From fe91768f64c2061e6eee068fafac2d5ef68ccd30 Mon Sep 17 00:00:00 2001
From: guangtao <gtrunsec@hardenedlinux.org>
Date: Sun, 24 Dec 2023 02:28:29 -0800
Subject: [PATCH] chore: updat omnibus

---
 compare/nginx.yml                             | 230 +++++++++---------
 flake.lock                                    | 192 +--------------
 flake.nix                                     |  10 +-
 nix/lock/flake.nix                            |   2 +-
 nix/src/__init.nix                            |   6 +-
 nix/src/flakeOutputs.nix                      |   4 +-
 nix/src/pops/lego.nix                         |   2 +-
 nix/std/cells/repo/nixago.nix                 |   4 +-
 nix/std/cells/repo/pops.nix                   |   4 +-
 nix/std/cells/repo/shells/default.nix         |   6 +-
 nix/std/cells/repo/tasks/default.nix          |   6 +-
 nix/std/flake.lock                            |   6 +-
 nix/std/flake.nix                             |   3 +-
 units/apparmor/_temp.nix                      |   4 +-
 units/apparmor/default.nix                    |   2 +-
 .../ansible-collection-hardening/nginx.nix    |   2 +-
 .../ansible-collection-hardening/sysctl.nix   |   2 +-
 units/lego/os/sysctl.nix                      |  25 +-
 units/lego/os/systemd.nix                     |   8 +-
 19 files changed, 178 insertions(+), 340 deletions(-)

diff --git a/compare/nginx.yml b/compare/nginx.yml
index 83089d1..f2b289b 100644
--- a/compare/nginx.yml
+++ b/compare/nginx.yml
@@ -117,7 +117,7 @@ ansible-collection-hardening:
 nixos:
   services.nginx.additionalModules:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -137,7 +137,7 @@ nixos:
     type: list of attribute set of anything
   services.nginx.appendConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -162,7 +162,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.appendHttpConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -181,7 +181,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.clientMaxBodySize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"10m"'
@@ -194,7 +194,7 @@ nixos:
     type: string
   services.nginx.commonHttpConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -221,7 +221,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.config:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -251,7 +251,7 @@ nixos:
     type: string
   services.nginx.defaultHTTPListenPort:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '80'
@@ -270,7 +270,7 @@ nixos:
     type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
   services.nginx.defaultListen:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -293,7 +293,7 @@ nixos:
     type: list of (submodule)
   services.nginx.defaultListen.*.addr:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     description: IP address.
     loc:
     - services
@@ -305,7 +305,7 @@ nixos:
     type: string
   services.nginx.defaultListen.*.extraParameters:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -323,7 +323,7 @@ nixos:
     type: list of string
   services.nginx.defaultListen.*.port:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -338,7 +338,7 @@ nixos:
     type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
   services.nginx.defaultListen.*.proxyProtocol:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -353,7 +353,7 @@ nixos:
     type: boolean
   services.nginx.defaultListen.*.ssl:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -368,7 +368,7 @@ nixos:
     type: null or boolean
   services.nginx.defaultListenAddresses:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"'
@@ -389,7 +389,7 @@ nixos:
     type: list of string
   services.nginx.defaultMimeTypes:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: $''{pkgs.mailcap}/etc/nginx/mime.types
@@ -413,7 +413,7 @@ nixos:
     type: path
   services.nginx.defaultSSLListenPort:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '443'
@@ -432,7 +432,7 @@ nixos:
     type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
   services.nginx.enable:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -448,7 +448,7 @@ nixos:
     type: boolean
   services.nginx.enableQuicBPF:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -473,7 +473,7 @@ nixos:
     type: boolean
   services.nginx.enableReload:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -492,7 +492,7 @@ nixos:
     type: boolean
   services.nginx.eventsConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -507,7 +507,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.gitweb.enable:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/gitweb.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/gitweb.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -523,7 +523,7 @@ nixos:
     type: boolean
   services.nginx.gitweb.group:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/gitweb.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/gitweb.nix
     default:
       _type: literalExpression
