Fix zitadel config

Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=b47efe67031e12a2d5560b94fdb4de7dca3df80c' (2024-08-11)

flake.lock

@@ -66,11 +66,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1727447169,
-        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
+        "lastModified": 1718194053,
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728330715,
-        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
+        "lastModified": 1722113426,
+        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
+        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
         "type": "github"
       },
       "original": {
@@ -107,11 +107,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730190761,
-        "narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=",
+        "lastModified": 1723080788,
+        "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "3979285062d6781525cded0f6c4ff92e71376b55",
+        "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
         "type": "github"
       },
       "original": {
@@ -123,11 +123,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1730292897,
-        "narHash": "sha256-2TzbuzEZ+pSBKZgtTcIDVnB1FXVKHX3bgOolgWsqerM=",
+        "lastModified": 1723137499,
+        "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "1ddcd160fd349130aa71473adc217de304d673ee",
+        "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
         "type": "github"
       },
       "original": {
@@ -206,11 +206,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
         "type": "github"
       },
       "original": {
@@ -233,11 +233,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730302582,
-        "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
+        "lastModified": 1722857853,
+        "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
+        "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
         "type": "github"
       },
       "original": {
@@ -313,11 +313,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726989464,
-        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "lastModified": 1720042825,
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
         "type": "github"
       },
       "original": {
@@ -335,11 +335,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726989464,
-        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "lastModified": 1720042825,
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
         "type": "github"
       },
       "original": {
@@ -373,11 +373,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730448474,
-        "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
+        "lastModified": 1722924007,
+        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
+        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
         "type": "github"
       },
       "original": {
@@ -388,11 +388,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1730537918,
-        "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
+        "lastModified": 1723310128,
+        "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
+        "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
         "type": "github"
       },
       "original": {
@@ -459,11 +459,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1730531603,
-        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+        "lastModified": 1723175592,
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
         "type": "github"
       },
       "original": {
@@ -490,11 +490,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1730327045,
-        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
+        "lastModified": 1723282977,
+        "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
+        "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
         "type": "github"
       },
       "original": {
@@ -517,11 +517,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1730550779,
-        "narHash": "sha256-2stntmqw/GBOVEoPV4oCLHZljpeSBfZn8wkcJpei+ng=",
+        "lastModified": 1722925293,
+        "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "91c06026075f08a3c865fdc46cc6db8e2af35a1e",
+        "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2",
         "type": "github"
       },
       "original": {
@@ -541,11 +541,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730635861,
-        "narHash": "sha256-Npp3pl9aeAiq+wZPDbw2ZxybNuZWyuN7AY6fik56DCo=",
+        "lastModified": 1723232379,
+        "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "293668587937daae1df085ee36d2b2d0792b7a0f",
+        "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57",
         "type": "github"
       },
       "original": {
@@ -576,11 +576,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1724093899,
-        "narHash": "sha256-VohYwTIBq7NEssFibuu+HMXXwuCoLmMOmEwQf7sESSI=",
+        "lastModified": 1723385164,
+        "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=",
         "ref": "refs/heads/master",
-        "rev": "7f5901bb5d6eeaa94d7e1f18f66093be9df014e4",
-        "revCount": 27,
+        "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c",
+        "revCount": 24,
         "type": "git",
         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
       },
@@ -658,11 +658,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730321837,
-        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
+        "lastModified": 1722330636,
+        "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
+        "rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
         "type": "github"
       },
       "original": {

flake.nix

@@ -112,12 +112,7 @@
         magicRollback = true;
         autoRollback = true;
         sshUser = "root";
-        nodes = lib.genAttrs [
-          "mail"
-          # "pi"
-          # "skycam"
-          "vps1"
-        ] mkDeployNode;
+        nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
       };
 
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

hosts/desktop.nix

@@ -6,10 +6,10 @@
   ];
 
   nixpkgs.overlays = [
-    (import ../overlays/gnome.nix)
+    (import ../overlays/gnome)
   ];
 
-  services.printing.enable = false;
+  services.printing.enable = true;
   services.openssh.startWhenNeeded = true;
 
   sound.enable = true;

hosts/eos/hardware-configuration.nix

@@ -7,12 +7,11 @@
 
   boot = {
     initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+    initrd.kernelModules = [ ];
     initrd.supportedFilesystems = [ "zfs" ];
-    kernel.sysctl = {
-      "kernel.nmi_watchdog" = 0;
-      "vm.laptop_mode" = 5;
-    };
+    kernelModules = [ ];
     kernelParams = [ "elevator=none" ];
+    extraModulePackages = [ ];
     supportedFilesystems = [ "zfs" ];
   };
 

hosts/hypnos/hardware-configuration.nix

@@ -7,10 +7,6 @@
 
   boot = {
     initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-    kernel.sysctl = {
-      "kernel.nmi_watchdog" = 0;
-      "vm.laptop_mode" = 5;
-    };
     kernelModules = [ "applesmc" "kvm-intel" "wl" ];
     extraModulePackages = [
       config.boot.kernelPackages.broadcom_sta

hosts/skycam/default.nix

@@ -55,7 +55,7 @@
   '';
 
   nixpkgs.overlays = [
-    (import ./../../overlays/libcamera.nix)
+    (import ./../../overlays/libcamera)
   ];
 
   networking = {

hosts/vps1/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, lib, self, ... }:
 
