add handy script to find gc_roots

minor fixes
integrate onlyoffice with ocis
2024-02-06 20:23:43 +03:00 · 2024-02-06 20:23:25 +03:00 · 2024-02-06 20:22:54 +03:00 · 2024-02-06 20:22:01 +03:00 · 2024-02-04 16:45:27 +03:00 · 2024-02-04 16:45:06 +03:00
30 changed files with 900 additions and 224 deletions
--- a/TODO.md
+++ b/TODO.md
@ -1,5 +1,7 @@
 # TODO

+* move nginx config to respective profiles
+* ocis confid and metadata backup (take zfs snapshot and backup it)
 * grafana for all services
 * move some profiles to modules (like vpn.nix)
 * use sops for all occurrences of hashedPassword
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706450394,
-        "narHash": "sha256-ukrOuprUmG3Duy982EfVcZ10t4i25EoqsSp391txOtw=",
+        "lastModified": 1706820584,
+        "narHash": "sha256-bxdNSMcflfDZXdr7o03f2F9GvwRB9mGt7aYbN0iP0jM=",
        "owner": "ezKEa",
        "repo": "aagl-gtk-on-nix",
-        "rev": "c06cf405666702308273f78eddc30090bd0d2aec",
+        "rev": "3f68c6351aedbfb598824fc930125e06ec12f4e9",
        "type": "github"
      },
      "original": {
@ -42,11 +42,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1706816539,
-        "narHash": "sha256-N1YIZ0tF4JCH0EAayo9hrMR0n/lqLOFNmU5/GzInYHI=",
+        "lastModified": 1707239778,
+        "narHash": "sha256-DhGEDhtPcnxjc9jBOzdg+bf7o8btCAL+W7QNgl6jamI=",
        "owner": "AtaraxiaSjel",
        "repo": "nur",
-        "rev": "53b1e5840b4fc247e7c40414347af8f38726ea89",
+        "rev": "d09bfe6ae85bfc06919c1fa892cd1bc316fd14a8",
        "type": "github"
      },
      "original": {
@ -173,6 +173,27 @@
        "type": "github"
      }
    },
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat_4",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs_5",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1707004164,
+        "narHash": "sha256-9Hr8onWtvLk5A8vCEkaE9kxA0D7PR62povFokM1oL5Q=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "0e68853bb27981a4ffd7a7225b59ed84f7180fc7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -242,6 +263,22 @@
      }
    },
    "flake-compat_4": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_5": {
      "flake": false,
      "locked": {
        "lastModified": 1668681692,
@ -257,7 +294,7 @@
        "type": "github"
      }
    },
-    "flake-compat_5": {
+    "flake-compat_6": {
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -272,7 +309,7 @@
        "type": "github"
      }
    },
-    "flake-compat_6": {
+    "flake-compat_7": {
      "flake": false,
      "locked": {
        "lastModified": 1673956053,
@ -288,7 +325,7 @@
        "type": "github"
      }
    },
-    "flake-compat_7": {
+    "flake-compat_8": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -415,7 +452,7 @@
    },
    "flake-utils-plus_2": {
      "inputs": {
-        "flake-utils": "flake-utils_3"
+        "flake-utils": "flake-utils_4"
      },
      "locked": {
        "lastModified": 1696281284,
@ -451,6 +488,24 @@
      "inputs": {
        "systems": "systems_2"
      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_3"
+      },
      "locked": {
        "lastModified": 1694529238,
        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@ -465,7 +520,7 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_5": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -480,9 +535,9 @@
        "type": "github"
      }
    },
-    "flake-utils_5": {
+    "flake-utils_6": {
      "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1701680307,
@ -498,9 +553,9 @@
        "type": "github"
      }
    },
-    "flake-utils_6": {
+    "flake-utils_7": {
      "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1681202837,
@ -516,9 +571,9 @@
        "type": "github"
      }
    },
-    "flake-utils_7": {
+    "flake-utils_8": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1701680307,
@ -534,9 +589,9 @@
        "type": "github"
      }
    },
-    "flake-utils_8": {
+    "flake-utils_9": {
      "inputs": {
-        "systems": "systems_7"
+        "systems": "systems_8"
      },
      "locked": {
        "lastModified": 1681202837,
@ -553,6 +608,28 @@
      }
    },
    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "gitignore_2": {
      "inputs": {
        "nixpkgs": [
          "prismlauncher",
@ -581,11 +658,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706435589,
-        "narHash": "sha256-yhEYJxMv5BkfmUuNe4QELKo+V5eq1pwhtVs6kEziHfE=",
+        "lastModified": 1707029945,
+        "narHash": "sha256-GA6IOAKouQlTbile9PvAa3UUh7s5mi6NsZMX8lpgozg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4d54c29bce71f8c261513e0662cc573d30f3e33e",
+        "rev": "230836bb7ca318aec7bad8442954da611d06a172",
        "type": "github"
      },
      "original": {
@ -600,16 +677,16 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_3",
+        "systems": "systems_4",
        "wlroots": "wlroots",
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1706524231,
-        "narHash": "sha256-05UcsoN4x1pXqoPzHTPcSRZ6W2uCTqRwXfhR0Ls3f4c=",
+        "lastModified": 1707013800,
+        "narHash": "sha256-dkK9zXkRpjcMUfeIEXrFgGyU3Lm436bz8UxnhjjgDN4=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "91e8c428431deac1e5eb8e537f002ab960777174",
+        "rev": "1ed4f1cb254ce4b4e55727d972998be1ef4baf22",
        "type": "github"
      },
      "original": {
@ -667,7 +744,7 @@
    },
    "hyprlang_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
        "lastModified": 1704230242,
@ -706,11 +783,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1703656108,
-        "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
+        "lastModified": 1706639736,
+        "narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "033643a45a4a920660ef91caa391fbffb14da466",
+        "rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
        "type": "github"
      },
      "original": {
@ -751,12 +828,28 @@
        "type": "github"
      }
    },
+    "lowdown-src_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
    "mms": {
      "inputs": {
-        "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_4",
-        "nix": "nix",
-        "nixpkgs": "nixpkgs_7"
+        "flake-compat": "flake-compat_5",
+        "flake-utils": "flake-utils_5",
+        "nix": "nix_2",
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1669478601,
@ -775,27 +868,31 @@
    "nix": {
      "inputs": {
        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
-        "lastModified": 1669449054,
-        "narHash": "sha256-aCpXrNpyFH6b1NFYGj2i/HecUvz2vZ88aEyDs1Xj8yM=",
-        "owner": "NixOS",
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
        "repo": "nix",
-        "rev": "534332c8a03b64161ec795d1deb2ba3d48f27be1",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
        "repo": "nix",
        "type": "github"
      }
    },
    "nix-alien": {
      "inputs": {
-        "flake-compat": "flake-compat_5",
-        "flake-utils": "flake-utils_5",
+        "flake-compat": "flake-compat_6",
+        "flake-utils": "flake-utils_6",
        "nix-filter": "nix-filter",
        "nix-index-database": "nix-index-database",
        "nixpkgs": [
@ -803,11 +900,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1705306460,
-        "narHash": "sha256-tV42EZ0GAYDKUu8IUaeZgSsOBtp/1IO9jEkHpOj5K94=",
+        "lastModified": 1706619215,
+        "narHash": "sha256-BuZZ2dWa4UloNpF0dsMYZUBkfFvGlH4u2y/Rc1PbfUk=",
        "owner": "thiagokokada",
        "repo": "nix-alien",
-        "rev": "f43ce845467ad2b90df34323dbed3de9f17471d7",
+        "rev": "4830d795e5fab4dc601d3600073135ff9c87ba03",
        "type": "github"
      },
      "original": {
@ -819,7 +916,7 @@
    "nix-direnv": {
      "inputs": {
        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_10",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
@ -875,7 +972,7 @@
    },
    "nix-index-database": {
      "inputs": {
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "lastModified": 1705282324,
@ -893,18 +990,18 @@
    },
    "nix-vscode-marketplace": {
      "inputs": {
-        "flake-compat": "flake-compat_6",
-        "flake-utils": "flake-utils_6",
+        "flake-compat": "flake-compat_7",
+        "flake-utils": "flake-utils_7",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1706491024,
-        "narHash": "sha256-oRjvADEBpKayeA/UVYGtdt1Idv5sMP9EBcqoQg4cOYo=",
+        "lastModified": 1707009713,
+        "narHash": "sha256-oDr8YWRKFmwV2+B4H0ih7BbYjKAMi99yBpzVAXdWWo0=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "0d4c78fbb27b522aa50b2783c20fcec7f88f48d0",
+        "rev": "5a034e1b2dee0df8c8d8a6b25902fbc61c26a139",
        "type": "github"
      },
      "original": {
@ -913,6 +1010,26 @@
        "type": "github"
      }
    },
+    "nix_2": {
+      "inputs": {
+        "lowdown-src": "lowdown-src_2",
+        "nixpkgs": "nixpkgs_7",
+        "nixpkgs-regression": "nixpkgs-regression_2"
+      },
+      "locked": {
+        "lastModified": 1669449054,
+        "narHash": "sha256-aCpXrNpyFH6b1NFYGj2i/HecUvz2vZ88aEyDs1Xj8yM=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "534332c8a03b64161ec795d1deb2ba3d48f27be1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
    "nixlib": {
      "locked": {
        "lastModified": 1693701915,
@ -985,11 +1102,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1706522777,
-        "narHash": "sha256-xQ43gN2qNCUZ7PX1IrRsOAWT2OIRTXnIZ2IYmvT8c5c=",
+        "lastModified": 1707049898,
+        "narHash": "sha256-Lr86gvKe/5nX9UldZeRZlZ/ACdxuEJ0ShLDL+GTrcP8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "df2f1a85106a52596eaf152dfcd9225bf674dcf2",
+        "rev": "4ec0020e841be6f186b712fd90e4cad5c40712e1",
        "type": "github"
      },
      "original": {
@ -1015,6 +1132,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-regression_2": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1702780907,
@ -1033,11 +1166,27 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1706373441,
-        "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=",
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable_3": {
+      "locked": {
+        "lastModified": 1706826059,
+        "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867",
+        "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
        "type": "github"
      },
      "original": {
@ -1047,7 +1196,7 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable_3": {
+    "nixpkgs-stable_4": {
      "locked": {
        "lastModified": 1705957679,
        "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
@ -1065,11 +1214,27 @@
    },
    "nixpkgs_10": {
      "locked": {
-        "lastModified": 1706191920,
-        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
+        "lastModified": 1705697961,
+        "narHash": "sha256-XepT3WS516evSFYkme3GrcI3+7uwXHqtHbip+t24J7E=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e5d1c87f5813afde2dda384ac807c57a105721cc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
+      "locked": {
+        "lastModified": 1706732774,
+        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
+        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
        "type": "github"
      },
      "original": {
@ -1079,13 +1244,13 @@
        "type": "github"
      }
    },
-    "nixpkgs_11": {
+    "nixpkgs_12": {
      "locked": {
-        "lastModified": 1705697961,
-        "narHash": "sha256-XepT3WS516evSFYkme3GrcI3+7uwXHqtHbip+t24J7E=",
+        "lastModified": 1706173671,
+        "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e5d1c87f5813afde2dda384ac807c57a105721cc",
+        "rev": "4fddc9be4eaf195d631333908f2a454b03628ee5",
        "type": "github"
      },
      "original": {
@ -1144,6 +1309,22 @@
      }
    },
    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1702645756,
        "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
@ -1159,7 +1340,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1657693803,
        "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -1175,7 +1356,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1669378442,
        "narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
@ -1191,7 +1372,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
      "locked": {
        "lastModified": 1704722960,
        "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
@ -1207,30 +1388,42 @@
        "type": "github"
      }
    },
-    "nixpkgs_9": {
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils_3",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable_2"
+      },
      "locked": {
-        "lastModified": 1705697961,
-        "narHash": "sha256-XepT3WS516evSFYkme3GrcI3+7uwXHqtHbip+t24J7E=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "e5d1c87f5813afde2dda384ac807c57a105721cc",
+        "lastModified": 1704725188,
+        "narHash": "sha256-qq8NbkhRZF1vVYQFt1s8Mbgo8knj+83+QlL5LBnYGpI=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "ea96f0c05924341c551a797aaba8126334c505d2",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
-    "pre-commit-hooks": {
+    "pre-commit-hooks_2": {
      "inputs": {
        "flake-compat": [
          "prismlauncher",
          "flake-compat"
        ],
-        "flake-utils": "flake-utils_7",
-        "gitignore": "gitignore",
+        "flake-utils": "flake-utils_8",
+        "gitignore": "gitignore_2",
        "nixpkgs": [
          "prismlauncher",
          "nixpkgs"
@ -1256,18 +1449,18 @@
    },
    "prismlauncher": {
      "inputs": {
-        "flake-compat": "flake-compat_7",
+        "flake-compat": "flake-compat_8",
        "flake-parts": "flake-parts_3",
        "libnbtplusplus": "libnbtplusplus",
-        "nixpkgs": "nixpkgs_11",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "nixpkgs": "nixpkgs_12",
+        "pre-commit-hooks": "pre-commit-hooks_2"
      },
      "locked": {
-        "lastModified": 1706324997,
-        "narHash": "sha256-ctj4sz7eh2sw3BZDmS5NY1ClxX0U5hxn7ieVBbMlEEo=",
+        "lastModified": 1706929937,
+        "narHash": "sha256-tkBo7pp8880VPCU7MkF5vVcBxzyZ/7phIJyh52LHE1c=",
        "owner": "AtaraxiaSjel",
        "repo": "PrismLauncher",
-        "rev": "ec1dd0aa4506ddb12e9b8966c7aae9b1400b440a",
+        "rev": "6e58c3d3dd0a6826eda29bae035ae0be2a792333",
        "type": "github"
      },
      "original": {
@ -1287,6 +1480,7 @@
        "base16-tokyonight-scheme": "base16-tokyonight-scheme",
        "cassowary": "cassowary",
        "deploy-rs": "deploy-rs",
+        "devenv": "devenv",
        "disko": "disko",
        "flake-registry": "flake-registry",
        "flake-utils-plus": "flake-utils-plus_2",
@ -1300,9 +1494,9 @@
        "nix-fast-build": "nix-fast-build",
        "nix-vscode-marketplace": "nix-vscode-marketplace",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_11",
        "nixpkgs-master": "nixpkgs-master",
-        "nixpkgs-stable": "nixpkgs-stable_2",
+        "nixpkgs-stable": "nixpkgs-stable_3",
        "prismlauncher": "prismlauncher",
        "rycee": "rycee",
        "sops-nix": "sops-nix",
@ -1312,11 +1506,11 @@
    "rycee": {
      "flake": false,
      "locked": {
-        "lastModified": 1706306805,
-        "narHash": "sha256-BWJdcDmpqZuxCStx4RUl5SD6uELy8hRa5YzwFTdWrts=",
+        "lastModified": 1706985744,
+        "narHash": "sha256-IN4XdMSZonGaov/OXLpYh4g5LzXdK8wx9BowNNb7438=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "24985136f4a5f98254e88c26d428114d206c2565",
+        "rev": "d26433da695b4827878fe844c8983aeb5be0621d",
        "type": "gitlab"
      },
      "original": {
@ -1330,14 +1524,14 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "nixpkgs-stable": "nixpkgs-stable_3"
+        "nixpkgs-stable": "nixpkgs-stable_4"
      },
      "locked": {
-        "lastModified": 1706410821,
-        "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=",
+        "lastModified": 1707015547,
+        "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef",
+        "rev": "23f61b897c00b66855074db471ba016e0cda20dd",
        "type": "github"
      },
      "original": {
@ -1377,21 +1571,6 @@
      }
    },
    "systems_3": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -1406,6 +1585,21 @@
        "type": "github"
      }
    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
    "systems_5": {
      "locked": {
        "lastModified": 1681028828,
@ -1451,6 +1645,21 @@
        "type": "github"
      }
    },
+    "systems_8": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
@ -1513,7 +1722,7 @@
    },
    "vscode-server": {
      "inputs": {
-        "flake-utils": "flake-utils_8",
+        "flake-utils": "flake-utils_9",
        "nixpkgs": [
          "nixpkgs"
        ]
--- a/flake.nix
+++ b/flake.nix
@ -35,6 +35,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    deploy-rs.url = "github:serokell/deploy-rs";
+    devenv.url = "github:cachix/devenv";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
@ -113,8 +114,10 @@
    secretsDir = ./secrets;

