From e5c88e59108e56a429c8ad2214b967fc192d02d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 16 Jan 2026 22:39:16 +0100
Subject: [PATCH 1/5] vanadium: +helix

---
 nix/configurations/vanadium/home/programs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nix/configurations/vanadium/home/programs.nix b/nix/configurations/vanadium/home/programs.nix
index a4d1d533..32db4e26 100644
--- a/nix/configurations/vanadium/home/programs.nix
+++ b/nix/configurations/vanadium/home/programs.nix
@@ -41,7 +41,7 @@
     pkgs.macchanger
 
     # The file picker is not ergonomic enough, sadly
-    # pkgs.helix
+    pkgs.helix
     # pkgs.nushell
 
     pkgs.ruler

From 87cb9444648fd455b4f345d314ab47f72f0a5053 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sat, 17 Jan 2026 18:48:28 +0100
Subject: [PATCH 2/5] npins: update sources

---
 npins/sources.json | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/npins/sources.json b/npins/sources.json
index 1708e121..c96e48d1 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -70,9 +70,9 @@
       },
       "branch": "main",
       "submodules": false,
-      "revision": "17da13840dc71ba36b0deb2c0e85097840630ad5",
-      "url": "https://github.com/ghostty-org/ghostty/archive/17da13840dc71ba36b0deb2c0e85097840630ad5.tar.gz",
-      "hash": "sha256-w0yAZdnSyY6FY/R8e/PuXGUOXmlhwO/bYZewh6NDysU="
+      "revision": "9fb03ba55c9e53901193187d5c43341f5b1b430d",
+      "url": "https://github.com/ghostty-org/ghostty/archive/9fb03ba55c9e53901193187d5c43341f5b1b430d.tar.gz",
+      "hash": "sha256-TEfSd6oR4YCc1BVr9pOxjTJASMswKiGfEC2kRA3aTyI="
     },
     "hategroup-dnsbl": {
       "type": "Git",
@@ -97,9 +97,9 @@
       },
       "branch": "release-25.11",
       "submodules": false,
-      "revision": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
-      "url": "https://github.com/nix-community/home-manager/archive/82fb7dedaad83e5e279127a38ef410bcfac6d77c.tar.gz",
-      "hash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY="
+      "revision": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
+      "url": "https://github.com/nix-community/home-manager/archive/2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c.tar.gz",
+      "hash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo="
     },
     "infuse": {
       "type": "GitRelease",
@@ -154,9 +154,9 @@
       },
       "branch": "master",
       "submodules": false,
-      "revision": "40b1a28dce561bea34858287fbb23052c3ee63fe",
-      "url": "https://github.com/NixOS/nixos-hardware/archive/40b1a28dce561bea34858287fbb23052c3ee63fe.tar.gz",
-      "hash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q="
+      "revision": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+      "url": "https://github.com/NixOS/nixos-hardware/archive/cce68f4a54fa4e3d633358364477f5cc1d782440.tar.gz",
+      "hash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0="
     },
     "nixpkgs": {
       "type": "Git",
@@ -167,9 +167,9 @@
       },
       "branch": "nixos-25.11-small",
       "submodules": false,
-      "revision": "ff8a91eb93e8abfceed1957330b54e54e99c747a",
-      "url": "https://github.com/nixos/nixpkgs/archive/ff8a91eb93e8abfceed1957330b54e54e99c747a.tar.gz",
-      "hash": "sha256-2romCPCEPJJxPjrG5t/McuMITLtuZNd16LHPKzkIBEg="
+      "revision": "3fb71110bad6aa250a59f23a6ed51c2a99747b6f",
+      "url": "https://github.com/nixos/nixpkgs/archive/3fb71110bad6aa250a59f23a6ed51c2a99747b6f.tar.gz",
+      "hash": "sha256-8MKveNU8UChYisd8JpYsJWIHTh4A1X1wAbjTxWgA0RE="
     },
     "npins": {
       "type": "GitRelease",
@@ -196,9 +196,9 @@
       },
       "branch": "main",
       "submodules": false,
-      "revision": "9aa5514ef92b980580f90029447ecc732851e2a9",
-      "url": "https://github.com/nix-community/nur/archive/9aa5514ef92b980580f90029447ecc732851e2a9.tar.gz",
-      "hash": "sha256-QLPb6DEwSjKqA0bVgycAlZz12BUvKjIwNbs28S3Jprc="
+      "revision": "1e87169b18457a22e6ef372789e48cd86b81e2ba",
+      "url": "https://github.com/nix-community/nur/archive/1e87169b18457a22e6ef372789e48cd86b81e2ba.tar.gz",
+      "hash": "sha256-kW4mzy7wzuW+od/o3Gfg5ONO7nb7U7uUxvEkAyFd9cY="
     },
     "pin-emacs28": {
       "type": "Git",
@@ -361,9 +361,9 @@
       },
       "branch": "main",
       "submodules": false,
-      "revision": "5c9624f3d0176727284678aebf677770dd1375b2",
-      "url": "https://github.com/0xc000022070/zen-browser-flake/archive/5c9624f3d0176727284678aebf677770dd1375b2.tar.gz",
-      "hash": "sha256-6M+vlMGur7UgzkHucgA61pjq3gtjGH9OywxJM/KHL8I="
+      "revision": "76bbc35c59419b8b0616fb779ce5600e85edab11",
+      "url": "https://github.com/0xc000022070/zen-browser-flake/archive/76bbc35c59419b8b0616fb779ce5600e85edab11.tar.gz",
+      "hash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo="
     }
   },
   "version": 7

