From 065e09724eb66d69ae50294535f661844addb0e9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate@xirion.net>
Date: Sat, 3 Jun 2023 14:00:24 +0000
Subject: [PATCH 01/15] chore(deps): update renovate/renovate docker tag to
 v35.110.1

---
 flux/olympus/apps/services/renovate/cronjob.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flux/olympus/apps/services/renovate/cronjob.yaml b/flux/olympus/apps/services/renovate/cronjob.yaml
index b7bf672..e533e88 100644
--- a/flux/olympus/apps/services/renovate/cronjob.yaml
+++ b/flux/olympus/apps/services/renovate/cronjob.yaml
@@ -19,7 +19,7 @@ spec:
               emptyDir: {}
           containers:
             - name: renovate
-              image: renovate/renovate:35.105.5
+              image: renovate/renovate:35.110.1
               volumeMounts:
                 - name: config-volume
                   mountPath: /opt/renovate/

From 9a14d36d7f86ffccd818520ae177ac39fbbb688b Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Mon, 5 Jun 2023 10:20:08 +0200
Subject: [PATCH 02/15] updates

---
 flake.nix                                    |  3 ++-
 nixos/common/desktop/home.nix                |  1 +
 nixos/hosts/hades/rtorrent/configuration.nix | 20 ++++++++++++++------
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/flake.nix b/flake.nix
index af4845a..0b658d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,7 @@
   };
 
   outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena
-    , nixos-generators, nur, ... }@inputs:
+    , nixos-generators, nur, attic, ... }@inputs:
     let
       inherit (nixpkgs) lib;
 
@@ -125,6 +125,7 @@
       devShells.${system}.default = pkgs.mkShell {
         VAULT_ADDR = "http://vault.olympus:8200/";
         buildInputs = with pkgs; [
+          attic.packages.${pkgs.system}.attic
           apply-local
           colmena.packages.${system}.colmena
           cachix
diff --git a/nixos/common/desktop/home.nix b/nixos/common/desktop/home.nix
index befc926..fcd9e33 100644
--- a/nixos/common/desktop/home.nix
+++ b/nixos/common/desktop/home.nix
@@ -15,6 +15,7 @@ in {
     fusee-launcher
     gcc
     gimp
+    inputs.attic.packages.${pkgs.system}.attic
     inputs.comma.packages.${pkgs.system}.default
     inputs.webcord.packages.${pkgs.system}.default
     kdenlive
diff --git a/nixos/hosts/hades/rtorrent/configuration.nix b/nixos/hosts/hades/rtorrent/configuration.nix
index 1bc021e..30cb7af 100644
--- a/nixos/hosts/hades/rtorrent/configuration.nix
+++ b/nixos/hosts/hades/rtorrent/configuration.nix
@@ -34,12 +34,20 @@ in {
       privateKeyFile = "${vs.rtorrent}/wireguardKey";
       postUp = "${postUpScript}/bin/post_up || true";
 
-      peers = [{
-        publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
-        allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        endpoint = "185.65.134.82:51820";
-        persistentKeepalive = 25;
-      }];
+      peers = [
+        {
+          publicKey = "33BoONMGCm2vknq2eq72eozRsHmHQY6ZHEEZ4851TkY=";
+          allowedIPs = [ "0.0.0.0/0" "::/0"];
+          endpoint = "193.32.249.70:51820";
+          persistentKeepalive = 25;
+        }
+        # {
+        # publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
+        # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        # endpoint = "185.65.134.82:51820";
+        # persistentKeepalive = 25;
+        # }
+      ];
     };
   };
 }

From cc2dec177259e2bd0d8a09bad79b611b4ac912f2 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 6 Jun 2023 09:19:47 +0200
Subject: [PATCH 03/15] small updates to fix attic

