chore: update flake

2026-01-24 15:10:26 +08:00 · 2026-01-24 15:10:26 +08:00 · b4b7997ac5
commit b4b7997ac5
parent 25482857d4
11 changed files with 163 additions and 140 deletions
--- a/flake.lock
+++ b/flake.lock
@ -200,11 +200,11 @@
        "quickshell": "quickshell"
      },
      "locked": {
-        "lastModified": 1768700084,
-        "narHash": "sha256-G/RtxgpF4OHRWy82/MHmEClOq9sBn8tki6K6vCuPZvU=",
+        "lastModified": 1769073714,
+        "narHash": "sha256-vppHLOKWw3ygroSlQ2oZ/evNIeXrBDl7cOPOyXZAh90=",
        "owner": "caelestia-dots",
        "repo": "shell",
-        "rev": "408c523d257f5e22fd95229dd36e76f4b90439a2",
+        "rev": "617f7a19f335be9e975dd001e262794636a6716f",
        "type": "github"
      },
      "original": {
@ -250,11 +250,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768727946,
-        "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=",
+        "lastModified": 1768923567,
+        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f",
+        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
        "type": "github"
      },
      "original": {
@ -679,11 +679,11 @@
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1768776776,
-        "narHash": "sha256-OeoF0vBLezZ0WQDxjpI5OHQskKzeCpOITYJ6XoUDwWg=",
+        "lastModified": 1769140056,
+        "narHash": "sha256-EaC2VOH6BzzzeOFXor9BbesOGgJsCCHw5Nx+BG0IZY4=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "250877eff69ee1f00168a1f5ce9ab5490e29b0dc",
+        "rev": "4acd33954aaeafd414f483ae9c44ba1ae7effe98",
        "type": "github"
      },
      "original": {
@ -699,11 +699,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1767281941,
-        "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
+        "lastModified": 1769069492,
+        "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
+        "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
        "type": "github"
      },
      "original": {
@ -824,11 +824,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768770171,
-        "narHash": "sha256-JPmLGZgdWa8QcQbbtBqyZhpmxIHZ3lUO48laERjw+4k=",
+        "lastModified": 1769132734,
+        "narHash": "sha256-gmU9cRplrQWqoback9PgQX7Dlsdx8JlhlVZwf0q1F7E=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "521d5ea1a229ba315dd1cceaf869946ddcc83d36",
+        "rev": "d055b309a6277343cb1033a11d7500f0a0f669fc",
        "type": "github"
      },
      "original": {
@ -912,11 +912,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1768746153,
-        "narHash": "sha256-H3BxpO76d/SX/qiCzl3bUi352xIkgdqqSb0sJfuv25w=",
+        "lastModified": 1769114016,
+        "narHash": "sha256-eYY8QyE+RY7sa69DZmdbfN2DFfyx3Jk9k/gALAKXi38=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "eb0480ba0d0870ab5d8a876f01c6ab033a4b35f4",
+        "rev": "64db62d7e2685d62cbab51a1a7cb7f2cf38a1b32",
        "type": "github"
      },
      "original": {
@ -1290,11 +1290,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1767030222,
+        "lastModified": 1768701608,
        "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f",
+        "rev": "20d63a8a1ae400557c770052a46a9840e768926b",
        "type": "github"
      },
      "original": {
@ -1332,11 +1332,11 @@
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1768781101,
-        "narHash": "sha256-p3guh/Vx4Pf+Ggk3X69SPTJot6emv6rgKpoBLNO61Ag=",
+        "lastModified": 1769126721,
+        "narHash": "sha256-vMWf9C4LK2fshCKgUYGR0fn4/3qg2/sWyFILv4YYTB8=",
        "owner": "nix-community",
        "repo": "neovim-nightly-overlay",
-        "rev": "e90cb6d441572fc05ffb8769051d59f1d2d3269e",
+        "rev": "7c77dcce004c0845da25e0fe9a6c8b11bd46e614",
        "type": "github"
      },
      "original": {
@ -1348,11 +1348,11 @@
    "neovim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1768778690,
-        "narHash": "sha256-XrWZBeH0GnvnQzE9Xmm69sesSGB2h5uVLuTmLA7k1p0=",
+        "lastModified": 1769125444,
+        "narHash": "sha256-KOVSBncEUsn5ZqbkaDo5GhXWCoKqdZGij/KnLH5CoVI=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "30259d6af79e731491e6b12d815893b1b130b52b",
+        "rev": "c39d18ee939cba5f905416fcc97661b1836f4de4",
        "type": "github"
      },
      "original": {
@ -1373,11 +1373,11 @@
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
-        "lastModified": 1768767453,
-        "narHash": "sha256-Omq1UHEJ1oxkTo2j8l6qQtmyPR7Uj+k7HC5Khd3jVVA=",
+        "lastModified": 1769095293,
+        "narHash": "sha256-GPlRdJ7LVLyabpJ2tDA9Bj5em9wi3mKXeedIDl7+LWs=",
        "owner": "sodiboo",
        "repo": "niri-flake",
-        "rev": "8eab7c21ef4edc97cc56ddb8e76a842e0818d6d7",
+        "rev": "180bdbbc91c89f540a52d2b31c8c08116c53b91f",
        "type": "github"
      },
      "original": {
@ -1492,11 +1492,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768357481,
-        "narHash": "sha256-LpOWVXsHx20x8eRIhn23Q0icmV3Z6ZeFpAPzEqldXFk=",
+        "lastModified": 1768962252,
+        "narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "f888492aa1a1eeb0114cf78af40d44e8300e002e",
+        "rev": "433cf697394104123e1fd02fa689534ac1733bfa",
        "type": "github"
      },
      "original": {
@ -1613,11 +1613,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1768621446,
-        "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
+        "lastModified": 1768940263,
+        "narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
+        "rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03",
        "type": "github"
      },
      "original": {
@ -1674,11 +1674,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1768661221,
-        "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
+        "lastModified": 1768875095,
+        "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
+        "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
        "type": "github"
      },
      "original": {
@ -1706,11 +1706,11 @@