From b15abf8bdbae508fe02b6edcf2acc658106cccd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sat, 17 Jan 2026 19:42:13 +0100
Subject: [PATCH 3/5] Revert "home/git: disable git-lfs"

This reverts commit fdc88e415f2ec3a5b592be26a945d197d68fc15c.
---
 nix/homeModules/common/git.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nix/homeModules/common/git.nix b/nix/homeModules/common/git.nix
index 9074ce48..9b694bb4 100644
--- a/nix/homeModules/common/git.nix
+++ b/nix/homeModules/common/git.nix
@@ -5,6 +5,9 @@
 }:
 {
   # git plugins
+  programs.git = {
+    lfs.enable = true;
+  };
   programs.patdiff = {
     enable = lib.mkDefault true;
     enableGitIntegration = lib.mkDefault true;

From 6ae3f6932d7d40c6393fe27dd5f5a0471692b5c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sat, 17 Jan 2026 21:48:57 +0100
Subject: [PATCH 4/5] home/gpg: remove duplicated key

---
 nix/homeModules/common/gpg.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/nix/homeModules/common/gpg.nix b/nix/homeModules/common/gpg.nix
index 916db466..23586a28 100644
--- a/nix/homeModules/common/gpg.nix
+++ b/nix/homeModules/common/gpg.nix
@@ -36,10 +36,6 @@
         user = "jappeace";
         hash = "sha256-wJ4hiE7M7dcEMaE8waNZEi+tybpVIsFzoeDJhIIaLhk=";
       }
-      {
-        user = "gautaz";
-        hash = "sha256-j0I9l8uKfzKNrc2qveFi5mkRppxL36+BUEqvFPs6vqA=";
-      }
       {
         user = "confusedkernel";
         hash = "sha256-9DdtDAcv+2Z0jJMSLAXbp5ne8uHYj5V/lNGi0kKSdv4=";

From fd5e0464062290d60e83473d72a4849b981fd277 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sat, 17 Jan 2026 21:52:45 +0100
Subject: [PATCH 5/5] home/gpg: reduce trust of other people

---
 nix/homeModules/common/gpg.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nix/homeModules/common/gpg.nix b/nix/homeModules/common/gpg.nix
index 23586a28..2d969411 100644
--- a/nix/homeModules/common/gpg.nix
+++ b/nix/homeModules/common/gpg.nix
@@ -5,13 +5,17 @@
     gpg-agent.pinentry.package = pkgs.pinentry-tty;
   };
 
+  # Fun video btw
+  # https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
   programs.gpg.publicKeys =
     let
       fromUrl =
         {
           url,
           hash,
-          trust ? 5,
+          # https://security.stackexchange.com/a/69089
+          # One lower than ultimate (introducer in the web of trust) is good enough.
+          trust ? 4,
         }:
         {
           source = pkgs.fetchurl { inherit url hash; };
@@ -27,6 +31,7 @@
       {
         user = "leana8959";
         hash = "sha256-Y+v/8bLkyUIe4vjToChQP3ChPxRV/DqI72OTsx6F0oo=";
+        trust = 5;
       }
       {
         user = "vanilla-extracts";