(mostly) update inputs

also add rz-ghidra, fix fdroid update script, and some other stuff
2023-07-12 03:26:50 +07:00 · 2023-07-12 03:26:50 +07:00 · 64ff8be357
parent f99ae26285
commit 64ff8be357
22 changed files with 313 additions and 166 deletions
--- a/flake.lock
+++ b/flake.lock
@ -69,11 +69,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1675933616,
+        "lastModified": 1688254665,
-        "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
+        "narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
+        "rev": "267149c58a14d15f7f81b4d737308421de9d7152",
        "type": "github"
      },
      "original": {
@ -83,21 +83,6 @@
      }
    },
    "flake-utils": {
      "locked": {
        "lastModified": 1678901627,
        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems"
      },
@ -122,11 +107,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1686391840,
+        "lastModified": 1688999869,
-        "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
+        "narHash": "sha256-gLD2UI6+Nb9JV5Wh4FnLHAZwLMiY11RHYBKmBZCxLXc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
+        "rev": "a6d1d954b81caf4c9291b8ac35452fef842f289b",
        "type": "github"
      },
      "original": {
@ -153,17 +138,16 @@
    "maubot": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1687853065,
+        "lastModified": 1688069522,
-        "narHash": "sha256-HNq95YrJm8ng7lSdGbyDCihgrS6xhQm6Agyej6ttmGg=",
+        "narHash": "sha256-yvn2wt2AY0u4NElWffiJrrtNEj14lBLlIyvDOmP72Qw=",
        "owner": "chayleaf",
        "repo": "maubot.nix",
-        "rev": "f06cffda880a0a403a3b4c40263a03dd2523775b",
+        "rev": "d90b8eebe37c4382d2588e94a6bc721ca6e5f476",
        "type": "github"
      },
      "original": {
@ -180,11 +164,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1686489662,
+        "lastModified": 1688951979,
-        "narHash": "sha256-kEuKsjWoFm3EeeiSwqHlUyV1wTxJu6/kfzrhuIwaIEQ=",
+        "narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "b32aeea96b838977a27804ba6a2cf2188f4b16af",
+        "rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2",
        "type": "github"
      },
      "original": {
@ -195,11 +179,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1686452266,
+        "lastModified": 1689060619,
-        "narHash": "sha256-zLKiX0iu6jZFeZDpR1gE6fNyMr8eiM8GLnj9SoUCjFs=",
+        "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "2a807ad6e8dc458db08588b78cc3c0f0ec4ff321",
+        "rev": "44bc025007e5fcc10dbc3d9f96dcbf06fc0e8c1c",
        "type": "github"
      },
      "original": {
@ -218,14 +202,15 @@
        "nixpkgs-22_11": [
          "nixpkgs"
        ],
        "nixpkgs-23_05": "nixpkgs-23_05",
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1686468558,
+        "lastModified": 1688586836,
-        "narHash": "sha256-K69Ojlx3N8I6tRTZsrKFMIqK4yrnJ6/PjfKZi3wchYg=",
+        "narHash": "sha256-5uLYGa+8lysS1X5ehdU3ewmrMIG8p9+qS7yJ0LyhMHs=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "290d00f6db4e80467013728819ad73dd4a394d9a",
+        "rev": "d460e9ff62ea1238fb3348a87326b743ae177902",
        "type": "gitlab"
      },
      "original": {
@ -241,11 +226,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687589315,
+        "lastModified": 1689016040,
-        "narHash": "sha256-yHeWC/6OatjLN56VfCw1gjnzZd++uyYIkJBbDckWj/E=",
+        "narHash": "sha256-g2K2WD6wK6lMkV+fjSKfLLapv8nm+XimX+8tB7xh6hc=",
        "owner": "chayleaf",
        "repo": "nixos-router",
-        "rev": "b28e10ec8d247babd9ff461bb14725e504d3badf",
+        "rev": "6078d93845b70656cfdd0b3932ac7215f6c527c1",
        "type": "github"
      },
      "original": {
@ -256,11 +241,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1686412476,
+        "lastModified": 1689008574,