    },
    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1768661221,
-        "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
+        "lastModified": 1768875095,
+        "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
+        "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
        "type": "github"
      },
      "original": {
@ -1738,11 +1738,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1763806073,
-        "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=",
+        "lastModified": 1768875095,
+        "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "878e468e02bfabeda08c79250f7ad583037f2227",
+        "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
        "type": "github"
      },
      "original": {
@ -1759,11 +1759,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768785620,
-        "narHash": "sha256-ZhhZNA3romjb3ukC3cKnEhzv2GQDIMIComwtXpCqVCY=",
+        "lastModified": 1769145612,
+        "narHash": "sha256-uHtKorr5FamlD/WXSs7gJYYcsO9EGlVJhY/V4n4HmW4=",
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
-        "rev": "cf2e02c6e9bf9f38d3e3787c6afe7d83f169ed5c",
+        "rev": "e4729d9b92346f86eeaccc6063506684575ea9ea",
        "type": "github"
      },
      "original": {
@ -1809,11 +1809,11 @@
        "systems": "systems_8"
      },
      "locked": {
-        "lastModified": 1768464392,
-        "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=",
+        "lastModified": 1769111313,
+        "narHash": "sha256-2IU9TOe7BBG145mftfQW2aYxXxQd2YHfv8V1qTMFkmY=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "007f14a2c8d67568f4655654b401871920d73011",
+        "rev": "bebdddb5719ec2c3f86b0168a785d1a2aee1d857",
        "type": "github"
      },
      "original": {
@ -1974,11 +1974,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768791178,
-        "narHash": "sha256-ZVqH14w7y40DEQOghli1c28NopVNFk1MNNRzEIwMa6M=",
+        "lastModified": 1769136478,
+        "narHash": "sha256-8UNd5lmGf8phCr/aKxagJ4kNsF0pCHLish2G4ZKCFFY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "3941028eccc4d981f75c933786e1fd95b71024f1",
+        "rev": "470ee44393bb19887056b557ea2c03fc5230bd5a",
        "type": "github"
      },
      "original": {
@ -1995,11 +1995,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763952169,
-        "narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=",
+        "lastModified": 1769091129,
+        "narHash": "sha256-Jj/vIHjiu4OdDIrDXZ3xOPCJrMZZKzhE2UIVXV/NYzY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "ab726555a9a72e6dc80649809147823a813fa95b",
+        "rev": "131e22d6a6d54ab72aeef6a5a661ab7005b4c596",
        "type": "github"
      },
      "original": {
@ -2013,11 +2013,11 @@
        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
-        "lastModified": 1768709255,
-        "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=",
+        "lastModified": 1768863606,
+        "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9",
+        "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
        "type": "github"
      },
      "original": {
@ -2423,11 +2423,11 @@
        "rust-overlay": "rust-overlay_4"
      },
      "locked": {
-        "lastModified": 1768756095,
-        "narHash": "sha256-5YO/8LTVhUFJ4jJMuJtgE3oGGD0D7aR0fcfHEKvQmTo=",
+        "lastModified": 1769095881,
+        "narHash": "sha256-BZktPXn+8vyFyHapvW+9nepFsWRW/XBtdBcnLKrCNCw=",
        "owner": "sxyazi",
        "repo": "yazi",
-        "rev": "ca4cc594136e313b47f8da0f3699b7ea9699a959",
+        "rev": "4e0acf8cbfcd66924af38a9418d3e12dc31a7316",
        "type": "github"
      },
      "original": {
@ -2446,11 +2446,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768788372,
-        "narHash": "sha256-TTEB3amVrXNX5AmIj7Bb8Dp2W8BOD73GbW8p5uH8kQI=",
+        "lastModified": 1769059766,
+        "narHash": "sha256-u95Qe60mF3eoEqrd0tIej4A8TDWoc/N4ZjZ60npplgw=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "756b3eff6a629b70ea971b8a1819f22bc3789730",
+        "rev": "dc0483a6e3ff1ffb04ad77d26c1a4458f4cf82d6",
        "type": "github"
      },
      "original": {
--- a/pkgs/overlays/default.nix
+++ b/pkgs/overlays/default.nix
@ -1,5 +1,6 @@
 [
  (import ./vesktop.nix)
+  (import ./proton-dw-bin.nix)
  # (import ./powerdns-admin.nix)
  # (import ./stalwart-mail)
 ]
--- a/pkgs/overlays/proton-dw-bin.nix
+++ b/pkgs/overlays/proton-dw-bin.nix
@ -0,0 +1,41 @@
+final: prev: {
+  proton-dw-bin =
+    let
+      steamDisplayName = "Proton DW";
+    in
+    final.pkgs.stdenv.mkDerivation (finalAttrs: rec {
+      pname = "dwproton";
+      version = "10.0-14";
+
+      src = final.pkgs.fetchzip {
+        url = "https://dawn.wine/dawn-winery/dwproton/releases/download/${pname}-${finalAttrs.version}/${pname}-${finalAttrs.version}-x86_64.tar.xz";
+        hash = "sha256-5fDo7YUPhp0OwjdAXHfovSuFCgSPwHW0cSZk9E+FY98=";
+      };
+
+      dontUnpack = true;
+      dontConfigure = true;
+      dontBuild = true;
+
+      outputs = [
+        "out"
+        "steamcompattool"
+      ];
+
+      installPhase = ''
+        runHook preInstall
+        echo "${finalAttrs.pname} should not be installed into environments. Please use programs.steam.extraCompatPackages instead." > $out
+
+        mkdir $steamcompattool
+        ln -s $src/* $steamcompattool
+        rm $steamcompattool/compatibilitytool.vdf
+        cp $src/compatibilitytool.vdf $steamcompattool
+
+        runHook postInstall
+      '';
+
+      preFixup = ''
+        substituteInPlace "$steamcompattool/compatibilitytool.vdf" \
+          --replace-fail "${finalAttrs.pname}-${finalAttrs.version}-x86_64" "${steamDisplayName}"
+      '';
+    });
+}
--- a/system/dev/dn-pre7780/default.nix
+++ b/system/dev/dn-pre7780/default.nix
@ -55,6 +55,7 @@ in
    ../../modules/shells/noctalia
    ../../modules/sunshine.nix
    ../../modules/secure-boot.nix
+    ../../modules/card-reader.nix
  ];

