From 43af3e872c33fef58e0d5ecfec0e936c5cd7b4fb Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:48:36 +0200
Subject: [PATCH 1/5] everything works again

---
 users/rouven/modules/foot/default.nix  | 2 +-
 users/rouven/modules/helix/default.nix | 2 +-
 users/rouven/modules/packages.nix      | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/users/rouven/modules/foot/default.nix b/users/rouven/modules/foot/default.nix
index 899c959..19ba10b 100644
--- a/users/rouven/modules/foot/default.nix
+++ b/users/rouven/modules/foot/default.nix
@@ -41,8 +41,8 @@
         shell = "${pkgs.zsh}/bin/zsh";
         # dpi-aware = "yes";
         font = "monospace:family=Iosevka Nerd Font:size=12";
-        notify = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
       };
+      desktop-notifications.command = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
       cursor.color = "${colors.background} ${colors.foreground}";
       url = {
         launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}";
diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix
index a8cf083..0c68222 100644
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@@ -6,7 +6,7 @@
     rust-analyzer
     nil
     nixpkgs-fmt
-    # typst-lsp
+    typst-lsp
     (python3.withPackages (ps: with ps; [
       pyls-isort
       pylsp-mypy
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 3ed7da5..f02aee1 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -5,6 +5,7 @@
     # essentials
     htop-vim
     lsof
+    postgresql
 
     zip
     unzip

From 8b786bdc42d7a2b5d759c7b66b06ef5b5b1fa5c7 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:48:59 +0200
Subject: [PATCH 2/5] rework wpa supplicants

---
 hosts/thinkpad/default.nix                  |  88 ++++++++++----------
 hosts/thinkpad/modules/networks/default.nix |  20 ++---
 hosts/thinkpad/modules/networks/uni.nix     |  41 +++++++--
 secrets/thinkpad/dyport-auth.age            | Bin 966 -> 354 bytes
 secrets/thinkpad/wireless.age               | Bin 692 -> 692 bytes
 5 files changed, 89 insertions(+), 60 deletions(-)

diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index ddc413d..c9bee3f 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -53,56 +53,56 @@
   console.keyMap = "dvorak";
 
 
-  services.openldap = {
-    enable = true;
-    urlList = [ "ldap:///" ];
-    settings = {
-      attrs = {
-        olcLogLevel = "conns config";
-      };
-      children = {
-        "cn=schema".includes = [
-          "${pkgs.openldap}/etc/schema/core.ldif"
-          # attributetype ( 9999.1.1 NAME 'isMemberOf'
-          # DESC 'back-reference to groups this user is a member of'
-          # SUP distinguishedName )
-          "${pkgs.openldap}/etc/schema/cosine.ldif"
-          "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-          "${pkgs.openldap}/etc/schema/nis.ldif"
-          # "${pkgs.writeText "openssh.schema" ''
-          # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
-          # 		DESC 'SSH public key used by this user'
-          # 		SUP name )
-          # ''}"
-        ];
+  # services.openldap = {
+  #   enable = true;
+  #   urlList = [ "ldap:///" ];
+  #   settings = {
+  #     attrs = {
+  #       olcLogLevel = "conns config";
+  #     };
+  #     children = {
+  #       "cn=schema".includes = [
+  #         "${pkgs.openldap}/etc/schema/core.ldif"
+  #         # attributetype ( 9999.1.1 NAME 'isMemberOf'
+  #         # DESC 'back-reference to groups this user is a member of'
+  #         # SUP distinguishedName )
+  #         "${pkgs.openldap}/etc/schema/cosine.ldif"
+  #         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+  #         "${pkgs.openldap}/etc/schema/nis.ldif"
+  #         # "${pkgs.writeText "openssh.schema" ''
+  #         # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
+  #         # 		DESC 'SSH public key used by this user'
+  #         # 		SUP name )
+  #         # ''}"
+  #       ];
 
-        "olcDatabase={1}mdb".attrs = {
-          objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+  #       "olcDatabase={1}mdb".attrs = {
+  #         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
 
-          olcDatabase = "{1}mdb";
-          olcDbDirectory = "/var/lib/openldap/data";
+  #         olcDatabase = "{1}mdb";
+  #         olcDbDirectory = "/var/lib/openldap/data";
 
-          olcSuffix = "dc=ifsr,dc=de";
+  #         olcSuffix = "dc=ifsr,dc=de";
 