-        "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
+        "narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "21951114383770f96ae528d0ae68824557768e81",
+        "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
        "type": "github"
      },
      "original": {
@ -270,14 +255,29 @@
        "type": "github"
      }
    },
    "nixpkgs-23_05": {
      "locked": {
        "lastModified": 1684782344,
        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-23.05",
        "type": "indirect"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1675183161,
+        "lastModified": 1688049487,
-        "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
+        "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
+        "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
        "type": "github"
      },
      "original": {
@ -295,11 +295,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1685774289,
+        "lastModified": 1688049338,
-        "narHash": "sha256-7NXZ2S2FZzYW8lvX+zZ7x3wwCpjMLVK2tNL/u6JdSeE=",
+        "narHash": "sha256-HRWFIl2UY6wVUc/xJh3kKX/Nb3kTm33e39ZO7MnY+x0=",
        "owner": "chayleaf",
        "repo": "notlua",
-        "rev": "12e810bf2c571ae80ae4fda4f8c63e40b8f9b392",
+        "rev": "1582e95567c13d5bf103e035a7cd18ce901b5186",
        "type": "github"
      },
      "original": {
@ -315,11 +315,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687562693,
+        "lastModified": 1688609524,
-        "narHash": "sha256-imxVKPmthtrMq5RFst8IfdbnDPy4sEeln2lo9374W4o=",
+        "narHash": "sha256-Wqzk7qgiyGBZhy9PU0IIlaqnt3JCCOoxgS2/ZiGMtTc=",
        "owner": "chayleaf",
        "repo": "notnft",
-        "rev": "f090546a7c190557c2081129b7e49a595f2ab76f",
+        "rev": "442ec56617084bcc1b310cacb2e22e2c83bb6e3f",
        "type": "github"
      },
      "original": {
@ -330,11 +330,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1686488164,
+        "lastModified": 1689062700,
-        "narHash": "sha256-DGfmD8ZCu9Xp0rB1tUct8FNlvz/orRr30DXeI9+fnPU=",
+        "narHash": "sha256-uUD+KBJfX8kLALpB8cvIgSZ/xGWS34zBRbSlWsIyx80=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "daf7100b6147114c5f0a68583ba50e15d82e9788",
+        "rev": "7d0ac0daa6e05b6619f9172be4f05f785882dfaa",
        "type": "github"
      },
      "original": {
@ -362,17 +362,17 @@
    },
    "rust-overlay": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1686450923,
+        "lastModified": 1689042658,
-        "narHash": "sha256-a7B9VT2NHJWRCerHmZagAXu3z2QHJKhxUhzjh5vAnXU=",
+        "narHash": "sha256-p7cQAFNt5kX19sZvK74CmY0nTrtujpZg6sZUiV1ntAk=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "4b3cb15179af3b8d640a29fa85cc9f332b4123e6",
+        "rev": "d7181bb2237035df17cab9295c95f987f5c527e6",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -196,7 +196,7 @@
                }
                ({ config, pkgs, lib, ...}: {
                  nixpkgs.overlays = [ overlay ];
-                  nix.package = lib.mkDefault pkgs.nixFlakes;
+                  nix.package = lib.mkDefault pkgs.nixForNixPlugins;
                  # this is only needed if nixos doesnt set plugin-files already
                  /*nix.extraOptions = ''
                    plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
@ -251,7 +251,7 @@
                      (getPrivUser hostname user)
                      ({ config, pkgs, lib, ... }: {
                        nixpkgs.overlays = [ overlay ];
-                        nix.package = lib.mkDefault pkgs.nixFlakes;
+                        nix.package = lib.mkDefault pkgs.nixForNixPlugins;
                        # this is only needed if nixos doesnt set plugin-files already
                        /*nix.extraOptions = ''