  # Live Sync D
--- a/system/dev/dn-pre7780/home/default.nix
+++ b/system/dev/dn-pre7780/home/default.nix
@ -6,7 +6,7 @@
 }:
 let
  inherit (helper) getMonitors;
-  inherit (builtins) elemAt;
+  inherit (builtins) elemAt length;
  inherit (config.networking) hostName;
  inherit (config.systemConf) username;
  inherit (lib) optionalString mkForce;
@ -24,7 +24,11 @@ in
    let
      monitors = getMonitors hostName config;
      mainMonitor = (elemAt monitors 0).criteria;
-      secondMonitor = (elemAt monitors 1).criteria;
+      secondMonitor =
+        let
+          index = if (length monitors) > 1 then 1 else 0;
+        in
+        (elemAt monitors index).criteria;
      mainMonitorSwayFormat = "desc:ASUSTek COMPUTER INC - ASUS VG32VQ1B";
    in
    {
@ -58,6 +62,18 @@ in
            }
          ];
        }
+        {
+          profile.name = "AcerOnly";
+          profile.outputs = [
+            {
+              criteria = "Acer Technologies XV272U V3 1322131231233";
+              mode = "2560x1440@179.876999Hz";
+              position = "0,0";
+              transform = "normal";
+              scale = 1.0;
+            }
+          ];
+        }
      ];

