feat: migrate host Hyprland configs to Lua (Hyprland 0.55+)

- m3-kratos/home.nix: use hl.monitor({}), hl.workspace_rule({}),
  hl.window_rule({}) table-based Lua API
- m3-ares/home.nix: same Lua API + tuxedo-backlight via hl.on()
- Update flake.lock: home-manager -> 74f170c6 (2026-05-18)

flake.lock

@@ -47,11 +47,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1777399938,
+        "lastModified": 1778518220,
-        "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
+        "narHash": "sha256-6AQs9VZ0/DuD4njPbYHRE4v+SgJc6SBrGwemTWxikVc=",
         "ref": "refs/heads/master",
-        "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
+        "rev": "b6e1aaa6261c5056d024d8d4785659eaa4e675e6",
-        "revCount": 85,
+        "revCount": 87,
         "type": "git",
         "url": "ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS"
       },
@@ -126,7 +126,11 @@
     },
     "basecamp": {
       "inputs": {
-        "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-home",
+          "m3ta-nixpkgs",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1774505501,
@@ -145,7 +149,10 @@
     },
     "basecamp_2": {
       "inputs": {
-        "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-nixpkgs",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1774505501,
@@ -164,8 +171,14 @@
     },
     "blueprint": {
       "inputs": {
-        "nixpkgs": ["llm-agents", "nixpkgs"],
+        "nixpkgs": [
-        "systems": ["llm-agents", "systems"]
+          "llm-agents",
+          "nixpkgs"
+        ],
+        "systems": [
+          "llm-agents",
+          "systems"
+        ]
       },
       "locked": {
         "lastModified": 1776249299,
@@ -183,10 +196,22 @@
     },
     "bun2nix": {
       "inputs": {
-        "flake-parts": ["llm-agents", "flake-parts"],
+        "flake-parts": [
-        "nixpkgs": ["llm-agents", "nixpkgs"],
+          "llm-agents",
-        "systems": ["llm-agents", "systems"],
+          "flake-parts"
-        "treefmt-nix": ["llm-agents", "treefmt-nix"]
+        ],
+        "nixpkgs": [
+          "llm-agents",
+          "nixpkgs"
+        ],
+        "systems": [
+          "llm-agents",
+          "systems"
+        ],
+        "treefmt-nix": [
+          "llm-agents",
+          "treefmt-nix"
+        ]
       },
       "locked": {
         "lastModified": 1777369708,
@@ -205,7 +230,10 @@
     },
     "darwin": {
       "inputs": {
-        "nixpkgs": ["agenix", "nixpkgs"]
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1744478979,
@@ -224,7 +252,11 @@
     },
     "darwin_2": {
       "inputs": {
-        "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-home",
+          "agenix",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1744478979,
@@ -243,7 +275,9 @@
     },
     "disko": {
       "inputs": {
-        "nixpkgs": ["nixpkgs"]
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1777713215,
@@ -261,7 +295,10 @@
     },
     "flake-parts": {
       "inputs": {
-        "nixpkgs-lib": ["hermes-agent", "nixpkgs"]
+        "nixpkgs-lib": [
+          "hermes-agent",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1772408722,
@@ -279,7 +316,10 @@
     },
     "flake-parts_2": {
       "inputs": {
-        "nixpkgs-lib": ["llm-agents", "nixpkgs"]
+        "nixpkgs-lib": [
+          "llm-agents",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1777988971,
@@ -297,7 +337,11 @@
     },
     "flake-parts_3": {
       "inputs": {
-        "nixpkgs-lib": ["m3ta-home", "nur", "nixpkgs"]
+        "nixpkgs-lib": [
+          "m3ta-home",
+          "nur",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1733312601,
@@ -315,7 +359,10 @@
     },
     "flake-parts_4": {
       "inputs": {
-        "nixpkgs-lib": ["nur", "nixpkgs"]
+        "nixpkgs-lib": [
+          "nur",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1733312601,
@@ -375,7 +422,10 @@
     },
     "home-manager": {
       "inputs": {
-        "nixpkgs": ["agenix", "nixpkgs"]
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1745494811,
@@ -393,14 +443,16 @@
     },
     "home-manager_2": {
       "inputs": {
-        "nixpkgs": ["nixpkgs"]
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1778248595,