                          plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
--- a/home/common/firefox.nix
+++ b/home/common/firefox.nix
@ -45,7 +45,6 @@
          cookies-txt
          don-t-fuck-with-paste
          greasemonkey
          i-dont-care-about-cookies
          keepassxc-browser
          libredirect
          localcdn
--- a/home/common/i3-sway.nix
+++ b/home/common/i3-sway.nix
@ -255,7 +255,10 @@ in
          { app_id = "nheko"; }
        ];
        "3" = [{ app_id = "org.keepassxc.KeePassXC"; }];
-        "4" = [{ class = "Steam"; }];
+        "4" = [
          { class = "Steam"; }
          { class = "steam"; }
        ];
      };
      keybindings = genKeybindings options.wayland.windowManager.sway (with pkgs.sway-contrib;
      /*let
--- a/home/common/nvim.nix
+++ b/home/common/nvim.nix
@ -93,7 +93,7 @@
      rust-analyzer
      nodePackages_latest.bash-language-server shellcheck
      nodePackages_latest.typescript-language-server
-      nodePackages_latest.svelte-language-server
+      # nodePackages_latest.svelte-language-server
      clang-tools_latest
      nodePackages_latest.vscode-langservers-extracted
      nil
--- a/home/common/zsh.nix
+++ b/home/common/zsh.nix
@ -1,11 +1,11 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 {
  programs.zsh = {
    enable = true;
    # zsh-autosuggestions
    enableAutosuggestions = true;
    # zsh-syntax-highlighting
-    enableSyntaxHighlighting = true;
+    syntaxHighlighting.enable = true;
    defaultKeymap = "viins";
    dotDir = ".config/zsh";
    history.ignoreDups = true;
--- a/home/hosts/nixmsi.nix
+++ b/home/hosts/nixmsi.nix
@ -12,10 +12,12 @@
  nix.settings = {
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
    ];
    trusted-substituters = [
      "https://cache.nixos.org"
      "https://nix-gaming.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
    ];
  };
@ -53,16 +55,17 @@
  home.sessionVariables = {
    STEAM_EXTRA_COMPAT_TOOLS_PATHS = "${pkgs.proton-ge}";
    CARGO_PROFILE_DEV_INCREMENTAL = "true";
-    RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang";
+    # RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang";
-    RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
+    # RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
    CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER = "${pkgs.clang_latest}/bin/clang";
    CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
  };
  home.packages = with pkgs; [
    mold
-    ghidra cutter
+    ghidra cutter2
    openrgb piper
    steam-run steam
    faf-client
    (osu-lazer-bin.override {
      command_prefix = "${obs-studio-plugins.obs-vkcapture}/bin/obs-gamecapture";
    })
@ -74,7 +77,7 @@
    easyeffects
    # wineWowPackages.waylandFull
    winetricks
-    protontricks # proton-caller
+    # protontricks # proton-caller
    # bottles
    virtmanager
    gimp krita blender-hip
--- a/pkgs/_sources/generated.json
+++ b/pkgs/_sources/generated.json
@ -37,39 +37,24 @@
        "pinned": false,
        "src": {
            "name": null,
-            "sha256": "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I=",
+            "sha256": "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y=",
            "type": "url",
-            "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz"
+            "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz"
        },
-        "version": "GE-Proton8-4"
+        "version": "GE-Proton8-6"
    },
    "searxng": {
        "cargoLocks": null,
-        "date": "2023-06-25",
+        "date": "2023-07-07",
        "extract": null,
        "name": "searxng",
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ=",
+            "sha256": "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI=",
            "type": "tarball",