       text: '"nginx"'
@@ -540,7 +540,7 @@ nixos:
     type: string
   services.nginx.gitweb.location:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/gitweb.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/gitweb.nix
     default:
       _type: literalExpression
       text: '"/gitweb"'
@@ -556,7 +556,7 @@ nixos:
     type: string
   services.nginx.gitweb.user:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/gitweb.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/gitweb.nix
     default:
       _type: literalExpression
       text: '"nginx"'
@@ -573,7 +573,7 @@ nixos:
     type: string
   services.nginx.gitweb.virtualHost:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/gitweb.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/gitweb.nix
     default:
       _type: literalExpression
       text: '"_"'
@@ -589,7 +589,7 @@ nixos:
     type: string
   services.nginx.group:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"nginx"'
@@ -602,7 +602,7 @@ nixos:
     type: string
   services.nginx.httpConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -623,7 +623,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.logError:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"stderr"'
@@ -656,7 +656,7 @@ nixos:
     type: string
   services.nginx.mapHashBucketSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -673,7 +673,7 @@ nixos:
     type: null or one of 32, 64, 128
   services.nginx.mapHashMaxSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -688,7 +688,7 @@ nixos:
     type: null or positive integer, meaning >0
   services.nginx.package:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: pkgs.nginxStable
@@ -707,7 +707,7 @@ nixos:
     type: package
   services.nginx.preStart:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -722,7 +722,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.proxyCachePath:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -740,7 +740,7 @@ nixos:
     type: attribute set of (submodule)
   services.nginx.proxyCachePath.<name>.enable:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -758,7 +758,7 @@ nixos:
     type: boolean
   services.nginx.proxyCachePath.<name>.inactive:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"10m"'
@@ -782,7 +782,7 @@ nixos:
     type: string
   services.nginx.proxyCachePath.<name>.keysZoneName:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"cache"'
@@ -800,7 +800,7 @@ nixos:
     type: string
   services.nginx.proxyCachePath.<name>.keysZoneSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"10m"'
@@ -818,7 +818,7 @@ nixos:
     type: string
   services.nginx.proxyCachePath.<name>.levels:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"1:2"'
@@ -843,7 +843,7 @@ nixos:
     type: string
   services.nginx.proxyCachePath.<name>.maxSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"1g"'
@@ -861,7 +861,7 @@ nixos:
     type: string
   services.nginx.proxyCachePath.<name>.useTempPath:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -889,7 +889,7 @@ nixos:
     type: boolean
   services.nginx.proxyResolveWhileRunning:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -908,7 +908,7 @@ nixos:
     type: boolean
   services.nginx.proxyTimeout:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"60s"'
@@ -926,7 +926,7 @@ nixos:
     type: string
   services.nginx.recommendedBrotliSettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -946,7 +946,7 @@ nixos:
     type: boolean
   services.nginx.recommendedGzipSettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -963,7 +963,7 @@ nixos:
     type: boolean
   services.nginx.recommendedOptimisation:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -978,7 +978,7 @@ nixos:
     type: boolean
   services.nginx.recommendedProxySettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -994,7 +994,7 @@ nixos:
     type: boolean
   services.nginx.recommendedTlsSettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1009,7 +1009,7 @@ nixos:
     type: boolean
   services.nginx.recommendedZstdSettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1029,7 +1029,7 @@ nixos:
     type: boolean
   services.nginx.resolver:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1045,7 +1045,7 @@ nixos:
     type: submodule
   services.nginx.resolver.addresses:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -1062,7 +1062,7 @@ nixos:
     type: list of string
   services.nginx.resolver.ipv6:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'true'
@@ -1083,7 +1083,7 @@ nixos:
     type: boolean
   services.nginx.resolver.valid:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -1104,7 +1104,7 @@ nixos:
     type: string
   services.nginx.serverNamesHashBucketSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1121,7 +1121,7 @@ nixos:
     type: null or positive integer, meaning >0
   services.nginx.serverNamesHashMaxSize:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1136,7 +1136,7 @@ nixos:
     type: null or positive integer, meaning >0
   services.nginx.serverTokens:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1149,7 +1149,7 @@ nixos:
     type: boolean
   services.nginx.sslCiphers:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"'
@@ -1162,7 +1162,7 @@ nixos:
     type: null or string
   services.nginx.sslDhparam:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1178,7 +1178,7 @@ nixos:
     type: null or path
   services.nginx.sslProtocols:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"TLSv1.2 TLSv1.3"'
@@ -1194,7 +1194,7 @@ nixos:
     type: string
   services.nginx.sso.configuration:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/security/nginx-sso.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/security/nginx-sso.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1220,7 +1220,7 @@ nixos:
     type: attribute set of unspecified value
   services.nginx.sso.enable:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/security/nginx-sso.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/security/nginx-sso.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1237,7 +1237,7 @@ nixos:
     type: boolean
   services.nginx.sso.package:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/security/nginx-sso.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/security/nginx-sso.nix
     default:
       _type: literalExpression
       text: pkgs.nginx-sso
@@ -1253,7 +1253,7 @@ nixos:
     type: package
   services.nginx.statusPage:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1268,7 +1268,7 @@ nixos:
     type: boolean
   services.nginx.streamConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -1287,7 +1287,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.upstreams:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1312,7 +1312,7 @@ nixos:
     type: attribute set of (submodule)
   services.nginx.upstreams.<name>.extraConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -1329,7 +1329,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.upstreams.<name>.servers:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1353,7 +1353,7 @@ nixos:
     type: attribute set of (attribute set of (boolean or signed integer or string))
   services.nginx.upstreams.<name>.servers.<name>.backup:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1374,7 +1374,7 @@ nixos:
     type: boolean
   services.nginx.user:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"nginx"'
@@ -1387,7 +1387,7 @@ nixos:
     type: string
   services.nginx.virtualHosts:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: "{\n  localhost = { };\n}"
@@ -1405,7 +1405,7 @@ nixos:
     type: attribute set of (submodule)
   services.nginx.virtualHosts.<name>.acmeFallbackHost:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1432,7 +1432,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.acmeRoot:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '"/var/lib/acme/acme-challenge"'
@@ -1452,7 +1452,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.addSSL:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1474,7 +1474,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.basicAuth:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1499,7 +1499,7 @@ nixos:
     type: attribute set of string
   services.nginx.virtualHosts.<name>.basicAuthFile:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1523,7 +1523,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.default:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1540,7 +1540,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.enableACME:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1559,7 +1559,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.extraConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -1576,7 +1576,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.virtualHosts.<name>.forceSSL:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1600,7 +1600,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.globalRedirect:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1622,7 +1622,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.http2:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'true'
@@ -1651,7 +1651,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.http3:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'true'
@@ -1682,7 +1682,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.http3_hq:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1714,7 +1714,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.kTLS:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1737,7 +1737,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.listen:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -1770,7 +1770,7 @@ nixos:
     type: list of (submodule)
   services.nginx.virtualHosts.<name>.listen.*.addr:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     description: Listen address.