+        "lastModified": 1779113444,
-        "narHash": "sha256-dhFgEjoeJMYN/7OY6xfxS799YB4IjbbYXTjyGIJyLpc=",
+        "narHash": "sha256-/L61sT1PIKmGWIQpIh0uJGH/ANvcsf6y4alxtb9kelg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fdb2ccba9d5e1238d32e0c4a3ec1a277efa80c1d",
+        "rev": "74f170c62d57f90e656841f1f699e6bdf40f0a24",
         "type": "github"
       },
       "original": {
@@ -411,7 +463,10 @@
     },
     "home-manager_3": {
       "inputs": {
-        "nixpkgs": ["hyprpanel", "nixpkgs"]
+        "nixpkgs": [
+          "hyprpanel",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1750798083,
@@ -429,7 +484,11 @@
     },
     "home-manager_4": {
       "inputs": {
-        "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-home",
+          "agenix",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1745494811,
@@ -447,14 +506,17 @@
     },
     "home-manager_5": {
       "inputs": {
-        "nixpkgs": ["m3ta-home", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-home",
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1778248595,
+        "lastModified": 1778503501,
-        "narHash": "sha256-dhFgEjoeJMYN/7OY6xfxS799YB4IjbbYXTjyGIJyLpc=",
+        "narHash": "sha256-08L/X4/do7nET4rzidJ76eV/1r+mB7DchVpdPypsghc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fdb2ccba9d5e1238d32e0c4a3ec1a277efa80c1d",
+        "rev": "85ba629c79449badf4338117c27f0ee92b4b9f1a",
         "type": "github"
       },
       "original": {
@@ -465,7 +527,10 @@
     },
     "hyprlang": {
       "inputs": {
-        "nixpkgs": ["rose-pine-hyprcursor", "nixpkgs"],
+        "nixpkgs": [
+          "rose-pine-hyprcursor",
+          "nixpkgs"
+        ],
         "systems": "systems_5"
       },
       "locked": {
@@ -531,15 +596,17 @@
         "home-manager": "home-manager_5",
         "m3ta-nixpkgs": "m3ta-nixpkgs",
         "nix-colors": "nix-colors",
-        "nixpkgs": ["nixpkgs"],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
         "nur": "nur"
       },
       "locked": {
-        "lastModified": 1778311103,
+        "lastModified": 1778520138,
-        "narHash": "sha256-lqjnPjBfyjIOfAe94ubvdzwfjmylT5xvR5V4RtCVJPk=",
+        "narHash": "sha256-X58c8BUIshyUnp6XEKumFUYXqMFnrDTj+aGuGIbKwxg=",
         "ref": "refs/heads/master",
-        "rev": "cbe5a55937005c6b9f44266cafcdaaae63a60295",
+        "rev": "a87d9510bd84f51bf93970730b8688ab7221bbdd",
-        "revCount": 23,
+        "revCount": 30,
         "type": "git",
         "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"
       },
@@ -552,16 +619,19 @@
       "inputs": {
         "agents": "agents_2",
         "basecamp": "basecamp",
-        "nixpkgs": ["m3ta-home", "nixpkgs"],
+        "nixpkgs": [
+          "m3ta-home",
+          "nixpkgs"
+        ],
         "nixpkgs-master": "nixpkgs-master",
         "openspec": "openspec"
       },
       "locked": {
-        "lastModified": 1778309566,
+        "lastModified": 1778508052,
-        "narHash": "sha256-VMc0IOYWzNj6+KdWqggpZ9Mt9MkxYPcKP7smOIkbapo=",
+        "narHash": "sha256-kxzZvJv757TGfHReR21aX6N/jkGMWzGSy9GQEclYD4Y=",
         "ref": "refs/heads/master",
-        "rev": "db1a29df1584c0046a110ef693229be73b986cfc",
+        "rev": "8113723a48c4afa016881ccd5bc4be3fad2c7d5f",
-        "revCount": 289,
+        "revCount": 294,
         "type": "git",
         "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
       },
@@ -579,11 +649,11 @@
         "openspec": "openspec_2"
       },
       "locked": {
-        "lastModified": 1778309566,
+        "lastModified": 1778518789,
-        "narHash": "sha256-VMc0IOYWzNj6+KdWqggpZ9Mt9MkxYPcKP7smOIkbapo=",
+        "narHash": "sha256-9WZvO2BBofC2Wp4dvP4/aQ6Jhmcxh9lEGTYj09hLXrI=",
         "ref": "refs/heads/master",
-        "rev": "db1a29df1584c0046a110ef693229be73b986cfc",
+        "rev": "d64c581516c02702ec28e5d2304330d7b035235d",
-        "revCount": 289,
+        "revCount": 295,
         "type": "git",
         "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
       },
@@ -760,11 +830,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1778291595,
+        "lastModified": 1778507606,
-        "narHash": "sha256-XZRSWn32HgzPiVBUgFu4QgefWq6LjXNljQbmdf52Q5U=",