---
 nixos/common/hm-modules/nvim.nix          |  1 +
 nixos/hosts/hades/attic/configuration.nix | 19 ++++++++++++++++---
 nixos/hosts/hades/nginx/configuration.nix |  1 +
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/nixos/common/hm-modules/nvim.nix b/nixos/common/hm-modules/nvim.nix
index 4818d83..46c5fbf 100644
--- a/nixos/common/hm-modules/nvim.nix
+++ b/nixos/common/hm-modules/nvim.nix
@@ -70,6 +70,7 @@ in {
           servers.pyright.enable = true;
           servers.elixirls.enable = true;
           servers.clangd.enable = true;
+          servers.yamlls.enable = true;
         };
         trouble.enable = true;
         lspkind.enable = true;
diff --git a/nixos/hosts/hades/attic/configuration.nix b/nixos/hosts/hades/attic/configuration.nix
index c13b430..7b088d3 100644
--- a/nixos/hosts/hades/attic/configuration.nix
+++ b/nixos/hosts/hades/attic/configuration.nix
@@ -18,10 +18,21 @@ in {
   # Additional packages
   environment.systemPackages = with pkgs; [ ];
 
-  vault-secrets.secrets.attic = {
-    services = [ "atticd" ];
-   };
+  vault-secrets.secrets.attic = { services = [ "atticd" ]; };
 
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    ensureDatabases = [ "atticd" ];
+    ensureUsers = [{
+      name = "atticd";
+      ensurePermissions = {
+        "DATABASE atticd" = "ALL PRIVILEGES";
+        "schema public" = "ALL";
+      };
+    }];
+
+  };
 
   services.atticd = {
     enable = true;
@@ -44,6 +55,8 @@ in {
         level = 8;
       };
 
+      database.url = "postgresql://atticd?host=/run/postgresql";
+
       storage = {
         type = "s3";
         region = "hades";
diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix
index 5b38cac..343dd1d 100644
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@@ -59,6 +59,7 @@ in {
     virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
     virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
     virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
+    virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
     virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
     virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
     virtualHosts."repo.xirion.net" = proxy "http://archlinux";

From f6138a3fb2218eb358cdaf32b3d06c7609158bb6 Mon Sep 17 00:00:00 2001
From: Forgejo Actions Bot <>
Date: Tue, 6 Jun 2023 09:20:27 +0200
Subject: [PATCH 04/15] Update Plex

---
 nixos/pkgs/plex-pass/sources.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/nixos/pkgs/plex-pass/sources.json b/nixos/pkgs/plex-pass/sources.json
index e7fbf52..a0c5706 100644
--- a/nixos/pkgs/plex-pass/sources.json
+++ b/nixos/pkgs/plex-pass/sources.json
@@ -1,14 +1,14 @@
 [
   {
-    "version": "1.32.3.7089",
+    "version": "1.32.4.7164",
     "platform": "aarch64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_arm64.deb",
-    "hash": "1sc6h04l0lxw3jzz01gn7i6wikqqds7nqh35rqvwhffjgdvmcjhq"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_arm64.deb",
+    "hash": "1k61rrdjlwhf14q8qdj976a53wf9f9ask0fwynldyqbvjfjgy0ws"
   },
   {
-    "version": "1.32.3.7089",
+    "version": "1.32.4.7164",
     "platform": "x86_64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_amd64.deb",
-    "hash": "074qvjl49rfn6s3naa5s71i5kd0an64laijz13cpsh55yy6zwgb3"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_amd64.deb",
+    "hash": "0sa537yx7gjbabmisb26yrrlg7ql124qhwlc20r5m1hbq8i1i23w"
   }
 ]

From 6b13c82fc11a38a8dab8139d22e89c665280d178 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 6 Jun 2023 09:47:38 +0200
Subject: [PATCH 05/15] update flake