    sharedPatches = patchesPath [
-      "authentik-271885.patch"
+      "onlyoffice.patch"
+      "rustic-rs-0.7.0.patch"
      "vaultwarden.patch"
+      "vscode-1.86.0.patch"
      "webhooks.patch"
    ];
    sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ];
@ -123,12 +126,9 @@
      permittedInsecurePackages = [ "electron-25.9.0" ];
    };
    channels.unstable.input = nixpkgs;
-    channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
+    channels.unstable.patches = patchesPath [ "zfs-unstable-2.2.3.patch" "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
    channels.stable.input = inputs.nixpkgs-stable;
    channels.stable.patches = sharedPatches;
-    channels.server.input = inputs.nixpkgs-pinned;
-    channels.server.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
-    channels.vps.input = inputs.nixpkgs;

    hostDefaults.system = "x86_64-linux";
    hostDefaults.channelName = "unstable";
--- a/machines/AMD-Workstation/boot.nix
+++ b/machines/AMD-Workstation/boot.nix
@ -3,7 +3,7 @@ let
  zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
 in {
  boot = {
-    zfs.enableUnstable = false;
+    zfs.enableUnstable = true;
    kernelPackages = pkgs.linuxPackages_lqx;

    initrd = {
--- a/machines/Home-Hypervisor/backups.nix
+++ b/machines/Home-Hypervisor/backups.nix
@ -2,33 +2,38 @@
  imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];

