tidy a bit

idk prolly smt ig
fix certs?
2026-04-03 21:26:04 +02:00 · 2026-02-21 15:59:08 +01:00 · 2026-01-26 21:58:55 +01:00 · 2026-01-26 21:40:03 +01:00 · 2026-01-25 15:44:32 +01:00 · 2026-01-25 11:00:30 +01:00
23 changed files with 258 additions and 338 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+result*
+.gcroots
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+see TODO.md for my aspirations
+
 ## usage

 ### install
--- a/TODO.md
+++ b/TODO.md
@@ -0,0 +1,20 @@
+- add other remote
+- fully automate remote provisioning (remote keys)
+- fix ipv6 on remotes
+- modularize home manager
+- add services?
+    - 0x0
+    - forgejo
+    - matrix homeserver
+    - matrix webclient
+    - radicale
+    - tor relay
+    - wireguard as vpn
+- add home functionality
+    - better term emulator
+    - switch browser?
+        - chromium: much better sandboxing
+        - ladybird: be an early tester, contribute
+        - glide: sexier tridactyl implementation
+        - browsh: the GOAT
+    - get mouse out of here
--- a/deploy.sh
+++ b/deploy.sh
@@ -1,5 +0,0 @@
-# usage:
-# $ ./deploy.sh <hostname> <ip>
-# example usage:
-# $ ./deply.sh 109-199-104-83 109.199.104.83
-nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .?ref=411ee0c#$1 --target-host root@$2
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1762618334,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
        "type": "github"
      },
      "original": {
@@ -129,35 +129,14 @@
        "type": "github"
      }
    },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746728054,
-        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "ff442f5d1425feb86344c028298548024f21256d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "latest",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1764724327,
-        "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
+        "lastModified": 1764873433,
+        "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
+        "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
        "type": "github"
      },
      "original": {
@@ -169,15 +148,15 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1761588595,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
-        "owner": "edolstra",
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "owner": "NixOS",
        "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
        "type": "github"
      },
      "original": {
-        "owner": "edolstra",
+        "owner": "NixOS",
        "repo": "flake-compat",
        "type": "github"
      }
@@ -227,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760948891,
-        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
        "type": "github"
      },
      "original": {
@@ -248,11 +227,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763759067,
-        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
+        "lastModified": 1767609335,
+        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
+        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
        "type": "github"
      },
      "original": {
@@ -290,11 +269,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763988335,
-        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
+        "lastModified": 1772893680,
+        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
+        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
        "type": "github"
      },
      "original": {
@@ -329,11 +308,11 @@
      "flake": false,
      "locked": {
        "host": "gitlab.gnome.org",
-        "lastModified": 1764524476,
-        "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
+        "lastModified": 1767737596,
+        "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
+        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
        "type": "gitlab"
      },
      "original": {
@@ -372,11 +351,32 @@
        ]
      },
      "locked": {
-        "lastModified": 1766980997,
-        "narHash": "sha256-oegDNAvyQwaG3GqSi4U5jpKM7SYHGESGVIuKMRV/lbw=",
+        "lastModified": 1774007980,
+        "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7a7b43c7231a439d248179ba8d561dd6cd81799b",
+        "rev": "9670de2921812bc4e0452f6e3efd8c859696c183",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_3": {
+      "inputs": {
+        "nixpkgs": [
+          "impermanence",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768598210,
+        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
        "type": "github"
      },
      "original": {
@@ -386,12 +386,16 @@
      }
    },
    "impermanence": {
+      "inputs": {
+        "home-manager": "home-manager_3",
+        "nixpkgs": "nixpkgs"
+      },
      "locked": {
-        "lastModified": 1737831083,
-        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "lastModified": 1769548169,
+        "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
        "type": "github"
      },
      "original": {
@@ -402,11 +406,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1758834834,
-        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
+        "lastModified": 1770419553,
+        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
+        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
        "type": "github"
      },
      "original": {
@@ -417,18 +421,22 @@
    },
    "ndg": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
+          "nvf",
+          "nixpkgs"
+        ]
      },
      "locked": {
-        "lastModified": 1765720983,
-        "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=",
+        "lastModified": 1768214250,
+        "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=",
        "owner": "feel-co",
        "repo": "ndg",
-        "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936",
+        "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8",
        "type": "github"
      },
      "original": {
        "owner": "feel-co",
+        "ref": "refs/tags/v2.6.0",
        "repo": "ndg",
        "type": "github"
      }
@@ -436,11 +444,11 @@
    "nix-zulip": {
      "flake": false,
      "locked": {
-        "lastModified": 1764583012,
-        "narHash": "sha256-6ht4dtI1TBDAaB/Tatq+FcPexaZTBWuRiJGnioCDx5c=",
+        "lastModified": 1772926346,
+        "narHash": "sha256-fk8lfYmpXtBLzpJb9f97fYzKXcNflA5CYdYEJD1SDoY=",
        "ref": "refs/heads/main",