 {
   imports = [
@@ -37,44 +37,91 @@
     groups = {
       jellyfin = { };
     };
-    extraGroups.acme.members = [ "kanidm" "nginx" ];
   };
 
   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
 
-  security.acme.certs."auth.vimium.com" = {
-    postRun = "systemctl restart kanidm.service";
-    group = "acme";
+  services.postgresql = {
+    ensureUsers = [
+      {
+        name = "zitadel";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          superuser = true;
+        };
+      }
+    ];
+    ensureDatabases = [ "zitadel" ];
   };
 
-  services.kanidm = let
-    baseDomain = "vimium.com";
-    domain = "auth.${baseDomain}";
-    uri = "https://${domain}";
-  in {
-    package = pkgs.unstable.kanidm;
-    enableClient = true;
-    enableServer = true;
-    clientSettings = {
-      inherit uri;
-    };
-    serverSettings = {
-      bindaddress = "[::1]:3013";
-      ldapbindaddress = "[::1]:636";
-      domain = baseDomain;
-      origin = uri;
-      tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
-      tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
-    };
+  age.secrets."files/services/zitadel/masterkey" = {
+    file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
+    owner = "zitadel";
+    group = "zitadel";
   };
 
-  services.nginx.virtualHosts = {
-    "auth.vimium.com" = {
-      useACMEHost = "auth.vimium.com";
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "https://[::1]:3013";
+  systemd.services.zitadel = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };
+
+  services.zitadel = {
+    enable = true;
+    masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
+    settings = {
+      Database.postgres = {
+        Host = "/run/postgresql";
+        Port = 5432;
+        Database = "zitadel";
+        User = {
+          Username = "zitadel";
+          SSL.Mode = "disable";
+        };
+        Admin = {
+          ExistingDatabase = "zitadel";
+          Username = "zitadel";
+          SSL.Mode = "disable";
+        };
       };
+      ExternalDomain = "id.vimium.com";
+      ExternalPort = 443;
+      ExternalSecure = true;
+      Machine = {
+        Identification = {
+          Hostname.Enabled = true;
+          PrivateIp.Enabled = false;
+          Webhook.Enabled = false;
+        };
+      };
+      Port = 8081;
+      WebAuthNName = "Vimium";
+    };
+    steps.FirstInstance = {
+      InstanceName = "Vimium";
+      Org.Name = "Vimium";
+      Org.Human = {
+        UserName = "jordan@vimium.com";
+        FirstName = "Jordan";
+        LastName = "Holt";
+        Email = {
+          Address = "jordan@vimium.com";
+          Verified = true;
+        };
+        Password = "Password1!";
+        PasswordChangeRequired = true;
+      };
+      LoginPolicy.AllowRegister = false;
+    };
+  };
+
+  services.nginx.virtualHosts."id.vimium.com" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      extraConfig = ''
+        grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
+        grpc_set_header Host $host:$server_port;
+      '';
     };
   };
 

modules/databases/postgresql.nix

@@ -17,6 +17,7 @@ in {
   config = lib.mkIf cfg.enable {
     services.postgresql = {
       enable = true;
+      enableJIT = true;
       initdbArgs = [
         "--allow-group-access"
         "--encoding=UTF8"

modules/default.nix

@@ -32,7 +32,6 @@
     ./editors/neovim
     ./editors/vscode.nix
     ./hardware/presonus-studio.nix
-    ./networking/netbird.nix
     ./networking/tailscale.nix
     ./networking/wireless.nix
     ./security/gpg.nix

modules/desktop/gnome.nix

@@ -77,6 +77,7 @@ in {
           "appindicatorsupport@rgcjonas.gmail.com"
           # "arcmenu@arcmenu.com"
           "blur-my-shell@aunetx"
+          # "browser-tabs@com.github.harshadgavali"
           "burn-my-windows@schneegans.github.com"
           "clipboard-indicator@tudmotu.com"
           "CoverflowAltTab@palatis.blogspot.com"
@@ -88,13 +89,14 @@ in {
           # "forge@jmmaranan.com"
           "gsconnect@andyholmes.github.io"
           # "gSnap@micahosborne"
-          "hidetopbar@mathieu.bidon.ca"
+          # "hidetopbar@mathieu.bidon.ca"
           "just-perfection-desktop@just-perfection"
           # "mediacontrols@cliffniff.github.com"
           # "mousefollowsfocus@matthes.biz"
           # "pano@elhan.io"
           # "paperwm@hedning:matrix.org"
           "pip-on-top@rafostar.github.com"
+          # "rounded-window-corners@yilozt"
           # "search-light@icedman.github.com"
           # "smart-auto-move@khimaros.com"
           "space-bar@luchrioh"
@@ -248,6 +250,7 @@ in {
       gnomeExtensions.appindicator
       gnomeExtensions.arcmenu
       gnomeExtensions.blur-my-shell
+      gnomeExtensions.browser-tabs
       gnomeExtensions.burn-my-windows
       gnomeExtensions.clipboard-indicator
       gnomeExtensions.coverflow-alt-tab
@@ -266,6 +269,7 @@ in {
       gnomeExtensions.pano
       gnomeExtensions.paperwm
       gnomeExtensions.pip-on-top
+      gnomeExtensions.rounded-window-corners
       gnomeExtensions.search-light
       gnomeExtensions.smart-auto-move
       gnomeExtensions.space-bar

