flake.lock: Update

Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/dd4d1663ccf7fbdb32361b9afe9e71206584cd4c' (2024-06-24)
  → 'github:nix-community/disko/544a80a69d6e2da04e4df7ec8210a858de8c7533' (2024-07-01)
• Updated input 'dns':
    'github:kirelagin/dns.nix/9ebfa9158290de09fafcc759211e48bda48329ee' (2024-05-16)
  → 'github:kirelagin/dns.nix/e6693931023206f1f3c2bfc57d2c98b5f27f52e6' (2024-06-27)
• Updated input 'home-manager':
    'github:nix-community/home-manager/6b1f90a8ff92e81638ae6eb48cd62349c3e387bb' (2024-06-23)
  → 'github:nix-community/home-manager/59ce796b2563e19821361abbe2067c3bb4143a7d' (2024-07-01)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/caabc425565bbd5c8640630b0bf6974961a49242' (2024-06-25)
  → 'github:nixos/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24)
  → 'github:nixos/nixpkgs/2741b4b489b55df32afac57bc4bfd220e8bf617e' (2024-06-29)
• Updated input 'nixvim':
    'github:nix-community/nixvim/1a46075dfe8dbbd2c99980b59af7860a1de010db' (2024-06-25)
  → 'github:nix-community/nixvim/079c2c479b5707adf0b03f817be30945c92c15cf' (2024-07-01)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
  → 'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/065a23edceff48f948816b795ea8cc6c0dee7cdf' (2024-06-24)
  → 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3' (2024-06-24)
  → 'github:Mic92/sops-nix/a11224af8d824935f363928074b4717ca2e280db' (2024-07-01)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/5e8e3b89adbd0be63192f6e645e0a54080004924' (2024-06-22)
  → 'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119' (2024-06-29)
• Updated input 'stylix':
    'github:danth/stylix/7cdbd128172d7c4ec63f5073d49da5d0e7d6396c' (2024-06-24)
  → 'github:danth/stylix/1ff9d37d27377bfe8994c24a8d6c6c1734ffa116' (2024-06-27)

.gitignore

@@ -1,2 +1 @@
 testing/**
-result

.sops.yaml

@@ -2,7 +2,6 @@ keys:
   - &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
   - &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
   - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
-  - &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
 creation_rules:
   - path_regex: secrets/services/dns-knot.yaml
     key_groups:
@@ -40,9 +39,3 @@ creation_rules:
       - *emily
       age:
       - *seras
-  - path_regex: secrets/services/nyastodon.yaml
-    key_groups:
-    - pgp:
-      - *emily
-      age:
-      - *girldick

config/common/default.nix

@@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }: 
+{ config, lib, pkgs, ... }: 
 
 with lib; {
   imports = [
@@ -7,7 +7,6 @@ with lib; {
     ./openssh.nix
     ./users
     ../../modules
-    inputs.lix-module.nixosModules.default
   ];
   environment.systemPackages = with pkgs; [
     kitty.terminfo
@@ -24,7 +23,7 @@ with lib; {
     unzip
     zip
     figlet
-  ];
+  ]; 
   programs = {
     mtr.enable = true;
     fish.enable = true;
@@ -62,7 +61,7 @@ with lib; {
     path = pkgs.path;
   };
   nix.settings = {
-    experimental-features = [ "nix-command" "flakes" "pipe-operator" ];
+    experimental-features = [ "nix-command" "flakes" ];
     trusted-users = [ "root" "@wheel" ];
     substituters = [ "https://cache.kyouma.net" ];
     trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];

config/common/openssh.nix

@@ -11,8 +11,6 @@ let
   sigAlgorithms = [
     "ssh-ed25519-cert-v01@openssh.com"
     "ssh-ed25519"
-    "sk-ssh-ed25519-cert-v01@openssh.com"
-    "sk-ssh-ed25519@openssh.com"
   ];
 
   kexAlgorithms = [

config/common/users/emily/default.nix

@@ -12,7 +12,7 @@
     ];
   };
   nixpkgs.config.permittedInsecurePackages = [
-    "jitsi-meet-1.0.8043"
+    "electron-25.9.0"
   ];
 
   home-manager.useGlobalPkgs = true;
@@ -23,7 +23,6 @@
       whois
       htop
       restic
-      fend
     ] ++ lib.optionals config.kyouma.machine-type.graphical [
       linux-manual
       colmena
@@ -43,8 +42,8 @@
       libnotify
       slurp
       grim
-      simple-scan
-      nemo
+      gnome.simple-scan
+      cinnamon.nemo
       imagemagick_light
 
       #ubuntu_font_family
@@ -62,7 +61,7 @@
 
     programs.eza = {
       enable = true;
-      icons = "auto";
+      icons = true;
       git = true;
       extraOptions = [
         "--color-scale=all"

config/hosts/_minimal/configuration.nix

@@ -52,7 +52,7 @@
 
     programs.eza = {
       enable = true;
-      icons = "auto";
+      icons = true;
       git = true;
       extraOptions = [
         "--color-scale=all"

config/hosts/emilia/configuration.nix

@@ -7,7 +7,6 @@
     ../../services/nginx.nix
     ../../services/uptime-kuma.nix
     ../../services/vaultwarden.nix
-    ../../services/librespeed.nix
     ./disko.nix
     ./hardware-configuration.nix
   ];

config/hosts/emilia/disko.nix

@@ -62,7 +62,6 @@
             };
           };
           root = {
-            type = "8300";
             size = "100%";
           };
         };

config/hosts/integra/configuration.nix

@@ -16,15 +16,6 @@
 
   networking.hostName = "integra";
 
-  nix.sshServe.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
-  ];
-
   systemd.network.networks."98-eth-default" = {
     matchConfig.Type = "ether";
     matchConfig.Name = "e*";

config/hosts/ryuuko/configuration.nix

@@ -2,6 +2,7 @@
   imports = [
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
     ../../common
+    ../../profiles/graphical
     ../../profiles/physical.nix
     ./disko.nix
     ./hardware-configuration.nix
@@ -26,9 +27,8 @@
   hardware.gpgSmartcards.enable = true;
   hardware.nitrokey.enable = true;
 
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
+  hardware.opengl = {
+    driSupport32Bit = true;
     extraPackages = with pkgs; [ 
       intel-media-driver 
       libvdpau-va-gl
@@ -40,13 +40,7 @@
     extraBackends = [ pkgs.utsushi ];
   };
 
