From f95d8cdbcfee06b5c31ee370e46b972f46182a8e Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 5 Jan 2026 16:39:32 +0100 Subject: [PATCH] Disable wheatley, update flake lock, set up preservation in preparation for using it (setup encryption on queen first) --- flake.lock | 100 +++-- flake.nix | 25 +- home-manager/desktop/default.nix | 1 - nixos/desktop/default.nix | 10 + nixos/hosts/GLaDOS/configuration.nix | 1 + nixos/hosts/GLaDOS/secrets/sops.yaml | 14 +- nixos/hosts/queen/configuration.nix | 2 + nixos/shared/default.nix | 2 +- nixos/shared/packages/default.nix | 2 +- nixos/shared/preservation.nix | 195 ++++++++++ overlays/flake.nix | 110 ++++++ overlays/systemd-detect-fash.patch | 554 +++++++++++++++++++++++++++ 12 files changed, 953 insertions(+), 63 deletions(-) create mode 100644 nixos/shared/preservation.nix create mode 100644 overlays/flake.nix create mode 100644 overlays/systemd-detect-fash.patch diff --git a/flake.lock b/flake.lock index cf9015c..b21d7ba 100644 --- a/flake.lock +++ b/flake.lock @@ -104,11 +104,11 @@ }, "crane": { "locked": { - "lastModified": 1766194365, - "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=", + "lastModified": 1766774972, + "narHash": "sha256-8qxEFpj4dVmIuPn9j9z6NTbU+hrcGjBOvaxTzre5HmM=", "owner": "ipetkov", "repo": "crane", - "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379", + "rev": "01bc1d404a51a0a07e9d8759cd50a7903e218c82", "type": "github" }, "original": { @@ -389,11 +389,11 @@ ] }, "locked": { - "lastModified": 1766682973, - "narHash": "sha256-GKO35onS711ThCxwWcfuvbIBKXwriahGqs+WZuJ3v9E=", + "lastModified": 1767437240, + "narHash": "sha256-OA0dBHhccdupFXp+/eaFfb8K1dQxk61in4aF5ITGVX8=", "owner": "nix-community", "repo": "home-manager", - "rev": "91cdb0e2d574c64fae80d221f4bf09d5592e9ec2", + "rev": "1cfa305fba94468f665de1bd1b62dddf2e0cb012", "type": "github" }, "original": { @@ -409,11 +409,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1766561058, - "narHash": "sha256-VFqsBWqFFBTBqKFw0fGw2a2mJjPP9HPW8nXEW2A5zJM=", + "lastModified": 1767082077, + "narHash": "sha256-2tL1mRb9uFJThUNfuDm/ehrnPvImL/QDtCxfn71IEz4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "9d0abe57d633a6e08d72865a761891a8c81e740f", + "rev": "efd4b22e6fdc6d7fb4e186ae333a4b74e03da440", "type": "github" }, "original": { @@ -430,11 +430,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1766582277, - "narHash": "sha256-mUZRMKId7Uycwnt31RytPwhmY/8UTbk92ckZWHoS0Eg=", + "lastModified": 1767013031, + "narHash": "sha256-p8ANXBakAtfX/aEhLbU6w0tuQe3nrBvLdHbKirJP7ug=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "4c78502846c1ef668eedbd4f55d818ebac5388ac", + "rev": "c2a82339373daee8cbbcad5f51f22ae6b71069e0", "type": "github" }, "original": { @@ -523,11 +523,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1766568855, - "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", + "lastModified": 1767185284, + "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", + "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", "type": "github" }, "original": { @@ -555,11 +555,11 @@ }, "nixpkgs-edge": { "locked": { - "lastModified": 1766842912, - "narHash": "sha256-SzsTB2TwGJdUhftnhzbOSl7E9zCA+arDf2UekBosEwo=", + "lastModified": 1767455410, + "narHash": "sha256-TSvmXw7o4JxF9ezZbexZRamzq2XL0JQurOncalFJeP4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e84c4549c32ee83f156e0f402b1bb9a7fbeff42e", + "rev": "b32ae206cdbeb3d9fd5e15d7810fd97ff82e3a56", "type": "github" }, "original": { @@ -570,11 +570,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1767116409, + "narHash": "sha256-5vKw92l1GyTnjoLzEagJy5V5mDFck72LiQWZSOnSicw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "cad22e7d996aea55ecab064e84834289143e44a0", "type": "github" }, "original": { @@ -602,11 +602,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", "type": "github" }, "original": { @@ -618,11 +618,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1767116409, + "narHash": "sha256-5vKw92l1GyTnjoLzEagJy5V5mDFck72LiQWZSOnSicw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "cad22e7d996aea55ecab064e84834289143e44a0", "type": "github" }, "original": { @@ -650,11 +650,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1766125104, - "narHash": "sha256-l/YGrEpLromL4viUo5GmFH3K5M1j0Mb9O+LiaeCPWEM=", + "lastModified": 1766840161, + "narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7d853e518814cca2a657b72eeba67ae20ebf7059", + "rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", "type": "github" }, "original": { @@ -666,11 +666,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -767,6 +767,21 @@ "type": "github" } }, + "preservation": { + "locked": { + "lastModified": 1757436102, + "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=", + "owner": "nix-community", + "repo": "preservation", + "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "preservation", + "type": "github" + } + }, "root": { "inputs": { "catppuccin": "catppuccin", @@ -783,6 +798,7 @@ "nixpkgs-edge": "nixpkgs-edge", "nixpkgs-unstable": "nixpkgs-unstable", "plasma-manager": "plasma-manager", + "preservation": "preservation", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix", "stylix": "stylix", @@ -797,11 +813,11 @@ ] }, "locked": { - "lastModified": 1766285238, - "narHash": "sha256-DqVXFZ4ToiFHgnxebMWVL70W+U+JOxpmfD37eWD/Qc8=", + "lastModified": 1766976750, + "narHash": "sha256-w+o3AIBI56tzfMJRqRXg9tSXnpQRN5hAT15o2t9rxYw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c4249d0c370d573d95e33b472014eae4f2507c2f", + "rev": "9fe44e7f05b734a64a01f92fc51ad064fb0a884f", "type": "github" }, "original": { @@ -858,11 +874,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1766289575, - "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=", + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9836912e37aef546029e48c8749834735a6b9dad", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "type": "github" }, "original": { @@ -890,11 +906,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1766603026, - "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=", + "lastModified": 1767397606, + "narHash": "sha256-QA1d/6XzxK3lsMiJ+xiJf340cpNeJs/xIM6D0/yLqs4=", "owner": "nix-community", "repo": "stylix", - "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430", + "rev": "6850ad2e9f3f7ff6116e9e6fb73a9cca2d9b1a35", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ca225bd..888c106 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,9 @@ zjstatus.url = "github:dj95/zjstatus"; + # preservation + preservation.url = "github:nix-community/preservation"; + # Fix for steam cursor not being visible under wayland # Add any other flake you might need @@ -95,6 +98,7 @@ jovian, nixos-hardware, nix-index-database, + preservation, stylix, ... } @ inputs: let @@ -130,6 +134,7 @@ catppuccin.nixosModules.catppuccin stylix.nixosModules.stylix nix-index-database.nixosModules.nix-index + preservation.nixosModules.preservation {programs.nix-index-database.comma.enable = true;} { home-manager.sharedModules = [ @@ -254,16 +259,16 @@ ]; }; - wheatley = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ [ - {_module.args = {inherit pkgs-edge;};} - ./nixos/hosts/wheatley/configuration.nix - ]; - }; + # wheatley = nixpkgs.lib.nixosSystem { + # system = "aarch64-linux"; + # specialArgs = {inherit inputs outputs;}; + # modules = + # sharedModules + # ++ [ + # {_module.args = {inherit pkgs-edge;};} + # ./nixos/hosts/wheatley/configuration.nix + # ]; + # }; }; }; } diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index d97e1fe..60ae31e 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -60,7 +60,6 @@ # }) ]; config = { - permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"]; # Configure your nixpkgs instance # Disable if you don't want unfree packages diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index 28ca2b9..bbb9dc8 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -117,6 +117,16 @@ owner = config.users.users.lillian.name; path = "/home/lillian/.netrc"; }; + secrets."prod.keys" = { + mode = "0600"; + owner = config.users.users.lillian.name; + path = "/home/lillian/.config/Ryujinx/system/prod.keys"; + }; + secrets."title.keys" = { + mode = "0600"; + owner = config.users.users.lillian.name; + path = "/home/lillian/.config/Ryujinx/system/title.keys"; + }; }; programs = { diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index dabd92b..e8c31c5 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -78,6 +78,7 @@ boot = { loader.systemd-boot.enable = false; + initrd.systemd.enable = true; binfmt.emulatedSystems = ["aarch64-linux"]; diff --git a/nixos/hosts/GLaDOS/secrets/sops.yaml b/nixos/hosts/GLaDOS/secrets/sops.yaml index d2521b7..6e48ec8 100644 --- a/nixos/hosts/GLaDOS/secrets/sops.yaml +++ b/nixos/hosts/GLaDOS/secrets/sops.yaml @@ -1,12 +1,11 @@ lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str] +#ENC[AES256_GCM,data:RrwVo88C14k703l24w5RQd81lQFy/49aJUa1IZWdY0at1GfiKSbbep+kdxtQBpU0Bp9VYg==,iv:+K1BLn+6SlQC5JAjgzMUZnuqT4cuqisETzHBKUfS+y4=,tag:jTMn4LcoNnhWyzVzLOvXrA==,type:comment] wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str] ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str] nextcloud-password: ENC[AES256_GCM,data:ClQk7M7BTeIhgWTWsgjTFb0Um8qZ901530dI9xnbs63ZGIni4+bWjLPetOmM3+PPsg33vF6r0xiwu0Ff,iv:jDy8miUoPcua3sraRQWOHWrhNacKEgf6nGsi8PVTYaY=,tag:ldGta+DdUmoajtAE6HLtkw==,type:str] +prod.keys: ENC[AES256_GCM,data:cOorjpYxhenJgr8cfF1A+eSS/Wr/PUOPfCsfqdvGod/2x/SVIUkt4hMK1dLyfFNA2ip2RObZMDUwhw5V0U/7Mqog6T7mBi2MYh9Sk+z2awvgBk7X6KjiKxlRsxArdtUxIzNzlMUEbas1u4SDnIDxGSX6AehGqVFSEtetFOGxtamMMYZa85bEpWc2gffPwWoU1OKV/yhTmj+/V7lfB3maGp5JifENScs8T2HRvw/MlNlu4gYslyF1OhLo8V3Rt49GkF/q1mPg8YrhcOvCYY1jcZzymOBwgB/0RXjHkXAZEY5y8JLaBES6Ssnd/XYy5VulgVAHSK1HeNjYWduH4b6/TQLnoHNmpmcLew8HtHjR8nJW4pm2BjqxgSxE4BsjtrNc08Atb+FOKaNGnLMHArUBBBFEKrjHl8VwfyHusLI71OnojQE5vMrpXu6osuahx1Jr7+KCYBpx1rHDJHYXWyNoVCfph40RMO3+uqekyZ+VTo5QFTDH3n1n61xkBROP48KZJ7J4UyUBBq0nkXu0P5BXGPB1uCEOEpGta2p7z4zq8q3LvR8oca9670nHshzxsnwI+kn6osNJa2xc8BwjAzCxatqkgT5pZMiuDEv4BynKmSVE/zFaIIAcCKzpvBRVBjoZCGgLHuAdwj13XVBxLdT0ECZiEOfhJQNN9g7xXplFkgL7Er/E29+Y38HCe/YG8UmMsA8xL1+h7HoLEbUUWegmfXlam7+7+tbc3kcrP9HUzqZ/O4hpBgsrVd5n1kKH0GvfqmLLYRVPjnchc2/L4rf5jfLp6NiN5nV2FUurYsGM+/zfXu1GZUZZkdGJEbCDlAEiRrPp8eRZKvRdWoIJY2TqwQnpiSF9EVHiAs6embjmRzJSqPbDqvpLqZfcbx+8F0DMrevkMONBggWAfLk6ekBk8SeQxYt+jkmTwsyB7O7QbfmBsU6DKA83XKSVebHZmkVHsK08BdKil6+dw3nbqgsTe66klZzQs11H7DDK8yXDN6nvnetaRfFTBK5Q0IzEbCvpdYh68bM2Tlcu1Vt0TMtYuQuwTBOlolEt+Q2UrjjPbsOfao4qhOfcLFFCOn5CwceZeOyt/gySogKwzfK8ETkFFets5FFbL4UI3WuTrAwTQZdPglFmIjLix4hPxPeRYeUWtrxPstpgyzLkZWuKgEA30UlnUCUOux5plniUutMm7e2BC7dkfolxFiYjak+Zae6/QBtmmqphG1GiBdKbJy7oeGMnbOJJbbznFTutPtfNHhxASqnjv/mBdfdht5tSKsIAvFCJJ/Ea9YVwJt5d0H2yzLqTRIwMzGNWz4XAtYjR1CaRlMoDwIGdHqKQ6XadME2g3Y9pjUPSGjqGsIDF6dAfEXNi8zBMWXeon14w8k606dstjvZJXwsH0hO2VoKjco77CWcLXoIpVyk8aR4aothEihQmuCgxZ0upUziFcFwXR2lBHBE7hM+GsVIBpoG92lJq2Br2RJRhsKAL3nd+ZnZxxaYqfbI4zY8THEiJXbm1UGES9T6NxFYahdpVkQh11+O6tZ/MOoMhIAFJLwbvd3utJGgE03z7CtAPchcYUGkuWeAg3FR7EDYHY2EzRIVDK9NplmHHQneOSiJNrEUzpc/ucPyjjUqSnEdVISkqY+SPtoAaqd4vmd3ZKFMX17hWZ09Zr+EYkrBG+K4O16Nf6V6DaUbzdH4hAqH5sYTUZt/3znqMyX5UhCwMlOrzhqs4AUpeEYunJEAbFTB3t5Ba5pTUpKBsy0u2H0Oo52FDByzW6bwodW9LL0OG3Ccwz+qb9XTyVDp7h95J+tQIhFgl1E/enzzQym0jX9kqkt80NNhzjsbaj8AuBlc4s8TdESPWDntFqq0ILb6IAgcZ2IQrS8VMxMYfvF6tZXS4UPfAaTrPLSdHBKOihBJIpDf+miC580uGazksDWIOiF7ZAiLGuu4Afgb29cSSirUIJHiRmTOBJI9QRHMP/QZ8xFKG70dEzk4wBjNG5LUItf4108vuXJl5K4iUkLopjskV3c1cpRw4dmF2y6pvgfEt1SvX+XmMh4d16HnRBgCT2l++xpsunFLO2gDMimhoQb1dZteYkGJL49SBsuaH/w/Kmn2DOkUaym8/TC+R7C4s2KJXiIRlIc1VSY5LCDSbVaqGFnti1yQAeVq+eoZO3eNdjog1R2Jikki3W3x0DA3mzqL/09gelwsWOfPWA7cMBQpjDsNcO81v7q0PISc/EQ91sF0MxCY0uJYFaDgWStnfTVDar/IHCzCTi4KN1JOhYhKYDi8PO5KDd1xJOo412zAqVwKC6EtZoc2q4EL/Kxln4L3J34brxDEBUWv/EyR982Qd/bxa0f6iQrJGV9AA3C6CJ7+ANrWNsoD2Ne6slJtJwKLgvL3BjRpIqT27z6t0ZQGWmTRnpYKNu1c8soEbZ4sv8WHvvD7qJ/hRb1IflECvRChjWutnv6gYBDZKY98h81SMGZKVqUsZ/7DJV+JdiBbekcSby2MVWpWINoWKx6N0PPNB9dYCM6DMcNlBXV7nHTJlX+z5H8m/mMlixohYU/NtjXN2UxOC1uDSFH2E6mt9l69RE51Y4SnnGUnpgabXTAh+IaOplghi9z8RNkHuMbhyydMA/x5d+UHXn6JkMcj3kUh944usUtlHCoA7Rk9KrV9ioI6abWB3DYsqAgP4/SKRdQQ3+vO2GVM3dHXftSSROHUcZEylx0Fj3rTwxQ50S4rJBKw0og69F4SbE9O+TX6pVn1qxM7ozn3vSIhUzweFiWb3oN9HzlUExAyX3NrWwgWxS1bqQy+WYPrSVIS6ehNx1VSe2nlRoSJ4XHd/HrBEAyWvQ9jriYkuWw5rws1tdgnFRvKZGidOszLMC46YC6kyd6n3XlpyvCVSF4jR6AbrzXMLsqhauEt5Qdh37RG4aqbI9aoxvxdBdIxsyoxxA74kcieYjuk02t6ZMPgRCBinRZzbUfHePw6lsVgMnMKNYL0DHpr/sf39MCezi5QxCLUO3kIMxp1P5uT6vHIaiLdn45Fqm2lWjWSQdhiDkZ7YHh9pXmjy04KzLNYCC5w7Y6bFzQyOCU/qBQ7ytuioDNi4QOTmP24xMQwtMAMA10Rwz0GfAc8SnFt/0e6C48mSz8bOERroUnguPks613Mt4tK6F/D0LlVVpqsY0cuMEgg1w0nsZ4Zg2SU7mMd+5GIYayS3DYJ0t8L+z7sbiLjjTRhNs52guGcTNiRrshAGIvzbgf9WpB/whnnJ6ySmHP5x9Tyd7Fq2ItaFG0CuN7tIuvMMzdqQDNP9hFtb0muACeS9jghd7XIhkJiukdL+61TATup1FaXSo3QMC4k/n/FjWvrIqpc0NnYwsYx+Q9YXuIgZI7oQetWn45TQ/M45KsaSgmTkpLdNqByneWX5IPj4N7zIU6tIufYyEm+cLK7RmDmF3KCyHZHLboH+Nh/ChdjaHkUuo4z9T7kQKLQDi3mJ3ExiWaB32niWP/Y7Fl2RmMf80uUFrbwC+fBdnlQ6iSGMSEqjziKt0dnZ+BtnfW8WGM4ZqD7feN/xRQJrK6mNJYgxpVOWJ4ekE1HHZIBqQu6mQJENQXx7QqSCw0B1Jj/fgfB9voxXBHaYlLmDnLjnD6oXPpYMl8Nb/cW9qdOZinT547WGMLBb/7dqkjfRqFSO/kEtVFkhz4Rlif8KnC75+L9AP+97u4gvIYAD4bb5V2Hrba0D+EhtkjG8Fd4R4YTuqfGrgZ4m8ed8Nu4XoHXvRzY+UQJvQj0CcGmtOATcsoZzAzNWdFbmChXtZyhvMkEiyAivZr4UmZUqCUVaeWUl9Awmjcecp1+xx5imGmFbsb9WZ/XRmMtOAvCOs0TOBLnG6EDxWaE3ZsoZGOBFUKnBc0yLJF5NWkIxviDPVW4iIR0ltqbAc3UmecRsKC4wxjnX0PqzQCzhrRrdw8O239n35EBYvnxDVaggnKq2jnvJKOOMHSAYofsLOxtlv48+iFCfn3AcNF9m/nWX5H+JVns6byAot0+1oq4HTf6oPIBNicbmKLBIfDt6hHWHpgqShBfbSaFsiCRRPU+Q5i1Fp39uBNp4782R68hZMCL6hq95W76HbkiKYflASXLkn0O4Yr77zhdTRi3XaSkTYw4+54t1pS5keO1i3o6l6bNq8gvoCrgSavA8aCcdyeSjAK4NGp4D/QnNc+z3cGaYZBtLq5dg+45yPbD+beE3PkYYeAiNp3t+vbaE+BR8cot8cwKxYi5VvFMkiGypeenaMXeSIxgT8TjpWt0hYMRCFn+AWpGR4meg8O851gWkw19GmM2Dg8mDBUY25ql1CspHbe1Sy4HrlZb+hs/uhNEWWV99C6FDlFNZk65vN77zGwlC6Wg1t1M7Y0raZMHnYHyttqlJDvwxRCt8MjB3