flake.lock: Update

Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4?narHash=sha256-iYh6h8yueU8IyOfNclbiBG2%2BfBFcjjUfXm90ZBzk0c0%3D' (2024-11-20)
  → 'github:nix-community/disko/341482e2f4d888e3f60cae1c12c3df896e7230d8?narHash=sha256-i%2BUw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk%3D' (2024-11-27)
• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/823756d8ddd21cfd3a24a87dad402e490e0eb5ee?narHash=sha256-lf9MQs8%2BNUvQd8b5t%2B7c4kLqUQixGO9WwWcLa1XYuiQ%3D' (2024-11-03)
  → 'github:rafaelmardojai/firefox-gnome-theme/ef6ac4285eaac6053338a6240bc615902a839493?narHash=sha256-k7v5PE6OcqMkC/u7aokwcxKDmTKM%2BejiZGCsH9MK0s0%3D' (2024-11-28)
• Updated input 'home-manager':
    'github:nix-community/home-manager/aecd341dfead1c3ef7a3c15468ecd71e8343b7c6?narHash=sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg%3D' (2024-11-17)
  → 'github:nix-community/home-manager/f3111f62a23451114433888902a55cf0692b408d?narHash=sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c%3D' (2024-11-24)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6?narHash=sha256-UhWmEZhwJZmVZ1jfHZFzCg%2BZLO9Tb/v3Y6LC0UNyeTo%3D' (2024-11-16)
  → 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405?narHash=sha256-kF6rDeCshoCgmQz%2B7uiuPdREVFuzhIorGOoPXMalL2U%3D' (2024-11-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/057f63b6dc1a2c67301286152eb5af20747a9cb4?narHash=sha256-v5P3dk5JdiT%2B4x69ZaB18B8%2BRcu3TIOrcdG4uEX7WZ8%3D' (2024-11-16)
  → 'github:NixOS/nixpkgs/0c582677378f2d9ffcb01490af2f2c678dcb29d3?narHash=sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4%3D' (2024-11-23)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/23e89b7da85c3640bbc2173fe04f4bd114342367?narHash=sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w%3D' (2024-11-19)
  → 'github:NixOS/nixpkgs/4633a7c72337ea8fd23a4f2ba3972865e3ec685d?narHash=sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0%3D' (2024-11-25)
• Updated input 'nixvim':
    'github:nix-community/nixvim/2f71c4250bef7a52fe21bd00d1e58c119f62008c?narHash=sha256-lh2Qi8gd1SwJVGo7gJjoFvS/djS5Nimaw25j792PJjM%3D' (2024-11-20)
  → 'github:nix-community/nixvim/fc9178d124eba824f1862513314d351784e1a84c?narHash=sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748%3D' (2024-11-27)
• Updated input 'nixvim/home-manager':
    'github:nix-community/home-manager/a46e702093a5c46e192243edbd977d5749e7f294?narHash=sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo%3D' (2024-11-19)
  → 'github:nix-community/home-manager/a9953635d7f34e7358d5189751110f87e3ac17da?narHash=sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A%3D' (2024-11-24)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/61cee20168a3ebb71a9efd70a55adebaadfbe4d4?narHash=sha256-XwXUK%2BmeYnlhdQz2TVE4Wv%2Btsx1CkdGbDPt1tRzCNH4%3D' (2024-11-19)
  → 'github:lnl7/nix-darwin/6ab87b7c84d4ee873e937108c4ff80c015a40c7a?narHash=sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8%3D' (2024-11-26)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/62003fdad7a5ab7b6af3ea9bd7290e4c220277d0?narHash=sha256-XWHuPWcP59QnHEewdZJXBX1TA2lAP78Vz4daG6tfIr4%3D' (2024-11-20)
  → 'github:numtide/treefmt-nix/84637a7ab04179bdc42aa8fd0af1909fba76ad0c?narHash=sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps%3D' (2024-11-26)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/f33173b9d22e554a6f869626bc01808d35995257?narHash=sha256-pGF8L5g9QpkQtJP9JmNIRNZfcyhJHf7uT%2Bd8tqI1h6Y%3D' (2024-11-09)
  → 'github:nix-community/plasma-manager/06e3209d11797d9c741e25df06ab61048746bf93?narHash=sha256-kFtXjoCIqx9xe0ZryPXpqS6l/HVg71aNcuL8Y5e8%2BpI%3D' (2024-11-26)
• Updated input 'thunderbird-gnome-theme':
    'github:rafaelmardojai/thunderbird-gnome-theme/628fcccb7788e3e0ad34f67114f563c87ac8c1dc?narHash=sha256-BHW9jlx92CsHY84FT0ce5Vxl0KFheLhNn2vndcIf7no%3D' (2024-07-25)
  → 'github:rafaelmardojai/thunderbird-gnome-theme/1994e7ec0649053e2a0811973245758d41e33f5f?narHash=sha256-i0Uo5EN45rlGuR85hvPet43zW/thOQTwHypVg9shTHU%3D' (2024-11-26)

