tidy a bit

deploy.sh

@@ -1,9 +0,0 @@
-# usage:
-# $ ./deploy.sh <hostname> <ip>
-# example usage:
-# $ ./deply.sh 109-199-104-83 109.199.104.83
-nix run github:nix-community/nixos-anywhere -- \
-  --extra-files ~/.ssh/remote_secrets/$2 \
-  --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
-  --flake .#$1 \
-  --target-host root@$2

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1762618334,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
         "type": "github"
       },
       "original": {
@@ -129,27 +129,6 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1768920986,
-        "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "de5708739256238fb912c62f03988815db89ec9a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "latest",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
@@ -169,15 +148,15 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1761588595,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
-        "owner": "edolstra",
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "owner": "NixOS",
         "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
         "type": "github"
       },
       "original": {
-        "owner": "edolstra",
+        "owner": "NixOS",
         "repo": "flake-compat",
         "type": "github"
       }
@@ -227,11 +206,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768135262,
-        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -290,11 +269,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763988335,
-        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
+        "lastModified": 1772893680,
+        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
+        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
         "type": "github"
       },
       "original": {
@@ -372,11 +351,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769872935,
-        "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=",
+        "lastModified": 1774007980,
+        "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7",
+        "rev": "9670de2921812bc4e0452f6e3efd8c859696c183",
         "type": "github"
       },
       "original": {
@@ -427,11 +406,11 @@
     },
     "mnw": {
       "locked": {
-        "lastModified": 1768701608,
-        "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=",
+        "lastModified": 1770419553,
+        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
         "owner": "Gerg-L",
         "repo": "mnw",
-        "rev": "20d63a8a1ae400557c770052a46a9840e768926b",
+        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
         "type": "github"
       },
       "original": {
@@ -465,11 +444,11 @@
     "nix-zulip": {
       "flake": false,
       "locked": {
-        "lastModified": 1767099571,
-        "narHash": "sha256-NmwGCghLjFlJp7Hoi2fxlRPz3GaTxJVr8o2uBDQlr3Y=",
+        "lastModified": 1772926346,
+        "narHash": "sha256-fk8lfYmpXtBLzpJb9f97fYzKXcNflA5CYdYEJD1SDoY=",
         "ref": "refs/heads/main",
-        "rev": "1625c0ae0ef9db45c2817d60c0af7f06c74bc4eb",
-        "revCount": 74,
+        "rev": "995e67ff510f413bd0d21af2137159c283223985",
+        "revCount": 80,
         "type": "git",
         "url": "https://git.afnix.fr/nix-zulip/nix-zulip"
       },
@@ -488,11 +467,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766321686,
-        "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=",
+        "lastModified": 1774001769,
+        "narHash": "sha256-6y8yLrMecnFq21wFlUSxHF7OsabVCCj2p104HEUosvI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3",
+        "rev": "05968d7978faaa501836d6d2eb7f6cffb4140829",
         "type": "gitlab"
       },
       "original": {
@@ -519,11 +498,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1769461804,
-        "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
+        "lastModified": 1773821835,
+        "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
+        "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
         "type": "github"
       },
       "original": {
@@ -561,11 +540,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769892826,
-        "narHash": "sha256-mTC9+cA3wqe0dDqMR5ptRgZyjMeS2810acbceGgWTWA=",
+        "lastModified": 1774121134,
+        "narHash": "sha256-2rY/WUuZEtQ7St3AcFw6dri4oYyBJvr/dnZdpOPe1oM=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "66daaa88dd2252ed0f2b6786413a301b8419f89b",
+        "rev": "4fe0420f495cdcd730969de67f75f44d2a5bb71f",
         "type": "github"
       },
       "original": {
@@ -611,11 +590,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1769786801,
-        "narHash": "sha256-i5130O0JEAgZZ/d3mksGbXriNPZiXrvDOh9JWMQZh3w=",
+        "lastModified": 1774109759,
+        "narHash": "sha256-Ksvw+R+kwCr+liA4h+TtQaYSW/0Jl+NDMThU5TBsJIY=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "fde1338793aeb88810122030cf0badd3297936b0",
+        "rev": "4f1074084eb86e8d8a32e19e78f3cf2adba0213e",
         "type": "github"
       },
       "original": {
@@ -631,11 +610,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769718478,
-        "narHash": "sha256-4DAylwVllb0c/HPj6T9Y3qel8b77yhVL5LMo+vlstKo=",
+        "lastModified": 1774120611,
+        "narHash": "sha256-QZ09cfZnPiF62BgNqVTxEbFtnBjYaBVuhZNdos9ggnE=",
         "owner": "celenityy",
         "repo": "Phoenix",
-        "rev": "13ba31e67cb0589eb3f70a135a19bdb99d77862f",
+        "rev": "df5a6d30c792c0b17017510b35db93e94fb9e6a1",
         "type": "github"
       },
       "original": {
@@ -647,7 +626,6 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "disko": "disko",
         "home-manager": "home-manager_2",
         "impermanence": "impermanence",
         "nix-zulip": "nix-zulip",
@@ -681,11 +659,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1769888473,
-        "narHash": "sha256-4KWbaJwaYnZ60bFyTudZYAKskjr7Sa17R3/yh+oXS7w=",
+        "lastModified": 1773792048,
+        "narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=",
         "owner": "nix-community",
         "repo": "stylix",
-        "rev": "ae5c0239ae4f82a8c7e33ad8a456535d5a9ba813",
+        "rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1",
         "type": "github"
       },
       "original": {

flake.nix

@@ -4,10 +4,6 @@
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    disko = {
-      url = "github:nix-community/disko/latest";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -45,7 +41,6 @@
   };
   outputs = {
     agenix,
-    disko,
     home-manager,
     impermanence,
     nixos-mailserver,
@@ -71,7 +66,6 @@
             ./secrets.nix
             ./modules/nixos/common.nix
             agenix.nixosModules.default
-            disko.nixosModules.disko
             impermanence.nixosModules.impermanence
             nixos-mailserver.nixosModule
             noshell.nixosModules.default

machines.nix

@@ -42,28 +42,16 @@
     system = "x86_64-linux";
     users = [];
     modules = [
-      # impermanence
-      ./modules/nixos/impermanence.nix
-      ./modules/nixos/impermanence-ssh.nix
-
       # hardware configuration
-      # verbatim as `nixos-generate-config` AND `system.stateVersion`
+      # from gitlab:whitequark/nixos-bite
       ./modules/nixos/machines/109-199-104-83.nix
-      ./modules/nixos/disko/remote.nix
-
-      # boot process
-      # grub boot on /dev/sda
-      ./modules/nixos/boot/109-199-104-83.nix
 
       # networking
       ./modules/nixos/networking/domains/galaxious.de.nix
-      # uses cloud-init to network
-      ./modules/nixos/networking/networks/109-199-104-83.nix
 
       # ssh through port 5522 among other things
       # andromeda@lenovo is the only user allowed access
       ./modules/nixos/networking/hard-ssh.nix
-      ./modules/nixos/networking/ssh-as-root.nix
       ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
 
       # simple-nixos-mailserver email server
@@ -74,10 +62,6 @@
       # webmail.domain
       ./modules/nixos/roundcube.nix
 
-      # matrix homeserver
-      # matrix.domain
-      ./modules/nixos/matrix-continuwuity.nix
-
       # BROKEN
       # forgejo
       # git.domain

modules/nixos/boot/109-199-104-83.nix

@@ -1,9 +0,0 @@
-{
-  boot.loader.grub = {
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
-  age.identityPaths = [
-    "/persist/etc/ssh/ssh_host_ed25519_key"
-  ];
-}

modules/nixos/disko/remote.nix

@@ -1,64 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      disk1 = {
-        device = "/dev/sda";
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            # legacy boot
-            boot = {
-              name = "boot";
-              size = "1M";
-              type = "EF02";
-            };
-
-            # efi boot
-            esp = {
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-              };
-            };
-
-            # btrfs
-            # root is on nodev
-            root = {
-              size = "100%";
-              content = {
-                extraArgs = ["-f"]; # internet told me to, works
-                type = "btrfs";
-                subvolumes = {
-                  # nix store
-                  "/nix" = {
-                    mountpoint = "/nix";
-                  };
-
-                  # persistant directory
-                  "/persist" = {
-                    mountpoint = "/persist";
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-    nodev = {
-      # root
-      "/" = {
-        fsType = "tmpfs";
-        mountOptions = [
-          "defaults"
-          "mode=755" # stops security complaints
-        ];
-      };
-    };
-  };
-}

modules/nixos/machines/109-199-104-83.nix

@@ -1,25 +1,39 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+{modulesPath, ...}: {
+  system.stateVersion = "25.11";
+  nix.settings.experimental-features = "flakes nix-command";
 
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
+  # Hardware
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.timeout = 30;
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  boot.tmp.cleanOnBoot = true;
 
-  swapDevices = [];
+  zramSwap.enable = true;
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-  system.stateVersion = "26.05";
+  # Networking
+  networking = {
+    useNetworkd = true;
+    usePredictableInterfaceNames = true;
+  };
+  systemd.network = {
+    enable = true;
+    networks."40-wan" = {
+      matchConfig.Name = "enx0050565f4fff";
+      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
+      routes = [
+        {
+          Gateway = "109.199.96.1";
+          GatewayOnLink = true;
+        }
+        {Gateway = "fe80::1";}
+      ];
+      dns = ["2020:fe::10" "9.9.9.10"];
+    };
+  };
 }

modules/nixos/mailserver.nix

@@ -51,15 +51,4 @@
     acceptTerms = true;
     defaults.email = "mtgmonket@gmail.com";
   };
-
-  # persist directories per the backup guidelines
-  environment.persistence."/persist" = {
-    directories = [
-      # not needed bc the dkim dir is declared
-      # "/var/dkim"
-      "/var/vmail"
-      "/var/lib/redis-rspamd"
-      "/var/lib/acme"
-    ];
-  };
 }

modules/nixos/matrix-continuwuity.nix

@@ -1,26 +0,0 @@
-{config, ...}: {
-  services = {
-    matrix-continuwuity = {
-      enable = true;
-      settings = {
-        global = {
-          server_name = "${config.networking.domain}";
-          address = ["127.0.0.1"];
-          port = [6167];
-          well_known = {
-            server = "matrix.${config.networking.domain}";
-            client = "https://matrix.${config.networking.domain}";
-          };
-        };
-      };
-    };
-
-    nginx = {
-      upstreams.matrix.servers."127.0.0.1:6167" = {};
-      virtualHosts = {
-        "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
-        "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
-      };
-    };
-  };
-}

modules/nixos/networking/hard-ssh.nix

@@ -4,7 +4,6 @@
     allowSFTP = false;
     ports = [5522];
     settings = {
-      PermitRootLogin = "no";
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = true;
     };

modules/nixos/networking/networks/109-199-104-83.nix

@@ -1,45 +0,0 @@
-{
-  networking = {
-    useNetworkd = true;
-    hostName = "109-199-104-83";
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [80 443];
-      allowedUDPPorts = [80 443];
-    };
-  };
-
-  # the following is from nixos-bite
-
-  # netif=$(ip -6 route show default | sed -r 's|.*default.+?dev ([a-z0-9]+).*|\1|' | head -n1)
-  # netifx=enx$(ip link show dev "$netif" | grep link/ether | sed -r 's|.*link/ether ([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}).*|\1\2\3\4\5\6|')
-  # netip6=$(ip -6 address show dev "$netif" scope global | sed -z -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|"\1/\2"|')
-  # netgw6=$(ip -6 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9a-f:]+).*|"\1"|' | head -n1)
-  # netip4=$(ip -4 address show dev "$netif" scope global | sed -z -r 's|.*inet ([0-9.]+)/([0-9]+).*|"\1/\2"|')
-  # netgw4=$(ip -4 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9.]+).*|"\1"|' | head -n1)
-
-  # route=""
-  # [[ -n "${netgw4}" ]] && route="$route { Gateway = $netgw4; GatewayOnLink = true; }"
-  # [[ -n "${netgw6}" ]] && route="$route { Gateway = $netgw6; }"
-
-  # dns='"2620:fe::fe" "9.9.9.9"'
-
-  #  systemd.network = {
-  #    enable = true;
-  #    networks."40-wan" = {
-  #      matchConfig.name = "enx0050565f4fff";
-  #      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
-  #      routes = [
-  #        {
-  #          Gateway = ["109.199.96.1" "fe80::1"];
-  #          GatewayOnLink = true;
-  #        }
-  #      ];
-  #      dns = ["9.9.9.9" "2620:fe::fe"];
-  #    };
-  #  };
-  services.cloud-init = {
-    enable = true;
-    network.enable = true;
-  };
-}

modules/nixos/openvpn-client.nix

@@ -1,11 +0,0 @@
-{
-  services.openvpn.servers = {
-    "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
-  };
-  environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
-
-  # turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
-  #  networking.enableIPv6 = lib.mkForce false;
-  # workaround; NetworkManager reenables ipv6 without the following
-  #  boot.kernelParams = ["ipv6.disable=1"];
-}

modules/nixos/roundcube.nix

@@ -9,8 +9,4 @@
       $config['smtp_pass'] = "%p";
     '';
   };
-  environment.persistence."/persist".directories = [
-    "/var/lib/roundcube"
-    "/var/lib/postgresql"
-  ];
 }

users/andromeda/home.nix

@@ -205,6 +205,12 @@ in {
             enable = true;
             lsp.enable = true;
           };
+          rust = {
+            enable = true;
+            format.enable = true;
+            lsp.enable = true;
+            treesitter.enable = true;
+          };
         };
         lineNumberMode = "relative";
         options = {