eChb6oYF+T6IlLaiGuN3yNMtASWggfKKAyGV7UCeMmiKlj6ja8TEf5oIntlUJrlgoKODfTX9EqngmAfi+B/WmLDNHm7iVM0YIo3jAxe3hg0mvIZJoltnxgqUCID+a8wlNbxvL++FzdArJIiKeqc2Ux7EHItTQA+ZCBheuFoDsASxL13ZGtxIJ160q7VrDcBFn3by7PF4iCgLIG626Ts6k11KYow/RX/U0DBFqMfskNQvW2cmJ4KyPvVEigX/w/VYPo3jKy2axmD9NIUSD1RVHYaMRDx9T6UmHOAz/Ecwx7p9UBYKZwO6nh7+jriiMQOtw5NfHwl2Eli3oD7cxFwC/xiEsPTYSjQDVNJ6iCfZFhTrJ78dfxZBWvZ32vGHdgnLV0+ewQqyId9RMR/1tEymoLIBJfxiKM8XbEBjWAnV5FQX/SZxrHWS2DNsQdcvK0EU5Fu4vhtLx/3T3b6eEfhWZs9OREzjwsaroofFnwddzaYNfhUmRDTLom8Otwxf6qNb88WZzH38zlt0NmTsFT9+V99sdIDXISdJ1cqK7CfjFwOyRz9W9m2gcbce6K5IWa7HYB1IFkxTuBY38LLTBuHpjGw9g4KoapqesRBvzLHsF97x6TvPN4nSmJ7X18ah6EOwQIrJren0L0fVDNBVDDsjAUoB4slR8anXrQNv976uiYE8pNqRoajOBUnHAqvr7OsqTUjyK7B/Kp5cInJR7xc/KcMtRl4HPK9bD2WxJyROJAhIbjYOYRzLWycWmWAwf7U8RUIgd6wuk2GIpDOEdWe3ISx5zDAoirmULFu5ewxeOuZn+ixH12FKsMGUfPu8Rs9Nx+V0DM1DsBHR/bS+hzfqMyIz+XNBV4TwIiIfc7fqqaf/OIYltQWoQsQ0tdluZskaMzhHKE3LS2zVQ343LNecPDwGfC9kcOFbV0POjBW2OzJTPoqSKyTC/Xi+J7IlSl79BlDP4NGvbCd0illODy+DFhF3dZVrkZBeJvF1L2XWMSE/eum7x+PSQV6gnWq4MBp9AiLEJiHBk9EC7MCAmvh8wER8P6dLCzBdj4x6oXOdCamKTPG243R0jVXm/RxNUFE8MaCFvpgPqQbMjyKbbSCUHSYJXKpL8kbfRcPtdfBV4WfQJPqoEgcneaf4lv0bRPtJDUvHpkLWCVhqvM1K9FGR1Lh9hw8dMWsNJkJNLZehrpuxP17oRB6LxjCR+L7AyQW0tZL+Wr07p8p1zmyC+dobg/aHk3Gk2ynIb4p3FC0ddnXAVX3SQQOd6iXjIdPxMuBDbcJWgGPUGulGtIrC7g+bROKE2KtlabuJlu4Xur9hWAgjmfdUBwX+S9QM8nI7W3/khiKfrE8y32W0UkJ6In/3xFT39wzh/pDEak6/ZS/OKaMGS77CjzbBur5ywyWYZFLWqj+Xj90gJVVZeXw3o4tU0q0qbEpIUQk85UFcI3P2xbtfIbB++jmE7AasqRt16sODtFT3yvmkn2BgdO7FmUqpPCCGhQ8HUO+QkDihUVgsklut9g2b2ExEKh2nF67iyHesesx0MsAdJBL1buP4kK/3JP5AGCJAjIJ2ZRrmW4BCaHn75JRwqHzbi0qRzislrMhABA/Sd50dchh5DtHNQrxHHE1wZlXp2QOnhinJ+s9ydm7qLaZvMKdJMOyOpHs5TSeXcxEiGF+DEyWeuu2NKg00jNtalW8TT1Gwb9HT0/EWQNiGKkBJVKfKboHecGaaI+O+7/h+xZBhYPTI4Uy5GBvzUUn34LBc4zIkxy9JgUneN9BZK00RJLZeT9O75l0hDkxwpYmJBGnC7skkOGS+E1377x9MZ+8wzJDtJiZpfS8HQX1Erqp8QIIPruGzIUKiZWn5kfs+bFULoSpoxRjHzNrHxXcq65ANtlF8OD3+ArySc3iHSIT6gRl4LKKf2+xftuszrcfsE2L/p09fuZayamW5t15UAfAcUmrI5Ljsg8j7Zu/kBFH51j2m8THJ3cVCRES4F5CKByJUs7NEYzukBkYVaTzGsgsFccHRESA50w+7KIzhiGL4H2quXQ5kPw4SH/XDVqsKvkkqPA8OWGhvdfTnDFeXgYdWDtzRlP3UdAMJuMmxiN0j6rwM1Mualev7Mr/CVvoPsScdZbNOIkugMmPSNSRjT6QV0nQBODl9pNA4c0PBV1TClo1NdulyAo1W8ocoPHKO0C8kkIUBWm4k3QLbyKfcQqWJnzQRO0rnlxPrVOR4TjSS65Z6WNX9pI425KLhD66RkBk82oMgYA9ggxMxEmN6nBqnJcxmGAlhXqgNnmkSnuNWkzjZ4SRidsMWnTrS+lkyMZamdrvEsihARgtXSk+ksdZjbfdzyU4e2PPfQDamehlx3LFVDVshd7cznFrAl+eDSLYEiw89NRIdhWvbFYh7n4P4p/Hsx8oVTcfuqm5MNzTaPMVXgTHeI+2Kj2VVr49i4j/TZwZsOQV4ihuL0gU1/GaF3lj+P6R55dIvujxjdCKjiU+FvMn7K5Ijpsawon8cIedmjJKsAFiQnD91Mk5YwtnFqikRSkysUfdPojhW9j0XirpdWsAdQCvxDQ1VSj2tfXhg8/qWDQbO7/8s4ZhuGp+3nnHK+6YRLn0Zh51Bd20nLpzj2i5AgfXEW6Dg1N2IsfIaTyEuhDEaV374Y2ZJ0lzmRPULkquna/Hbfvr3oUNb0EqJym+m4RChJwgbpCcoeHDn75YVVzuzKxC+s6Hq4CWZQRC49knOPzHDeOVBs/l7k2EV97kFhmGa5ZxqgX9B/dhhEZNQMf/scWrB7yxOsCXzXZwNdZ4l9UL+eyRSC0ElyHwG7FC9wtFFWWCLzk6V3vLPe4ApNcBMXpEcNtq5DaqlfmDqoT+MV/ETUjq4jOPLYTQG+tB2bm6E0DdBGXh6+qgOFry5T0Wu9W6eCs/EwsCiW0d7PkvREw37GP4X0mpQOrt7na7TFMw80NYleipuUVgfeWREtnZmKSaDVXDvecel2Vr7c3JTjLPgBaSXonbQa8Jqw3PSfmI9HcmZkp1/f+Ti+D8y+lX+y096lB/NpnPLFA+uh1VMVNfDlnTKQJ3DN1snSwnCKb1KXYf9OabRI+lxOxa+95AGvUyJb+xtw8+/WaY8fb+vvznLvIrdUZSx8NjQ6qVxrDu75I0C1y8ufSoczsjX1kEquS52YAfi3n7FkCL+8BKH+v8C8UqxMv57sL2678llSgli8/FDzHaSAh9I+wTFv+Im5ez7LHXCBSfZ4ZTqrEKCObnZM4YM5txid5tk+gUi7Zf7ezI43hJ2vY8OCAbndK7p6Elvmz69lpLn4d5oNAPzamWB3TIHfj8GDc9kYpSP3Uvs/pB87fN0oR7MmS9dRyzHv8DDu44nsp8Vz2qpwJzrlgL30Fefz5eYb7e1IGcDYXcNA5ceOTxz0LLpmntZzrmifo8iMy9LhILjh/fgydPkJxnDB/MFaNWM3Yh1VMAfAB2lXozzlOV/qcXMFGlnckxauesCNlB9cCWrW6KtaCSAprtBWr6GYOKWAKfLvB1/QIr2E9O82x7voUV185zpd0H/nha8YGC10iaHI2LgJG+RUvmdxL2P69MzcYP0w4nnRxNPO+nBY54TneVddGctEbGpNn5VVckQctGvqb6hp4cRcR/emgawhuTLu7SDfb+C404u8VzBI8M4B/yiOgu2PFhsxSObT6t2gkDAk28t612noyQ+1u1R5xfwpUM6q2OP0objwkhdFepXb4nz4v7TMPgtbJkwA8JkOzkmFi6v3d6UwwlSx1j3cqQrKPa9atbj55frQwTKBjBruhvkpe3B4rS+R2frQfEm1L3IKzItq5N+y5hMjE7VsVksUmedTXCzHQUlsgJszj/Nnli0I8kzb5lmomvzZrsPUIixHh2uGUX4Vp6Sc73PA31EmMd4JCBB0LabDSZaGXkCwtdWhiL3vpvX51T+cHHGO9tsGvxw5T4XLbxweodkCUnUdsUZ6PnAAgGswi5XIL8nLewpWrk8pJ1vbMuZmJwZMTbCq6CXvoqx7x3By/GHZTaKPD/G702Gbilz2g3GgLXW+mJHEMOAgjaU4CtNnQLseagtnXpVVP5/iCKk3JzaRvuSbQ1Gvx/pEGkUsxJw9DK98kCbM+Sh7U/RgIyh4jXX8ZAAaqw/KJMn3xFB6pMsShtG/3xwzvhlRM/kBHYNT0kyY9dZ4rn7iwr4xGs7YP2o5LwUpb5zy+rT2xyk4OqgGpZKlheTdysOZ15eUodvLcmW93/TjNYMl3b+wCJVBFPF+R4bF0utQhq1fi8zEu25AJtJ77wBrUUxA7jdxbTZczjgeX0jelJPpFSxV7t6d9GWbVlZIzXOwsRsSzEiszb2jcrJ+oLidFpUAklDBIvfWCct+3ksS9ugu+Y+pkPM7O/JqLGZpdB7pQg+z+fSF/s7eYsGlb9I2tjgw08YEt/rDzMO2DhgXOlDSifX5/rZeFwNEgMvIkoM3Ohe8aymtPsOe7nJe+dcxG0ZK1qbaynpB6BvKnmD4a8pr/lnIw0PZ6HkdGhQYwmoXrxguwkkeOHmXrUxDeTq/U4nrm1Va93fNVnw9a0bDGemf8v5J6Fhhms+ONrlR39jZQEOs/KCqr8c9g5ql3JVkhIl5p2p25Kwp4pYoA3lq5qozEeWslpxAxEMnLCigcxW7CASYGpv57ItNBsmcz0stO90zAMniXQezJ8ltv+BVGsWpCVNquZEwJdnIKl/Gz3teH2tb0hSbwTQvfgwEtjG/fYsMXz6MusS4kHXJikveiYryYA0wJL37RluSVTEW11e5ELCGhDYmZnV5WGaMDSb7LwHKSRLFfsN4MxzFRr5j7C5x3u1egWJcFqY0/iveljkI3BcGVRiiOErlN5itUtM/Y7Ww/zDlk/EgqkKCfLldPboEE98rsk4ZYfJW7buJe52dOVPuiulifhdKi4ungW++kHVUEMGf4ne+gqSeNdMDOc9pMMCPR8HnpcScuXGOtZ4mU/5dCDfZzHeJOPzbYZuQJe2dn6qzDEa/RZocUTufTfYeRaaSngxU3yIZBizrPrMxMKER6LXO/Jvxl+llmfAVesJHYDRxtm9ZZaNCa163Lvf1WbzwO7gHlOWXgqJ77A3sfsovcgUqOi67MNVRlw3QzHdL3Ej6d4nFVeBsLlkgGTzVVf0uYeSg3dfy89Gu/ey1/8YvDmuCgNmLsDy0/VzgelQdVqprRVpfQCU1DHiC3kAtz/1NHD+GmXZiokdIsdpWRJeycB2NZlRvfooUB4YiUxTgkLAFYuvQh41bCTkPVb2175+2tOs1HTlRF7/VaM5RfKhW/Js70hiR/ueixlkXTr+ATDCWO4BQ9d2gZU8n7kyOWUV/DbiNmyTw+GvlAchIBFVwiFrtz4xn/bFnUa00K81FRuCqtLiKIqx9vlJmvYNV4JsnKC63f6xiTK14GJkIAI46mmYkVWnM+1TiAiCCs3T3LkvV07cgjkF1SgqaC6RHmeK2GQrONIaWwUvw2rShETu+mfBU9E2CJu+Cm6E06pHLRZy13CHDGkjAcDC7933O3s3gymjHjv8vjsqe4sriUOoMoygW+ywe7frs0urqK5hmzvrU/ymFq/yJywcX3IXZmm7n1cqiKiPoKdaJeV9Py7kACyluDjbm/MgDMUK0kVeWh49edRaRniwxLM3R+Vv+QqwmRqur941Wr32CsKJVsXyTbt7+VIQriYwwttWiEjk/LA9cVPYrEZI1vB9aQvn14HJuMq1u5HgE7KWzQ6ej+zdRSGzTvoHQKG8+fW8E3ZtW/k5d+J8q9wxTZ/ttvqOfEkWkS+h+nNJDEehdur5yTC18NQZtGjA7q4kJFqU0a9RVc/WS7cgGoQLiEhaCvt0nUVR/LhmOHdTPr8zLPe6FyABdPy6iQO8ZaEbdlg3srpyFZBrnSErI31HhtjZdNpkeghs7IKXenJRWdPW/gwboyHyIy87IODE7gu2f65Fnad9I2728WNRCfCFLMyjbfLJ9ahUKiO0NcAfUwMV9Mo40nzz1WiMMC6vZTZbGBKhggwKTaOYNhPnsp4AOlpocCLEjZjvbADhbh25wIu700WjN/4OpObwd27UYK+Qb0uK/IKlkeSj9rWE3+kiZeI2eDRz+276unIuIuikzkPSMVMRPyg/QJQBcyosx/2kpBQ8oz+lFnSYGYXYOIeD1Aa8LulLGzmNxVN4SSbzQD5olHE3V5Svvz6Zblt/V2qa9WUgVETujs7vV24tnWF/3cqjNb4wiHprIM7boZmSFptO0SX66tOZuL6aOnpF/khFyfEV3JPOSneH2ep2+ZC0t0u7+ZtmZmbSuXzSYoZO+W6ijJxSpQq16Ib6Tr/YR9JCXe9YDj4k9k8msnXQwwyc5AjpnRx6t6ya/rJn4eaASrSsbCX6IY4SppLNSS6PelXe/BV5cUqxT1iGgQICBYGIp1P+29NZqaUePWpvnQ2czcYAIJ4FSEAkzrwbLbj5gRd/WMjSkPaoTPA+lnr8Hb3arVHQhD9gJn2bMFgRySBhN8AWeoQsJyxNC0VP7/sxtjmxd+FwjFa1RqyKoAiYL7nY+pCOq4h6nmyjG3fOABGfIt/NIoJNbo91t3MGfF7YYFfiA1AG1CCpnJhIwbCLeBkqrIQ+fW6f2spgAtWf0IxJgm9OPlFNEGb23GolGLe/Yv6JL4YDMkwCPFQKUjmjOnB1sr1y1HRyVY8ATqMAn3fnHe/zzI1q6CWdWSKIYOXV0sYcV5cl+SKc5l3NcLbUcKSUzbSN6cWnM/qb1/3G1TugzenoVox6UbxUFGRQbLhjgEgGg91qeicaVwdl7D5EVhMCVq5YFbcmJLbUjYuZcu67HiYoh/L96uA47RoBvLlDOp0YLI0DZTwJdMDYB2R/bY/xBdg7bmc1PaLlUBw170qVi/v7GFjCCvQZl0wDl/Lmd4j0wvw5mkZloU38OrSvIRtUbki40+JB/EUTnEgB/ZW5SogIADzwAcke4RAoI5HsJvvle55Wcutwwii8luU9re5y4fMLXjh+67dsmsn66y3+MtRtvsevPf6PTQNMbVOaA4pvOPECf2gWRxH4NWYpwZdW4+cdB4V6brd0ez/LzDBKRq7L8r2O4wguxWzgw1SvBX3rGkIUZ/oY3Qrh5WmoTg6ZwB6D4wwm7zVFwR5Af0UpUG19m+fj+Bl7uKBuXhGTH8KtogebZGv+t/UvrTmUSMZryV+mbY3Cqvotytp0rrd13SNgAu/aJGCSk0AtfwilAhdyZV8IBVL1mmrzQz56RMmt4xGFBQAmXItTJJC46ZUJOaA2j6g7mEc7zkh99njd3FMX+Sj39ObeLRvfk6MLSNdsd0yvxm/TrnOHHD4xpTtey5ZeURnyR+XN0twvBSoYkpX0j+7zf6WHYk88muOYEAArTKdiFRw1Fobn3ZJkrvHul+1R1d/UqxKzoybMHIC4kniAn6qG/Jfmb7I2s6R5NWHiu+aRtWdT8ZB6GVhrWmhwhyE5LMIeDOjpTm0YyX4mjUXZY/5/jsnVpNThzP2qPYRgEsf0134AN7hvOozcDtWXrEhRdtIZ6shC5GhItutJOrrKVtBh1Q8HGZMYXvAmdfziBAUzcSNzQEJRpeX9/Iig2B+WmRBH9OJSd2JF7KyfAwXuK7TjbuYy8983xc2fvo8CN3Sjn9+GNJbXwWsmatfSGiyGYPUnprKyX2r+lSCgs+auarM/vdEY9TH1SHygqvlReNdAeCvVzqIhkHNUjbs2VixQzZ9gbVRhrZbROrO4Aos6G2meRBekLMIjkZMbw9Wxw5Q0hqdxTrCTIYW4w8Kdf5LwuWD/FkjEBIIjjhhf5w8jFyAQ9+tOiO9H9wcQDUB5q1E1U0wEAr/2h/FeyM2mu/phSKE7VFxdKFvQls2qE+FSPQg+isZ0vVbAKgptW+l2gRaDFyL6TgUWfIZlblRKePiPXxUa2Tcqs1uRQFnwu/ChqZm7PztyzLhm2A8l9OwWR+mG8gpdnWUPP9JcwJuG24z4WGP+7gSNaGbmIqXTFXSG2gvYvx1BQXXPZ7Ke5mAlBMDhfgUK95d/4MaiEW/MwAELkf+iLODqhTAdUiPq+iKOP4tA1ZcI/quEnahDcCrwRtmvQTX7OsfAVGhwAFRhfcnxhkqKZHRgUYk1vAbgNgDdfjD5uqqbJqKzoi/73DavPxPeuahDH76jfhmCMm3LTJOryMMfnRsl+ZCLvXofaL5jqAsQeLfDuON3eB5vwZ2CxXA5aDVxefci5WJX2TWiiivdTzUBQKcq+wXHbzZ/I2s4NXFRPalNnfs1F2alrBebCYePrl4irGHJ/iKgng9TXcVbCQSvtVPZr3QEcnUzahtw6bA49q+teQcEhFGZlkyn0+IvXswgxhsP12kE99JdNA212ru5Q0V0el9bc4EOq2jeV0zL8dxkbG6cnkJMVjOvvV85NnPhw+AIu76TqPu+iR/IKyDC4+NvsaSrOsriiXmOiuyC9MbBV7HE7MI0H7B5GOmdTtHAKkTaubw4+ecjX1k5+zdBYZnfU41Kz3k0AyNAQ99ERPNx7YZAErUThfiAL6A7pndCHu8IL0Wi080ZaaMphdE24dKK58Ue8EgU61iBWyfhVQtzi5PQfUhRAqw0DSbkxJookwuf1b8/B54KZ2VnoXzXATUrTSPgZC1cmL+XAIuJbQFD6regMdVpBKM9VeqPmQKMjWAO9EbCxLJGXBniJ1c9KpXzrKjHJZTnQVv3nRt+oOZ94aHo4PqiNsD/STQRxx3E3EOQr1MOKPlmjLb2Nf0HHPxeSIE7P6b7BJe8d+zwG7LpVNmJir0aXAajFc8KW0tS7mp1N4qshoUEdPbhptaU4j7mFxaLUWL4IB7nJZk0AvYMtOqPl8kr09aEHYurWE5ry5wmAI3/mwHF6yNwGstEEAaDvxsvgrFJFV/8+Wrkyw2Zcw3jUBOt1Ond3daEFxOEHHYKzCjh7cWBUIPfu6qOX02hFt8hMv0iaeu4guDM0rVlgNmUUzSYxOEFLqn+Ppt0K/7GMGuRYmjsb0E8QXPF3s0b9Z27e0rG2oSnwvrbXobR/paonwgEZ3kPvWMdd5em+0rzBn4OG7kHZfw4cnQUMrwIp17dYNPXOvQHMtn83ufUiCorxVcBfhmCnKV1EJmR0cLlmDRC89b3aZxDjomn8lCwMDnJyrV/VQbUjU0/syjI4b8OSdS+adT5GILsbDOVUQo56ts3sgH8iB0ik47vjcp5RLCpHU2odiRb9QkzQG1OxcJzur3mAEYgmvLwHv7UQhf2LESjMV0Cnh98oWdeasPrZ0jorUVpPvrOkv/08ZWwnaoqNYtBcrRb8XCByWpklLwwvudGQ7DDssz0a/486iaUwXC108yzCx4Oz4XJzvjL6iQaPUJiCxwCO3yCWsL3kxy2YykGAq/w7iBU9Dg3QwOkc/sBBVuZRS/7HCVjT/twTCm9joNU2nF8+g4tYPMQaAe9frVKCgbWyTvmIudsxBzqM7mh1SU9DXyQLBzmLSjB091y7rYqtkzhgNQC+ORlkZPLUdWZWdOh2gWxh1ruO+jY+a2EsnqkOKwOXyACIyQHaOM1SgPtdxU0/bJFZ6NjbN6S8PrdmRrNLKlLyAz8HOq/tX8j6m9BtrgPDvU++ZzFNkvZoPMhxZbPTrZNCkxJX6PBNaNGcfY/32KY4X2unlnQNo7vPbzs8J366WDAZLItyHSVMB5isobckMNy5svFo4DQpx98Qha9rBRYwUJEAFC0zIshIpA5PMR9wLg0wHCXtPha/j+gb60i3wvoSLSGFvOZcuQ9BAlgn7MQG6ccdnbc9RHJywHKB9Sh/zwZbC4VvXsAd8xVhhV6NGzZh2DaDgqLjpX0AKHbN/9e4aGJWa0O55DKszXiBi5lWZXz9RnwhjiXhZZFsOsfZ27jPk4ENQJNrd9cNi3drQNr28PpalaXrbj5KEo3DtguMicqgDB1NX+2GD/MR0sjqPafl3T979b7rFK59vwtF7L8Gayfapi7Ts7tsIo7Qc1q+3kTxgAO/cerV55EwcGsnAWlU+Sw13xhOMGGEBwM2wV9/LNOHOH2znZRSb3jwve7mO4aNhIAkrLh/SKL/BD7yiQOS/cp/zdrRoS8G+d2z9PxiyrH42i6KMFdvN8MtMoQ0aoSTzeKQWsOb8uc/mfdOtHLIkpDxkLcUQoVKA7USYKU4yMGua24aoJO63CEAVgXZI2IJD8rM7yQGbcpVJ0ZAACoQ03WQY918fkeBjHuhcbAho7oU5VmqXc75ej2UFfgTUatqD8dBf7mtT61ZoYnRh+Lwx+8lDi8jGxtgtj41NhPyzwSp5h5bevNu1znyVyk0yunmYkajwwKUicu2TVBsnA2OZ5SYvAvF50SmhjQzE+lXHo/59LmIn2MFHxW5Rur/YN523RW5cKLoZzKodW47ePkaHGKXvWCjztuq0uzlmKh1bxMcUUpvLUk6vHpJs5rRnh2xfsouGwWaXoCmF8uUcwvetiDBFUrw5EWz+0VUPdRp1hLwPsLgmpD9C6dA2I6Amld4Ksv1KVx5A0lEJ3scy36W8+wvHXG+2oOsPxdKswThO18BqFxG12HKVw7bCHOfz0YJmIR27LeNytvE+hd9BbgD4ErY/F58USq+IYiFYuvLZAGQJjKc/xn8OvSCSRcD59LSVbTHyM4uLXy2/IvluRH8lTuq0L5YEoWeKS9rR1u9EbI5DDXdqsDDKVp3ybNP1Gbg0XM9MeuQ1Ak2DY7t1/9fBfF519Vi1ud0IkTPRthm/qCfttSi9Yfzol9fkfEYuCf/Ei4j9l2n7/cT2rMYgNxVsZQwfRancmCLEmxSoc8GSrm/yqfoVgY0aT27s2Na0/M7Voll4JmGL/cOLQ6msxunLO8unm02wHoEc9EgZCP0WnAzZbiFOcgDO9Mj1PFFyxFz6eJ1RSLtl9ofZaflY+bSIcLhWzGhUa6ohNAYMifSmpoNPuV41NLtaZPHaGbMWBFCpxlJvBy834vQK8XaP7LdaJzKk8N0eELRltUTZWMIEosSJIWySXHkaGUMOXyemY4C2bQkNt4yBds9z3Uu3/T0EvONAVmO12oCzhxOWJ2MsMrhYYSPYGMivjiOtXCc3UKZijmO7FPb3MyKONLrz53Q/PAGXHUta1HzZiv6zWPyXqFTRNQ3kqV44FMDJnJ2OWdor2kzxkjYZSa4HG0P47sr4aLyDUoKQUVwGhSvvmyOF0n1mTAGMcKN2jaiguuT3O++T0DU4sIjTivfGjAdL0Ut1Kxa566BOpyms8y2exV/eKULDiRn0iIh81KwxXJ2OFVs73HVMQNjXKePBzkQw5k9hzeoIH7DEV3WPLjz9e2BGFQszym0pDBY25IDEZmzuyEeYuGT2HXrveZ0wQQTNCU6bK+oEK7i1w9DwCOmmkh4xwdjNP/Lc0FGJcHKG1942NMh07QBJ+sPDrZYHlAmQpZuVd2RKAf54HKhmg5KWCV9TLdYMa70abGgauQvnHFpNoFGpGdAEiWXwVYsQb1jdU+RmzsEoNfaQjplEjdgXl+pxrmjqpX4o8IfzMJrniSfZCmIZoFZaHZSS7zN/od4X9OCYpoLo58V7a3yOET8ph6PloQaCH3Os2M2jamo+DiyfPKOGFi+UbpZsHfi1ftHH3tI0xiGoXAVtS0mpTcXc38hOvGguuLcBjwje6vXnjsAsaWgv77kL+ow66u4nAzU62SNt+7EZZ+HVoSnjTLjA9z4pwAIyH3e/M2kO/Kdmd00qsyfY+tWWOYtjALTdlF99l0ZKGQNbzFaYLOaa82FCK4Azuz6yfw2RvV/ZOkyJ6dMIcle6sCtM6lFyAEUFNXLK+964uA3x/8fg188+aNvG610zZSPIjObJBjuQ8kDhV0mzA/QYDgg/vT4lsUDMJL/XCGJQoiyeyEkRIqVJL3VzAoVsGYDdZm7u1/IPoJJdn19FORFr/1UZqEnrQy3/4Yb2E1IdEllOPnueZiO6qXS2GsN2VcaUNd1uY1RNU2XX0rs3/cuc+NZm0zmmYlobDghzxOV2GT5vMxAZGsaefF/NmaKSRmsRj+mICbsXWqKhOV0aCgDr/2O63fze8YETG/RQb10IRE67D/jHvHsMesVU4yO+KAybGuOGxU44nWyFEP0nJ+tf1097SEaApb1ntLb9OC4CLbDADwiUVz1am2xwfjCz870qn/xcMIRjPMeUH4+vqUJ7yokgZuMlgkH1L++7Tkik4BwWPXwQOGyoW+GbCWO9vv4/SZsRm2NcrvbLTThFks6qVfxDdohv1sIatx69Bn2QGuipLli+fu0DDn0aZgjfzv+C8xiLYa7mE3flaqe2QI25Qb1L0nmUZTs48CPa0t3g26pivBs0fa5qeJdkia6Xmt3ShOuajO55gxCvtiWo0ClIbBOGUEbc7Gkp+k99hT4QPrIivf9q5y/MoyyKqGcs9/QpCS69T7W1ZEqC7m3inTFtYxeoS2DZSZjYa6wrJ8SjGe1vasFFkzrKZuPRc6NRWhwz9amp5a8LpYFRt0RNK/teNyM6zcLKkuZMIKByYEBOnU0kLSIfJcmuir85X7g1/B0It+/PWPBErefOf7jRnkXV34miyMmOscm8491PJkJWQlkMwS9CeScTwtqZUHyJURd/6Gku+1suYqhXnfVRnUbLyX+c6w8FqVZnooJPgL6I7Lf6gpr0T3ufElxQPaugnJWBedRlhx1a2LqfDlD7K2A+N5nTe3VK6cLsZI9Ug+CKAcSAcCuLaBZ6r4knTza/vu8rDywHEH4V3s51aHs+KM1iMWXB7zisgkeDLz6mJd2kpRCE77SG905Y+h6Yx8SeOZ7yBZ1MnHGCJ08GHmr3WZN+wT2pZuWsThWPhJ2Myw6PiKVSYlYNBeN/6+1oRopp6A8YNhpz88UhgFWMLK5rlfPXxLJqlX3Bb7YBTdb6/4M/BR5e6mOoxFzDVolMYSdBq1LeDLPb9rAnlXGv/nRFlX26AhK1pKRBUvsw4oAMr6r+OhSkGrDHcCTYJ4NSX+7j+7P1XoQ5w74YVM4qTTes/TPVyutI9nGWtZmlO6W7vy7WHXxiICkPokMB/Ib+tXYWJxPAcBOMhm3az3vVRniAvsHnIkSblO0go1NL+KGoMrdT8QN/oj43Ge3QuVOk++2UEnqTYztUfCqnqcsgqhUsKYzHd1Iy/hF46lbwg4KNS5XoAB4lmCOwvZYisxBUFFoZEU7P4lSOD+jMikClqsQYMRP1FR+tAqrdBd5+GEa4302y3Bf69R0+c+/NOzizCJlShr1XJyavPScrnJo87nKqLOX9CqeFNz3lIit+0927FdWNtbvHllxuupL6GYMPwJpLXabFv8UZZuBl7uPqoj/g/jBtFnPpME9fv+tBKTIf7JRm+MqqcFbTh62qUzc8NU28IJDyMzWjhR79SOTvuA5y2nM9H2AbxmOqAyKz/u3KsuPwHuLAGqAYd8Vuik/UfTK2jfqDw8+Pw6TjfDir4SRPt4mSzXR4PCmbBs1/cY5ELAvgfM7YlRggrFwXQXQ9Nz3Ft9ikqmhSpRnb/c6yY6fARnIsK4px9W76qf/s0rGmMS2U5UGKzshimUbl6CBWfpCHtmhlIZmf1twN4P7fZQSa+oDvG/V/pVRCF+w+f137IYh+JJvGygJBDIO+rhNXAxBPnrUvM8sh/D5osX50Zr71pQSFKWcr/n4D/Li9cra7zoP7B27QatL0fFm/pF1CVo/jvxxPP24hEJA1WQJIJ+5LZDT6vP8C7iw3ysZZOYlbw48UqZxi1qJnS4E8mRWe2vg9JB6MtqRoFCxCCBRRiVIZQyN8G8nBcnnkA1KS/cu2znSky/g597uoOUGNGWvpde3PUmdu+