add atlans laptop ssh key

Date: Thu Apr 30 00:03:28 UTC 2026
Evaluation warnings:
evaluation warning: cloud-hypervisor supports systemd-notify via vsock, but `microvm.vsock.cid` must be set to enable this.
evaluation warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system'

Co-authored-by: malobot <malobot@systemli.org>
Reviewed-on: malobeo/infrastructure#156
Co-authored-by: ahtlon <git@ahtlon.de>
Co-committed-by: ahtlon <git@ahtlon.de>

.gitea/workflows/autoupdate.yml

@@ -2,7 +2,7 @@ name: Weekly Flake Update
 
 on:
     schedule:
-        - cron: "0 0 * * 4"
+        - cron: "0 4 1/14 * *"
     workflow_dispatch:
 
 permissions:
@@ -89,6 +89,18 @@ jobs:
                 grep -q ${{ github.ref_name }} &&
                 exit 1 ||
                 exit 0
+            - name: close other bump requests
+              run: |
+                for i in $(tea pr -o simple | grep "Automatic Nixpkgs update" | awk '{print $1}')
+                do
+                  if [ "$i" = "" ]
+                  then
+                    echo "No bumps to close"
+                    exit 0
+                  else
+                    tea pr close $i
+                  fi
+                done
             - name: Force push branch
               run: git push --force -u origin nixpkgs_bump_$(date +%Y%m%d)
             - name: Create pull request

.gitea/workflows/hydra-callback.yml

@@ -0,0 +1,63 @@
+name: Hydra callback
+
+on:
+    pull_request:
+        types: 
+            - opened
+            - synchronize
+        paths:
+          - '**.nix'
+          - flake.lock
+    push:
+        branches:
+          - master
+        paths:
+          - '**.nix'
+          - flake.lock
+
+permissions:
+    contents: write
+
+jobs:
+    on_pr:
+        if: github.event.pull_request
+        runs-on: ubuntu-latest
+        env:
+            NIXPKGS_ALLOW_UNFREE: 1
+        steps:
+            - name: Install sudo
+              run: |
+                  apt-get update
+                  apt-get install -y sudo
+            - name: Set up Nix
+              uses: https://github.com/cachix/install-nix-action@v31
+              with: 
+                github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
+            - name: Find pr number
+              run: |
+                echo PR=$(echo "${{ github.ref }}" | cut -d / -f 3) >> "$GITHUB_ENV"
+            - name: run hydra wait
+              timeout-minutes: 200
+              run: |
+                echo "Running now @ pr no $PR"
+                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 "$PR"
+
+    on_push:
+        if: github.event.push
+        runs-on: ubuntu-latest
+        env:
+            NIXPKGS_ALLOW_UNFREE: 1
+        steps:
+            - name: Install sudo
+              run: |
+                  apt-get update
+                  apt-get install -y sudo
+            - name: Set up Nix
+              uses: https://github.com/cachix/install-nix-action@v31
+              with: 
+                github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
+            - name: run hydra wait
+              timeout-minutes: 200
+              run: |
+                echo "Running now @ master"
+                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 master

.hydra/spec.json

@@ -12,7 +12,7 @@
   "type": 0,
   "inputs": {
     "nixexpr": {
-      "value": "https://git.dynamicdiscord.de/ahtlon/infrastructure master",
+      "value": "https://git.dynamicdiscord.de/malobeo/infrastructure master",
       "type": "git",
       "emailresponsible": false
     },

flake.lock

@@ -126,11 +126,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1772055583,
+        "lastModified": 1780588968,
-        "narHash": "sha256-iPIm1orqkhsxqju6EVODOrV1BmyA5HNTZ8a1o812bFM=",
+        "narHash": "sha256-zQk+GqLO+T9taIl1UUt3swvaOksWJxL7PL8K0+Fc/Hs=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "f6dcfb7c16cc3775536c825dc0698d4ede13d063",
+        "rev": "4d3fb17437944ea57eef2b9e6108ca777b1209ca",
         "type": "github"
       },
       "original": {
@@ -176,12 +176,15 @@
       }
     },
     "nixos-hardware": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
       "locked": {
-        "lastModified": 1771969195,
+        "lastModified": 1781020964,
-        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
+        "narHash": "sha256-fS7xTi2j2iso5Hj7RNZLv/acDlCT+fgMVkVk40A7Uco=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
+        "rev": "32c2cd9e46286c4eced3dc6b613c659126bf3cca",
         "type": "github"
       },
       "original": {
@@ -209,11 +212,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1771848320,
+        "lastModified": 1780749050,
-        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
+        "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
+        "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
         "type": "github"
       },
       "original": {
@@ -225,11 +228,24 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1771903837,
+        "lastModified": 1767892417,
-        "narHash": "sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk=",
+        "narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
+        "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1780952837,
+        "narHash": "sha256-Fwd1+spDtQ0hDyBwme6ufG3n4mY0UrjjFdYHv+G/Hds=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951",
+        "rev": "e820eb4a444b46a19b2e03e8dfd2359439ff30fe",
         "type": "github"
       },
       "original": {
@@ -249,7 +265,7 @@
         "microvm": "microvm",
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix",
         "tasklist": "tasklist",
@@ -264,11 +280,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772048434,
+        "lastModified": 1780547341,
-        "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=",
+        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9",
+        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
         "type": "github"
       },
       "original": {
@@ -280,11 +296,11 @@
     "spectrum": {
       "flake": false,
       "locked": {
-        "lastModified": 1759482047,
+        "lastModified": 1778940603,
-        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
+        "narHash": "sha256-voSM8dZNlaOWN3kbYFky+FNY6fFQOEw0xF+ZMpZKkCQ=",
         "ref": "refs/heads/main",
-        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+        "rev": "367dd227f539267eae2b62770b4c17b88ac8c1f1",
-        "revCount": 996,
+        "revCount": 1265,
         "type": "git",
         "url": "https://spectrum-os.org/git/spectrum"
       },