-          /* your admin account, do not use writeText on a production system */
-          olcRootDN = "cn=portunus,dc=ifsr,dc=de";
-          olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
+  #         /* your admin account, do not use writeText on a production system */
+  #         olcRootDN = "cn=portunus,dc=ifsr,dc=de";
+  #         olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
 
-          olcAccess = [
-            /* custom access rules for userPassword attributes */
-            ''{0}to attrs=userPassword
-                by self write
-                by anonymous auth
-                by * none''
+  #         olcAccess = [
+  #           /* custom access rules for userPassword attributes */
+  #           ''{0}to attrs=userPassword
+  #               by self write
+  #               by anonymous auth
+  #               by * none''
 
-            /* allow read on anything else */
-            ''{1}to *
-                by * read''
-          ];
-        };
-      };
-    };
-  };
+  #           /* allow read on anything else */
+  #           ''{1}to *
+  #               by * read''
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
 
 
   services = {
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 58f1953..c1fbc64 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -49,29 +49,29 @@
       userControlled.enable = true;
       # sadly broken on my machine
       scanOnLowSignal = false;
-      environmentFile = config.age.secrets.wireless.path;
+      secretsFile = config.age.secrets.wireless.path;
       networks = {
-        "@HOME_SSID@" = {
-          psk = "@HOME_PSK@";
+        "Smoerrebroed" = {
+          pskRaw = "ext:HOME_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
-        "@DORM_SSID@" = {
-          psk = "@DORM_PSK@";
+        "Cudy-6140" = {
+          pskRaw = "ext:DORM_PSK";
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
-        "@DORM5_SSID@" = {
+        "Cudy-6150" = {
           priority = 5;
-          psk = "@DORM_PSK@";
+          pskRaw = "ext:DORM_PSK";
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
         "LKG-Gast" = {
-          psk = "@LKGDD_GUEST_PSK@";
+          pskRaw = "ext:LKGDD_GUEST_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
-        "@PIXEL_SSID@" = {
-          psk = "@PIXEL_PSK@";
+        "Pxl" = {
+          pskRaw = "ext:PIXEL_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
         "WIFI@DB" = {
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index d4e3f2b..7db4fbd 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -12,7 +12,36 @@
       "LAN" = {
         userControlled.enable = true;
         driver = "wired";
-        configFile.path = config.age.secrets.dyport-auth.path;
+        configFile.path = pkgs.writeText "supplicant-lan.conf" ''
+          ctrl_interface=/run/wpa_supplicant
+          ap_scan=0
+          network={
+            ssid="apb-ifsr"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@apb-ifsr"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@apb-ifsr"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          network={
+          	ssid="zih-ma"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@zih-ma"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@zih-ma"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          ext_password_backend=file:${config.age.secrets.dyport-auth.path}
+        '';
+        # configFile.path = config.age.secrets.dyport-auth.path;
       };
     };
     wireless.networks = {
@@ -23,7 +52,7 @@
           ca_cert="/etc/ssl/certs/ca-certificates.crt"
           domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
           identity="rose159e@tu-dresden.de"
-          password="@EDUROAM_AUTH@"
+          password=ext:EDUROAM_AUTH
           phase2="auth=PAP"
           bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b
         '';
@@ -39,7 +68,7 @@
           ca_cert="/etc/ssl/certs/ca-certificates.crt"
           domain_suffix_match="radius.agdsn.de"
           identity="r5"
-          password="@AGDSN_WIFI_AUTH@"
+          password=ext:AGDSN_WIFI_AUTH
           phase2="auth=PAP"
           bssid_ignore=b8:3a:5a:8b:96:c2
         '';
@@ -54,18 +83,18 @@
           domain_suffix_match="radius.agdsn.de"
           identity="r5"
           proto=WPA2
-          password="@AGDSN_AUTH@"
+          password=ext:AGDSN_AUTH
           phase2="auth=PAP"
         '';
         extraConfig = "disabled=1";
         authProtocols = [ "WPA-EAP" ];
       };
       agdsn_fritzbox = {
-        psk = "@AGDSN_FRITZBOX_PSK@";
+        psk = "ext:AGDSN_FRITZBOX_PSK";
         authProtocols = [ "WPA-PSK" ];
       };
       FSR = {
-        psk = "@FSR_PSK@";
+        psk = "ext:FSR_PSK";
         authProtocols = [ "WPA-PSK" ];
       };
     };
diff --git a/secrets/thinkpad/dyport-auth.age b/secrets/thinkpad/dyport-auth.age
index 4fba776a6fa02d14e91db4bb2299ed07713f19db..3ce1f2edafba96cd3129d9b245ec1842a00fead0 100644
GIT binary patch
delta 319
zcmX@c{)lOUPQ7DTT1v4?rn{S?Syp0cRgp=Wzgt?AznQ;zad1#zdTNGtsHIOpj(cFZ
z0atF2p`T%dzIl?RZ<wi}d2Vi*ONF6PxPDb~L797Sc(!|fRD^G6Ws0Y>E0?aFLUD11
zZfc5=si~o*f@@e+iDjTdYLdBMak0B$YL#|jU|6Pac)e$3nTb)3pFwGURI!J?sf)8w
zK!{0Ra#p4*S9(fbP>^3>N<omTwyBe&k4IvjOJ$N%YPM@;ZgG-{nO8taMM$KNpRZd!
zm#(g^LRzF*d4)?_YLR78X;E^XpQCGfg{66=Syg&uQJ{9EhhtuDesEBbPmq@d*Js1G
zYZ84klP#i`?@z0!**j<2vO5f$_n92tIcwdTBA2q~*4`Vl|5vlCvih=Lo)UL={?BPg
S?(NnJd!FaMq$B)#qY(g4%ydTp