cGU8cLCyClWLjxyZk9uqsE2UJwlspfB8d5R6Q+eSSXfpo5AtAn7uxPeFnljUx9ehUlPSfB5CJB0N+5YUam0z/eSXAeojgtm0BLSf7gJhqC9fGFsMe1dqulj5GvJ0XTt8/G8CtNLi5jywRVMc8U7fyvMrTqEfYaUwm4V8Nq4ORjDP2NAZROfaU4BeAaCnGCzKHih85v3IDPer4dZvNWHyQTZj3dnjWPw7bJSpAqBevAvItQtcHOjipFpwhRe7is3mc3I3NLWIRjBfanH2QcFbELt1Zftp1ywwjOpeujZ0KyonSbT4zdJkj6VLfWLIFNw0UquYE2xIvk0Iaer70sfZ0LFl3qam9pAyqAp7XaqGyj5twDYQ5NHseN+1hqwUAyzpqnBjZV7RTJpCnJ54dz/y+fFwxx6g3mali9YmplbLBN+FoxpmHgT+NQZuwE26ciVDGT0T4ggKzk0D6njCIBcz7G2ebkY5TcQ6MX5T/bXpWXEu9Vo9s600AX9HDeplSaUObDwlC4bMLwrbBxATq4cAgUiY5hNiEzg7ZtpU43AJ+/kJVGqTmr1FVpM8wvkdl2v6/shHKtqPiDuXKrzhw5JOz8IpXfLNOnDpH5hPmW88Ema0fT6V9D39UXUhjxPxUiHkyoruEbAdLkygGuL+uV7lmihuNaHyMF4l2kUZBK7ZjDyHxmSQK7VdjwkMNAJmciWWeOcWorNqYK0AL4cPoRXkcxf+xrXR/CH9EO1WZbucPLmoyqpoNXz1y/UcZhBeP2TFG1QPBb/fRZUmwJ/lwz/ifjGSnkiHp9/CzTJnRk/9fYAtMLNvLjv+myHqvIeOERXLrA7FV3RR/NtU4ScbL2U9F5PTZnv7HRW+QasmgvQ7zJYyedMKctPEoSVKUr1EC7G7Mye9DHTcT6hDEyALlqeLkh8yDJjq0/KDdzT2RKZ3pT2/t/uRud0n3qX0hjW1ls/9BUkhUZslbdm7HDrNC3PHXlcAH0kLL6CUWpnHv5LUal4z2Gp8UDe+cuZHGduOq+ESf3hY0K39bchiVqIqmijOHRwy6ZWK+neqkxLdpttQkex19LNqDkqZTaIEdxBEZk0IlYXZH418De+bjIvT8f5GwK52wyhmJdRZ306j8eJhe6BA+5ra2T90tomquiUYiIhWKfv4iCGWVEp97hwo8tlr0wTuoKvIn8FWjTN4Bz4XsrAeeHDtrHmqcYJBm+lML1jeWgu0uUqwpE6XONgtBpy+wDC3IbBliRzPIGqPKz33lRxAdWcWpUZJY8nhn1ZUrzFowMQR72UtOY2ULZsRngmB1m0pTVvgvtOoTbGEF9RWoJ1pUFz610TkkHsUSuqrGBgtRBY3K9+e2RMauRpFbvgyvdZT9K8bd0iC02IcqI7arnia4H6ddcCrqHTN0cqSl7Paes0zmN1ryIPWrW1fYpq+QjlIjnORrtiY0FGWPibSAZP5sZeNSvW+MemmCNmrEZewSIVJX0f84YXhgADcrRsPBhaUk3do3Qhi4UFb/cWMM60a52d6p6xEy9G3x8mLyXhUnDbf3D0OetOT4wT9TxJvxHMMUnKjd0w1VCMqITYQ+1cyYe6yqDD+o6JKyWOOt1NL3g1tly9dgpFkBLqnCwscXu2H8h6P0geuqSXFhPC2kcytHtcENNv1AVKOIkGr7LmQx2lwl2M5aJ9PeYjHkjSfbUE7dXCsao+SV8rWLQ94rrw0VflNGsSzU/MwDbczhtYh1nwPOkVfizNeHIN7RNfb67f4iJ7ybG4pTrtxvGVtjOf4QdAptD/tHDBvHyD0wSJcESZ3ulQxt2eRIEAY7YX27ZHDZVr/zU/8uR4JG3QT0OlWteIkRhkvFHmtvUueI0i5IX0Fu6I/Diz98/TLQc3mrjjmy5ndrhJSsl1UhXCL8UQI3Usz1ll7SDxGYOJNnPGjLwbWlV+KxK6E1LvFrqxKCf7DwdpHfXaZ2xI0wBS6PW8Iwjyg65UdobRtcfDBOaqFVs3IqAal6hyMocVWMMwu6d4BboZbKe/oCZ5TkdtR8riFntDkRF6Q+G7BqJn7VpwXQOAWHVF+/YLo/zkGoXcZBUw9tAE53JA6W1gWrnr0T5CuWxu+5I0y9vH2i61rjCbfCm4lhcTySt7FbjSIoSSbiKGmo1PiboXVUcWMw72LYqzj5cGwV4Vi/2FBTCP+OVKyB60Qg4SKpLZaiAKoZqx+2FA5DHId2Akrodcw1cKoPN/7uBjawPYO+1gAZjjcbsZEP58PJXhmhL/BiK5UKSdiBPkMTj1Hd6pxjvS3UObc74Y7GChZoHWLoUtD2enNrFyy10CxJfvPQB24ccZk8O5cX4/OiT44gbrCzkWM/jJw2LPs03GLiPatzObPShzyGzCfjogeBvl1ItaI9PHYQJ1a4c6Ju7ZR/59SKAT0zEbho6/quj5CGqMBWBUvtgxL5x4g2Vlr0n5//cocH+4tDKWuxzXkzbhvZT1HLtGuLP/GMe+QhX89ZQSG0YINZRnjsJTlD8vZcTVl6SdNwQGQ9CBwQKkrwtzx7He1fCQ/lOntWpo2/UbWcTz6LTpc0pdnc6IIwplQFTOi8lJ6ahlCJ/GMDjG0fbd0HOZ7slFhpgbckwXK4n1B+L+ZDMpkVzbVoQBfMJvIVcQdJOZSIbkdFOsrlzzgAq6T+FyBhQwlsTbLXvWWmKYkRNv0zMpk/EHIWyCDLVumHQ7CO1Ml56588uF81rYeQ61851o/8ttMv7qSVleILbPw9Qc4a6GpXVUQmuBw6E2Ws3TPFG9+my6jbvT+WBmVBk3GU4j9csrnZxhZFfHvU3sZhTcBQsLk25j0AxEgxQ0LkGbD3MsRRUvjxcar4C63VfdeWAjt4OihizfphsRTOd6GzLnRj/XhQCVAsOisvrrig1jdE9g0aM4t/SDCUHgxCnDQa/r3zPe/uf6t3N3Cn+YmmPyI76T2+zkbW5M6y1Vbt1dbrBMAvdy5iTkOdv1Z50H1h5ipQBRTSdtv6v82gvFxkL/1ADqpgSLwl6Gk1S9buXzDPKlJePqnlq1KGBXAcPECcHn0R0SmylyUEsJtju6iB+kx0AK5+QczIAVGO41hefmUF5A2e9u11KvEPhc0LEIBTEIQs2JuPErDzt5ErGzcpnnmGhpcMzjlfjKg2hW8PFTuQqddPWEoRC/61deK8VHmHH8B61kbiwGUO6t3z4oHEBY0=,iv:0QEPw6CMkOeGPkpZq3hZenkKDFnAdNiBbJbIMOLCbHw=,tag:SqHlmsYEPIMlGfPhkVrDAQ==,type:str] +title.keys: ENC[AES256_GCM,data:mAlox5nq4dyZHmDndZkmghu8Qp7F5oTSx7CKEiygztmrFaSNji8csIdMp+t9eL43elrVatckALrLIw4e3Zlh7Osf9dqLAVbE6SV7YUfo/AeKfbmYU9UoM7+YlnxqS9T83xvmr++pNM/mxSZJwvgDTbQVWeW2T6+6Mglozmh/8yDOqT/vmj+gsHD6ndXID+FxohgI+kP3b8YI1oYlwdZaPAVtZYrYhgWpZ6yBiZbhhjtoBV5xIfQQRQdDAx8kC1xDbA0Ntmn5hGgPbCwpina3K+1Ukh30orGq1dB/7hb2AsuxsRVgWQ5uqSHCCV+BkybgoeHFR8G58VYl5/TzQbJSRb+NOo/2XeVByUq++kFyudQTSZvhijyjZ+GmErftpEz6rC4a/jte9j1MGaMLbAzEMTFZbBte4VLVgC4k/CNFDxkeYKcB3+Dspl4tMw+R70WWr5vo1hduUCkhC2N+2VlJ2vokFkoL+E4pw1r8XaQZN60JHz/3C5hgw/FwlNidro6DzlFzWSpZoRymkr1UPuEICb5P7fDB3au0yDYpqpWXCPqTU1WtFvAf2273kip2VOd1iWpcx4LcVOYdwvM2NkGx/gIzEmU2sJAIdB8m/p9Jjj3WHOxnXTR75OZo5zHi1aQiBvMjW+xg37pu6Dt7m9LNabPWpedgQtZxw3bhWhDrOqo0DfQEsyHvjaNzCTro3zZKnCPSqDPcEpAxD8fogtpSZoa6beNVCJYQ54o5qlGoH2eRvG/M2ncq9tzn9iwAP8MfKWlyIyPUwQzZaT14Wl3pl90HRrolu3tzZpAFNc1Ok7zKYTIXKzxMl3Au5hyP2mvGXYZl+GwhO2rk1CpdhFjNvq6orxFmnDQjX1e8QmxlR0B6tUeIwDWyssGO+Ie2k23eOW3mM1JLt+7HY3R65MoI6SdNaQxH7lqNnm21rp9eKjIQS0NBwLeO8XVM7VtyeYt7Awl7eBybmDrrRLTBi4JD2eayhBTqtvmjIwndNcxmSbY9chYs1n128ujNuzHud/QdTx4w0CndR9F8zIpISakonSZvVb4vh6JFY5uymONK0tlLy63sDLjPh3NMIM4/qEC7W0wTgX1uHG5Ac4AY2ptaaKFLlM/WNNS5cmObWZgytpR+UEWh5S+gmcSePf6DzAoZu/U2gBX+vA3eVA1Y5aAQA0gdDa+AI9jaBT9YGdM/+8im9brIzEozscybltpAdTe8/mUwl06FmziX1mO37mv/uxBAig4o2lUrEinH1vJEKWHtWWIOGIMIkz4BY0/3KK5vO/liie6aY2BbCnx47slRZg9r2jgPtz9iKxSW53QFeg62b51futQbmuipKoGwp0hW2NiKfa3UY5YQUNOoismU0YHvNGRm0VIKhUZZq7DUyHigxAQqrPFjpqw3318gVHQXWwacCgcr6onQ48Ke/H7/Vop/dRNmK7T5CKQE/zP+S/j9AixxNsnZ/FUBiRXQIeQoonrzo45Uh+9DEsn4G91S7utwrxYVEkNLIjGu4h80zpgxHqODop9v5dsvpvje2MX2C84hRttjB+zM1K5T3/xyH+g2Hk7owg9aIZsE+th8cGCkl2BVMl9750+fx5+K7j4iPgbw+6cub09W99Na+tuOMWAJT0M/IHr3,iv:LDGFvr5s5WvigWGeKmjOlY2mKEjAu+So3n6pRbChE+Q=,tag:9gQhB5fcFHNk7IltvrygKQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -17,8 +16,7 @@ sops: MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-01T15:48:15Z" - mac: ENC[AES256_GCM,data:64DmkqcYlLtzL+9WcgvnSOjF25MiZFkbEsgKP/xLrBBvhqqqm4ev9tk8QGoA5NJPHen+GItX7D3lJgfTyjX6LXn6vLFQWemrEP2+A9hZxnwvtdBjSD5dEl6wHGgY4mvqTJupmpv6Gg8zXP1kh5vsO82Un03TcfyPHVVgmfagpOw=,iv:j/6jJjRoiTUfTW2SJ0Ui6dAVQO9Ij8zN2mrKEhIt7fY=,tag:6r/GNnG/lw42KbWgIBoIzQ==,type:str] - pgp: [] + lastmodified: "2025-12-29T14:31:21Z" + mac: ENC[AES256_GCM,data:K6gtlrWGtNvWwcE7zExB45kl9dxpA3zxbaqAFJd18HhVZb6VP1QRe2VcaoS/rlKBU508Z76sVuh/9hj7PBUMp+oPxWyxuUD4PUkYHxvELN4sHFzrJ+whXQVxCC81VwP6adA0fhwSyMxRLETf0tZo/09jTXMmbLZKZIDnFI5vbLs=,iv:Fg1tyIr4yKtdi0R1k+9j+1wxkAGtwvCGwGVHVQMfeuU=,tag:vND8ZazwY7i+DFj4nnTrsA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.11.0 diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index 7823b4e..d2f43b5 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -30,6 +30,8 @@ # ../../../disko/queen ]; + preservation.enable = lib.mkForce false; + services.anubis.instances.default.settings.TARGET = "http://localhost:8123"; # required due to unix socket permissions diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 1fd8765..c217eaf 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -5,12 +5,12 @@ config, pkgs, pkgs-edge, - stdenv, ... }: { imports = [ ./locale ./packages + ./preservation.nix inputs.home-manager.nixosModules.home-manager #../hosts/${config.networking.hostName}/hardware-configuration.nix ]; diff --git a/nixos/shared/packages/default.nix b/nixos/shared/packages/default.nix index 81400f0..e6ee20c 100644 --- a/nixos/shared/packages/default.nix +++ b/nixos/shared/packages/default.nix @@ -28,7 +28,7 @@ age alejandra e2fsprogs - uutils-findutils + # uutils-findutils git git-filter-repo pre-commit diff --git a/nixos/shared/preservation.nix b/nixos/shared/preservation.nix new file mode 100644 index 0000000..f79891c --- /dev/null +++ b/nixos/shared/preservation.nix @@ -0,0 +1,195 @@ +{...