media map port

Update plausible configuration to reference the correct secrets file
plausible init
2025-12-28 21:01:10 -06:00 · 2025-12-26 02:34:24 -06:00 · 2025-12-26 02:23:04 -06:00 · 2025-12-25 22:07:13 -06:00 · 2025-12-25 21:59:34 -06:00 · 2025-12-25 21:53:13 -06:00
31 changed files with 442 additions and 161 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -0,0 +1,39 @@
+# Keycloak SSO Rollout (Server)
+
+## Compatible services to cover (assume up-to-date versions)
+- Gitea (OAuth2/OIDC)
+- Nextcloud (Social Login app)
+- Paperless-ngx (OIDC)
+- Mealie (OIDC v1+)
+- Jellyfin (OIDC plugin)
+- Kavita (OIDC-capable builds)
+- Readeck (OIDC-capable builds)
+- Audiobookshelf (OIDC-capable builds)
+- Matrix Synapse – intentionally excluded (see below) but natively OIDC if needed
+
+## Explicit exclusions (no SSO for now)
+- Syncplay
+- Matrix/Synapse
+- Arr stack (sonarr, radarr, lidarr, prowlarr, bazarr)
+- qbittorrent
+- sabnzbd
+- metube
+- multi-scrobbler
+- microbin
+- ryot
+- maloja
+- plex
+- atticd
+
+## Phased rollout plan
+1) Base identity
+   - Add Keycloak deployment/module and realm/client defaults.
+2) Gateway/proxy auth
+   - Add oauth2-proxy (Keycloak provider) + nginx auth_request for non-OIDC apps (e.g., homepage-dashboard, stash).
+3) Native OIDC wiring
+   - Configure native OIDC services (Gitea, Nextcloud, Paperless, Mealie, Jellyfin/Kavita/Readeck/Audiobookshelf) with Keycloak clients.
+4) Per-service rollout
+   - Enable per app in priority order; document client IDs/secrets and callback URLs.
+5) Verification
+   - Smoke-test login flows and cache any needed public keys/metadata.
+
--- a/config/base.nix
+++ b/config/base.nix
@@ -9,6 +9,7 @@
 {
  imports = [
    inputs.home-manager.nixosModules.home-manager
+    ./users.nix
    ./jawz.nix
    ../modules/modules.nix
  ];
--- a/config/overlay.nix
+++ b/config/overlay.nix
@@ -38,6 +38,15 @@ _final: prev: {
  waybar = prev.waybar.overrideAttrs (old: {
    mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
  });
+  qbittorrent = prev.qbittorrent.overrideAttrs (_old: rec {
+    version = "5.1.3";
+    src = prev.fetchFromGitHub {
+      owner = "qbittorrent";
+      repo = "qBittorrent";
+      rev = "release-${version}";
+      hash = "sha256-RIItbrpkMFglO2NwbgpBhgBSk5+vdywatGVwnbWkNVQ=";
+    };
+  });
  inherit (pkgsU)
    code-cursor
    symbola
--- a/config/stylix.nix
+++ b/config/stylix.nix
@@ -9,7 +9,7 @@ let
  schemesFile = import ./schemes.nix {
    inherit pkgs inputs;
  };
-  scheme = schemesFile.schemes.who;
+  scheme = schemesFile.schemes.jesus;
  cfg = config.my.stylix;
  gnomeEnabled = config.services.desktopManager.gnome.enable;
 in
--- a/config/users.nix
+++ b/config/users.nix
@@ -0,0 +1,12 @@
+_: {
+  users.users = {
+    sonarr = {
+      uid = 274;
+      group = "piracy";
+    };
+    radarr = {
+      uid = 275;
+      group = "piracy";
+    };
+  };
+}
--- a/environments/hyprland.nix
+++ b/environments/hyprland.nix
@@ -112,8 +112,8 @@ in
          "${mod} SHIFT, 8, movetoworkspace, 8"
          "${mod} SHIFT, 9, movetoworkspace, 9"
          "${mod} SHIFT, 0, movetoworkspace, 10"
-          "${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
-          "${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
+          "${mod}, F3, exec, grimblast save area ~/Pictures/Screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
+          "${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/Screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
        ];
        binde = [
          "${mod} SHIFT, h, moveactive, -20 0"
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762356719,
-        "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=",
+        "lastModified": 1764714051,
+        "narHash": "sha256-AjcMlM3UoavFoLzr0YrcvsIxALShjyvwe+o7ikibpCM=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7",
+        "rev": "a43bedcceced5c21ad36578ed823e6099af78214",
        "type": "github"
      },
      "original": {
@@ -71,11 +71,11 @@
    "base16-helix": {
      "flake": false,
      "locked": {
-        "lastModified": 1752979451,
-        "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",
+        "lastModified": 1760703920,
+        "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
        "owner": "tinted-theming",
        "repo": "base16-helix",
-        "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",
+        "rev": "d646af9b7d14bff08824538164af99d0c521b185",
        "type": "github"
      },
      "original": {
@@ -182,11 +182,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1758112371,
-        "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=",
+        "lastModified": 1764724327,
+        "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d",
+        "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
        "type": "github"
      },
      "original": {
@@ -198,11 +198,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@@ -216,11 +216,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1762440070,
-        "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
+        "lastModified": 1765495779,
+        "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
+        "rev": "5635c32d666a59ec9a55cab87e898889869f7b71",
        "type": "github"
      },
      "original": {
@@ -234,11 +234,11 @@
        "nixpkgs-lib": "nixpkgs-lib_2"
      },
      "locked": {
-        "lastModified": 1762440070,
-        "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
+        "lastModified": 1765495779,
+        "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
+        "rev": "5635c32d666a59ec9a55cab87e898889869f7b71",
        "type": "github"
      },
      "original": {
@@ -293,11 +293,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756770412,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "lastModified": 1763759067,
+        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
        "type": "github"
      },
      "original": {
@@ -381,18 +381,20 @@
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1748186689,
-        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
+        "host": "gitlab.gnome.org",
+        "lastModified": 1764524476,
+        "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
-        "type": "github"
+        "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
+        "type": "gitlab"
      },
      "original": {
+        "host": "gitlab.gnome.org",
        "owner": "GNOME",
-        "ref": "48.2",
+        "ref": "gnome-49",
        "repo": "gnome-shell",
-        "type": "github"
+        "type": "gitlab"
      }
    },
    "home-manager": {
@@ -402,15 +404,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1762787259,
-        "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=",
+        "lastModified": 1765605144,
+        "narHash": "sha256-RM2xs+1HdHxesjOelxoA3eSvXShC8pmBvtyTke4Ango=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e",
+        "rev": "90b62096f099b73043a747348c11dbfcfbdea949",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@@ -460,11 +463,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762462052,
-        "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=",
+        "lastModified": 1763733840,
+        "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162",
+        "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
        "type": "github"
      },
      "original": {
@@ -483,6 +486,7 @@
        "hyprlang": "hyprlang",
        "hyprutils": "hyprutils",
        "hyprwayland-scanner": "hyprwayland-scanner",
+        "hyprwire": "hyprwire",
        "nixpkgs": [
          "nixpkgs"
        ],
@@ -491,11 +495,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1762755326,
-        "narHash": "sha256-YYTzQUQDnVdtN3k40sC5kq6yL70riU8bM8cQLz38jzk=",
+        "lastModified": 1765741609,
+        "narHash": "sha256-mBDW/2NPaxXw68ledipQYSL6GGU+/CCsObondH22+no=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "0b1d690676589503f0addece30e936a240733699",