-  kyouma = {
-    graphical = {
-      enable = true;
-      compositor = "hyprland";
-    };
-    machine-type.portable = true;
-  };
+  kyouma.machine-type.portable = true;
 
   networking.hostName = "ryuuko";
   networking.firewall.allowedTCPPorts = [ 22000 ];

config/hosts/seras/configuration.nix

@@ -20,31 +20,4 @@
       "2a0f:be01:0:100::169/128" 
     ];
   };
-
-  services.postgresql.settings = {
-    max_connections = 200;
-    shared_buffers = "24GB";
-    effective_cache_size = "72GB";
-    maintenance_work_mem = "2GB";
-    checkpoint_completion_target = 0.9;
-    wal_buffers = "16MB";
-    default_statistics_target = 100;
-    random_page_cost = 1.1;
-    effective_io_concurrency = 200;
-    work_mem = "31457kB";
-    huge_pages = "try";
-    min_wal_size = "1GB";
-    max_wal_size = "4GB";
-    max_worker_processes = 32;
-    max_parallel_workers_per_gather = 4;
-    max_parallel_workers = 32;
-    max_parallel_maintenance_workers = 4;
-  };
-
-  kyouma.ooklaserver = {
-    enable = true;
-    openFirewall = true;
-    domain = "speedtest.kyouma.net";
-    settings.openSSL.server.minimumTLSProtocol = "1.3";
-  };
 }

config/profiles/builder.nix

@@ -1,20 +1,18 @@
 { lib, pkgs, ... }: {
   kyouma.deployment.auto-upgrade.cache = "daemon";
-  nix.gc.options = lib.mkForce "--delete-older-than 30d";
-  nix.settings = {
-    trusted-users = [ "nix-ssh" ];
-    #system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
-  };
+  nix.gc.options = lib.mkForce "--delete-older-than 60d";
+  nix.settings.trusted-users = [ "build" ];
   nix.extraOptions = ''
-    min-free = ${builtins.toString (16384 * 1024 * 1024)}
-    max-free = ${builtins.toString (32768 * 1024 * 1024)}
+    min-free = ${builtins.toString (4096 * 1024 * 1024)}
+    max-free = ${builtins.toString (8192 * 1024 * 1024)}
     max-substitution-jobs = 20
-    max-silent-time = 14400
+    max-silent-time = 7200
   '';
-  nix.sshServe = {
-    enable = true;
-    write = true;
-    keys = [
+  users.users.build = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    ignoreShellProgramCheck = true;
+    openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"

config/profiles/graphical/default.nix

@@ -0,0 +1,220 @@
+{ config, pkgs, lib, inputs, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    inputs.stylix.nixosModules.stylix
+    ./files.nix
+    ./hyprland.nix
+    ./nixvim.nix
+    ./waybar.nix
+  ];
+
+  kyouma.machine-type.graphical = true;
+
+  hardware.opengl.enable = true;
+  
+  boot.plymouth.enable = true;
+
+  security.pam.services.hyprlock = {};
+
+  services.dbus.packages = [ pkgs.gcr ];
+  services.geoclue2.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    pulse.enable = true;
+  };
+
+  services.udisks2.enable = true;
+
+  environment.variables = {
+    CLUTTER_BACKEND = "wayland";
+    GDK_BACKEND = "wayland,x11";
+    MOZ_ENABLE_WAYLAND = "1";
+    QT_QPA_PLATFORM = "wayland;xcb";
+    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    SDL_VIDEODRIVER = "wayland";
+    LIBVA_DRIVER_NAME = "radeonsi";
+    MESA_VK_DEVICE_SELECT = "1002:73df";
+    WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
+  };
+  xdg.icons.enable = true;
+  xdg.portal = {
+    enable = true; 
+    wlr.enable = true;
+    configPackages = [ pkgs.xdg-desktop-portal-hyprland ];
+  };
+
+  stylix= {
+    image = pkgs.fetchurl {
+      url = "https://kyouma.net/wallpaper.png";
+      sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
+    };
+    polarity = "dark";
+    #base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
+    fonts = {
+      sansSerif = {
+        package = pkgs.noto-fonts;
+        name = "Noto Sans";
+      };
+      serif = config.stylix.fonts.sansSerif;
+      monospace = {
+        package = pkgs.jetbrains-mono;
+        name = "JetBrains Mono Regular";
+      };
+      sizes.terminal = 11;
+    };
+    cursor = {
+      package = pkgs.capitaine-cursors;
+      name = "capitaine";
+      size = 24;
+    };
+    targets = {
+      console.enable = false;
+      gnome.enable = true;
+      fish.enable = false;
+    };
+  };
+
+  home-manager.users.emily = {
+    stylix.targets = {
+      hyprland.enable = false;
+      kitty.enable = false;
+      mako.enable = false;
+      rofi.enable = false;
+      swaylock.enable = false;
+      waybar.enable = false;
+      nixvim.enable = false;
+      fish.enable = false;
+    };
+    home.keyboard = {
+      layout = "de";
+      variant = "neo_qwerty";
+    };
+
+    programs.imv.enable = true;
+    
+    programs.wpaperd = {
+      enable = true;
+      settings.default = {
+        path = "/home/emily/Pictures/wallpapers/sylviaritter/";
+        duration = "60m";
+        sorting = "random";
+      };
+    };
+    programs.kitty = {
+      enable = true;
+      font.size = 13;
+      font.name = "JetBrains Mono";
+      settings = {
+        enable_audio_bell = false;
+        scrollback_lines = 65536;
+        remember_window_size = false;
+        initial_window_width = 1200;
+        initial_window_height = 800;
+
+        bold_font = "auto";
+        italic_font = "auto";
+        bold_italic_font = "auto";
+
+        background = "#090312";
+        background_opacity = "0.7";
+      };
+      keybindings = {
+        "shift+right" = "next_tab";
+        "ctrl+l" = "next_tab";
+        "shift+left" = "previous_tab";
+        "ctrl+h" = "previous_tab";
+      };
+    };
+    programs.rofi = {
+      enable = true;
+      package = pkgs.rofi-wayland;
+    };
+    
+    programs.zoxide = {
+      enable = true;
+      options = [ "--cmd cd" ];
+    };
+    programs.fzf.enable = true;
+
+    qt = {
+      enable = true;
+      platformTheme.name = "qtct";
+      style.name = "kvantum-dark";
+      style.package = with pkgs; [
+        libsForQt5.qtstyleplugin-kvantum
+        qt6Packages.qtstyleplugin-kvantum
+        (catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
+      ];
+    };
+    gtk.iconTheme.name = "Adwaita";
+    gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
+
+    services.gammastep = {
+      enable = true;
+      provider = "geoclue2";
+      temperature.day = 6500;
+      temperature.night = 3700;
+      settings.general.adjustment-method = "wayland";
+    };
+    services.mako = {
+      enable = true;
+      anchor = "top-right";
+      backgroundColor = "#24273a";
+      borderColor = "#c6a0f6";
+      borderRadius = 15;
+      borderSize = 2;
+      defaultTimeout = 5000;
+      layer = "overlay";
+      maxIconSize = 48;
+      padding = "15";
+      progressColor = "over #B4A1DB";
+      sort = "-time";
+      textColor = "#cad3f5";
+      extraConfig = ''
+        max-history=100
+        on-button-left=dismiss
+        on-button-right=dismiss-all
+        on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
+
+        [urgency=low]
+        border-color=#B4A1DB
+        default-timeout=2000
+
+        [urgency=normal]
+        border-color=#B4A1DB
+        default-timeout=5000
+
+        [urgency=high]
+        border-color=#D04E9D
+        text-color=#D04E9D
+        default-timeout=0
+
+        [category=mpd]
+        border-color=#E49186
+        default-timeout=2000
+        group-by=category
+      '';
+    };
+    services.gpg-agent = {
+      enable = true;
+      enableSshSupport = true;
+      pinentryPackage = pkgs.pinentry-gnome3;
+    };
+    services.syncthing = {
+      enable = true;
+      tray.enable = true;
+      tray.command = "syncthingtray --replace";
+    };
+    services.udiskie = {
+      enable = true;
+      automount = false;
+    };
+    systemd.user.services.syncthingtray.Service = {
+      ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
+      Restart = "on-failure";
+      RestartSec = "1s";
+    };
+  };
+}

