From c0555b6b75468be7216f04dda41f5c940318ede6 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Fri, 6 Mar 2026 00:29:06 -0600
Subject: [PATCH 1/8] nix (corianne): only run gc every 90d

---
 systems/darwin/corianne.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index a029992..86a1c0a 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -32,7 +32,7 @@ in {
       automatic = true;
       interval = { Weekday = 1; };
       options = ''
-        --delete-older-than 14d
+        --delete-older-than 90d
       '';
     };
     # Needed for rosetta-builder, see

From b81a8f1e721f1f68846411afc95a57d935c2fd9f Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sun, 8 Mar 2026 23:51:33 -0500
Subject: [PATCH 2/8] fix: Revert to prebuilt julia-bin in nixpkgs-darwin

---
 flake.lock | 50 +++++++++++++++++++++++++-------------------------
 flake.nix  |  4 +++-
 2 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5ffff1e..43c20a6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770260404,
-        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
+        "lastModified": 1772985280,
+        "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
+        "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767634391,
-        "narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=",
+        "lastModified": 1772129556,
+        "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2",
+        "rev": "ebec37af18215214173c98cf6356d0aca24a2585",
         "type": "github"
       },
       "original": {
@@ -112,11 +112,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1771208521,
-        "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=",
+        "lastModified": 1772822230,
+        "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8",
+        "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96",
         "type": "github"
       },
       "original": {
@@ -128,27 +128,27 @@
     },
     "nixpkgs-darwin": {
       "locked": {
-        "lastModified": 1771352457,
-        "narHash": "sha256-CCItBNMyLmtWqxTVaDAeeaIigbuaiZuN3WO8PZNkGBc=",
+        "lastModified": 1766129819,
+        "narHash": "sha256-crNRwvsbH2XSV8IwBjX6Tm+uWmYwhYyRuNVJ9/ZwlmA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f8a68d8ce473ec59300d9fb510a1b545c1290939",
+        "rev": "eedcb27bf99430e51f83d896cd1149b828290d20",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixpkgs-25.11-darwin",
         "repo": "nixpkgs",
+        "rev": "eedcb27bf99430e51f83d896cd1149b828290d20",
         "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1771177547,
-        "narHash": "sha256-trTtk3WTOHz7hSw89xIIvahkgoFJYQ0G43IlqprFoMA=",
+        "lastModified": 1772771118,
+        "narHash": "sha256-xWzaTvmmACR/SRWtABgI/Z97lcqwJAeoSd5QW1KdK1s=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ac055f38c798b0d87695240c7b761b82fc7e5bc2",
+        "rev": "e38213b91d3786389a446dfce4ff5a8aaf6012f2",
         "type": "github"
       },
       "original": {
@@ -166,11 +166,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771425294,
-        "narHash": "sha256-owiQE9oINf1cgaulbrr2sMjelk2cmR8rkxLRPYYL6Kg=",
+        "lastModified": 1773029295,
+        "narHash": "sha256-xmHhVHbaA5hR3dCEoGwqAgL6HTTJ0KEMRUTLdJuVtGM=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "242d44cd6af365da2dfa77422263b29d0ac9f39f",
+        "rev": "bf45b24de2134f1488f7a6c135f4b0420ccec6fe",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770766818,
-        "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
+        "lastModified": 1772361940,
+        "narHash": "sha256-B1Cz+ydL1iaOnGlwOFld/C8lBECPtzhiy/pP93/CuyY=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "44b928068359b7d2310a34de39555c63c93a2c90",
+        "rev": "a4b33606111c9c5dcd10009042bb710307174f51",
         "type": "github"
       },
       "original": {
@@ -240,11 +240,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1771301023,
-        "narHash": "sha256-0XauSmXBLOqn8SYHRWOL7Z9O7m5qtF0Yw6rqXVHkEnw=",
+        "lastModified": 1773028978,
+        "narHash": "sha256-4BjOTYhHP8ljHShQyZ1gUIdwgSLjvaGN2ueKfqp6CQk=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "1cf8b4f42720573ef35dcd7d2ba0fd80e40954e9",
+        "rev": "a6ed037ffc0b50a9bd0c92e20e31f270a03ca1e3",
         "type": "gitlab"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 3b4f7b7..21bbcca 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,7 +4,9 @@
   inputs = {
     # Specify the source of Home Manager and Nixpkgs.
     nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin";
+    # Revert to a cached version of Julia for aarch64-darwin
+    nixpkgs-darwin.url =
+      "github:nixos/nixpkgs/eedcb27bf99430e51f83d896cd1149b828290d20";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
 