-            "url": "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz"
+            "url": "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz"
        },
-        "version": "e8706fb738da9feb21e596f403dddb40e69c8a7b"
+        "version": "cada89ee3648de6ca5b458aeacafe6c10d5230a2"
    },
    "yomichan": {
        "cargoLocks": null,
        "date": null,
        "extract": null,
        "name": "yomichan",
        "passthru": null,
        "pinned": false,
        "src": {
            "name": null,
            "sha256": "sha256-l70wVXHEArifukDelZeoVxIyP2Crs6QZSD/kFdEml/8=",
            "type": "url",
            "url": "https://github.com/FooSoft/yomichan/releases/download/22.10.23.0/yomichan-firefox-dev.xpi"
        },
        "version": "22.10.23.0"
    }
 }
--- a/pkgs/_sources/generated.nix
+++ b/pkgs/_sources/generated.nix
@ -20,19 +20,19 @@
  };
  proton-ge = {
    pname = "proton-ge";
-    version = "GE-Proton8-4";
+    version = "GE-Proton8-6";
    src = fetchurl {
-      url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz";
+      url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz";
-      sha256 = "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I=";
+      sha256 = "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y=";
    };
  };
  searxng = {
    pname = "searxng";
-    version = "e8706fb738da9feb21e596f403dddb40e69c8a7b";
+    version = "cada89ee3648de6ca5b458aeacafe6c10d5230a2";
    src = fetchTarball {
-      url = "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz";
+      url = "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz";
-      sha256 = "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ=";
+      sha256 = "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI=";
    };
-    date = "2023-06-25";
+    date = "2023-07-07";
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -12,9 +12,13 @@ let
 in
 {
-  osu-lazer-bin = nix-gaming.osu-lazer-bin;
+  inherit (nix-gaming) faf-client osu-lazer-bin;
  nixForNixPlugins = pkgs.nixVersions.nix_2_16;
  clang-tools_latest = pkgs.clang-tools_16;
  clang_latest = pkgs.clang_16;
  steam-run = pkgs.steam-run.overrideAttrs (old: {
    multiArch = true;
  });
  home-daemon = callPackage ./home-daemon { };
  /*ghidra = pkgs.ghidra.overrideAttrs (old: {
    patches = old.patches ++ [ ./ghidra-stdcall.patch ];
@ -31,6 +35,10 @@ in
      fetchSubmodules = true;
    };
  });
  kvmfrOverlay = pkgs.linuxPackages_latest.kvmfr.overrideAttrs (old: {
    inherit (pkgs'.looking-glass-client) version src;
    patches = [ ./kvmfr-linux6_4.patch ];
  });
  pineapplebot = callPackage ./pineapplebot.nix { };
  proton-ge = pkgs.stdenvNoCC.mkDerivation {
    inherit (sources.proton-ge) pname version src;
@ -88,4 +96,10 @@ in
      CONFIG_AIRTIME_POLICY=y
    '';
  });
  cutter2 = pkgs.callPackage ./rizin/wrapper.nix {
    unwrapped = pkgs.cutter;
  } [ (pkgs.libsForQt5.callPackage ./rizin/rz-ghidra.nix {
    enableCutterPlugin = true;
  }) ];
 } // (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; })
--- a/pkgs/kvmfr-linux6_4.patch
+++ b/pkgs/kvmfr-linux6_4.patch
@ -0,0 +1,16 @@
 diff --git a/kvmfr.c b/kvmfr.c
 index 121aae5b..2f4c9e1a 100644
 --- a/kvmfr.c
 +++ b/kvmfr.c
@@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void)
   if (kvmfr->major < 0)
     goto out_free;
 +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
   kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME);
 +#else
 +  kvmfr->pClass = class_create(KVMFR_DEV_NAME);
 +#endif
   if (IS_ERR(kvmfr->pClass))
     goto out_unreg;
--- a/pkgs/rizin/rz-ghidra.nix
+++ b/pkgs/rizin/rz-ghidra.nix
@ -0,0 +1,54 @@
 { lib
 , stdenv
 , fetchFromGitHub
 , cmake
 # buildInputs
 , rizin
 , openssl
 , pugixml
 # optional buildInputs
 , enableCutterPlugin ? true
 , cutter