config/profiles/graphical/files.nix

@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
-  config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
+{ config, pkgs, ... }: {
+  home-manager.users.emily = {
     home.file.".local/bin/hypr/playerctl.sh" = let
       playerctl = "${pkgs.playerctl}/bin/playerctl";
       title = "$(${playerctl} metadata --format '{{markup_escape(title)}}')"; 
@@ -19,7 +19,7 @@
         fi
       '';
     };
-    home.file.".local/bin/hypr/colorpicker.sh" = {
+    home.file."./local/bin/hypr/colorpicker.sh" = {
       enable = true;
       executable = true;
       source = pkgs.writeShellApplication {
@@ -28,7 +28,7 @@
         runtimeInputs = with pkgs; [ coreutils grim slurp imagemagick_light wl-clipboard libnotify ];
       };
     };
-    home.file.".local/bin/hypr/rofi_powermenu.sh" = {
+    home.file."./local/bin/hypr/rofi_powermenu.sh" = {
       enable = true;
       executable = true;
       source = pkgs.writeShellApplication {
@@ -37,7 +37,7 @@
         runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ];
       };
     };
-    home.file.".local/bin/hypr/rofi_screenshot.sh" = {
+    home.file."./local/bin/hypr/rofi_screenshot.sh" = {
       enable = true;
       executable = true;
       source = pkgs.writeShellApplication {
@@ -46,7 +46,7 @@
         runtimeInputs = with pkgs; [ coreutils grim hyprland imv slurp wl-clipboard libnotify pulseaudio toybox rofi xdg-user-dirs ];
       };
     };
-    home.file.".local/bin/hypr/screenshot.sh" = {
+    home.file."./local/bin/hypr/screenshot.sh" = {
       enable = true;
       executable = true;
       source = pkgs.writeShellApplication {

config/profiles/graphical/hyprland.nix

@@ -1,5 +1,57 @@
-{ config, lib, pkgs, ... }: {
-  config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
+{ pkgs, ... }: {
+  home-manager.users.emily = {
+    programs.hyprlock = {
+      enable = true;
+      settings = {
+        general = {
+          hide_cursor = true;
+          disable_loading_bar = true;
+        };
+        background = [{
+          path = "screenshot";
+          #path = "$HOME/Pictures/wallpapers/lockscreen.png";
+          blur_passes = 3;
+          contrast = 1.25;
+        }];
+        input-field = [{
+          size = "250, 60";
+          outline_thickness = 2;
+          dots_size = 0.2;
+          dots_spacing = 0.2; 
+          dots_center = true;
+          outer_color = "rgba(0, 0, 0, 0)";
+          inner_color = "rgba(0, 0, 0, 0.5)";
+          font_color = "rgb(200, 200, 200)";
+          fade_on_empty = true;
+          fade_timeout = 5000;
+          font_family = "JetBrains Mono Nerd Font Mono";
+          fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
+          position = "0, 200";
+          halign = "center"; 
+          valign = "bottom"; 
+        }];
+        label = [{
+          text = "cmd[update:250] date +%X";
+          color = "rgba(255, 255, 255, 0.6)";
+          font_size = "100";
+          font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
+          position = "0, -300";
+          halign = "center";
+          valign = "top";
+        }];
+      };
+    };
+    services.swayidle =
+    let 
+      hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
+    in {
+      enable = true;
+      systemdTarget = "hyprland-session.target";
+      events = [
+        { event = "before-sleep"; command = hyprlock; }
+        { event = "lock"; command = hyprlock; }
+      ];
+    };
     wayland.windowManager.hyprland = {
       enable = true;
       settings = let
@@ -118,8 +170,8 @@
           "eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
           #"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
           #"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
-          "desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@240,5280x0,1, bitdepth,10, vrr,2"
-          "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-280,1, bitdepth,10, transform,1"
+          "desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@120,5280x0,1, bitdepth,10, vrr,2"
+          "desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1"
           ",preferred,auto,1"
         ];
         workspace = [