flake.lock

@@ -66,11 +66,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1718194053,
-        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
+        "lastModified": 1727447169,
+        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
+        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722113426,
-        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
         "type": "github"
       },
       "original": {
@@ -107,11 +107,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723080788,
-        "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
+        "lastModified": 1732742778,
+        "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
+        "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8",
         "type": "github"
       },
       "original": {
@@ -123,11 +123,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1723137499,
-        "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
+        "lastModified": 1732798888,
+        "narHash": "sha256-k7v5PE6OcqMkC/u7aokwcxKDmTKM+ejiZGCsH9MK0s0=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
+        "rev": "ef6ac4285eaac6053338a6240bc615902a839493",
         "type": "github"
       },
       "original": {
@@ -182,22 +182,6 @@
         "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
       }
     },
-    "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -206,11 +190,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "lastModified": 1730504689,
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
         "type": "github"
       },
       "original": {
@@ -219,9 +203,30 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "git-hooks": {
       "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": [
+          "nixvim",
+          "flake-compat"
+        ],
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixvim",
@@ -233,11 +238,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722857853,
-        "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
+        "lastModified": 1732021966,
+        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
+        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
         "type": "github"
       },
       "original": {
@@ -313,16 +318,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1720042825,
-        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
+        "lastModified": 1732466619,
+        "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
+        "rev": "f3111f62a23451114433888902a55cf0692b408d",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -335,20 +340,47 @@
         ]
       },
       "locked": {
-        "lastModified": 1720042825,
-        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
+        "lastModified": 1732482255,
+        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
+        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "ixx": {
+      "inputs": {
+        "flake-utils": [
+          "nixvim",
+          "nuschtosSearch",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixvim",
+          "nuschtosSearch",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729958008,
+        "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
+        "owner": "NuschtOS",
+        "repo": "ixx",
+        "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "ref": "v0.0.6",
+        "repo": "ixx",
+        "type": "github"
+      }
+    },
     "kvlibadwaita": {
       "flake": false,
       "locked": {
@@ -373,11 +405,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722924007,
-        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
+        "lastModified": 1732603785,
+        "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
+        "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a",
         "type": "github"
       },
       "original": {
@@ -388,11 +420,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1723310128,
-        "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
+        "lastModified": 1732483221,
+        "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
+        "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405",
         "type": "github"
       },
       "original": {
@@ -408,20 +440,18 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-24_05": "nixpkgs-24_05",
-        "utils": "utils_2"
+        "nixpkgs-24_05": "nixpkgs-24_05"
       },
       "locked": {
-        "lastModified": 1718084203,
-        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
+        "lastModified": 1722877200,
+        "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
+        "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-24.05",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
@@ -459,11 +489,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1723175592,
-        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
+        "lastModified": 1732521221,
+        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
+        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
         "type": "github"
       },
       "original": {
@@ -490,16 +520,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1723282977,
-        "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
+        "lastModified": 1732350895,
+        "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
+        "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
         "type": "indirect"
       }
     },
@@ -514,23 +544,46 @@
         "nixpkgs": [
           "nixpkgs"
         ],
+        "nuschtosSearch": "nuschtosSearch",
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1722925293,
-        "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=",
+        "lastModified": 1732726573,
+        "narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2",
+        "rev": "fc9178d124eba824f1862513314d351784e1a84c",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "nixos-24.05",
         "repo": "nixvim",
         "type": "github"
       }
     },
+    "nuschtosSearch": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "ixx": "ixx",
+        "nixpkgs": [
+          "nixvim",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731936508,
+        "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
+        "owner": "NuschtOS",
+        "repo": "search",
+        "rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "repo": "search",
+        "type": "github"
+      }
+    },
     "plasma-manager": {
       "inputs": {
         "home-manager": [
@@ -541,11 +594,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723232379,
-        "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=",
+        "lastModified": 1732639391,
+        "narHash": "sha256-kFtXjoCIqx9xe0ZryPXpqS6l/HVg71aNcuL8Y5e8+pI=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57",
+        "rev": "06e3209d11797d9c741e25df06ab61048746bf93",
         "type": "github"
       },
       "original": {
@@ -576,11 +629,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1723385164,
-        "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=",
+        "lastModified": 1730732927,
+        "narHash": "sha256-t3MTEgi6O7DMxMjdi3xcTAztLDQmEtqQ+oU+ZbWz2AI=",
         "ref": "refs/heads/master",
-        "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c",
-        "revCount": 24,
+        "rev": "4ae2ac777c38f60a29384b70c456f41847cdf1b5",
+        "revCount": 28,
         "type": "git",
         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
       },
@@ -637,11 +690,11 @@
     "thunderbird-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1721874544,
-        "narHash": "sha256-BHW9jlx92CsHY84FT0ce5Vxl0KFheLhNn2vndcIf7no=",
+        "lastModified": 1732643121,
+        "narHash": "sha256-i0Uo5EN45rlGuR85hvPet43zW/thOQTwHypVg9shTHU=",
         "owner": "rafaelmardojai",
         "repo": "thunderbird-gnome-theme",
-        "rev": "628fcccb7788e3e0ad34f67114f563c87ac8c1dc",
+        "rev": "1994e7ec0649053e2a0811973245758d41e33f5f",
         "type": "github"
       },
       "original": {
@@ -658,11 +711,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722330636,
-        "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
+        "lastModified": 1732643199,
+        "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
+        "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c",
         "type": "github"
       },
       "original": {
@@ -688,24 +741,6 @@
         "repo": "flake-utils",
         "type": "github"
       }
-    },
-    "utils_2": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -2,7 +2,7 @@
   description = "NixOS system configuration";
 