     # Inputs for both darwin and linux systems

From e693e4c4c325d2203d658d6aeecfabd596cf9877 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sun, 8 Mar 2026 23:52:08 -0500
Subject: [PATCH 3/8] nix (corianne): add cachix binary cache

---
 systems/darwin/corianne.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index 86a1c0a..ce15646 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -35,6 +35,14 @@ in {
         --delete-older-than 90d
       '';
     };
+    settings = {
+      substituters =
+        [ "https://nix-community.cachix.org" "https://cache.nixos.org/" ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+
     # Needed for rosetta-builder, see
     # <https://github.com/cpick/nix-rosetta-builder/issues/40#issuecomment-3368602687>
     # <https://github.com/cpick/nix-rosetta-builder/issues/37>

From 847da998eecc34eb302b0da2fa52e7b265776a9d Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sun, 8 Mar 2026 23:52:44 -0500
Subject: [PATCH 4/8] brew (corianne): Remove deprecated taps

---
 systems/darwin/corianne.nix | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index ce15646..786353c 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -192,15 +192,7 @@ in {
       no_quarantine = true;
 
     };
-    taps = [
-      "homebrew/services"
-      {
-        name = "millironx/millironx";
-        clone_target =
-          "https://code.millironx.com/millironx/homebrew-millironx.git";
-      }
-      "r-lib/rig"
-    ];
+    taps = [ "r-lib/rig" ];
     brews = [
       "borgbackup/tap/borgbackup-fuse"
       "buildkit"

From cf14f71bba0f40cde0826895fd191b136e8ec9c6 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sun, 8 Mar 2026 23:53:02 -0500
Subject: [PATCH 5/8] brew (corianne): Add dash cask

---
 systems/darwin/corianne.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index 786353c..40d240b 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -207,6 +207,7 @@ in {
     ];
     casks = [
       "alt-tab"
+      "dash"
       "db-browser-for-sqlite"
       "firefox"
       "inkscape"

From 99f1ed322e1a3ff5531bd50a641334b464c2d17b Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sun, 8 Mar 2026 23:54:44 -0500
Subject: [PATCH 6/8] config (zed): add nixd home-manager integration

---
 programs/zed.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/programs/zed.nix b/programs/zed.nix
index 8b4fc69..1aceb66 100644
--- a/programs/zed.nix
+++ b/programs/zed.nix
@@ -59,6 +59,10 @@
       };
       lsp = {
         nil = { settings.nix.flake.autoArchive = true; };
+        nixd = {
+          settings.options.home-manager.expr =
+            "(builtins.getFlake (builtins.toString ./.)).homeConfigurations.<name>.options";
+        };
         texlab = {
           settings = {
             build = {

From 6a575d7cb5fb58f5fec28d0143ca6202200946ad Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Thu, 19 Mar 2026 09:12:05 -0500
Subject: [PATCH 7/8] fix (fireflyiii): Correct secrets service

---
 services/fireflyiii.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/fireflyiii.nix b/services/fireflyiii.nix
index 4d2f24d..5174cc2 100644
--- a/services/fireflyiii.nix
+++ b/services/fireflyiii.nix
@@ -80,7 +80,7 @@ in {
     virtualisation.quadlet = let
       inherit (config.virtualisation.quadlet) containers;
       inherit (config.virtualisation.quadlet) networks;
-      secrets = osConfig.millironx.podman-secrets.freshrss;
+      secrets = osConfig.millironx.podman-secrets.fireflyiii;
     in {
       autoUpdate.enable = true;
       autoEscape = true;

From 10652a8f4cc05e79365ec5d4cfccd485934dc734 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Thu, 19 Mar 2026 10:46:33 -0500
Subject: [PATCH 8/8] feat (mcentire): add Vaultwarden service

---
 secrets.nix                  |   2 +
 secrets/vaultwarden.toml.age | Bin 0 -> 1341 bytes
 services/vaultwarden.nix     | 125 +++++++++++++++++++++++++++++++++++
 systems/linux/mcentire.nix   |   1 +
 4 files changed, 128 insertions(+)
 create mode 100644 secrets/vaultwarden.toml.age
 create mode 100644 services/vaultwarden.nix