---
 flake.lock | 66 +++++++++++++++++++++++++++---------------------------
 flake.nix  |  2 +-
 2 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/flake.lock b/flake.lock
index 82a4c50..f6d90af 100644
--- a/flake.lock
+++ b/flake.lock
@@ -536,11 +536,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
         "type": "github"
       },
       "original": {
@@ -695,11 +695,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685573051,
-        "narHash": "sha256-zrpbdQVJFpNVFK3SlA6mE0le8qnKjUjcuY4OzL+wSHw=",
+        "lastModified": 1685999310,
+        "narHash": "sha256-gaRMZhc7z4KeU/xS3IWv3kC+WhVcAXOLXXGKLe5zn1Y=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3876cc613ac3983078964ffb5a0c01d00028139e",
+        "rev": "28614ed7a1e3ace824c122237bdc0e5e0b62c5c3",
         "type": "github"
       },
       "original": {
@@ -721,11 +721,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1685709197,
-        "narHash": "sha256-ASoXZVoXj6L9PzNDfuDrAxrqaDuH7e1qTzdzkOODu4M=",
+        "lastModified": 1685953862,
+        "narHash": "sha256-aROVoLllFZde9EWr3EP97fXIlOghgrdmO6TeYkZRs5g=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "e422970c1bc3351bb7a20cf6e30e78d975280ed3",
+        "rev": "45d04a45d3dfcdee5246f7c0dfed056313de2a61",
         "type": "github"
       },
       "original": {
@@ -869,11 +869,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1681001314,
-        "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=",
+        "lastModified": 1685840432,
+        "narHash": "sha256-VJIbiKsY7Xy4E4WcgwUt/UiwYDmN5BAk8tngAjcWsqY=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4",
+        "rev": "961e99baaaa57f5f7042fe7ce089a88786c839f4",
         "type": "github"
       },
       "original": {
@@ -890,11 +890,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685446848,
-        "narHash": "sha256-vEU1jynjDXwOJESHeJyABqbY/Y+DoihZq9iDVtYgrMg=",
+        "lastModified": 1685943944,
+        "narHash": "sha256-GpaQwOkvwkmSWxvWaZqbMKyyOSaBAwgdEcHCqLW/240=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "b6114e214e5b546c4cceccd33ee6b72294a76b60",
+        "rev": "122dcc32cadf14c5015aa021fae8882c5058263a",
         "type": "github"
       },
       "original": {
@@ -1066,11 +1066,11 @@
     },
     "nixpkgs_22-11": {
       "locked": {
-        "lastModified": 1685650716,
-        "narHash": "sha256-sDd7QIcMbIb37nuqMrJElvuyE5eVgWuKGtIPP8IWwCc=",
+        "lastModified": 1685883127,
+        "narHash": "sha256-zPDaPNrAtBnO24rNqjHLINHsqTdRbgWy1c/TL3EdwlM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f7c1500e2eefa58f3c80dd046cba256e10440201",
+        "rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
         "type": "github"
       },
       "original": {
@@ -1098,11 +1098,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1685693126,
-        "narHash": "sha256-Q+fZjmYsFYOjOB8RFRkOqQj09tJa4pVh8qaZCYmsw1o=",
+        "lastModified": 1685967306,
+        "narHash": "sha256-SK2w2I7CgnVY2vRSfhl0yRMeAjn6SKpUDla9+yMbW6s=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b49720ccd2ca03ef35e213ebd43bd57c7eb83fa7",
+        "rev": "09720cc41f0dad446f119e3a6259c640d4b33003",
         "type": "github"
       },
       "original": {
@@ -1114,11 +1114,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1685168767,
-        "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=",
+        "lastModified": 1685655444,
+        "narHash": "sha256-6EujQNAeaUkWvpEZZcVF8qSfQrNVWFNNGbUJxv/A5a8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262",
+        "rev": "e635192892f5abbc2289eaac3a73cdb249abaefd",
         "type": "github"
       },
       "original": {
@@ -1198,11 +1198,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1685708456,
-        "narHash": "sha256-3zKQMUJhAK19NIzWyLBn3ggEsMtgamVd7l0+PWtFYEM=",
+        "lastModified": 1685952940,
+        "narHash": "sha256-TbdzFY9Dqo5+PHh0tBgsSG2MBL3cl+oEs+CdI8KPFJ8=",
         "owner": "pta2002",
         "repo": "nixvim",
-        "rev": "1f285df66498952c9b1315fdc591c0c3e1d3b5f1",
+        "rev": "fce6a33488906097f158ec2fc2b7c2952728a451",
         "type": "github"
       },
       "original": {
@@ -1213,11 +1213,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1685699083,
-        "narHash": "sha256-EqgVvQLjMuXMU0yiSRoCZZnnU8ATWdd8vWzWOBAeT4M=",
+        "lastModified": 1686033919,
+        "narHash": "sha256-eSkt/vmE7M0eg9Xd2OEpJHWXNZSn3CjgnKJdOtEw8Bc=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "7dbd5a6621059db78edd523eb1da98252d96b23d",
+        "rev": "30bca189f3a02281d51db0be0d537825b02059ca",
         "type": "github"
       },
       "original": {
@@ -1282,11 +1282,11 @@
         "nixpkgs-stable": "nixpkgs-stable_3"
       },
       "locked": {
-        "lastModified": 1684842236,
-        "narHash": "sha256-rYWsIXHvNhVQ15RQlBUv67W3YnM+Pd+DuXGMvCBq2IE=",
+        "lastModified": 1685361114,
+        "narHash": "sha256-4RjrlSb+OO+e1nzTExKW58o3WRwVGpXwj97iCta8aj4=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "61e567d6497bc9556f391faebe5e410e6623217f",
+        "rev": "ca2fdbf3edda2a38140184da6381d49f8206eaf4",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 0b658d3..03c7b99 100644
--- a/flake.nix
+++ b/flake.nix
@@ -74,7 +74,7 @@
       apply-local = pkgs.writeShellScriptBin "apply-local" ''
         "${
           colmena.packages.${system}.colmena
-        }"/bin/colmena apply-local --sudo $@
+        }"/bin/colmena apply-local --sudo --keep-result $@
       '';
 