config/profiles/graphical/nixvim.nix

@@ -0,0 +1,218 @@
+{ pkgs, inputs, ... }: {
+  home-manager.users.emily.imports = [ 
+    inputs.nixvim.homeManagerModules.nixvim
+  ];
+  home-manager.users.emily.programs.nixvim = {
+    enable = true;
+    extraPlugins = [ 
+      pkgs.vimPlugins.molokai
+      pkgs.vimPlugins.vim-airline-themes
+    ];
+    colorscheme = "molokai";
+    vimAlias = true;
+    highlightOverride.Normal = {
+      ctermbg = "NONE";
+      bg = "NONE";
+    };
+    opts = {
+      number = true;
+      expandtab = true;
+      autoindent = true;
+      mouse = "";
+      encoding = "utf-8";
+      shiftwidth = 2;
+      smartindent = true;
+      tabstop = 2;
+
+      ignorecase = true;
+      incsearch = true;
+      smartcase = true;
+    };
+    keymaps = [
+      {
+        action = "<cmd>Neotree toggle<CR>";
+        key = "<C-n>";
+        mode = "n";
+        options.silent = true;
+      }
+      {
+        action = "<C-\\><C-n>";
+        key = "<esc>";
+        mode = "t";
+      }
+    ];
+    plugins.cmp = {
+      enable = true;
+      settings.sources = [
+        { name = "nvim_lsp"; }
+        { name = "luasnip"; }
+        { name = "buffer"; }
+        { name = "nvim_lua"; }
+        { name = "path"; }
+      ];
+      settings.formatting = {
+        fields = [ "abbr" "kind" "menu" ];
+        format = ''
+          function(_, item)
+            local icons = {
+              Namespace = "󰌗",
+              Text = "󰉿",
+              Method = "󰆧",
+              Function = "󰆧",
+              Constructor = "",
+              Field = "󰜢",
+              Variable = "󰀫",
+              Class = "󰠱",
+              Interface = "",
+              Module = "",
+              Property = "󰜢",
+              Unit = "󰑭",
+              Value = "󰎠",
+              Enum = "",
+              Keyword = "󰌋",
+              Snippet = "",
+              Color = "󰏘",
+              File = "󰈚",
+              Reference = "󰈇",
+              Folder = "󰉋",
+              EnumMember = "",
+              Constant = "󰏿",
+              Struct = "󰙅",
+              Event = "",
+              Operator = "󰆕",
+              TypeParameter = "󰊄",
+              Table = "",
+              Object = "󰅩",
+              Tag = "",
+              Array = "[]",
+              Boolean = "",
+              Number = "",
+              Null = "󰟢",
+              String = "󰉿",
+              Calendar = "",
+              Watch = "󰥔",
+              Package = "",
+              Copilot = "",
+              Codeium = "",
+              TabNine = "",
+            }
+
+            local icon = icons[item.kind] or ""
+            item.kind = string.format("%s %s", icon, item.kind or "")
+            return item
+          end
+        '';
+      };
+      settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
+      settings.window = {
+        completion = {
+          winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
+          scrollbar = false;
+          sidePadding = 0;
+          border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
+        };
+        documentation = {
+          border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
+          winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
+        };
+      };
+      settings.mapping = {
+        "<C-n>" = "cmp.mapping.select_next_item()";
+        "<C-p>" = "cmp.mapping.select_prev_item()";
+        "<C-j>" = "cmp.mapping.select_next_item()";
+        "<C-k>" = "cmp.mapping.select_prev_item()";
+        "<C-d>" = "cmp.mapping.scroll_docs(-4)";
+        "<C-f>" = "cmp.mapping.scroll_docs(4)";
+        "<C-Space>" = "cmp.mapping.complete()";
+        "<C-e>" = "cmp.mapping.close()";
+        "<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
+        "<Tab>" = ''
+          cmp.mapping(function(fallback)
+            if cmp.visible() then
+              cmp.select_next_item()
+            elseif require("luasnip").expand_or_jumpable() then
+              vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
+            else
+              fallback()
+            end
+          end,{"i","s"})
+        '';
+        "<S-Tab>" = ''
+          cmp.mapping(function(fallback)
+            if cmp.visible() then
+              cmp.select_prev_item()
+            elseif require("luasnip").jumpable(-1) then
+              vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
+            else
+              fallback()
+            end
+          end,{"i","s"})
+        '';
+      };
+    };
+    plugins.lsp = {
+      enable = true;
+      keymaps.lspBuf = {
+        "K" = "hover";
+        "gd" = "definition";
+        "gD" = "references";
+        "gt" = "type_definition";
+        "gi" = "implementation";
+      };
+      servers = {
+        bashls.enable = true;
+        lua-ls.enable = true;
+        nil_ls = {
+          enable = true;
+          settings.formatting.command = [ "nixfmt" "-w" "140" ];
+        };
+        nixd = {
+          enable = false;
+          settings = {
+            eval.depth = 5;
+            eval.workers = 6;
+            formatting.command = [ "nixfmt" "-w" "140" ];
+            options.enable = true;
+          };
+        };
+        ruff-lsp.enable = true;
+        rust-analyzer = {
+          enable = true;
+          installRustc = true;
+          installCargo = true;
+        };
+      };
+    };
+    plugins.none-ls = {
+      enable = true;
+      sources.diagnostics = {
+        pylint.enable = true;
+        statix.enable = true;
+      };
+      sources.formatting = {
+        nixfmt.enable = true;
+        markdownlint.enable = true;
+      };
+    };
+    plugins.neo-tree = {
+      enable = true;
+      closeIfLastWindow = true;
+    };
+    plugins.treesitter = {
+      enable = true;
+      nixGrammars = true;
+      indent = true;
+    };
+    plugins.airline.enable = true;
+    plugins.cmp-buffer.enable = true;
+    plugins.cmp-emoji.enable = true;
+    plugins.cmp-nvim-lsp.enable = true;
+    plugins.cmp-path.enable = true;
+    plugins.cmp_luasnip.enable = true;
+    plugins.luasnip.enable = true;
+    plugins.nvim-autopairs.enable = true;
+    plugins.rainbow-delimiters.enable = true;
+    plugins.rustaceanvim.enable = true;
+    plugins.treesitter-context.enable = true;
+  };
+}

config/profiles/graphical/waybar.nix

@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
-  config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
+{ pkgs, ... }: {
+  home-manager.users.emily = {
     programs.waybar = {
       enable = true; 
       style = ./files/waybar-style.css;

config/profiles/rpi.nix

@@ -69,6 +69,7 @@
     })
   ];
 
+  sound.enable = true;
   services.avahi = {
     enable = true;
     ipv6 = true;

config/services/forgejo.nix

@@ -24,9 +24,6 @@
       DEFAULT.APP_NAME = "The dog girl Git";
       federation.ENABLED = true;
       log.LEVEL = "Info";
-      indexer = {
-        REPO_INDEXER_ENABLED = true;
-      };
       mailer = {
         ENABLED = true;
         PROTOCOL = "smtp+starttls";

config/services/hydra/default.nix

@@ -1,27 +1,19 @@
-{ config, inputs, lib, ... }: {
+{ config, ... }: {
   imports = [
     ./nix-config.nix
-    inputs.hydra.nixosModules.hydra
   ];
   sops.secrets."services/hydra/signKey" = {
     owner = "hydra-queue-runner";
     sopsFile = ../../../secrets/services/hydra.yaml;
   };
-  sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
-    path = "/var/lib/hydra/.ssh/id_ed25519";
-    owner = "hydra";
-    mode = "0400";
-    sopsFile = ../../../secrets/services/hydra.yaml;
-  };
   sops.secrets."services/hydra/id_ed25519_hydra" = {
     owner = "hydra-queue-runner";
     sopsFile = ../../../secrets/services/hydra.yaml;
   };
   kyouma.deployment.auto-upgrade.cache = "daemon";
 
-  services.hydra-dev = {
+  services.hydra = {
     enable = true;
-    package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
     hydraURL = "https://hydra.kyouma.net";
     listenHost = "localhost";
     notificationSender = "hydra@hydra.kyouma.net";
@@ -31,13 +23,12 @@
       server_store_uri = https://cache.kyouma.net
       binary_cache_public_uri = https://cache.kyouma.net
       evaluator_workers = 8
-      evaluator_max_memory_size = 16384
-      max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
+      evaluator_max_memory_size = 4096
     '';
   };
   services.harmonia = {
     enable = true;
-    signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
+    signKeyPath = config.sops.secrets."services/hydra/signKey".path;
     settings = {
       bind = "[::1]:5555";
     };