  sops.secrets.rustic-nas-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
-  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml;
+  sops.secrets.rustic-backups-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
  services.rustic.backups = rec {
    nas-backup = {
      backup = true;
      prune = false;
      initialize = false;
+      environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
      extraEnvironment = { https_proxy = "http://192.168.0.6:8888"; };
-      rcloneConfigFile = config.sops.secrets.rclone-rustic-backups.path;
-      rcloneOptions = { fast-list = true; };
      pruneOpts = [ "--repack-cacheable-only=false" ];
      timerConfig = {
        OnCalendar = "05:00";
        Persistent = true;
      };
      settings = let
-        bucket = "rustic-backups";
        label = "hypervisor-nas";
      in {
        repository = {
-          repository = "rclone:rustic-backups:${bucket}/${label}";
+          repository = "opendal:s3";
          password-file = config.sops.secrets.rustic-nas-pass.path;
+          options = {
+            root = label;
+            bucket = "rustic-backups";
+            region = "de-fra";
+            endpoint = "https://c5c0.fra2.idrivee2-53.com";
+          };
        };
        backup = {
          host = config.device;
          label = label;
          ignore-devid = true;
          group-by = "label";
+          skip-identical-parent = true;
          glob = [
            "!/media/nas/**/cache"
            "!/media/nas/**/.cache"
--- a/machines/Home-Hypervisor/default.nix
+++ b/machines/Home-Hypervisor/default.nix
@ -26,6 +26,7 @@ in {
    customProfiles.minio
    customProfiles.nginx
    customProfiles.ocis
+    customProfiles.onlyoffice
    customProfiles.openbooks
    customProfiles.outline
    customProfiles.radicale
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@ -10,7 +10,6 @@
    customModules.devices
    customModules.libvirt-guests
    customModules.persist
-    customModules.rustic
    customModules.users

    customProfiles.hardened
--- a/machines/NixOS-VPS/services/backups.nix
+++ b/machines/NixOS-VPS/services/backups.nix
@ -2,26 +2,30 @@
  imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];

  sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
-  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml;
+  sops.secrets.rustic-backups-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
  services.rustic.backups = rec {
    vps-backup = {
      backup = true;
      prune = false;
      initialize = false;
-      rcloneConfigFile = config.sops.secrets.rclone-rustic-backups.path;
-      rcloneOptions = { fast-list = true; };
      pruneOpts = [ "--repack-cacheable-only=false" ];
+      environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
      timerConfig = {
        OnCalendar = "01:00";
        Persistent = true;
      };
      settings = let
-        bucket = "rustic-backups";
        label = "vps-containers";
      in {
        repository = {
-          repository = "rclone:rustic-backups:${bucket}/${label}";
+          repository = "opendal:s3";
          password-file = config.sops.secrets.rustic-vps-pass.path;
+          options = {
+            root = label;
+            bucket = "rustic-backups";
+            region = "de-fra";
+            endpoint = "https://c5c0.fra2.idrivee2-53.com";
+          };
        };
        repository.options = {
          timeout = "5min";
@ -32,6 +36,7 @@
          label = label;
          ignore-devid = true;
          group-by = "label";
+          skip-identical-parent = true;
          sources = [{
            source = "/srv/marzban";
          }];
--- a/machines/NixOS-VPS/services/xtls.nix
+++ b/machines/NixOS-VPS/services/xtls.nix
@ -6,6 +6,7 @@ let
  nginx-conf = config.sops.secrets."nginx.conf".path;
  marzban-env = config.sops.secrets.marzban.path;
 in {
+  imports = [ inputs.ataraxiasjel-nur.nixosModules.ocis ];
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  sops.secrets = let
--- a/modules/hoyolab-daily-bot.nix
+++ b/modules/hoyolab-daily-bot.nix
@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
-  cfg = config.services.hoyolab-daily-bot;
-in {
-  options.services.hoyolab-daily-bot = {
-    enable = mkEnableOption "Hoyolab Daily Bot";
-
-    package = mkOption {
-      type = types.package;
-      description = lib.mdDoc "Which package to use.";
-      default = pkgs.hoyolab-daily-bot;
-      defaultText = literalExpression "pkgs.hoyolab-daily-bot";
-    };
-
-    cookieFiles = mkOption {
-      type = types.listOf types.str;
-      default = [ ];
-      description =
-        lib.mdDoc "List of paths to cookie files. If not provided, use cookie from browser.";
-    };
-
-    user = mkOption {
-      type = types.str;
-      default = "root";
-      description = lib.mdDoc "";
-    };
-
-    startAt = mkOption {
-      type = types.str;
-      default = "*-*-* 20:00:00";
-      description = lib.mdDoc "";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.hoyolab-daily-bot = {
-      description = "Hoyolab Daily Login Bot.";
-      serviceConfig = {
-        Type = "oneshot";
-        User = cfg.user;
-        StateDirectory = "hoyolab-daily-bot";
-      };
-      startAt = cfg.startAt;
-      script = if (cfg.cookieFiles == [ ]) then ''
-        ${cfg.package}/bin/hoyolab-daily-bot
-      '' else ''
-        ${concatMapStringsSep "\n" (x:
-          "${cfg.package}/bin/hoyolab-daily-bot -c ${x}"
-        ) cfg.cookieFiles}
-      '';
-    };
-  };
-}
--- a/modules/rustic-postgresql.nix
+++ b/modules/rustic-postgresql.nix
@ -21,9 +21,9 @@ with lib;
  };
  imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
  config = mkIf (config.backups.postgresql != { }) {
-    sops.secrets.rclone-postgresql-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml;
+    sops.secrets.rustic-postgresql-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
    sops.secrets.rustic-postgresql-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
-    sops.secrets.rclone-postgresql-backups.owner = "postgres";
+    sops.secrets.rustic-postgresql-s3-env.owner = "postgres";
    sops.secrets.rustic-postgresql-pass.owner = "postgres";