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.05";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
     # nixpkgs-master.url = "nixpkgs";
     agenix.url = "github:ryantm/agenix";
@@ -12,7 +12,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     firefox-gnome-theme = {
@@ -29,11 +29,11 @@
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixvim = {
-      url = "github:nix-community/nixvim/nixos-24.05";
+      url = "github:nix-community/nixvim";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     plasma-manager = {
@@ -112,7 +112,12 @@
         magicRollback = true;
         autoRollback = true;
         sshUser = "root";
-        nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
+        nodes = lib.genAttrs [
+          "mail"
+          # "pi"
+          # "skycam"
+          "vps1"
+        ] mkDeployNode;
       };
 
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

hosts/common.nix

@@ -54,7 +54,7 @@
   programs.zsh.enable = true;
 
   nix = {
-    package = pkgs.nixFlakes;
+    package = pkgs.nixVersions.stable;
     extraOptions = ''
       experimental-features = nix-command flakes
     '';

hosts/desktop.nix

@@ -6,13 +6,12 @@
   ];
 
   nixpkgs.overlays = [
-    (import ../overlays/gnome)
+    (import ../overlays/gnome.nix)
   ];
 
-  services.printing.enable = true;
+  services.printing.enable = false;
   services.openssh.startWhenNeeded = true;
 
-  sound.enable = true;
   hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {

hosts/eos/hardware-configuration.nix

@@ -7,11 +7,12 @@
 
   boot = {
     initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
-    initrd.kernelModules = [ ];
     initrd.supportedFilesystems = [ "zfs" ];
-    kernelModules = [ ];
+    kernel.sysctl = {
+      "kernel.nmi_watchdog" = 0;
+      "vm.laptop_mode" = 5;
+    };
     kernelParams = [ "elevator=none" ];
-    extraModulePackages = [ ];
     supportedFilesystems = [ "zfs" ];
   };
 

