:20:56Z"
+    mac: ENC[AES256_GCM,data:1nf8TodfK9B85SOql0enViCNQGU+diIfWhBWN+RrUFVX/5snso76j+/XlhSU7vck9Z+LB2f+2p4GyMbC0Y8CRMyiiszoINlOE1EljYI+iUZuj8iKUfOvtOAEUk1MXahu7Z8yYDD89aFQ47CoHEVaYnIzZQIrqvJauKilt9TpiO0=,iv:fC8wInBTPnUa+6L04nfv3tt5ohggwjZrnrO5vjiGIYo=,tag:jcjWezEriykPl44iRxgd0Q==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.12.1
@@ -0,0 +1,45 @@
+restic:
+    mysql: ENC[AES256_GCM,data:eu666roPHKu5vH/LbxW9MToINgr+ilcdW0ttOZ4zul0=,iv:SpZ6TI8mwC78rVxmPcEyp7m63RsDyUCPVM5ydzR7Aoo=,tag:vjFsoTwwiaXTSIZ9nm4tTA==,type:str]
+    postgres: ENC[AES256_GCM,data:x8Z8avO2EsT/1AOPHeMX2Js9/PFlfKODSpa3DUp34OE=,iv:WLhkIwRkKlp/YMN7V6xX00+7n34pq45dGnvyvzkR2rk=,tag:jJU48KU11KbNm1ejMiLb6g==,type:str]
+sops:
+    age:
+        - recipient: age1djj3jvt0usurh43t8jsrs74t5pvj54w77vy7qgln9ykckag233eqyth4fl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSM1owTEVLeEhobDEzQll5
+            ejVyb3UzS0F0eDF3RnFMNWRhT2RXTTNLNjBrCnROUHE2REFGOGY4TFhVOE5lYlZB
+            UXN2Qk4vTDl0b0RRNmNLRVNkeGpqQ00KLS0tIGFlQkNqMlFmSDZ6Qk1QSHRnR2JO
+            L29iaDdTWFJ0L3REbDhvNEVIeGlQVE0KnsKH6C7mWlHb81aY+U9RUE3qEV9qeaWw
+            yCip5jRKD4gFgtMNLYTp3UsUPTojRGUuWEyHTLdXyDzQodtxi2rvmA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age146z3h3flw7spy5thznak8k5jh6yd68k9qrrehg8sdcwmyjv3vd7qvahdur
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S25TZVY3MDlQNWN5ODEz
+            SHIrUXhZMTQvSW1nenhnMEpsMStySkxYVGxJCnE0bW90a202aUZ2eDl2YVA1dXc2
+            RjlMSGVlSVlHSVNYOS9UY3JkczFQNlUKLS0tIGRzc1ZLZ0lzYm5iRzlSWG8zT0Rl
+            ckJzRXh3ZFdYS0FCTTQwUnBzRlB2S3MKRRfqGAYC+VGesmgV7BcJ57UHayzQRmsB
+            SPI9k3QheBFgjI/Oo//kctiZvphtyDopGdJfV2EFX+yFJk1vC0vwQA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUnJJUmMxQVBzdTRaZjAv
+            NmFxUzFLUFRzNnRpUzhtVUhGcUh2anQxYzB3CjRLeFFnQ1NKc1c0MmVsenFXSDR0
+            SlVwZGFwRFQxSDVYL2NPSXdrVWRYY1UKLS0tIG5uemNXUkJyNExrMkNKQU84MWdP
+            NGN0c2lKTGJQa2tMamRWTUMwdVBWb1UKNxKhDvi0mbzF0eX5V/e3SDMCNEjb81z4
+            z0y1R/rwlym7YDP00S0j2/PSQuYX7zRFFqikiYle2rR+CNG4LtU2jQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNHBNRm80ZjhTWUlRZEJQ
+            MEdPbjZ2SGp3T0NQdmRiVmxSN3NNR3Fmd0I0Ckk5UXpYYmtSNThua2thV1ZrS0FF
+            R2MvMWNvYmFGZlM3ZTVwY1RkUXNPYXcKLS0tIEVJNElhUG5tTzlZaVpNQVc5dWsv
+            YkdCRlZncE8yYUVGYzVzSjNEeUU5VzAKGE1gMpKpt+O1+zx6s5nyfIbh1sYDnQxB
+            ksYLDyLXPyjcn5aFpbQ5MLoUQN1rvZK0TB3b2OTL8AJ8vThtx9SKwA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-25T22:56:53Z"
+    mac: ENC[AES256_GCM,data:U0ClvqjPYyO83Zq/IMwzfDmZME5ZPqqAIVRaBc0lAFszTV3Ga+Gx9fIuVjECkFKFuxz0pIOsYgJMl8IFlDi7XfH6BArbP7lTc99kW0/3EV9AnwvYIqFgX3jEaE2l7fRsStB+LD/Km93tppC0M6xqSCHxa/UXtR54e/cxwm+1PgY=,iv:llhk1vwjDuqr0io5edjxWy3fBu03XYEhoUaUeErBvys=,tag:BSJ/Yy1bhE1iJhTiMEfzOA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
@@ -1,5 +1,6 @@
 let
  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
+  # TODO: Add github:pwndbg/pwndbg
 in { pkgs ? import <nixpkgs> {} }:
  pkgs.mkShell {
    nativeBuildInputs = with pkgs; [
@@ -48,7 +49,6 @@ in { pkgs ? import <nixpkgs> {} }:
      # stegsolve
      gdb
      metasploit
-      pwndbg
      pwninit
      ropgadget
      sage
@@ -56,5 +56,4 @@ in { pkgs ? import <nixpkgs> {} }:
      tcpdump
      wireshark
    ];
-
 }
Author	SHA1	Message	Date
felixalb	ffc0cb5222	defiant: update to nixos 26.05	2026-05-31 22:04:48 +02:00
felixalb	ebbc271378	common: disable promtail (deprecated). Point auto-upgrade to upgrade branch	2026-05-31 19:04:12 +02:00
felixalb	a07eb1f799	worf: re-add spotify	2026-05-31 17:21:24 +02:00
felixalb	33a35ce214	home/base, home/neovim: Fix changes for 26.05	2026-05-31 17:16:51 +02:00
felixalb	18baeec24d	flake: update to 26.05	2026-05-31 11:07:15 +02:00
felixalb	7d6ab0d4b6	base: add packages diffr, nixfmt	2026-05-28 12:05:41 +02:00
felixalb	f37cc9f91d	fa-t14-2025: add package gnumeric	2026-05-28 12:05:22 +02:00
felixalb	afa7721ab9	common/fa-t14-2025: add oldssh	2026-05-27 14:47:15 +02:00
felixalb	a4aa586b71	flake: update	2026-05-11 23:14:56 +02:00
felixalb	422a166925	challenger/frigate: init	2026-05-06 20:33:58 +02:00
felixalb	22b3907223	challenger/calibre: restore stable package	2026-05-06 20:33:58 +02:00
felixalb	a578f30600	flake: update	2026-05-06 20:27:58 +02:00
felixalb	b4e209dd97	leonard/www-amalie-mansaker-no: update	2026-05-06 20:26:53 +02:00
felixalb	e7b8c49834	leonard: use linuxPackages_latest	2026-05-04 12:34:05 +02:00
Felix Albrigtsen	39f73a21b2	flake: update	2026-04-28 14:51:03 +02:00
felixalb	92f7943221	morn: add swapfile	2026-04-08 22:17:03 +02:00
felixalb	41ed408c23	leonard: add swapfile	2026-04-08 22:14:25 +02:00
felixalb	7918ebd7ea	defiant/nginx: ip allowlist on nextcloud	2026-04-08 22:03:14 +02:00
felixalb	7401e3bb5e	sisko: replace pwndbg	2026-04-08 21:15:15 +02:00
felixalb	817b959d36	base: remove fallback dns resolver	2026-04-08 21:15:15 +02:00
Felix Albrigtsen	670f5b6559	flake: update, fixes GHSA-g3g9-5vj6-r3gj	2026-04-08 09:28:51 +02:00
felixalb	05ca36c4fa	flake: change channel to small. update.	2026-04-04 22:34:20 +02:00
felixalb	d3776db311	defiant/vaultwarden: unpublish	2026-03-29 15:52:03 +02:00
Felix Albrigtsen	d117a6422c	flake: update. fa-t14-2025: minor fixes	2026-03-13 09:56:47 +01:00
felixalb	42d69bb8c5	flake: fix pwndbg	2026-02-20 17:47:29 +01:00
felixalb	4e93e8dc04	challenger/audiobookshelf: fix mount again. challenger: other minor updates	2026-02-18 18:12:13 +01:00
felixalb	7d8a3a10dc	flake: bump inputs	2026-02-04 18:11:49 +01:00
Felix Albrigtsen	14ff95a90d	fa-t14-2025: minor home-manager changes	2026-01-26 12:39:52 +01:00
felixalb	f8ca64ee28	WIP: leonard: add backup.nix, mysqlBackup	2026-01-26 00:15:44 +01:00
felixalb	97b7cb8e53	flake: update	2026-01-24 20:22:48 +01:00
felixalb	0ffb502f68	defiant/wireguard: deprecate old peers	2025-12-31 20:59:58 +01:00
felixalb	27596cfcee	defiant/dyndns: change domain name	2025-12-31 20:21:01 +01:00
felixalb	ec9811bf31	prometheus: add constellation	2025-12-16 07:48:24 +01:00
felixalb	7c9efc9638	leonard: update amalie-mansaker-no	2025-12-12 20:18:06 +01:00
felixalb	ad36469dd2	Merge pull request 'nixos-25.11' (#6 ) from nixos-25.11 into main Reviewed-on: #6	2025-12-08 21:07:41 +01:00