+        "narHash": "sha256-6Yc2dIhijc8G+dbMNocyclxF19dUrjaT+EeXGrXmXlg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "67d18561bfe53cee9d84a19cb5c0be3c8ef5c186",
+        "rev": "39a7b8d815fcc8b689d56fc4a3fa8de4ef93d169",
         "type": "github"
       },
       "original": {
@@ -776,11 +846,11 @@
     },
     "nixpkgs-master_2": {
       "locked": {
-        "lastModified": 1778291595,
+        "lastModified": 1778507606,
-        "narHash": "sha256-XZRSWn32HgzPiVBUgFu4QgefWq6LjXNljQbmdf52Q5U=",
+        "narHash": "sha256-6Yc2dIhijc8G+dbMNocyclxF19dUrjaT+EeXGrXmXlg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "67d18561bfe53cee9d84a19cb5c0be3c8ef5c186",
+        "rev": "39a7b8d815fcc8b689d56fc4a3fa8de4ef93d169",
         "type": "github"
       },
       "original": {
@@ -984,7 +1054,10 @@
     },
     "npm-lockfile-fix": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "nixpkgs"]
+        "nixpkgs": [
+          "hermes-agent",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1775903712,
@@ -1006,11 +1079,11 @@
         "nixpkgs": "nixpkgs_7"
       },
       "locked": {
-        "lastModified": 1778310897,
+        "lastModified": 1778506944,
-        "narHash": "sha256-3YXHiKiPmSfoKeW/TJzsMM6F8v/DruwL0BjnmDtv5Jk=",
+        "narHash": "sha256-lU0Bleh0reE+WU7j8Uiqsu6ekPav50L8sXsgOvEQS+0=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "400996593f670f004c7a544dd3d75987b96fa68e",
+        "rev": "0166493cfe4e0e9927435c1cfbf5505cfb0d10d1",
         "type": "github"
       },
       "original": {
@@ -1022,7 +1095,9 @@
     "nur_2": {
       "inputs": {
         "flake-parts": "flake-parts_4",
-        "nixpkgs": ["nixpkgs"]
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1778308643,
@@ -1040,7 +1115,11 @@
     },
     "openspec": {
       "inputs": {
-        "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-home",
+          "m3ta-nixpkgs",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1778120451,
@@ -1058,7 +1137,10 @@
     },
     "openspec_2": {
       "inputs": {
-        "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"]
+        "nixpkgs": [
+          "m3ta-nixpkgs",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1778120451,
@@ -1076,7 +1158,10 @@
     },
     "pyproject-build-systems": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "nixpkgs"],
+        "nixpkgs": [
+          "hermes-agent",
+          "nixpkgs"
+        ],
         "pyproject-nix": "pyproject-nix",
         "uv2nix": "uv2nix"
       },
@@ -1096,7 +1181,11 @@
     },
     "pyproject-nix": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"]
+        "nixpkgs": [
+          "hermes-agent",
+          "pyproject-build-systems",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1769936401,
@@ -1114,7 +1203,10 @@
     },
     "pyproject-nix_2": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "nixpkgs"]
+        "nixpkgs": [
+          "hermes-agent",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1772865871,
@@ -1132,7 +1224,11 @@
     },
     "pyproject-nix_3": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "uv2nix", "nixpkgs"]
+        "nixpkgs": [
+          "hermes-agent",
+          "uv2nix",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1771518446,
@@ -1199,7 +1295,9 @@
     },
     "rustfs": {
       "inputs": {
-        "nixpkgs": ["nixpkgs"]
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1777635550,
@@ -1387,7 +1485,10 @@
     },
     "treefmt-nix": {
       "inputs": {
-        "nixpkgs": ["llm-agents", "nixpkgs"]
+        "nixpkgs": [
+          "llm-agents",
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1775636079,
@@ -1423,7 +1524,11 @@
     },
     "uv2nix": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"],
+        "nixpkgs": [
+          "hermes-agent",
+          "pyproject-build-systems",
+          "nixpkgs"
+        ],
         "pyproject-nix": [
           "hermes-agent",
           "pyproject-build-systems",
@@ -1446,7 +1551,10 @@
     },
     "uv2nix_2": {
       "inputs": {
-        "nixpkgs": ["hermes-agent", "nixpkgs"],
+        "nixpkgs": [
+          "hermes-agent",
+          "nixpkgs"
+        ],
         "pyproject-nix": "pyproject-nix_3"
       },
       "locked": {

