From 43af3e872c33fef58e0d5ecfec0e936c5cd7b4fb Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:48:36 +0200
Subject: [PATCH 1/5] everything works again

---
 users/rouven/modules/foot/default.nix  | 2 +-
 users/rouven/modules/helix/default.nix | 2 +-
 users/rouven/modules/packages.nix      | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/users/rouven/modules/foot/default.nix b/users/rouven/modules/foot/default.nix
index 899c959..19ba10b 100644
--- a/users/rouven/modules/foot/default.nix
+++ b/users/rouven/modules/foot/default.nix
@@ -41,8 +41,8 @@
         shell = "${pkgs.zsh}/bin/zsh";
         # dpi-aware = "yes";
         font = "monospace:family=Iosevka Nerd Font:size=12";
-        notify = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
       };
+      desktop-notifications.command = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
       cursor.color = "${colors.background} ${colors.foreground}";
       url = {
         launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}";
diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix
index a8cf083..0c68222 100644
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@@ -6,7 +6,7 @@
     rust-analyzer
     nil
     nixpkgs-fmt
-    # typst-lsp
+    typst-lsp
     (python3.withPackages (ps: with ps; [
       pyls-isort
       pylsp-mypy
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 3ed7da5..f02aee1 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -5,6 +5,7 @@
     # essentials
     htop-vim
     lsof
+    postgresql
 
     zip
     unzip

From 8b786bdc42d7a2b5d759c7b66b06ef5b5b1fa5c7 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:48:59 +0200
Subject: [PATCH 2/5] rework wpa supplicants

---
 hosts/thinkpad/default.nix                  |  88 ++++++++++----------
 hosts/thinkpad/modules/networks/default.nix |  20 ++---
 hosts/thinkpad/modules/networks/uni.nix     |  41 +++++++--
 secrets/thinkpad/dyport-auth.age            | Bin 966 -> 354 bytes
 secrets/thinkpad/wireless.age               | Bin 692 -> 692 bytes
 5 files changed, 89 insertions(+), 60 deletions(-)

diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index ddc413d..c9bee3f 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -53,56 +53,56 @@
   console.keyMap = "dvorak";
 
 
-  services.openldap = {
-    enable = true;
-    urlList = [ "ldap:///" ];
-    settings = {
-      attrs = {
-        olcLogLevel = "conns config";
-      };
-      children = {
-        "cn=schema".includes = [
-          "${pkgs.openldap}/etc/schema/core.ldif"
-          # attributetype ( 9999.1.1 NAME 'isMemberOf'
-          # DESC 'back-reference to groups this user is a member of'
-          # SUP distinguishedName )
-          "${pkgs.openldap}/etc/schema/cosine.ldif"
-          "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-          "${pkgs.openldap}/etc/schema/nis.ldif"
-          # "${pkgs.writeText "openssh.schema" ''
-          # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
-          # 		DESC 'SSH public key used by this user'
-          # 		SUP name )
-          # ''}"
-        ];
+  # services.openldap = {
+  #   enable = true;
+  #   urlList = [ "ldap:///" ];
+  #   settings = {
+  #     attrs = {
+  #       olcLogLevel = "conns config";
+  #     };
+  #     children = {
+  #       "cn=schema".includes = [
+  #         "${pkgs.openldap}/etc/schema/core.ldif"
+  #         # attributetype ( 9999.1.1 NAME 'isMemberOf'
+  #         # DESC 'back-reference to groups this user is a member of'
+  #         # SUP distinguishedName )
+  #         "${pkgs.openldap}/etc/schema/cosine.ldif"
+  #         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+  #         "${pkgs.openldap}/etc/schema/nis.ldif"
+  #         # "${pkgs.writeText "openssh.schema" ''
+  #         # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
+  #         # 		DESC 'SSH public key used by this user'
+  #         # 		SUP name )
+  #         # ''}"
+  #       ];
 
-        "olcDatabase={1}mdb".attrs = {
-          objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+  #       "olcDatabase={1}mdb".attrs = {
+  #         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
 
-          olcDatabase = "{1}mdb";
-          olcDbDirectory = "/var/lib/openldap/data";
+  #         olcDatabase = "{1}mdb";
+  #         olcDbDirectory = "/var/lib/openldap/data";
 