config/services/hydra/nix-config.nix

@@ -1,40 +1,24 @@
-{ config, lib, ... }: {
+{ config, ... }: {
   nix.buildMachines = [
     {
       hostName = "localhost";
-      protocol = null;
-      maxJobs = 0;
-      speedFactor = 0;
+      sshUser = "hydra-queue-runner";
+      maxJobs = 40;
+      speedFactor = 40;
       systems = [ "x86_64-linux" ];
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
     }
     {
       hostName = "integra.kyouma.net";
-      sshUser = "nix-ssh";
-      maxJobs = 2;
-      speedFactor = 4;
+      sshUser = "build";
+      maxJobs = 4;
+      speedFactor = 8;
       systems = [ "aarch64-linux" ];
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
     }
-    {
-      hostName = "build-worker-04.nyantec.com";
-      sshUser = "nix-ssh";
-      maxJobs = 4;
-      speedFactor = 18;
-      systems = [ "x86_64-linux" "riscv64-linux" ];
-      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
-      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
-    }
-  ] ++ lib.forEach [ "01" "02" "03" "05" "06" "07" "08" "09" ] (num: {
-      hostName = "build-worker-${num}";
-      sshUser = "root";
-      maxJobs = 2;
-      speedFactor = 20;
-      systems = [ "i686-linux" "x86_64-linux" ];
-      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
-      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
-  });
+  ];
   nix.settings = {
     allowed-uris = [
       "github:"
@@ -43,46 +27,11 @@
       "https://"
     ];
   };
+  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
+  ];
   programs.ssh = {
-    knownHosts = {
-      "build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
-      "build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
-      "integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
-      "localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
-      "[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
-      "[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
-      "[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
-      "[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
-      "[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
-      "[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
-      "[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
-      "[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
-    }; 
-    extraConfig = ''
-      Host build-worker-01
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2201
-      Host build-worker-02
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2202
-      Host build-worker-03
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2203
-      Host build-worker-05
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2204
-      Host build-worker-06
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2205
-      Host build-worker-07
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2206
-      Host build-worker-08
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2207
-      Host build-worker-09
-        Hostname build-worker-kyoumanet.fly.dev
-        Port 2208
-    '';
+    knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
+    knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
   };
 }

config/services/librespeed.nix

@@ -1,8 +0,0 @@
-{ ... }: {
-  services.librespeed = {
-    enable = true;
-    openFirewall = true;
-    domain = "speed.kyouma.net";
-    frontend.enable = true;
-  };
-}

config/services/nginx.nix

@@ -34,11 +34,5 @@
       add_header Referrer-Policy 		        "same-origin" always;
       #add_header Content-Security-Policy    "script-src 'self'; object-src 'none'; base-uri 'none';" always;
     '';
-    eventsConfig = ''
-      multi_accept on;
-    '';
-    appendConfig = ''
-      worker_processes auto;
-    '';
   };
 }

config/services/nyastodon.nix

@@ -1,24 +1,4 @@
 { config, pkgs, ... }: {
-  sops.secrets."services/nyastodon/extraEnvFile" = {
-    sopsFile = ../../secrets/services/nyastodon.yaml;
-    owner = "mastodon";
-  };
-  sops.secrets."services/nyastodon/secretKeyBaseFile" = {
-    sopsFile = ../../secrets/services/nyastodon.yaml;
-    owner = "mastodon";
-  };
-  sops.secrets."services/nyastodon/otpSecretFile" = {
-    sopsFile = ../../secrets/services/nyastodon.yaml;
-    owner = "mastodon";
-  };
-  sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
-    sopsFile = ../../secrets/services/nyastodon.yaml;
-    owner = "mastodon";
-  };
-  sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
-    sopsFile = ../../secrets/services/nyastodon.yaml;
-    owner = "mastodon";
-  };
   services.mastodon = {
     enable = true;
     package = pkgs.nyastodon;
@@ -26,10 +6,5 @@
     configureNginx = true;
     smtp.fromAddress = "webmaster@girldick.gay"; 
     streamingProcesses = 16;
-    extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
-    secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
-    otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
-    vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
-    vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
   };
 }

config/services/vaultwarden.nix

@@ -5,14 +5,14 @@
   };
   sops.secrets."services/vaultwarden/basicAuth" = {
     sopsFile = ../../secrets/services/vaultwarden.yaml;
-    owner = "nginx";
+    owner = "vaultwarden";
   };
   services.vaultwarden = {
     enable = true;
     environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
     backupDir = "/var/backup/bitwarden_rs";
     config = {
-      DOMAIN = "https://vault.kyouma.net";
+      DOMAIN = "https://staging.vault.kyouma.net";
       DATABASE_MAX_CONNS = 15;
       WEB_VAULT_ENABLED = true;
       WEBSOCKET_ADDRESS = "::1";
@@ -33,10 +33,10 @@
       SMTP_SECURITY = "starttls";
       SMTP_PORT = 587;
       ROCKET_ADDRESS = "::1";
-      ROCKET_PORT = 8222;
+      ROCKET_PORT = "8222";
     };
   };
-  kyouma.nginx.virtualHosts."vault.kyouma.net" = {
+  kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
     locations."/" = {
       proxyPass = "http://[::1]:8222";
       proxyWebsockets = true;
@@ -46,5 +46,5 @@
       basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
     };
   };
-  security.acme.certs."vault.kyouma.net" = {};
+  security.acme.certs."staging.vault.kyouma.net" = {};
 }

flake.nix

@@ -7,6 +7,7 @@
     attic = {
       url = "github:zhaofengli/attic";
       inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
     };
     disko = {
       url = "github:nix-community/disko";
@@ -19,30 +20,18 @@
     };
     fernglas = {
       url = "github:wobcom/fernglas";
+      #inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    hydra = {
-      url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
-      inputs.lix.follows = "lix";
-    };
-    iceshrimp = {
-      url = "git+https://iceshrimp.dev/iceshrimp/packaging";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     kyouma-www = {
       url = "git+https://woof.rip/emily/kyouma-net.git";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
-    lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
-    lix-module = {
-      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     nixos-needsreboot = {
       url = "github:thefossguy/nixos-needsreboot";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -71,6 +60,10 @@
       "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
     ];
     builders-use-substitutes = true;
+    builders = ''
+      ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
+      ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
+    '';
   };
 
   outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
@@ -110,9 +103,7 @@
         ];
       };
     };
-    images = {
-      lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
-    };
+    images.lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
 
     overlays = {
       kyouma = import ./pkgs/overlay.nix;
@@ -135,18 +126,14 @@
     };
   in {
     packages = shinyflakes.mapPackages (pkgs) {
-#      newHost = pkgs.writeShellApplication {
-#        name = "update-flyio";
-#        text = ''
-#        '';
+#      newhost = pkgs.stdenv.mkDerivation {
+#        name = "newhost";
 #      };
     };
-    apps = {
-      update-build-worker = {
-        type = "app";
-        program = ./pkgs/build-worker-oci/update.sh;
-      };
-    };
+#    apps = rec {
+#      newhost = self.packages.${system}.newhost;
+#      default = newhost;
+#    };
     devShells.default = pkgs.mkShell {
       packages = [ pkgs.colmena pkgs.sops ];
     };