hosts/hypnos/hardware-configuration.nix

@@ -7,6 +7,10 @@
 
   boot = {
     initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    kernel.sysctl = {
+      "kernel.nmi_watchdog" = 0;
+      "vm.laptop_mode" = 5;
+    };
     kernelModules = [ "applesmc" "kvm-intel" "wl" ];
     extraModulePackages = [
       config.boot.kernelPackages.broadcom_sta
@@ -25,13 +29,12 @@
       modesetting.enable = true;
       powerManagement.enable = true;
     };
-    opengl = {
+    graphics = {
       enable = true;
       extraPackages = with pkgs; [
         libvdpau-va-gl
       ];
-      driSupport = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
     };
   };
 }

hosts/library/default.nix

@@ -156,16 +156,16 @@
     };
   };
 
-  hardware.opengl = {
+  hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [
       vaapiVdpau
     ];
-    driSupport = true;
   };
   users.users.jellyfin.extraGroups = [ "video" "render" ];
   services.jellyfin = {
     enable = true;
+    package = pkgs.unstable.jellyfin;
     cacheDir = "/var/cache/jellyfin";
     dataDir = "/var/lib/jellyfin";
   };

hosts/odyssey/default.nix

@@ -1,5 +1,7 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
+let streamrip = pkgs.callPackage ../../pkgs/streamrip/package.nix { };
+in
 {
   imports = [
     ./hardware-configuration.nix
@@ -49,6 +51,10 @@
     };
   };
 
+  environment.systemPackages = [
+    streamrip
+  ];
+
   modules = {
     desktop = {
       apps.qbittorrent.enable = true;

hosts/odyssey/hardware-configuration.nix

@@ -19,6 +19,7 @@
     cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
     nvidia = {
       modesetting.enable = true;
+      open = true;
       package = config.boot.kernelPackages.nvidiaPackages.beta;
       powerManagement.enable = true;
     };

hosts/pi/default.nix

@@ -100,8 +100,6 @@
 
   networking.hostId = "731d1660";
 
-  sound.enable = true;
-
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;

hosts/skycam/default.nix

@@ -55,7 +55,7 @@
   '';
 
   nixpkgs.overlays = [
-    (import ./../../overlays/libcamera)
+    (import ./../../overlays/libcamera.nix)
   ];
 
   networking = {

hosts/vps1/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, self, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports = [
@@ -37,91 +37,44 @@
     groups = {
       jellyfin = { };
     };
+    extraGroups.acme.members = [ "kanidm" "nginx" ];
   };
 
   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
 
-  services.postgresql = {
-    ensureUsers = [
-      {
-        name = "zitadel";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          superuser = true;
-        };
-      }
-    ];
-    ensureDatabases = [ "zitadel" ];
+  security.acme.certs."auth.vimium.com" = {
+    postRun = "systemctl restart kanidm.service";
+    group = "acme";
   };
 
-  age.secrets."files/services/zitadel/masterkey" = {
-    file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
-    owner = "zitadel";
-    group = "zitadel";
-  };
-
-  systemd.services.zitadel = {
-    requires = [ "postgresql.service" ];
-    after = [ "postgresql.service" ];
-  };
-
-  services.zitadel = {
-    enable = true;
-    masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
-    settings = {
-      Database.postgres = {
-        Host = "/run/postgresql";
-        Port = 5432;
-        Database = "zitadel";
-        User = {
-          Username = "zitadel";
-          SSL.Mode = "disable";
-        };
-        Admin = {
-          ExistingDatabase = "zitadel";
-          Username = "zitadel";
-          SSL.Mode = "disable";
-        };
-      };
-      ExternalDomain = "id.vimium.com";
-      ExternalPort = 443;
-      ExternalSecure = true;
-      Machine = {
-        Identification = {
-          Hostname.Enabled = true;
-          PrivateIp.Enabled = false;
-          Webhook.Enabled = false;
-        };
-      };
-      Port = 8081;
-      WebAuthNName = "Vimium";
+  services.kanidm = let
+    baseDomain = "vimium.com";
+    domain = "auth.${baseDomain}";
+    uri = "https://${domain}";
+  in {
+    package = pkgs.unstable.kanidm;
+    enableClient = true;
+    enableServer = true;
+    clientSettings = {
+      inherit uri;
     };
-    steps.FirstInstance = {
-      InstanceName = "Vimium";
-      Org.Name = "Vimium";
-      Org.Human = {
-        UserName = "jordan@vimium.com";
-        FirstName = "Jordan";
-        LastName = "Holt";
-        Email = {
-          Address = "jordan@vimium.com";
-          Verified = true;
-        };
-        Password = "Password1!";
-        PasswordChangeRequired = true;
-      };
-      LoginPolicy.AllowRegister = false;
+    serverSettings = {
+      bindaddress = "[::1]:3013";
+      ldapbindaddress = "[::1]:636";
+      domain = baseDomain;
+      origin = uri;
+      tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
+      tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
     };
   };
 