+        "rev": "7ccc57eb7cacded5e7a8835b705bba48963d3cb3",
        "type": "github"
      },
      "original": {
@@ -537,11 +541,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762755186,
-        "narHash": "sha256-ZjjETUHtoEhVN7JI1Cbt3p/KcXpK8ZQaPHx7UkG1OgA=",
+        "lastModified": 1764812575,
+        "narHash": "sha256-1bK1yGgaR82vajUrt6z+BSljQvFn91D74WJ/vJsydtE=",
        "owner": "hyprwm",
        "repo": "hyprland-guiutils",
-        "rev": "66356e20a8ed348aa49c1b9ceace786e224225b3",
+        "rev": "fd321368a40c782cfa299991e5584ca338e36ebe",
        "type": "github"
      },
      "original": {
@@ -591,11 +595,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758927902,
-        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
+        "lastModified": 1764612430,
+        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
        "owner": "hyprwm",
        "repo": "hyprlang",
-        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
+        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
        "type": "github"
      },
      "original": {
@@ -643,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762463729,
-        "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=",
+        "lastModified": 1764592794,
+        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
        "owner": "hyprwm",
        "repo": "hyprtoolkit",
-        "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532",
+        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
        "type": "github"
      },
      "original": {
@@ -668,11 +672,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762387740,
-        "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=",
+        "lastModified": 1764962281,
+        "narHash": "sha256-rGbEMhTTyTzw4iyz45lch5kXseqnqcEpmrHdy+zHsfo=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7",
+        "rev": "fe686486ac867a1a24f99c753bb40ffed338e4b0",
        "type": "github"
      },
      "original": {
@@ -693,11 +697,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755184602,
-        "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
+        "lastModified": 1763640274,
+        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
-        "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
+        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
        "type": "github"
      },
      "original": {
@@ -706,6 +710,35 @@
        "type": "github"
      }
    },
+    "hyprwire": {
+      "inputs": {
+        "hyprutils": [
+          "hyprland",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764872015,
+        "narHash": "sha256-INI9AVrQG5nJZFvGPSiUZ9FEUZJLfGdsqjF1QSak7Gc=",
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "rev": "7997451dcaab7b9d9d442f18985d514ec5891608",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "type": "github"
+      }
+    },
    "jawz-scripts": {
      "inputs": {
        "nixpkgs": [
@@ -714,11 +747,11 @@
        "sudoku-solver": "sudoku-solver"
      },
      "locked": {
-        "lastModified": 1762799327,
-        "narHash": "sha256-HhIC8Ucb4ZruU7Yr1gV4qGVKkhuYpAhXbRnSfAmjQoY=",
+        "lastModified": 1764529970,
+        "narHash": "sha256-XskTPGgQJlMXMpiD16J+EyG7G01SwybwK0MXgsfqi5E=",
        "ref": "refs/heads/master",
-        "rev": "6efd55712d73e65c0fb4304cfd1649723bb757ef",
-        "revCount": 120,
+        "rev": "e40d6fc2bb35c360078d8523b987c071591357c3",
+        "revCount": 122,
        "type": "git",
        "url": "https://git.lebubu.org/jawz/scripts.git"
      },
@@ -734,11 +767,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762901399,
-        "narHash": "sha256-idaZ4k8oynnXUWTLXKPwqbLHdaPmLH1FfjsRWXUM97I=",
+        "lastModified": 1763107451,
+        "narHash": "sha256-mG2RevGmQchx7FMK4F3GowUzMmD+JVva6Zt/sZnQTeQ=",
        "ref": "refs/heads/main",
-        "rev": "0b86143646f57aa52fab5182352ca0200e824571",
-        "revCount": 18,
+        "rev": "cc9521f7a402c0339d55911f3718967ec00c2666",
+        "revCount": 22,
        "type": "git",
        "url": "https://git.lebubu.org/vibe-coded/lidarr-mb-gap.git"
      },
@@ -755,11 +788,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762740007,
-        "narHash": "sha256-CtMgV9vfm16x/0NBQmQQe/Vbv423cPWeNfBtiVYcUBk=",
+        "lastModified": 1765764448,
+        "narHash": "sha256-GHM40ltWiRnGYvhcLRaNWXZoyGUOL4FgB0U7muHjn9s=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "8dce0b23e30b03efbdc94e8db7cb27298446e4cc",
+        "rev": "7f4e526e0a1badaaea208a0180199d1d26596fa3",
        "type": "github"
      },
      "original": {
@@ -791,11 +824,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751903740,
-        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
+        "lastModified": 1764234087,
+        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
+        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
        "type": "github"
      },
      "original": {
@@ -870,27 +903,27 @@
    },
    "nixpkgs-small": {
      "locked": {
-        "lastModified": 1762800201,
-        "narHash": "sha256-uSPI4VB/GKfVeH72q3V94sHB6Spy0L5uUTxTmmZH/FQ=",
+        "lastModified": 1765750102,
+        "narHash": "sha256-0VK0PKOmryh4V2aBakcTpgshQZ7qRsRRwDm7Eqhs1ZI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "25a9ff6075a050210f8fc276a67d21399c90a797",
+        "rev": "8e8751ad07080fe4d5737a0430cd5c1d3ba5c005",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "master",
+        "ref": "nixos-25.11-small",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1762596750,
-        "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
+        "lastModified": 1765472234,
+        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
+        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
        "type": "github"
      },
      "original": {
@@ -902,16 +935,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1762800201,
-        "narHash": "sha256-uSPI4VB/GKfVeH72q3V94sHB6Spy0L5uUTxTmmZH/FQ=",
+        "lastModified": 1765762245,
+        "narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "25a9ff6075a050210f8fc276a67d21399c90a797",
+        "rev": "c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "master",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -945,11 +978,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762800743,
-        "narHash": "sha256-6SjknGi7vOyZV2AghcYI6wzqqKTWMeFOv9JlN5YFICQ=",
+        "lastModified": 1765790735,
+        "narHash": "sha256-KZqns0oFKXtBpmhk7QIsoMQLFepTGVt+2adnTMSDCus=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "32c80839213416ea24e3138f2fe18b316dff08eb",
+        "rev": "88f0edd08dde26877c8e407ccdb2ed6d1449a7a5",
        "type": "github"
      },
      "original": {
@@ -970,11 +1003,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758998580,
-        "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=",
+        "lastModified": 1764773531,
+        "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728",
+        "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
        "type": "github"
      },
      "original": {
@@ -993,11 +1026,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762441963,
-        "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=",
+        "lastModified": 1765016596,
+        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885",
+        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
@@ -1009,11 +1042,11 @@
    "qbit_manage": {
      "flake": false,
      "locked": {
-        "lastModified": 1758160887,
-        "narHash": "sha256-cTxM3nHQQto7lpoNjShYcCbJCSYiwS9bKqw0DWAjw6A=",
+        "lastModified": 1764428351,
+        "narHash": "sha256-JCsbf2mPRhs7Mbekl946G/y/CSNSSvQBLvlwVy/Avcg=",
        "owner": "StuffAnThings",
        "repo": "qbit_manage",
-        "rev": "21812368bc5366f3388dfb21769fee1da48083c5",