fly.toml

@@ -1,142 +0,0 @@
-app = 'build-worker-kyoumanet'
-primary_region = 'ams'
-
-[build]
-  image = 'registry.fly.io/build-worker-kyoumanet:latest'
-
-[processes]
-  bw-01 = '/entrypoint.sh'
-  bw-02 = '/entrypoint.sh'
-  bw-03 = '/entrypoint.sh'
-  bw-04 = '/entrypoint.sh'
-  bw-05 = '/entrypoint.sh'
-  bw-06 = '/entrypoint.sh'
-  bw-07 = '/entrypoint.sh'
-  bw-08 = '/entrypoint.sh'
-
-[[mounts]]
-  source = 'bw01'
-  destination = '/mnt/data'
-  initial_size = '128GB'
-  processes = ['bw-01']
-
-[[mounts]]
-  source = 'bw02'
-  destination = '/mnt/data'
-  initial_size = '128GB'
-  processes = ['bw-02']
-
-[[mounts]]
-  source = 'bw03'
-  destination = '/mnt/data'
-  initial_size = '128GB'
-  processes = ['bw-03']
-
-[[mounts]]
-  source = 'bw04'
-  destination = '/mnt/data'
-  initial_size = '128GB'
-  processes = ['bw-04']
-
-[[mounts]]
-  source = 'bw05'
-  destination = '/mnt/data'
-  initial_size = '256GB'
-  processes = ['bw-05']
-
-[[mounts]]
-  source = 'bw06'
-  destination = '/mnt/data'
-  initial_size = '256GB'
-  processes = ['bw-06']
-
-[[mounts]]
-  source = 'bw07'
-  destination = '/mnt/data'
-  initial_size = '256GB'
-  processes = ['bw-07']
-
-[[mounts]]
-  source = 'bw08'
-  destination = '/mnt/data'
-  initial_size = '256GB'
-  processes = ['bw-08']
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-01']
-
-  [[services.ports]]
-    port = 2201
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-02']
-
-  [[services.ports]]
-    port = 2202
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-03']
-
-  [[services.ports]]
-    port = 2203
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-04']
-
-  [[services.ports]]
-    port = 2204
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-05']
-
-  [[services.ports]]
-    port = 2205
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-06']
-
-  [[services.ports]]
-    port = 2206
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-07']
-
-  [[services.ports]]
-    port = 2207
-
-[[services]]
-  protocol = 'tcp'
-  internal_port = 2222
-  auto_stop_machines = 'off'
-  processes = ['bw-08']
-
-  [[services.ports]]
-    port = 2208
-
-[[restart]]
-  policy = 'never'
-
-[[vm]]
-  size = 'performance-16x'
-  memory = '96GB'

modules/default.nix

@@ -1,5 +1,8 @@
-{ lib, ... }: let
-  mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
-in {
-  imports = builtins.map (dir: ./${dir}) mapModules;
+{ ... }: {
+  imports = [
+    ./deployment
+    ./machine-type
+    ./nginx
+    ./update-nixfiles
+  ];
 }

modules/graphical/default.nix

@@ -1,238 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-let 
-  cfg = config.kyouma.graphical;
-in {
-  options = {
-    kyouma.graphical = {
-      enable = lib.mkEnableOption "graphical profile";
-      compositor = lib.mkOption {
-        type = with lib.types; nullOr (enum [ "hyprland" "niri" ]);
-        default = null;
-      };
-    };
-  };
-
-  imports = [
-    inputs.stylix.nixosModules.stylix
-    ./files.nix
-    ./hyprland.nix
-    ./waybar-hyprland.nix
-    ./hyprlock.nix
-    ./nixvim.nix
-  ];
-
-  config = lib.mkIf cfg.enable {
-  
-    kyouma.machine-type.graphical = true;
-  
-    boot.plymouth.enable = true;
-  
-    security.pam.services.hyprlock = {};
-  
-    services.dbus.packages = [ pkgs.gcr ];
-    services.geoclue2.enable = true;
-  
-    services.pipewire = {
-      enable = true;
-      alsa.enable = true;
-      pulse.enable = true;
-    };
-  
-    services.udisks2.enable = true;
-  
-    environment.variables = {
-      CLUTTER_BACKEND = "wayland";
-      GDK_BACKEND = "wayland,x11";
-      MOZ_ENABLE_WAYLAND = "1";
-      QT_QPA_PLATFORM = "wayland;xcb";
-      QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
-      SDL_VIDEODRIVER = "wayland";
-      LIBVA_DRIVER_NAME = "radeonsi";
-      MESA_VK_DEVICE_SELECT = "1002:73df";
-      WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
-    };
-    xdg.icons.enable = true;
-    xdg.portal = {
-      enable = true; 
-      wlr.enable = true;
-      configPackages = [ (if cfg.compositor == "hyprland" 
-        then pkgs.xdg-desktop-portal-hyprland 
-        else pkgs.xdg-desktop-portal-wlr
-      ) ];
-    };
-  
-    stylix= {
-      image = pkgs.fetchurl {
-        url = "https://kyouma.net/wallpaper.png";
-        sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
-      };
-      polarity = "dark";
-      #base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
-      fonts = {
-        sansSerif = {
-          package = pkgs.noto-fonts;
-          name = "Noto Sans";
-        };
-        serif = config.stylix.fonts.sansSerif;
-        monospace = {
-          package = pkgs.jetbrains-mono;
-          name = "JetBrains Mono Regular";
-        };
-        sizes.terminal = 11;
-      };
-      cursor = {
-        package = pkgs.capitaine-cursors;
-        name = "capitaine";
-        size = 24;
-      };
-      targets = {
-        console.enable = false;
-        gnome.enable = true;
-        fish.enable = false;
-      };
-    };
-  
-    home-manager.users.emily = {
-      stylix.targets = {
-        hyprland.enable = false;
-        sway.enable = false;
-        kitty.enable = false;
-        mako.enable = false;
-        rofi.enable = false;
-        swaylock.enable = false;
-        waybar.enable = false;
-        nixvim.enable = false;
-        fish.enable = false;
-      };
-      home.keyboard = {
-        layout = "de";
-        variant = "neo_qwerty";
-      };
-  
-      programs.imv.enable = true;
-      
-      programs.wpaperd = {
-        enable = true;
-        settings.default = {
-          path = "/home/emily/Pictures/wallpapers/sylviaritter/";
-          duration = "60m";
-          sorting = "random";
-        };
-      };
-      programs.kitty = {
-        enable = true;
-        font.size = 13;
-        font.name = "JetBrains Mono";
-        settings = {
-          enable_audio_bell = false;
-          scrollback_lines = 65536;
-          remember_window_size = false;
-          initial_window_width = 1200;
-          initial_window_height = 800;
-  
-          bold_font = "auto";
-          italic_font = "auto";
-          bold_italic_font = "auto";
-  
-          background = "#090312";
-          background_opacity = "0.7";
-        };
-        keybindings = {
-          "shift+right" = "next_tab";
-          "ctrl+l" = "next_tab";
-          "shift+left" = "previous_tab";
-          "ctrl+h" = "previous_tab";
-        };
-      };
-      programs.rofi = {
-        enable = true;
-        package = pkgs.rofi-wayland;
-      };
-      
-      programs.zoxide = {
-        enable = true;
-        options = [ "--cmd cd" ];
-      };
-      programs.fzf.enable = true;
-  
-      qt = {
-        enable = true;
-        platformTheme.name = "qtct";
-        style.name = "kvantum-dark";
-        style.package = with pkgs; [
-          libsForQt5.qtstyleplugin-kvantum
-          qt6Packages.qtstyleplugin-kvantum
-          (catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
-        ];
-      };
-      gtk.iconTheme.name = "Adwaita";
-      gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
-  
-      services.gammastep = {
-        enable = true;
-        provider = "geoclue2";
-        temperature.day = 6500;
-        temperature.night = 3700;
-        settings.general.adjustment-method = "wayland";
-      };
-      services.mako = {
-        enable = true;
-        anchor = "top-right";
-        backgroundColor = "#24273a";
-        borderColor = "#c6a0f6";
-        borderRadius = 15;
-        borderSize = 2;
-        defaultTimeout = 5000;
-        layer = "overlay";
-        maxIconSize = 48;
-        padding = "15";
-        progressColor = "over #B4A1DB";
-        sort = "-time";
-        textColor = "#cad3f5";
-        extraConfig = ''
-          max-history=100
-          on-button-left=dismiss
-          on-button-right=dismiss-all
-          on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
-  
-          [urgency=low]
-          border-color=#B4A1DB
-          default-timeout=2000
-  
-          [urgency=normal]
-          border-color=#B4A1DB
-          default-timeout=5000
-  
-          [urgency=high]
-          border-color=#D04E9D
-          text-color=#D04E9D
-          default-timeout=0
-  
-          [category=mpd]
-          border-color=#E49186
-          default-timeout=2000
-          group-by=category
-        '';
-      };
-      services.gpg-agent = {
-        enable = true;
-        enableSshSupport = true;
-        pinentryPackage = pkgs.pinentry-gnome3;
-      };
-      services.syncthing = {
-        enable = true;
-        tray.enable = true;
-        tray.command = "syncthingtray --replace";
-      };
-      services.udiskie = {
-        enable = true;
-        automount = false;
-      };
-      systemd.user.services.syncthingtray.Service = {
-        ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
-        Restart = "on-failure";
-        RestartSec = "1s";
-      };
-    };
-  };
-}

modules/graphical/hyprlock.nix

@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
-    programs.hyprlock = {
-      enable = true;
-      settings = {
-        general = {
-          hide_cursor = true;
-          disable_loading_bar = true;
-        };
-        background = [{
-          path = "screenshot";
-          #path = "$HOME/Pictures/wallpapers/lockscreen.png";
-          blur_passes = 3;
-          contrast = 1.25;
-        }];
-        input-field = [{
-          size = "250, 60";
-          outline_thickness = 2;
-          dots_size = 0.2;
-          dots_spacing = 0.2; 
-          dots_center = true;
-          outer_color = "rgba(0, 0, 0, 0)";
-          inner_color = "rgba(0, 0, 0, 0.5)";
-          font_color = "rgb(200, 200, 200)";
-          fade_on_empty = true;
-          fade_timeout = 5000;
-          font_family = "JetBrains Mono Nerd Font Mono";
-          fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
-          position = "0, 200";
-          halign = "center"; 
-          valign = "bottom"; 
-        }];
-        label = [{
-          text = "cmd[update:250] date +%X";
-          color = "rgba(255, 255, 255, 0.6)";
-          font_size = "100";
-          font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
-          position = "0, -300";
-          halign = "center";
-          valign = "top";
-        }];
-      };
-    };
-    services.swayidle =
-    let 
-      hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
-    in {
-      enable = true;
-      systemdTarget = "${config.kyouma.graphical.compositor}-session.target";
-      events = [
-        { event = "before-sleep"; command = hyprlock; }
-        { event = "lock"; command = hyprlock; }
-      ];
-    };
-  };
-}

modules/graphical/nixvim.nix

@@ -1,220 +0,0 @@
-{ config, lib, pkgs, inputs, ... }: {
-  config = lib.mkIf config.kyouma.graphical.enable {
-    home-manager.users.emily.imports = [
-      inputs.nixvim.homeManagerModules.nixvim
-    ];
-    home-manager.users.emily.programs.nixvim = {
-      enable = true;
-      extraPlugins = [
-        pkgs.vimPlugins.molokai
-        pkgs.vimPlugins.vim-airline-themes
-      ];
-      colorscheme = "molokai";
-      vimAlias = true;
-      highlightOverride.Normal = {
-        ctermbg = "NONE";
-        bg = "NONE";
-      };
-      opts = {
-        number = true;
-        expandtab = true;
-        autoindent = true;
-        mouse = "";
-        encoding = "utf-8";
-        shiftwidth = 2;
-        smartindent = true;
-        tabstop = 2;
-        ignorecase = true;
-        incsearch = true;
-        smartcase = true;
-      };
-      keymaps = [
-        {
-          action = "<cmd>Neotree toggle<CR>";
-          key = "<C-n>";
-          mode = "n";
-          options.silent = true;
-        }
-        {
-          action = "<C-\\><C-n>";
-          key = "<esc>";
-          mode = "t";
-        }
-      ];
-      plugins.cmp = {
-        enable = true;
-        settings.sources = [
-          { name = "nvim_lsp"; }
-          { name = "luasnip"; }
-          { name = "buffer"; }
-          { name = "nvim_lua"; }
-          { name = "path"; }
-        ];
-        settings.formatting = {
-          fields = [ "abbr" "kind" "menu" ];
-          format = ''
-            function(_, item)
-              local icons = {
-                Namespace = "󰌗",
-                Text = "󰉿",
-                Method = "󰆧",
-                Function = "󰆧",
-                Constructor = "",
-                Field = "󰜢",
-                Variable = "󰀫",
-                Class = "󰠱",
-                Interface = "",
-                Module = "",
-                Property = "󰜢",
-                Unit = "󰑭",
-                Value = "󰎠",
-                Enum = "",
-                Keyword = "󰌋",
-                Snippet = "",
-                Color = "󰏘",
-                File = "󰈚",
-                Reference = "󰈇",
-                Folder = "󰉋",
-                EnumMember = "",
-                Constant = "󰏿",
-                Struct = "󰙅",
-                Event = "",
-                Operator = "󰆕",
-                TypeParameter = "󰊄",
-                Table = "",
-                Object = "󰅩",
-                Tag = "",
-                Array = "[]",
-                Boolean = "",
-                Number = "",
-                Null = "󰟢",
-                String = "󰉿",
-                Calendar = "",
-                Watch = "󰥔",
-                Package = "",
-                Copilot = "",
-                Codeium = "",
-                TabNine = "",
-              }
-
-              local icon = icons[item.kind] or ""
-              item.kind = string.format("%s %s", icon, item.kind or "")
-              return item
-            end
-          '';
-        };
-        settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
-        settings.window = {
-          completion = {
-            winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
-            scrollbar = false;
-            sidePadding = 0;
-            border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
-          };
-          documentation = {
-            border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
-            winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
-          };
-        };
-        settings.mapping = {
-          "<C-n>" = "cmp.mapping.select_next_item()";
-          "<C-p>" = "cmp.mapping.select_prev_item()";
-          "<C-j>" = "cmp.mapping.select_next_item()";
-          "<C-k>" = "cmp.mapping.select_prev_item()";
-          "<C-d>" = "cmp.mapping.scroll_docs(-4)";
-          "<C-f>" = "cmp.mapping.scroll_docs(4)";
-          "<C-Space>" = "cmp.mapping.complete()";
-          "<C-e>" = "cmp.mapping.close()";
-          "<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
-          "<Tab>" = ''
-            cmp.mapping(function(fallback)
-              if cmp.visible() then
-                cmp.select_next_item()
-              elseif require("luasnip").expand_or_jumpable() then
-                vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
-              else
-                fallback()
-              end
-            end,{"i","s"})
-          '';
-          "<S-Tab>" = ''
-            cmp.mapping(function(fallback)
-              if cmp.visible() then
-                cmp.select_prev_item()
-              elseif require("luasnip").jumpable(-1) then
-                vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
-              else
-                fallback()
-              end
-            end,{"i","s"})
-          '';
-        };
-      };
-      plugins.lsp = {
-        enable = true;
-        keymaps.lspBuf = {
-          "K" = "hover";
-          "gd" = "definition";
-          "gD" = "references";
-          "gt" = "type_definition";
-          "gi" = "implementation";
-        };
-        servers = {
-          bashls.enable = true;
-          lua_ls.enable = true;
-          nil_ls = {
-            enable = true;
-            settings.formatting.command = [ "nixfmt" "-w" "140" ];
-          };
-          nixd = {
-            enable = false;
-            settings = {
-              eval.depth = 5;
-              eval.workers = 6;
-              formatting.command = [ "nixfmt" "-w" "140" ];
-              options.enable = true;
-            };
-          };
-          ruff_lsp.enable = true;
-          rust_analyzer = {
-            enable = true;
-            installRustc = true;
-            installCargo = true;
-          };
-        };
-      };
-      plugins.none-ls = {
-        enable = true;
-        sources.diagnostics = {
-          pylint.enable = true;
-        };
-        sources.formatting = {
-          nixfmt.enable = true;
-          markdownlint.enable = true;
-        };
-      };
-      plugins.neo-tree = {
-        enable = true;
-        closeIfLastWindow = true;
-      };
-      plugins.treesitter = {
-        enable = true;
-        nixGrammars = true;
-        settings.indent.enable = true;
-      };
-      plugins.airline.enable = true;
-      plugins.cmp-buffer.enable = true;
-      plugins.cmp-emoji.enable = true;
-      plugins.cmp-nvim-lsp.enable = true;
-      plugins.cmp-path.enable = true;
-      plugins.cmp_luasnip.enable = true;
-      plugins.luasnip.enable = true;
-      plugins.nvim-autopairs.enable = true;
-      plugins.rainbow-delimiters.enable = true;
-      plugins.web-devicons.enable = true;
-      # Broken
-      plugins.rustaceanvim.enable = false;
-      plugins.treesitter-context.enable = true;
-    };
-  };
-}