hosts/common/users/m3tam3re.nix

@@ -37,7 +37,7 @@
     # ── Server hosts ──
     m3-atlas = {
       context = "server";
-      sets = ["coding"];
+      sets = [];
     };
     m3-helios = {
       context = "server";
@@ -53,10 +53,13 @@
     };
   };
 
-  profile = hostProfiles.${hostname} or {
+  profile =
-    context = "server";
+    hostProfiles.${
-    sets = [];
+      hostname
-  };
+    } or {
+      context = "server";
+      sets = [];
+    };
   m3ta-lib = inputs.m3ta-home.lib;
 
   # Check if a per-host home.nix exists

hosts/m3-ares/home.nix

@@ -36,35 +36,39 @@ with lib; {
       };
     }
 
-    # ── Hyprland monitor layout ──
+    # ── Hyprland monitor layout & host-specific rules ──
     (mkIf config.desktop.wm.hyprland.enable {
       wayland.windowManager.hyprland = {
         enable = true;
         settings = {
-          exec-once = ["tuxedo-backlight"];
+          # Laptop internal + external HDMI
           monitor = [
-            "eDP-1,preferred,0x0,1.25"
+            { output = "eDP-1";     mode = "preferred";       position = "0x0";     scale = 1.25; }
-            "HDMI-A-1,1920x1080@120,2560x0,1"
+            { output = "HDMI-A-1";  mode = "1920x1080@120";   position = "2560x0";  scale = 1; }
           ];
-          workspace = [
+          workspace_rule = [
-            "1, monitor:eDP-1, default:true"
+            { workspace = 1; monitor = "eDP-1";    default = true; }
-            "2, monitor:eDP-1"
+            { workspace = 2; monitor = "eDP-1"; }
-            "3, monitor:eDP-1"
+            { workspace = 3; monitor = "eDP-1"; }
-            "4, monitor:HDMI-A-1"
+            { workspace = 4; monitor = "HDMI-A-1"; }
-            "5, monitor:HDMI-A-1,border:false,rounding:false"
+            { workspace = 5; monitor = "HDMI-A-1"; border = false; rounding = false; }
-            "6, monitor:HDMI-A-1"
+            { workspace = 6; monitor = "HDMI-A-1"; }
           ];
-          windowrule = [
+          window_rule = [
-            "match:class dev.zed.Zed, workspace 1"
+            { match = { class = "dev.zed.Zed" };            workspace = "1"; }
-            "match:class Msty, workspace 1"
+            { match = { class = "Msty" };                    workspace = "1"; }
-            "match:class ^(com.obsproject.Studio)$, workspace 2"
+            { match = { class = "^com.obsproject.Studio$" }; workspace = "2"; }
-            "match:class ^(brave-browser)$, workspace 4, opacity 1.0"
+            { match = { class = "^(brave-browser)$" };      workspace = "4"; opacity = 1.0; }
-            "match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
+            { match = { class = "^(vivaldi-stable)$" };     workspace = "4"; opacity = 1.0; }
-            "match:class ^steam_app_\\d+$, fullscreen on"
+            { match = { class = "^steam_app_\\d+$" };       fullscreen = true; workspace = "5"; idle_inhibit = "focus"; }
-            "match:class ^steam_app_\\d+$, workspace 5"
-            "match:class ^steam_app_\\d+$, idle_inhibit focus"
           ];
         };
+        extraConfig = mkAfter ''
+          -- Host startup: TUXEDO backlight
+          hl.on("hyprland.start", function()
+            hl.exec_cmd("tuxedo-backlight")
+          end)
+        '';
       };
     })
   ];

hosts/m3-atlas/services/hermes-agent.nix

@@ -1,191 +0,0 @@
-{config, ...}: let
-  # Default ElevenLabs voice: Bella (German-capable female)
-  elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
-in {
-  services.hermes-agent = {
-    enable = true;
-    addToSystemPackages = true;
-
-    # Secrets via agenix
-    environmentFiles = [config.age.secrets."hermes-env".path];
-
-    # Non-secret environment variables
-    environment = {
-      #
-    };
-
-    # ── Container mode (podman) ──────────────────────────────────────────
-    container = {
-      enable = true;
-      backend = "podman";
-    };
-
-    settings = {
-      # ── Model ──────────────────────────────────────────────────────────
-      model = {
-        default = "glm-5.1";
-        provider = "zai";
-        base_url = "https://api.z.ai/api/coding/paas/v4/";
-      };
-
-      credential_pool_strategies = {
-        zai = "fill_first";
-      };
-
-      toolsets = ["all"];
-
-      # ── Agent ──────────────────────────────────────────────────────────
-      agent = {
-        max_turns = 90;
-        gateway_timeout = 1800;
-        tool_use_enforcement = "auto";
-      };
-
-      # ── Terminal ───────────────────────────────────────────────────────
-      terminal = {
-        backend = "local";
-        modal_mode = "auto";
-        cwd = ".";
-        timeout = 180;
-        persistent_shell = true;
-      };
-
-      # ── Browser ────────────────────────────────────────────────────────
-      browser = {
-        inactivity_timeout = 120;
-        command_timeout = 30;
-        cloud_provider = "local";
-      };
-
-      # ── Checkpoints / Compression ──────────────────────────────────────
-      checkpoints = {
-        enabled = true;
-        max_snapshots = 50;
-      };
-
-      file_read_max_chars = 100000;
-
-      compression = {
-        enabled = true;
-        threshold = 0.5;
-        target_ratio = 0.2;
-        protect_last_n = 20;
-      };
-
-      # ── Display ────────────────────────────────────────────────────────
-      display = {
-        compact = false;
-        personality = "kawaii";
-        resume_display = "full";
-        busy_input_mode = "interrupt";
-        inline_diffs = true;
-        skin = "default";
-        tool_progress = "all";
-      };
-
-      # ── TTS / STT / Voice ──────────────────────────────────────────────
-      tts = {
-        provider = "elevenlabs";
-        elevenlabs = {
-          voice_id = elevenlabsVoiceId;
-          model_id = "eleven_multilingual_v2";
-        };
-      };
-
-      stt = {
-        enabled = true;
-        provider = "local";
-        local = {model = "base";};
-      };
-
-      voice = {
-        record_key = "ctrl+b";
-        max_recording_seconds = 120;
-        silence_threshold = 200;
-        silence_duration = 3.0;
-      };
-
-      # ── Memory ─────────────────────────────────────────────────────────
-      memory = {
-        memory_enabled = true;
-        user_profile_enabled = true;
-        memory_char_limit = 2200;
-        user_char_limit = 1375;
-      };
-
-      # ── Delegation ─────────────────────────────────────────────────────
-      delegation = {
-        max_iterations = 50;
-      };
-
-      # ── Discord ────────────────────────────────────────────────────────
-      discord = {
-        require_mention = true;
-        auto_thread = true;
-        reactions = true;
-      };
-
-      # ── Approvals / Security ───────────────────────────────────────────
-      approvals = {
-        mode = "manual";
-        timeout = 60;
-      };
-
-      security = {
-        redact_secrets = true;
-        tirith_enabled = true;
-        tirith_fail_open = true;
-      };
-
-      # ── Cron / Session ─────────────────────────────────────────────────
-      cron = {wrap_response = true;};
-
-      session_reset = {
-        mode = "both";
-        idle_minutes = 1440;
-        at_hour = 4;
-      };
-
-      # ── Web ────────────────────────────────────────────────────────────
-      web = {backend = "exa";};
-
-      # ── Platform Toolsets ──────────────────────────────────────────────
-      platform_toolsets = {
-        cli = [
-          "browser"
-          "clarify"
-          "code_execution"
-          "cronjob"
-          "delegation"
-          "file"
-          "image_gen"
-          "memory"
-          "session_search"
-          "skills"
-          "terminal"
-          "todo"
-          "tts"
-          "vision"
-          "web"
-        ];
-        telegram = [
-          "browser"
-          "clarify"
-          "code_execution"
-          "cronjob"
-          "delegation"
-          "file"
-          "image_gen"
-          "memory"
-          "session_search"
-          "skills"
-          "terminal"
-          "todo"
-          "tts"
-          "vision"
-          "web"
-        ];
-      };
-    };
-  };
-}