+        "rev": "371627bbeb082e68f057bbe4599565c2e63a14c7",
        "type": "github"
      },
      "original": {
@@ -1052,11 +1085,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762659808,
-        "narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=",
+        "lastModified": 1765684837,
+        "narHash": "sha256-fJCnsYcpQxxy/wit9EBOK33c0Z9U4D3Tvo3gf2mvHos=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "524312bc62e3f34bd9231a2f66622663d3355133",
+        "rev": "94d8af61d8a603d33d1ed3500a33fcf35ae7d3bc",
        "type": "github"
      },
      "original": {
@@ -1086,15 +1119,16 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1762264356,
-        "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
+        "lastModified": 1765478257,
+        "narHash": "sha256-GMCAQgs+h4aHhLP3LF6JxI5uNg+fLPlRhHwRrJJ+3+Y=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
+        "rev": "a7fb3944d1fb4daa073ba82e1a9d34b5f05adb9f",
        "type": "github"
      },
      "original": {
        "owner": "danth",
+        "ref": "release-25.11",
        "repo": "stylix",
        "type": "github"
      }
@@ -1212,11 +1246,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1757716333,
-        "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=",
+        "lastModified": 1763914658,
+        "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559",
+        "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
        "type": "github"
      },
      "original": {
@@ -1228,11 +1262,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1757811970,
-        "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=",
+        "lastModified": 1764465359,
+        "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e",
+        "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
        "type": "github"
      },
      "original": {
@@ -1244,11 +1278,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1757811247,
-        "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=",
+        "lastModified": 1764464512,
+        "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e",
+        "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -2,19 +2,16 @@
  description = "JawZ NixOS flake setup";
  inputs = {
    flake-parts.url = "github:hercules-ci/flake-parts";
-    nixpkgs.url = "github:nixos/nixpkgs?ref=master";
-    nixpkgs-small.url = "github:nixos/nixpkgs?ref=master";
-    # nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
+    nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.11-small";
    nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
    home-manager = {
-      # url = "github:nix-community/home-manager?ref=release-25.05";
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager?ref=release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    stylix = {
-      # url = "github:danth/stylix/release-25.05";
-      url = "github:danth/stylix";
+      url = "github:danth/stylix/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    doom-emacs = {
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -26,6 +26,8 @@
      22000 # syncthing relay
      3452 # sonarqube
      8448 # synapse ssl
+      8265 # tdarr
+      5173 # media map
    ];
  };
  nix.buildMachines = [
@@ -89,7 +91,7 @@
    };
    lidarr-mb-gap = {
      enable = true;
-      package = inputs.lidarr-mb-gap.packages.${pkgs.system}.lidarr-mb-gap;
+      package = inputs.lidarr-mb-gap.packages.${pkgs.stdenv.hostPlatform.system}.lidarr-mb-gap;
      home = "/var/lib/lidarr-mb-gap";
      envFile = config.sops.secrets.lidarr-mb-gap.path;
      runInterval = "weekly";
--- a/hosts/server/toggles.nix
+++ b/hosts/server/toggles.nix
@@ -81,5 +81,9 @@ in
    "audiobookshelf"
    "vaultwarden"
    "readeck"
+    "keycloak"
+    "oauth2-proxy"
+    "isso"
+    "plausible"
  ];
 }
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -88,8 +88,6 @@ in
        gnome-epub-thumbnailer
        podman-compose
        scrcpy
-        vlc
-        syncplay
        ;
      inherit (pkgs.libheif) out;
    };
--- a/modules/apps/multimedia.nix
+++ b/modules/apps/multimedia.nix
@@ -9,8 +9,6 @@
  config = lib.mkIf config.my.apps.multimedia.enable {
    users.users.jawz.packages = builtins.attrValues {
      inherit (pkgs)
-        recordbox # libadwaita music player
-        celluloid # video player
        curtail # image compressor
        easyeffects # equalizer
        identity # compare images or videos
--- a/modules/dev/nix.nix
+++ b/modules/dev/nix.nix
@@ -42,6 +42,11 @@ in
            nix run nixpkgs#nixfmt-tree && \
            statix fix
          '';
+          nix-push-cache = ''
+            nix build $NH_FLAKE#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel \
+            --print-out-paths --fallback --max-jobs 100 --cores 0 |
+            nix run nixpkgs#attic-client -- push lan:nixos --stdin
+          '';
        };
  };
 }
--- a/modules/network/nginx.nix
+++ b/modules/network/nginx.nix
@@ -7,6 +7,8 @@
 let
  proxyReverseServices = [
    "firefox-syncserver"
+    "isso"
+    "plausible"
    "readeck"
    "microbin"
    "ryot"
--- a/modules/servers/gitea.nix
+++ b/modules/servers/gitea.nix
@@ -30,6 +30,10 @@ in
          FROM = config.my.smtpemail;
          SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp";
        };
+        service = {
+          DISABLE_REGISTRATION = true;
+          ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        };
      };
      database = {
        socket = config.my.postgresSocket;
--- a/modules/servers/homepage/bookmarks/servers.nix
+++ b/modules/servers/homepage/bookmarks/servers.nix
@@ -66,7 +66,7 @@
    {
      syncthing-workstation = [
        {
-          abbr = "SW";
+          abbr = "STW";
          href = "http://workstation:8384";
          description = "";
        }
@@ -75,14 +75,14 @@
    {
      syncthing-server = [
        {
-          abbr = "SS";
+          abbr = "STS";
          href = "http://server:8384";
          description = "";
        }
      ];
    }
    {
-      "music report" = [
+      music-report = [
        {
          abbr = "MR";
          href = "https://mb-report.lebubu.org";
@@ -91,7 +91,7 @@
      ];
    }
    {
-      "portfolio" = [
+      portfolio = [
        {
          abbr = "PF";
          href = "https://danilo-reyes.com";
@@ -100,7 +100,7 @@
      ];
    }
    {
-      "webref" = [
+      webref = [
        {
          abbr = "WR";
          href = "https://webref.lebubu.org";
--- a/modules/servers/isso.nix
+++ b/modules/servers/isso.nix
@@ -0,0 +1,39 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
+  cfg = config.my.servers.isso;
+in
+{
+  options.my.servers.isso = setup.mkOptions "isso" "comments" 8180;
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    my.servers.isso.domain = "danilo-reyes.com";
+    sops.secrets.isso = {
+      sopsFile = ../../secrets/env.yaml;
+    };
+    services.isso = {
+      inherit (cfg) enable;
+      settings = {
+        guard.require-author = true;
+        server.listen = "http://${cfg.ip}:${toString cfg.port}/";
+        admin = {
+          enabled = true;
+          password = "$ISSO_ADMIN_PASSWORD";
+        };
+        general = {
+          host = "https://blog.${cfg.domain}";
+          max-age = "1h";
+          gravatar = true;
+        };
+      };
+    };
+    systemd.services.isso = {
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      serviceConfig.EnvironmentFile = config.sops.secrets.isso.path;
+    };
+  };
+}
--- a/modules/servers/keycloak.nix
+++ b/modules/servers/keycloak.nix
@@ -0,0 +1,44 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}:
+let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
+  cfg = config.my.servers.keycloak;
+in
+{
+  options.my.servers.keycloak = setup.mkOptions "keycloak" "auth" 8090;
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    sops.secrets.postgres-password.sopsFile = ../../secrets/secrets.yaml;