    services.rustic.backups =
@ -34,8 +34,7 @@ with lib;
          initialize = true;
          user = "postgres";
          extraEnvironment.https_proxy = mkIf (backup.proxyAddress != null) backup.proxyAddress;
-          rcloneConfigFile = config.sops.secrets.rclone-postgresql-backups.path;
-          rcloneOptions = { fast-list = true; };
+          environmentFile = config.sops.secrets.rustic-postgresql-s3-env.path;
          pruneOpts = [ "--repack-cacheable-only=false" ];
          timerConfig = {
            OnCalendar = "daily";
@ -47,14 +46,21 @@ with lib;
          # Rustic profile yaml
          settings = {
            repository = {
-              repository = "rclone:postgresql-backups:postgresql-backups/${backup.dbName}";
+              repository = "opendal:s3";
              password-file = config.sops.secrets.rustic-postgresql-pass.path;
+              options = {
+                root = backup.dbName;
+                bucket = "postgresql-backups";
+                region = "de-fra";
+                endpoint = "https://c5c0.fra2.idrivee2-53.com";
+              };
            };
            backup = {
              host = config.device;
              label = backup.dbName;
              ignore-devid = true;
              group-by = "label";
+              skip-identical-parent = true;
              stdin-filename = "${backup.dbName}.dump.zst";
            };
            forget = {
--- a/patches/onlyoffice.patch
+++ b/patches/onlyoffice.patch
@ -0,0 +1,118 @@
+diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix
+index 343ca80c9fc2..a10e19d8b98c 100644
+--- a/nixos/modules/services/web-apps/onlyoffice.nix
+++ b/nixos/modules/services/web-apps/onlyoffice.nix
+@@ -79,113 +79,6 @@ in
+ 
+   config = lib.mkIf cfg.enable {
+     services = {
+-      nginx = {
+-        enable = mkDefault true;
+-        # misses text/csv, font/ttf, application/x-font-ttf, application/rtf, application/wasm
+-        recommendedGzipSettings = mkDefault true;
+-        recommendedProxySettings = mkDefault true;
+-
+-        upstreams = {
+-          # /etc/nginx/includes/http-common.conf
+-          onlyoffice-docservice = {
+-            servers = { "localhost:${toString cfg.port}" = { }; };
+-          };
+-          onlyoffice-example = lib.mkIf cfg.enableExampleServer {
+-            servers = { "localhost:${toString cfg.examplePort}" = { }; };
+-          };
+-        };
+-
+-        virtualHosts.${cfg.hostname} = {
+-          locations = {
+-            # /etc/nginx/includes/ds-docservice.conf
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$".extraConfig = ''
+-              expires -1;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver/$2;
+-            '';
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$".extraConfig = ''
+-              expires 365d;
+-              error_log /dev/null crit;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+-            '';
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$".extraConfig = ''
+-              expires 365d;
+-              error_log /dev/null crit;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+-            '';
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$".extraConfig = ''
+-              expires 365d;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+-            '';
+-            "~* ^(\/cache\/files.*)(\/.*)".extraConfig = ''
+-              alias /var/lib/onlyoffice/documentserver/App_Data$1;
+-              add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename";
+-
+-              set $secret_string verysecretstring;
+-              secure_link $arg_md5,$arg_expires;
+-              secure_link_md5 "$secure_link_expires$uri$secret_string";
+-
+-              if ($secure_link = "") {
+-                return 403;
+-              }
+-
+-              if ($secure_link = "0") {
+-                return 410;
+-              }
+-            '';
+-            "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(internal)(\/.*)$".extraConfig = ''
+-              allow 127.0.0.1;
+-              deny all;
+-              proxy_pass http://onlyoffice-docservice/$2$3;
+-            '';
+-            "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info)(\/.*)$".extraConfig = ''
+-              allow 127.0.0.1;
+-              deny all;
+-              proxy_pass http://onlyoffice-docservice/$2$3;
+-            '';
+-            "/".extraConfig = ''
+-              proxy_pass http://onlyoffice-docservice;
+-            '';
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*)".extraConfig = ''
+-              proxy_pass http://onlyoffice-docservice$2;
+-              proxy_http_version 1.1;
+-            '';
+-            "/${cfg.package.version}/".extraConfig = ''
+-              proxy_pass http://onlyoffice-docservice/;
+-            '';
+-            "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$".extraConfig = ''
+-              expires 365d;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+-            '';
+-            # /etc/nginx/includes/ds-example.conf
+-            "~ ^(\/welcome\/.*)$".extraConfig = ''
+-              expires 365d;
+-              alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1;
+-              index docker.html;
+-            '';
+-            "/example/".extraConfig = lib.mkIf cfg.enableExampleServer ''
+-              proxy_pass http://onlyoffice-example/;
+-              proxy_set_header X-Forwarded-Path /example;
+-            '';
+-          };
+-          extraConfig = ''
+-            rewrite ^/$ /welcome/ redirect;
+-            rewrite ^\/OfficeWeb(\/apps\/.*)$ /${cfg.package.version}/web-apps$1 redirect;
+-            rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ /${cfg.package.version}$1 redirect;
+-
+-            # based on https://github.com/ONLYOFFICE/document-server-package/blob/master/common/documentserver/nginx/includes/http-common.conf.m4#L29-L34
+-            # without variable indirection and correct variable names
+-            proxy_set_header Host $host;
+-            proxy_set_header X-Forwarded-Host $host;
+-            proxy_set_header X-Forwarded-Proto $scheme;
+-            # required for CSP to take effect
+-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+-            # required for websocket
+-            proxy_set_header Upgrade $http_upgrade;
+-            proxy_set_header Connection $connection_upgrade;
+-          '';
+-        };
+-      };
+-
+       rabbitmq.enable = lib.mkDefault true;
+ 
+       postgresql = {
--- a/patches/rustic-rs-0.7.0.patch
+++ b/patches/rustic-rs-0.7.0.patch
@ -0,0 +1,27 @@
+diff --git a/pkgs/tools/backup/rustic-rs/default.nix b/pkgs/tools/backup/rustic-rs/default.nix
+index c6159a899b04..3971cc0df9e6 100644
+--- a/pkgs/tools/backup/rustic-rs/default.nix
+++ b/pkgs/tools/backup/rustic-rs/default.nix
+@@ -10,16 +10,19 @@
+ 
+ rustPlatform.buildRustPackage rec {
+   pname = "rustic-rs";
+-  version = "0.6.1";
+  version = "0.7.0";
+ 
+   src = fetchFromGitHub {
+     owner = "rustic-rs";
+     repo = "rustic";
+     rev = "refs/tags/v${version}";
+-    hash = "sha256-rpIEgQYwfManfgTrhCt6/Q4VBY2yyn4edC6/mz5D7nM=";
+    hash = "sha256-jUAmboJTzX4oJZy9rFiPRbm94bVpZGa0SaqotoCU/Ss=";
+   };
+ 
+-  cargoHash = "sha256-q+K887jPB9i9iXpFYXjn3zppAPWNlTc2AG7ivOr77J4=";
+  cargoHash = "sha256-iZuWlYDGGziwb49BfKdt9Ahs6oQ0Ij2iiT0tvL7ZIVk=";
+
+  buildNoDefaultFeatures = true;
+  buildFeatures = [ "webdav" ];
+ 
+   nativeBuildInputs = [ installShellFiles ];
+ 
--- a/patches/vscode-1.86.0.patch
+++ b/patches/vscode-1.86.0.patch
@ -0,0 +1,51 @@
+From bb9a4abdae31f5edbf0beb5b2ee3102af04000a8 Mon Sep 17 00:00:00 2001
+From: nixpkgs-upkeep-bot <skainsworth@gmail.com>
+Date: Sat, 3 Feb 2024 00:26:09 +0000
+Subject: [PATCH] vscode: 1.85.2 -> 1.86.0
+
+---
+ pkgs/applications/editors/vscode/vscode.nix | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix
+index 0d1e46eee1b1d7..523b1c81cfd2f5 100644
+--- a/pkgs/applications/editors/vscode/vscode.nix
+++ b/pkgs/applications/editors/vscode/vscode.nix
+@@ -30,21 +30,21 @@ let
+   archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
+
+   sha256 = {
+-    x86_64-linux = "0v702nvv971rwv1grp921ys2d1ig0aq0di7idc1lfikl5ka9b4wa";
+-    x86_64-darwin = "1cz1817gy8kx3pkfn80jdgsxmvfyrwiwbmq9mp0079s1zzcdy31k";
+-    aarch64-linux = "0bgdiv7nchwlird53r6q5k8ixljaf682w5ki2kx4bgsii83ih4px";
+-    aarch64-darwin = "0c5hy5z6k8jjdas7hn29wrmrxwixgrb5jdm1vfdbgqg43sslpgm4";
+-    armv7l-linux = "0h8y7mwfhf0ygnywwapblxgiskp9xjh3lpnvwhwbir3bs3v37bhh";
+    x86_64-linux = "0qykchhd6cplyip4gp5s1fpv664xw2y5z0z7n6zwhwpfrld8piwb";
+    x86_64-darwin = "0mris80k62yabaz2avh4q2vjpnqcwa77phx3icdif0c19w185pqw";
+    aarch64-linux = "0rbj0l9wdbkxgzy9j9qvx0237g5nx4np0ank4x6jbxhlbs8xdw39";
+    aarch64-darwin = "1j1wd1ssyrd6651k7ias22phcb358k6aigdirfzczam303cxr0hw";
+    armv7l-linux = "1c6bikdhgd6w5njqza5xmhi7iz4kzydcfb2i7jqklb514knqxc8f";
+   }.${system} or throwSystem;
+ in
+   callPackage ./generic.nix rec {
+     # Please backport all compatible updates to the stable release.
+     # This is important for the extension ecosystem.
+-    version = "1.85.2";
+    version = "1.86.0";
+     pname = "vscode" + lib.optionalString isInsiders "-insiders";
+
+     # This is used for VS Code - Remote SSH test
+-    rev = "8b3775030ed1a69b13e4f4c628c612102e30a681";
+    rev = "05047486b6df5eb8d44b2ecd70ea3bdf775fd937";
+
+     executableName = "code" + lib.optionalString isInsiders "-insiders";
+     longName = "Visual Studio Code" + lib.optionalString isInsiders " - Insiders";
+@@ -68,7 +68,7 @@ in
+       src = fetchurl {
+         name = "vscode-server-${rev}.tar.gz";
+         url = "https://update.code.visualstudio.com/commit:${rev}/server-linux-x64/stable";
+-        sha256 = "1gaq9f4jzdzhfxixb9al5f5pgn1w7lpccacvvy19hq89jzixbix0";
+        sha256 = "0d3g6csi2aplsy5j3v84m65mhlg0krpb2sndk0nh7gafyc5gnn28";
+       };
+     };
+
--- a/patches/zfs-unstable-2.2.3.patch
+++ b/patches/zfs-unstable-2.2.3.patch
@ -0,0 +1,47 @@
+From fd12b90a572417ddf466b75314f444f4ad9b80c2 Mon Sep 17 00:00:00 2001
+From: toastal <toastal@posteo.net>
+Date: Thu, 25 Jan 2024 17:21:54 +0700
+Subject: [PATCH] =?UTF-8?q?zfsUnstable:=202.2.2=20=E2=86=92=202.2.3-unstab?=
+ =?UTF-8?q?le-2024-01-26?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Should have patches for 6.7 compatibility
+---
+ pkgs/os-specific/linux/zfs/unstable.nix | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/pkgs/os-specific/linux/zfs/unstable.nix b/pkgs/os-specific/linux/zfs/unstable.nix
+index 997cbe18ba7dda..691fa523b52266 100644
+--- a/pkgs/os-specific/linux/zfs/unstable.nix
+++ b/pkgs/os-specific/linux/zfs/unstable.nix
+@@ -17,23 +17,24 @@ callPackage ./generic.nix args {
+   # check the release notes for compatible kernels
+   kernelCompatible =
+     if stdenv'.isx86_64 || removeLinuxDRM
+-    then kernel.kernelOlder "6.7"
+    then kernel.kernelOlder "6.8"
+     else kernel.kernelOlder "6.2";
+ 
+   latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
+-    then linuxKernel.packages.linux_6_6
+    then linuxKernel.packages.linux_6_7
+     else linuxKernel.packages.linux_6_1;
+ 
+   # this package should point to a version / git revision compatible with the latest kernel release
+   # IMPORTANT: Always use a tagged release candidate or commits from the
+   # zfs-<version>-staging branch, because this is tested by the OpenZFS
+   # maintainers.
+-  version = "2.2.2";
+  version = "2.2.3-unstable-2024-01-26";
+  rev = "3425484eb907d489c315cced2a1fdea08ef03fc4";
+ 
+   isUnstable = true;
+   tests = [
+     nixosTests.zfs.unstable
+   ];
+ 
+-  hash = "sha256-CqhETAwhWMhbld5ib3Rz1dxms+GQbLwjEZw/V7U/2nE=";
+  hash = "sha256-P8PIp0qRHm/fxYdxWKVRX9LR5tKZR7fFUSY90QDE/lU=";
+ }
--- a/profiles/applications/vscode/default.nix
+++ b/profiles/applications/vscode/default.nix
@ -161,7 +161,7 @@ in
          "editor.suggest.snippetsPreventQuickSuggestions" = false;
          "editor.suggestSelection" = "first";
          "editor.tabCompletion" = "onlySnippets";
-          "editor.wordBasedSuggestions" = false;
+          "editor.wordBasedSuggestions" = "off";
        };
        "[nix]" = {
          "editor.tabSize" = 2;
--- a/profiles/hardened.nix
+++ b/profiles/hardened.nix
@ -90,7 +90,9 @@
  # environment.memoryAllocator.provider = lib.mkDefault "graphene-hardened";

  # dhcpcd broken with scudo or graphene malloc
-  nixpkgs.overlays = [(final: prev: {
-    dhcpcd = prev.dhcpcd.override { enablePrivSep = false; };
-  })];
+  nixpkgs.overlays = lib.optionals (config.environment.memoryAllocator.provider != "libc") [
+    (final: prev: {
+      dhcpcd = prev.dhcpcd.override { enablePrivSep = false; };
+    })
+  ];
 }
--- a/profiles/servers/hoyolab.nix
+++ b/profiles/servers/hoyolab.nix
@ -1,14 +1,10 @@
 { config, inputs, ... }: {
-  sops.secrets.hoyolab-cookie1.sopsFile = inputs.self.secretsDir + /home-hypervisor/hoyolab.yaml;
-  sops.secrets.hoyolab-cookie2.sopsFile = inputs.self.secretsDir + /home-hypervisor/hoyolab.yaml;
-  sops.secrets.hoyolab-cookie3.sopsFile = inputs.self.secretsDir + /home-hypervisor/hoyolab.yaml;
+  imports = [ inputs.ataraxiasjel-nur.nixosModules.hoyolab ];
+  sops.secrets.hoyolab-config.sopsFile = inputs.self.secretsDir + /home-hypervisor/hoyolab.yaml;

-  services.hoyolab-daily-bot = {
+  services.hoyolab-claim-bot = {
    enable = true;
-    cookieFiles = [
-      config.sops.secrets.hoyolab-cookie1.path
-      config.sops.secrets.hoyolab-cookie2.path
-      config.sops.secrets.hoyolab-cookie3.path
-    ];
+    configFile = config.sops.secrets.hoyolab-config.path;
+    startAt = "*-*-* 20:00:00";
  };
 }
--- a/profiles/servers/minio.nix
+++ b/profiles/servers/minio.nix
@ -106,8 +106,12 @@ in {
    rcloneConfigFile = config.sops.secrets.rclone-s3-sync.path;
    syncTargets =
      let buckets = [
-        "authentik-media" "ocis" "outline"
-        "obsidian-ataraxia" "obsidian-doste" "obsidian-kpoxa"
+        "authentik-media"
+        # "ocis"
+        "outline"
+        "obsidian-ataraxia"
+        "obsidian-doste"
+        "obsidian-kpoxa"
      ]; in map (bucket: {
        source = "minio:${bucket}";
        target = "idrive:minio-${bucket}";
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -80,6 +80,7 @@ in {
        "lib.ataraxiadev.com"
        "lidarr.ataraxiadev.com"
        "medusa.ataraxiadev.com"
+        "office.ataraxiadev.com"
        "openbooks.ataraxiadev.com"
        "pdf.ataraxiadev.com"
        "qbit.ataraxiadev.com"
@ -92,6 +93,7 @@ in {
        "vw.ataraxiadev.com"
        "wg.ataraxiadev.com"
        "wiki.ataraxiadev.com"
+        "wopi.ataraxiadev.com"
        # "webmail.ataraxiadev.com"

        # "matrix.ataraxiadev.com"
@ -344,6 +346,11 @@ in {
      "wiki.ataraxiadev.com" = default // authentik {
        proxyPass = "http://127.0.0.1:8190";
      };
+      "wopi.ataraxiadev.com" = default // {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8880";
+        };
+      };
    };
  };

--- a/profiles/servers/ocis.nix
+++ b/profiles/servers/ocis.nix
@ -1,16 +1,32 @@
-{ config, lib, pkgs, inputs, ... }: {
+{ config, pkgs, lib, inputs, ... }: {
+  imports = with inputs.ataraxiasjel-nur.nixosModules; [ ocis wopiserver ];
+
+  sops.secrets.wopiserver-secret.sopsFile = inputs.self.secretsDir + /home-hypervisor/ocis.yaml;
  sops.secrets.ocis-env-file = {
    owner = "ocis";
-    mode = "0400";
    sopsFile = inputs.self.secretsDir + /home-hypervisor/ocis.yaml;
    restartUnits = [ "ocis-server.service" ];
  };
-  imports = [ inputs.ataraxiasjel-nur.nixosModules.ocis ];

  services.ocis = {
    enable = true;
-    configDir = "/var/lib/ocis";
-    baseDataPath = "/media/nas/ocis";
+    package = pkgs.ocis-next-bin;
+    configDir = "/var/lib/ocis/config";
+    baseDataPath = "/var/lib/ocis/data";
+    settings = {
+      proxy.role_assignment = {
+        driver = "oidc";
+        oidc_role_mapper = {
+          role_claim = "groups";
+          role_mapping = [
+            { role_name = "admin"; claim_value = "ocisAdmin"; }
+            { role_name = "spaceadmin"; claim_value = "ocisSpaceAdmin"; }
+            { role_name = "user"; claim_value = "ocisUser"; }
+            { role_name = "guest"; claim_value = "ocisGuest"; }
+          ];
+        };
+      };
+    };
    environmentFile = config.sops.secrets.ocis-env-file.path;
    environment = {
      # Web settings
@ -19,15 +35,15 @@
      OCIS_URL = "https://file.ataraxiadev.com";
      PROXY_HTTP_ADDR = "127.0.0.1:9200";
      PROXY_TLS = "false";
-      # Disable embedded idp (we are using authentik)
-      OCIS_EXCLUDE_RUN_SERVICES = "idp";
+      PROXY_ENABLE_BASIC_AUTH = "false";
+      # Disable embedded idp (we are using authentik) and default app-provider
+      OCIS_EXCLUDE_RUN_SERVICES = "idp,app-provider";
      # OIDC Settings
      OCIS_OIDC_ISSUER = "https://auth.ataraxiadev.com/application/o/owncloud-web-client/";
      PROXY_AUTOPROVISION_ACCOUNTS = "true";
-      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "jwt";
+      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none";
+      # PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "jwt";
      PROXY_OIDC_REWRITE_WELLKNOWN = "true";
-      PROXY_ROLE_ASSIGNMENT_DRIVER = "oidc";
-      PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM = "groups";
      PROXY_USER_CS3_CLAIM = "mail";
      PROXY_USER_OIDC_CLAIM = "email";
      # S3 storage
@ -36,13 +52,66 @@
      STORAGE_USERS_S3NG_BUCKET = "ocis";
      STORAGE_USERS_S3NG_ENDPOINT = "https://s3.ataraxiadev.com";
      STORAGE_USERS_S3NG_REGION = "us-east-1";
+      # OnlyOffice app provider
+      APP_PROVIDER_SERVICE_NAME = "app-provider-onlyoffice";
+      APP_PROVIDER_EXTERNAL_ADDR = "com.owncloud.api.app-provider-onlyoffice";
+      APP_PROVIDER_DRIVER = "wopi";
+      APP_PROVIDER_WOPI_APP_NAME = "OnlyOffice";
+      APP_PROVIDER_WOPI_APP_ICON_URI = "https://office.ataraxiadev.com/web-apps/apps/documenteditor/main/resources/img/favicon.ico";
+      APP_PROVIDER_WOPI_APP_URL = "https://office.ataraxiadev.com";
+      APP_PROVIDER_WOPI_INSECURE = "false";
+      APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL = "https://wopi.ataraxiadev.com";
+      APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL = "https://file.ataraxiadev.com";
    };
  };