-        "rev": "a9dd0f80d775745f1d88055f24d944562db97c5e",
-        "revCount": 67,
+        "rev": "995e67ff510f413bd0d21af2137159c283223985",
+        "revCount": 80,
        "type": "git",
        "url": "https://git.afnix.fr/nix-zulip/nix-zulip"
      },
@@ -459,11 +467,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766321686,
-        "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=",
+        "lastModified": 1774001769,
+        "narHash": "sha256-6y8yLrMecnFq21wFlUSxHF7OsabVCCj2p104HEUosvI=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3",
+        "rev": "05968d7978faaa501836d6d2eb7f6cffb4140829",
        "type": "gitlab"
      },
      "original": {
@@ -474,11 +482,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1766651565,
-        "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
+        "lastModified": 1768564909,
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
        "type": "github"
      },
      "original": {
@@ -490,15 +498,15 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1764242076,
-        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
-        "owner": "NixOS",
+        "lastModified": 1773821835,
+        "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
+        "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
@@ -532,11 +540,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767026366,
-        "narHash": "sha256-TqJXPpEPYfeFCbraquNdrB1dJYuEqV474Npv8UcNxrs=",
+        "lastModified": 1774121134,
+        "narHash": "sha256-2rY/WUuZEtQ7St3AcFw6dri4oYyBJvr/dnZdpOPe1oM=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "1f8c02a96c58c0dd90f2de45440b9ef01571abc3",
+        "rev": "4fe0420f495cdcd730969de67f75f44d2a5bb71f",
        "type": "github"
      },
      "original": {
@@ -557,11 +565,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764773531,
-        "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
+        "lastModified": 1767810917,
+        "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
+        "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
        "type": "github"
      },
      "original": {
@@ -582,11 +590,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1766596669,
-        "narHash": "sha256-9C72hpMDa99n4MbqZqsBkrBQZe+HEN9lnu7Sme67nmU=",
+        "lastModified": 1774109759,
+        "narHash": "sha256-Ksvw+R+kwCr+liA4h+TtQaYSW/0Jl+NDMThU5TBsJIY=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "ef1f22efaf4aa37ba9382a7d1807fa8ac9c097fd",
+        "rev": "4f1074084eb86e8d8a32e19e78f3cf2adba0213e",
        "type": "github"
      },
      "original": {
@@ -602,11 +610,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766543224,
-        "narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
+        "lastModified": 1774120611,
+        "narHash": "sha256-QZ09cfZnPiF62BgNqVTxEbFtnBjYaBVuhZNdos9ggnE=",
        "owner": "celenityy",
        "repo": "Phoenix",
-        "rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
+        "rev": "df5a6d30c792c0b17017510b35db93e94fb9e6a1",
        "type": "github"
      },
      "original": {
@@ -618,12 +626,11 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "disko": "disko",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "nix-zulip": "nix-zulip",
        "nixos-mailserver": "nixos-mailserver",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "noshell": "noshell",
        "nur": "nur",
        "nvf": "nvf",
@@ -652,11 +659,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1766603026,
-        "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=",
+        "lastModified": 1773792048,
+        "narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=",
        "owner": "nix-community",
        "repo": "stylix",
-        "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430",
+        "rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1",
        "type": "github"
      },
      "original": {
@@ -746,11 +753,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1763914658,
-        "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
+        "lastModified": 1767710407,
+        "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
+        "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
        "type": "github"
      },
      "original": {
@@ -762,11 +769,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1764465359,
-        "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
+        "lastModified": 1767489635,
+        "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
+        "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
        "type": "github"
      },
      "original": {
@@ -778,11 +785,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1764464512,
-        "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
+        "lastModified": 1767488740,
+        "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
+        "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -4,10 +4,6 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    disko = {
-      url = "github:nix-community/disko/latest";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -45,7 +41,6 @@
  };
  outputs = {
    agenix,
-    disko,
    home-manager,
    impermanence,
    nixos-mailserver,
@@ -71,19 +66,18 @@
            ./secrets.nix
            ./modules/nixos/common.nix
            agenix.nixosModules.default
-            disko.nixosModules.disko
            impermanence.nixosModules.impermanence
            nixos-mailserver.nixosModule
            noshell.nixosModules.default
-            phoenix.nixosModules.default
            nix-zulip'.nixosModules.zulip
-            {
+            phoenix.nixosModules.default
+            ({pkgs, ...}: {
              nixpkgs.overlays = [
                agenix.overlays.default
                nur.overlays.default
                nix-zulip'.overlays.default
              ];
-            }
+            })
          ]
          ++ machine.modules;
      };
@@ -93,6 +87,7 @@
        {
          home-manager.useGlobalPkgs = true;
          home-manager.extraSpecialArgs = {inherit machine;};
+          home-manager.backupFileExtension = "bak";
          home-manager.users =
            builtins.mapAttrs
            (name: value: value)
--- a/machines.nix
+++ b/machines.nix
@@ -11,6 +11,7 @@
      # hardware configuration
      # includes `system.stateVersion`
      ./modules/nixos/machines/lenovo.nix
+      ./modules/nixos/zram.nix