delta 936
zcmaFFbc}t1PQ8m;Mo6YpMY_9XQn-^zV!2U<XS%DOQ&m`?p=+9JK!j&NXoy>wf2wn6
zK38J6yOC2slAC#$Yh|dLYgLeedt_uzRiH_6O0kP;RG6VtenpUnd#Q=JE0?aFLUD11
zZfc5=si~o*f@@e+iDjTdR+V2~L4}FGSyZ~aaYm|NVtuG<fNNQlYp#V$RAI1BzIR!K
zn@@h8zFA;8mr-DqsdlEDsY_&<uUA@*V|hq+mY=VmNs4<xRH1fhSW1~;ZjyOriC3a4
zm#(g^Lbkb&hiRdQVR}|hP*z}IK%#a)fv07@fq7a^zJHZPlzx&=Ntml|hGB{;m$-F7
z-kR6B3+os9r+hb3SiR@tZ07ZR+7G*0{yminnP(s#635l}e4|inM$NVZi$6Qq=svRD
zGTCi@&!t(~2{TSFz86{%`d{nWT;>QXy?8dqzh4gI-FH|Uy^_n4SJUxoe`b7Sro+n*
zO<bA#l3(P=OWIEFT;Rp>V9q|}4_U{$7DQbZi}+!^a-B_L{WSC6@rP8_tiS8K#Clh@
zdy{3wmDIxNRX+a>1pSZiJhEG+PxjcV(7HQmk5BJZTo#|Wnez~nUF4?^4q_7*dfuHY
zXQH<K&;P_r|7~0rnh5(ZjSNT^WjiueGV`5jzERh*?E%Ku3XjET9ysPJ9_Cw}v`$q%
zru>0e=C;;i1;MD;lMeM|Nk_S4j!P_yay846+9ZAV&v}+V5gB*n-W<3*rA0ULQ0w<|
z>v@_*E;V1@ep6d?`9{|FW^4Mi?{rB#Fp&GXvCO((ae^b;D;eERhUXJ&3mqIE&(2nf
zo)?$zD)C>jZ)wlU`h>S@TNXt`octy<Yjbud19N7;<?_Aq?5pxS1?RE{*PrdtFMpAF
z@4xk1jq6!jzwYgg=ys65zVd^brFzefqMM5<3vI(vPuG1E`tdYsg4WS}4tEqA+ZuS(
zPYElockmH=sJhJDdGn<ydHpxHi%pU2=#I%!EEGtXwA^>wN>(w|ocN_D<|v)Yesq7P
zn^1m;oaafFlgx|~=5~7*R|+UT`F^MVhGLWbYN;u^5|S@&@eF_Iux{VUDPOp4SSD-!
zJY`^7mR-g6|1`h2m;cH6S>>;LFTMJe{QsHs>YXn%_P>9B&g#Sih0T6k+X6m*?K{&{
zHq+8$iC2T@yWbBFvE|vSs4it>c>6`5>B8#Xzb9AB2~2Q`YI^=)O8B4l=$CijD`XrH
q@3^6O`!^%ogF=ocpLy@`M$dlm-G-m#x;5)sySfsdtc+^*rB(o+>72L#

diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age
index 36d09c9ba88635a307c90c4dc7f16e7caa7b15f2..89bc53aea88af047e37b4c6a4804418a9e26b16c 100644
GIT binary patch
delta 660
zcmdnOx`lOuPQ7cDf09>4RiH<hcdn^^zIR|@c~Q8&X{NhnK}t$lda+TalZQ#EUrJVm
zD_42GYoTRDiKka_X-KZAzIm#7fwyyksbg+tRknXYfOlDdVPs^8b4q!BGMBEMLUD11
zZfc5=si~o*f@@e+iDjUIe~w?Cv$MCkbFNFeN3eTASbc=Mezudjd8%2acV>A`uz{In
zdQpjGQgWaxSCLO*nP0Jqqj6w)fmcLnxJO=CSx#i6rMtFQVo|u6Z&paQYpHu)a*?Yi
zm#(g^f~SF}nUjxYp?k7{VQERYPkDK<aaev}MY)NGWqziywqKY*P+DGAx{pyHS3s>M
z_pU%;pZc16yX~&Tzm@d*5unN3C(^&!Qn-TghN%9U7b|AX>Eu^>8oML))e@&&>mUD&
z_V;H{7nbmxE429Vi!V`()BDa}EYXX<Q8~S|ZW6D@9sXr(Kke(cKD~Nc{M+*2-8QCX
z&-eTeE{s%;{cUw6P)23x?3st(s+D~Y2`O&!|CF$lzw)bKeYb+G=Nb9h?~mNiSugx0
zeKCgfZtffpE{CLojDFi9g*?t0E&u!ay*~U4&-c&Y;bE#Y`^moq4!>=yc4{)Ul@vKt
z8=Bqa^t$E4*Bjx_c~r8&UyIM}#!6OUm7~690#Dj>55zC}?s@!3@$FMr@@t-5PT$$k
zJt>;cG$!S+)9>hwO7+?~rw_1&>FO_@we!`YCz4Oz`<<8<u}vnd>xqx>C*y6i3q$MI
z>h3;!wEXA!{JS&Gt4$Di&i2eP>H0$Ur*7fT#qNi9{XD@KzjhYOk*}F=>W+3TvKO-W
z_<2IH59^Joed3bF^Q59rJehnd`%h?%Hs3y8wogCyo!Fc*@z(mlr!UH0{^p%sv1GZ-
Nvvr4W&Ykn&0svPF8(07U

delta 660
zcmdnOx`lOuPJMowXR>8#Qe>EUN~LyoK#9L)RE3v`X=-L<R!N?Vsj*3FP*%Q~xk*|^
zHkX%oRkmTOajKVPs$ou^hi7t?uWznLd1kR+l5bdsZ>4*2c#)-rmwQ>H1(&X!LUD11
zZfc5=si~o*f@@e+iDjTdgi~0Qc6nl6aY3+2RF;KtTD^HdW?rtod786+dRRqXUZ!6`
za!zobTVbXrmrFosL1>PpewAascV0l4XNGyAnL$u?a$u-aMww-5M6#)`UwKY}NnpMO
zm#(g^LZz{XTU0?>Nr7*vqn~q8K}v;FxKVj%rMYQjlB>C!Noj#!WLZ*jl6zz*mk%S$
z`@2{9-0QWTo~u~Md@;~7v-Qr!8zI*kpUH0f`uXzveR-jNzUM02k0$F^-Jknays+8!
z_BV~Rju{1W(<JWg*qS-xX2rRWYgaE*KWCbK<JnRD-|;8e41c{#<XtGf;$Wdo)s*0u
zUtUghVX*FA($v{Ir@&+Sc7@IlJ2@xqT^X;L<gTkFye8QCM!iz;1I_5{ou~dJd)N!}
z7wt^C_Wb7_{|!Y81Gm}DXKJu>f3Rm^vd&p=r_#gsYQHA(*6PgCJ>)TSZ->a@OqKj}
zzv;<Wr+x50#5aFgj7Wk*(TN_v2A&O}N}dL%*6)pt@?rYDKlseL@0<^LQ^GVpxJ8s4
zWAba)lKS;^*U$J**3$y(FKo8Y;+9*u&#Cn8#_M1AI<Vh;X)XM#IQx?0(OrG646=&c
zyssw2HA{-gR&i>&9ea{m7QO8Yo1-GfA;m<M<~1jxV*V@*bdqbk%JRolIDc=iNga>#
zi?64gSqqM(f6bY3qI>2^U$*mq)=V|KpQZI7sBGrm-`Y3lvP=$2ZzxIKeUSI3_<^Eu
N-@IcR{@AkQ0svZH9UTAw