     loc:
     - services
@@ -1784,7 +1784,7 @@ nixos:
     type: string
   services.nginx.virtualHosts.<name>.listen.*.extraParameters:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -1804,7 +1804,7 @@ nixos:
     type: list of string
   services.nginx.virtualHosts.<name>.listen.*.port:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1825,7 +1825,7 @@ nixos:
     type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
   services.nginx.virtualHosts.<name>.listen.*.proxyProtocol:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1842,7 +1842,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.listen.*.ssl:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -1859,7 +1859,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.listenAddresses:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -1886,7 +1886,7 @@ nixos:
     type: list of string
   services.nginx.virtualHosts.<name>.locations:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1904,7 +1904,7 @@ nixos:
     type: attribute set of (submodule)
   services.nginx.virtualHosts.<name>.locations.<name>.alias:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1926,7 +1926,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.locations.<name>.basicAuth:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -1953,7 +1953,7 @@ nixos:
     type: attribute set of string
   services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -1979,7 +1979,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.locations.<name>.extraConfig:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '""'
@@ -1998,7 +1998,7 @@ nixos:
     type: strings concatenated with "\n"
   services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '{ }'
@@ -2021,7 +2021,7 @@ nixos:
     type: attribute set of (string or path)
   services.nginx.virtualHosts.<name>.locations.<name>.index:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2043,7 +2043,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.locations.<name>.priority:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '1000'
@@ -2066,7 +2066,7 @@ nixos:
     type: signed integer
   services.nginx.virtualHosts.<name>.locations.<name>.proxyPass:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2090,7 +2090,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -2112,7 +2112,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: config.services.nginx.recommendedProxySettings
@@ -2131,7 +2131,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.locations.<name>.return:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2153,7 +2153,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.locations.<name>.root:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2175,7 +2175,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.locations.<name>.tryFiles:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2197,7 +2197,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.onlySSL:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -2217,7 +2217,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.quic:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -2244,7 +2244,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.rejectSSL:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -2270,7 +2270,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.reuseport:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'false'
@@ -2289,7 +2289,7 @@ nixos:
     type: boolean
   services.nginx.virtualHosts.<name>.root:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2309,7 +2309,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.serverAliases:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: '[ ]'
@@ -2329,7 +2329,7 @@ nixos:
     type: list of string
   services.nginx.virtualHosts.<name>.serverName:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2349,7 +2349,7 @@ nixos:
     type: null or string
   services.nginx.virtualHosts.<name>.sslCertificate:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     description: Path to server SSL certificate.
     example:
       _type: literalExpression
@@ -2364,7 +2364,7 @@ nixos:
     type: path
   services.nginx.virtualHosts.<name>.sslCertificateKey:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     description: Path to server SSL certificate key.
     example:
       _type: literalExpression
@@ -2379,7 +2379,7 @@ nixos:
     type: path
   services.nginx.virtualHosts.<name>.sslTrustedCertificate:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
@@ -2397,7 +2397,7 @@ nixos:
     type: null or path
   services.nginx.virtualHosts.<name>.useACMEHost:
     declarations:
-    - /nix/store/hx784gycsfzyrqgcl3dbldc64wj839r9-source/nixos/modules/services/web-servers/nginx/default.nix
+    - /nix/store/rxjdinl8nai90ky2kfri7pl6p2j46f3w-source/nixos/modules/services/web-servers/nginx/default.nix
     default:
       _type: literalExpression
       text: 'null'
diff --git a/flake.lock b/flake.lock
index ebbb024..131fc60 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,178 +1,13 @@
 {
   "nodes": {
-    "POP": {
-      "inputs": {
-        "flake-compat": [
-          "omnibus",
-          "flops"
-        ],
-        "nixlib": "nixlib",
-        "nixpkgs": [
-          "omnibus",
-          "flops"
-        ]
-      },
-      "locked": {
-        "lastModified": 1655410953,
-        "narHash": "sha256-Er0zdhu7QwpWvVKfauqZqTnxDz6THTWOTVWLoz+Opmw=",
-        "owner": "divnix",
-        "repo": "POP",
-        "rev": "8babe4c9126298d05ebb5ab04727d741b51c022e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "divnix",
-        "repo": "POP",
-        "type": "github"
-      }
-    },
-    "call-flake": {
-      "locked": {
-        "lastModified": 1697332845,
-        "narHash": "sha256-bmhE1TmrJG4ba93l9WQTLuYM53kwGQAjYHRvHOeuxWU=",
-        "owner": "divnix",
-        "repo": "call-flake",
-        "rev": "088f8589c7f3ee59bea1858a89f5125d284c3c4a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "divnix",
-        "repo": "call-flake",
-        "type": "github"
-      }
-    },
-    "dmerge": {
-      "inputs": {
-        "haumea": [
-          "omnibus",
-          "flops",
-          "haumea"
-        ],
-        "nixlib": [
-          "omnibus",
-          "flops",
-          "nixlib"
-        ],
-        "yants": [
-          "omnibus",
-          "flops",
-          "yants"
-        ]
-      },
-      "locked": {
-        "lastModified": 1686862774,
-        "narHash": "sha256-ojGtRQ9pIOUrxsQEuEPerUkqIJEuod9hIflfNkY+9CE=",
-        "owner": "divnix",
-        "repo": "dmerge",
-        "rev": "9f7f7a8349d33d7bd02e0f2b484b1f076e503a96",
-        "type": "github"
-      },
-      "original": {
-        "owner": "divnix",
-        "repo": "dmerge",
-        "type": "github"
-      }
-    },
-    "flops": {
-      "inputs": {
-        "POP": "POP",
-        "call-flake": "call-flake",
-        "dmerge": "dmerge",
-        "haumea": "haumea",
-        "nixlib": "nixlib_2",
-        "yants": "yants"
-      },
-      "locked": {
-        "lastModified": 1702437068,
-        "narHash": "sha256-JncNPIdExcPCnxXxKGlYOJWddjhfXWe+JnsTAKuDWa8=",
-        "owner": "gtrunsec",
-        "repo": "flops",
-        "rev": "14c238253845663272459f82d608a03bdaed08f1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "gtrunsec",
-        "repo": "flops",
-        "type": "github"
-      }
-    },
-    "haumea": {
-      "inputs": {
-        "nixpkgs": [
-          "omnibus",
-          "flops",
-          "nixlib"
-        ]
-      },
-      "locked": {
-        "lastModified": 1697205539,
-        "narHash": "sha256-gHEy0Q+eEQJkWl6/DpFxXPOlTx/lMU7Pvs/bwoq4OhI=",