hosts/m3-atlas/services/traefik.nix

@@ -43,6 +43,12 @@
     dynamicConfigOptions = {
       http = {
         services = {
+          # ── Hermes Dashboard (m3-hermes over Netbird) ────────────────
+          hermes-dashboard = {
+            loadBalancer.servers = [
+              {url = "http://100.81.231.152:9119";}
+            ];
+          };
           dummy = {
             loadBalancer.servers = [
               {url = "http://192.168.0.1";} # Diese URL wird nie verwendet
@@ -79,6 +85,15 @@
         };
 
         routers = {
+          # ── Hermes Dashboard — Netbird mesh only ─────────────────────
+          hermes-dashboard = {
+            rule = "Host(`dash.m3ta.dev`)";
+            service = "hermes-dashboard";
+            entrypoints = ["websecure"];
+            tls = {
+              certResolver = "godaddy";
+            };
+          };
           api = {
             rule = "Host(`r.m3tam3re.com`)";
             service = "api@internal";

hosts/m3-hermes/secrets.nix

@@ -7,6 +7,9 @@
       hermes-cloud-env = {
         file = ../../secrets/hermes-cloud-env.age;
       };
+      hermes-api-server-key = {
+        file = ../../secrets/hermes-api-server-key.age;
+      };
     };
   };
 }

hosts/m3-hermes/services/default.nix

@@ -1,5 +1,7 @@
 {
   imports = [
     ./hermes-agent.nix
+    ./hermes-dashboard.nix
+    ./netbird.nix
   ];
 }

hosts/m3-hermes/services/hermes-agent.nix

@@ -11,11 +11,12 @@
   # matrix-nio is installed via pip in /home/hermes/.venv but the hermes
   # process uses the read-only Nix store Python, so we inject the venv's
   # site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
-  venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages";
+  # NOTE: v0.13.0 upgraded to Python 3.12 — path updated accordingly.
+  venvSitePackages = "/home/hermes/.venv/lib/python3.12/site-packages";
   gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
 
   # Build skills using agents flake lib for hermes user
-  hermesSkills = inputs.agents.lib.mkOpencodeSkills {
+  hermesSkills = inputs.agents.lib.mkSkills {
     inherit pkgs;
     customSkills = "${inputs.agents}/skills";
     externalSkills = [
@@ -48,13 +49,6 @@ in {
           user: m3ta-chiron
           default: true
     ''}"
-    "f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" ''
-      [user]
-        name = m3ta-chiron
-        email = m3ta-chiron@agentmail.to
-      [init]
-        defaultBranch = master
-    ''}"
   ];
 
   systemd.services.copy-hermes-skills = {
@@ -78,21 +72,40 @@ in {
     enable = true;
     addToSystemPackages = true;
 
-    extraPackages = with pkgs; [docker git tea nix];
+    extraPackages = with pkgs; [
+      docker
+      git
+      tea
+      nix
+      zellij
+    ];
 
     # Secrets via agenix
     environmentFiles = [
       config.age.secrets."hermes-env".path
       config.age.secrets."hermes-cloud-env".path
+      config.age.secrets."hermes-api-server-key".path
     ];
 
     # Non-secret environment variables
+    # Git identity is set entirely via env vars (GIT_AUTHOR_*, GIT_COMMITTER_*,
+    # GIT_INIT_DEFAULT_BRANCH) — no .gitconfig file needed. Env vars take
+    # precedence over any gitconfig, and the hermes gateway injects them into
+    # all terminal sessions via .env.
     environment = {
       GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
       GIT_AUTHOR_NAME = "m3ta-chiron";
       GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to";
       GIT_COMMITTER_NAME = "m3ta-chiron";
       GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to";
+      GIT_INIT_DEFAULT_BRANCH = "master";
+
+      # ── API Server (OpenAI-compatible, for Hermes Desktop App) ─────────
+      # Accessible via Netbird mesh VPN — not exposed to the public internet.
+      # Bind to 0.0.0.0 so the Netbird interface can reach it.
+      API_SERVER_ENABLED = "true";
+      API_SERVER_HOST = "0.0.0.0";
+      API_SERVER_PORT = "8642";
     };
 
     # ── Container mode (podman) ──────────────────────────────────────────
@@ -152,7 +165,8 @@ in {
         cloud_provider = "local";
       };
 