-  services.nginx.virtualHosts."id.vimium.com" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      extraConfig = ''
-        grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
-        grpc_set_header Host $host:$server_port;
-      '';
+  services.nginx.virtualHosts = {
+    "auth.vimium.com" = {
+      useACMEHost = "auth.vimium.com";
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "https://[::1]:3013";
+      };
     };
   };
 

modules/databases/postgresql.nix

@@ -17,7 +17,6 @@ in {
   config = lib.mkIf cfg.enable {
     services.postgresql = {
       enable = true;
-      enableJIT = true;
       initdbArgs = [
         "--allow-group-access"
         "--encoding=UTF8"

modules/default.nix

@@ -32,6 +32,7 @@
     ./editors/neovim
     ./editors/vscode.nix
     ./hardware/presonus-studio.nix
+    ./networking/netbird.nix
     ./networking/tailscale.nix
     ./networking/wireless.nix
     ./security/gpg.nix

modules/desktop/gaming/lutris.nix

@@ -21,10 +21,9 @@ in {
       vulkan-tools
     ];
 
-    hardware.opengl = {
+    hardware.graphics = {
       enable = true;
-      driSupport = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
     };
   };
 }

modules/desktop/gnome.nix

@@ -77,7 +77,6 @@ in {
           "appindicatorsupport@rgcjonas.gmail.com"
           # "arcmenu@arcmenu.com"
           "blur-my-shell@aunetx"
-          # "browser-tabs@com.github.harshadgavali"
           "burn-my-windows@schneegans.github.com"
           "clipboard-indicator@tudmotu.com"
           "CoverflowAltTab@palatis.blogspot.com"
@@ -89,14 +88,13 @@ in {
           # "forge@jmmaranan.com"
           "gsconnect@andyholmes.github.io"
           # "gSnap@micahosborne"
-          # "hidetopbar@mathieu.bidon.ca"
+          "hidetopbar@mathieu.bidon.ca"
           "just-perfection-desktop@just-perfection"
           # "mediacontrols@cliffniff.github.com"
           # "mousefollowsfocus@matthes.biz"
           # "pano@elhan.io"
           # "paperwm@hedning:matrix.org"
           "pip-on-top@rafostar.github.com"
-          # "rounded-window-corners@yilozt"
           # "search-light@icedman.github.com"
           # "smart-auto-move@khimaros.com"
           "space-bar@luchrioh"
@@ -218,8 +216,8 @@ in {
       # d-spy
       # drawing
       # fragments
-      gnome.dconf-editor
-      gnome.ghex
+      dconf-editor
+      ghex
       # gnome-builder
       gnome-decoder
       gnome-firmware
@@ -227,7 +225,7 @@ in {
       # gnome-obfuscate
       gnome-podcasts
       identity
-      mission-center
+      # mission-center
       mousam
       newsflash
       # schemes
@@ -250,7 +248,6 @@ in {
       gnomeExtensions.appindicator
       gnomeExtensions.arcmenu
       gnomeExtensions.blur-my-shell
-      gnomeExtensions.browser-tabs
       gnomeExtensions.burn-my-windows
       gnomeExtensions.clipboard-indicator
       gnomeExtensions.coverflow-alt-tab
@@ -269,7 +266,6 @@ in {
       gnomeExtensions.pano
       gnomeExtensions.paperwm
       gnomeExtensions.pip-on-top
-      gnomeExtensions.rounded-window-corners
       gnomeExtensions.search-light
       gnomeExtensions.smart-auto-move
       gnomeExtensions.space-bar

modules/editors/neovim/default.nix

@@ -11,7 +11,7 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    home.programs.nixvim = {
+    home.programs.nixvim.config = {
       enable = true;
       defaultEditor = true;
 