 , qtbase
 , qtsvg
 }:
 stdenv.mkDerivation rec {
  pname = "rz-ghidra";
  version = "0.5.0";
  src = fetchFromGitHub {
    owner = "rizinorg";
    repo = "rz-ghidra";
    rev = "v${version}";
    hash = "sha256-2QQEj4TIBmiZgbb66R7q6iEp2WitUc8Ui6Nr71JelXs=";
    fetchSubmodules = true;
  };
  nativeBuildInputs = [ cmake ];
  buildInputs = [
    openssl
    pugixml
    rizin
  ] ++ lib.optionals enableCutterPlugin [
    cutter
    qtbase
    qtsvg
  ];
  dontWrapQtApps = true;
  cmakeFlags = [
    "-DUSE_SYSTEM_PUGIXML=ON"
  ] ++ lib.optionals enableCutterPlugin [
    "-DBUILD_CUTTER_PLUGIN=ON"
    "-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native"
  ];
  meta = with lib; {
    description = "Deep ghidra decompiler and sleigh disassembler integration for rizin";
    homepage = src.meta.homepage;
    license = licenses.lgpl3;
    maintainers = with maintainers; [ chayleaf ];
  };
 }
--- a/pkgs/rizin/wrapper.nix
+++ b/pkgs/rizin/wrapper.nix
@ -0,0 +1,29 @@
 { makeWrapper
 , symlinkJoin
 , unwrapped
 }:
 plugins:
 symlinkJoin {
  name = "cutter-with-plugins";
  paths = [ unwrapped ] ++ plugins;
  nativeBuildInputs = [ makeWrapper ];
  passthru = {
    inherit unwrapped;
  };
  postBuild = ''
    rm $out/bin/*
    wrapperArgs=(--set RZ_LIBR_PLUGINS $out/lib/rizin/plugins)
    if [ -d $out/share/rizin/cutter ]; then
      wrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share)
    fi
    for binary in $(ls ${unwrapped}/bin); do
      makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}"
    done
  '';
 }
--- a/system/hosts/nixmsi.nix
+++ b/system/hosts/nixmsi.nix
@ -45,7 +45,9 @@
  #   zen619.configuration.boot.kernelPackages = zenKernelPackages "6.1.9" "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv";
  # };
-  nixpkgs.config.allowUnfreePredicate = pkg: (lib.getName pkg) == "steam-original";
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "steam-original"
  ];
  hardware = {
    steam-hardware.enable = true;
    opengl.driSupport32Bit = true;
@ -111,23 +113,50 @@
    games.matchers = [ "osu!" ];
  };
-  common.workstation = true;
+  common.minimal = false;
  common.gettyAutologin = true;
  # programs.firejail.enable = true;
  # doesn't work:
  # programs.wireshark.enable = true;
-  # users.groups.wireshark.members = [ config.common.mainUsername"];
+  # users.groups.wireshark.members = [ config.common.mainUsername ];
  services.printing.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
    # from nix-gaming
-  services.pipewire.lowLatency = {
+    lowLatency = {
      enable = true;
      # 96 is mostly fine but has some xruns
      # 128 has xruns every now and then too, but is overall fine
      quantum = 128;
      rate = 48000;
    };
  };
  security.polkit.enable = true;
  security.rtkit.enable = true;
  services.dbus.enable = true;
  programs.sway.enable = true;
  xdg.portal = {
    enable = true;
    extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
  };
  programs.ccache.enable = true;
  services.sshd.enable = true;
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  nix.settings.trusted-users = [ "root" config.common.mainUsername ];
  services.udev.packages = [
    pkgs.android-udev-rules
  ];
  environment.systemPackages = with pkgs; [
    comma
    neovim
    man-pages man-pages-posix
  ];
  documentation.dev.enable = true;
 }
--- a/system/hosts/nixserver/default.nix
+++ b/system/hosts/nixserver/default.nix
@ -296,7 +296,7 @@ in {
  services.nextcloud = {
    enable = true;
    enableBrokenCiphersForSSE = false;
-    package = pkgs.nextcloud26;
+    package = pkgs.nextcloud27;
    autoUpdateApps.enable = true;
    # TODO: use socket auth and remove the next line
    database.createLocally = false;
@ -319,6 +319,13 @@ in {
    '' ];
  };
  systemd.services.pleroma.path = [ pkgs.exiftool pkgs.gawk ];
