From 1fdb3a85993492fd6957a94d38b902f99d727cf3 Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Thu, 12 Jun 2025 10:52:11 +0000
Subject: [PATCH 1/7] fix translation problem

---
 flake.lock             | 58 +++++++++++++++++++++++++++++++++---------
 services/translate.nix |  2 +-
 2 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6e720ed..8a24838 100755
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1749395936,
-        "narHash": "sha256-tEqZKBzQbENlyIDvVMWcnhifjEQkaEzK3eKDQWCbt58=",
+        "lastModified": 1749494299,
+        "narHash": "sha256-I6/TSz5ciJTEZNFCyrCXWRYqBkNIh3fZy67UErIw3fk=",
         "ref": "refs/heads/master",
-        "rev": "36fa8afd57449cacdc0535417c8d20fb6b702348",
-        "revCount": 9,
+        "rev": "596af4a7318d60816ee995526d571643e21744b5",
+        "revCount": 11,
         "type": "git",
         "url": "file:///var/lib/git-server/blog.git"
       },
@@ -36,6 +36,24 @@
         "type": "github"
       }
     },
+    "jank-client": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1749606892,
+        "narHash": "sha256-ZGUUWNORko3QFy9p/2mc4voJ65/11Joy6Au79+TwxPw=",
+        "ref": "refs/heads/main",
+        "rev": "0e59a339c813bcf1e9969344d8b50ed380231552",
+        "revCount": 1179,
+        "type": "git",
+        "url": "file:///var/lib/git-server/jank-client-fork.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "file:///var/lib/git-server/jank-client-fork.git"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1749143949,
@@ -53,11 +71,26 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1749373575,
-        "narHash": "sha256-/3nvhGaUMG1A6zG185QHyTFR2fMiyffxU7VdMYk5qj0=",
+        "lastModified": 1749285348,
+        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1749658098,
+        "narHash": "sha256-VCerWubROWYfKu027Y4IZdtjN+3qr2WCGhX+mUGW5wk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6a8d437617048567166f83b32d07ba73aeb2d125",
+        "rev": "f1af0317e6a912fa23430de110e8665027bd5a7a",
         "type": "github"
       },
       "original": {
@@ -67,7 +100,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1714253743,
         "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@@ -83,7 +116,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1746141548,
         "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
@@ -101,7 +134,7 @@
     },
     "noshell": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1717396029,
@@ -120,7 +153,8 @@
     "root": {
       "inputs": {
         "elmskell-blog": "elmskell-blog",
-        "nixpkgs": "nixpkgs_2",
+        "jank-client": "jank-client",
+        "nixpkgs": "nixpkgs_3",
         "noshell": "noshell",
         "spacebar-server": "spacebar-server"
       }
@@ -128,7 +162,7 @@
     "spacebar-server": {
       "inputs": {
         "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1748414795,
diff --git a/services/translate.nix b/services/translate.nix
index f9be6c0..4f91353 100755
--- a/services/translate.nix
+++ b/services/translate.nix
@@ -41,7 +41,7 @@ in {
   systemd.services.translate = {
     serviceConfig = {
       Type = "simple";
-      ExecStart = "${lib.getExe pkgs.libretranslate}";
+      ExecStart = "${lib.getExe pkgs.libretranslate} --port 8108";
       RemainAfterExit = true;
     };
   };

From 8af386e5219c0900f1e3b82b4c5259055ffe873d Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Mon, 16 Jun 2025 20:13:51 +0000
Subject: [PATCH 2/7] add ports for rgit