@@ -59,15 +59,15 @@ in {
           eslint.enable = true;
           gopls.enable = true;
           html.enable = true;
-          lua-ls.enable = true;
+          lua_ls.enable = true;
           pylsp.enable = true;
           nixd.enable = true;
-          rust-analyzer = {
+          rust_analyzer = {
             enable = true;
             installCargo = true;
             installRustc = true;
           };
-          tsserver.enable = true;
+          ts_ls.enable = true;
         };
       };
 
@@ -108,7 +108,7 @@ in {
         nixvimInjections = true;
 
         folding = true;
-        indent = true;
+        settings.indent.enable = true;
       };
 
       plugins.treesitter-refactor = {
@@ -121,6 +121,8 @@ in {
 
       plugins.undotree.enable = true;
 
+      plugins.web-devicons.enable = true;
+
       # plugins.gitsigns.enable = true;
       # plugins.gitgutter.enable = true;
       # plugins.goyo.enable = true;

modules/networking/netbird.nix

@@ -0,0 +1,70 @@
+{ config, lib, self, ... }:
+
+let
+  cfg = config.modules.networking.netbird;
+  hostname = config.networking.hostName;
+in {
+  options.modules.networking.netbird = {
+    enable = lib.mkEnableOption "netbird";
+    coordinatorDomain = lib.mkOption {
+      type = lib.types.str;
+      default = "netbird.vimium.net";
+    };
+    meshDomain = lib.mkOption {
+      type = lib.types.str;
+      default = "mesh.vimium.net";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    age.secrets."passwords/services/netbird/data-store-encryption-key" = {
+      file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
+    };
+
+    services.netbird = {
+      enable = true;
+    };
+
+    services.netbird.server = {
+      domain = cfg.coordinatorDomain;
+      enable = true;
+      enableNginx = true;
+      dashboard.settings = {
+        AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
+      };
+      management = rec {
+        disableAnonymousMetrics = true;
+        dnsDomain = cfg.meshDomain;
+        oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
+        settings = {
+          DataStoreEncryptionKey = {
+            _secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
+          };
+          HttpConfig = {
+            AuthAudience = "netbird";
+          };
+          StoreConfig = { Engine = "sqlite"; };
+          TURNConfig = {
+            Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
+            TimeBasedCredentials = true;
+          };
+          PKCEAuthorizationFlow.ProviderConfig = {
+            AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
+            TokenEndpoint = "https://auth.vimium.com/oauth2/token";
+          };
+        };
+        singleAccountModeDomain = dnsDomain;
+        turnDomain = config.services.coturn.realm;
+        turnPort = config.services.coturn.listening-port;
+      };
+    };
+
+    systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
+    systemd.services.netbird-management.serviceConfig.RestartSec = "60";
+
+    services.nginx.virtualHosts."netbird.vimium.net" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}

modules/networking/wireless.nix

@@ -26,9 +26,9 @@ in {
       wireless = {
         enable = true;
         interfaces = cfg.interfaces;
-        environmentFile = config.age.secrets."passwords/networks".path;
+        secretsFile = config.age.secrets."passwords/networks".path;
         networks = {
-          "Apollo 600 Mbps".psk = "@PSK_APOLLO@";
+          "Apollo 600 Mbps".pskRaw = "ext:PSK_APOLLO";
         };
       };
       networkmanager.ensureProfiles.profiles = {

modules/services/headscale/default.nix

@@ -1,19 +1,17 @@
 { config, lib, pkgs, ... }:
 