       fast-repl = pkgs.writeShellScriptBin "fast-repl" ''

From 5fbe66803d717a3ec88c0dcc78d1c051c77290e4 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 6 Jun 2023 10:13:26 +0200
Subject: [PATCH 06/15] more loopback dns

---
 nixos/hosts/hades/dns/configuration.nix   | 4 ++++
 nixos/hosts/hades/nginx/configuration.nix | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/nixos/hosts/hades/dns/configuration.nix b/nixos/hosts/hades/dns/configuration.nix
index 84fb9e1..8dfdf95 100644
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@@ -22,6 +22,8 @@
     local-zone = [
       "xirion.net typetransparent"
       "o.xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
+      "g.xirion.net typetransparent"
       "fedi-media.xirion.net typetransparent"
       "hades.xirion.net typetransparent"
       "requests.xirion.net typetransparent"
@@ -33,6 +35,8 @@
       ''"xirion.net A 192.168.0.122"''
       ''"hades.xirion.net A 192.168.0.122"''
       ''"o.xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
+      ''"g.xirion.net A 192.168.0.122"''
       ''"fedi-media.xirion.net A 192.168.0.122"''
       ''"requests.xirion.net A 192.168.0.122"''
       ''"ha.xirion.net A 192.168.0.122"''
diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix
index 343dd1d..6f618d1 100644
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@@ -36,7 +36,7 @@ in {
     recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedBrotliSettings = true;
-    clientMaxBodySize = "500m";
+    clientMaxBodySize = "1024m";
 
     package = pkgs.nginxMainline;
 

From 38d2e2f064242a4d1d2779fe2678d39186ca6209 Mon Sep 17 00:00:00 2001
From: Victor Roest <victor@xirion.net>
Date: Tue, 6 Jun 2023 10:13:42 +0200
Subject: [PATCH 07/15] fix

---
 nixos/common/default.nix                | 2 +-
 nixos/hosts/hades/dns/configuration.nix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/common/default.nix b/nixos/common/default.nix
index f07a0f8..e2bf725 100644
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@@ -77,7 +77,7 @@
   nixpkgs.config.allowUnfree = true;
 
   nixpkgs.config.permittedInsecurePackages =
-    [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ];
+    [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" "openssl-1.1.1u" ];
 