+    sops.secrets.keycloak = {
+      sopsFile = ../../secrets/env.yaml;
+      restartUnits = [ "keycloak.service" ];
+    };
+    services.keycloak = {
+      inherit (cfg) enable;
+      database = {
+        type = "postgresql";
+        host = "localhost";
+        createLocally = false;
+        username = "keycloak";
+        name = "keycloak";
+        passwordFile = config.sops.secrets.postgres-password.path;
+      };
+      settings = {
+        hostname = cfg.host;
+        hostname-strict = true;
+        hostname-strict-https = false;
+        http-enabled = true;
+        http-port = cfg.port;
+        http-host = cfg.ip;
+        proxy-headers = "xforwarded";
+      };
+    };
+    systemd.services.keycloak.serviceConfig.EnvironmentFile = config.sops.secrets.keycloak.path;
+    services.nginx.virtualHosts.${cfg.host} = lib.mkIf (cfg.enableProxy && config.my.enableProxy) (
+      inputs.self.lib.proxyReverseFix cfg
+    );
+  };
+}
--- a/modules/servers/mealie.nix
+++ b/modules/servers/mealie.nix
@@ -17,7 +17,7 @@ in
        TZ = config.my.timeZone;
        DEFAULT_GROUP = "Home";
        BASE_URL = cfg.url;
-        API_DOCS = "false";
+        API_DOCS = "true";
        ALLOW_SIGNUP = "false";
        DB_ENGINE = "postgres";
        POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}";
@@ -25,6 +25,13 @@ in
        WEB_CONCURRENCY = "1";
        SMTP_HOST = "smtp.gmail.com";
        SMTP_PORT = "587";
+        OIDC_AUTH_ENABLED = "true";
+        OIDC_SIGNUP_ENABLED = "true";
+        OIDC_CLIENT_ID = "mealie";
+        OIDC_ADMIN_GROUP = "/admins";
+        OIDC_USER_CLAIM = "email";
+        OIDC_PROVIDER_NAME = "keycloak";
+        OIDC_SIGNING_ALGORITHM = "RS256";
      };
      credentialsFile = config.sops.secrets.mealie.path;
    };
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -65,7 +65,7 @@ in
      nextcloud = {
        enable = true;
        https = false; # vps
-        package = pkgs.nextcloud31;
+        package = pkgs.nextcloud32;
        appstoreEnable = true;
        configureRedis = true;
        extraAppsEnable = true;
--- a/modules/servers/oauth2-proxy.nix
+++ b/modules/servers/oauth2-proxy.nix
@@ -0,0 +1,51 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
+  cfg = config.my.servers.oauth2-proxy;
+in
+{
+  options.my.servers.oauth2-proxy = setup.mkOptions "oauth2-proxy" "auth-proxy" 4180;
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    sops.secrets.oauth2-proxy = {
+      sopsFile = ../../secrets/env.yaml;
+      restartUnits = [ "oauth2-proxy.service" ];
+    };
+    sops.secrets.oauth2-proxy-cookie = {
+      sopsFile = ../../secrets/secrets.yaml;
+      restartUnits = [ "oauth2-proxy.service" ];
+    };
+    services.oauth2-proxy = {
+      inherit (cfg) enable;
+      provider = "keycloak-oidc";
+      clientID = "oauth2-proxy";
+      keyFile = config.sops.secrets.oauth2-proxy.path;
+      oidcIssuerUrl = "${config.my.servers.keycloak.url}/realms/homelab";
+      httpAddress = "${cfg.ip}:${toString cfg.port}";
+      email.domains = [ "*" ];
+      cookie = {
+        name = "_oauth2_proxy";
+        secure = true;
+        expire = "168h";
+        refresh = "1h";
+        domain = ".lebubu.org";
+        secret = config.sops.secrets.oauth2-proxy-cookie.path;
+      };
+      extraConfig = {
+        skip-auth-route = [ "^/ping$" ];
+        set-xauthrequest = true;
+        pass-access-token = true;
+        pass-user-headers = true;
+        request-logging = true;
+        auth-logging = true;
+        session-store-type = "cookie";
+        skip-provider-button = true;
+        code-challenge-method = "S256";
+        whitelist-domain = [ ".lebubu.org" ];
+      };
+    };
+  };
+}
--- a/modules/servers/paperless.nix
+++ b/modules/servers/paperless.nix
@@ -1,21 +1,28 @@
 { lib, config, ... }:
 let
  cfg = config.my.servers.paperless;
+  inherit (config.services.paperless) port;
 in
 {
  options.my.servers.paperless.enable = lib.mkEnableOption "Paperless-ngx document management system";
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
-    networking.firewall.allowedTCPPorts = [ config.services.paperless.port ];
+    networking.firewall.allowedTCPPorts = [ port ];
    services.paperless = {
      inherit (cfg) enable;
-      address = "0.0.0.0";
+      address = config.my.ips.server;
      consumptionDirIsPublic = true;
      consumptionDir = "/srv/pool/scans/";
      settings = {
+        PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL = "http";
+        PAPERLESS_URL = "http://${config.my.ips.server}:${builtins.toString port}";
        PAPERLESS_DBENGINE = "postgress";
        PAPERLESS_DBNAME = "paperless";
        PAPERLESS_DBHOST = config.my.postgresSocket;
        PAPERLESS_TIME_ZONE = config.my.timeZone;
+        PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
+        PAPERLESS_ACCOUNT_ALLOW_SIGNUPS = false;
+        PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS = true;
+        PAPERLESS_SOCIAL_AUTO_SIGNUP = true;
        PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
          ".DS_STORE/*"
          "desktop.ini"
--- a/modules/servers/plausible.nix
+++ b/modules/servers/plausible.nix
@@ -0,0 +1,27 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
+  cfg = config.my.servers.plausible;
+in
+{
+  options.my.servers.plausible = setup.mkOptions "plausible" "analytics" 8439;
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    sops.secrets.plausible.sopsFile = ../../secrets/secrets.yaml;
+    services.plausible = {
+      inherit (cfg) enable;
+      database.postgres.socket = config.my.postgresSocket;
+      mail.email = config.my.smtpemail;
+      server = {
+        inherit (cfg) port;
+        baseUrl = cfg.url;
+        listenAddress = cfg.ip;
+        secretKeybaseFile = config.sops.secrets.plausible.path;
+        disableRegistration = true;
+      };
+    };
+  };
+}
--- a/modules/servers/postgres.nix
+++ b/modules/servers/postgres.nix
@@ -40,6 +40,7 @@ let
    "sonarqube"
    "gitea"
    "atticd"
+    "keycloak"
  ];
 in
 {
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -7,16 +7,12 @@
 }:
 let
  inherit (inputs) qbit_manage;
-  pkgsU = import inputs.nixpkgs-unstable {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
  vuetorrent = pkgs.fetchzip {
-    url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.25.0/vuetorrent.zip";
-    sha256 = "sha256-sOaQNw6AnpwNFEextgTnsjEOfpl3/lpoOZFgFOz7Bos=";
+    url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.31.0/vuetorrent.zip";
+    sha256 = "sha256-kVDnDoCoJlY2Ew71lEMeE67kNOrKTJEMqNj2OfP01qw=";
    stripRoot = true;
  };
-  qbit_manageEnv = pkgsU.python3.withPackages (
+  qbit_manageEnv = pkgs.python3.withPackages (
    ps:
    builtins.attrValues {
      inherit (ps)
--- a/modules/servers/ryot.nix
+++ b/modules/servers/ryot.nix
@@ -12,7 +12,7 @@ in
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.ryot = {
-      image = "ghcr.io/ignisda/ryot:v9.3.0";
+      image = "ghcr.io/ignisda/ryot:v9.5.0";
      ports = [ "${toString cfg.port}:8000" ];
      environmentFiles = [ config.sops.secrets.ryot.path ];
      environment = {
--- a/modules/services/nvidia.nix
+++ b/modules/services/nvidia.nix
@@ -7,10 +7,11 @@
 {
  options.my.services.nvidia.enable = lib.mkEnableOption "NVIDIA GPU drivers and CUDA";
  config = lib.mkIf config.my.services.nvidia.enable {
-    environment.variables.CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
    boot.kernelParams = lib.mkIf (config.networking.hostName == "workstation") [ "nvidia-drm.fbdev=1" ];
    services.xserver.videoDrivers = [ "nvidia" ];
+    environment.variables.CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
    hardware = {
+      nvidia-container-toolkit.enable = config.virtualisation.podman.enable;
      graphics = {
        enable = true;
        enable32Bit = true;
--- a/modules/services/sound.nix
+++ b/modules/services/sound.nix
@@ -1,11 +1,10 @@
 {
  config,
  lib,
-  inputs,
  ...