-with lib;
-
 let
   cfg = config.modules.services.headscale;
   fqdn = "headscale.vimium.net";
 in {
   options.modules.services.headscale = {
-    enable = mkOption {
+    enable = lib.mkOption {
       default = false;
       example = true;
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     environment.systemPackages = [ pkgs.headscale ];
 
     services.headscale = {
@@ -22,12 +20,17 @@ in {
       port = 8080;
 
       settings = {
+        policy.path = null;
         ip_prefixes = [
           "100.64.0.0/10"
         ];
         server_url = "https://${fqdn}";
-        dns_config = {
-          base_domain = "vimium.net";
+        derp = {
+          auto_update_enable = false;
+          update_frequency = "24h";
+        };
+        dns = {
+          base_domain = "mesh.vimium.net";
           extra_records = [
             {
               name = "grafana.mesh.vimium.net";
@@ -40,6 +43,10 @@ in {
               value = "100.64.0.7";
             }
           ];
+          magic_dns = true;
+          nameservers.global = [
+            "9.9.9.9"
+          ];
         };
         logtail.enabled = false;
       };

modules/services/matrix/default.nix

@@ -28,9 +28,6 @@ in {
       default = "vimium.com";
       example = "vimium.com";
     };
-    slidingSync = {
-      enable = lib.mkEnableOption "sliding-sync";
-    };
     usePostgresql = lib.mkEnableOption "postgresql";
   };
 
@@ -42,10 +39,9 @@ in {
         base_url = "https://${matrixSubdomain}";
         server_name = cfg.serverName;
       };
-      "m.identity_server" = {};
-      "org.matrix.msc3575.proxy" = if cfg.slidingSync.enable then {
-        "url" = "https://${matrixSubdomain}";
-      } else { };
+      "m.identity_server" = {
+        "base_url" = "https://vector.im";
+      };
     };
     matrixServerConfig."m.server" = "${matrixSubdomain}:443";
     commonBridgeSettings = bridge: {
@@ -134,13 +130,6 @@ in {
             '';
           };
           "/_synapse/client".proxyPass = "http://localhost:8008";
-          "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable {
-            priority = 100;
-            proxyPass = "http://localhost:8009";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $remote_addr;
-            '';
-          };
         };
       };
       "${cfg.serverName}" = let
@@ -171,6 +160,11 @@ in {
       };
     } else {});
 
+    nixpkgs.config.permittedInsecurePackages = [
+      "jitsi-meet-1.0.8043"
+      "olm-3.2.16"
+    ];
+
     services.matrix-synapse = {
       enable = true;
       enableRegistrationScript = true;
@@ -181,26 +175,12 @@ in {
         max_upload_size = "100M";
         report_stats = false;
         server_name = cfg.serverName;
-        app_service_config_files = (lib.optional cfg.bridges.whatsapp
-          "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml");
       };
     };
     systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups =
       (lib.optional cfg.bridges.whatsapp
         config.systemd.services.mautrix-whatsapp.serviceConfig.Group);
 
-    age.secrets = if cfg.slidingSync.enable then {
-      "files/services/matrix/sliding-sync" = {
-        file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age";
-      };
-    } else {};
-
-    services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable {
-      enable = true;
-      environmentFile = config.age.secrets."files/services/matrix/sliding-sync".path;
-      settings = { SYNCV3_SERVER = "https://${matrixSubdomain}"; };
-    };
-
     services.postgresql = lib.mkIf cfg.usePostgresql {
       ensureUsers = [
         {

modules/services/nginx/default.nix

@@ -118,8 +118,12 @@ in {
           serverAliases = [ "www.jdholt.com" ];
           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
           locations."/skycam/snapshot.jpg" = {
-            proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
             extraConfig = ''
+              set $backend "skycam.mesh.vimium.net:8080";
+
+              resolver 100.100.100.100;
+
+              proxy_pass http://$backend/snapshot;
               proxy_cache skycam_cache;
               proxy_cache_valid any 10s;
               proxy_ignore_headers Cache-Control Expires Set-Cookie;

overlays/gnome.nix

@@ -0,0 +1,22 @@
+final: prev:
+{
+  gvdb = prev.fetchgit {
+    url = "https://gitlab.gnome.org/GNOME/gvdb.git";
+    rev = "b54bc5da25127ef416858a3ad92e57159ff565b3"; # From gvdb_wrap
+    sha256 = "c56yOepnKPEYFcU1B1TrDl8ydU0JU+z6R8siAQP4d2A=";
+  };
+
+  mutter = prev.mutter.overrideAttrs (attrs: {
+    src = prev.fetchurl {
+      url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-47/mutter-triple-buffering-v4-47.tar.gz";
+      sha256 = "U5YPJ3kfTMZWhpwsKpGcw02g+i7k+cPQdDjOYkvpwTM=";
+    };
+
+    postPatch = ''
+      mkdir -p subprojects/gvdb
+      cp -r ${final.gvdb}/* subprojects/gvdb/
+
+      ${attrs.postPatch or ""}
+    '';
+  });
+}