      # boot process
      # systemd-boot
@@ -20,7 +21,7 @@
      ./modules/nixos/laptop.nix

      # vpn
-      ./modules/nixos/openvpn-client.nix
+      # ./modules/nixos/openvpn-client.nix

      # ly display manager
      ./modules/nixos/ly.nix
@@ -29,7 +30,11 @@
      ./modules/nixos/sway.nix

      # apps
+      # UNFREE
      ./modules/nixos/steam.nix
+
+      # substitutors
+      ./substitutors.nix
    ];
  };
  "109-199-104-83" = {
@@ -37,28 +42,16 @@
    system = "x86_64-linux";
    users = [];
    modules = [
-      # impermanence
-      ./modules/nixos/impermanence.nix
-      ./modules/nixos/impermanence-ssh.nix
-
      # hardware configuration
-      # verbatim as `nixos-generate-config` AND `system.stateVersion`
+      # from gitlab:whitequark/nixos-bite
      ./modules/nixos/machines/109-199-104-83.nix
-      ./modules/nixos/disko/remote.nix
-
-      # boot process
-      # grub boot on /dev/sda
-      ./modules/nixos/boot/109-199-104-83.nix

      # networking
      ./modules/nixos/networking/domains/galaxious.de.nix
-      # uses cloud-init to network
-      ./modules/nixos/networking/networks/109-199-104-83.nix

      # ssh through port 5522 among other things
      # andromeda@lenovo is the only user allowed access
      ./modules/nixos/networking/hard-ssh.nix
-      ./modules/nixos/networking/ssh-as-root.nix
      ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})

