From 49351504e4a2610ab1c19e3015de78f1fa35565d Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sat, 1 Nov 2025 11:46:14 +0100
Subject: [PATCH 1/2] feat(servers): setup podman autoupdate.

---
 modules/servers/baldur/crafty-controller.nix | 3 +++
 modules/servers/general/podman.nix           | 7 +++++++
 modules/servers/odin/syncyomi.nix            | 3 +++
 modules/servers/odin/wallabag.nix            | 3 +++
 modules/servers/odin/website.nix             | 3 +++
 modules/servers/tyr/home-assistant.nix       | 5 ++++-
 modules/servers/tyr/wallos.nix               | 5 ++++-
 7 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/modules/servers/baldur/crafty-controller.nix b/modules/servers/baldur/crafty-controller.nix
index 759f1c2..4914e0c 100644
--- a/modules/servers/baldur/crafty-controller.nix
+++ b/modules/servers/baldur/crafty-controller.nix
@@ -8,6 +8,9 @@
       "19132:19132"
       "25500-25600:25500-25600"
     ];
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     volumes = [
       "/var/lib/crafty-controller/backups:/crafty/backups"
       "/var/lib/crafty-controller/logs:/crafty/logs"
diff --git a/modules/servers/general/podman.nix b/modules/servers/general/podman.nix
index a4017a7..0e0bade 100644
--- a/modules/servers/general/podman.nix
+++ b/modules/servers/general/podman.nix
@@ -14,6 +14,13 @@
       defaultNetwork.settings.dns.enable = true;
     };
   };
+
+  # Enable system podman autoupdate timer
+  systemd.timers.podman-auto-update = {
+    enable = true;
+    wantedBy = ["timers.target"];
+  };
+
   environment.systemPackages = with pkgs; [
     podman-compose
     podman-tui
diff --git a/modules/servers/odin/syncyomi.nix b/modules/servers/odin/syncyomi.nix
index a55152a..6770c51 100644
--- a/modules/servers/odin/syncyomi.nix
+++ b/modules/servers/odin/syncyomi.nix
@@ -5,6 +5,9 @@
     ports = [
       "8282:8282"
     ];
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     volumes = [
       "/var/lib/syncyomi:/config"
     ];
diff --git a/modules/servers/odin/wallabag.nix b/modules/servers/odin/wallabag.nix
index 30c2e38..488a9c6 100644
--- a/modules/servers/odin/wallabag.nix
+++ b/modules/servers/odin/wallabag.nix
@@ -8,6 +8,9 @@
     environment = {
       "SYMFONY__ENV__DOMAIN_NAME" = "https://wallabag.cronyakatsuki.xyz";
     };
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     volumes = [
       "/var/lib/wallabag/data:/var/www/wallabag/data"
       "/var/lib/wallabag/images:/var/www/wallabag/web/assets/images"
diff --git a/modules/servers/odin/website.nix b/modules/servers/odin/website.nix
index 24f4e6b..5cbe688 100644
--- a/modules/servers/odin/website.nix
+++ b/modules/servers/odin/website.nix
@@ -5,6 +5,9 @@
     ports = [
       "8001:80"
     ];
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     volumes = [
       "/var/lib/website:/usr/share/nginx/html:ro"
     ];
diff --git a/modules/servers/tyr/home-assistant.nix b/modules/servers/tyr/home-assistant.nix
index d644257..4761bee 100644
--- a/modules/servers/tyr/home-assistant.nix
+++ b/modules/servers/tyr/home-assistant.nix
@@ -1,6 +1,6 @@
 {
   virtualisation.oci-containers.containers.homeassistant = {
-    image = "homeassistant/home-assistant:stable";
+    image = "docker.io/homeassistant/home-assistant:stable";
     autoStart = true;
     ports = [
       "8123:8123"
@@ -13,6 +13,9 @@
       NET_ADMIN = true;
       NET_RAW = true;
     };
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     extraOptions = ["--network=host"];
     volumes = [
       "/etc/localtime:/etc/localtime:ro"
diff --git a/modules/servers/tyr/wallos.nix b/modules/servers/tyr/wallos.nix
index b0eacf4..9cd1969 100644
--- a/modules/servers/tyr/wallos.nix
+++ b/modules/servers/tyr/wallos.nix
@@ -1,10 +1,13 @@
 {
   virtualisation.oci-containers.containers.wallos = {
-    image = "bellamy/wallos:latest";
+    image = "docker.io/bellamy/wallos:latest";
     autoStart = true;
     ports = [
       "8282:80/tcp"
     ];
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
     volumes = [
       "/var/lib/wallos/db:/var/www/html/db"
       "/var/lib/wallos/logos:/var/www/html/images/uploads/logos"

From d2deaeb83672699a7f7e9de1842d7d95a84ddbba Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sat, 1 Nov 2025 11:46:32 +0100
Subject: [PATCH 2/2] feat(desktop): fix some wireguard issues in config.