-        "owner": "nix-community",
-        "repo": "haumea",
-        "rev": "fc119c500189f739fec7ad33d111f9c92910eccf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "haumea",
-        "type": "github"
-      }
-    },
-    "nixlib": {
-      "locked": {
-        "lastModified": 1653180592,
-        "narHash": "sha256-sVGwmxTj7CY1D4ioy7E+iJE+1/yHqQlxjnTpar3ap/E=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "42c5f5785b70cd64b4afd830dc31d0b08461abd5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixlib_2": {
-      "locked": {
-        "lastModified": 1698540503,
-        "narHash": "sha256-YN6DJQc7SMe6ep9FhD2BGl92bo24NPNRWjADEJE4xeU=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "ce2acb20a405bf6f910081c2adc988bbc8100e4c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1660438583,
-        "narHash": "sha256-rJUTYxFKlWUJI3njAwEc1pKAVooAViZGJvsgqfh/q/E=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "bbd8f7cd87d0b29294ef3072ffdbd61d60f05da4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
     "omnibus": {
-      "inputs": {
-        "flops": "flops"
-      },
+      "flake": false,
       "locked": {
-        "lastModified": 1702437989,
-        "narHash": "sha256-9XXRBX/dt7t7NT5nuyGFTknf3N6rNyCHVQ4wnM7DJzI=",
+        "lastModified": 1703407379,
+        "narHash": "sha256-heG95if2Q1W+5cQJNLTY/2vRDtp7Rw92fEG0m2MBXR0=",
         "owner": "gtrunsec",
         "repo": "omnibus",
-        "rev": "82a64bf5801f32f29fca3f43649b5ed0fd04ebe9",
+        "rev": "1d0799ad979abc184c3edae14a3acd0c85dc205d",
         "type": "github"
       },
       "original": {
@@ -185,25 +20,6 @@
       "inputs": {
         "omnibus": "omnibus"
       }
-    },
-    "yants": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1699522279,
-        "narHash": "sha256-ILTqQyhVsouZDfbhEVFJI6b3NDZIQQRluL2dk3bee+Y=",
-        "owner": "divnix",
-        "repo": "yants",
-        "rev": "cde27c2821d925245303650c2914d4b7d3a435cd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "divnix",
-        "ref": "refs/pull/5/head",
-        "repo": "yants",
-        "type": "github"
-      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index eeb3430..66f7282 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,13 +3,17 @@
 
   inputs = {
     omnibus.url = "github:gtrunsec/omnibus";
+    omnibus.flake = false;
   };
 
   outputs =
-    {self, omnibus}@inputs:
+    { self, omnibus }@inputs:
     let
-      src = import ./nix/src/__init.nix {inherit inputs omnibus;};
-      inherit (omnibus.lib) mapPopsExports;
+      src = import ./nix/src/__init.nix {
+        inputs = inputs // {
+          omnibus = import inputs.omnibus;
+        };
+      };
     in
     src.flakeOutputs
     // {
diff --git a/nix/lock/flake.nix b/nix/lock/flake.nix
index 8e98834..f1ccd2b 100644
--- a/nix/lock/flake.nix
+++ b/nix/lock/flake.nix
@@ -7,5 +7,5 @@
     ansible-collection-hardening.flake = false;
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }
diff --git a/nix/src/__init.nix b/nix/src/__init.nix
index 233a61e..c52dcca 100644
--- a/nix/src/__init.nix
+++ b/nix/src/__init.nix
@@ -1,4 +1,4 @@
-{omnibus, inputs}:
+{ inputs }:
 let
   inherit (inputs.omnibus.inputs.flops.inputs.nixlib) lib;
   eachSystem = lib.genAttrs [
@@ -7,10 +7,10 @@ let
     "aarch64-darwin"
   ];
 in
-omnibus.load {
+inputs.omnibus.load {
   src = ./.;
   inputs = {
     projectDir = ../..;
-    inherit inputs eachSystem;
+    inherit eachSystem;
   };
 }
diff --git a/nix/src/flakeOutputs.nix b/nix/src/flakeOutputs.nix
index 9bbb6f8..a2f03a3 100644
--- a/nix/src/flakeOutputs.nix
+++ b/nix/src/flakeOutputs.nix
@@ -1,6 +1,6 @@
-{root, lib}:
+{ root, lib }:
 let
-  units = lib.mapPopsExports root.pops;
+  units = lib.omnibus.mapPopsExports root.pops;
 in
 {
   inherit (units) nixosProfiles;