}: { + preservation = { + # the module doesn't do anything unless it is enabled + enable = true; + + preserveAt."/persistent" = { + # preserve system directories + directories = [ + #Shared + "/var/lib/sbctl" + "/var/lib/bluetooth" + "/var/lib/fprint" + "/var/lib/fwupd" + "/var/lib/libvirt" + "/var/lib/tpm2-tss" + "/var/lib/tpm2-udev-trigger" + "/var/lib/power-profiles-daemon" + "/var/lib/systemd/coredump" + "/var/lib/systemd/rfkill" + "/var/lib/systemd/timers" + "/var/log" + #Desktop + "/var/lib/decky-loader" + "/var/lib/flatpak" + #Server + "/var/lib/continuwuity" + "/var/lib/dhcpcd" + "/var/lib/docker" + "/var/lib/dovecot" + "/var/lib/forgejo" + "/var/lib/gotosocial" + "/var/lib/grafana" + "/var/lib/jellyfin" + "/var/lib/media" + "/var/lib/mollysocket" + "/var/lib/private" + "/var/lib/mysql" + "/var/lib/nextcloud" + "/var/lib/onlyoffice" + "/var/lib/postfix" + "/var/lib/postgresql" + "/var/lib/prometheus2" + "/var/lib/rabbitmq" + "/var/lib/redis-nextcloud" + "/var/lib/redis-rspamd" + "/var/lib/secrets" + "/var/lib/writefreely" + "/var/db" + "/var/dkim" + "/var/secrets" + "/var/sieve" + "/var/vmail" + "/var/mysql" + { + directory = "/var/lib/nixos"; + inInitrd = true; + } + ]; + + # preserve system files + files = [ + { + file = "/etc/machine-id"; + inInitrd = true; + } + { + file = "/etc/ssh/ssh_host_rsa_key"; + how = "symlink"; + configureParent = true; + } + { + file = "/etc/ssh/ssh_host_ed25519_key"; + how = "symlink"; + configureParent = true; + } + "/var/lib/usbguard/rules.conf" + + # creates a symlink on the volatile root + # creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd + # does not create an empty file at the symlink's target (would require `createLinkTarget = true`) + { + file = "/var/lib/systemd/random-seed"; + how = "symlink"; + inInitrd = true; + configureParent = true; + } + "/var/lib/systemd/tpm2-srk-public-key.pem" + "/var/lib/systemd/tpm2-srk-public-key.tpm2b_public" + ]; + + # preserve user-specific files, implies ownership + users = { + lillian = { + commonMountOptions = [ + "x-gvfs-hide" + ]; + directories = [ + { + directory = ".ssh"; + mode = "0700"; + } + #Desktop + "gnupg" + ".local/state/wireplumber" + ".local/share/direnv" + ".local/state/nix" + ".local/state/comma" + ".local/state/home-manager" + ".local/share/PrismLauncher" + ".local/share/qBittorrent" + ".local/share/kwalletd" + ".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it + ".local/share/lutris" + ".local/share/Nextcloud" + ".local/share/Steam" + ".local/share/zoxide" + ".local/share/flatpak" + ".local/share/applications" + ".local/share/firefoxpwa/" + ".local/share/com.nonpolynomial.intiface_central" + ".mozilla" + ".steam" + ".zsh" + ".pki" + ".tldrc" + ".thunderbird" + "Code" + "Writing" + ".config/kdeconnect" + ".config/Nextcloud" + ".config/noisetorch" + ".config/qBittorrent" + ".config/r2modman" + ".config/r2modmanPlus-local" + ".config/Ryujinx" + ".config/Signal" + ".config/sops" + ".config/vesktop" + ]; + #Shared + files = [ + ".z" + ".zsh_history" + ]; + }; + root = { + # specify user home when it is not `/home/${user}` + home = "/root"; + directories = [ + { + directory = ".ssh"; + mode = "0700"; + } + ]; + }; + }; + }; + }; + + # Create some directories with custom permissions. + # + # In this configuration the path `/home/butz/.local` is not an immediate parent + # of any persisted file, so it would be created with the systemd-tmpfiles default + # ownership `root:root` and mode `0755`. This would mean that the user `butz` + # could not create other files or directories inside `/home/butz/.local`. + # + # Therefore systemd-tmpfiles is used to prepare such directories with + # appropriate permissions. + # + # Note that immediate parent directories of persisted files can also be + # configured with ownership and permissions from the `parent` settings if + # `configureParent = true` is set for the file. + systemd.tmpfiles.settings.preservation = { + "/home/lillian/.config".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local/share".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + "/home/lillian/.local/state".d = { + user = "lillian"; + group = "users"; + mode = "0755"; + }; + }; +} diff --git a/overlays/flake.nix b/overlays/flake.nix new file mode 100644 index 0000000..cfa353a --- /dev/null +++ b/overlays/flake.nix @@ -0,0 +1,110 @@ +{ + description = "An overlay to remove fascist artifacts"; + + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + + outputs = { self, nixpkgs }: { + overlays.antifa = final: prev: + let + patchSystemd = d: d.overrideAttrs (old: { + # https://github.com/systemd/systemd/pull/39285 + patches = old.patches ++ [ ./systemd-detect-fash.patch ]; + }); + disableAuthor = author: throw '' + This package was disabled by nixpkgs-antifa because: it is authored by ${author} + ''; + disableCorp = corp: throw '' + This package was disabled by nixpkgs-antifa because: it exclusively integrates with offerings from ${corp} + ''; + # NB: not listing out culture names in code -- yet + disablePropaganda = throw '' + This package was disabled by nixpkgs-antifa because: it is ethnonationalist propaganda + ''; + in rec { + # https://lix.systems/add-to-config/#flake-based-configurations + inherit (prev.lixPackageSets.stable) lix nixpkgs-review nix-eval-jobs nix-fast-build colmena; + nix = lix; + + certmgr = disableAuthor "Cloudflare"; + cf-terraforming = disableAuthor "Cloudflare"; + cf-vault = disableCorp "Cloudflare"; + cfdyndns = disableCorp "Cloudflare"; + cfssl = disableAuthor "Cloudflare"; + cloudflare-cli = disableCorp "Cloudflare"; + cloudflare-dynamic-dns = disableCorp "Cloudflare"; + cloudflare-dyndns = disableCorp "Cloudflare"; + cloudflare-utils = disableCorp "Cloudflare"; + cloudflare-warp = disableAuthor "Cloudflare"; + cloudflared = disableAuthor "Cloudflare"; + flarectl = disableAuthor "Cloudflare"; + gortr = disableAuthor "Cloudflare"; + prometheus-cloudflare-exporter = disableCorp "Cloudflare"; + proski = disableCorp "Cloudflare"; + wgcf = disableCorp "Cloudflare"; + worker-build = disableAuthor "Cloudflare"; + wrangler = disableAuthor "Cloudflare"; + wrangler_1 = disableAuthor "Cloudflare"; + gnomeExtensions.warp-toggle = disableCorp "Cloudflare"; + octodns-providers.cloudflare = disableCorp "Cloudflare"; + pythonPackages.certbot-dns-cloudflare = disableCorp "Cloudflare"; + pythonPackages.cloudflare = disableAuthor "Cloudflare"; + pythonPackages.pycfdns = disableCorp "Cloudflare"; + terraform-providers.cloudflare = disableCorp "Cloudflare"; + + brave = disableAuthor "Brendan Eich"; + + ladybird = disableAuthor "Andreas Kling"; + + palemoon = disableAuthor "Moonchild Straver"; + + _9base = disableAuthor "suckless"; + dmenu = disableAuthor "suckless"; + dwm = disableAuthor "suckless"; + farbfeld = disableAuthor "suckless"; + ii = disableAuthor "suckless"; + libgrapheme = disableAuthor "suckless"; + quark = disableAuthor "suckless"; + sent = disableAuthor "suckless"; + sic = disableAuthor "suckless"; + sinit = disableAuthor "suckless"; + slock = disableAuthor "suckless"; + slstatus = disableAuthor "suckless"; + sselp = disableAuthor "suckless"; + st = disableAuthor "suckless"; + surf = disableAuthor "suckless"; + svkbd = disableAuthor "suckless"; + tabbed = disableAuthor "suckless"; + wmname = disableAuthor "suckless"; + xssstate = disableAuthor "suckless"; + + blink = disableAuthor "Justine Tunney"; + cosmopolitan = disableAuthor "Justine Tunney"; + jart-jsoncpp = disableAuthor "Justine Tunney"; + pythonPackages.fabulous = disableAuthor "Justine Tunney"; + + hyprland = disableAuthor "Vaxry"; + + tailwindcss = disableAuthor "Adam Wathan"; + + urbit = disableAuthor "Curtis Yarvin"; + + bibletime = disablePropaganda; + biblesync = disablePropaganda; + grb = disablePropaganda; + kjv = disablePropaganda; + lukesmithxyz-bible-kjv = disablePropaganda; + sword = disablePropaganda; + vul = disablePropaganda; + xiphos = disablePropaganda; + + gnomeExtensions.quran-player = disablePropaganda; + + emacsPackages.holy-books = disablePropaganda; + + systemd = patchSystemd prev.systemd; + }; + nixosModules.antifa = { lib, pkgs, ... }: { + nix.package = lib.mkForce pkgs.lix; + }; + }; +} diff --git a/overlays/systemd-detect-fash.patch b/overlays/systemd-detect-fash.patch new file mode 100644 index 0000000..a7c8cd6 --- /dev/null +++ b/overlays/systemd-detect-fash.patch @@ -0,0 +1,554 @@ +From f09346dd2ceb30d0c7ea03bbd0099967e7e54be0 Mon Sep 17 00:00:00 2001 +From: soscho2143 +Date: Sun, 12 Oct 2025 13:52:36 -0400 +Subject: [PATCH 1/2] detect-fash: implement systemd-detect-fash + +--- + man/systemd-detect-fash.xml | 131 +++++++++ + shell-completion/bash/systemd-detect-fash | 40 +++ + src/detect-fash/detect-fash.c | 312 ++++++++++++++++++++++ + src/detect-fash/meson.build | 9 + + 4 files changed, 492 insertions(+) + create mode 100644 man/systemd-detect-fash.xml + create mode 100644 shell-completion/bash/systemd-detect-fash + create mode 100644 src/detect-fash/detect-fash.c + create mode 100644 src/detect-fash/meson.build + +diff --git a/man/systemd-detect-fash.xml b/man/systemd-detect-fash.xml +new file mode 100644 +index 0000000000000..aaebf4e48650b +--- /dev/null ++++ b/man/systemd-detect-fash.xml +@@ -0,0 +1,131 @@ ++ ++ ++ ++ ++ ++ ++ ++ systemd-detect-fash ++ systemd ++ ++ ++ ++ systemd-detect-fash ++ 1 ++ ++ ++ ++ systemd-detect-fash ++ Detect execution in a fascist environment ++ ++ ++ ++ ++ systemd-detect-fash ++ OPTIONS ++ ++ ++ ++ ++ Description ++ ++ systemd-detect-fash detects execution in ++ a fascist environment. It identifies the fascist ++ technology and can distinguish full machine fascism from ++ installed fashware. systemd-detect-fash ++ exits with a return value of 0 (success) if a fascism ++ technology is detected, and non-zero (error) otherwise. ++ ++ When executed without will print a ++ short identifier for the detected fascist technology. The ++ following technologies are currently identified: ++ ++ ++ Known fascist technologies ++ ++ ++ ++ ++ ++ ++ Type ++ ID ++ Product ++ ++ ++ ++ ++ omarchy ++ Omarchy linux distro. Detected by checking os-release. ++ ++ ++ ++ ladybird ++ Ladybird browser. Detected by checking for "ladybird" binary in path. ++ ++ ++ ++ hyprland ++ Hyperland window manager. Detected by checking the existence of hyprland config files on disk. ++ ++ ++ ++ dhh ++ Checks for DHH's public key on disk. ++ ++ ++ ++
++ ++ ++ ++ Options ++ ++ The following options are understood: ++ ++ ++ ++ ++ ++ ++ Only detects if os-release is Omarchy. ++ ++ ++ ++ ++ ++ ++ Only detects Hyprland. ++ ++ ++ ++ ++ ++ ++ Only detects Ladybird. ++ ++ ++ ++ ++ ++ ++ Only detects DHH. ++ ++ ++ ++ ++ ++ ++ Suppress output of the fascist technology identifier. ++ ++ ++ ++ ++ Exit status ++ ++ If a fascist technology is detected, 0 is returned, a ++ non-zero code otherwise. ++ ++ +diff --git a/shell-completion/bash/systemd-detect-fash b/shell-completion/bash/systemd-detect-fash +new file mode 100644 +index 0000000000000..dc2a7f5f4774a +--- /dev/null ++++ b/shell-completion/bash/systemd-detect-fash +@@ -0,0 +1,40 @@ ++# shellcheck shell=bash ++# systemd-detect-fash(1) completion -*- shell-script -*- ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++# ++# systemd is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public License ++# along with systemd; If not, see . ++ ++__contains_word() { ++ local w word=$1; shift ++ for w in "$@"; do ++ [[ $w = "$word" ]] && return ++ done ++} ++ ++_systemd_detect_fash() { ++ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword ++ local i verb comps ++ ++ local -A OPTS=( ++ [STANDALONE]='-h --help --version -q --quiet -o --omarchy -l --ladybird -y --hyprland -d --dhh' ++ ) ++ ++ _init_completion || return ++ ++ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) ++} ++ ++complete -F _systemd_detect_fash systemd-detect-fash +diff --git a/src/detect-fash/detect-fash.c b/src/detect-fash/detect-fash.c +new file mode 100644 +index 0000000000000..311547ec6a619 +--- /dev/null ++++ b/src/detect-fash/detect-fash.c +@@ -0,0 +1,312 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "alloc-util.h" ++#include "build.h" ++#include "log.h" ++#include "main-func.h" ++#include "pretty-print.h" ++#include "string-table.h" ++ ++static bool arg_quiet = false; ++static enum { ++ ANY_FASCISM, ++ ONLY_LADYBIRD, ++ ONLY_OMARCHY, ++ ONLY_HYPRLAND, ++ ONLY_DHH ++} arg_mode = ANY_FASCISM; ++ ++/* detects if os-release is omarchy */ ++static int detect_omarchy(void) { ++ const char *term = "omarchy"; ++ const int len = 256; ++ ++ /* if we cannot access os-release we cannot check */ ++ if (access("/etc/os-release", F_OK) != 0) ++ return -1; ++ ++ FILE *osfile = fopen("/etc/os-release", "r"); ++ char os[len]; ++ fgets(os, len, osfile); ++ if (strcasestr(os, term) != NULL) ++ return 1; ++ ++ return 0; ++} ++ ++/* ++ detects if the LadyBird browser ++ has been built on this machine ++ or if the binary exists in $PATH ++*/ ++static unsigned detect_ladybird(void) { ++ ++ /* name of the ladybird binary */ ++ const char* ladybird_bin = "/ladybird"; ++ ++ /* check if build variable is available */ ++ char* LADYBIRD_SOURCE_DIR = getenv("LADYBIRD_SOURCE_DIR"); ++ if (LADYBIRD_SOURCE_DIR != NULL) ++ return 1; ++ ++ char* PATH = getenv("PATH"); ++ if (PATH == NULL) ++ return 0; ++ ++ /* this value will get mutated so we need to duplicate it */ ++ char* path = strdup(PATH); ++ /* loop through PATH until we find a file named "ladybird" */ ++ char* path_iter = strtok(path, ":"); ++ char* abs_path = malloc(256); ++ while (path_iter != NULL) { ++ strncat(abs_path, path_iter, 128); ++ strncat(abs_path, ladybird_bin, 128); ++ /* if we do NOT find the binary at current