diff --git a/secrets.nix b/secrets.nix
index d6effcc..667dd30 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -48,4 +48,6 @@ in {
     ++ [ bosephus-host ];
   "secrets/redis-password.age".publicKeys = system-administrators
     ++ [ mcentire-host ];
+  "secrets/vaultwarden.toml.age".publicKeys = system-administrators
+    ++ [ mcentire-host ];
 }
diff --git a/secrets/vaultwarden.toml.age b/secrets/vaultwarden.toml.age
new file mode 100644
index 0000000000000000000000000000000000000000..b60bcd255207f7df221fe8e394113d5ecc77114d
GIT binary patch
literal 1341
zcmZ9}SyK}S003ZHJ5!8Bt)o<`g-B75hzU726k(QRb8M2$Cgj?*sJV8-W|JkyZVp=Q
z6mSX@t7vtgwQ4=aW2}Nsy+`o2+Hs~RB8XPy>Y=t?Ee>PbXMVx=@VN+Ip)cf#B&%ap
zbZ7}3A^2<&r?8Y8jrt3HUZF%%B<EI9A}VF#CJaULlsp-bxKOFngL);fo{~99v|3>j
zN-S8y>BpQry9UD529ARf*@S9{k)w7SPa$VaAZ^7-eM)2I5jcaAF{6|WM#8KbFig~n
z2!0|S=SDQuj(|u-8{H(t*bRxWn>L2UZdPV;(a{K24O?N4+@uM{RVI!ZVUv7Wz$zB;
z*&va!VP+?-h#?h#ljjjrn9OJpg)Ms84jDZYHLqLe)5N(*FdW4|F{`0qXE;u|6{@H@
z<OTe0Wdf2?@+9pd!mb#Vs!$3zk)X?lm<2uurIf~;h#muhXiSd#jkp>k4GhUbm=0u;
zkpLQ>sENX8j3Kz7M+o@5lJasK)_^FVBxpcM=)yD-6X+rpN`6!z7n3rzpEj8|)nL$P
z7LpE0RLV~g5GGUOMOv%DuCc%%qw|WRVqsVsz(dulz(h@DHnCceE28}*--@Ih78#`!
zfDR#S<NH#{n1a!(;|a>lXGNr*4^)MO5JzkD$JvP4X;3;apO(kyOcoCjDHmHoC;(Xy
z3P@VLP8Lon1%inhPa&|I39dwrdW}IZYK*wCl-~i#5T7hj5w*k!7z;_YF1AWa>iyD)
zOo?$cm;@2Z;#vV_vEiyXjL>4(06~<}WY#Bi2;YK6bwM0K0_6~=u&|JeMRXoFDKx7=
zZ8b_sfDrER09qksHN*c;$SW{BtOj*4HS7~}8qXWQb#3n${j5N`QPB5Y`kZ3ntm_$y
z9ealDJ45)s!j(wH&j2EOx$URKRlwU|8)TA!)L3G{?k*~C*ACl?HNT$RHdJ4ew>>xK
z{FU9jDaw*5xx<yA_SUWczQm`V-d3aENXILVW;uGgR(91-<GofoJ0$7fe?vPRot@u5
z8_4|PE}JWAy0GMPz2ajKSh22m<U`wxS&t0Cx|LN&f7leAQ&5T?J2lYpXnarFk@7R2
zwj5vlWS{1YWxaLN^#R$bhpodIQ!nYZJl|ht<6Z#lzc4N5$0j$9jL8KjnC+#!erDCv
ztbaIdpn9zWK&}z})0Uf;9;&_l#z|r2E&0K}pEdn8v%r0TyQ-^hGH|~E#w;&OTGprU
zeMjiiv<LeRUe5z(4mNbVe!SLGyx^<~@7c2At8*Q@mh~-c<6W%ly|tz}Jr{3c^Isj#
zcBfxzU7qvc>begGI%<1F3;%qwb<*kjoYL;H^hNiVS;|Z|rk`u7vdbF}Czj^lyxi2@
z&FSbL$_{;b_G#tsS6|;SCYjs38p>KfUHKk*sC|CR=7EB>&5BJQm3W|DV`k;sU*Ej)
zeOvuKQO#P(ythR2CzT4)Mrx0RJ4aK^$EP$bJ#qP7NB5gF@l2o_YAv=r%+Ajqy}797
zPTT0}vaDzGY#B)S#)E6*IG-IUjSoIl@5)nVw&s=$K0dHBZM^nQj9t9-llSlL{;g?7
z-HUkkX0UFov;4xl(}srTcJ_fpRZrR<w}<mHFTyk1JdCc>_sDEc8`nIJozy&i<rt4z
f_cor|ImvHK*5|+x;WxeA^UM2GN7xq|o@e|A=4}=$