-      # ── Checkpoints / Compression ──────────────────────────────────────
+      # ── Checkpoints v2 ─────────────────────────────────────────────────
+      # v0.13.0: Single-store rewrite with real pruning + disk guardrails.
       checkpoints = {
         enabled = true;
         max_snapshots = 50;
@@ -215,12 +229,24 @@ in {
         max_spawn_depth = 2;
       };
 
+      # ── Kanban (v0.13.0 — Multi-Agent Board) ──────────────────────────
+      # Durable task board with embedded dispatcher in gateway process.
+      # Workers are full OS processes with identity, heartbeat, reclaim,
+      # zombie detection, and hallucination gate.
+      kanban = {
+        dispatch_in_gateway = true;
+        dispatch_interval_seconds = 60;
+      };
+
       # ── Matrix ────────────────────────────────────────────────────────
       matrix = {
         homeserver = "https://matrix.m3ta.dev";
         user_id = "@chiron:m3ta.dev";
         allowed_users = ["@m3tam3re:m3ta.dev"];
         encryption = true;
+        group_sessions_per_user = true;
+        auto_thread = true;
+        dm_mention_threads = true;
       };
 
       # ── Approvals / Security ───────────────────────────────────────────

hosts/m3-hermes/services/hermes-dashboard.nix

@@ -0,0 +1,65 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  # Netbird mesh VPN range — dashboard only accessible from mesh peers.
+  # m3-atlas Traefik proxies to this port over Netbird.
+  netbirdRange = "100.64.0.0/16";
+
+  # Reference the hermes-agent package from the running service config
+  hermesPkg = config.services.hermes-agent.package or (inputs.hermes-agent.packages.${pkgs.stdenv.hostPlatform.system}.default or pkgs.hermes-agent);
+in {
+  # ── Hermes Dashboard systemd service ───────────────────────────────────
+  # Web UI for managing Hermes Agent — sessions, config, kanban, cron, etc.
+  #
+  # Flow: Browser → dash.m3ta.dev (TLS via m3-atlas Traefik) → Netbird → :9119
+  #
+  # --insecure is required to bind 0.0.0.0 (hermes refuses non-localhost otherwise).
+  # Safe because firewall restricts port 9119 to Netbird mesh only.
+  systemd.services.hermes-dashboard = {
+    description = "Hermes Agent Web Dashboard";
+    after = ["network.target" "hermes-agent.service"];
+    wants = ["hermes-agent.service"];
+    wantedBy = ["multi-user.target"];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "hermes";
+      Group = "hermes";
+
+      ExecStart = "${hermesPkg}/bin/hermes dashboard --host 0.0.0.0 --port 9119 --no-open --insecure";
+
+      # Environment matching the hermes-agent service
+      Environment = [
+        "HERMES_HOME=/var/lib/hermes/.hermes"
+        "HERMES_MANAGED=true"
+        "HOME=/var/lib/hermes"
+      ];
+
+      # Security hardening (matching hermes-agent service pattern)
+      NoNewPrivileges = true;
+      ProtectSystem = "strict";
+      ProtectHome = "read-only";
+      ReadWritePaths = ["/var/lib/hermes" "/tmp"];
+      PrivateTmp = true;
+
+      # Restart policy
+      Restart = "on-failure";
+      RestartSec = 5;
+    };
+  };
+
+  # ── Firewall: Dashboard only from Netbird mesh ─────────────────────────
+  networking.firewall = {
+    extraCommands = ''
+      # Allow Hermes Dashboard (9119/tcp) only from Netbird mesh VPN
+      ip46tables -A nixos-fw -p tcp --dport 9119 -s ${netbirdRange} -j nixos-fw-accept
+    '';
+
+    extraStopCommands = ''
+      ip46tables -D nixos-fw -p tcp --dport 9119 -s ${netbirdRange} -j nixos-fw-accept 2>/dev/null || true
+    '';
+  };
+}

hosts/m3-hermes/services/netbird.nix

@@ -0,0 +1,29 @@
+{pkgs, ...}: {
+  services.netbird.enable = true;
+
+  systemd.services.netbird = {
+    environment = {
+      NB_DISABLE_SSH_CONFIG = "true";
+      NB_USE_LEGACY_ROUTING = "true";
+    };
+    path = [
+      pkgs.shadow
+      pkgs.util-linux
+    ];
+  };
+
+  programs.ssh.extraConfig = ''
+    Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
+        PreferredAuthentications password,publickey,keyboard-interactive
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+        BatchMode no
+        ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+        CheckHostIP no
+        LogLevel ERROR
+  '';
+
+  networking.firewall.checkReversePath = "loose";
+}