      # simple-nixos-mailserver email server
@@ -74,10 +67,9 @@
      # git.domain
      # ./modules/nixos/forgejo.nix

-      # BROKEN
      # zulip chat client
      # chat.domain
-      ./modules/nixos/zulip.nix
+      # ./modules/nixos/zulip.nix
    ];
  };
 }
--- a/modules/nixos/boot/109-199-104-83.nix
+++ b/modules/nixos/boot/109-199-104-83.nix
@@ -1,9 +0,0 @@
-{
-  boot.loader.grub = {
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
-  age.identityPaths = [
-    "/persist/etc/ssh/ssh_host_ed25519_key"
-  ];
-}
--- a/modules/nixos/disko/remote.nix
+++ b/modules/nixos/disko/remote.nix
@@ -1,64 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      disk1 = {
-        device = "/dev/sda";
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            # legacy boot
-            boot = {
-              name = "boot";
-              size = "1M";
-              type = "EF02";
-            };
-
-            # efi boot
-            esp = {
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-              };
-            };
-
-            # btrfs
-            # root is on nodev
-            root = {
-              size = "100%";
-              content = {
-                extraArgs = ["-f"]; # internet told me to, works
-                type = "btrfs";
-                subvolumes = {
-                  # nix store
-                  "/nix" = {
-                    mountpoint = "/nix";
-                  };
-
-                  # persistant directory
-                  "/persist" = {
-                    mountpoint = "/persist";
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-    nodev = {
-      # root
-      "/" = {
-        fsType = "tmpfs";
-        mountOptions = [
-          "defaults"
-          "mode=755" # stops security complaints
-        ];
-      };
-    };
-  };
-}
--- a/modules/nixos/machines/109-199-104-83.nix
+++ b/modules/nixos/machines/109-199-104-83.nix
@@ -1,25 +1,39 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+{modulesPath, ...}: {
+  system.stateVersion = "25.11";
+  nix.settings.experimental-features = "flakes nix-command";

-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
+  # Hardware
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.timeout = 30;
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  boot.tmp.cleanOnBoot = true;

-  swapDevices = [];
+  zramSwap.enable = true;

-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-  system.stateVersion = "26.05";
+  # Networking
+  networking = {
+    useNetworkd = true;
+    usePredictableInterfaceNames = true;
+  };
+  systemd.network = {
+    enable = true;
+    networks."40-wan" = {
+      matchConfig.Name = "enx0050565f4fff";
+      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
+      routes = [
+        {
+          Gateway = "109.199.96.1";
+          GatewayOnLink = true;
+        }
+        {Gateway = "fe80::1";}
+      ];
+      dns = ["2020:fe::10" "9.9.9.10"];
+    };
+  };
 }
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -37,21 +37,18 @@
        forceSSL = true;
        enableACME = true;
      };
+      "matrix.${config.networking.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+      "${config.networking.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "mtgmonket@gmail.com";
  };
-
-  # persist directories per the backup guidelines
-  environment.persistence."/persist" = {
-    directories = [
-      # not needed bc the dkim dir is declared
-      # "/var/dkim"
-      "/var/vmail"
-      "/var/lib/redis-rspamd"
-      "/var/lib/acme"
-    ];
-  };
 }
--- a/modules/nixos/networking/hard-ssh.nix
+++ b/modules/nixos/networking/hard-ssh.nix
@@ -4,7 +4,6 @@
    allowSFTP = false;
    ports = [5522];
    settings = {
-      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = true;
    };
--- a/modules/nixos/networking/networks/109-199-104-83.nix
+++ b/modules/nixos/networking/networks/109-199-104-83.nix
@@ -1,15 +0,0 @@
-{
-  networking = {
-    useDHCP = false;
-    hostName = "109-199-104-83";
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [80 443];
-      allowedUDPPorts = [80 443];
-    };
-  };
-  services.cloud-init = {
-    enable = true;
-    network.enable = true;
-  };
-}
--- a/modules/nixos/openvpn-client.nix
+++ b/modules/nixos/openvpn-client.nix
@@ -1,8 +0,0 @@
-{lib, ...}: {
-  services.openvpn.servers = {
-    "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
-  };
-  networking.enableIPv6 = lib.mkForce false;
-  environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
-  boot.kernelParams = ["ipv6.disable=1"];
-}
--- a/modules/nixos/roundcube.nix
+++ b/modules/nixos/roundcube.nix
@@ -9,8 +9,4 @@
      $config['smtp_pass'] = "%p";
    '';
  };
-  environment.persistence."/persist".directories = [
-    "/var/lib/roundcube"
-    "/var/lib/postgresql"
-  ];
 }
--- a/modules/nixos/zram.nix
+++ b/modules/nixos/zram.nix
@@ -0,0 +1,8 @@
+{
+  zramSwap = {
+    enable = true;
+    priority = 100;
+    algorithm = "zstd";
+    memoryPercent = 75;
+  };
+}
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,6 +1,7 @@
 {
  age.secrets = {
    andromeda-pw.file = ./secrets/andromeda-pw.age;
+    conduit-secretFile.file = ./secrets/conduit-secretFile.age;
    "dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
--- a/secrets/conduit-secretFile.age
+++ b/secrets/conduit-secretFile.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
+vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
+-> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
+XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
+-> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
+XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
+--- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
+^P%ÔÏ¦‚Û}ÌÝM¤Ñù&ß¢Ù‡óQ¬?d^ØYú	Ã~øTuÃï±oÍfž´·7¬nÙ'!'Í“ã††µ]dÍ‡0>vÆÇŸ¸Ü.Ÿ€E]˜šÔ‡|‰>d— *wDÉ<44>‹¿à<C2AD>›)cH<63>êÁ@W<>v*šWk<57>õéN¤ÎRßF	I@¶ê;9=u¬–Í’¬°°Ï„Œ,—‘©)Ÿ>bÁÝ:O«Jð=´W
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,6 +8,11 @@ in {
  "andromeda-pw.age".publicKeys = [andromeda lenovo];
  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];