literal 0
HcmV?d00001

diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix
new file mode 100644
index 0000000..42a87cd
--- /dev/null
+++ b/services/vaultwarden.nix
@@ -0,0 +1,125 @@
+{ config, pkgs, home-manager-quadlet-nix, ... }:
+let
+  user = "vaultwarden";
+  port = "92858";
+  containerPort = port;
+  authentikPort = "9000";
+  stateDirectory = "/var/lib/${user}";
+  servicePaths = [ "data" ];
+  databasePaths = [ "database" ];
+in {
+  age.secrets."vaultwarden.toml" = {
+    file = ./../secrets/vaultwarden.toml.age;
+    owner = user;
+  };
+
+  millironx.podman-secrets.vaultwarden = {
+    inherit user;
+    secrets-files = [ config.age.secrets."vaultwarden.toml".path ];
+  };
+
+  systemd.tmpfiles.rules =
+    map (d: "d ${stateDirectory}/${d} 1775 ${user} ${user} -")
+    ([ "" ] ++ servicePaths ++ databasePaths);
+
+  services.borgmatic.configurations."${config.networking.hostName}" = {
+    source_directories = map (d: "${stateDirectory}/${d}") servicePaths;
+    postgresql_databases = [{
+      name = user;
+      psql_command =
+        "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db psql --username=${user}";
+      pg_dump_command =
+        "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db pg_dump --username=${user}";
+      pg_restore_command =
+        "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db pg_restore --username=${user}";
+    }];
+  };
+
+  services.caddy.virtualHosts."vault.millironx.com".extraConfig = ''
+    reverse_proxy http://127.0.0.1:${port}
+  '';
+
+  users.users."${user}" = {
+    group = user;
+    isNormalUser = true;
+    home = stateDirectory;
+    createHome = true;
+    linger = true;
+    autoSubUidGidRange = true;
+  };
+  users.groups."${user}" = { };
+
+  home-manager.users."${user}" = { config, osConfig, ... }: {
+    imports = [ home-manager-quadlet-nix ];
+
+    home.stateVersion = "25.05";
+
+    virtualisation.quadlet = let
+      inherit (config.virtualisation.quadlet) containers;
+      inherit (config.virtualisation.quadlet) networks;
+      secrets = osConfig.millironx.podman-secrets.vaultwarden;
+    in {
+      autoUpdate.enable = true;
+      autoEscape = true;
+
+      networks."${user}" = { };
+
+      containers = {
+        "${user}-db" = {
+          autoStart = true;
+          containerConfig = {
+            image = "docker.io/library/postgres:16";
+            environments = {
+              POSTGRES_DB = user;
+              POSTGRES_USER = user;
+            };
+            secrets = [
+              "POSTGRES_PASSWORD,type=env"
+              "POSTGRES_PASSWORD,type=env,target=PGPASSWORD"
+            ];
+            healthCmd = "pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}";
+            healthInterval = "30s";
+            healthRetries = 5;
+            healthStartPeriod = "20s";
+            volumes =
+              [ "${stateDirectory}/database:/var/lib/postgresql/data:U" ];
+            networks = [ networks."${user}".ref ];
+          };
+          unitConfig.Requires = [ secrets.ref ];
+          unitConfig.After = [ secrets.ref ];
+        };
+
+        "${user}" = {
+          autoStart = true;
+          containerConfig = {
+            image = "ghcr.io/dani-garcia/vaultwarden:latest";
+            environments = {
+              DOMAIN = "https://vault.millironx.com";
+              ROCKET_PORT = port;
+              SIGNUPS_ALLOWED = "false";
+              SMTP_FROM_NAME = "Milliron X Vault";
+            };
+            secrets = map (s: "${s},type=env") [
+              "ADMIN_TOKEN"
+              "DATABASE_URL"
+              "SMTP_FROM"
+              "SMTP_HOST"
+              "SMTP_PORT"
+              "SMTP_PASSWORD"
+              "SMTP_USERNAME"
+              "YUBICO_CLIENT_ID"
+              "YUBICO_SECRET_KEY"
+            ];
+            volumes = [ "${stateDirectory}/data:/data:U" ];
+            networks = [ networks."${user}".ref ];
+            publishPorts = [ "127.0.0.1:${port}:${containerPort}" ];
+          };
+          unitConfig.Requires = [ secrets.ref containers."${user}".ref ];
+          unitConfig.After = [ secrets.ref containers."${user}".ref ];
+        };
+      };
+    };
+
+  };
+
+}
diff --git a/systems/linux/mcentire.nix b/systems/linux/mcentire.nix
index 94c4bd6..cf01a65 100644
--- a/systems/linux/mcentire.nix
+++ b/systems/linux/mcentire.nix
@@ -11,6 +11,7 @@
     ./../../services/fireflyiii.nix
     ./../../services/freshrss.nix
     ./../../services/navidrome.nix
+    ./../../services/vaultwarden.nix
   ];
 
   # Use the GRUB 2 boot loader.