hosts/m3-kratos/home.nix

@@ -36,31 +36,32 @@ with lib; {
       };
     }
 
-    # ── Hyprland monitor layout ──
+    # ── Hyprland monitor layout & host-specific rules ──
     (mkIf config.desktop.wm.hyprland.enable {
       wayland.windowManager.hyprland = {
         enable = true;
         settings = {
+          # Dual monitor: DP-1 left, DP-2 right
           monitor = [
-            "DP-1,2560x1440@144,0x0,1"
+            { output = "DP-1"; mode = "2560x1440@144"; position = "0x0";     scale = 1; }
-            "DP-2,2560x1440@144,2560x0,1"
+            { output = "DP-2"; mode = "2560x1440@144"; position = "2560x0";  scale = 1; }
           ];
-          workspace = [
+          workspace_rule = [
-            "1, monitor:DP-1, default:true"
+            { workspace = 1; monitor = "DP-1"; default = true; }
-            "2, monitor:DP-1"
+            { workspace = 2; monitor = "DP-1"; }
-            "3, monitor:DP-1"
+            { workspace = 3; monitor = "DP-1"; }
-            "4, monitor:DP-2"
+            { workspace = 4; monitor = "DP-2"; }
-            "5, monitor:DP-2"
+            { workspace = 5; monitor = "DP-2"; }
-            "6, monitor:DP-2"
+            { workspace = 6; monitor = "DP-2"; }
-            "7, monitor:DP-2"
+            { workspace = 7; monitor = "DP-2"; }
           ];
-          windowrule = [
+          window_rule = [
-            "match:class dev.zed.Zed, workspace 1"
+            { match = { class = "dev.zed.Zed" };            workspace = "1"; }
-            "match:class Msty, workspace 1"
+            { match = { class = "Msty" };                    workspace = "1"; }
-            "match:class ^(com.obsproject.Studio)$, workspace 2"
+            { match = { class = "^com.obsproject.Studio$" }; workspace = "2"; }
-            "match:class ^(brave-browser)$, workspace 4, opacity 1.0"
+            { match = { class = "^(brave-browser)$" };      workspace = "4"; opacity = 1.0; }
-            "match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
+            { match = { class = "^(vivaldi-stable)$" };     workspace = "4"; opacity = 1.0; }
-            "match:class ^steam_app_\\d+$, idle_inhibit focus"
+            { match = { class = "^steam_app_\\d+$" };       idle_inhibit = "focus"; }
           ];
         };
       };

hosts/m3-kratos/services/default.nix

@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   imports = [
     ./containers
-    ./hermes-agent.nix
     ./mem0.nix
     # ./n8n.nix
     ./netbird.nix

hosts/m3-kratos/services/hermes-agent.nix

@@ -1,184 +0,0 @@
-{config, ...}: let
-  # Default ElevenLabs voice: Bella (German-capable female)
-  elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
-in {
-  services.hermes-agent = {
-    enable = true;
-    addToSystemPackages = true;
-
-    # Secrets via agenix
-    environmentFiles = [config.age.secrets."hermes-env".path];
-
-    # Non-secret environment variables
-    environment = {
-      GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
-    };
-
-    settings = {
-      # ── Model ──────────────────────────────────────────────────────────
-      model = {
-        default = "glm-5.1";
-        provider = "zai";
-      };
-
-      credential_pool_strategies = {
-        zai = "fill_first";
-      };
-
-      toolsets = ["all"];
-
-      # ── Agent ──────────────────────────────────────────────────────────
-      agent = {
-        max_turns = 90;
-        gateway_timeout = 1800;
-        tool_use_enforcement = "auto";
-      };
-
-      # ── Terminal ───────────────────────────────────────────────────────
-      terminal = {
-        backend = "ssh";
-        modal_mode = "auto";
-        cwd = ".";
-        timeout = 180;
-        persistent_shell = true;
-      };
-
-      # ── Browser ────────────────────────────────────────────────────────
-      browser = {
-        inactivity_timeout = 120;
-        command_timeout = 30;
-        cloud_provider = "local";
-      };
-
-      # ── Checkpoints / Compression ──────────────────────────────────────
-      checkpoints = {
-        enabled = true;
-        max_snapshots = 50;
-      };
-
-      file_read_max_chars = 100000;
-
-      compression = {
-        enabled = true;
-        threshold = 0.5;
-        target_ratio = 0.2;
-        protect_last_n = 20;
-      };
-
-      # ── Display ────────────────────────────────────────────────────────
-      display = {
-        compact = false;
-        personality = "kawaii";
-        resume_display = "full";
-        busy_input_mode = "interrupt";
-        inline_diffs = true;
-        skin = "default";
-        tool_progress = "all";
-      };
-
-      # ── TTS / STT / Voice ──────────────────────────────────────────────
-      tts = {
-        provider = "elevenlabs";
-        elevenlabs = {
-          voice_id = elevenlabsVoiceId;
-          model_id = "eleven_multilingual_v2";
-        };
-      };
-
-      stt = {
-        enabled = true;
-        provider = "local";
-        local = {model = "base";};
-      };
-
-      voice = {
-        record_key = "ctrl+b";
-        max_recording_seconds = 120;
-        silence_threshold = 200;
-        silence_duration = 3.0;
-      };
-
-      # ── Memory ─────────────────────────────────────────────────────────
-      memory = {
-        memory_enabled = true;
-        user_profile_enabled = true;
-        memory_char_limit = 2200;
-        user_char_limit = 1375;
-      };
-
-      # ── Delegation ─────────────────────────────────────────────────────
-      delegation = {
-        max_iterations = 50;
-      };
-
-      # ── Discord ────────────────────────────────────────────────────────
-      discord = {
-        require_mention = true;
-        auto_thread = true;
-        reactions = true;
-      };
-
-      # ── Approvals / Security ───────────────────────────────────────────
-      approvals = {
-        mode = "manual";
-        timeout = 60;
-      };
-
-      security = {
-        redact_secrets = true;
-        tirith_enabled = true;
-        tirith_fail_open = true;
-      };
-
-      # ── Cron / Session ─────────────────────────────────────────────────
-      cron = {wrap_response = true;};
-
-      session_reset = {
-        mode = "both";
-        idle_minutes = 1440;
-        at_hour = 4;
-      };
-
-      # ── Web ────────────────────────────────────────────────────────────
-      web = {backend = "exa";};
-
-      # ── Platform Toolsets ──────────────────────────────────────────────
-      platform_toolsets = {
-        cli = [
-          "browser"
-          "clarify"
-          "code_execution"
-          "cronjob"
-          "delegation"
-          "file"
-          "image_gen"
-          "memory"
-          "session_search"
-          "skills"
-          "terminal"
-          "todo"
-          "tts"
-          "vision"
-          "web"
-        ];
-        telegram = [
-          "browser"
-          "clarify"
-          "code_execution"
-          "cronjob"
-          "delegation"
-          "file"
-          "image_gen"
-          "memory"
-          "session_search"
-          "skills"
-          "terminal"
-          "todo"
-          "tts"
-          "vision"
-          "web"
-        ];
-      };
-    };
-  };
-}