 }:
 {
-  imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
+  # imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
  options.my.services.sound.enable = lib.mkEnableOption "audio system and PipeWire";
  config = lib.mkIf config.my.services.sound.enable {
    services.pulseaudio.enable = false;
@@ -15,11 +14,12 @@
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
-      lowLatency = {
-        enable = true;
-        quantum = 64;
-        rate = 48000;
-      };
+      wireplumber.enable = true;
+      # lowLatency = {
+      #   enable = true;
+      #   quantum = 64;
+      #   rate = 48000;
+      # };
    };
  };
 }
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -69,9 +69,10 @@ in
        };
        folders = {
          cache = mkMobile "~/Downloads/cache/";
-          friends = mkMobile "~/Pictures/artist/friends/";
-          forme = mkMobile "~/Pictures/art for me/";
+          friends = mkMobile "~/Pictures/Artist/friends/";
+          forme = mkMobile "~/Pictures/Art for me/";
          comfy = mkMobile "~/Development/AI/ComfyUI/output/";
+          clean = mkMobile "~/Pictures/Unorganized/unified mess/sync";
          gdl = {
            path = "~/.config/jawz/";
            ignorePerms = false;
@@ -104,7 +105,7 @@ in
            ];
          };
          friend_share = {
-            path = "~/Pictures/encrypted/friends";
+            path = "~/Pictures/Encrypted/friends";
            ignorePerms = false;
            type = "sendreceive";
            devices = [
--- a/secrets/env.yaml
+++ b/secrets/env.yaml
@@ -1,15 +1,18 @@
 gitea: ENC[AES256_GCM,data:8o+U4qFdyIhCPNlYyflQIuLHsQHtbT6G/a0OyCUeg9DtIeABXNVFhiy4iFRuIF0=,iv:AYwqDRNML1XuzwQnD4VmI4rKWYfTJjOjibrAbI5qgcA=,tag:UPL3UlETdkoFXLihEIGcSw==,type:str]
 shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
 flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
-ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str]
-mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
 maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str]
-multi-scrobbler: ENC[AES256_GCM,data:ce3dd0PKm6eyD2AqWmw+8iex/tBHgMhG8ASoOMkT3c9k6kiZabpTTFTkcouMO+s42P+qjWQAUJcJlDdYVYJZbAqw8nnxLrtYmKoBknSbbWijlR//CpgfwuuAWIyGQAGVPliuxz+lR+1cf/G2mXM+FJIfp8Sliak3v/nGg3ry0bdjbOLVoBM4rS90Jrq98ZuBrjlFVhcJTKkEHtgDv8N56wWbPL/r3cTlS9MoEu2ulCSLvfu/snr8HqJ5yssAGQ==,iv:jOJulX6o3t+W6DrD6sU7amDH7JQP/JFGBI9IM8m/sXU=,tag:jFZoLpYFXj+xplbypf3nvw==,type:str]
-vaultwarden: ENC[AES256_GCM,data:NituIOyGrYALEkuwKT0RRS1gvi3wjC6ZSAfUIejfi8xoePE6vSNztJTGsRSIh4sJnRrQIiDuKTmRKZDM6AtX/oEBsNW8MVq+lWAq/vtcO7fuTriySEungmpXhQwRZD6NsXE+9283P3s6RshpA4iipmENiW2v2/uxkIXxtTguUxfX0psWYtF6mx5/hpaoNZ523OB69m6veAxD6Pmnj+pTOAORGXHldoNrxNc35WBDdndjAZICyO873tbs22VJOWD9a66BNxtfwIPYoFkuPO6QG3nnFfyPSQ==,iv:rmDJbrP+NQ5HGdRCWSYfymP8dU9WJdMEhAg80eupgeY=,tag:kdNzgWjgeqaTCjqUCc4uWw==,type:str]
-dns: ENC[AES256_GCM,data:fQN3SOm0HzOjSjTohRAD4KlXdEu5PbQc3DvK3rLC1S4G0G4HUPkgucN6vJUwVJPiY0AB+L/iLNcqCRz8OH0qNtfnikBbDicq0OfrwjnN+VzmbwmrS6AdFo6lilbxI3Jb8YwGMrQxXg0U9F2/WVLETbzICG2KpukwIER0xxQpb51OVL+2hviGV8JpWKo66S6pug628Zc+uMJXEBPSqCpz2vXHXnXWMszP6MlqVfNm/zE=,iv:DOj0e8y+2N9eRA81nlT0kS66sXWZoLSVn0NAiUkNcDY=,tag:+0Baqs6TbTAmt3lRfncE6Q==,type:str]
+oauth2-proxy: ENC[AES256_GCM,data:MnAMX4adm8joZGaxZhgMDGf/15U2tk3dE/0dHFwETIi4JdpNvG/PUHTWGmXJrUnRrFxdZaOtGUzAMF47,iv:eEoo0YM+wt2/pCcONHM9YPRj/q4fC9OQZr+ckRsmhjY=,tag:AevxpvvRt13T5w5xwzay5w==,type:str]
 cloudflare-api: ENC[AES256_GCM,data:iNUMlY8rz5yHVitpK4HGaFSK7j+c8Pm7rOQMOQGmSJ3a8ASyrtouPgLbcnoPY/jalsJYAj991dSiui+Vwqs=,iv:qWONG/KLd9/F4tqrWF5T25Zxst3bk+kOYaOFBFSBAAY=,tag:gRFxar8KS8gnX8oaCD156Q==,type:str]
 synapse: ENC[AES256_GCM,data:IR0pFwQBEM4O8mzzYXrPe2FjulSUGuitzLDLms2uovr6gEU82mCkRO/UCQOybNm03iOQeXX0Whz739kpYSGSInEyx69BNG/etH+bMu+GbYeMdrTEyXHSa7kcH4Ug,iv:Vn2ILYXnCj+Op/E2kWoxV+2ZtlxYJxO6XK3Ql41KW6w=,tag:9wogJFLlmfM5PRgPdwFlcw==,type:str]
 readeck: ENC[AES256_GCM,data:TsIkHLji37dDHQRt78SquBhoSREHDgvgbc6+M1k2MLrgMGJ/Ejfy5AZXCIp/Qj5sXDzKP4j6Y6xFvGLswCqe02XjqGCpX13gZVCFPuKr8Nq051Xg,iv:Rc/pjYP+Vd/DvLCYsfJjDrnAlAiUlZOcNeeYzE6O3UY=,tag:OvR+CXMmrUFbsrHvduhnjA==,type:str]
+keycloak: ENC[AES256_GCM,data:BmwZxuJaOB8F7zmBNAf42lkw36s5TepimtdyT2xjdGVyuHgRHbTZqeVen7/0II39qrJjko4agZJgToIZ1uhaC/gpGSoHZlib3rJozPCqmBc42nO6SOtpIO8=,iv:kPModK85937/liNk6iLIRiQ/G5yB7S7h24ZzPb8A1zo=,tag:lWvDQAHVRiBz8XZUoADKvw==,type:str]
+ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str]
