...flakes

11 files changed, 103 insertions, 57 deletions

diff --git a/accounts/gkleen@sif/utils/pdf2pdf.nix b/accounts/gkleen@sif/utils/pdf2pdf.nix
index 5e9fb215..9f4cbc3e 100644
--- a/accounts/gkleen@sif/utils/pdf2pdf.nix
+++ b/accounts/gkleen@sif/utils/pdf2pdf.nix
@@ -4,5 +4,5 @@ resholve.writeScriptBin "pdf2pdf" {
   inputs = with pkgs; [ghostscript_headless];
   interpreter = lib.getExe zsh;
 } ''
-  exec gs -dPDFSETTINGS=/prepress -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dSAFER "-sOutputFile=''${2}" "''${1}"
+  exec gs -dPDFSETTINGS=/prepress -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dSAFER -dPreserveAnnots=false "-sOutputFile=''${2}" "''${1}"
 ''
diff --git a/flake.lock b/flake.lock
index 14568259..6046d92f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -507,11 +507,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1754797984,
-        "narHash": "sha256-t2WFkdB2qUyZt5rdqmJ340kqhvQWWOCJBJIc1nQ/Hg4=",
+        "lastModified": 1755424351,
+        "narHash": "sha256-xcorYLNdtLpb0wH5CPlUcpmYQUxeK95j1X855xQw+DY=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "647a310f1eaa59abec8aa215ff69d8979195425e",
+        "rev": "9aa137af01f05386e5bb5050e983750017007a66",
         "type": "github"
       },
       "original": {
@@ -541,11 +541,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1754742008,
-        "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=",
+        "lastModified": 1755419373,
+        "narHash": "sha256-EFH3zbpyLYjEboNV2Lmkxf9joEuFCmeYX+MMLRPStpg=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39",
+        "rev": "a6febb86aa5af0df7bf2792ca027ef95a503d599",
         "type": "github"
       },
       "original": {
@@ -582,11 +582,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754800038,
-        "narHash": "sha256-UbLO8/0pVBXLJuyRizYOJigtzQAj8Z2bTnbKSec/wN0=",
+        "lastModified": 1755404379,
+        "narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "b65f8d80656f9fcbd1fecc4b7f0730f468333142",
+        "rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3",
         "type": "github"
       },
       "original": {
@@ -639,11 +639,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1754564048,
-        "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=",
+        "lastModified": 1755330281,
+        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113",
+        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
         "type": "github"
       },
       "original": {
@@ -780,11 +780,11 @@
     },
     "nixpkgs-stable_3": {
       "locked": {
-        "lastModified": 1754689972,
-        "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=",
+        "lastModified": 1755274400,
+        "narHash": "sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a",
+        "rev": "ad7196ae55c295f53a7d1ec39e4a06d922f3b899",
         "type": "github"
       },
       "original": {
@@ -828,11 +828,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1754725699,
-        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {
@@ -1073,11 +1073,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753063383,
-        "narHash": "sha256-H+gLv6424OjJSD+l1OU1ejxkN/v0U+yaoQdh2huCXYI=",
+        "lastModified": 1755484659,
+        "narHash": "sha256-2FfbqsaHVQd12XFFUAinIMAuGO3853LONmva1gT3vKw=",
         "owner": "pyproject-nix",
         "repo": "build-system-pkgs",
-        "rev": "45888b7fd4bf36c57acc55f07917bdf49ec89ec9",
+        "rev": "9778e87c2361810ff15e287ca5895c9da4a0e900",
         "type": "github"
       },
       "original": {
@@ -1093,11 +1093,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754287816,
-        "narHash": "sha256-kDt0HB89oWTlTQMnTwDxx3BlRHK1AdAJ1kMcVYGuccs=",
+        "lastModified": 1754923840,
+        "narHash": "sha256-QSKpYg+Ts9HYF155ltlj40iBex39c05cpOF8gjoE2EM=",
         "owner": "pyproject-nix",
         "repo": "pyproject.nix",
-        "rev": "efe944d0902f406c28b4e8662312292a37e4de87",
+        "rev": "023cd4be230eacae52635be09eef100c37ef78da",
         "type": "github"
       },
       "original": {
@@ -1165,11 +1165,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754328224,
-        "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=",
+        "lastModified": 1754988908,
+        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4",
+        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
         "type": "github"
       },
       "original": {
@@ -1240,11 +1240,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754719699,
-        "narHash": "sha256-Ek6WILkhVMDWm9j0L23gxHhDt62z1+A68D+pPt0ghao=",
+        "lastModified": 1755485731,
+        "narHash": "sha256-k8kxwVs8Oze6q/jAaRa3RvZbb50I/K0b5uptlsh0HXI=",
         "owner": "pyproject-nix",
         "repo": "uv2nix",
-        "rev": "38ead6a16ba1be029dd40fe17fc064d6934847d2",
+        "rev": "bebbd80bf56110fcd20b425589814af28f1939eb",
         "type": "github"
       },
       "original": {
@@ -1297,11 +1297,11 @@
     "xwayland-satellite-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1754533920,
-        "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=",
+        "lastModified": 1755219541,
+        "narHash": "sha256-yKV6xHaPbEbh5RPxAJnb9yTs1wypr7do86hFFGQm1w8=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c",
+        "rev": "5a184d435927c3423f0ad189ea2b490578450fb7",
         "type": "github"
       },
       "original": {
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index b436542f..ed85ca17 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -15,7 +15,6 @@ in {
     ./email ./libvirt ./greetd
     tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager lanzaboote
     flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
-    flakeInputs.impermanence.nixosModules.impermanence
     flakeInputs.nixVirt.nixosModules.default
   ];
 
@@ -63,14 +62,14 @@ in {
       kernelPatches = [
         { name = "edac-config";
           patch = null;
-          extraStructuredConfig = with lib.kernel; {
+          structuredExtraConfig = with lib.kernel; {
             EDAC = yes;
             EDAC_IE31200 = yes;
           };
         }
         { name = "zswap-default";
           patch = null;
-          extraStructuredConfig = with lib.kernel; {
+          structuredExtraConfig = with lib.kernel; {
             ZSWAP_DEFAULT_ON = yes;
             ZSWAP_SHRINKER_DEFAULT_ON = yes;
           };
@@ -682,19 +681,9 @@ in {
       ];
       files = [
       ];
+      timezone = true;
     };
 
-    systemd.services.timezone = {
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-        ExecStart = "${pkgs.coreutils}/bin/cp -vP /.bcachefs/etc/localtime /etc/localtime";
-        ExecStop = "${pkgs.coreutils}/bin/cp -vP /etc/localtime /.bcachefs/etc/localtime";
-      };
-    };
-    services.tzupdate.enable = true;
-
     security.pam.services.gtklock = {};
 
     home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index 63beece3..1c66df2b 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -30,7 +30,7 @@ with lib;
       kernelPatches = [
         { name = "zswap-default";
           patch = null;
-          extraStructuredConfig = with lib.kernel; {
+          structuredExtraConfig = with lib.kernel; {
             ZSWAP_DEFAULT_ON = yes;
             ZSWAP_SHRINKER_DEFAULT_ON = yes;
           };
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index b1c05888..b25bd2ea 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -41,7 +41,7 @@ in {
 