+  services.wopiserver = {
+    enable = true;
+    settings = {
+      general = {
+        storagetype = "cs3";
+        port = "8880";
+        loglevel = "Info";
+        loghandler = "stream";
+        logdest = "stdout";
+        wopiurl = "https://wopi.ataraxiadev.com";
+        downloadurl = "https://wopi.ataraxiadev.com/wopi/iop/download";
+        internalserver = "waitress";
+        nonofficetypes = ".md .zmd .txt .epd";
+        tokenvalidity = "86400";
+        wopilockexpiration = "3600";
+        wopilockstrictcheck = "True";
+        enablerename = "False";
+        detectexternallocks = "False";
+      };
+      security = {
+        wopisecretfile = "/run/credentials/wopiserver.service/wopisecret";
+        usehttps = "no";
+      };
+      bridge = {
+        sslverify = "True";
+      };
+      io = {
+        chunksize = "4194304";
+        recoverypath = "/var/lib/wopi/recovery";
+      };
+      cs3 = {
+        revagateway = "127.0.0.1:9142";
+        authtokenvalidity = "3600";
+        sslverify = "True";
+      };
+    };
+  };
+
+  # persist.state.directories = [ "/var/lib/ocis" ];
+
  systemd.services.ocis-server.after =
    lib.mkIf config.services.authentik.enable [
      "authentik-server.service"
      "authentik-worker.service"
      "nginx.service"
    ];
+
+  systemd.services.wopiserver.serviceConfig.LoadCredential =
+    "wopisecret:${config.sops.secrets.wopiserver-secret.path}";
 }
--- a/profiles/servers/onlyoffice.nix
+++ b/profiles/servers/onlyoffice.nix
@ -0,0 +1,114 @@
+{ config, lib, pkgs, inputs, ... }: {
+  sops.secrets.office-jwt-secret.sopsFile = inputs.self.secretsDir + /home-hypervisor/onlyoffice.yaml;
+  sops.secrets.office-jwt-secret.owner = "onlyoffice";
+
+  services.onlyoffice = {
+    enable = true;
+    port = 8800;
+    hostname = "office.ataraxiadev.com";
+    jwtSecretFile = config.sops.secrets.office-jwt-secret.path;
+  };
+
+  systemd.services.onlyoffice-docservice = let
+    office-config = pkgs.writeShellScript "onlyoffice-config" ''
+      ${pkgs.jq}/bin/jq '.wopi.enable = true' /run/onlyoffice/config/default.json | ${pkgs.moreutils}/bin/sponge /run/onlyoffice/config/default.json
+    '';
+  in {
+    serviceConfig.ExecStartPre = lib.mkAfter [ office-config ];
+  };
+
+  persist.state.directories = [ "/var/lib/onlyoffice" ];
+
+  services.nginx = let
+    cfg = config.services.onlyoffice;
+  in {
+    virtualHosts."office.ataraxiadev.com" = {
+      useACMEHost = "ataraxiadev.com";
+      enableACME = false;
+      forceSSL = true;
+      locations = {
+        # /etc/nginx/includes/ds-docservice.conf
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$".extraConfig = ''
+          expires -1;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver/$2;
+        '';
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$".extraConfig = ''
+          expires 365d;
+          error_log /dev/null crit;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+        '';
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$".extraConfig = ''
+          expires 365d;
+          error_log /dev/null crit;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+        '';
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$".extraConfig = ''
+          expires 365d;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+        '';
+        "~* ^(\/cache\/files.*)(\/.*)".extraConfig = ''
+          alias /var/lib/onlyoffice/documentserver/App_Data$1;
+          add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename";
+
+          set $secret_string verysecretstring;
+          secure_link $arg_md5,$arg_expires;
+          secure_link_md5 "$secure_link_expires$uri$secret_string";
+
+          if ($secure_link = "") {
+            return 403;
+          }
+
+          if ($secure_link = "0") {
+            return 410;
+          }
+        '';
+        "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(internal)(\/.*)$".extraConfig = ''
+          allow 127.0.0.1;
+          deny all;
+          proxy_pass http://127.0.0.1:${toString cfg.port}/$2$3;
+        '';
+        "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info)(\/.*)$".extraConfig = ''
+          allow 127.0.0.1;
+          deny all;
+          proxy_pass http://127.0.0.1:${toString cfg.port}/$2$3;
+        '';
+        "/".extraConfig = ''
+          proxy_pass http://127.0.0.1:${toString cfg.port};
+        '';
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*)".extraConfig = ''
+          proxy_pass http://127.0.0.1:${toString cfg.port}$2;
+          proxy_http_version 1.1;
+        '';
+        "/${cfg.package.version}/".extraConfig = ''
+          proxy_pass http://127.0.0.1:${toString cfg.port}/;
+        '';
+        "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$".extraConfig = ''
+          expires 365d;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
+        '';
+        # /etc/nginx/includes/ds-example.conf
+        "~ ^(\/welcome\/.*)$".extraConfig = ''
+          expires 365d;
+          alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1;
+          index docker.html;
+        '';
+      };
+      extraConfig = ''
+        rewrite ^/$ /welcome/ redirect;
+        rewrite ^\/OfficeWeb(\/apps\/.*)$ /${cfg.package.version}/web-apps$1 redirect;
+        rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ /${cfg.package.version}$1 redirect;
+
+        # based on https://github.com/ONLYOFFICE/document-server-package/blob/master/common/documentserver/nginx/includes/http-common.conf.m4#L29-L34
+        # without variable indirection and correct variable names
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # required for CSP to take effect
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # required for websocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+      '';
+    };
+  };
+}
--- a/profiles/workspace/hyprland/default.nix
+++ b/profiles/workspace/hyprland/default.nix
@ -277,6 +277,7 @@ in with config.deviceSpecific; with lib; {
          windowrule=opaque,virt-manager
          windowrulev2=opaque,class:^(.*winbox64.exe)$
          windowrulev2=tile,class:^(.*winbox64.exe)$
+          windowrulev2=tile,class:^(starrail.exe)$

          windowrule=opaque,.*jellyfin.*
        '' ''
--- a/profiles/workspace/misc.nix
+++ b/profiles/workspace/misc.nix
@ -14,6 +14,9 @@ with config.deviceSpecific; {
  services.journald.extraConfig = "Compress=false";
  services.gvfs.enable = !isServer;
  services.upower.enable = isLaptop;
+  xdg.portal.enable = true;
+  xdg.portal.config.common.default = "*";
+  xdg.portal.xdgOpenUsePortal = true;

  home-manager.users.${config.mainuser} = {
    news.display = "silent";
--- a/roles/desktop.nix
+++ b/roles/desktop.nix
@ -28,7 +28,7 @@
    waydroid
    zathura