---
 secrets/wg-desktop.age | Bin 1555 -> 1556 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index e17b99a7a9d962d83be4f4ade5ae5d74aa465364..bb5f5f205b983f5334e0230b36526617b1a2332c 100644
GIT binary patch
literal 1556
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP3NXp@E?3Adb}R8s
z_b|!{jB-v(bTTM+F|JBW_I9ywH?piub2N4}4!6uGaLEoc@Z`!a5AbwNb4&I2PAYaZ
zjY!c>3n(#9_0Dih^vntI(>8R;igYP94|Ovzb49l;N8jHi+)=^Xz_O?~G&3);JS8jD
z!_(L!IMuMoEX3E<w9?Q$%Qwp1u*A&FBReeIEtJd6sj$k&(jz;_&!yZvy*R_bC{4RK
zu&^Y=zcQlIKitvZB*#BJHQzVQBof^=b8S;^<3I)H)XdzJk}#J-%j}$rVtoV8@O;A*
zNB79ADkD>u63bGbjEt&sFT;uq16Qsb15bAsXR}fZH#0NK^x{M>C$GHB3d54rtg_Ic
zL{INvC)Xs`h<w+~pg?rn{L2kO+{+c5k_}wLjEtP}gUb93D?%%?v?Hqw^IeR?U5&j{
z!_%F-Ee!HXO{=t>f_=F{LQ^A4T>bU+GtJyxBHSx{O$r<>{f*o+l0u_OGTlO|%JMz3
ze6>p=6VuUcOLq12^L12k(GRlp4>rwr%}&jCP4jis_6)W3Of2*AEpe&z&CJOQH1qJz
zD$_5naI@fY4A00aOG-0x%_$4j&h$zO$}&rj()TdYPjaa+%}-0qD$CC*%Be_pv<OAF
ztuV>gyC_g0C)+aBFgrIY$fG#KC^Ry{%(=iRu);{+Bi*g2Bt6+XKQblDG0-zC%Fu+%
z$1m8cxWqhPJKv<(J2BPBz|+y+rLa6PxLDgYJlw)R$jva)r^waVIU^a}wkU&K$EtD#
zeWxhzbo0`T+(46}60hQls8aWg+(fUuNPnZU(jskBkE$ZGT+>khLT68|0+#@D&(OS5
zH@B+f0{8Hs3J<r;swyXwV$ZDXyi5znOmol5GLIw!*JMw0+uZ%4B7@QuN-aGytAete
zDm{wwQe6VwJ-w34LsP1}w1ZMyBV3CDvdx@xE%nP16GIHRoHKllO`QEgOS4M+JSrmG
zJPdt9Qgb~$+>^`A{mk;6i}g!Nb3;s0TthHYNm`12luw{SRCsByQ<`sDO0cVoaj>b0
zi$|_oQd(w;VM$1$dv0oQUSwukkzZ(NwxJ_eKu|$da#&<ea&B5hc41a(VR>MoPlaD`
zQDjwahKYN5sZpwdrJsIwfUg0%->L$gGNZ~BTuUPY%S$4(O_P#?%F4pBO4IT@OOi_h
z3zNJeO`IJK3rosV3`zq+Gb{4BDg$z=G92B*DvTUWlJqM|1C4#EjKab~6NAdboU@I>
z5*>r|y}iS$3Ii;-baizVDpSIWGOE1v-Ta;NA~Fn1i%Zkp{ay2u^>ea(s*+733nNRt
zDqV^q%d674E^f=x+IPHVit4%>ygxX+4!Y+_8BdBUTpAdea`8y%wdLHKR)_Bs{d$e{
z8QX3DiMiQaInn})TVvN&zZLZeSF*ih#l!#IyKjffLDibaAw?XmQ4dQ0O<<Rlj!Wi`
z(-VI<_l4M}r9O-NBpNc;Ew*@^rhdWr@KJ&I)(4zt^Wy(q+nkpkappu?s@Iw_zaz7C
zk9^I1xk6}P*;cpxB7csQAO4Z9$XUB0y&~**{0Wu0Jg2L7-}(PtXKr^!heO1}-ygVU
z*F1h=bmwXB6|E?<?Q1(W9{lqqpZRE8_u`eJ%U|a-d6dj}!8VcWmU)d}j_0FkX=iiy
zJY72>MYZ<#OY@KxQ~PHwoo=67;xr?tZNKfK^EK?I#oNs_rK@&M`L1<jW!uFEdHin;
zX6Bq*Jm=V?^&v9z%k}5#>`mTm{WyeIXX9~xzg>Eq`J!?eDnfy)BF#@S8nE+~F!wN@