   # Limit the systemd journal to 100 MB of disk or the
   # last 7 days of logs, whichever happens first.
diff --git a/nixos/hosts/hades/dns/configuration.nix b/nixos/hosts/hades/dns/configuration.nix
index 84fb9e1..72e0c10 100644
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@@ -21,6 +21,7 @@
   services.unbound.settings.server = {
     local-zone = [
       "xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
       "o.xirion.net typetransparent"
       "fedi-media.xirion.net typetransparent"
       "hades.xirion.net typetransparent"
@@ -31,6 +32,7 @@
 
     local-data = [
       ''"xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
       ''"hades.xirion.net A 192.168.0.122"''
       ''"o.xirion.net A 192.168.0.122"''
       ''"fedi-media.xirion.net A 192.168.0.122"''

From 6f16efd9cde0bdfd0d3fb2eec121d96363c629e0 Mon Sep 17 00:00:00 2001
From: Victor Roest <victor@xirion.net>
Date: Wed, 7 Jun 2023 11:34:57 +0200
Subject: [PATCH 08/15] update flake

---
 flake.lock                                  | 30 ++++++++++-----------
 nixos/pkgs/vscode-extensions/platformio.nix |  2 +-
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/flake.lock b/flake.lock
index f6d90af..fc56a43 100644
--- a/flake.lock
+++ b/flake.lock
@@ -131,11 +131,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1680733215,
-        "narHash": "sha256-5HNH/Lqj8OU/piH3tvPRkINXHHkt6bRp0QYYR4xOybE=",
+        "lastModified": 1686077956,
+        "narHash": "sha256-zkkjqU5NZipqakDfPSve85ljyZJ8aQtfk9mPkJ+w3IE=",
         "owner": "nix-community",
         "repo": "comma",
-        "rev": "ef97634016d17cc8cdea396ebcc002320494391a",
+        "rev": "59a88b9b86bc35ee6c5ec02fab6819ad68bdaa3f",
         "type": "github"
       },
       "original": {
@@ -695,11 +695,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685999310,
-        "narHash": "sha256-gaRMZhc7z4KeU/xS3IWv3kC+WhVcAXOLXXGKLe5zn1Y=",
+        "lastModified": 1686126776,
+        "narHash": "sha256-cgomr+NMvIS9ov6OpwPFfnmwfzEisukjodQ+ZJy4YzE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "28614ed7a1e3ace824c122237bdc0e5e0b62c5c3",
+        "rev": "3512a6dafb7836cfceef00dcb29ce6f01c2ce280",
         "type": "github"
       },
       "original": {
@@ -1066,11 +1066,11 @@
     },
     "nixpkgs_22-11": {
       "locked": {
-        "lastModified": 1685883127,
-        "narHash": "sha256-zPDaPNrAtBnO24rNqjHLINHsqTdRbgWy1c/TL3EdwlM=",
+        "lastModified": 1686035213,
+        "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
+        "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c",
         "type": "github"
       },
       "original": {
@@ -1098,11 +1098,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1685967306,
-        "narHash": "sha256-SK2w2I7CgnVY2vRSfhl0yRMeAjn6SKpUDla9+yMbW6s=",
+        "lastModified": 1686025136,
+        "narHash": "sha256-yd/Lr6RjjeyF7PpA+TpFT4E5LZeDyiMLVJUXIWxB4Rs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "09720cc41f0dad446f119e3a6259c640d4b33003",
+        "rev": "22467e240f390f029d6c745ce031f0ffbdc40916",
         "type": "github"
       },
       "original": {
@@ -1213,11 +1213,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1686033919,
-        "narHash": "sha256-eSkt/vmE7M0eg9Xd2OEpJHWXNZSn3CjgnKJdOtEw8Bc=",
+        "lastModified": 1686127382,
+        "narHash": "sha256-iFyvwOxYlTt23ttL2jdyBFSfcE752hPNu7zc4m7QSXY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "30bca189f3a02281d51db0be0d537825b02059ca",
+        "rev": "f774a40d3b542d2d5e0fc5cdc09136f0b4cb11c8",
         "type": "github"
       },
       "original": {
diff --git a/nixos/pkgs/vscode-extensions/platformio.nix b/nixos/pkgs/vscode-extensions/platformio.nix
index 98d5d7c..90367dc 100644
--- a/nixos/pkgs/vscode-extensions/platformio.nix
+++ b/nixos/pkgs/vscode-extensions/platformio.nix
@@ -5,7 +5,7 @@ in buildVscodeMarketplaceExtension {
     name = "platformio-ide";
     publisher = "platformio";
     version = "3.1.1";
-    sha256 = "sha256-fwEct7Tj8bfTOLRozSZJGWoLzWRSvYz/KxcnfpO8Usg=";
+    sha256 = "sha256-g9yTG3DjVUS2w9eHGAai5LoIfEGus+FPhqDnCi4e90Q=";
     # sha256 = lib.fakeSha256;
   };
 }