+  # contains the following env
+  # CONDUIT_JWT_SECRET
+  # CONDUIT_TURN_SECRET
+  "conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
+
  # dkim private keys
  "dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];

--- a/substitutors.nix
+++ b/substitutors.nix
@@ -0,0 +1,8 @@
+{
+  # spectrum
+  nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
+  nix.settings.trusted-public-keys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
+  ];
+}
--- a/users.nix
+++ b/users.nix
@@ -3,9 +3,7 @@
  lib,
  machine,
  ...
-}: let
-  machines = import ./machines.nix;
-in {
+}: {
  users.users =
    builtins.mapAttrs
    (name: value: lib.mkIf (builtins.elem name machine.users) value)
@@ -27,12 +25,18 @@ in {
      "andromeda" = {
        directories = [
          ".backups"
+          ".gnupg"
+          ".local/share/AAAAXY"
          ".local/share/Anki2"
          ".local/share/chat.fluffy.fluffychat"
+          ".local/share/Mindustry"
+          ".local/share/Steam"
          ".local/share/zoxide"
          ".ssh"
+          ".steam"
          "conf"
          "Downloads"
+          "conf_v1"
          "pp"
        ];
        files = [
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -26,6 +26,7 @@ in {
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "26.05";
    packages = [
+      pkgs.aaaaxy
      pkgs.acpi
      pkgs.agenix
      pkgs.alacritty
@@ -35,10 +36,13 @@ in {
      pkgs.dust
      pkgs.fluffychat
      pkgs.fzf
+      pkgs.geeqie
      pkgs.glow
      pkgs.grim
      pkgs.jmtpfs
+      pkgs.mindustry-wayland
      pkgs.nix-output-monitor
+      pkgs.npins
      pkgs.ranger
      pkgs.rip2
      pkgs.ripgrep
@@ -97,79 +101,18 @@ in {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username} = {
-        extensions.packages = [
-          pkgs.nur.repos.rycee.firefox-addons.tridactyl
-        ];
-        search = {
-          default = "repos";
-          privateDefault = "ddghtml";
-          order = [
-            "wiki"
-            "options"
-            "packages"
-            "repos"
+        extensions = {
+          force = true;
+          packages = [
+            pkgs.nur.repos.rycee.firefox-addons.tridactyl
+          ];
+        };
+        search = {
+          default = "DuckDuckGo (HTML)";
+          privateDefault = "DuckDuckGo (HTML)";
+          order = [
+            "DuckDuckGo (HTML)"
          ];
-          engines = {
-            "packages" = {
-              urls = [
-                {
-                  template = "https://search.nixos.org/packages";
-                  params = [
-                    {
-                      name = "channel";
-                      value = "unstable";
-                    }
-                    {
-                      name = "query";
-                      value = "{searchTerms}";
-                    }
-                  ];
-                }
-              ];
-            };
-
-            "options" = {
-              urls = [
-                {
-                  template = "https://search.nixos.org/options";
-                  params = [
-                    {
-                      name = "channel";
-                      value = "unstable";
-                    }
-                    {
-                      name = "query";
-                      value = "{searchTerms}";
-                    }
-                  ];
-                }
-              ];
-            };
-
-            "wiki" = {
-              urls = [
-                {
-                  template = "https://wiki.nixos.org/w/index.php";
-                  params = [
-                    {
-                      name = "search";
-                      value = "{searchTerms}";
-                    }
-                  ];
-                }
-              ];
-            };
-
-            "repos" = {
-              template = "https://html.duckduckgo.com/html/";
-              params = [
-                {
-                  name = "q";
-                  value = "{searchTerms}+(site:*.gitlab.org OR site:github.com OR site:git.mtgmonkey.net OR site:sr.ht)";
-                }
-              ];
-            };
-          };
        };
        settings = {
          "extensions.autoDisableScopes" = 0;
@@ -187,6 +130,9 @@ in {
      };
    };
    gh.enable = true;
+    gpg = {
+      enable = true;
+    };
    home-manager.enable = true;
    lsd.enable = true;
    nvf = {
@@ -259,6 +205,12 @@ in {
            enable = true;
            lsp.enable = true;
          };
+          rust = {
+            enable = true;
+            format.enable = true;
+            lsp.enable = true;
+            treesitter.enable = true;
+          };
        };
        lineNumberMode = "relative";
        options = {
@@ -276,4 +228,8 @@ in {
    };
    ssh.enable = true;
  };
+  services.gpg-agent = {
+    enable = true;
+    pinentry.package = pkgs.pinentry-curses;
+  };
 }
--- a/users/andromeda/sway_config
+++ b/users/andromeda/sway_config
@@ -55,6 +55,12 @@ bindsym $mod+Shift+8 move container to workspace number 8
 bindsym $mod+Shift+9 move container to workspace number 9
 bindsym $mod+Shift+0 move container to workspace number 0