  systemd.services.pleroma.serviceConfig = {
    Restart = "on-failure";
  };
  systemd.services.pleroma.unitConfig = {
    StartLimitIntervalSec = 60;
    StartLimitBurst = 3;
  };
  services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
    enableACME = true;
    forceSSL = true;
--- a/system/hosts/nixserver/fdroid.nix
+++ b/system/hosts/nixserver/fdroid.nix
@ -10,6 +10,7 @@ in {
  ];
  services.nginx.virtualHosts."${cfg.domainName}" = {
    locations."/fdroid/".alias = "/var/lib/fdroid/repo/";
    locations."/fdroid/repo/".alias = "/var/lib/fdroid/repo/";
  };
  users.users.fdroid = {
    home = "/var/lib/fdroid";
@ -27,7 +28,7 @@ in {
    serviceConfig = let
      inherit (pkgs) fdroidserver;
      fdroidScript = pkgs.writeText "update-froid.py" ''
-        import requests, subprocess, os, sys
+        import requests, subprocess, os, shutil, sys
        x = requests.get('https://api.github.com/repos/ppy/osu/releases').json()
@ -36,14 +37,15 @@ in {
                if w.get('name', "").endswith('.apk'):
                    os.chdir('/var/lib/fdroid')
                    subprocess.run(['${pkgs.wget}/bin/wget', w['browser_download_url'], '-O', '/var/tmp/lazer.apk'], check=True)
-                    os.rename('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk')
+                    shutil.move('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp')
-                    subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms'])
+                    os.rename('/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk')
                    subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms'], check=True)
                    sys.exit()
      '';
      fdroidPython = pkgs.python3.withPackages (p: with p; [ requests ]);
    in {
      Type = "oneshot";
-      ExecStart = "${fdroidPython} ${fdroidScript}";
+      ExecStart = "${fdroidPython}/bin/python3 ${fdroidScript}";
    };
    environment.JAVA_HOME = "${pkgs.jdk11_headless}";
    path = [ pkgs.jdk11_headless ];
--- a/system/hosts/nixserver/matrix.nix
+++ b/system/hosts/nixserver/matrix.nix
@ -1,5 +1,6 @@
 { config
 , lib
 , pkgs
 , ... }:
 let
@ -49,8 +50,37 @@ in {
    enable = true;
    homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
  };
-  # so synapse can read the registration
+  # TODO: remove when https://github.com/NixOS/nixpkgs/pull/242912 is merged
-  users.groups.heisenbridge.members = [ "matrix-synapse" ];
+  systemd.services.heisenbridge.preStart = let
    bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON {
      inherit (config.services.heisenbridge) namespaces; id = "heisenbridge";
      url = config.services.heisenbridge.registrationUrl; rate_limited = false;
      sender_localpart = "heisenbridge";
    });
  in lib.mkForce ''
    umask 077
    set -e -u -o pipefail
    if ! [ -f "/var/lib/heisenbridge/registration.yml" ]; then
      # Generate registration file if not present (actually, we only care about the tokens in it)
      ${config.services.heisenbridge.package}/bin/heisenbridge --generate --config /var/lib/heisenbridge/registration.yml
    fi
    # Overwrite the registration file with our generated one (the config may have changed since then),
    # but keep the tokens. Two step procedure to be failure safe
    ${pkgs.yq}/bin/yq --slurp \
      '.[0] + (.[1] | {as_token, hs_token})' \
      ${bridgeConfig} \
      /var/lib/heisenbridge/registration.yml \
      > /var/lib/heisenbridge/registration.yml.new
    mv -f /var/lib/heisenbridge/registration.yml.new /var/lib/heisenbridge/registration.yml
    # Grant Synapse access to the registration
    if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then
      chgrp -v matrix-synapse /var/lib/heisenbridge/registration.yml