From 224cd28112e92149914d92d053df6b49ed3876b1 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Wed, 7 Jun 2023 14:03:42 +0200
Subject: [PATCH 09/15] add docker runner;

---
 .forgejo/workflows/test.yml              | 12 ++++++++++++
 flake.nix                                |  2 +-
 nixos/hosts/olympus/ci/configuration.nix |  9 +++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 .forgejo/workflows/test.yml

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
new file mode 100644
index 0000000..8dd9abe
--- /dev/null
+++ b/.forgejo/workflows/test.yml
@@ -0,0 +1,12 @@
+name: Testing
+
+on: [push]
+
+jobs:
+  lint:
+    runs-on: docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: ls -l
+      - run: uname -a
+
diff --git a/flake.nix b/flake.nix
index 03c7b99..0b658d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -74,7 +74,7 @@
       apply-local = pkgs.writeShellScriptBin "apply-local" ''
         "${
           colmena.packages.${system}.colmena
-        }"/bin/colmena apply-local --sudo --keep-result $@
+        }"/bin/colmena apply-local --sudo $@
       '';
 
       fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
diff --git a/nixos/hosts/olympus/ci/configuration.nix b/nixos/hosts/olympus/ci/configuration.nix
index d316189..f0c7df5 100644
--- a/nixos/hosts/olympus/ci/configuration.nix
+++ b/nixos/hosts/olympus/ci/configuration.nix
@@ -40,6 +40,15 @@ in {
   };
 
   services.gitea-actions-runner.instances = {
+    runner_1 = {
+      name = "runner_1";
+      enable = true;
+      labels = [
+        "docker:docker://node:16-bullseye"
+      ];
+      url = "https://git.0x76.dev";
+      tokenFile = "${vs.gitea_runner}/token_runner_1";
+    };
     nix-native = {
       enable = true;
       name = "nix-native";

From 8288611ef9a437b16baedc5ab6800d9fba5669ce Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate@xirion.net>
Date: Wed, 7 Jun 2023 22:00:24 +0000
Subject: [PATCH 10/15] chore(deps): update renovate/renovate docker tag to
 v35.114.2

---
 flux/olympus/apps/services/renovate/cronjob.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flux/olympus/apps/services/renovate/cronjob.yaml b/flux/olympus/apps/services/renovate/cronjob.yaml
index e533e88..6f4a40f 100644
--- a/flux/olympus/apps/services/renovate/cronjob.yaml
+++ b/flux/olympus/apps/services/renovate/cronjob.yaml
@@ -19,7 +19,7 @@ spec:
               emptyDir: {}
           containers:
             - name: renovate
-              image: renovate/renovate:35.110.1
+              image: renovate/renovate:35.114.2
               volumeMounts:
                 - name: config-volume
                   mountPath: /opt/renovate/

From 1403a1b2c020c998bec4eda1b2ca83e8d2eb4432 Mon Sep 17 00:00:00 2001
From: v <victor@xirion.net>
Date: Thu, 8 Jun 2023 09:58:00 +0200
Subject: [PATCH 11/15] Nix CI (#176)