+seat * hide_cursor 100
+input type:touchpad events disabled
+
+bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
+bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
+
 bindsym $mod+f fullscreen
 bindsym $mod+Shift+space floating toggle
 bindsym $mod+Shift+minus move scratchpad
@@ -64,8 +70,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
 bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
 bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
 bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
-bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
-bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+

 default_border none
 font pango:monospace 0.001
Author	SHA1	Message	Date
andromeda	2ef56f1479	tidy a bit	2026-04-03 21:26:04 +02:00
andromeda	de1879b9a0	idk prolly smt ig	2026-02-21 15:59:08 +01:00
andromeda	0647d9a8e0	fix certs?	2026-01-26 21:58:55 +01:00
andromeda	8c0db96ca4	robot, also continuwuity, also zram	2026-01-26 21:40:03 +01:00
andromeda	2386fea0eb	split out phoenix overlay	2026-01-25 15:44:32 +01:00
andromeda	e1c510fc64	remove npins fr	2026-01-25 11:00:30 +01:00
andromeda	e4305c15ac	failed to npins, patch phoenix	2026-01-25 10:59:20 +01:00
andromeda	5c99e52e09	patch phoenix to allow user to auto enable extensions	2026-01-25 10:58:15 +01:00
andromeda	ad7e25dce3	init npins?	2026-01-22 05:38:05 +01:00
andromeda	1a62299225	update nixpkgs	2026-01-22 05:37:51 +01:00
andromeda	6e7e52aecf	init npins?	2026-01-22 05:35:49 +01:00
andromeda	a0fa657600	update nixpkgs	2026-01-22 05:13:18 +01:00
andromeda	580cbd1851	init nix-on-droid	2026-01-14 22:57:40 +01:00
andromeda	6fdcd13627	adjust brightness, disable touchpad sometimes	2026-01-14 20:18:25 +01:00
andromeda	6fb816f27c	reenable ipv6; reconfigure browser	2026-01-14 05:31:48 +01:00
andromeda	c0e92a4ef3	typo	2026-01-13 10:55:24 +01:00
andromeda	b754a3d53f	matrix-synapse?	2026-01-13 10:48:56 +01:00
andromeda	19d45ebd05	edit TODO.md	2026-01-13 06:29:18 +01:00
andromeda	312ee02d9e	fix alias traversal	2026-01-13 06:21:08 +01:00
andromeda	c377598d5c	conduit setup?	2026-01-13 06:16:27 +01:00
andromeda	dcb82ed361	add README, conduit	2026-01-13 05:53:57 +01:00