+isso: ENC[AES256_GCM,data:yfcIsfGuEH3pcpsbBZWXbxrO39AQxHYMaNDHpjhJmwQBUnWgKSWCynIDWgUm+Gjy5r/4GP373xCSiWg3ti7MMgbmqKpd2fL886mrk/7fLMocQqW4sCfWaObzwoEjDvrjDbqAaaJxP4PDcrxOUjj3MiIzQSMPY35I02tbJKTuB6WQw+DftI5Or1/H,iv:j8qp9BSWegV2lKLDlNhlTnWtYABQFPIBEuZJQNpGMjs=,tag:zsiY5crL9bVwOXtwhAeDPw==,type:str]
+mealie: ENC[AES256_GCM,data:/XRyhFGfsSF9y2UEvWIjB05LGkYx4kbl1u5ninGEnkPkbmyRfW0TXybeVKwcX/By05KkbUk+C4N00qykmo16KpI/lRytfnsQHmutST6dV1C5CB6XiPymG8WcntwOtmUiMEwm9qqgEJfoaeFfwdY+03+GFuS2cSphGe6XN8dUOTe+IjNIO4U8U2FXtvcNEsd5SohWkbnObZScKocOSFemjjKoSySwJpK64sQwVKOyIgVECuWo1asXShvmYY3iE6coB7DEk3PaS3hj5u7neN+muZrdANBZjlFxANWDhvFLX6fplRXZLS7DE0KjTqeVjC237Q==,iv:RyRG36wUkiGIZ6l9bXY2cj7jdi8SSJLrbpkOA4uRigU=,tag:frzKD0eabB8O6UH/+pJBTw==,type:str]
+multi-scrobbler: ENC[AES256_GCM,data:ce3dd0PKm6eyD2AqWmw+8iex/tBHgMhG8ASoOMkT3c9k6kiZabpTTFTkcouMO+s42P+qjWQAUJcJlDdYVYJZbAqw8nnxLrtYmKoBknSbbWijlR//CpgfwuuAWIyGQAGVPliuxz+lR+1cf/G2mXM+FJIfp8Sliak3v/nGg3ry0bdjbOLVoBM4rS90Jrq98ZuBrjlFVhcJTKkEHtgDv8N56wWbPL/r3cTlS9MoEu2ulCSLvfu/snr8HqJ5yssAGQ==,iv:jOJulX6o3t+W6DrD6sU7amDH7JQP/JFGBI9IM8m/sXU=,tag:jFZoLpYFXj+xplbypf3nvw==,type:str]
+vaultwarden: ENC[AES256_GCM,data:6PID5tUMZ6BlyddmxumG3Z4uoxDezr8OIRJPYd7SrW1kTGUaQyewIxFajngOY3r251t61IwbKe0MwWeugpi7w2kxVJN4e0WErwUZDjBPCQxukbu81kVbUzCS3VDm1TP0fKylJUPIK3bkKKHkD5XDGo22YtuhICyaPkYXNtEEs2TCAHagBuSrVVEYPbp8as7FS1j8L47XUkjaT919w298nB8s7jNo4VvaNeHFgWVdH0oRRD/VUJj7yewXaugk+mlsRMuNd9HqxpOophIHzX2B59YG3rBA6w==,iv:Xgv4OTDJNf+atQHFAvSEYMXcW65cm7wqN9VtmDHS3MU=,tag:ZN/igsxJb025HmCriLcCZQ==,type:str]
+dns: ENC[AES256_GCM,data:fQN3SOm0HzOjSjTohRAD4KlXdEu5PbQc3DvK3rLC1S4G0G4HUPkgucN6vJUwVJPiY0AB+L/iLNcqCRz8OH0qNtfnikBbDicq0OfrwjnN+VzmbwmrS6AdFo6lilbxI3Jb8YwGMrQxXg0U9F2/WVLETbzICG2KpukwIER0xxQpb51OVL+2hviGV8JpWKo66S6pug628Zc+uMJXEBPSqCpz2vXHXnXWMszP6MlqVfNm/zE=,iv:DOj0e8y+2N9eRA81nlT0kS66sXWZoLSVn0NAiUkNcDY=,tag:+0Baqs6TbTAmt3lRfncE6Q==,type:str]
 lidarr-mb-gap: ENC[AES256_GCM,data:bNzD9Nf9BWAPkm0Yk0J4MJbmo908QX9VsD+40Rngnfec9nzH4vZ2DrelxRllgT1kgnXMQzvoSgNhBwkDN4fgX73hz1FjkytTwahlO0wcY6R+tw4aokh0QYy0TVx5pZ4u1FEQOAp3IMgBsP8HOqaL/NEsEo3yb0K9iC3AfFihkLDJmVh26Pg=,iv:go0qS7/BcfcAMPkAdGWCoL61gNqBG5lWDev++y9DJ/I=,tag:LgtEyTZH8NfhfrKTcAigZw==,type:str]
 sops:
    age:
@@ -49,7 +52,7 @@ sops:
            QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
            9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-11T23:18:34Z"
-    mac: ENC[AES256_GCM,data:i3U364pjZB5Y61Wf7ETbXhNWyfH1gw0oyPcNyT+nCIJmePh8JWiP9hnHmZfLS1BKkI2powQdezbz9R0XDvU7g2SkV8EsWmn/h3rFwbopUZbeRQ2SCoX7LGFez74l1oTPQjL8zWJVdrUtfAFgbZKSEWuz7rsDieKBVhIJwWaeePY=,iv:N4z+X3eD6jH+zQfY24qec+U6wkfhLGPm4MzY8T2Km/A=,tag:yluW5YSKMZ4Kk+wcXbkj8Q==,type:str]
+    lastmodified: "2025-12-26T03:14:55Z"
+    mac: ENC[AES256_GCM,data:gIWqEMtFkoEnFV/I4cefglnXxxr1XwON/Oiv/iHv1h5zVLvEwdGC9hyQB1KEKUEHDxWjh8GpKXn9rkZ5pncs7vZdjgiMXyVC7IAiN7uT03RfyGjPtLy7T9qqzmac2uOWLoCnda6No4VIBGG50leh5J7WDk4hKXvlm49xCwSlcLw=,iv:fVtqpXMO3klwAztFRXODLp5H9kq9LJt82Zsoq/59dTU=,tag:XTa90qDkg7ehW6xoXRwEVw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,11 +1,10 @@
 jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
-smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
+smtp-password: ENC[AES256_GCM,data:Reb6wDlZivAn5DVI2swNfQ==,iv:ZT4QvFXYmgFl1Ut07Yic1qnA8JvapSTfKw2DPCoQMEU=,tag:A5jIqUrmUwROS/LKbsahsQ==,type:str]
 nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
 firefly-iii-keyfile: ENC[AES256_GCM,data:HTifd3/5apa9f0RiOh33aRRoVkRskgo/2FV9S01wQSEmKFLg2M9gNNFm6gv2/WCQvNc1,iv:4yLIQQkfqhLixQtAOsbQePNlKOrU2p6Dqw9aLPDoJrM=,tag:uSbAMCy4FWRMU+QhExAE2w==,type:str]
-resilio:
-    host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
-    user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
-    password: ENC[AES256_GCM,data:codFGm4O9QkI2+hbrVK3UqwFWETXyfl9y3Q5lY6UfnIRe/IqWG8Ibly1BUlh7OjKIepXm6m35e6QPioVSiUT5Ll1SIE=,iv:QWqKyKrvm2y2UM2Ir1COxjV0jgU8jTeu9ehnyeXTwCE=,tag:Xtr+r7EphaiLjGwK5gmsMQ==,type:str]
+postgres-password: ENC[AES256_GCM,data:V0g4T1cLUFnTN94zZZR83/KVJFUDGEWVEn6nyijnver4QCELUFkNr99s9g==,iv:1ymHA0JaVC2/aHdg4TmJmuKOG8JGZRRvynrgQIGdTss=,tag:xsCVpc+HBaNeswYvzo0PaA==,type:str]
+oauth2-proxy-cookie: ENC[AES256_GCM,data:eWEgnIGcdq1aRXWokmVO9DDb+t2oAxNCwFeyOUITzHQ=,iv:x5CROKQ5arUMESWQsroC15xbtMA6/HvnArhBiGwAx6k=,tag:U5yYk1ztExZsou7gVvA8Og==,type:str]
+plausible: ENC[AES256_GCM,data:Vze/uzsB4VkmeQwqJCVwlwT2kLpFoKSKXgaCmZ2633J2L6pVpL+OxnGxiSS7dmEuWRL5HOkMOJJdFWWCUhrv+QUMpp2RQ9bjy1q6gIOtejNTYPNm6/wg+A==,iv:d+ILv3ZDpanUxDJ2IkWaZ3TC14mldafxnjL3yAE+SK0=,tag:YqhGhMtCtvwaazeN7pXQJA==,type:str]