machines/louise/configuration.nix

@@ -46,6 +46,8 @@
     ];
   };
 
+  nixpkgs.config.permittedInsecurePackages = [ "electron-39.8.10" ];
+
   services.tor = {
     enable = true;
     client.enable = true;

machines/modules/malobeo/gitea_translator.nix

@@ -55,7 +55,7 @@ in
 
       serviceConfig = {
         ExecStart = ''
-          ${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \
+          ${pkgs.python3}/bin/python3 ${../../../scripts/gitea_hydra_server.py} \
             --baseurl ${cfg.baseurl} \
             --owner ${cfg.owner} \
             --repo ${cfg.repo} \

machines/nextcloud/configuration.nix

@@ -63,6 +63,7 @@ in
     settings = {
       trusted_domains = [ "cloud.malobeo.org" "cloud.hq.malobeo.org" ];
       trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ];
+      overwriteprotocol = "https";
       "maintenance_window_start" = "1";
       "default_phone_region" = "DE";
     };

machines/pretalx/configuration.nix

@@ -1,4 +1,4 @@
-{ config, self, lib, pkgs,  ... }:
+{ config, self, lib, pkgs, inputs,  ... }:
 
 with lib;
 
@@ -58,6 +58,7 @@ in
 
   services.pretalx = {
     enable = true;
+    package = inputs.nixpkgs-unstable.legacyPackages."x86_64-linux".pretalx;
     celery.extraArgs = [
       "--concurrency=${toString config.microvm.vcpu}"
     ];

machines/ssh_keys.nix

@@ -4,6 +4,7 @@
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxgcjNOYbza3+RfANFDXy7HXNRFlkpDOAcGyB7MKshiVlbPByWRSjfZa0BeRNjpeCd8QkIodKUzqYOCOrc8ad3kiNbdLRcDz57A5xSLD3ynakoWJo0AmJjT3Ta1JJj8inNwwykR0ig5//SrtsZb9HkWJDAF017MokM2r8AWPE1QzcQdh93kojXcgTHrJHzEqgKbEGDEk37f1RvZG4umEFeqdK2FvS5isPa7P9X7hyyoDC8bvEy7xfaDrToJAoXon6r79taxH8UWIvy//xsU0NBLYK2eE4RQe2AjF6Ri+CybI6y1SsHOvyh4nNKWlfUOEL6UnIulRn/LXFOKCJi7xuoTeJXS0+w1DNEuiGosVNXPSKbUm/eDBVnb8Iyep9wmygSZayN82xL5lRlG3Mn45ttecqfm2SJkmduBA5qXcTdDPe/lXTZaVO9tbiIcJfUgd3ttEu2+6YjLn74D965PlovzvR6EhbVUZ8IkOAt4VmuTkXIdm8SCS7jzhsiKeUXoZ4rfa375zi79SIPuIkoMasj6d16wcYOeFIUIMFFccfQ9jQjr9NTSXC2dd7sfbI9I9mF7eRQSsUdSwpP8WH1b+M1MxTbdhEUdPwpOLviTTIuk8E8K8DQDZIcOOh38mCDpyoh02nwfRxlyoYVsKAHIQH02dHTvYEa3/pMsRwGc9W1Ow== kalipso@desktop"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQg6a2EGmq+i9lfwU+SRMQ8MGN3is3VS6janzl9qOHo quaseb67@hzdr.de"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKaEcGaSKU0xC5qCwzj2oCLLG4PYjWHZ7/CXHw4urVk atlan@nixos"
+   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi8yxrMZoXEy7e8/MZeyihOARU2tN0TpJTUX55UO31B atlan@argon"
  ];
  backup = [
   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560="

outputs.nix

@@ -118,6 +118,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       users.imports = [ ./machines/modules/malobeo/users.nix ];
       backup.imports = [ ./machines/modules/malobeo/backup.nix ];
       printing.imports = [ ./machines/modules/malobeo/printing.nix ];
+      gitea-translator.imports = [ ./machines/modules/malobeo/gitea_translator.nix ];
     };
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (