Merge commit 'caf1394' into development

update remote keys
2026-01-10 15:42:13 +01:00 · 2026-01-10 15:40:07 +01:00
36 changed files with 95 additions and 894 deletions
--- a/README.md
+++ b/README.md
@@ -1,5 +1,3 @@
 see TODO.md for my aspirations
 ## usage
 ### install
--- a/TODO.md
+++ b/TODO.md
@@ -1,20 +0,0 @@
 - add other remote
 - fully automate remote provisioning (remote keys)
 - fix ipv6 on remotes
 - modularize home manager
 - add services?
    - 0x0
    - forgejo
    - matrix homeserver
    - matrix webclient
    - radicale
    - tor relay
    - wireguard as vpn
 - add home functionality
    - better term emulator
    - switch browser?
        - chromium: much better sandboxing
        - ladybird: be an early tester, contribute
        - glide: sexier tridactyl implementation
        - browsh: the GOAT
    - get mouse out of here
--- a/deploy.sh
+++ b/deploy.sh
@@ -1,5 +0,0 @@
 # usage:
 # $ ./deploy.sh <hostname> <ip>
 # example usage:
 # $ ./deply.sh 109-199-104-83 109.199.104.83
 nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .?ref=411ee0c#$1 --target-host root@$2
--- a/flake.lock
+++ b/flake.lock
@@ -23,27 +23,6 @@
        "type": "github"
      }
    },
    "androidPkgs": {
      "inputs": {
        "devshell": "devshell",
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1750710155,
        "narHash": "sha256-2lBEwXgclOrSsrhubSfifU91+sXqikC8qbiZ6yFeaEY=",
        "owner": "tadfisher",
        "repo": "android-nixpkgs",
        "rev": "0846fab1f060f646e1017053077ad38dedc5207b",
        "type": "github"
      },
      "original": {
        "owner": "tadfisher",
        "ref": "stable",
        "repo": "android-nixpkgs",
        "type": "github"
      }
    },
    "base16": {
      "inputs": {
        "fromYaml": "fromYaml"
@@ -150,28 +129,6 @@
        "type": "github"
      }
    },
    "devshell": {
      "inputs": {
        "nixpkgs": [
          "robotnix",
          "androidPkgs",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1741473158,
        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@@ -241,21 +198,6 @@
        "url": "https://git.lix.systems/lix-project/flake-compat.git"
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1746162366,
        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -319,24 +261,6 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "fromYaml": {
      "flake": false,
      "locked": {
@@ -461,27 +385,6 @@
        "type": "github"
      }
    },
    "home-manager_3": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709445365,
        "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
@@ -530,57 +433,6 @@
        "type": "github"
      }
    },
    "nix-formatter-pack": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs"
        ],
        "nmd": [
          "nix-on-droid",
          "nmd"
        ],
        "nmt": "nmt"
      },
      "locked": {
        "lastModified": 1705252799,
        "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
        "owner": "Gerschtli",
        "repo": "nix-formatter-pack",
        "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
        "type": "github"
      },
      "original": {
        "owner": "Gerschtli",
        "repo": "nix-formatter-pack",
        "type": "github"
      }
    },
    "nix-on-droid": {
      "inputs": {
        "home-manager": "home-manager_3",
        "nix-formatter-pack": "nix-formatter-pack",
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-docs": "nixpkgs-docs",
        "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
        "nmd": "nmd"
      },
      "locked": {
        "lastModified": 1765031149,
        "narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
        "owner": "nix-community",
        "repo": "nix-on-droid",
        "rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-on-droid",
        "type": "github"
      }
    },
    "nix-zulip": {
      "flake": false,
      "locked": {
@@ -622,11 +474,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768305791,
+        "lastModified": 1766651565,
-        "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
+        "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
+        "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
        "type": "github"
      },
      "original": {
@@ -636,38 +488,6 @@
        "type": "github"
      }
    },
    "nixpkgs-docs": {
      "locked": {
        "lastModified": 1705957679,
        "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-for-bootstrap": {
      "locked": {
        "lastModified": 1720244366,
        "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1764242076,
@@ -684,76 +504,6 @@
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1750506804,
        "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4206c4cb56751df534751b058295ea61357bbbaa",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1767313136,
        "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nmd": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs-docs"
        ],
        "scss-reset": "scss-reset"
      },
      "locked": {
        "lastModified": 1705050560,
        "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
        "owner": "~rycee",
        "repo": "nmd",
        "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
        "type": "sourcehut"
      },
      "original": {
        "owner": "~rycee",
        "repo": "nmd",
        "type": "sourcehut"
      }
    },
    "nmt": {
      "flake": false,
      "locked": {
        "lastModified": 1648075362,
        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
        "owner": "rycee",
        "repo": "nmt",
        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
        "type": "gitlab"
      },
      "original": {
        "owner": "rycee",
        "repo": "nmt",
        "type": "gitlab"
      }
    },
    "noshell": {
      "inputs": {
        "nixpkgs": [
@@ -845,24 +595,23 @@
        "type": "github"
      }
    },
-    "robotnix": {
+    "phoenix": {
      "inputs": {
-        "androidPkgs": "androidPkgs",
+        "nixpkgs": [
-        "flake-compat": "flake-compat_3",
+          "nixpkgs"
-        "nixpkgs": "nixpkgs_4",
+        ]
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1768481330,
+        "lastModified": 1766543224,
-        "narHash": "sha256-hYKnwFBPI0IyH8YbW3kqci8AS6ZtV7QSEa0E5Wt401M=",
+        "narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
-        "owner": "nix-community",
+        "owner": "celenityy",
-        "repo": "robotnix",
+        "repo": "Phoenix",
-        "rev": "4ee0f9c86c3ae076bcbc41cbeebff054fe3d11a8",
+        "rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "celenityy",
-        "repo": "robotnix",
+        "repo": "Phoenix",
        "type": "github"
      }
    },
@@ -872,33 +621,16 @@
        "disko": "disko",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "nix-on-droid": "nix-on-droid",
        "nix-zulip": "nix-zulip",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs",
        "noshell": "noshell",
        "nur": "nur",
        "nvf": "nvf",
-        "robotnix": "robotnix",
+        "phoenix": "phoenix",
        "stylix": "stylix"
      }
    },
    "scss-reset": {
      "flake": false,
      "locked": {
        "lastModified": 1631450058,
        "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
        "owner": "andreymatin",
        "repo": "scss-reset",
        "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
        "type": "github"
      },
      "original": {
        "owner": "andreymatin",
        "repo": "scss-reset",
        "type": "github"
      }
    },
    "stylix": {
      "inputs": {
        "base16": "base16",
@@ -912,7 +644,7 @@
          "nixpkgs"
        ],
        "nur": "nur_2",
-        "systems": "systems_4",
+        "systems": "systems_3",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
        "tinted-schemes": "tinted-schemes",
@@ -978,21 +710,6 @@
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "tinted-foot": {
      "flake": false,
      "locked": {
@@ -1073,27 +790,6 @@
        "repo": "base16-zed",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "robotnix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1766000401,
        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -18,10 +18,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nix-on-droid = {
      url = "github:nix-community/nix-on-droid";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-zulip = {
      url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
      flake = false;
@@ -38,7 +34,10 @@
      url = "github:notashelf/nvf";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    robotnix.url = "github:nix-community/robotnix";
+    phoenix = {
      url = "github:celenityy/Phoenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    stylix = {
      url = "github:nix-community/stylix";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -51,12 +50,11 @@
    impermanence,
    nixos-mailserver,
    nixpkgs,
    nix-on-droid,
    nix-zulip,
    noshell,
    nur,
    nvf,
-    robotnix,
+    phoenix,
    stylix,
    ...
  }: let
@@ -77,6 +75,7 @@
            impermanence.nixosModules.impermanence
            nixos-mailserver.nixosModule
            noshell.nixosModules.default
            phoenix.nixosModules.default
            nix-zulip'.nixosModules.zulip
            {
              nixpkgs.overlays = [
@@ -94,7 +93,6 @@
        {
          home-manager.useGlobalPkgs = true;
          home-manager.extraSpecialArgs = {inherit machine;};
          home-manager.backupFileExtension = "bak";
          home-manager.users =
            builtins.mapAttrs
            (name: value: value)
@@ -119,20 +117,5 @@
      builtins.mapAttrs
      (hostname: value: configurationWithHomeManager value)
      machines;
    robotnixConfigurations.payton = robotnix.lib.robotnixSystem ./robotnix/payton.nix;
    nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
      pkgs = import nixpkgs {system = "aarch64-linux";};
      modules = [
        ./modules/nix-on-droid/nix-on-droid.nix
        {
          home-manager.useGlobalPkgs = true;
          home-manager.users."andromeda" = {
            imports = [
              ./modules/nix-on-droid/home.nix
            ];
          };
        }
      ];
    };
  };
 }
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,24 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/machines.nix
+++ b/machines.nix
@@ -11,7 +11,6 @@
      # hardware configuration
      # includes `system.stateVersion`
      ./modules/nixos/machines/lenovo.nix
      ./modules/nixos/zram.nix
      # boot process
      # systemd-boot
@@ -20,9 +19,6 @@
      # networking
      ./modules/nixos/laptop.nix
      # vpn
      # ./modules/nixos/openvpn-client.nix
      # ly display manager
      ./modules/nixos/ly.nix
@@ -31,10 +27,6 @@
      # apps
      ./modules/nixos/steam.nix
      ./modules/nixos/phoenix.nix
      # substitutors
      ./substitutors.nix
    ];
  };
  "109-199-104-83" = {
@@ -66,6 +58,8 @@
      ./modules/nixos/networking/ssh-as-root.nix
      ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
      # TODO add Impermanence to the following services
      # simple-nixos-mailserver email server
      # mail.domain
      ./modules/nixos/mailserver.nix
@@ -74,17 +68,15 @@
      # webmail.domain
      ./modules/nixos/roundcube.nix
      # matrix homeserver
      # matrix.domain
      ./modules/nixos/matrix-continuwuity.nix
      # BROKEN
      # forgejo
      # git.domain
-      # ./modules/nixos/forgejo.nix
+      ./modules/nixos/forgejo.nix
      # BROKEN
      # zulip chat client
      # chat.domain
      # zulip chat server
      # zulip.domain
      # ./modules/nixos/zulip.nix
    ];
  };
--- a/modules/nix-on-droid/home.nix
+++ b/modules/nix-on-droid/home.nix
@@ -1,165 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  home = {
    username = "andromeda";
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "26.05";
    packages = [
      pkgs.brush
      pkgs.dust
      pkgs.fzf
      pkgs.glow
      pkgs.nix-output-monitor
      pkgs.ranger
      pkgs.rip2
      pkgs.ripgrep
      pkgs.tree
      pkgs.zoxide
    ];
  };
  programs = {
    bash = {
      enable = true;
      shellAliases = {
        neofetch = "fastfetch";
        ls = lib.mkForce "lsd";
        ll = lib.mkForce "lsd -l";
        l = "lsd -la";
        cd = "z";
        gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
        md = "glow";
      };
      bashrcExtra = ''
        PS1="\u@\h:\w$"
        eval "$(zoxide init bash)"
      '';
    };
    btop = {
      enable = true;
      settings = {
        theme_background = false;
        vim_keys = true;
        rounded_corners = false;
        graph_symbol = "braille";
        update_ms = 150;
        proc_sorting = "cpu lazy";
        proc_gradient = false;
        proc_left = true;
        cpu_single_graph = true;
        cpu_bottom = true;
        clock_format = "/user@/host:/uptime@%H:%M";
        background_update = true;
        mem_graphs = false;
        mem_below_net = true;
        show_swap = false;
        only_physical = true;
        show_io_stat = true;
        io_mode = false;
        io_graph_combined = false;
      };
    };
    fastfetch.enable = true;
    git = {
      enable = true;
      settings = {
        user = {
          name = config.home.username;
          email = "${config.home.username}@android";
        };
        init.defaultBranch = "master";
      };
    };
    home-manager.enable = true;
    lsd.enable = true;
    nvf = {
      enable = true;
      settings.vim = {
        autocomplete.nvim-cmp.enable = false;
        formatter.conform-nvim = {
          enable = true;
          setupOpts.format_on_save = {
            lsp_format = "fallback";
            timeout_ms = 5000;
          };
        };
        lsp.otter-nvim.enable = true;
        git.enable = true;
        keymaps = [
          {
            key = "<Down>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Up>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Left>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Right>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "jj";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "kk";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "jk";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "kj";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "<Esc>";
            mode = ["i"];
            action = "<Nop>";
          }
        ];
        languages = {
          nix = {
            enable = true;
            format.enable = true;
            lsp.enable = true;
          };
          haskell = {
            enable = true;
            lsp.enable = true;
          };
        };
        lineNumberMode = "relative";
        options = {
          tabstop = 2;
          shiftwidth = 2;
          expandtab = true;
          smarttab = true;
          foldmethod = "indent";
          number = true;
          colorcolumn = "80";
        };
        statusline.lualine.enable = true;
        syntaxHighlighting = true;
      };
    };
    ssh.enable = true;
  };
 }
--- a/modules/nix-on-droid/nix-on-droid.nix
+++ b/modules/nix-on-droid/nix-on-droid.nix
@@ -1,5 +0,0 @@
 {pkgs, ...}: {
  environment.packages = [pkgs.git];
  system.stateVersion = "26.05";
  nix.settings.experimentalFeatures = ["nix-command" "flakes"];
 }
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -2,14 +2,10 @@
  mailserver = {
    enable = true;
    stateVersion = 3;
    # domain bs
    fqdn = "mail.${config.networking.domain}";
    domains = ["${config.networking.domain}"];
    x509.useACMEHost = config.mailserver.fqdn;
    loginAccounts = {
      # test acc
      "test@${config.networking.domain}" = {
        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
      };
@@ -19,17 +15,6 @@
      };
    };
  };
  # put dkim key into /etc for declarability
  mailserver.dkimKeyDirectory = "/etc/dkim";
  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
    source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
    mode = "600";
    user = config.services.rspamd.user;
    group = config.services.rspamd.group;
  };
  # does acme for me
  services.nginx = {
    enable = true;
    virtualHosts = {
@@ -37,26 +22,15 @@
        forceSSL = true;
        enableACME = true;
      };
      "matrix.${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
      };
      "${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "mtgmonket@gmail.com";
  };
  # persist directories per the backup guidelines
  environment.persistence."/persist" = {
    directories = [
-      # not needed bc the dkim dir is declared
+      "/var/dkim"
      # "/var/dkim"
      "/var/vmail"
      "/var/lib/redis-rspamd"
      "/var/lib/acme"
--- a/modules/nixos/matrix-continuwuity.nix
+++ b/modules/nixos/matrix-continuwuity.nix
@@ -1,26 +0,0 @@
 {config, ...}: {
  services = {
    matrix-continuwuity = {
      enable = true;
      settings = {
        global = {
          server_name = "${config.networking.domain}";
          address = ["127.0.0.1"];
          port = [6167];
          well_known = {
            server = "matrix.${config.networking.domain}";
            client = "https://matrix.${config.networking.domain}";
          };
        };
      };
    };
    nginx = {
      upstreams.matrix.servers."127.0.0.1:6167" = {};
      virtualHosts = {
        "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
        "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
      };
    };
  };
 }
--- a/modules/nixos/openvpn-client.nix
+++ b/modules/nixos/openvpn-client.nix
@@ -1,11 +0,0 @@
 {
  services.openvpn.servers = {
    "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
  };
  environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
  # turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
  #  networking.enableIPv6 = lib.mkForce false;
  # workaround; NetworkManager reenables ipv6 without the following
  #  boot.kernelParams = ["ipv6.disable=1"];
 }
--- a/modules/nixos/phoenix.nix
+++ b/modules/nixos/phoenix.nix
@@ -1,45 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: {
  options.programs.firefox.phoenix = {
    enable =
      lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
      // {
        default = true;
      };
    firefoxPackages = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = ["firefox"];
      description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
    };
  };
  config = let
    cfg = config.programs.firefox.phoenix;
  in
    lib.mkIf cfg.enable {
      assertions = [
        {
          assertion = !pkgs.stdenv.isDarwin;
          message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
        }
      ];
      environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
      environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
      environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
      environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
      programs.firefox.policies =
        (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
      nixpkgs.overlays = [
        (import ../../overlays/phoenix.nix)
        (
          final: prev:
            builtins.listToAttrs (
              map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
            )
        )
      ];
    };
 }
--- a/modules/nixos/zram.nix
+++ b/modules/nixos/zram.nix
@@ -1,8 +0,0 @@
 {
  zramSwap = {
    enable = true;
    priority = 100;
    algorithm = "zstd";
    memoryPercent = 75;
  };
 }
--- a/modules/nixos/zulip.nix
+++ b/modules/nixos/zulip.nix
@@ -8,47 +8,25 @@
    # host domain
    host = "chat.${config.networking.domain}";
-    # secrets; head rolled on keyboard for all :)
+    # secrets
    camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
    rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
    secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
    sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
    avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
-
+    extraSecrets = {
-    # TODO check for parity with `mailserver-acc-admin-pw.age`
+      email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
-    extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
+    };
    # settings
    zulipSettings = rec {
-      # email users
+      EMAIL_USE_TLS = true;
-      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
+      EMAIL_PORT = 587;
      EMAIL_HOST_USER = ZULIP_ADMINISTRATOR;
      # configure mailserver port
      EMAIL_HOST = config.mailserver.fqdn;
      EMAIL_USE_SSL = true;
      EMAIL_PORT = 465;
      # setting to allow realm creation; probably unsafe, might delete later :3
      OPEN_REALM_CREATION = true;
      # send all noreply emails from `admin@galaxious.de`
      # TODO configure admin to send from any address
      ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
      NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;
-
+      OPEN_REALM_CREATION = true;
      # domain name
      EXTERNAL_HOST = config.services.zulip.host;
      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
    };
  };
  # persist
  environment.persistence."/persist".directories = [
    # messages
    "/var/lib/rabbitmq"
    # uploads
    "/var/lib/zulip"
    # contrived, but in the store a couple layers down
    # "/var/lib/redis-zulip"
  ];
 }
--- a/overlays/phoenix.nix
+++ b/overlays/phoenix.nix
@@ -1,21 +0,0 @@
 final: prev: let
  phoenix-src = prev.fetchFromGitHub {
    owner = "celenityy";
    repo = "Phoenix";
    rev = "07d9be8cbf938962f9847b0970274b885ff48792";
    hash = "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=";
  };
 in {
  phoenix = (final.callPackage (import "${phoenix-src}/nix/package.nix")
    {
    }).overrideAttrs {
    patches = [
      ../patches/0001-autoDisableScopes-unlocked.patch
    ];
  };
  withPhoenix = firefoxPackage:
    firefoxPackage.override {
      extraPoliciesFiles = ["${final.phoenix}/policies.json"];
      extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
    };
 }
--- a/patches/0001-autoDisableScopes-unlocked.patch
+++ b/patches/0001-autoDisableScopes-unlocked.patch
@@ -1,25 +0,0 @@
 From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
 From: andromeda <andromeda@lenovo>
 Date: Sun, 25 Jan 2026 10:41:03 +0100
 Subject: [PATCH] autoDisableScopes unlocked
 ---
 build/phoenix-unified.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
 index e183890e..fd58b176 100644
 --- a/build/phoenix-unified.js
 +++ b/build/phoenix-unified.js
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
 // https://archive.is/DYjAM
 // https://support.mozilla.org/kb/deploying-firefox-with-extensions
 // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
 -pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
 +pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
 pref("extensions.enabledScopes", 5); // [HIDDEN]
 pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
 pref("extensions.sideloadScopes", 0); // [HIDDEN]
 -- 
 2.52.0
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,12 +1,10 @@
 {
  age.secrets = {
    andromeda-pw.file = ./secrets/andromeda-pw.age;
    conduit-secretFile.file = ./secrets/conduit-secretFile.age;
    "dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
    mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
-    "mailserver-acc-zulip+admin-pw".file = "${./secrets}/mailserver-acc-zulip+admin-pw.age";
+    "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
    zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
    zulip-camoKey.file = ./secrets/zulip-camoKey.age;
    zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age;
@@ -18,7 +16,7 @@
    ssh = {
      andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
      lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
-      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH5TA6Br8K4xTjD5YcXQDh4UQSvuE0lEs1UxUytDiAn root@109-199-104-83";
+      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjbjFrGZD98tAb8tnayeGjkcsJ17nAdREugZub3AWz root@109-199-104-83";
    };
  };
 }
--- a/robotnix/payton.nix
+++ b/robotnix/payton.nix
@@ -1,13 +0,0 @@
 {...}: {
  flavor = "lineageos";
  # motorola moto x4 (payton)
  device = "payton";
  # latest supported version:
  # check https://download.lineageos.org/devices/payton/builds
  flavorVersion = "22.2";
  apps.fdroid.enable = true;
  microg.enable = true;
 }
--- a/secrets/andromeda-pw.age
+++ b/secrets/andromeda-pw.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg ixFM7swaItfNnTRVSdTm1wZJ8lHUv7tDOgSXo1OpgCc
+-> ssh-ed25519 mT2fyg lpbWxTU6p0TLqdrqEAJLZp9lMuGZiTwZviuMBSq8dAI
-lf8/ChfcpgYkK8mTS9Zk++toOu0KNh88S+Lqu4a0UIw
+hapEREw5ZqDrUsGYFbVy3ZybfxKv7cKtgsCIRUJNMeQ
-> ssh-ed25519 UHxfvA hbsRwdzU1IP3K/gH0btUOQ8hZer8Kgq+RqzcEVrCqTE
+-> ssh-ed25519 UHxfvA SrK+1CTq/fkEj/KlSHM+9iQq7AcNFjDwwwEVenbKSCs
-iSVh+yeypHoalRhaRM2XMlBvtO8HCyatDnWgUyC3GWU
+zVNGyZbWQCrgmQ/uNCv23O6i6GfDdOoYHPN0E7A0XbE
--- hcs6DJZRvjoKDPI/cjUXRfM7+06PNJvWqjkvJof/bSs
+--- KpfV8+Snrp9R69h5TVphgzvxEsDgaXI1Wva8iq5Y0Mk
-Boƒp‡Qlg-§\§=Æ™	Ú¼ðÛÒÙsv½Ì~×ÚOÔí{Rx×IErÃ´–s§1„¯v¹÷Ü:<–
+<ivÆ‘Þj¯/zíë—¹mÂ…ÿ?±û½ÿù~\£=Õ5žL˜M”¤D¬ù¬Ãêûã(H$‰Ëã^<5E>f¾9‹º;ÀjˆaV8Èq“wµeôë£Œ<C2A3>%Û‡ªU
 i¶Ÿ×1¾v»„KùÑýé¦*Ú |£ ¶–´Ÿñ5[{\Ó
--- a/secrets/conduit-secretFile.age
+++ b/secrets/conduit-secretFile.age
@@ -1,9 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
 vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
 -> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
 XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
 -> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
 XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
 --- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
 ^P%ÔÏ¦‚Û}ÌÝM¤Ñù&ß¢Ù‡óQ¬?d^ØYú	Ã~øTuÃï±oÍfž´·7¬nÙ'!'Í“ã††µ]dÍ‡0>vÆÇŸ¸Ü.Ÿ€E]˜šÔ‡|‰>d— *wDÉ<44>‹¿à<C2AD>›)cH<63>êÁ@W<>v*šWk<57>õéN¤ÎRßF	I@¶ê;9=u¬–Í’¬°°Ï„Œ,—‘©)Ÿ>bÁÝ:O«Jð=´W
--- a/secrets/dkim-galaxious.de.mail.key.age
+++ b/secrets/dkim-galaxious.de.mail.key.age
--- a/secrets/mailserver-acc-admin-pw.age
+++ b/secrets/mailserver-acc-admin-pw.age
--- a/secrets/mailserver-acc-test-pw.age
+++ b/secrets/mailserver-acc-test-pw.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg at6Q9eK1o8Mk0+fJh+mnIVrvV1tASV+PGuV8MXuwR2c
+-> ssh-ed25519 mT2fyg BHPXb0yAMGIMJoEFJFzq5YQrlj7C0IyXcIKHtEbQmiw
-cm3wvsLAemeeTFok7yBocNlfwewKruPnymG+wsT5g+Y
+0ilGBqIPjzYe0l6N/PXdTWW3spJZIsIBC0B62wdutNc
-> ssh-ed25519 UHxfvA aaQqfrUfUnLzwUVT6nCRPIAVlIhIWAJcPyeg3J6BQUI
+-> ssh-ed25519 UHxfvA 4KodpMUl2mkRcsKY7EzoMgIeWQ0yqyW+NqQheyHd6w0
-4sh8ZV14csafSs8yAtFZIccSkiz6YnseV3DJcuhw7dQ
+JMei4drWd0VG/qHDAlucoFtYlDAv/whTKrs23q9YX+c
-> ssh-ed25519 yXDKAA KmwRbJURujQhlqOIVxzlVjyvaYRfyuJAVGWMZdkFaAE
+-> ssh-ed25519 EL/Tyg Ip6g9rPqiKDUlmrBO+Bfu+VAi6rx90zUBxzbKupXHXE
-mX083o2XdnnYgqLs5NeppwMbFHDHTucMiHHZuYdzLvo
+AK9id0HQqWPzNrK3AVox4vUO4mQlI/uZY7+ez8992K4
--- Ay/SP2CXGOhSzO4KoiXFQhJMMdHaecxXOtNkGBK/RO0
+--- rhCvXjaEy9bzdG5UTR6HcQvHfioEJi4H0BFjyrQopLc
- Zÿ? á†‹ˆB¾æFØ9_N`¶È8Õ÷å&<26>Îï@ëŽ)q€7–aìO
+ÞñÙ ŸJl¼O¹Wñ¿u1ú•Ê€…÷ŽË±¬XÊd1	“[²éƒ||Bt‡\µ ™h¾#ŒÝÑ£'åb£™Aðîz"n1\Áõq0£—a<E28094>:Ñ®T‚¢ëEGÑ	bø Cy÷†7Uá‰W
--- a/secrets/mailserver-acc-zulip+admin-pw.age
+++ b/secrets/mailserver-acc-zulip+admin-pw.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg sRu0FIphSJVMBcC02mo1YuZdy3i2+/jMeN3ROvxp4kM
+-> ssh-ed25519 mT2fyg /YSp9eYFPJT5Vj1lkw19CfDCW8bauZ2b1BiMtdZKTnY
-sEwx23t3IAauISKesq+110ZKRKxQv3Zesd0AJufYOLs
+sJL2tL8nmh7q/8raA6Nnha2J9witk3994fxyvGcmBoA
-> ssh-ed25519 UHxfvA +YaJGPRT7nX2CqVzw1ixNLpW7MfzEnj44pSwj4iUwhI
+-> ssh-ed25519 UHxfvA 68lyvttT185FSxrJLdAv2Qdb9/50Dn8zL5K5v7knz2A
-E2U6Q+4uesNCWK7uVSztrA84TU/n/xLFm3PJH0hO/EM
+hrT93PeA+zX+ilXUjVuNQQi3nHED/ksmY82x89gJxj0
-> ssh-ed25519 yXDKAA V2kygl0BK/oYpKnnheslBO2YqXFdQWFgtqfmDNdgolc
+-> ssh-ed25519 EL/Tyg RDA+VpzH1QetDunca2R3KyzvBs0c1Hyp/BCDSGB+DQc
-NpJNN4nfrbgOav8Y38C9DwKFZH+QTRp/US/8kyo9m0o
+o9k3z0FO/VXubhug6eeSDRwed2zvu+pbWeed6cKOun0
--- LdqtfywtHOAy3AZ7AexZU0TJMU/ugq+ZYN07706rNxY
+--- 8dCuX7j1i7EiXtF6jILoMUt8RxxBXnMgDqvqp2uMSOk
-±
+€‚××ýÓ.ã‚Úg5†ˆT<CB86>oek'—nÎ-7:±šàXEúa£ú¢÷pbíRéådQš¢±çåª<þ)n^q·yõEJ·
-U$âApµnG NeÉ•£u y`!<21>Ê¤®•Øf;ipvÙYˆ°V_3»ºN+±éªk#¨{û…ŽÊêWÑ*Ÿn(Å•ËÎú‹Õ»G6ÒÉÝˆyc`<60>éqµ:$K]?Í—b=§'ü^Ï9
+Ë¬ëà«³a<18>e9u·ë’*N$€èXõVÉÈmgŒ(ÃŠ†& 
--- a/secrets/mtgmonkey-pw.age
+++ b/secrets/mtgmonkey-pw.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg WZNwnBmikWIb4rlH89iIQHouM7cw07/E/KXz/AVv3V8
+-> ssh-ed25519 mT2fyg OF0H3FW/+6+6efi3cniowSGshtKoTSgk3pgz9ct16Vw
-FxLaO1zM0aGztJAsq+lgrM8gFogKY76Wcs1vYxhA19g
+RBSPPnJG1UtnOEpkPqwpB+xcQCBTmzVNpGH+2eJpYfM
-> ssh-ed25519 UHxfvA YIpS5r25kHVJtG3+kDVUvAPyTKDsRPG/jHwXmiD44SA
+-> ssh-ed25519 UHxfvA 1WcauG5gNnszYp/iAiFNLMvhPXAZ3qAd4F4t41U4bjY
-FKAmC669aQzSbjBjbQbzCixdqnCXnb/JJRQo2MgEZgw
+ERntLA7C/KtbyQzc3REwCSo/i2Yygk8khJTeULUaZ0o
--- xvwJ5oYHR3T1D44fl/aeAVjZglnKhq0JKZr9YecC3EE
+--- 9eUxYn/d3qTHY5AMjJk85iJINxrt6eHyBbx7NbY3s0E
- owÌMÆÍÀ·{Œ8ãm€$/Ì1Åö0øts®‹ÞX±ýˆå¡ñ±C×“‡´ƒÏ\•hõ-}¹•E,É ŽÑ¦,dxdX¥TAkäÄ•
+ã6<EFBFBD>hM)Ì'ÚÔË‰3Õ´„Éeàý†
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,14 +8,6 @@ in {
  "andromeda-pw.age".publicKeys = [andromeda lenovo];
  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
  # contains the following env
  # CONDUIT_JWT_SECRET
  # CONDUIT_TURN_SECRET
  "conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # dkim private keys
  "dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # mail account passwords
  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
--- a/secrets/zulip-avatarSaltKey.age
+++ b/secrets/zulip-avatarSaltKey.age
--- a/secrets/zulip-camoKey.age
+++ b/secrets/zulip-camoKey.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg 5ADzKAtycqfFpqW/dp71FTaK2gchzdWFNqxPyZ6deSY
+-> ssh-ed25519 mT2fyg F5X75uA03GCdN5hiq4K6GPkjZOEGNxmZ71X8Gx0VeFY
-+aISA4YwF1l9S0fmE84wOvAJpM221bwPDYvXELTVv9k
+nURLjoD+R284PtDudfVRVwByEP836e+rhQyggmZG5Jg
-> ssh-ed25519 UHxfvA uKYcpPbaXA4r1OmlkuiIu/EqQ3IiHR7JpItnVgTaW2g
+-> ssh-ed25519 UHxfvA 6hSu9W0aRzw6lzOg8VtnR19/byrMv3Ioc3dY/HQD3Qc
-LjySgI4mTlaZY81IJc6DmBh43l2qeGlQnZi+rOlbtb8
+bTaLokq4Gn/tpCM7b10ME5MPR0oR3QyAKmlhXlrhLJw
-> ssh-ed25519 yXDKAA TMwoM06ZJsjkZ7eLguxqYB05jcRn+tTgVzE7WQIf0mw
+-> ssh-ed25519 EL/Tyg 4k+vFxHeqISiWexGj5IAvXRpWdheKDJ/8b9dy8EYVHU
-vKwCkWsywGsgVv6Y278Mi28MhCYBRRUnfg4+EouOw+0
+eRBAnmIxuXtgi7dVTHfH0Q9h8KsyrVD0tTK0PlXO0EE
--- CScrim9wya9AhElXBtKBR3XBZDL83/g3MTfdF258GJ8
+--- ZLCSwwY0oD0L1nwBKhZlRmDG4dj6MdjXZFQoITaECDg
-K#Ð>8}cã§Ï}8‡ÅL¹(Ëôcò¶
+èoÓˆÏlÎÀŽNq«[ïªJ)&7¯`:Þ¸`©×†ÿDµë/JåÙ±Fö[<12>©Aù#–Z»ÇÁLÿy²)"gtßÍ*%4ôá˜¨ÍO¢9Î‘v
 Üw1ª"O“Ù
--- a/secrets/zulip-extraSecrets-email_password.age
+++ b/secrets/zulip-extraSecrets-email_password.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg IOcD4r19Gx2AvjusnnJDHQXr/U4Ti6qKr01I9lNQDQE
+-> ssh-ed25519 mT2fyg 6o7tjdOI24SQ/wAIw6DhF59ZSCY+5weRUxCqQso6PnI
-fCwouMQPvhkyzehszuv0YhSfNh9zGKaFNDKaTZT0rD0
+1OdvoW2M8etjWYM87ZW2muKpNUV+iOFY8NCd1Wopjkk
-> ssh-ed25519 UHxfvA e95raPehUz6T2FR/eT8kzfrxt/Ou6kKsqi7z/3BkfwU
+-> ssh-ed25519 UHxfvA ksk6McR1jrkxTmGqMnkhM0b41+AZc26LoainR5CGmC8
-uHymqnY3t7IwpxWkN8xen3Vsy6R7VMoj+fR0zPnPinY
+AZTynapDNQ8aLFx7Rcu3dLVxJnuKcb8Emak9SjEOQcU
-> ssh-ed25519 yXDKAA nlR1prGysW+k8gq2npEiboFqoo9jKQ5ISxRiiCFlb0s
+-> ssh-ed25519 EL/Tyg ZQaWIGPt41SwnQpGFnAadZmC/bVuTJx2v15GMmqjlU4
-kaGOvlQgO0nOAl12mMKvafa9ezmy8XdUC2tVPuBG4iw
+3/S32mze090ThCPZF/lDs3xvsaAKNgfrM7I09WUGtsk
--- MRFAGURoyediqNSjGxr57a0w6n9lH2zVjfyrUZcyAYw
+--- aRUPFhqwkRAzL2sQW4UJPPhV/EEvWCmXLE7PjHMLtnU
-
+Ûàš×ØßmÑa_VX#!Ü[dà[ÁüÐö£®×s½M”!©/þb[ãJÄÝ[
 zä0
--- a/secrets/zulip-rabbitmqPassword.age
+++ b/secrets/zulip-rabbitmqPassword.age
--- a/secrets/zulip-secretKey.age
+++ b/secrets/zulip-secretKey.age
--- a/secrets/zulip-sharedSecretKey.age
+++ b/secrets/zulip-sharedSecretKey.age
--- a/substitutors.nix
+++ b/substitutors.nix
@@ -1,8 +0,0 @@
 {
  # spectrum
  nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
  nix.settings.trusted-public-keys = [
    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
  ];
 }
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -39,7 +39,6 @@ in {
      pkgs.grim
      pkgs.jmtpfs
      pkgs.nix-output-monitor
      pkgs.npins
      pkgs.ranger
      pkgs.rip2
      pkgs.ripgrep
@@ -92,30 +91,6 @@ in {
      };
    };
    fastfetch.enable = true;
    firefox = {
      enable = true;
      package = pkgs.firefox.override {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username} = {
        extensions = {
          force = true;
          packages = [
            pkgs.nur.repos.rycee.firefox-addons.tridactyl
          ];
        };
        search = {
          default = "DuckDuckGo (HTML)";
          privateDefault = "DuckDuckGo (HTML)";
          order = [
            "DuckDuckGo (HTML)"
          ];
        };
        settings = {
          "extensions.autoDisableScopes" = 0;
        };
      };
    };
    git = {
      enable = true;
      settings = {
@@ -128,6 +103,15 @@ in {
    };
    gh.enable = true;
    home-manager.enable = true;
    firefox = {
      enable = true;
      package = pkgs.firefox.override {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username}.extensions.packages = [
        pkgs.nur.repos.rycee.firefox-addons.tridactyl
      ];
    };
    lsd.enable = true;
    nvf = {
      enable = true;
--- a/users/andromeda/sway_config
+++ b/users/andromeda/sway_config
@@ -55,12 +55,6 @@ bindsym $mod+Shift+8 move container to workspace number 8
 bindsym $mod+Shift+9 move container to workspace number 9
 bindsym $mod+Shift+0 move container to workspace number 0
 seat * hide_cursor 100
 input type:touchpad events disabled
 bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
 bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
 bindsym $mod+f fullscreen
 bindsym $mod+Shift+space floating toggle
 bindsym $mod+Shift+minus move scratchpad
@@ -70,8 +64,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
 bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
 bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
 bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
-bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
-bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
 default_border none
 font pango:monospace 0.001
Author	SHA1	Message	Date
andromeda	03f5bbf2c0	Merge commit 'caf1394' into development	2026-01-10 15:42:13 +01:00
andromeda	caf139425f	update remote keys	2026-01-10 15:40:07 +01:00