From bae025b04658335e830cb45487ee66b131e086d5 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 10 Jun 2022 16:56:15 +0200
Subject: [PATCH 1/3] hades: init

---
 flake.nix                                     |   9 ++
 hades.nix                                     |  23 +++++
 hosts/hades/configuration.nix                 |  84 ++++++++++++++++++
 hosts/hades/default.nix                       |  66 ++++++++++++++
 hosts/hades/hardware-configuration.nix        |  25 ++++++
 hosts/hades/home.nix                          |   5 ++
 hosts/hades/secrets.nix                       |  20 +++++
 modules/secrets/secrets.nix                   |   3 +-
 .../secrets/users/alarsyo-hashed-password.age | Bin 694 -> 793 bytes
 .../secrets/users/root-hashed-password.age    | Bin 619 -> 821 bytes
 10 files changed, 234 insertions(+), 1 deletion(-)
 create mode 100644 hades.nix
 create mode 100644 hosts/hades/configuration.nix
 create mode 100644 hosts/hades/default.nix
 create mode 100644 hosts/hades/hardware-configuration.nix
 create mode 100644 hosts/hades/home.nix
 create mode 100644 hosts/hades/secrets.nix

diff --git a/flake.nix b/flake.nix
index bf6fc2c..5ed22ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -102,6 +102,15 @@
             ++ sharedModules;
         };
 
+        hades = nixpkgs.lib.nixosSystem rec {
+          inherit system;
+          modules =
+            [
+              ./hades.nix
+            ]
+            ++ sharedModules;
+        };
+
         boreal = nixpkgs.lib.nixosSystem rec {
           inherit system;
           modules =
diff --git a/hades.nix b/hades.nix
new file mode 100644
index 0000000..26018f0
--- /dev/null
+++ b/hades.nix
@@ -0,0 +1,23 @@
+{...}: {
+  imports = [
+    # Default configuration
+    ./base
+
+    # Module definitions
+    ./modules
+
+    # Service definitions
+    ./services
+
+    # Host-specific config
+    ./hosts/hades
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+}
diff --git a/hosts/hades/configuration.nix b/hosts/hades/configuration.nix
new file mode 100644
index 0000000..28590e3
--- /dev/null
+++ b/hosts/hades/configuration.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    # Replace with your public key
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
+  ];
+  users.users.root.initialHashedPassword = "";
+  services.openssh.permitRootLogin = "prohibit-password";
+  users.users.alarsyo = {
+    password = "toto";
+    isNormalUser = true;
+    extraGroups = [
+      "media"
+      "networkmanager"
+      "video" # for `light` permissions
+      "docker"
+      "wheel" # Enable ‘sudo’ for the user.
+    ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
+    ];
+  };
+
+
+  networking.useDHCP = false;
+  networking.interfaces.enp35s0.ipv4.addresses = [
+    {
+      address = "95.217.121.60";
+      prefixLength = 26;
+    }
+  ];
+  networking.interfaces.enp35s0.ipv6.addresses = [
+    {
+      address = "2a01:4f9:4a:3649::2";
+      prefixLength = 64;
+    }
+  ];
+  networking.defaultGateway = "95.217.121.1";
+  networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; };
+  networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+  networking.hostName = "hades";
+
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false;
+    devices = [ "/dev/sda" "/dev/sdb" ];
+  };
+
+  system.stateVersion = "22.05";
+  
+  environment.systemPackages = with pkgs; [
+    vim
+    tmux
+    git
+    (pkgs.callPackage "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/main.tar.gz"}/pkgs/agenix.nix" {})
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  nix = {
+    package = pkgs.nixStable;
+
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      trusted-users = ["@wheel"];
+      substituters = [
+        "https://alarsyo.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+  };
+
+}
diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix
new file mode 100644
index 0000000..82d2fcb
--- /dev/null
+++ b/hosts/hades/default.nix
@@ -0,0 +1,66 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  secrets = config.my.secrets;
+in {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+
+    ./home.nix
+    ./secrets.nix
+  ];
+
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false;
+    devices = [ "/dev/sda" "/dev/sdb" ];
+  };
+
+  networking.hostName = "hades"; # Define your hostname.
+  networking.domain = "alarsyo.net";
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  networking.useDHCP = false;
+  networking.interfaces.enp35s0.ipv4.addresses = [
+    {
+      address = "95.217.121.60";
+      prefixLength = 26;
+    }
+  ];
+  networking.interfaces.enp35s0.ipv6.addresses = [
+    {
+      address = "2a01:4f9:4a:3649::2";
+      prefixLength = 64;
+    }
+  ];
+  networking.defaultGateway = "95.217.121.1";
+  networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; };
+  networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+  my.networking.externalInterface = "enp35s0";
+
+  # List services that you want to enable:
+  my.services = {
+    tailscale = {
+      enable = true;
+      exitNode = true;
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "no";
+  services.openssh.passwordAuthentication = false;
+
+  # Takes a long while to build
+  documentation.nixos.enable = false;
+}
diff --git a/hosts/hades/hardware-configuration.nix b/hosts/hades/hardware-configuration.nix
new file mode 100644
index 0000000..e15d951
--- /dev/null
+++ b/hosts/hades/hardware-configuration.nix
@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2a24010c-14bd-439b-b30b-d0e18db69952";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/hades/home.nix b/hosts/hades/home.nix
new file mode 100644
index 0000000..3bb7dab
--- /dev/null
+++ b/hosts/hades/home.nix
@@ -0,0 +1,5 @@
+{config, ...}: {
+  home-manager.users.alarsyo = {
+    my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
+  };
+}
diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix
new file mode 100644
index 0000000..3fbc379
--- /dev/null
+++ b/hosts/hades/secrets.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  options,
+  ...
+}: {
+  config.age = {
+    secrets = let
+      toSecret = name: {...} @ attrs:
+        {
+          file = ./../../modules/secrets + "/${name}.age";
+        }
+        // attrs;
+    in
+      lib.mapAttrs toSecret {
+        "users/alarsyo-hashed-password" = {};
+        "users/root-hashed-password" = {};
+      };
+  };
+}
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 7e1ce4b..68137cc 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -3,10 +3,11 @@ let
   users = [alarsyo];
 
   boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
+  hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
   poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
   zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
 
-  machines = [boreal poseidon zephyrus];
+  machines = [boreal hades poseidon zephyrus];
 
   all = users ++ machines;
 in {
diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age
index 9d80aa72837e8960690453faa7b6615c69c3c397..f9a9f83c1edaf2939968fd91df928d4e88cebc77 100644
GIT binary patch
delta 746
zcmdnSI+JaJ>g0Sz_IkI}0F#I)uYwYv^5Rl$H-GccV8<duN6V<tic)8fg1q8_il`#v
ze1l-4bS@+R%xp{36938yZ&Rm4XZKK7OW&%Z5DWjpjEJf%Ge5($jEbn7lt`~gS1w&U
zh2r82-P9B#Q&U4rg@Oo+N~3fIrzG<L_Y&_g?Yt<1Li134C%3HJEVn@O0O$0Q^i1b4
zkK96^oC;S%^CahFF4r6v(|jXG6C+FiL=&fQx4iQ7$gsRzvj8&#bF;9J{6PII$09?6
z#O(0=i66!5-2zSW14}IPQnEq|N_-2-41+RFi}Iq31I*JxO-w4CO*}2r{Y^?LbFv({
zO3l0t-94O5tGvU~Tn&68v^|_mOA7)@QX@?*@=^=E47{9+T=G4O)3QU+eG(N|8s_Jy
zP^|41?w9Q1>XDjN=vM3#kXK)vQ5x(ST$x&yS`ulT<ejZ=Q52k8n49h7%avW=<&_`o
z;csl|m1A5{;_i`Y;!;&%Vv<#!<n5vDr0;6(Y!u)gndg}2iEdrCQMyM~xk7k|etNl2
zN_bdkUbuFkQGR)Ok&nAimS3V#MP-<Aaz(0neVAEQu4!bJn=hAta<OHYL8M!lcD_+m
zj!B`9b5cf{YfzDUcxaZZc2;@0zniwcK~S(?Sw6_R)EIX=1M65b-Snc=#Nt$i8dan8
zyj(>CF3S{SV-H6zU0q!T<8)t>{Os`1Lf=%kOtU~I3+EF5jKYk7z+zXw@={Oz62p3r
z!tk^*%dpCPt~*CfEiX>dSU9gyS*mgc<Czz33>W-OjLt1xUtti#boN7T&hownpCcPg
z|MI@~$nT0c%Wyq0nd!(mDaS6KAd&V9iXT~jDKGwze%F6$m!?|EgKfte4wkK%WXm_{
zo@Ltl5QCk^^6rGT+$o&G^(fpsA@>%S>G48d(LXQ3op|)GPOtVTzs5KF#1)@khfQ|@
E07kI|t^fc4

delta 627
zcmbQqwvBay>g2nO?BQX>ftl%EA*PmL;VEVzZbqdM75YBj1wI+&mHCz4l@USSj!~77
zW$wXQ>0J2+o?#{W$?2|<DMh9Eg?T9fCho;vUZxS1MpY(77RFItmbpHjrS7SbCX?eC
z#l!Q0O#Je~bJE=+yaPScOhZ$0BTd7SosBFCEkc6wymM0{3|#_Kic*vF%DIA560^Mm
zUDG0bit}<)gZ#2HiVTdBl0x+@z4CmE-7OQN97{vAT?$G|JSTn>uaBxKNDVH`ayL)R
zG>Xa(i%7~zclB^JGpO?M@hkN!&hhpu4loW03odu}<+AiHPN~fEt;{vg@Gda1urMnu
z^G_=(sq%6QHP0~eiE_#=PcJG=PAbxN<<hlNC@#*>O-(T}H8r$Uhz$1)%uZJbD9!Y7
z_RjHi^-C$Y%+3r8u6Hdk$+vKHD$jJxHYp9yaS1eW(l5_9a13$e(svIENcFCCvGnrF
z_RR|}Pj*VI49aoKDi8HBa!M)-@Xs{LHTNpZ&37sWSr_3O?_lnyn_iTfSe&YmZt1QU
z6r<p$VCwD>!Da4iR$NsXY3gr~ZJM0UrK_u};9X)E7-CuPnr-QrSLSIM;BT2&Vxpbn
zo8w_z5fYV}=u;f%ksje^nwk^n$(7L>a;CE-Q*PxHX^%sSr;K~Oa*Dg+j<hv53JJDm
zPI`NFijT;toZH2#-^iZ%8tksMYt3xKG>`nfTU-Kre=Suscsk>5=)_xx+nxD1ud9B&
zrx(U4yJ6qe7~woaGlrixbdtQD9eXwHm!QBMiM<RnSUFVmH|?5N#OdwPUREmHQ@CYb
PoMyA<ypmhd-T@Z@r{m#U

diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age
index b0ef183c39e301610cb269a98de8f0305c4535d5..0eff2bd9fdc3617698476bd5896a0828f2e51559 100644
GIT binary patch
literal 821
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTS4EGJpPFKkB^)M<+
zEORc&%_=Uka4rgo3NKD{FL3iPP0Yv%4)rQa42sBiGf47t@#U&8_BA!k$O|y=C@Bbb
z3-_%wO7ss3waiJY2ukrzE-}k0E_I6xDsm5SHbA$nAi|>3C|#i<+`Xu(qSUd%J;T>Y
z+a)<PFD*R9%+fhKGcT&LEV0tm!Xw$+v)suvxSY$-Bh9BG&#chLpt7{ABquGTC^J3F
zG}t#P$~z#lAVj|~IJYD%tTe6MA|2hfDl^woi$I0cEX#Da^q|n7d~?UL0Fyu?CuhUr
zlwj@B&~!uh>`-I3jBq#Kd<%0^!$7X!5bfl0*QC^lu+jj7l)#W8eeH^H<5Jhm(286~
zSF@;$B*#?O0$&49|6+98q5@09{2Ud^oD1BYTn*E5qf(5#os9h~ow8gjgUq6$JPq7Z
z9jk(pvhs{Fg9D4qG7Y%A3w?6RqbwaW!pg(bQ~jL0P25eYQqv8K9gQPh%go9POp>%y
z-Q2xGN&?Ys%Qi~)$SPOR*DeVwHO|a3PfRLx%q;TH&k8Nh%`!^~Of>N|(DyXg_6i9r
zNzyJz&G6-N@(nZhs5FW2H8KqfFAXk_sLUu$@z4);j&zMQHq%eZ^3N`^^v=u6Ffakx
z7O$_XZ<yz#n_iTfSe&X*sTp9I=AFak9A4#@Sy1ejnPpbu81Cfe8k+8JQk0QYk>*?G
z98pkN=<aUFrK_u}5Mq|*r=O*7QCd-vV&WWSUJ#m_@8z6YmR?v<;-g*YYhGNKY3AbY
z>hI>uRa|k>@<*_Z=;RM&PYae=?3q2)S>Dm(-DEZ<|N7U{x4YMMx|B7jEIPPfygBj@
zThz(NxBf2W%etc`y*F~xBIg|&S3kAZdMMqVbX8*yYu_ZzT(5=Y+>dyhS~ooWe@-#!
zMxE*N&mX6ihE3%4o%(C1&ELb#87`$~)LS?DJd%z&lC7)!Wy71@2gEl{JU$%&L9-#P

delta 570
zcmdnW_L^ma>g0Sz_HbXP)GTx3yvoAJqV!;|%>1;7%3@cuWY4UM<WS$Vf}kMJkg(E#
zoT@^PK(4I9pd7D)P!Hb_^T<$N^W;oJ#|Y!JBz=D;x0Ga$JQFX2qzDs#6L&{9gNYx-
z>&r4iN{Wk|D}sX^eGT+8OgxH%OZ-!k%Cj^4%+vhClT5q=BTdSDoip8wxr|G)i}Nad
zl8eke0z3`<yi$ro!a~Em45GCCj4E9tl5_k$EptoKqnyKCxpeImii<OJQ&WsgO${v-
zBEx+Hv(ptqEUJvMGd;?@-24lDBMQ=s>wU64@`_8146;%JvT_Rj-7LMF3*AhMtFn^0
zQc^Mu0>djTlk$!8%sjHpll%hRToMh#j7`hE%rmM&vP`l|jGY`yg1yQ?*7=yIl_te|
zW$UIFr6v}qDnwZ&>s!W`E10_Fx;iUF6~q-QB-TU*`f%mymm4~l`+J#tMflVwl~fp)
zMpcxUdb+u$8|D|KL^)TQg@qMz>FVk#l$e)#yEx^Q6**cO7ZiAe1!-3}<wTX6M@9q{
zl_xrt<mQ*<R2jSYhMSsjF{oYsd|l}Nfh6$=yGGOAb($<4nOpQ9zmrYg@x;7OM16f!
z|FY{M5`2YEiZ|WVWs2Yba9W-cLx``*inD!7SM7c7G(jus0#{L0O<I=6q#eHNZ#=rO
z`Q_iQD!uv{hrPnmV>K1pb_jQfpV%D5?VKR9e!^POg}cmIAO60q8TM@F>V2H6#RBgv
LkBQ^dcIF2F+VIZA


From b7088fe3af48598d6e04f36703ae53a4a631ea21 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 10 Jun 2022 17:15:50 +0200
Subject: [PATCH 2/3] hades: use tmpfs for /tmp

---
 hosts/hades/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix
index 82d2fcb..60ef762 100644
--- a/hosts/hades/default.nix
+++ b/hosts/hades/default.nix
@@ -24,6 +24,8 @@ in {
     devices = [ "/dev/sda" "/dev/sdb" ];
   };
 
+  boot.tmpOnTmpfs = true;
+
   networking.hostName = "hades"; # Define your hostname.
   networking.domain = "alarsyo.net";
 

From 67e0dfb9ca7dd8bc3a0c7d0cd4676ec7d1d5a7a8 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 10 Jun 2022 17:13:30 +0200
Subject: [PATCH 3/3] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/64831f938bd413cefde0b0cf871febc494afaa4f' (2022-05-25)
  → 'github:nix-community/home-manager/70824bb5c790b820b189f62f643f795b1d2ade2e' (2022-06-07)
• Added input 'home-manager/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
• Added input 'home-manager/nmd':
    'gitlab:rycee/nmd/9e7a20e6ee3f6751f699f79c0b299390f81f7bcd' (2022-05-23)
• Added input 'home-manager/nmt':
    'gitlab:rycee/nmt/d83601002c99b78c89ea80e5e6ba21addcfe12ae' (2022-03-23)
• Added input 'home-manager/utils':
    'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26)
  → 'github:NixOS/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/f6c4da49202d79cdab2fdf2bfa3019cde23f007e' (2022-05-29)
  → 'github:NixOS/nixpkgs/a58de450c514aa1bc5a4999f92656ab6b600dc59' (2022-06-10)
---
 flake.lock | 87 +++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 77 insertions(+), 10 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2e21878..f5e8575 100644
--- a/flake.lock
+++ b/flake.lock
@@ -18,6 +18,22 @@
         "type": "github"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1648297722,
@@ -36,16 +52,20 @@
     },
     "home-manager": {
       "inputs": {
+        "flake-compat": "flake-compat",
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "nmd": "nmd",
+        "nmt": "nmt",
+        "utils": "utils"
       },
       "locked": {
-        "lastModified": 1653518057,
-        "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=",
+        "lastModified": 1654628474,
+        "narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64831f938bd413cefde0b0cf871febc494afaa4f",
+        "rev": "70824bb5c790b820b189f62f643f795b1d2ade2e",
         "type": "github"
       },
       "original": {
@@ -89,11 +109,11 @@
     },
     "nixpkgs-unstable-small": {
       "locked": {
-        "lastModified": 1653839487,
-        "narHash": "sha256-UFTixs7vCadS50/J0Q5tIFSeXrDJs7lCKHi+a3V9oVQ=",
+        "lastModified": 1654819923,
+        "narHash": "sha256-s3m3dbCVWw7XAFbkIJyPKtlqgbcDD+2BrBOGTRn0fIw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f6c4da49202d79cdab2fdf2bfa3019cde23f007e",
+        "rev": "a58de450c514aa1bc5a4999f92656ab6b600dc59",
         "type": "github"
       },
       "original": {
@@ -105,11 +125,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1653581809,
-        "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=",
+        "lastModified": 1654682581,
+        "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "83658b28fe638a170a19b8933aa008b30640fbd1",
+        "rev": "e0169d7a9d324afebf5679551407756c77af8930",
         "type": "github"
       },
       "original": {
@@ -119,6 +139,38 @@
         "type": "github"
       }
     },
+    "nmd": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1653339422,
+        "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
+        "owner": "rycee",
+        "repo": "nmd",
+        "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmd",
+        "type": "gitlab"
+      }
+    },
+    "nmt": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1648075362,
+        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
+        "owner": "rycee",
+        "repo": "nmt",
+        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmt",
+        "type": "gitlab"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -128,6 +180,21 @@
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable-small": "nixpkgs-unstable-small"
       }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",