      programs.ghostty.settings = {
--- a/system/dev/dn-server/network/services.nix
+++ b/system/dev/dn-server/network/services.nix
@ -7,11 +7,10 @@
 let
  inherit (builtins) concatStringsSep;
  inherit (config.systemConf) security domain;
-  inherit (lib) mkForce optionalString;
+  inherit (lib) mkForce;
  inherit (helper.nftables) mkElementsStatement;

  netbirdCfg = config.services.netbird;
-  netbirdRange = "100.64.0.0/16";

  ethInterface = "enp0s31f6";
  sshPorts = [ 30072 ];
@ -36,7 +35,6 @@ let
  allowedSSHIPs = concatStringsSep ", " [
    "122.117.215.55"
    "192.168.100.1/24"
-    netbirdRange
    personal.range
  ];

@ -221,50 +219,41 @@ in
            }

            chain input {
-              type filter hook input priority 0; policy drop;
+              type filter hook input priority -10; policy drop;

              iif lo accept
-
-              meta nftrace set 1
              meta l4proto { icmp, ipv6-icmp } accept
-
              ct state vmap { invalid : drop, established : accept, related : accept }

-              # Allow Incoming DNS qeury
-              udp dport 53 accept
-              tcp dport 53 accept
-
              tcp dport { ${sshPortsString} } jump ssh-filter

-              # Allow Netbird UDP
-              udp dport { ${toString netbirdCfg.clients.wt0.port} } accept
-              iifname ${netbirdCfg.clients.wt0.interface} accept
-              iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port}  } accept
-              iifname ${infra.interface} ip saddr ${infra.range} accept
-              iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet
-
-              drop
+              iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept
            }

            chain output {
-              type filter hook output priority 0; policy drop;
+              type filter hook output priority -10; policy drop;

              iif lo accept
+              ct state vmap { invalid : drop, established : accept, related : accept }
+
+              # Time Sync
+              meta skuid ${toString config.users.users.systemd-timesync.uid} accept
+
+              # VPN
+              oifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept

              # Allow DNS qeury
              udp dport 53 accept
              tcp dport 53 accept

-              # Allow UDP hole punching
-              ${optionalString (
-                netbirdCfg.clients ? wt0
-              ) "udp sport ${toString netbirdCfg.clients.wt0.port} accept"}
+              # UDP Hole Punching
+              meta mark 0x1bd00 accept

-              meta skuid ${toString config.users.users.systemd-timesync.uid} accept
+              # DHCP
+              udp sport 68 udp dport 67 accept

-              ct state vmap { invalid : drop, established : accept, related : accept }
+              # Allowed IPs
              ip saddr != @restrict_source_ips accept
-
              ip daddr @${security.rules.setName} accept
              ip6 daddr @${security.rules.setNameV6} accept

@ -272,27 +261,10 @@ in
            }

            chain ssh-filter {
-              ip saddr { ${allowedSSHIPs} } accept
-              counter reject
-            }
+              iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } tcp dport { ${sshPortsString} } accept
+              ip saddr { ${allowedSSHIPs} } tcp dport { ${sshPortsString} } accept

-            chain forward {
-              type filter hook forward priority 0; policy drop;
-
-              meta l4proto { icmp, ipv6-icmp } accept
-
-              ct state vmap { invalid : drop, established : accept, related : accept }
-
-              iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet
-              iifname ${infra.interface} ip saddr ${infra.ip} accept
-
-              counter
-            }
-
-            chain wg-subnet {
-              ip saddr ${personal.full} accept
-              ip saddr ${personal.restrict} ip daddr ${personal.range} accept
-              counter drop
+              counter log prefix "SSH-DROP: " flags all drop
            }

            chain postrouting {
--- a/system/dev/dn-server/services/mail-server.nix
+++ b/system/dev/dn-server/services/mail-server.nix
@ -18,6 +18,7 @@ in
    "api.docker.com"
    "cdn.segment.com"
    "api.segment.io"
+    "sa-update.surbl.org"
  ];

  mail-server =
--- a/system/dev/dn-server/services/metrics.nix
+++ b/system/dev/dn-server/services/metrics.nix
@ -10,6 +10,7 @@ let
  inherit (lib) optionalAttrs optional;
  inherit (config.networking) hostName domain;

+  oidcEndpoint = "https://${config.services.keycloak.settings.hostname}/realms/master";
  grafanaHostname = "grafana.${domain}";
  prometheusHostname = "metrics.${domain}";