-          olcSuffix = "dc=ifsr,dc=de";
+  #         olcSuffix = "dc=ifsr,dc=de";
 
-          /* your admin account, do not use writeText on a production system */
-          olcRootDN = "cn=portunus,dc=ifsr,dc=de";
-          olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
+  #         /* your admin account, do not use writeText on a production system */
+  #         olcRootDN = "cn=portunus,dc=ifsr,dc=de";
+  #         olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
 
-          olcAccess = [
-            /* custom access rules for userPassword attributes */
-            ''{0}to attrs=userPassword
-                by self write
-                by anonymous auth
-                by * none''
+  #         olcAccess = [
+  #           /* custom access rules for userPassword attributes */
+  #           ''{0}to attrs=userPassword
+  #               by self write
+  #               by anonymous auth
+  #               by * none''
 
-            /* allow read on anything else */
-            ''{1}to *
-                by * read''
-          ];
-        };
-      };
-    };
-  };
+  #           /* allow read on anything else */
+  #           ''{1}to *
+  #               by * read''
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
 
 
   services = {
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 58f1953..c1fbc64 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -49,29 +49,29 @@
       userControlled.enable = true;
       # sadly broken on my machine
       scanOnLowSignal = false;
-      environmentFile = config.age.secrets.wireless.path;
+      secretsFile = config.age.secrets.wireless.path;
       networks = {
-        "@HOME_SSID@" = {
-          psk = "@HOME_PSK@";
+        "Smoerrebroed" = {
+          pskRaw = "ext:HOME_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
-        "@DORM_SSID@" = {
-          psk = "@DORM_PSK@";
+        "Cudy-6140" = {
+          pskRaw = "ext:DORM_PSK";
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
-        "@DORM5_SSID@" = {
+        "Cudy-6150" = {
           priority = 5;
-          psk = "@DORM_PSK@";
+          pskRaw = "ext:DORM_PSK";
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
         "LKG-Gast" = {
-          psk = "@LKGDD_GUEST_PSK@";
+          pskRaw = "ext:LKGDD_GUEST_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
-        "@PIXEL_SSID@" = {
-          psk = "@PIXEL_PSK@";
+        "Pxl" = {
+          pskRaw = "ext:PIXEL_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
         "WIFI@DB" = {
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index d4e3f2b..7db4fbd 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -12,7 +12,36 @@
       "LAN" = {
         userControlled.enable = true;
         driver = "wired";
-        configFile.path = config.age.secrets.dyport-auth.path;
+        configFile.path = pkgs.writeText "supplicant-lan.conf" ''
+          ctrl_interface=/run/wpa_supplicant
+          ap_scan=0
+          network={
+            ssid="apb-ifsr"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@apb-ifsr"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@apb-ifsr"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          network={
+          	ssid="zih-ma"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@zih-ma"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@zih-ma"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          ext_password_backend=file:${config.age.secrets.dyport-auth.path}
+        '';
+        # configFile.path = config.age.secrets.dyport-auth.path;
       };
     };
     wireless.networks = {
@@ -23,7 +52,7 @@
           ca_cert="/etc/ssl/certs/ca-certificates.crt"
           domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
           identity="rose159e@tu-dresden.de"
-          password="@EDUROAM_AUTH@"
+          password=ext:EDUROAM_AUTH
           phase2="auth=PAP"
           bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b
         '';
@@ -39,7 +68,7 @@
           ca_cert="/etc/ssl/certs/ca-certificates.crt"
           domain_suffix_match="radius.agdsn.de"
           identity="r5"
-          password="@AGDSN_WIFI_AUTH@"
+          password=ext:AGDSN_WIFI_AUTH
           phase2="auth=PAP"
           bssid_ignore=b8:3a:5a:8b:96:c2
         '';
@@ -54,18 +83,18 @@
           domain_suffix_match="radius.agdsn.de"
           identity="r5"
           proto=WPA2
-          password="@AGDSN_AUTH@"
+          password=ext:AGDSN_AUTH
           phase2="auth=PAP"
         '';
         extraConfig = "disabled=1";
         authProtocols = [ "WPA-EAP" ];
       };
       agdsn_fritzbox = {
-        psk = "@AGDSN_FRITZBOX_PSK@";
+        psk = "ext:AGDSN_FRITZBOX_PSK";
         authProtocols = [ "WPA-PSK" ];
       };
       FSR = {
-        psk = "@FSR_PSK@";
+        psk = "ext:FSR_PSK";
         authProtocols = [ "WPA-PSK" ];
       };
     };
diff --git a/secrets/thinkpad/dyport-auth.age b/secrets/thinkpad/dyport-auth.age
index 4fba776a6fa02d14e91db4bb2299ed07713f19db..3ce1f2edafba96cd3129d9b245ec1842a00fead0 100644
GIT binary patch
delta 319
zcmV-F0l@yo2jT*dEPp{(W@K|jX-7suHfmvYdU7;oPex{1Pc~0Cb5l}LXJu$BRXI#h
zY)4U7FbZu_F-|d9FE?U2O;$BAH*IZpM0hbWS1)>FaCS#iS8GRaT3Ah0d1OgLMG7rG
zAaiqQEoEdfH8n9gAVpSsbU9HVWnwo@b8|;AWqK=dQC4Y9SAR))b~G|<PB3+ET60J*
zHAF))P*gN-V`^zd3TI?)Qc_M)WN=bND>XtvOh{pFM0sLDWot!gZF6EYHcC)bcvM+T
zPEAH{3N0-yAZA%McX&i*WpX)kb#h~FPC-RycsVzDHhO1Sa#1UJNI`CGZ&OlIOj1fX
z3iC1TtYJ-QV>nx<zh-!Ry_}Y&+yJw_G{d=?uB>uIcIP`wv1|W(2PFkf2h)^Z-JkiE
R#NN9qR_AU<q=;A7fih3bbVmRH