issues.jsonl

@@ -1,3 +1,3 @@
 {"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
-{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
+{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
 {"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}

secrets.nix

@@ -52,6 +52,7 @@ in {
   "secrets/honcho-key.age".publicKeys = systems ++ users;
   "secrets/hermes-env.age".publicKeys = systems ++ users;
   "secrets/hermes-cloud-env.age".publicKeys = systems ++ users;
+  "secrets/hermes-api-server-key.age".publicKeys = systems ++ users;
   "secrets/hermes-gitea-token.age".publicKeys = systems ++ users;
   "secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
 }

secrets/hermes-api-server-key.age

@@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-ed25519 4NLKrw 2TwbZwX9SwWg4SVC0A2ICmyRjSfO+xtfBcBOK1lh3T4
+DSf4DrOAvW7L49lh6cq5IqrMM7gqXv2+67rR3ttn+CE
+-> ssh-ed25519 5kwcsA K1hqFOAxq2T+oLp3bQjLYpXtlQVkA7RHCM/8ETMGbwU
+xIE4xz50LB5vbDTTLKVcx9vC2iXIsRLThHYYxGjcJyY
+-> ssh-ed25519 9d4YIQ bXYb62OM/N+EXpMOZZ6zEbpfaH10Vz62PuUdGODXolw
+j64kKzOn8CmSnykEuWnXHZ0nfqwOfOxX4FPR4GSouR0
+-> ssh-ed25519 3Bcr1w C4alN6ud7q0K4I7NHuBgC77D6zeTfZVGjNS3EKpvL00
+NpjOsg3eJ5LvX0lV7NYuVHLeqeYylHdmw60H+KeG1GY
+-> ssh-ed25519 c4NQlA In5wsg4+LTIEbP75B83GMXPCItSPGwKWUW8QO+QjXyY
+oK1kikhr4RMq6QMv9kjNjiKrf5srlGh7hGbU2qns2rM
+-> ssh-rsa DQlE7w
+tcP4yPgGWqHYeE1gw/KD6cswik+9WU2s2f7hg5mK78085sQ7npXRsBVAz2OCRn07
+foeAAmnY4YmKriBh421JOVNBDOXHR5dfaIKY9b663L+rYj99ic0rfW26C+dqKitF
+SnvveL3Zf16nqg6duSVA7LIcIFgkIlA+RXnHPVho+P4GwEH7W8nCf/4kUquuhB7B
+F4Hx1qOknmGyNBJBFi27D04ZDDk/ZVxioYsO6P6TUu7MuaGmQCoVKREDl5RRh4zO
+XD8/TFDRsJLqqcbCKIlU+6CN1+L0r4FN4K0UaTjwPNzGvn5EEjBKw9RpOhdvI28I
+WlAQ+w6gdQiz9Ju4e5p7Doz2MbNb6894DimawHjzl968Xy5ifX2XA+FBdcW5hU9A
+u+7VXKZmbfMyvRA7lmKRoi4SurJAyQd6iXBrVKfTwFc53V/tJi48bsKcE3yXxHH+
+lKGuZFNGDDkqCruycjvz94WaIHy3fv5hhmBdgwoCZK1VGSLAnwdm1rG4B9m3t/K8
+
+-> ssh-ed25519 CSMyhg FNYYdEIJYcxkjMuM5lnIs9gIilvgD44uazZE8CjNeho
+QHeghlsOOlYNMwhMHT4o7DeuyxGP/3wyqm94HUHjn44
+--- zRG6aCTS+X18VpeN+tz38kaUoilk1kN5KrWTWYZ6pV4
+ræX_qÔÁ’Ð껿H#p¯f™”}(žA(ã|»?ë0ªyJk¥SD‡\Jm&uõÃ&Ô9€ýÄ5Ù+çÊ…!v%Y˜ù~ãÁ$û“šZÇÓ°j„z–Â\ßá1,Vf˜
+£’æ1zª»#Ó