      chmod -v g+r /var/lib/heisenbridge/registration.yml
    fi
  '';
  services.matrix-synapse = {
    enable = true;
--- a/system/hosts/nixserver/maubot.nix
+++ b/system/hosts/nixserver/maubot.nix
@ -53,13 +53,13 @@ in {
    server.public_url = "https://matrix.${cfg.domainName}";
  };
  services.maubot.plugins = with config.services.maubot.package.plugins; [
-    com.arachnitech.weather
+    weather
-    com.dvdgsng.maubot.urban
+    urban
-    xyz.maubot.media
+    media
-    xyz.maubot.reactbot
+    reactbot
-    xyz.maubot.reminder
+    reminder
-    xyz.maubot.translate
+    translate
-    xyz.maubot.rss
+    rss
  ];
  services.maubot.pythonPackages = [
    (pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })
--- a/system/hosts/router/default.nix
+++ b/system/hosts/router/default.nix
@ -249,18 +249,15 @@ in {
  # dnat to server, take ports from its firewall config
  router-settings.dnatRules = let
-    allTcp = server-config.networking.firewall.allowedTCPPorts;
+    inherit (server-config.networking.firewall) allowedTCPPorts allowedTCPPortRanges allowedUDPPorts allowedUDPPortRanges;
    allTcpRanges = server-config.networking.firewall.allowedTCPPortRanges;
    allUdp = server-config.networking.firewall.allowedUDPPorts;
    allUdpRanges = server-config.networking.firewall.allowedUDPPortRanges;
-    tcpAndUdp = builtins.filter (x: x != 22 && builtins.elem x allTcp) allUdp;
+    tcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPorts) allowedUDPPorts;
-    tcpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allUdp)) allTcp;
+    tcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPorts)) allowedTCPPorts;
-    udpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allTcp)) allUdp;
+    udpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPorts)) allowedUDPPorts;
-    rangesTcpAndUdp = builtins.filter (x: builtins.elem x allTcpRanges) allUdpRanges;
+    rangesTcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPortRanges) allowedUDPPortRanges;
-    rangesTcpOnly = builtins.filter (x: !(builtins.elem x allUdpRanges)) allTcpRanges;
+    rangesTcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPortRanges)) allowedTCPPortRanges;
-    rangesUdpOnly = builtins.filter (x: !(builtins.elem x allTcpRanges)) allUdpRanges;
+    rangesUdpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPortRanges)) allowedUDPPortRanges;
  in lib.optional (tcpAndUdp != [ ]) {
    port = notnft.dsl.set tcpAndUdp; tcp = true; udp = true;
    target4.address = serverAddress4; target6.address = serverAddress6;
@ -455,7 +452,6 @@ in {
        # allow dnat ("ct status dnat" doesn't work)
      ];
      inetInboundWanRules = with notnft.dsl; with payload; [
        [(is.eq tcp.dport 22) accept]
        [(is.eq ip.saddr (cidr netnsCidr4)) accept]
        [(is.eq ip6.saddr (cidr netnsCidr6)) accept]
      ];
@ -626,7 +622,7 @@ in {
          (is.eq icmpv6.type (f: with f; set [ nd-neighbor-solicit nd-neighbor-advert ]))
          accept]
        # SSH
-        [(is.eq tcp.dport 22) accept]
+        [(is.eq tcp.dport 23) accept]
      ];
    };
  };
@ -720,6 +716,7 @@ in {
  };
  # run an extra sshd so we can connect even if forwarding/routing between namespaces breaks
  # (use port 23 because 22 is forwarded to the server)
  systemd.services.sshd-wan = {
    description = "SSH Daemon (WAN)";
    wantedBy = [ "multi-user.target" ];
@ -731,7 +728,7 @@ in {
    restartTriggers = [ config.environment.etc."ssh/sshd_config".source ];
    preStart = config.systemd.services.sshd.preStart;
    serviceConfig = {
-      ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config";
+      ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config -p 23";
      KillMode = "process";
      Restart = "always";
      Type = "simple";
--- a/system/hosts/router/options.nix
+++ b/system/hosts/router/options.nix
@ -124,7 +124,7 @@
              description = "ipv4 address";
            };
            options.port = lib.mkOption {
-              type = nullOr int;
+              type = nullOr port;
              description = "target port";
              default = null;
            };
@ -139,7 +139,7 @@
              description = "ipv6 address";
            };
            options.port = lib.mkOption {
-              type = nullOr int;
+              type = nullOr port;
              description = "target port";
              default = null;
            };
--- a/system/modules/common.nix
+++ b/system/modules/common.nix
@ -7,10 +7,10 @@
  options.common = with lib; mkOption {
    type = types.submodule {
      options = {
-        workstation = mkOption {
+        minimal = mkOption {
          type = types.bool;
-          default = false;
+          default = true;
-          description = "whether this device is a workstation (meaning a device for personal use rather than a server/embedded device)";
+          description = "whether this is a minimal (no DE/WM) system";
        };
        mainUsername = mkOption {
          type = types.str;
@ -44,7 +44,7 @@
        dates = "weekly";
        options = "--delete-older-than 30d";
      };
-      package = pkgs.nixFlakes;
+      package = pkgs.nixForNixPlugins;
      extraOptions = ''
        experimental-features = nix-command flakes
      '';
@ -83,30 +83,25 @@
    environment.systemPackages = with pkgs; ([
      wget
      git
-    ] ++ (if cfg.workstation then [
+      tmux
-      comma
+    ] ++ lib.optionals cfg.minimal [
      neovim
      man-pages man-pages-posix
    ] else [
      kitty.terminfo
      # rxvt-unicode-unwrapped.terminfo
      vim
-      tmux
+    ]);
    ]));
    documentation.dev.enable = lib.mkIf cfg.workstation true;
    programs.fish.enable = true;
    /*programs.zsh = {
      enable = true;
      enableBashCompletion = true;
    };*/
-    users.defaultUserShell = lib.mkIf (!cfg.workstation) pkgs.fish;
+    users.defaultUserShell = lib.mkIf cfg.minimal pkgs.fish;
    users.users.${cfg.mainUsername} = {
      uid = 1000;
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
    # nixos-hardware uses mkDefault here, so we use slightly higher priority
-    services.xserver.libinput.enable = lib.mkOverride 999 cfg.workstation;
+    services.xserver.libinput.enable = lib.mkOverride 999 (!cfg.minimal);
    /*
    services.xserver = {
      enable = true;
@ -117,23 +112,8 @@
      windowManager.i3.enable = true;
    };
    */
    programs.sway.enable = lib.mkIf cfg.workstation true;
    services.dbus.enable = lib.mkIf cfg.workstation true;
    security.polkit.enable = lib.mkIf cfg.workstation true;
    # pipewire:
    security.rtkit.enable = lib.mkIf cfg.workstation true;
    services.pipewire = lib.mkIf cfg.workstation {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;
    };
    programs.fuse.userAllowOther = true;
    xdg.portal = lib.mkIf cfg.workstation {
      enable = true;
      extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
    };
    # autologin once after boot
    # --skip-login means directly call login instead of first asking for username
    # (normally login asks for username too, but getty prefers to do it by itself for whatever reason)
--- a/system/modules/vfio.nix
+++ b/system/modules/vfio.nix
@ -131,8 +131,7 @@ in {
        "vfio_pci"
      ];
      extraModulePackages =
-        with config.boot.kernelPackages;
+        lib.mkIf enableIvshmem [ (pkgs.kvmfrOverlay or config.boot.kernelPackages.kvmfr) ];
          lib.mkIf enableIvshmem [ kvmfr ];
      extraModprobeConfig = ''
          options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
          options kvm ignore_msrs=1