modules/networking/netbird.nix

@@ -1,70 +0,0 @@
-{ config, lib, self, ... }:
-
-let
-  cfg = config.modules.networking.netbird;
-  hostname = config.networking.hostName;
-in {
-  options.modules.networking.netbird = {
-    enable = lib.mkEnableOption "netbird";
-    coordinatorDomain = lib.mkOption {
-      type = lib.types.str;
-      default = "netbird.vimium.net";
-    };
-    meshDomain = lib.mkOption {
-      type = lib.types.str;
-      default = "mesh.vimium.net";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    age.secrets."passwords/services/netbird/data-store-encryption-key" = {
-      file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
-    };
-
-    services.netbird = {
-      enable = true;
-    };
-
-    services.netbird.server = {
-      domain = cfg.coordinatorDomain;
-      enable = true;
-      enableNginx = true;
-      dashboard.settings = {
-        AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
-      };
-      management = rec {
-        disableAnonymousMetrics = true;
-        dnsDomain = cfg.meshDomain;
-        oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
-        settings = {
-          DataStoreEncryptionKey = {
-            _secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
-          };
-          HttpConfig = {
-            AuthAudience = "netbird";
-          };
-          StoreConfig = { Engine = "sqlite"; };
-          TURNConfig = {
-            Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
-            TimeBasedCredentials = true;
-          };
-          PKCEAuthorizationFlow.ProviderConfig = {
-            AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
-            TokenEndpoint = "https://auth.vimium.com/oauth2/token";
-          };
-        };
-        singleAccountModeDomain = dnsDomain;
-        turnDomain = config.services.coturn.realm;
-        turnPort = config.services.coturn.listening-port;
-      };
-    };
-
-    systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
-    systemd.services.netbird-management.serviceConfig.RestartSec = "60";
-
-    services.nginx.virtualHosts."netbird.vimium.net" = {
-      enableACME = true;
-      forceSSL = true;
-    };
-  };
-}

modules/services/headscale/default.nix

@@ -1,17 +1,19 @@
 { config, lib, pkgs, ... }:
 
+with lib;
+
 let
   cfg = config.modules.services.headscale;
   fqdn = "headscale.vimium.net";
 in {
   options.modules.services.headscale = {
-    enable = lib.mkOption {
+    enable = mkOption {
       default = false;
       example = true;
     };
   };
 
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.headscale ];
 
     services.headscale = {
@@ -20,16 +22,10 @@ in {
       port = 8080;
 
       settings = {
-        acl_policy_path = null;
         ip_prefixes = [
           "100.64.0.0/10"
         ];
         server_url = "https://${fqdn}";
-        derp = {
-          auto_update_enable = false;
-          update_frequency = "24h";
-          urls = [];
-        };
         dns_config = {
           base_domain = "vimium.net";
           extra_records = [
@@ -44,10 +40,6 @@ in {
               value = "100.64.0.7";
             }
           ];
-          magic_dns = true;
-          nameservers = [
-            "9.9.9.9"
-          ];
         };
         logtail.enabled = false;
       };

modules/services/matrix/default.nix

@@ -171,11 +171,6 @@ in {
       };
     } else {});
 
-    nixpkgs.config.permittedInsecurePackages = [
-      "jitsi-meet-1.0.8043"
-      "olm-3.2.16"
-    ];
-
     services.matrix-synapse = {
       enable = true;
       enableRegistrationScript = true;

modules/services/nginx/default.nix

@@ -118,12 +118,8 @@ in {
           serverAliases = [ "www.jdholt.com" ];
           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
           locations."/skycam/snapshot.jpg" = {
+            proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
             extraConfig = ''
-              set $backend "skycam.mesh.vimium.net:8080";
-
-              resolver 100.100.100.100;
-
-              proxy_pass http://$backend/snapshot;
               proxy_cache skycam_cache;
               proxy_cache_valid any 10s;
               proxy_ignore_headers Cache-Control Expires Set-Cookie;

overlays/gnome/default.nix

@@ -4,7 +4,7 @@ final: prev:
     mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
       src = prev.fetchurl {
         url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
-        sha256 = "9MVb53tcOTkcXJ025bF2kX1+fGSfffliA43q00x2c/Y=";
+        sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
       };
     });
   });