Co-authored-by: Victor <victor@xirion.net>
Reviewed-on: https://git.0x76.dev/v/infrastructure/pulls/176
---
 .forgejo/workflows/nix.yml  | 20 ++++++++++++++++++++
 .forgejo/workflows/test.yml | 12 ------------
 flake.lock                  | 18 +++++++++---------
 3 files changed, 29 insertions(+), 21 deletions(-)
 create mode 100644 .forgejo/workflows/nix.yml
 delete mode 100644 .forgejo/workflows/test.yml

diff --git a/.forgejo/workflows/nix.yml b/.forgejo/workflows/nix.yml
new file mode 100644
index 0000000..f00297f
--- /dev/null
+++ b/.forgejo/workflows/nix.yml
@@ -0,0 +1,20 @@
+name: Nix
+
+on: [push]
+
+jobs:
+  lint:
+    runs-on: docker
+    env:
+    container:
+      image: ghcr.io/catthehacker/ubuntu:js-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: https://github.com/cachix/install-nix-action@v20
+        env:
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - name: Run `nix flake check`
+        run: |
+          sed -i '/^access-tokens/ d' /etc/nix/nix.conf
+          nix run '.#' -- -V
diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
deleted file mode 100644
index 8dd9abe..0000000
--- a/.forgejo/workflows/test.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-name: Testing
-
-on: [push]
-
-jobs:
-  lint:
-    runs-on: docker
-    steps:
-      - uses: actions/checkout@v3
-      - run: ls -l
-      - run: uname -a
-
diff --git a/flake.lock b/flake.lock
index fc56a43..7e13dd7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -695,11 +695,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686126776,
-        "narHash": "sha256-cgomr+NMvIS9ov6OpwPFfnmwfzEisukjodQ+ZJy4YzE=",
+        "lastModified": 1686142265,
+        "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3512a6dafb7836cfceef00dcb29ce6f01c2ce280",
+        "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
         "type": "github"
       },
       "original": {
@@ -1098,11 +1098,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1686025136,
-        "narHash": "sha256-yd/Lr6RjjeyF7PpA+TpFT4E5LZeDyiMLVJUXIWxB4Rs=",
+        "lastModified": 1686131476,
+        "narHash": "sha256-d/VZjsgW7dBwqN77EcQ4HqQifpATkT5WnCvYbovIhf0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "22467e240f390f029d6c745ce031f0ffbdc40916",
+        "rev": "32d8e07a8ea673bc9b8c0f8106fb0b776c6ea6a8",
         "type": "github"
       },
       "original": {
@@ -1213,11 +1213,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1686127382,
-        "narHash": "sha256-iFyvwOxYlTt23ttL2jdyBFSfcE752hPNu7zc4m7QSXY=",
+        "lastModified": 1686143635,
+        "narHash": "sha256-BmsQRuHNoOIQl9Zv/aettlJUt366HoRW1xQnI8n3C64=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "f774a40d3b542d2d5e0fc5cdc09136f0b4cb11c8",
+        "rev": "b54d94d6eb99231590921225e1601705b97aa968",
         "type": "github"
       },
       "original": {

From 3201b153fd7a849d7a0924765bc24ad150651a36 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Thu, 8 Jun 2023 10:30:49 +0200
Subject: [PATCH 12/15] flake update