---
 configuration.nix         |  3 ++-
 flake.lock                | 44 ++++++++++++++++++++++++++++++++++-----
 flake.nix                 |  5 +++--
 services/math-project.nix |  4 ++--
 services/rgit.nix         |  1 +
 5 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 637bc8c..0d7f7a8 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -12,7 +12,8 @@
   networking.domain = "";
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [80 443];
+    allowedTCPPorts = [80 443 9418];
+    allowedUDPPorts = [80 443 9418];
   };
   boot.loader.grub.devices = ["nodev"];
 
diff --git a/flake.lock b/flake.lock
index 8a24838..14ff216 100755
--- a/flake.lock
+++ b/flake.lock
@@ -54,6 +54,24 @@
         "url": "file:///var/lib/git-server/jank-client-fork.git"
       }
     },
+    "math-project": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1749728695,
+        "narHash": "sha256-ZeWhAif+eh/ObPxceqQcuvtvxreXTNcHnhWEbPAuppM=",
+        "ref": "refs/heads/master",
+        "rev": "c35a0b510854103f466adca6b60f50822893daca",
+        "revCount": 5,
+        "type": "git",
+        "url": "file:///var/lib/git-server/math-project.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "file:///var/lib/git-server/math-project.git"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1749143949,
@@ -85,6 +103,21 @@
       }
     },
     "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1748889542,
+        "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-25.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1749658098,
         "narHash": "sha256-VCerWubROWYfKu027Y4IZdtjN+3qr2WCGhX+mUGW5wk=",
@@ -100,7 +133,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1714253743,
         "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@@ -116,7 +149,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1746141548,
         "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
@@ -134,7 +167,7 @@
     },
     "noshell": {
       "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1717396029,
@@ -154,7 +187,8 @@
       "inputs": {
         "elmskell-blog": "elmskell-blog",
         "jank-client": "jank-client",
-        "nixpkgs": "nixpkgs_3",
+        "math-project": "math-project",
+        "nixpkgs": "nixpkgs_4",
         "noshell": "noshell",
         "spacebar-server": "spacebar-server"
       }
@@ -162,7 +196,7 @@
     "spacebar-server": {
       "inputs": {
         "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_6"
       },
       "locked": {
         "lastModified": 1748414795,
diff --git a/flake.nix b/flake.nix
index 06490e0..e537199 100755
--- a/flake.nix
+++ b/flake.nix
@@ -29,6 +29,7 @@
         inherit system;
         inherit elmskell-blog;
         inherit spacebar-server;
+        inherit math-project;
         ssh-pub-keys = import ./ssh-pub-keys.nix;
       };
       modules = [
@@ -46,8 +47,8 @@
         noshell.nixosModules.default
         {programs.noshell.enable = true;}
 
-        math-project.nixosModules.default
-        {programs.math-project.enable = true;}
+        math-project.nixosModules.x86_64-linux.default
+        {services.math-project.enable = true;}
         ./services/math-project.nix
 
         ./configuration.nix
diff --git a/services/math-project.nix b/services/math-project.nix
index af31585..a541708 100755
--- a/services/math-project.nix
+++ b/services/math-project.nix
@@ -29,7 +29,7 @@ in {
         METRICS_BIND = "[::1]:9283";
         METRICS_BIND_NETWORK = "tcp";
         POLICY_FNAME = "/etc/anubis/math-project.botPolicies.yaml";
-        TARGET = "http://localhost:8080";
+        TARGET = "http://localhost:8081";
       };
     };
   };
@@ -42,7 +42,7 @@ in {
   systemd.services.math-project = {
     serviceConfig = {
       Type = "simple";
-      ExecStart = "${lib.getExe math-project}";
+      ExecStart = "${lib.getExe math-project.packages.x86_64-linux.default}";
       RemainAfterExit = true;
     };
   };
diff --git a/services/rgit.nix b/services/rgit.nix
index 96c628e..582f15f 100755
--- a/services/rgit.nix
+++ b/services/rgit.nix
@@ -7,6 +7,7 @@
     image = "ghcr.io/w4/rgit:main";
     ports = [
       "8000:8000"
+      "9418:9418"
     ];
     volumes = [
       "/var/lib/git-server:/git:ro"

From 56af2b408c3d1376923d68ea70a3171593eefdb5 Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Mon, 16 Jun 2025 20:40:06 +0000
Subject: [PATCH 3/7] add ipv6