       acceptTerms = true;
       # DNS challenge is slow
-      preliminarySelfsigned = true;
+      # preliminarySelfsigned = true;
       defaults = {
         email = "phikeebaogobaegh@141.li";
         # We don't like NIST curves and Let's Encrypt doesn't support
diff --git a/modules/impermanence-timezone.nix b/modules/impermanence-timezone.nix
new file mode 100644
index 00000000..a1edbfa5
--- /dev/null
+++ b/modules/impermanence-timezone.nix
@@ -0,0 +1,41 @@
+{ config, lib, utils, pkgs, ... }:
+
+{
+  options = {
+    environment.persistence = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule {
+        options = {
+          timezone = lib.mkEnableOption "storing system timezone";
+        };
+      });
+    };
+  };
+
+  config = {
+    systemd = lib.mkMerge (lib.mapAttrsToList (name: cfg: lib.mkIf cfg.timezone {
+      services = {
+        "timezone@${utils.escapeSystemdPath name}" = {
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = true;
+            ExecStart = "${pkgs.coreutils}/bin/cp -vP ${utils.escapeSystemdExecArg "${name}/etc/localtime"} /etc/localtime";
+            ExecStop = "${pkgs.coreutils}/bin/cp -vP /etc/localtime ${utils.escapeSystemdExecArg "${name}/etc/localtime"}";
+          };
+        };
+        "etc-localtime@${utils.escapeSystemdPath name}" = {
+          serviceConfig = {
+            Type = "oneshot";
+            ExecStart = "${pkgs.coreutils}/bin/cp -vP /etc/localtime ${utils.escapeSystemdExecArg "${name}/etc/localtime"}";
+          };
+        };
+      };
+      paths."etc-localtime@${utils.escapeSystemdPath name}" = {
+        wantedBy = [ "timezone@${utils.escapeSystemdPath name}.service" ];
+        after = [ "timezone@${utils.escapeSystemdPath name}.service" ];
+
+        pathConfig.PathChanged = "/etc/localtime";
+      };
+    }) config.environment.persistence);
+  };
+}
diff --git a/modules/impermanence.nix b/modules/impermanence.nix
new file mode 100644
index 00000000..621576a3
--- /dev/null
+++ b/modules/impermanence.nix
@@ -0,0 +1,6 @@
+{ flakeInputs, ... }:
+{
+  imports = [
+    flakeInputs.impermanence.nixosModules.impermanence
+  ];
+}
diff --git a/overlays/worktime/worktime/__main__.py b/overlays/worktime/worktime/__main__.py
index 3e7aeb9f..016690f0 100755
--- a/overlays/worktime/worktime/__main__.py
+++ b/overlays/worktime/worktime/__main__.py
@@ -375,10 +375,7 @@ class Worktime(object):
                               parse_datestr(stripped_line)
 
                           for day in [fromDay + timedelta(days = x) for x in range(0, (toDay - fromDay).days + 1)]:
-                              # if self.end_date.date() < day or day < self.start_date.date():
-                              #     continue
-
-                              if self.would_be_workday(day):
+                              if self.would_be_workday(day) and self.start_date.date() <= day and day <= self.end_date.date():
                                   if excused_kind == 'leave':
                                       self.leave_days.add(day)
                                   elif time is not None and time >= self.time_per_day(day):
@@ -444,8 +441,9 @@ class Worktime(object):
           if e.errno != 2:
               raise e
 
-      for year in range(self.end_date.year + 1, max(self.pull_forward.keys()).year + 1):
-          holidays |= {k: v * timedelta(hours = hours_per_week(k)) / len(self.workdays) for k, v in Worktime.holidays(year).items()}
+      if self.pull_forward:
+          for year in range(self.end_date.year + 1, max(self.pull_forward.keys()).year + 1):
+              holidays |= {k: v * timedelta(hours = hours_per_week(k)) / len(self.workdays) for k, v in Worktime.holidays(year).items()}
 
       self.days_to_work = dict()
 
diff --git a/overlays/yt-dlp.nix b/overlays/yt-dlp.nix
index 94ab1fdd..9a54a32b 100644
--- a/overlays/yt-dlp.nix
+++ b/overlays/yt-dlp.nix
@@ -1,5 +1,7 @@
 { prev, sources, ... }: {
   yt-dlp = prev.yt-dlp.overrideAttrs (oldAttrs: {
     inherit (sources.yt-dlp) pname version src;
+
+    postPatch = "";
   });
 }
diff --git a/system-profiles/bcachefs.nix b/system-profiles/bcachefs.nix
index 6090c56d..be12bf20 100644
--- a/system-profiles/bcachefs.nix
+++ b/system-profiles/bcachefs.nix
@@ -2,5 +2,15 @@
   config = {
     boot.supportedFilesystems.bcachefs = true;
     environment.systemPackages = with pkgs; [ bcachefs-tools ];
+
+    boot.kernelPatches = [
+      {
+        name = "bcachefs-casefold-fix";
+        patch = null;
+        structuredExtraConfig = with lib.kernel; {
+          UNICODE = lib.mkOverride 90 no;
+        };
+      }
+    ];
   };
 }
diff --git a/system-profiles/initrd-all-crypto-modules.nix b/system-profiles/initrd-all-crypto-modules.nix
index 45cd4b74..da6c781e 100644
--- a/system-profiles/initrd-all-crypto-modules.nix
+++ b/system-profiles/initrd-all-crypto-modules.nix
@@ -18,7 +18,7 @@ in {
     {
       name = "encrypted_key";
       patch = null;
-      extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes;
+      structuredExtraConfig.ENCRYPTED_KEYS = lib.kernel.yes;
     }
   ];
 }