From 7c5324dac85f5bbceb47c227f2ee2c77c5c61043 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:19 +0200
Subject: [PATCH 3/5] nuc: add elbe pegel

---
 hosts/nuc/modules/monitoring/default.nix | 27 ++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix
index 84bd804..8c7c03c 100644
--- a/hosts/nuc/modules/monitoring/default.nix
+++ b/hosts/nuc/modules/monitoring/default.nix
@@ -93,6 +93,19 @@ in
         enable = true;
         enabledCollectors = [ "systemd" ];
       };
+      json = {
+        enable = true;
+        configFile = pkgs.writeText "json-exporter.yml" ''
+          ---
+          modules:
+            pegelstand:
+              metrics:
+                - name: pegelstand_elbe_dresden
+                  path: '{ $.pegel }'
+                  type: value
+                  help: Pegelstand in Dresden
+        '';
+      };
     };
     scrapeConfigs = [
       {
@@ -127,6 +140,20 @@ in
           targets = [ "nuc.vpn.rfive.de:9300" ];
         }];
       }
+      {
+        job_name = "pegel_dresden";
+        metrics_path = "/probe";
+        params = {
+          module = [ "pegelstand" ];
+          target = [
+            "https://api.stramke.com/wasserstand/sachsen/Dresden"
+          ];
+        };
+        static_configs = [{
+          targets = [ "nuc.vpn.rfive.de:7979" ];
+        }];
+        scrape_interval = "5m";
+      }
       {
         job_name = "caddy";
         static_configs = [{

From 77c1054cb59e410395e6d50440fd228d22021ef8 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:36 +0200
Subject: [PATCH 4/5] rework postfix tls

---
 hosts/falkenstein/modules/mail/postfix.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix
index fb060b1..7cab1a4 100644
--- a/hosts/falkenstein/modules/mail/postfix.nix
+++ b/hosts/falkenstein/modules/mail/postfix.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   domain = config.networking.domain;
@@ -39,8 +39,9 @@ in
         # home_mailbox = "Maildir/";
         smtp_helo_name = config.networking.fqdn;
         smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
-        smtp_use_tls = true;
-        smtpd_use_tls = true;
+        smtp_tls_security_level = "may";
+        smtpd_tls_security_level = lib.mkForce "encrypt";
+        smtpd_tls_auth_only = true;
         smtpd_tls_protocols = [
           "!SSLv2"
           "!SSLv3"

From adbd54c150c9c1ea32c2bda3abcff232ee0d32b4 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:47 +0200
Subject: [PATCH 5/5] updates

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7da9f33..7c7fa3d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -134,11 +134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719459426,
-        "narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=",
+        "lastModified": 1726867691,
+        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
         "owner": "nix-community",
         "repo": "dns.nix",
-        "rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6",
+        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
         "type": "github"
       },
       "original": {
@@ -301,11 +301,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725948275,
-        "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
+        "lastModified": 1727346017,
+        "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
+        "rev": "c124568e1054a62c20fbe036155cc99237633327",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1725690722,
-        "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
+        "lastModified": 1727198257,
+        "narHash": "sha256-/qMVI+SG9zvhLbQFOnqb4y4BH6DdK3DQHZU5qGptehc=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
+        "rev": "8514fff0f048557723021ffeb31ca55f69b67de3",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725765290,
-        "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=",
+        "lastModified": 1726975622,
+        "narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "642275444c5a9defce57219c944b3179bf2adaa9",
+        "rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417",
         "type": "github"
       },
       "original": {
@@ -524,11 +524,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1725634671,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "lastModified": 1727122398,
+        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
         "type": "github"
       },
       "original": {