diff --git a/nix/src/pops/lego.nix b/nix/src/pops/lego.nix
index 9625a5c..d2eecf9 100644
--- a/nix/src/pops/lego.nix
+++ b/nix/src/pops/lego.nix
@@ -5,5 +5,5 @@
 }:
 omnibus.pops.load {
   src = projectDir + /units/lego;
-  inputs = {};
+  inputs = { };
 }
diff --git a/nix/std/cells/repo/nixago.nix b/nix/std/cells/repo/nixago.nix
index 4526901..b012426 100644
--- a/nix/std/cells/repo/nixago.nix
+++ b/nix/std/cells/repo/nixago.nix
@@ -1,4 +1,4 @@
-{inputs, cell}:
+{ inputs, cell }:
 with inputs.std.inputs.dmerge;
 let
   cfg = {
@@ -18,7 +18,7 @@ in
     default = conform.default custom;
     custom = {
       data = {
-        commit.conventional.scopes = append [".*."];
+        commit.conventional.scopes = append [ ".*." ];
       };
     };
   };
diff --git a/nix/std/cells/repo/pops.nix b/nix/std/cells/repo/pops.nix
index a0c872c..6f58008 100644
--- a/nix/std/cells/repo/pops.nix
+++ b/nix/std/cells/repo/pops.nix
@@ -1,4 +1,4 @@
-{inputs, cell}:
+{ inputs, cell }:
 let
   inherit (inputs) nixpkgs;
   inputs' = (inputs.omnibus.pops.flake.setSystem nixpkgs.system).inputs;
@@ -15,7 +15,7 @@ in
         POP.extendPop flops.haumea.pops.exporter (
           _self: _super: {
             exports = rec {
-              inherit (inputs.omnibus.lib.mapPopsExports pops) self;
+              inherit (inputs.omnibus.lib.omnibus.mapPopsExports pops) self;
               pops.self =
                 (self.layouts.default.addLoadExtender {
                   load.inputs = {
diff --git a/nix/std/cells/repo/shells/default.nix b/nix/std/cells/repo/shells/default.nix
index 7440841..089aed1 100644
--- a/nix/std/cells/repo/shells/default.nix
+++ b/nix/std/cells/repo/shells/default.nix
@@ -1,14 +1,14 @@
-{inputs, cell}:
+{ inputs, cell }:
 let
   l = nixpkgs.lib // builtins;
   inherit (inputs) nixpkgs std;
 in
 l.mapAttrs (_: std.lib.dev.mkShell) {
   default =
-    {...}:
+    { ... }:
     {
       name = "LEGO Hardening";
-      imports = [cell.pops.devshellProfiles.exports.default.nickel];
+      imports = [ cell.pops.devshellProfiles.exports.default.nickel ];
 
       packages = [
         nixpkgs.vagrant
diff --git a/nix/std/cells/repo/tasks/default.nix b/nix/std/cells/repo/tasks/default.nix
index f65010a..16bac75 100644
--- a/nix/std/cells/repo/tasks/default.nix
+++ b/nix/std/cells/repo/tasks/default.nix
@@ -1,4 +1,4 @@
-{inputs, cell}:
+{ inputs, cell }:
 let
   inherit (inputs.std-ext.writers.lib) writeShellApplication;
   inherit (inputs) self nixpkgs std;
@@ -8,11 +8,11 @@ in
     let
       org-roam-book =
         inputs.org-roam-book-template.packages.${nixpkgs.system}.default.override
-          {org = "${(std.incl self [(self + /docs/org)])}/docs/org";};
+          { org = "${(std.incl self [ (self + /docs/org) ])}/docs/org"; };
     in
     writeShellApplication {
       name = "mkdoc";
-      runtimeInputs = [nixpkgs.hugo];
+      runtimeInputs = [ nixpkgs.hugo ];
       text = ''
         rsync -avzh ${org-roam-book}/* docs/publish
         cd docs/publish && cp ../config.toml .
diff --git a/nix/std/flake.lock b/nix/std/flake.lock
index 3168708..0f9c931 100644
--- a/nix/std/flake.lock
+++ b/nix/std/flake.lock
@@ -305,11 +305,11 @@
       },
       "locked": {
         "dir": "local",
-        "lastModified": 1702437989,
-        "narHash": "sha256-9XXRBX/dt7t7NT5nuyGFTknf3N6rNyCHVQ4wnM7DJzI=",
+        "lastModified": 1703407379,
+        "narHash": "sha256-heG95if2Q1W+5cQJNLTY/2vRDtp7Rw92fEG0m2MBXR0=",
         "owner": "gtrunsec",
         "repo": "omnibus",
-        "rev": "82a64bf5801f32f29fca3f43649b5ed0fd04ebe9",
+        "rev": "1d0799ad979abc184c3edae14a3acd0c85dc205d",
         "type": "github"
       },
       "original": {
diff --git a/nix/std/flake.nix b/nix/std/flake.nix
index 162784f..185508d 100644
--- a/nix/std/flake.nix
+++ b/nix/std/flake.nix
@@ -19,7 +19,7 @@