delta 936
zcmV;Z16Taw0>%fBEPq5sXjExJcxOjBVpl>mVRtfUNoPe)LV8wFF-2xYP*_P&Ra8b+
zPh~?@Zwg^oM>0ZCVn#PsMR`?5MS4;&M_E~HdQmiUWOGDCT2?VaZ+KEjM|CteMG7rG
zAaiqQEoEdfH8n9gAVpSsbU9HVYI;s?aCkINHd<##GiYT_VSiOcP(^lHMQu1lT5(fM
zZ%cMqMoe#RFE&wU3Nlf8H7jXGHAGovO-g2LL3dPZYEDf~G-O9`T5&6NR%CWDZDKch
zbV^}G3N0-yAZs^FNHuXtF=uLQQfg6AP+==ja7j6DFgIpwZ%=wSS}$TubXG-8Xfb3(
z3Ku(YZmjEVp?{%IWcM;4tGw}>1FsG%;fjR*<r-9;Fc(x_3W4Xb5`}1dw!owFKs+tt
zJ+zZXpN!I)D`1$*quy0`RsSmHodZ}pE?)*g{q(?Y-$1QfsR}s_DM8hbX<u1sK<V&;
z3TeJ$=xiSuJ(r1~N(A7Xz9aBz#)_a?(-v6xJE^WbVSko4`(MH&tgqcoq&vE6M}j$c
z)Mas(dQAT?5l_dt#Je1h9mc9ve%xl`%ef(@UtzNe!U8^7^6)?wk)cW5ogOqMxBUNM
z(*Ha}p)?aurCCsC6$ZqW8ENh{Z!(Iew@@?IamHLJz{X7%R!w_it|cE_ci<LjwuN&b
z5n5fzK!0{(#R?q97^Yf9HfkEO8{PcR1pHWN+#c+})0BiQS;B?)&aVuE6w-s&x7jNd
zr?Ca^Hmr^-+=>|BFdq4_b~}$DkU<9O94(0e=aGGJKtbc1Yb0BqUT;Mh{~?a0jH!QM
z?X85OSXjyS5}LDXi2ws>P}6t49|x*$i4mO#Q-95jFL&r^-v2x8DA#H#`rf@*i$EXO
zsqiK_Cycmq*`j%IJyvDQe(@6c<yw#`#lAq?A%TW~3@6GHA+JD87U3nPH$$`1lx~mN
zw-%Hch>KimA#o63lBZ3!sRb4#Y+t3woFd9=;@_D@5^q!<Ny!As0|6K}KE0!P5FzCE
z+<(|1f<LPol)7MJ(X>fd=|HZ&$&~a9JOq;|`N}Xgc58YD|H}^-N>9n3YIp06((3wS
z|K=O3x#%dr@9)k!$lxHeP71bA@%4_(f_9lXNTf=D74G}t!Uk?VBqgN*0PXY;g3zmt
z{mH1DQD8z^g6H6rSNw-t>D})jXuubU*dg2d0S4f42;}n(-VIxu;P*Ta1lKzStv-Hq
K3~Fe52c<fn>72L#

diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age
index 36d09c9ba88635a307c90c4dc7f16e7caa7b15f2..89bc53aea88af047e37b4c6a4804418a9e26b16c 100644
GIT binary patch
delta 660
zcmV;F0&D%W1+)c_EPq9MPhv`VdQnJLOKmkTZ%a{ecXC%RHEBmVaAah5XLB-XLP#`q
zPGo9$MGALsMR7TJbV*8cbyRINFE?d3a7#mQH9>7@dTUQ`P)l}DF<DtuLu7YvV+t)k
zAaiqQEoEdfH8n9gAVpSsbU9HVPi#(ZLqkh9Lv2K7NK;2}R)1JWFKa?KH)S?yOKEp(
zQ!q9;XL58oVq;N73UW+gc209NK{HWza7tKpS4eJFc5GQ$IY%o>VRBbCO=?tYMRiAR
zV{%1F3N0-yAW1MuHbP7}aYth?F?DoTOm}y4Ggfa=cy}~NId5q*D^6B0Qf6*yXG}6t
z3Q&D13%XGgOn-ddyFS!k?HNk=P$>hB6pynx6L<mG6)&vlsG6LK4<hAVxMk|3Lb|Wx
z`CCs<04Ea|Nu3g-!|3!{0hf-?(R40f*m;+Aev%DH+z+M(`9FWP<<-j<_NP<3JT*4w
zy!%seStDKhI@D1dB&C~~!|f(^_f%AKf=}{br4M=a5r2yyJxR<TefQ!=&O4#{8_`?|
z-EEvm3P56TXpcQ|AZ`hKDo@`pjZ6=r&ySzDNHrpx<o;j?PPVGKDFTLcazJ}AHr)wI
z+Ds0OSWgMX8GuhJ4o29i1rsF2O*RnZhAqHfqW4M1#B<xq)Ng#|(`UJWi;`OoHC$xF
zLi<~>B7ZAv%fJR!Eia>*x$2_i8RYLy$eviX99D|tOcU}mwwrNPf2}RM&Bb^5&u`tB
z&nA!%=LY6MV%MPu<wjTM7T;Hj`N#oZt(pYH^=a&W#fqXo5;*bmkaJ80*p-eK88e<5
uTgc>-%4_^pd@ByV4F>Y~zR0s=k=n0O<>+?l`wg3Tq^BI_uEW`#obb?B3maGf

delta 660
zcmV;F0&D%W1+)c_EProiNn<%>Vp&!<WO*xVP;^f@T6jt{HDzg8YIJTyH8V72QfhBD
zH#BBwYYIwBdTTLdGi6FSWif1SNJ(RQO-*e`cWHA@Vog?PO?gLiS8_QxN=J5CI0`L3
zAaiqQEoEdfH8n9gAVpSsbU9HVSVC4>D|caTb8u5MT532mW`8$OX>M&VH)caGXI6M_
zZfQ<%V{B7yMsaCL3Pey<a8+zMFM2_5OKwnBNoY4=HZW3aV^LK?Xm&YeSYtI!PIqi@
zG*NFj3N0-yAbB%LMp|%YbZ|{|K~6(*aAbHwS2A~1c{ep#VnsJbG<9%JS$1M$Vn<n3
z3QPe6@7>i7M}I2i&Um2%(NRfhh1}8DRMvs!9k%uJ)9=1+RZdOLd56VgFM8jd^%rr2
zJ=^vuW{8+@on{!`xV34R*?7+Jt*fRd&NXY;=EX1jU&#hB`tD&3p%<vZaXfmIQ|a{S
zkwgGHi=={yjht{um$x8^@VN<+y{TU*Vn;116RcA^*nc8(;3->cxyt-wNIw$~a=BvG
z=lQ%(uyUbMwmzQ%fIdgyyrE+(%}YXc!`^-MVGVsOnk~XenZ1Y<qiG~>XHJ)6)t2y2
z!VaINTohnHa>$HMfDEuzB1tgHuf1JbOalAAQ_QaS3E>T7Rw(dBSaik$PKPQQ`t`c`
zU-CPaQGd|0KWYmep}s<O-Lcp8y+8-u={pnpb8FH;#k!6~039I<4eF3ygBcbbdI>2;
z#^hyoTekEDK_LjjAz>tgtjJni{H0Ms9){Hf{52DAy^S<}3`6Mk%0mTk#%J|xn8=Hn
u$xQ~&{H&EW-)buGQg)fW`zzU<1d~!{fOKWM!43Hrz;ahjZpN_uJp^r9UmYC)