 kavita-token: ENC[AES256_GCM,data:kt3bTZNf4S7sKfbxzXc4Q+9yTPFTKzvEaR+mysBhhdnht+FuN9o9i9liqy2pKvB7WQmPnjQ/aYEYkcPSPg0NC5NwE7lNY7kUJtyHzYm2wkKqkkDIc/aI+dHhtX1SBF99ZpWEhmgnIA2HtCpYXUjkl4pUTKgNi0cn+bb1NULMY0zHyF2f7faOOKTWatQEuG1ZvBpiNIbPbsMznfdrWe9VEKrdtMg8IkK138Cn+EOSu0mCHdU=,iv:NCjegkB9/O6xq3fdWqhyVJy5YetqIpcDmD0yyBh3XXQ=,tag:IiqZY0mhqyUHJ61DRNHPlw==,type:str]
 stash:
    password: ENC[AES256_GCM,data:ZYwrETIJ1K5RJePR9TvmPdVHpZY=,iv:nqIvm5MkSmZxgSLUpZC0Iq2QOp4lU9rh9wtE8FhO7a0=,tag:YIlj9iPGjDVewgtjq0tdag==,type:str]
@@ -52,7 +51,7 @@ sops:
            RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
            QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-02T20:02:38Z"
-    mac: ENC[AES256_GCM,data:DnbkeF+evVTMhYTg3OU528cRQ+jBiUl7Q7JZxyGRL6USjB2OdIRxqnnCH8L36K2hSAIkKQ/kojyJs+8Pgkx5uD/qsCbGlNT9pSBU1qPdSBxqJsVPxHZmkuf/QxGtE4pgV/50xJMrVyzAetWPZuxcYVfWAPszxDZcR5XDuD+Yjk4=,iv:i2Vt6nv6etIgaaoxsbVlxEnIhIx4adOQZFeyGM/4Saw=,tag:jugPmHU78lap7Hy7RJd9pg==,type:str]
+    lastmodified: "2025-12-26T08:13:55Z"
+    mac: ENC[AES256_GCM,data:hZoOrRraR1qg/w6dEseP1sbJxxLBtWIw+hTV6TUQHlA9vCfrLEDlAlMZBNoTx1ijHz0Q22sV39j3ON+PBqfRRqxWr7nynYDZ7zk9rtVlW4xPTqIBusU+lHTFC7MSMfPn7bhTQ0h3QPHtTF778WIbgNYjEIXda4rlmrnc0bLdFA8=,iv:2a1M8KUtEj0rMuJsyu3WyEYdzeKw+VkDDZFsyU00XuM=,tag:vXw2+za466Olq05HJPOYdQ==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
Author	SHA1	Message	Date
Danilo Reyes	5c53ad615e	media map port	2025-12-28 21:01:10 -06:00
Danilo Reyes	5fbc4e1389	Update plausible configuration to reference the correct secrets file Some checks are pending Weekly NixOS Build & Cache / build-and-cache (push) Has started running Details	2025-12-26 02:34:24 -06:00
Danilo Reyes	648a22252a	plausible init	2025-12-26 02:23:04 -06:00
Danilo Reyes	467708a7e6	Refactor isso configuration to streamline server settings by removing unnecessary nesting	2025-12-25 22:07:13 -06:00
Danilo Reyes	cfb0ad1a31	Remove commented-out SMTP settings from isso configuration	2025-12-25 21:59:34 -06:00
Danilo Reyes	e80425e0f6	Re-enable isso in the service toggle list	2025-12-25 21:53:13 -06:00
Danilo Reyes	7289f6c5d2	Comment out SMTP notification settings in isso configuration	2025-12-25 21:42:57 -06:00
Danilo Reyes	54609e54bb	Update isso configuration to disable SMTP notifications and comment out SMTP settings	2025-12-25 21:24:05 -06:00
Danilo Reyes	4c924f6bb4	Update encrypted secrets in env.yaml for isso, mealie, and vaultwarden configurations; adjust lastmodified timestamp and mac value.	2025-12-25 21:15:14 -06:00
Danilo Reyes	8e0c2783cd	Refactor isso configuration to use structured server settings and update service dependencies	2025-12-25 21:05:32 -06:00
Danilo Reyes	2dd20fab48	isso setup	2025-12-25 19:03:14 -06:00
Danilo Reyes	07a083dfa2	system rename	2025-12-25 18:57:22 -06:00
Danilo Reyes	9d8defe07b	Merge pull request 'keycloak' (#1 ) from keycloak into main Reviewed-on: #1	2025-12-25 18:54:49 -06:00
Danilo Reyes	089ea908e3	Merge branch 'main' into keycloak	2025-12-25 18:54:36 -06:00
NixOS Builder Bot	76924a4021	Weekly flake update: 2025-12-15 10:50 UTC	2025-12-15 04:50:51 -06:00
Danilo Reyes	3325d8b931	bools to string	2025-12-10 18:45:57 -06:00
Danilo Reyes	75520f3b86	mealie configs	2025-12-10 18:38:08 -06:00
Danilo Reyes	7846f5a822	hmhmm?	2025-12-10 18:29:41 -06:00
Danilo Reyes	41850af033	uhh	2025-12-10 18:08:04 -06:00
Danilo Reyes	6cf501ab62	mealie keycloak init	2025-12-10 13:51:54 -06:00
Danilo Reyes	b00459e26e	paperless signon social	2025-12-10 13:08:08 -06:00
Danilo Reyes	e279e3811f	paperless > http	2025-12-10 12:46:12 -06:00
Danilo Reyes	1ade9dd65a	paperless test	2025-12-10 12:09:49 -06:00
Danilo Reyes	016b181d1b	disable gitea registration	2025-12-10 11:31:16 -06:00
Danilo Reyes	8c55d42ba2	Remove redirect-url from oauth2-proxy configuration to simplify callback handling	2025-12-10 05:04:03 -06:00
Danilo Reyes	b864c98786	Update oauth2-proxy configuration to use dynamic Keycloak URL and enhance redirect settings	2025-12-10 04:49:35 -06:00
Danilo Reyes	451359dc4d	Add code-challenge-method to oauth2-proxy configuration for enhanced security compliance	2025-12-10 04:40:01 -06:00
Danilo Reyes	7ab8789799	Remove systemd service configuration for oauth2-proxy to streamline service management	2025-12-10 04:38:27 -06:00
Danilo Reyes	b5a5d42910	Add oauth2-proxy cookie secret to configuration and update secrets.yaml for enhanced security management	2025-12-10 04:25:47 -06:00
Danilo Reyes	8f04f99c85	Refactor oauth2-proxy configuration to change 'skip-auth-routes' to 'skip-auth-route' for improved clarity	2025-12-10 04:14:51 -06:00