path, keep going */ ++ if (access(abs_path, F_OK) != 0){ ++ path_iter = strtok(NULL, ":"); ++ abs_path[0] = 0; ++ continue; ++ } ++ free(abs_path); ++ free(path); ++ return 1; ++ } ++ free(abs_path); ++ free(path); ++ return 0; ++} ++ ++/* detects if hyprland is installed */ ++static unsigned detect_hyprland(void) { ++ const char* hyprland_config = "/hypr/hyprland.conf"; ++ const char* XDG_CONFIG_HOME = getenv("XDG_CONFIG_HOME"); ++ const char* HOME = getenv("HOME"); ++ int maxlen = 128; ++ ++ char *hyprland_abs_path = malloc(maxlen); ++ ++ if (XDG_CONFIG_HOME != NULL) { ++ strncat(hyprland_abs_path, XDG_CONFIG_HOME, maxlen - strlen(hyprland_config)); ++ } else if (HOME != NULL) { ++ strncat(hyprland_abs_path, HOME, maxlen - strlen(hyprland_config)); ++ strcat(hyprland_abs_path, "/.config"); ++ } else { ++ return 0; ++ } ++ strcat(hyprland_abs_path, hyprland_config); ++ if (access(hyprland_abs_path, F_OK) == 0){ ++ free(hyprland_abs_path); ++ return 1; ++ } ++ free(hyprland_abs_path); ++ return 0; ++} ++ ++/* detects if this is dhh's computer using his ssh pubkey */ ++static int detect_dhh(void) { ++ /* fingerprint of dhh's ssh public key */ ++ const char *dhh_fingerprint = "SHA256:YCKX7xo5Hkihy/NVH5ang8Oty9q8Vvqu4sxI7EbDxPg"; ++ /* path to ssh pubkey */ ++ const char *ssh_pubkey = "/.ssh/id_ed25519.pub"; ++ /* command to generate fingerprint */ ++ const char *ssh_fingerpint_cmd = "ssh-keygen -E sha256 -lf "; ++ ++ /* get the home directory */ ++ char *HOME = getenv("HOME"); ++ ++ if (HOME == NULL) ++ return -1; ++ /* check if we have read access to the public key on disk */ ++ char *ssh_pubkey_abs_path = (char *)malloc(strlen(HOME) + strlen(ssh_pubkey) + 1); ++ ssh_pubkey_abs_path[0] = 0; ++ strcat(ssh_pubkey_abs_path, HOME); ++ strcat(ssh_pubkey_abs_path, ssh_pubkey); ++ if (access(ssh_pubkey_abs_path, F_OK) != 0) ++ return 0; ++ ++ /* generate a fingerprint of it */ ++ char *get_fingerprint_cmd = (char *)malloc(strlen(ssh_fingerpint_cmd) + strlen(ssh_pubkey_abs_path) + 1); ++ get_fingerprint_cmd[0] = 0; ++ strcat(get_fingerprint_cmd, ssh_fingerpint_cmd); ++ strcat(get_fingerprint_cmd, ssh_pubkey_abs_path); ++ ++ char fingerprint[70]; ++ FILE *fingerprint_cmd_output = popen(get_fingerprint_cmd, "r"); ++ ++ if (fingerprint_cmd_output == NULL) ++ return -1; ++ fgets(fingerprint, 70, fingerprint_cmd_output); ++ ++ /* free memory */ ++ pclose(fingerprint_cmd_output); ++ free(ssh_pubkey_abs_path); ++ free(get_fingerprint_cmd); ++ ++ /* comare it to DHH's fingerprint */ ++ if (strstr(fingerprint, dhh_fingerprint) != NULL) ++ return 1; ++ return 0; ++} ++ ++static int help(void) { ++ _cleanup_free_ char *link = NULL; ++ int r; ++ ++ r = terminal_urlify_man("systemd-detect-fash", "1", &link); ++ if (r < 0) ++ return log_oom(); ++ ++ printf("%s [OPTIONS...]\n\n" ++ "Detect execution in a fascist environment.\n\n" ++ " -h --help Show this help\n" ++ " --version Show package version\n" ++ " -q --quiet Quiet mode\n" ++ " -o --omarchy Only detect omarchy\n" ++ " -l --ladybird Only detect ladybird\n" ++ " -y --hyprland Only detect hyprland\n" ++ " -d --dhh Only detect dhh\n" ++ "\nSee the %s for details.\n", ++ program_invocation_short_name, ++ link); ++ ++ return 0; ++} ++ ++static int parse_argv(int argc, char *argv[]) { ++ ++ enum { ++ ARG_VERSION = 0x100, ++ ARG_OMARCHY, ++ ARG_LADYBIRD, ++ ARG_HYPRLAND, ++ ARG_DHH ++ }; ++ ++ static const struct option options[] = { ++ { "help", no_argument, NULL, 'h' }, ++ { "version", no_argument, NULL, ARG_VERSION }, ++ { "omarchy", no_argument, NULL, 'o' }, ++ { "ladybird", no_argument, NULL, 'l' }, ++ { "hyprland", no_argument, NULL, 'y' }, ++ { "dhh", no_argument, NULL, 'd' }, ++ {} ++ }; ++ ++ int c; ++ ++ assert(argc >= 0); ++ assert(argv); ++ ++ while ((c = getopt_long(argc, argv, "hqolyd", options, NULL)) >= 0) ++ ++ switch (c) { ++ ++ case 'h': ++ return help(); ++ ++ case ARG_VERSION: ++ return version(); ++ ++ case 'q': ++ arg_quiet = true; ++ break; ++ ++ case 'l': ++ arg_mode = ONLY_LADYBIRD; ++ break; ++ ++ case 'o': ++ arg_mode = ONLY_OMARCHY; ++ break; ++ ++ case 'y': ++ arg_mode = ONLY_HYPRLAND; ++ break; ++ ++ case 'd': ++ arg_mode = ONLY_DHH; ++ break; ++ ++ case '?': ++ return -EINVAL; ++ ++ default: ++ assert_not_reached(); ++ } ++ return 1; ++} ++ ++static int run(int argc, char *argv[]) { ++ int dhh = 0; ++ int hyprland = 0; ++ int ladybird = 0; ++ int omarchy = 0; ++ int fascism = 0; ++ int r; ++ ++ /* This is mostly intended to be used for scripts which want ++ * to detect whether we are being run in a fascist ++ * environment or not */ ++ ++ log_setup(); ++ ++ r = parse_argv(argc, argv); ++ if (r <= 0) ++ return r; ++ ++ switch (arg_mode) { ++ case ONLY_OMARCHY: ++ omarchy = detect_omarchy(); ++ fascism = omarchy; ++ if (omarchy < 0) ++ return log_error_errno(fascism, "Failed to check for omarchy: %m"); ++ break; ++ ++ case ONLY_LADYBIRD: ++ ladybird = detect_ladybird(); ++ fascism = ladybird; ++ if (ladybird < 0) ++ return log_error_errno(fascism, "Failed to check for ladybird: %m"); ++ break; ++ ++ case ONLY_HYPRLAND: ++ hyprland = detect_hyprland(); ++ fascism = hyprland; ++ if (hyprland < 0) ++ return log_error_errno(fascism, "Failed to check for hyprland: %m"); ++ break; ++ ++ case ONLY_DHH: ++ dhh = detect_dhh(); ++ fascism = dhh; ++ if (dhh < 0) ++ return log_error_errno(fascism, "Failed to check for dhh: %m"); ++ break; ++ ++ case ANY_FASCISM: ++ default: ++ ladybird = detect_ladybird(); ++ omarchy = detect_omarchy(); ++ hyprland = detect_hyprland(); ++ dhh = detect_dhh(); ++ fascism = (ladybird | omarchy | hyprland | dhh); ++ if (fascism < 0) ++ return log_error_errno(fascism, "Failed to check for fascism: %m"); ++ } ++ ++ if (!arg_quiet) { ++ if (ladybird) puts("ladybird"); ++ if (omarchy) puts("omarchy"); ++ if (dhh) puts("dhh"); ++ if (hyprland) puts("hyprland"); ++ } ++ return fascism; ++} ++ ++DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run); +diff --git a/src/detect-fash/meson.build b/src/detect-fash/meson.build +new file mode 100644 +index 0000000000000..f4cca34117e7b +--- /dev/null ++++ b/src/detect-fash/meson.build +@@ -0,0 +1,9 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++executables += [ ++ executable_template + { ++ 'name' : 'systemd-detect-fash', ++ 'public' : true, ++ 'sources' : files('detect-fash.c'), ++ }, ++] + +From 825072a331cb6d7464eb4479c4998ab0d020e32f Mon Sep 17 00:00:00 2001 +From: soscho2143 +Date: Sun, 12 Oct 2025 14:18:49 -0400 +Subject: [PATCH 2/2] detect-fash: added to meson.build + +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index c67e7b6c30de4..76c625d22080d 100644 +--- a/meson.build ++++ b/meson.build +@@ -2353,6 +2353,7 @@ subdir('src/cryptenroll') + subdir('src/cryptsetup') + subdir('src/debug-generator') + subdir('src/delta') ++subdir('src/detect-fash') + subdir('src/detect-virt') + subdir('src/dissect') + subdir('src/environment-d-generator')