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7e13dd7..4b165c2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -695,11 +695,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686142265,
-        "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
+        "lastModified": 1686168915,
+        "narHash": "sha256-zV5lh3PGKcI8W7+5bXSRsCetfsi6x10Xvojpk5HAQHU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
+        "rev": "cc6745b35fefe48624ebf573382e1e0e4a6fe85e",
         "type": "github"
       },
       "original": {
@@ -1198,11 +1198,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1685952940,
-        "narHash": "sha256-TbdzFY9Dqo5+PHh0tBgsSG2MBL3cl+oEs+CdI8KPFJ8=",
+        "lastModified": 1686210684,
+        "narHash": "sha256-dlQDXx0P/MmiBOhJ733AyD0+ym7U7Pe080gIBSgFK0E=",
         "owner": "pta2002",
         "repo": "nixvim",
-        "rev": "fce6a33488906097f158ec2fc2b7c2952728a451",
+        "rev": "ab8377f319a2d84026244bf81b3b3f8e49c2a518",
         "type": "github"
       },
       "original": {
@@ -1213,11 +1213,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1686143635,
-        "narHash": "sha256-BmsQRuHNoOIQl9Zv/aettlJUt366HoRW1xQnI8n3C64=",
+        "lastModified": 1686210105,
+        "narHash": "sha256-hA1NWUCfZHmZcUaLP7R8rDHp4ssZI1CbreGMol5vKqM=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "b54d94d6eb99231590921225e1601705b97aa968",
+        "rev": "dd2b073a0d02c76e1b22d6f017675522464642fb",
         "type": "github"
       },
       "original": {

From a19ada3331d5c4e92898334618d2affa3612f853 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Thu, 8 Jun 2023 16:46:19 +0200
Subject: [PATCH 13/15] hopefully fixes #173

---
 .../olympus/mailserver/configuration.nix      | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix
index edce9cb..de6a879 100644
--- a/nixos/hosts/olympus/mailserver/configuration.nix
+++ b/nixos/hosts/olympus/mailserver/configuration.nix
@@ -27,20 +27,32 @@ in {
   mailserver = {
     enable = true;
     fqdn = "mail.0x76.dev";
-    domains = [ "0x76.dev" "meowy.tech" ];
+    domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
     certificateScheme = "acme-nginx";
+    enableManageSieve = true;
 
     loginAccounts = {
       # People
       "v@0x76.dev" = {
         hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
-        aliases =
-          [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
+        catchAll = [ "xirion.net" "0x76.dev" ];
+        aliases = [
+          "postmaster@0x76.dev"
+          "abuse@0x76.dev"
+
+          "v@meowy.tech"
+          "abuse@meowy.tech"
+          "postmaster@meowy.tech"
+
+          "@xirion.net"
+          "@0x76.dev"
+        ];
       };
       "laura@meowy.tech" = {
         hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
         aliases = [ "lau@meowy.tech" ];
       };
+
       # Services
       "gitea@0x76.dev" = {
         hashedPasswordFile = "${vs.mailserver}/gitea@0x76.dev";
@@ -82,6 +94,7 @@ in {
       pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
     plugins = [
       "archive"
+      "managesieve"
       # "enigma"
       # "markasjunk"
       "persistent_login"

From bf5c22306818913b1f864d1f897a08d26257dc61 Mon Sep 17 00:00:00 2001
From: v <victor@xirion.net>
Date: Thu, 8 Jun 2023 16:53:41 +0200
Subject: [PATCH 14/15] Update '.forgejo/workflows/nix.yml'

---
 .forgejo/workflows/nix.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.forgejo/workflows/nix.yml b/.forgejo/workflows/nix.yml
index f00297f..c8abaec 100644
--- a/.forgejo/workflows/nix.yml
+++ b/.forgejo/workflows/nix.yml
@@ -1,7 +1,5 @@
 name: Nix
 
-on: [push]
-
 jobs:
   lint:
     runs-on: docker

From 2ec7f547f723fef0321af644b9f113a82be62ec8 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Thu, 8 Jun 2023 16:53:56 +0200
Subject: [PATCH 15/15] mail: enable monitoring

---
 nixos/hosts/olympus/mailserver/configuration.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix
index de6a879..e5fa5eb 100644
--- a/nixos/hosts/olympus/mailserver/configuration.nix
+++ b/nixos/hosts/olympus/mailserver/configuration.nix
@@ -31,6 +31,11 @@ in {
     certificateScheme = "acme-nginx";
     enableManageSieve = true;
 
+    monitoring = {
+      alertAddress = "v@0x76.dev";
+      enable = true;
+    };
+
     loginAccounts = {
       # People
       "v@0x76.dev" = {