Danilo Reyes	dfe8ce2e4b	duh, wrong secret	2025-12-10 04:06:35 -06:00
Danilo Reyes	bd26dc247b	oauth	2025-12-10 04:03:05 -06:00
Danilo Reyes	3f40666ebf	Add Keycloak to the enabled services list and update its configuration to include the HTTP host setting	2025-12-10 02:51:58 -06:00
Danilo Reyes	b912aa82fa	Update Keycloak configuration to ensure proper handling of SOPS secrets and maintain consistency in secret file references	2025-12-10 02:41:10 -06:00
Danilo Reyes	616db8006e	Refactor Keycloak configuration to include restart units and streamline secret management	2025-12-10 02:37:55 -06:00
Danilo Reyes	ba41e8f804	Update Keycloak configuration to use new password secret and modify proxy settings	2025-12-10 02:33:31 -06:00
Danilo Reyes	5289193961	Add Keycloak to enabled services and refactor configuration settings structure	2025-12-10 02:31:31 -06:00
Danilo Reyes	e714a8d184	Update Keycloak configuration to use new secrets file and adjust environment variable references	2025-12-10 02:29:34 -06:00
Danilo Reyes	4d788d90ca	linting	2025-12-10 02:29:25 -06:00
Danilo Reyes	303cd2db36	Add SOPS secrets for Keycloak database password and update configuration	2025-12-10 02:12:06 -06:00
Danilo Reyes	2cd3afe2b3	Rename Keycloak database configuration key from 'databaseName' to 'name'	2025-12-10 02:06:28 -06:00
Danilo Reyes	92492b6323	Update Keycloak database configuration to use 'databaseName' instead of 'database'	2025-12-10 02:04:17 -06:00
Danilo Reyes	6d5ae474c6	keycloak init	2025-12-10 02:00:12 -06:00
NixOS Builder Bot	ac66f35d93	Weekly flake update: 2025-12-08 10:04 UTC	2025-12-08 04:04:46 -06:00
NixOS Builder Bot	e3bae4db52	Weekly flake update: 2025-12-05 10:37 UTC	2025-12-05 04:37:42 -06:00
Danilo Reyes	3fe51d5901	25.11! All checks were successful Weekly NixOS Build & Cache / build-and-cache (push) Successful in 1h7m11s Details	2025-12-05 02:40:17 -06:00
Danilo Reyes	76f0aeb07a	low latency module messes up btd600	2025-12-02 16:53:01 -06:00
NixOS Builder Bot	0904751654	Weekly flake update: 2025-12-01 11:45 UTC	2025-12-01 05:45:55 -06:00
Danilo Reyes	6e6fbc7c3f	new flake All checks were successful Weekly NixOS Build & Cache / build-and-cache (push) Successful in 2h15m41s Details	2025-11-30 13:18:24 -06:00
Danilo Reyes	c0578a4bf4	corrupted flake	2025-11-30 13:15:30 -06:00
Danilo Reyes	bcbb624e28	changed Pictures path to capitalized	2025-11-30 13:14:54 -06:00
NixOS Builder Bot	7d1c66aa49	Weekly flake update: 2025-11-28 09:45 UTC	2025-11-28 03:45:48 -06:00
Danilo Reyes	cbb625a053	25.11 beta All checks were successful Weekly NixOS Build & Cache / build-and-cache (push) Successful in 15m7s Details	2025-11-26 22:58:59 -06:00
Danilo Reyes	5e08c8bfd1	flake update	2025-11-26 21:24:31 -06:00
Danilo Reyes	6b88a3970d	properly declare nvidia-container-toolkit 25.11	2025-11-24 21:00:52 -06:00
Danilo Reyes	febe4251a7	tdarr port Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 1h28m57s Details	2025-11-23 17:14:44 -06:00
Danilo Reyes	a3cc30d74c	tdarr	2025-11-22 23:30:45 -06:00
Danilo Reyes	4d66cff834	enable nvidia podman if nvidia + podman are enabled	2025-11-22 20:27:10 -06:00
Danilo Reyes	2b9ef59733	qbittorrent downgrade	2025-11-22 00:42:08 -06:00
Danilo Reyes	f4c1f029fe	real bump	2025-11-22 00:08:54 -06:00
Danilo Reyes	e7308ff031	servers	2025-11-21 23:20:47 -06:00
Danilo Reyes	29777a261e	attempt to patch qbit_manage...	2025-11-21 23:15:45 -06:00
Danilo Reyes	3da044f396	patch	2025-11-21 23:01:27 -06:00
Danilo Reyes	b6de7127a4	qbit-manage version bump	2025-11-21 22:26:39 -06:00
Danilo Reyes	3b75b44629	new syncthing folder Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 38m28s Details	2025-11-21 02:00:17 -06:00
Danilo Reyes	e559395fed	flake update + homepage fix?	2025-11-21 01:59:01 -06:00
Danilo Reyes	2bc8391e63	ryot upgrade	2025-11-20 21:02:46 -06:00
Danilo Reyes	2fa9badd89	stylix enable gnome 39 Some checks failed Build on Push / build-configurations (push) Has been cancelled Details	2025-11-20 21:00:19 -06:00
Danilo Reyes	1aba99c68e	uneeded players	2025-11-20 21:00:06 -06:00
Danilo Reyes	1c3f389e28	nextcloud upgrade	2025-11-20 20:59:28 -06:00
Danilo Reyes	37f37f4a0d	flake update Some checks failed Build on Push / build-configurations (push) Failing after 7m27s Details	2025-11-20 17:07:36 -06:00
Danilo Reyes	bc9c582cd0	disable stylix a bit Some checks failed Build on Push / build-configurations (push) Failing after 49m37s Details	2025-11-20 01:09:52 -06:00
Danilo Reyes	afb35b3abd	push cache alias	2025-11-20 01:09:45 -06:00