-    aria2
+    # aria2
    cursor
    direnv
    fonts
--- a/scripts/find_store_path_gc_roots.sh
+++ b/scripts/find_store_path_gc_roots.sh
@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+
+function find_store_path_gc_roots {
+    store_path="$(realpath $1)"
+    while IFS=' ' read -r gcroot derivation; do
+        if [[ ! $gcroot =~ ^/proc ]]; then
+            if nix-store -qR "$derivation" 2>/dev/null | grep -q "$store_path"; then
+				echo $gcroot
+            fi
+        fi
+    done < <(nix-store --gc --print-roots | awk '{print $1, $3}')
+}
+
+
+find_store_path_gc_roots "$@"
--- a/secrets/home-hypervisor/hoyolab.yaml
+++ b/secrets/home-hypervisor/hoyolab.yaml
@ -1,14 +1,12 @@
-hoyolab-cookie1: ENC[AES256_GCM,data:nntVA/KhfdKApuJxjRNHskAQz7CG3BLCONEpT1QrKLMKzwnA6RsvW2OzKG8SgbVyeqCeTTSIKDPth3jImOwk68zK9S2yz9mWRivlPLR86IVdAannbhTFhmHlCqrRHPPYlEZ+Su23zvOGMKn+YVc15mBxnnFCDKYR7MrTiNxkjovSTSr5WwtDwccfu9kcM2Z2u8lEMtdWqcRFHDarnAvThO8QguWJ+DospIRbAMXFD7wTSDEAGAOhcVegoxHni1D/fDe36pbW0x0lBC/J6z4of+yJpEvRrnWvxWsD/eSqzljxmSzovU3mXesB2tyoz+Jd6guERILtM1XQeezi,iv:VM4GPfkSuq6c5Z4sRVFOcn7YKEkFOtEA0PcbYaOhF9g=,tag:7DPK+nyt0ErkE31udEIRqA==,type:str]
-hoyolab-cookie2: ENC[AES256_GCM,data:/XTaJ6YKw3p1A6i+LGjYU/d6zO/bNsX2dWbMDp9fLNCkPGIwFbUCXbiHZqf+enTmk5zzOyxb+B2sJvjeW4kKKP2BDkr0okpUX/AleA+3ReEgPIIiKPNMNL3t1eAVRQEs9t+3s8zj6+siGPjZUpuy7NvrhnETvi7YmVSTamA400X8d9gbKG4Vs7hPB4otA5t8pXZYqJWLuRyjwvvdxYrtgpdRfgzYWhBOu5dZ+rFtccJI/rQMlTcJcPbhmc2vFV09I2xaeXU8piDEMco3y+wm0p3KduPNzP98s6LvfxiQMqM60/baKw/3M055EbQoRinUJDG63eaqL/ACNztZ,iv:+fWtn55dn5fOGjvIlrYfh0FmMzG9/mf/fNOOa9KR5Qg=,tag:yI0bJpXNC5mKKdO3/8cx+w==,type:str]
-hoyolab-cookie3: ENC[AES256_GCM,data:3lDvQRrf4wrl28G6ognKlEPquG3JYieYA9ZQ4cEL/QwB0F+ksP2sTxFeIr9gihsWZQHgfYzeRLCSOAammW0WO/prpCP1X/JzuA0uGF83aMC07n2FSiroHjiBPBJhwUBRW0hPeXSURWz5D4mtDkv6PQB6bkfY0y2V2QNQ26qiT/mooi1tJGL4uSfMZ5Ix+emJwtzn/CCGTr1Y0U9GZf5IiFj6Z76mMPZ1BEW2C+b/XD1huatMr3KLNGoYVqJm/6pCCGr6GkUh+jJXtdNM612oe0r6PVu6UhVel+58jhWzKUoGv4ZOZMqhbrjla93BEfVNI6aRnTySpRWwl0EV,iv:Wmso1lZa65M7Ej7so2Lw7Mbvib2O7upfpnOEwACTeYc=,tag:oswA0vhQ2I2gty7v7lVjdg==,type:str]
+hoyolab-config: ENC[AES256_GCM,data:a+VkRtVAiVfFSazp64Fy5eA6TAbAcC7bm2k6p8AE1FJgA8Z/LlOCcDbTaueFXecOCGpcSuv+SJTsu+2IRD2V7ZWIUot0b1fxKUFZ5hIU8LmpXxxh8tQz3N7Rw6FAWHrN/BM3m981pTqd4FOmqXtgxOMF8ItsGJEwpRkq31lT+A7dcuEuQCykll2dXeHQJXBVUs3TbeDsCo4/lNan++sYm0QvS33n+ybs29oePPeteWdXHEZtfmWHLKU5KPy86uPOkooKXkv5+XibTgaQzo90/AZA3FjED9Mko+mFzPhGtsYhr2wjId8Go3zm5HKqcpWWiut7mkBJzZ4YoOYCdHaqWM0ySbbdMCGiKmvpQCsq5weXI6WL2wfIxOp5SKVl9K3AR97jgl6CG/uoko9ozCSWsK6DUob5yglTK0iMvcuo0k2ohxAM/aFnxrLmUuQ7Jbu0DjKpT0xlELavSlScA8aS6aMzJT3u/i05pTPkoNDoYB0bviGyjJ+greP+YVINeqJPmrVvK7KKAu2ULLYHfsUNHlAMMZi/22PkNHotIXsbj6kEGaegiDTnuuVFwKW2j4vX4LEp0AwSr/M9OLjLN16k0Sslu+oifP68pxz24DqtpyPCS/cy1uVLtUHjtk8puR+l7+fmaRh1bCGC2zFb/D4q2TFSS8hlv7bYK0YNpEYGkJd6IXyYgcDNijPEAm2VbBYY24eyW8+GMy6wPCD++DPF4/tvhoVpqqPYgE56h2+Qv4Ca0BugmfSzntEOCRKteeCqVmvGTsBGT9YUwravdQc=,iv:sKhAPKaELVo17Rt/tPi5L/kFSSim5A/H6vM+7df5qUE=,tag:nvghxY7EAtDNf8OlolXLlw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-01-21T19:16:02Z"
-    mac: ENC[AES256_GCM,data:wEaG9ORs4llAHChwW7UxXgJ0UIcjzmubfIXF/ufZ+HlD4rxM8SLmWlmyCD9AdwR76VMz2pK3juyZmyGeOubriMegunf0jouHpr59smk6jFES8uBr1ik6GcTG4uL0LSmj+LYeJB43/ob+68VxiTicA05rP4jl+BU0Iy90hX9Hkng=,iv:UdcPrwWOgrdcy8PfveNAxte6yW4VR7VMnknrGItDvVY=,tag:g75nyYRspjO2LMDz+Z4izA==,type:str]
+    lastmodified: "2024-02-02T18:46:43Z"
+    mac: ENC[AES256_GCM,data:W+btPIsNOr8e47vnjwmEa3xQT/kv1nJapzX6PC/CEcCUWng+wfwsIrxj8gg4fXCPiBsjzbYrMlUEylibwNm7sr6xJqI6nVf73cH3kXJMfpufRjfCjLSbzmg6tEWtWf+S7zaRD6ibwe5ZhFooYriGtatZVQg7oyGoMUK5Cf0mJWk=,iv:LhqEJTh5+nlEcExRh2GHwgmazAezKU9nU+ktZjXhJNM=,tag:/r8YVU7dp5DZESu9xCsezA==,type:str]
    pgp:
        - created_at: "2024-01-21T19:15:05Z"
          enc: |-
--- a/secrets/home-hypervisor/ocis.yaml
+++ b/secrets/home-hypervisor/ocis.yaml
@ -1,13 +1,14 @@
 ocis-admin-pass: ENC[AES256_GCM,data:WfgdyfLxojFR6/hOIu+ycFgiih8=,iv:s9GWDBrrWGWkRDzd/BB3tuyExmdKVa7qvRbjgx0N0jQ=,tag:eRFs5ZCTBjbXSRwvO8lCSg==,type:str]
-ocis-env-file: ENC[AES256_GCM,data:6oyXhsmmMzFd7CIv4j+gWbzHo4Jy4Ym5KzV6tAXdKkTP1n6Yvv1UpdebOzXfrXZTTHuEzrTJvtFAviZd526KyAeeo53iQvWDdhazeywHL5AbsmUJ7IZ0eChGiXBXsYTYSb+TyFaRHpZazpT8ePurHkVuYfE4lyKDIILu3Y4ahfyXQzRnh3lhS1SxuWtDcoG6lcuAwgLBOgcIeHWI9rqmtylneeGf70oRfd80sHQ=,iv:tlQF8b0x+qd7JuhbFY1ekZNKjT68SKW6P/DRYalYfuU=,tag:V6SjKQbZiGm7rJtCtogQRw==,type:str]
+ocis-env-file: ENC[AES256_GCM,data:qbnZCgJIh9Cf2Qr2awAjcLFBOJKEIKha5pcvPjSF6GevzgIpogtyoSHHYVZuWVyoAuA5lvS7tjcjKdDTz9evCa2lbVzFbrFeRdsmAxksEpYDTFR+3akhmijXUxk/V+dYs17bgKVeWkINehCjfeTQdVCjwZOaz7tUAOqlGszYE9k1DlocWVJqZ4zVneb3up90cu2Yt2Ekl/ZGrnr3YIfJPYhnwv11xIhZSbDXAEy3tRnOp0bJOsYBexr3vPkExvtE8FgRxv/ueA+IcSnpdhuX5ocvn3MWDLMcGwTigJtgyghyb3ECjPCEPmcST5v1bYwcjTPmqfGtygoH/1mZnba/2BjccUuO4CdTYqDYIBUVJHzqrcdU6eu+KyBJ9/XQznw/HNrECBxJG3xLwcq08bbGnooOIrmnyw/LKIMieHRuzD8bHfpNvg1M,iv:48Aa27n1WbsvuoPRn8xmrzIfJDELk/R9VJ7mcA88oW8=,tag:EE/Djgsfpwbaxv1DcVr9CA==,type:str]
+wopiserver-secret: ENC[AES256_GCM,data:Qa1HM5Gx0n+U4Nc2phQJmogAzaHzzzB7F+i05WfwBFrDwhmkSMYjunX6SWWQfbocR7sxDfYVZUCVWSzWvEJr89Vb9vrLfSupOYMNbrs5c703N84CAIIGVx0i+EvbBl1I,iv:kAFxY81rGG+WEjzUcy/smYaHLRaojDUfrkQZUM0LLxk=,tag:7HuKX8cEdyjag91kS8lmLw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-01-20T20:50:32Z"
-    mac: ENC[AES256_GCM,data:0SLZnxDo9X6a6od00XKsZ45RfdC43JHom9H6lhTdgco/w7OnRFd4ukJoaQfL8OnXuS5v7UgxNByzuVNJY7cIgNXLNKKFYG7fzb8GNyTmYyFbSUyjlgQ1pDbjFdKsWTgeoUyb/Q/CzdZFWBbJLvMkwwR1pirhWCEQx3GxlaD8MNA=,iv:L6XPxjhLH0bJCveTYWL9aYXhHvxusJcbE2EO8OwPg24=,tag:GveNLkF72FSfVBazWPigrQ==,type:str]
+    lastmodified: "2024-02-05T12:53:28Z"
+    mac: ENC[AES256_GCM,data:Nb0UIbPvHANxtSYfOp3MZWQDOYxFSv51aLoIG+m+4Ql23sXUXqzY/1Ojjhh097qLK8Nk0Fkoy6vpKopiQpYJD1yu+uxJjHLuGhsNDVDds7tW2MtEs6MB4IEuPfSYyRhBjEZjU9XvchHiELJxztwywfApM4pjSevqxpLz273Hf1E=,iv:muz0pZp9Z+HFTPcXi8gXGJcGevpUE1GmhKQZMDFTpiA=,tag:6tXmiLkX7ByuoqeqqBntuw==,type:str]
    pgp:
        - created_at: "2024-01-20T17:09:10Z"
          enc: |-
--- a/secrets/home-hypervisor/onlyoffice.yaml
+++ b/secrets/home-hypervisor/onlyoffice.yaml
@ -0,0 +1,47 @@