overlays/gnome/default.nix

@@ -1,11 +0,0 @@
-final: prev:
-{
-  gnome = prev.gnome.overrideScope' (gself: gsuper: {
-    mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
-      src = prev.fetchurl {
-        url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
-        sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
-      };
-    });
-  });
-}

pkgs/streamrip/ensure-the-default-config-file-is-writable.patch

@@ -0,0 +1,26 @@
+From 18efb9b5c8e562b169425f6ba79977e52e8b91b9 Mon Sep 17 00:00:00 2001
+From: Pavel Sobolev <paveloomm@gmail.com>
+Date: Sat, 13 Jan 2024 12:49:45 +0000
+Subject: [PATCH] Ensure the default config file is writable.
+
+---
+ streamrip/config.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/streamrip/config.py b/streamrip/config.py
+index 7ee2f57..88a5fef 100644
+--- a/streamrip/config.py
++++ b/streamrip/config.py
+@@ -378,6 +378,9 @@ def set_user_defaults(path: str, /):
+     """Update the TOML file at the path with user-specific default values."""
+     shutil.copy(BLANK_CONFIG_PATH, path)
+
++    # Ensure the default config file is writable
++    os.chmod(path, 0o644)
++
+     with open(path) as f:
+         toml = parse(f.read())
+     toml["downloads"]["folder"] = DEFAULT_DOWNLOADS_FOLDER  # type: ignore
+--
+2.42.0
+

pkgs/streamrip/package.nix

@@ -0,0 +1,78 @@
+{ lib
+, python3Packages
+, fetchFromGitHub
+
+, ffmpeg
+}:
+
+python3Packages.buildPythonApplication {
+  pname = "streamrip";
+  version = "2.0.7";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "nathom";
+    repo = "streamrip";
+    rev = "46b570dbb6f81d604cbaa3bfa379463e0a20a841";
+    hash = "sha256-LD99OjguaBnrQxCwmCeHvmBMq5aOfobwnMd5/aCRZW8=";
+  };
+
+  patches = [
+    ./ensure-the-default-config-file-is-writable.patch
+  ];
+
+  nativeBuildInputs = with python3Packages; [
+    poetry-core
+  ];
+
+  propagatedBuildInputs = with python3Packages; [
+    aiodns
+    aiofiles
+    aiohttp
+    aiolimiter
+    appdirs
+    cleo
+    click-help-colors
+    deezer-py
+    m3u8
+    mutagen
+    pathvalidate
+    pillow
+    pycryptodomex
+    pytest-asyncio
+    pytest-mock
+    rich
+    simple-term-menu
+    tomlkit
+    tqdm
+  ];
+
+  nativeCheckInputs = with python3Packages; [
+    pytestCheckHook
+  ];
+
+  prePatch = ''
+    sed -i 's#aiofiles = ".*"#aiofiles = "*"#' pyproject.toml
+    sed -i 's#deezer-py = ".*"#deezer-py = "*"#' pyproject.toml
+    sed -i 's#m3u8 = ".*"#m3u8 = "*"#' pyproject.toml
+    sed -i 's#pathvalidate = ".*"#pathvalidate = "*"#' pyproject.toml
+    sed -i 's#Pillow = ".*"#Pillow = "*"#' pyproject.toml
+    sed -i 's#pytest-asyncio = ".*"#pytest-asyncio = "*"#' pyproject.toml
+    sed -i 's#tomlkit = ".*"#tomlkit = "*"#' pyproject.toml
+
+    sed -i 's#"ffmpeg"#"${lib.getBin ffmpeg}/bin/ffmpeg"#g' streamrip/client/downloadable.py
+  '';
+
+  preCheck = ''
+    export HOME=$(mktemp -d)
+  '';
+
+  meta = with lib; {
+    description = "Scriptable music downloader for Qobuz, Tidal, SoundCloud, and Deezer";
+    homepage = "https://github.com/nathom/streamrip";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ paveloom ];
+    mainProgram = "rip";
+  };
+}
+