z4fU+N)upzu=;zF%DF^rcUt}}!A>%9771f(}9(M24JJ&k9eJ6u({GWijJ?y{k&k#)j
E0GA#%K>z>%

literal 1555
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP3NXp@E?1~1$u4$G
zN-D|?b_(*y^>lIcE^*7(Hz{_m%J)yoEGajx3{5Q$s3;6_$>;LVs7Nw(w8#r9jSMTO
zFm=x|jWqHMj0!f<E=wxPs`T?uPmiq9cMtF}N=LUXN8jHi+)<&jI4#I4CB&~Fxgga<
zyE0$D$|J(VGtezCIn}tp+t}IB+c!D0$}urFJCG|<Kd?Bp)H}o^+#@qHJ;YN#yi&hF
zKQt({!mG$I+cl?LJJ~QvJH<S*G7#N1b8S;^<3I%qcN4d~tiTG(WbcZKRG-wqTu;{$
zOLvR1VC@|D0Do;m-?Y@K{JhkHz(B45XVc{DD$9z%P|wI<ixMNtFsJauiqs@W<9vM=
zle|#30DnV^2#d;8PYl2Lmm7q*mn&2hSO%xM8aU<US~wbKct*J-XO$&|nMWCWIhSRJ
znx;k=<Y&A2SsI7t1#)=@yH*4w1%(;s6+0E=Muz)jIER;6rezg`RfVQnctjed<{M|1
zXJu6R7o+<v+11m}*HNLsIoBh@H^so$+#<lFswA^4Kg+VvAkf>=-zC*hyR@t@!pXce
z$1Nf$tC%aTDk8MFGRPw`KQ|?}%qJtOxI8Q;*{iU?BGc8a(j%uRF~G01!nfGWDI49k
z!X#hsqCkaGOYICN@AAR|*NpVwVC_I7ebXSb3Qr@W+!DXy0{t|X@YKTGfXHOmY)3Bd
z^88YLCre)okNmvw;$p8NM++}=*Hl;EFvlG4g6xWn{EQIGKsPu2bPIIbq6~5!tI8F^
zJVRUpweypbQ!}%JLkoNi0zzF9GeTYbT%$rm{Y_j;T=ZRn-4pc#jC{F_9sPqMLmd4~
zyiL*!Ov_Ts!o9=IEpkHgy($A-Lo7qn5<N?DGR*R`eKF$A-7hLKC|$wJ+a*FfIMTT?
zDJQ}uGSDK;yExT3IW)v0$+E)0vnsLF!!*q#JjG2vH<YW?Ff72!+0?`$vE0%iw9L&n
z$GIpX!`w8gG^HY0KRDYz&9KC|yf`Gk%oW{lX({?qK7k6Ui6z>eUVe^l8J>w@l^%im
z-UeQUj-{0md0|Etg$Csz{#kh`rf!9KmE~L+zGW3DMjnRV!9|u;X<6ZxL8;~8nZA(`
zfjNPJS&6|#RbJ((+U4dhUMA?aRRua_MwKg+rG-WmdHQH)7*<qTq-Uj=Tco*H1vnX3
zCI@?_q?bh$7$)Xwr+TM_hWK)&rX`gbWElHL6oh#BdSv?>8w5ldMWu&?<ho}^loa^r
zdnHBr7h4#FxukRH>gp<_r-UVim}L7oWhNV@l?EB>=R{g2ru$dA<&~QnI3}l9dIq?Z
z2IPbpmzZ#U6#63feA1W9d`HerOA}`cESobSBVIK4>Ah`CA16+o6WI1X>C`-iUp*(C
zRw^-XT6Z(Sc$Mc9t$!aMHl_c0cQ}Y$@Q~q3jyKY;cJ996R<DzM?Wf$n&WB!kdq1-9
zI18LV^~|mRhuQSpd*7s<d^mf}etYU{)35h5ThCd{KHU?r|J5qd?Nu?>e_P&${w@u(
zJm_cWY^SEX{Icof<G1Ft+wfQ@wgsP1U+^;AQFVKExj5gW`(}Uo=7-FU@Vjtuo%&9R
z4|n5FnJ-+x*mcXtw`pCbJV%<r`TV6k)1HboL`?kFx-s%@NR)-cZC7=n-Rrskth04I
zD0`Jn+ca1z{Qu=+O^fS-W8T@RFi*EW^z7&PtbNm$_c`w}?MN<LZ(Ly8urc`KM}A&e
zE79)GzD}nK-XL-1>9%&^hnY)**R;$@D4A7meBy%4^5tf!#-WV$4NZHE>hJMwdnDji
z<}LTLK`c0Hr{`9?HLTxGK5#p{`tz^5bLNUiv}F6$UwHQE>c@q7X)jM7w7b0e#v1^l
CfH{Kz