From 7c5324dac85f5bbceb47c227f2ee2c77c5c61043 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:19 +0200
Subject: [PATCH 3/5] nuc: add elbe pegel

---
 hosts/nuc/modules/monitoring/default.nix | 27 ++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix
index 84bd804..8c7c03c 100644
--- a/hosts/nuc/modules/monitoring/default.nix
+++ b/hosts/nuc/modules/monitoring/default.nix
@@ -93,6 +93,19 @@ in
         enable = true;
         enabledCollectors = [ "systemd" ];
       };
+      json = {
+        enable = true;
+        configFile = pkgs.writeText "json-exporter.yml" ''
+          ---
+          modules:
+            pegelstand:
+              metrics:
+                - name: pegelstand_elbe_dresden
+                  path: '{ $.pegel }'
+                  type: value
+                  help: Pegelstand in Dresden
+        '';
+      };
     };
     scrapeConfigs = [
       {
@@ -127,6 +140,20 @@ in
           targets = [ "nuc.vpn.rfive.de:9300" ];
         }];
       }
+      {
+        job_name = "pegel_dresden";
+        metrics_path = "/probe";
+        params = {
+          module = [ "pegelstand" ];
+          target = [
+            "https://api.stramke.com/wasserstand/sachsen/Dresden"
+          ];
+        };
+        static_configs = [{
+          targets = [ "nuc.vpn.rfive.de:7979" ];
+        }];
+        scrape_interval = "5m";
+      }
       {
         job_name = "caddy";
         static_configs = [{

From 77c1054cb59e410395e6d50440fd228d22021ef8 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:36 +0200
Subject: [PATCH 4/5] rework postfix tls

---
 hosts/falkenstein/modules/mail/postfix.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix
index fb060b1..7cab1a4 100644
--- a/hosts/falkenstein/modules/mail/postfix.nix
+++ b/hosts/falkenstein/modules/mail/postfix.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   domain = config.networking.domain;
@@ -39,8 +39,9 @@ in
         # home_mailbox = "Maildir/";
         smtp_helo_name = config.networking.fqdn;
         smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
-        smtp_use_tls = true;
-        smtpd_use_tls = true;
+        smtp_tls_security_level = "may";
+        smtpd_tls_security_level = lib.mkForce "encrypt";
+        smtpd_tls_auth_only = true;
         smtpd_tls_protocols = [
           "!SSLv2"
           "!SSLv3"

From adbd54c150c9c1ea32c2bda3abcff232ee0d32b4 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 26 Sep 2024 17:49:47 +0200
Subject: [PATCH 5/5] updates

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7da9f33..7c7fa3d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -134,11 +134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719459426,
-        "narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=",
+        "lastModified": 1726867691,
+        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
         "owner": "nix-community",
         "repo": "dns.nix",
-        "rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6",
+        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
         "type": "github"
       },
       "original": {
@@ -301,11 +301,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725948275,
-        "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
+        "lastModified": 1727346017,
+        "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
+        "rev": "c124568e1054a62c20fbe036155cc99237633327",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1725690722,
-        "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
+        "lastModified": 1727198257,
+        "narHash": "sha256-/qMVI+SG9zvhLbQFOnqb4y4BH6DdK3DQHZU5qGptehc=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
+        "rev": "8514fff0f048557723021ffeb31ca55f69b67de3",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725765290,
-        "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=",
+        "lastModified": 1726975622,
+        "narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "642275444c5a9defce57219c944b3179bf2adaa9",
+        "rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417",
         "type": "github"
       },
       "original": {
@@ -524,11 +524,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1725634671,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "lastModified": 1727122398,
+        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
         "type": "github"
       },
       "original": {