     std.follows = "omnibusStd/std";
   };
   outputs =
-    {std, call-flake, ...}@inputs:
+    { std, call-flake, ... }@inputs:
     std.growOn
       {
         inputs =
@@ -28,6 +28,7 @@
           // (call-flake ../..).inputs
           // {
             lego-hardening = call-flake ../..;
+            omnibus = import (call-flake ../..).inputs.omnibus;
           };
         cellsFrom = ./cells;
 
diff --git a/units/apparmor/_temp.nix b/units/apparmor/_temp.nix
index e1a8631..f20c226 100644
--- a/units/apparmor/_temp.nix
+++ b/units/apparmor/_temp.nix
@@ -1,5 +1,5 @@
 _:
-{pkgs}:
+{ pkgs }:
 {
   bin =
     {
@@ -14,7 +14,7 @@ _:
           # include <abstractions/base>
           # include <abstractions/nameservice>
           # include <abstractions/ssl_certs>
-          include "${pkgs.apparmorRulesFromClosure {inherit name;} package}"
+          include "${pkgs.apparmorRulesFromClosure { inherit name; } package}"
           r ${package}/bin/${name},
         }
         ${extraRules}
diff --git a/units/apparmor/default.nix b/units/apparmor/default.nix
index b7dcb69..7b5844a 100644
--- a/units/apparmor/default.nix
+++ b/units/apparmor/default.nix
@@ -4,7 +4,7 @@
   pkgs,
 }:
 let
-  temp = super.temp {inherit pkgs;};
+  temp = super.temp { inherit pkgs; };
   binary_example = temp.bin {
     name = "binary_example";
     package = pkgs.binary_example;
diff --git a/units/dev-sec/ansible-collection-hardening/nginx.nix b/units/dev-sec/ansible-collection-hardening/nginx.nix
index ceda98f..6be6d3e 100644
--- a/units/dev-sec/ansible-collection-hardening/nginx.nix
+++ b/units/dev-sec/ansible-collection-hardening/nginx.nix
@@ -1,4 +1,4 @@
-{ansibleCollectionHardeningSrc}:
+{ ansibleCollectionHardeningSrc }:
 let
   defaults = ansibleCollectionHardeningSrc.roles.nginx_hardening.defaults.main;
   argument_specs =
diff --git a/units/dev-sec/ansible-collection-hardening/sysctl.nix b/units/dev-sec/ansible-collection-hardening/sysctl.nix
index bc6e03a..c077816 100644
--- a/units/dev-sec/ansible-collection-hardening/sysctl.nix
+++ b/units/dev-sec/ansible-collection-hardening/sysctl.nix
@@ -1,4 +1,4 @@
-{ansibleCollectionHardeningSrc}:
+{ ansibleCollectionHardeningSrc }:
 let
   defaults = ansibleCollectionHardeningSrc.roles.os_hardening.defaults.main;
 in
diff --git a/units/lego/os/sysctl.nix b/units/lego/os/sysctl.nix
index e13689a..ebca2fc 100644
--- a/units/lego/os/sysctl.nix
+++ b/units/lego/os/sysctl.nix
@@ -1,11 +1,28 @@
-{
+{ lib }:
+let
+  inherit (lib.omnibus) mkSuites;
+in
+mkSuites {
   default = [
     {
-      keywords = ["sysctl"];
-      knowlaedges = [
+      keywords = [ "sysctl" ];
+      knowledges = [
         " https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl"
       ];
-      profiles = [];
+      profiles = [ ];
+    }
+  ];
+
+  ipv6 = [
+    {
+      keywords = [ "ipv6" ];
+      knowledges = [ ];
+      profiles = [
+        {
+          "net.ipv6.conf.all.use_tempaddr" = 2;
+          "net.ipv6.conf.default.use_tempaddr" = 2;
+        }
+      ];
     }
   ];
 }
diff --git a/units/lego/os/systemd.nix b/units/lego/os/systemd.nix
index 065b204..eac7a8d 100644
--- a/units/lego/os/systemd.nix
+++ b/units/lego/os/systemd.nix
@@ -1,4 +1,4 @@
-{self}:
+{ self }:
 {
   isolate = {
     CapabilityBoundingSet = "";
@@ -37,11 +37,11 @@
       "CAP_NET_BIND_SERVICE"
       "CAP_NET_RAW"
     ];
-    CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"];
+    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
   };
 
   networked = self.isolate // {
-    IPAddressDeny = [""];
+    IPAddressDeny = [ "" ];
     PrivateNetwork = false;
     RestrictAddressFamilies = [
       "AF_INET"
@@ -50,6 +50,6 @@
   };
 
   socketed = self.isolate // {
-    RestrictAddressFamilies = ["AF_UNIX"];
+    RestrictAddressFamilies = [ "AF_UNIX" ];
   };
 }