@ -118,13 +119,13 @@ in
      extraSettings = {
        "auth.generic_oauth" =
          let
-            OIDCBaseUrl = "https://keycloak.net.dn/realms/master/protocol/openid-connect";
+            OIDCBaseUrl = "${oidcEndpoint}/protocol/openid-connect";
          in
          {
            enabled = true;
            allow_sign_up = true;
            client_id = "grafana";
-            client_secret = ''$__file{${config.sops.secrets."grafana/client_secret".path}}'';
+            client_secret = "$__file{${config.sops.secrets."grafana/client_secret".path}}";
            scopes = "openid email profile offline_access roles";
            email_attribute_path = "email";
            login_attribute_path = "username";
--- a/system/dev/dn-server/sops/secret.yaml
+++ b/system/dev/dn-server/sops/secret.yaml
@ -41,7 +41,7 @@ postsrsd:
    secret: ENC[AES256_GCM,data:JZNwSymEjIFb8h3gnvFajxSaNYRxjA/NUruA4WX+uSqX0ufVcbVWgxQTr7U=,iv:ydGnCESCLbwyGKc+5witXDkT3OgW27LKen7PkqUL6mU=,tag:M3RGI6LgU5n2e6ZiXxTFfQ==,type:str]
 grafana:
    password: ENC[AES256_GCM,data:tySP1+vHkd+meSunzjE=,iv:09F8yEGw4j1Jd0HXDQyHbFxsr3Vg23mvWF5eZkU2KU8=,tag:6fmS38VUgNBNbo2BzxBuGA==,type:str]
-    client_secret: ENC[AES256_GCM,data:abk55RRC57xGiEpaBby0Drk4XS1+7INVie8wrpEg0XE=,iv:qywQIHIpgaS2pUcW1Uau//JU6UdMY52EVYCjhmnWJt4=,tag:fI01k/1nIqEXuPi90A00jQ==,type:str]
+    client_secret: ENC[AES256_GCM,data:bi1GSA2MSBQRTojgvmOvufjax/hathnXrPbnEF27SQc=,iv:IpzcIDWlgn5jfpA+ZRjji65AonarNjSzYRcfEzLxws8=,tag:ViEN0+67xFcpJ4Gl3blf8Q==,type:str]
 prometheus:
    powerdns:
        password: ENC[AES256_GCM,data:eliVy2619cZ/w/QOnayBt04ilCkXAXzck/RYr/c9oJEgirnqH1kATWJix3VzYng0/9yhGloOUHCm+jF3xOP6Uw==,iv:UI7UuJYJizYCO0ReC4SEPgmdPJNUnNuxgvkrhB1o/EQ=,tag:hEpJ64NcyaWl/e7KalOfGg==,type:str]
@ -94,7 +94,7 @@ sops:
            OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK
            9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-19T10:14:12Z"
-    mac: ENC[AES256_GCM,data:d9OAnjstk72GOnKqyDw2qbNfZho0mdqAMSQ4xH903b1COmgIn4MsqWiCzDJ5k6RxLE4wfCAPvn8JA+cXiox6/xctqfyqLoWN4fp2Q40IHjbA3mQGalwywRgmga74PVe3gJPZ7H8PJncN0TdU29A/lGcUtjCkAqjBuFS4e7wbQfA=,iv:e6aG+plaSDtaiqglY5S1svE/XZfs7n9dhSNCiB5pdTs=,tag:BsGItrtDVFF2kXgwE1zaFA==,type:str]
+    lastmodified: "2026-01-20T06:31:45Z"
+    mac: ENC[AES256_GCM,data:ad8EP8zk6mxlmMZaEijW0NWF72y2EikJPct7qxiCp6/sWGKKrGv8mRnC1zahgpRqpGR0jZKQ8Ot204EdGrJF9WI03+ZB9GgKi9ipQvXlGOCJq6m/Mp6WygI2hFAzRKCeoPqAPjVQxQ3Ctt/WEYXzvEp7CIKUq7WD6gTEFk6FDg0=,iv:20rJb79QnUW0DFbXTr0XXjiXjm7bK0CVs4oVan5SAKw=,tag:+mnMTBYQ1fhwe/abwGYNOA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/system/modules/card-reader.nix
+++ b/system/modules/card-reader.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  services.pcscd = {
+    enable = true;
+    plugins = with pkgs; [ ccid ];
+  };
+}
--- a/system/modules/gaming.nix
+++ b/system/modules/gaming.nix
@ -27,27 +27,10 @@ in
      protontricks.enable = true;
      gamescopeSession.enable = true;
      extest.enable = true;
-      extraCompatPackages =
-        with pkgs;
-        let
-          proton-ge-10-25 =
-            (proton-ge-bin.overrideAttrs (
-              _: finalAttrs: {
-                pname = "proton-ge-bin";
-                version = "GE-Proton10-25";
-
-                src = fetchzip {
-                  url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${finalAttrs.version}/${finalAttrs.version}.tar.gz";
-                  hash = "sha256-RKko4QMxtnuC1SAHTSEQGBzVyl3ywnirFSYJ1WKSY0k=";
-                };
-              }
-            )).override
-              { steamDisplayName = "GE-Proton10-25"; };
-        in
-        [
-          proton-ge-bin
-          proton-ge-10-25
-        ];
+      extraCompatPackages = with pkgs; [
+        proton-ge-bin
+        proton-dw-bin
+      ];
      remotePlay.openFirewall = true;
      dedicatedServer.openFirewall = true;
      localNetworkGameTransfers.openFirewall = true;