+office-jwt-secret: ENC[AES256_GCM,data:gzGoVQDZVNHkwA1AmcF4jOqcusHoP75OGSqc098zD7eLAL/tFo9R7b6kfGvGWUKk4TPIyU4fzz3Uqhw5vHi/DA/ikCjT3HbnuwTk0ApJuyy27PTLt9opKoEaRyAEcOex,iv:qHTmnWKbek1sySWs5qjldcSvoVC5rAKgRuI7jX1g7lk=,tag:kjkHv92FEO6zomu8OcGCsA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-02-03T18:53:42Z"
+    mac: ENC[AES256_GCM,data:NgVHm1yxlV+GU6TgLhWiMutizLsdmZJwEPKuErXUAK83pCXhECWaqQSn9HNs7hG8GuLnl02lJmS7R078j+hTvLAxYKEewkU9uRzSNJ5Ri0BMCQOtBgoKNS+naCxom9mUL/HvrDc65S8ENiIlQBWCpv9/mY10kUrI/QnI+DVaD18=,iv:FcS3gfIvvzsyAv+eW5XuOXmcQLoE71KvzL3IWiy2hTc=,tag:ZRhiIsEEVix+lZuyVNIh2A==,type:str]
+    pgp:
+        - created_at: "2024-02-03T18:52:29Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMAwcagTG/Fm6AAQf/bzkgXT2mAN+YPVUrFV9sAU8onCyHN0ej8OyW3JKxjU5n
+            2RmjFBSq05polDk1bzcbue4e61T8sn7av1iXzsGPpt7egy4nD5Vmo4/GcNA9vnGz
+            OotP4dLxVLfOJvC9H7idhXIWMSbDTFSzduUA9H1F1yOBr5oCpw16foVSrD6QlgAC
+            4wiDQZg/lpxBGGphnCN10xp52DbBQ48CKapvwx8QhjCDv1UpD9XlOPIeGmcA1txP
+            TxEGJVa9pJhlvCU9wEyE+SvxZhgT0e9cYI5sc6N+MFA+gcCmJ41mX39FElkZ/LV7
+            b2xKogdjq90aA2o66qURZbv/DUHS+cAz2pBxwJzjOdJYAQZ7oZucpuF9O3lJCK/K
+            dwCFUyo6sXn0HSeTFCRDbsC+0eVK0jJfyJr+MCKXgibeUbfToJllS6Q5PUWarYCl
+            Ei8xlald6lpZgYCnca7C9O7bv/wp9WztUA==
+            =RgsL
+            -----END PGP MESSAGE-----
+          fp: ad382d058c964607b7bbf01b071a8131bf166e80
+        - created_at: "2024-02-03T18:52:29Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA187ia82lSDGAQ/+IpyQWSsl7quF5yk39smz9Zn8LVAwc/9tNePehZkyCdpk
+            LNeCnbZGyeLDhPsQ762wdFX/f8W/8ZX5AqQI9d8Zp+kG2G3YtwI46FiFsz1zdiVT
+            lnxKjVER4FBWwlD2LAGl4MFIBk8gqKyzzvCAxR6CpybGMABx+LjFa+HKN7sH3i3a
+            CcpH+0+W2S0IArTexSGetrmba/s+t3g9hEzVPVPWGutG+XkSiItne1maqEbpkWRM
+            zyFaW+JWCDmvrXfP3qMUGeQI6x0otEpcYuLoFno93I/8N+UxIAijFTOK9kD+ZoSy
+            t6mW5d/BtjZH6/32JRKkEv2tFbt6NP9dqStNbbnhb5SI7jKLGcXVLMpSQvajYz68
+            91X9SOWYJCNZ1ssEnYBDUiVqQL0Jfe7UR5EplzJEo0zeWbV8bMTHAWxeioOHFdXn
+            aYzk6wgt+kaHshAjGbkKyMTWB/a3pTAkcc1v0Uc9SM1wPU9Cn+26GdH/sHLaOfve
+            7am6Ige+68/vgVTLPJ9C37wf2b4XT3/7Cx6CXpj54uFaDjZYpzGg1vWhtyZXl3m1
+            4gDL4NZdqacbsHlmWMTqYXYki+aSJed7OwjIgwt4G1KoKfYlI2fGOmGegplH/iYd
+            kxmdtnENg9011LcoXv3p/8TTOYkk3hArRkY0E37X+IEYnXB1EflTUc2KPRPDRNvS
+            WAGxqiAuTkbYQRfetrxpdOWEFe8iJydZA06vAbsiV7gZHSYW/LUtOS5aWp0WCwbZ
+            daODyvPT2chs44wa8xsSjHtRn/qX2S0sw/Bdzs39YSuq2yq7MVktNws=
+            =S7Zs
+            -----END PGP MESSAGE-----
+          fp: a32018133c7afbfd05d5b2795f3b89af369520c6
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/secrets/rustic.yaml
+++ b/secrets/rustic.yaml
@ -1,3 +1,5 @@
+rustic-backups-s3-env: ENC[AES256_GCM,data:XrZoIYUauOwK/YNItn7OziLEBYXXekgOE3nVLJjzMc7k698uZcYvRHEfQCq5lvH/110BIL11AJumQcfBnG6lYTqjBs56vlJvbh7olsNACX5ZyDR/qYXkfSqcO61JfZufQVAvlag=,iv:Wx5xBQdDRolB6NsuoDlw1JGYk5YrG28unblo8hDea14=,tag:++cKr0a4Ep4mbENVaA3P3A==,type:str]
+rustic-postgresql-s3-env: ENC[AES256_GCM,data:Jdfx3PT4cXMyZTJBXOp/bBcD5QBPucTONT2WctGSIUUGKz/OKb+U8OX9FKTmXlWHiXZctMMj2NJkuueihsJHFmcDPZT5lmh8Y0E4j0sB6anUHcPEJyXfl1TAIteErsmeu90Lsy4=,iv:ugQXfGMjiwX4s1GFHhW0R9vPRmWUELmMiUOQGPWqidI=,tag:DcVQCKHskliy9itMMT3ZAA==,type:str]
 rclone-rustic-backups: ENC[AES256_GCM,data:78Ch7VVk/9rPy8pTQCTmuSSXWVKlNwlaTxnrM4yBi8/AQ6B4QJYQr1ibtxbgFs4aGHMddJbARLILT9afzXVF3dwyZ5490v8b+6NmGQ/ECdLpQ3LUGWzQHSkTQRib8s2ks2v3XC7AAzUr4hNdXHxL4/11WrKIL5wJyn2YP/KngQoIjijkpzoAoKZgr9cTZDSQ3FsnDv6WlQ4lTneRSkssFmHrytgFWEj/EXTqeZo5/2E7GrqFC161iO/p6+ZM9dNFoSsLxj4SI5gF2HsUChZbDfMyMdzYCHTt,iv:a1Vgs89rKIDJ//CCN94F3rzUSBtbrBB9fB8nZpFacTg=,tag:Y4QA6YKOUAWN5uhnG2C95Q==,type:str]
 rclone-postgresql-backups: ENC[AES256_GCM,data:rEINBfZezX3YSfQQhYm9JsgHOZE4c4us3dl5FvgZv2L+uIsoVVSNt0gr6My/nk19hL7IGY1I7ab2YgEwKE3w4rV3wpZ6+lCAucNM2YvGXWoqpvOvhH0YGfASA7yOSDaLZ69zL07UGX0WK2Z2dDrLOEz8NJsPbOn55XvDXVwjtR1o3R7j7bLKUHgcm8S/JGF0IQXvJWBN/WQzF66rFjNf0SxReEfa/mYLr3w+qdBpRVsZ3yiXQrvFUWj9GNS3FYfG6wro5SLGLuX7hDkGE+KiKv7j0cuMkphlQu0IyQ==,iv:NodSsCEPz6dMfSbHKE3sIfehaZ7cD3tq3gVtTceHmrg=,tag:lBDzO4QmOGyUBX5aAm2TYA==,type:str]
 rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str]
@ -11,8 +13,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-01-23T15:17:00Z"
-    mac: ENC[AES256_GCM,data:Ws5QPNDrb/xHj9/F6d14l2juemaVzLecYs4SeN/Fwo0DSztJsZhSK9JV2gx+iZk1R5i5WKJumr+2SPeEbFzfQkIuemj32ECHGBPKI0UB1O48hEMWOxIMN03zXf56MujWWXoIeVK+bzVNPot9+qtU0mZQ/VvLlVpWF35vb8tkORE=,iv:nJKM7qFqK1ezTiMe8sXAOz+Bpg+BnKCZOGDKCgUEEHE=,tag:01+MqoF0jfGjauVeaVatyQ==,type:str]
+    lastmodified: "2024-02-04T12:24:39Z"
+    mac: ENC[AES256_GCM,data:frEvsfMhwVE6cusyS5hc3IAopdqGjooiPwbPbYEgUTiu4xRSqdkf0g4Ue9m3oK/zfm7gxRsvf+7HQ25J4bChhwOU6QGHzpVozpaipc0gS1Bxut4QfSytKM6fnkKJcn3nkMudosjBmPTU51AFqziFQmV5OMaeuiqipin31nWyZKk=,iv:ZcTBndDwp86X2VMQ3Y3Rk0KYHtzuK+ZRmAxs7Y2cyU8=,tag:mXoy18OqrLrg2KiUvw7QjQ==,type:str]
    pgp:
        - created_at: "2024-01-22T10:23:32Z"
          enc: |-
Author	SHA1	Message	Date
Dmitriy Kholkin	a6744d385c	add handy script to find gc_roots	2024-02-06 20:23:43 +03:00
Dmitriy Kholkin	c75d2092f6	minor fixes	2024-02-06 20:23:25 +03:00
Dmitriy Kholkin	7267de08d6	integrate onlyoffice with ocis	2024-02-06 20:22:54 +03:00
Dmitriy Kholkin	c80630fc1c	add onlyoffice	2024-02-06 20:22:01 +03:00
Dmitriy Kholkin	843b9aef79	fix ocis apps login	2024-02-04 16:45:27 +03:00
Dmitriy Kholkin	1213ca759c	change ocis directory	2024-02-04 16:45:06 +03:00
Dmitriy Kholkin	a39406c9d7	disable ocis bucket backup	2024-02-04 16:43:03 +03:00
Dmitriy Kholkin	a733ad2998	fix hardened overlay	2024-02-04 16:42:33 +03:00
Dmitriy Kholkin	eeb9e7fa80	upgrade	2024-02-04 16:42:22 +03:00
Dmitriy Kholkin	e6a8f01a32	restore devenv flake input	2024-02-04 16:41:29 +03:00
Dmitriy Kholkin	0bfcd33387	use hoyolab-claim-bot	2024-02-04 15:37:57 +03:00
Dmitriy Kholkin	c255b9d9b6	update nur	2024-02-04 15:36:41 +03:00
Dmitriy Kholkin	e3ed79505c	change rustic backend from rclone to opendal	2024-02-04 15:36:28 +03:00
Dmitriy Kholkin	d403f77ce6	update rustic-rs to 0.7.0	2024-02-04 15:35:47 +03:00