---
 configuration.nix | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 0d7f7a8..f4b2760 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -10,6 +10,7 @@
   boot.tmp.cleanOnBoot = true;
   networking.hostName = "server";
   networking.domain = "";
+  networking.enableIPv6 = true;
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [80 443 9418];
@@ -35,12 +36,6 @@
     '';
   };
 
-  services.fail2ban = {
-    enable = true;
-    maxretry = 10;
-    bantime-increment.enable = true;
-  };
-
   users.users.mtgmonkey = {
     isNormalUser = true;
     description = "mtgmonkey";

From bdc3a225705a8af6f8e752cac6f4d56c945be8c3 Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Mon, 16 Jun 2025 21:20:42 +0000
Subject: [PATCH 4/7] add git user to rgit service

---
 configuration.nix | 2 +-
 services/rgit.nix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index f4b2760..244e122 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -10,7 +10,7 @@
   boot.tmp.cleanOnBoot = true;
   networking.hostName = "server";
   networking.domain = "";
-  networking.enableIPv6 = true;
+  networking.enableIPv6 = false;
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [80 443 9418];
diff --git a/services/rgit.nix b/services/rgit.nix
index 582f15f..7aa8cc9 100755
--- a/services/rgit.nix
+++ b/services/rgit.nix
@@ -20,5 +20,6 @@
     environment = {
       REFRESH_INTERVAL = "5m";
     };
+    user = "git:git";
   };
 }

From dbec636ab7baeaddb6eb8d0d20c43a309ad5bb6a Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Tue, 17 Jun 2025 14:05:43 +0000
Subject: [PATCH 5/7] updated all the systemd daemons

---
 cachix.nix                |  13 +++
 cachix/rgit.nix           |  13 +++
 flake.lock                | 194 ++++++++++++++++++++++++++++++++++++--
 flake.nix                 |   5 +-
 services/blog.nix         |   5 +
 services/elmskell.nix     |   5 +
 services/ferron.nix       |   1 +
 services/math-project.nix |   5 +
 services/rgit.nix         |  35 +++----
 services/rgit.nix.bak     |  23 +++++
 services/spacebar.nix     |   5 +
 services/translate.nix    |   5 +
 12 files changed, 276 insertions(+), 33 deletions(-)
 create mode 100644 cachix.nix
 create mode 100644 cachix/rgit.nix
 create mode 100755 services/rgit.nix.bak

diff --git a/cachix.nix b/cachix.nix
new file mode 100644
index 0000000..ecd2d39
--- /dev/null
+++ b/cachix.nix
@@ -0,0 +1,13 @@
+
+# WARN: this file will get overwritten by $ cachix use <name>
+{ pkgs, lib, ... }:
+
+let
+  folder = ./cachix;
+  toImport = name: value: folder + ("/" + name);
+  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
+  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
+in {
+  inherit imports;
+  nix.settings.substituters = ["https://cache.nixos.org/"];
+}
diff --git a/cachix/rgit.nix b/cachix/rgit.nix
new file mode 100644
index 0000000..0f37960
--- /dev/null
+++ b/cachix/rgit.nix
@@ -0,0 +1,13 @@
+
+{
+  nix = {
+    settings = {
+      substituters = [
+        "https://rgit.cachix.org"
+      ];
+      trusted-public-keys = [
+        "rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0="
+      ];
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index 14ff216..09b24e1 100755
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,36 @@
 {
   "nodes": {
+    "advisory-db": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1747937073,
+        "narHash": "sha256-52H8P6jAHEwRvg7rXr4Z7h1KHZivO8T1Z9tN6R0SWJg=",
+        "owner": "rustsec",
+        "repo": "advisory-db",
+        "rev": "bccf313a98c034573ac4170e6271749113343d97",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rustsec",
+        "repo": "advisory-db",
+        "type": "github"
+      }
+    },
+    "crane": {
+      "locked": {
+        "lastModified": 1748047550,
+        "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "b718a78696060df6280196a6f992d04c87a16aef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "elmskell-blog": {
       "inputs": {
         "nixpkgs": "nixpkgs"
@@ -20,7 +51,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -36,6 +67,22 @@
         "type": "github"
       }
     },
+    "helix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727654850,
+        "narHash": "sha256-du6Vy5Yxy6aZFP7ad5guz5GOD/8uMY+Pgse1ZM+K2Jo=",
+        "owner": "JordanForks",
+        "repo": "helix",
+        "rev": "1603715cc91bf6fdffb4aedfb5b76fb69fd10e28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "JordanForks",
+        "repo": "helix",
+        "type": "github"
+      }
+    },
     "jank-client": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -72,6 +119,27 @@
         "url": "file:///var/lib/git-server/math-project.git"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "rgit",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737420293,
+        "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1749143949,
@@ -119,18 +187,17 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1749658098,
-        "narHash": "sha256-VCerWubROWYfKu027Y4IZdtjN+3qr2WCGhX+mUGW5wk=",
-        "owner": "nixos",
+        "lastModified": 1749794982,
+        "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f1af0317e6a912fa23430de110e8665027bd5a7a",
+        "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
-        "ref": "release-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
       }
     },
     "nixpkgs_5": {
@@ -150,6 +217,37 @@
       }
     },
     "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1748159586,
+        "narHash": "sha256-xeCMAhKjhDjVFsfJcftv+CWcExYo+X8IBUW8L947ww4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7382d075365a977c4a9c8aa4c5e4abed15f00ee1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_7": {
+      "locked": {
+        "lastModified": 1745377448,
+        "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1746141548,
         "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
@@ -183,6 +281,30 @@
         "type": "github"
       }
     },
+    "rgit": {
+      "inputs": {
+        "advisory-db": "advisory-db",
+        "crane": "crane",
+        "helix": "helix",
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": "nixpkgs_6",
+        "treefmt-nix": "treefmt-nix",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1748169485,
+        "narHash": "sha256-JxPNDrvpqgpz6MQp6LKT3cbK4bl7/E9+eST1cEhl/jA=",
+        "owner": "w4",
+        "repo": "rgit",
+        "rev": "9224aa1a006acb6af6da8cfbee82278612bd05d0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "w4",
+        "repo": "rgit",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "elmskell-blog": "elmskell-blog",
@@ -190,13 +312,14 @@
         "math-project": "math-project",
         "nixpkgs": "nixpkgs_4",
         "noshell": "noshell",
+        "rgit": "rgit",
         "spacebar-server": "spacebar-server"
       }
     },
     "spacebar-server": {
       "inputs": {
         "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1748414795,
@@ -226,6 +349,57 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_7"
+      },
+      "locked": {
+        "lastModified": 1747912973,
+        "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index e537199..dfa25f0 100755
--- a/flake.nix
+++ b/flake.nix
@@ -1,9 +1,10 @@
 {
   description = "server flake";
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/release-25.05";
+    nixpkgs.url = "nixpkgs/nixos-unstable";
     noshell.url = "github:viperML/noshell";
     spacebar-server.url = "github:spacebarchat/server";
+    rgit.url = "github:w4/rgit";
 
     elmskell-blog.url = "git+file:///var/lib/git-server/blog.git";
     jank-client.url = "git+file:///var/lib/git-server/jank-client-fork.git";
@@ -18,6 +19,7 @@
     spacebar-server,
     jank-client,
     math-project,
+    rgit,
     ...
   }: let
     system = "x86_64-linux";
@@ -30,6 +32,7 @@
         inherit elmskell-blog;
         inherit spacebar-server;
         inherit math-project;
+        inherit rgit;
         ssh-pub-keys = import ./ssh-pub-keys.nix;
       };
       modules = [
diff --git a/services/blog.nix b/services/blog.nix
index cc303d7..aa85420 100755
--- a/services/blog.nix
+++ b/services/blog.nix
@@ -49,7 +49,12 @@ in {
       Type = "simple";
       ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml";
       RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
     };
+    wantedBy = ["multi-user.target"];
   };
   environment.etc."blog.ferron.yaml" = {
     source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix;
diff --git a/services/elmskell.nix b/services/elmskell.nix
index 86d154b..da1bd4e 100755
--- a/services/elmskell.nix
+++ b/services/elmskell.nix
@@ -39,7 +39,12 @@ in {
       Type = "simple";
       ExecStart = "/etc/nixos/services/elmskell/elmskell";
       RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
     };
+    wantedBy = ["multi-user.target"];
   };
   services.tor = {
     enable = true;
diff --git a/services/ferron.nix b/services/ferron.nix
index c694a57..d182d9d 100755
--- a/services/ferron.nix
+++ b/services/ferron.nix
@@ -50,6 +50,7 @@ in {
       ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml";
       RemainAfterExit = true;
     };
+    wantedBy = ["multi-user.target"];
   };
 
   environment.etc."ferron.yaml" = {
diff --git a/services/math-project.nix b/services/math-project.nix
index a541708..c3e577d 100755
--- a/services/math-project.nix
+++ b/services/math-project.nix
@@ -44,6 +44,11 @@ in {
       Type = "simple";
       ExecStart = "${lib.getExe math-project.packages.x86_64-linux.default}";
       RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
     };
+    wantedBy = ["multi-user.target"];
   };
 }
diff --git a/services/rgit.nix b/services/rgit.nix
index 7aa8cc9..59b87a1 100755
--- a/services/rgit.nix
+++ b/services/rgit.nix
@@ -1,25 +1,16 @@
-{
-  virtualisation.docker = {
-    enable = true;
-  };
-  virtualisation.oci-containers.backend = "docker";
-  virtualisation.oci-containers.containers.rgit = {
-    image = "ghcr.io/w4/rgit:main";
-    ports = [
-      "8000:8000"
-      "9418:9418"
-    ];
-    volumes = [
-      "/var/lib/git-server:/git:ro"
-    ];
-    cmd = [
-      "[::]:8000"
-      "/git"
-      "-d /tmp/rgit-cache.db"
-    ];
-    environment = {
-      REFRESH_INTERVAL = "5m";
+{rgit, ...}: {
+  systemd.services.rgit = {
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:3000 /var/lib/git-server";
+      RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelay = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
+      User = "git";
+      Group = "git";
     };
-    user = "git:git";
+    wantedBy = ["multi-user.target"];
   };
 }
diff --git a/services/rgit.nix.bak b/services/rgit.nix.bak
new file mode 100755
index 0000000..96c628e
--- /dev/null
+++ b/services/rgit.nix.bak
@@ -0,0 +1,23 @@
+{
+  virtualisation.docker = {
+    enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers.rgit = {
+    image = "ghcr.io/w4/rgit:main";
+    ports = [
+      "8000:8000"
+    ];
+    volumes = [
+      "/var/lib/git-server:/git:ro"
+    ];
+    cmd = [
+      "[::]:8000"
+      "/git"
+      "-d /tmp/rgit-cache.db"
+    ];
+    environment = {
+      REFRESH_INTERVAL = "5m";
+    };
+  };
+}
diff --git a/services/spacebar.nix b/services/spacebar.nix
index 1a3cd0f..dea6f39 100644
--- a/services/spacebar.nix
+++ b/services/spacebar.nix
@@ -45,7 +45,12 @@ in {
       RemainAfterExit = true;
       User = "spacebar";
       Group = "spacebar";
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
     };
+    wantedBy = ["multi-user.target"];
     environment = {
       DATABASE = "/var/lib/spacebar-server/database.db";
       STORAGE_LOCATION = "/var/lib/spacebar-server/files/";
diff --git a/services/translate.nix b/services/translate.nix
index 4f91353..2362e06 100755
--- a/services/translate.nix
+++ b/services/translate.nix
@@ -43,6 +43,11 @@ in {
       Type = "simple";
       ExecStart = "${lib.getExe pkgs.libretranslate} --port 8108";
       RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
     };
+    wantedBy = ["multi-user.target"];
   };
 }

From de1d95877812dfa2eb4d13af9af166c73afc2dfa Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Tue, 17 Jun 2025 14:23:03 +0000
Subject: [PATCH 6/7] fix breaking change pushed in bdc3a22

---
 configuration.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 244e122..2a1abe6 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -10,7 +10,6 @@
   boot.tmp.cleanOnBoot = true;
   networking.hostName = "server";
   networking.domain = "";
-  networking.enableIPv6 = false;
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [80 443 9418];

From 91206fb3c071e2c2c46b968bd852a100f04c80f6 Mon Sep 17 00:00:00 2001
From: mtgmonkey <mtgmonkey@server>
Date: Wed, 18 Jun 2025 15:45:04 +0000
Subject: [PATCH 7/7] add forgejo

---
 flake.lock         |  8 ++++----
 flake.nix          |  3 ++-
 services/gitea.nix | 28 ++++++++++++++++++++++++++++
 services/rgit.nix  |  2 +-
 4 files changed, 35 insertions(+), 6 deletions(-)
 create mode 100755 services/gitea.nix

diff --git a/flake.lock b/flake.lock
index 09b24e1..5b7f556 100755
--- a/flake.lock
+++ b/flake.lock
@@ -106,11 +106,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1749728695,
-        "narHash": "sha256-ZeWhAif+eh/ObPxceqQcuvtvxreXTNcHnhWEbPAuppM=",
+        "lastModified": 1750258769,
+        "narHash": "sha256-BazJgo04yFqFfp2AA0Tfba+nBAeaNddQJBdLghVJskk=",
         "ref": "refs/heads/master",
-        "rev": "c35a0b510854103f466adca6b60f50822893daca",
-        "revCount": 5,
+        "rev": "fa0e8ca47dd5341d24d8aae90a0bc28a689c3d46",
+        "revCount": 6,
         "type": "git",
         "url": "file:///var/lib/git-server/math-project.git"
       },
diff --git a/flake.nix b/flake.nix
index dfa25f0..05c8e9d 100755
--- a/flake.nix
+++ b/flake.nix
@@ -43,7 +43,8 @@
 
         jank-client.nixosModules.x86_64-linux.default
         ./services/spacebar.nix
-        ./services/rgit.nix
+        #        ./services/rgit.nix
+        ./services/gitea.nix
 
         ./services/translate.nix
 
diff --git a/services/gitea.nix b/services/gitea.nix
new file mode 100755
index 0000000..6d2e135
--- /dev/null
+++ b/services/gitea.nix
@@ -0,0 +1,28 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  systemd.services.gitea = {
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${lib.getExe pkgs.forgejo} -c /etc/gitea/config.ini";
+      RemainAfterExit = true;
+      Restart = "always";
+      RestartMaxDelaySec = "1m";
+      RestartSec = "100ms";
+      RestartSteps = 9;
+      User = "git";
+      Group = "git";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+  environment.etc."gitea/config.ini.default" = {
+    text = ''
+      WORK_PATH = /var/lib/git-server
+      [server]
+      HTTP_PORT = 8000
+    '';
+    mode = "644";
+  };
+}
diff --git a/services/rgit.nix b/services/rgit.nix
index 59b87a1..faccc74 100755
--- a/services/rgit.nix
+++ b/services/rgit.nix
@@ -2,7 +2,7 @@
   systemd.services.rgit = {
     serviceConfig = {
       Type = "simple";
-      ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:3000 /var/lib/git-server";
+      ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:8000 /var/lib/git-server";
       RemainAfterExit = true;
       Restart = "always";
       RestartMaxDelay = "1m";