modules/librespeed/default.nix

@@ -1,408 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.services.librespeed;
-in
-{
-  options.services.librespeed =
-    let
-      inherit (lib) mkOption types;
-    in
-    {
-      enable = lib.mkEnableOption "LibreSpeed server";
-      package = lib.mkPackageOption pkgs "librespeed-rust" { };
-      domain = mkOption {
-        description = ''
-          If not `null`, this will add an entry to `services.librespeed.servers` and
-          configure librespeed to use TLS.
-        '';
-        default = null;
-        type = with types; nullOr nonEmptyStr;
-      };
-      downloadIPDB = mkOption {
-        description = ''
-          Whether to download the IP info database before starting librespeed.
-          Disable this if you want to use the Go implementation.
-        '';
-        default = !(cfg.secrets ? "ipinfo_api_key");
-        defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
-        type = types.bool;
-      };
-      openFirewall = mkOption {
-        description = ''
-          Whether to open the firewall for the specified port.
-        '';
-        default = false;
-        type = types.bool;
-      };
-      secrets = mkOption {
-        description = ''
-          Attribute set of filesystem paths.
-          The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
-        '';
-        default = { };
-        type = with types; nullOr (attrsOf path);
-      };
-      settings = mkOption {
-        description = ''
-          LibreSpeed configuration written as Nix expression.
-          All values set to `null` will be excluded from the evaluated config.
-          This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
-
-          See [github.com/librespeed][librespeed] for configuration help.
-
-          [librespeed]: https://github.com/librespeed/speedtest-rust
-        '';
-        default = { };
-        type =
-          with types;
-          nullOr (
-            attrsOf (oneOf [
-              (nullOr bool)
-              int
-              str
-              package
-            ])
-          );
-      };
-      frontend = {
-        enable = lib.mkEnableOption ''
-          Enables the LibreSpeed frontend and adds a nginx virtual host if
-          not explicetly disabled and `services.librespeed.domain` is not `null`.
-        '';
-        contactEmail = mkOption {
-          description = "Email address listed in the privacy policy.";
-          default =
-            if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
-          defaultText = lib.literalExpression ''
-            if (config.services.librespeed.domain != null) then
-              "webmaster@''${config.services.librespeed.domain}"
-            else
-              "webmaster@''${config.networking.fqdn}";
-          '';
-          type = types.str;
-        };
-        pageTitle = mkOption {
-          description = "Title of the webpage.";
-          default = "LibreSpeed";
-          type = types.str;
-        };
-        useNginx = mkOption {
-          description = ''
-            Configure nginx for the LibreSpeed frontend.
-            This will only create a virtual host for the frontend and won't proxy all requests because
-            the reported upload and download speeds are inaccurate if proxied.
-          '';
-          default = cfg.domain != null;
-          defaultText = lib.literalExpression "config.services.librespeed.domain != null";
-          type = types.bool;
-        };
-        settings = mkOption {
-          description = ''
-            Override default settings of the speedtest web client.
-            See [speedtest_worker.js][link] for a list of possible values.
-
-            [link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
-          '';
-          default = {
-            telemetry_level = "basic";
-          };
-          type =
-            with types;
-            nullOr (
-              attrsOf (oneOf [
-                bool
-                int
-                str
-                float
-              ])
-            );
-        };
-        servers = mkOption {
-          description = "LibreSpeed servers that should apper in the server list.";
-          type = types.listOf (
-            types.submodule {
-              options =
-                let
-                  inherit (types) nonEmptyStr;
-                in
-                {
-                  name = mkOption {
-                    description = "Name shown in the server list.";
-                    type = nonEmptyStr;
-                  };
-                  server = mkOption {
-                    description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
-                    type = nonEmptyStr;
-                  };
-                  dlURL = mkOption {
-                    description = ''
-                      URL path to download test on this server.
-                      Append `.php` to the default value if the server uses the php implementation.
-                    '';
-                    default = "backend/garbage";
-                    type = nonEmptyStr;
-                  };
-                  ulURL = mkOption {
-                    description = ''
-                      URL path to upload test on this server.
-                      Append `.php` to the default value if the server uses the php implementation.
-                    '';
-                    default = "backend/empty";
-                    type = nonEmptyStr;
-                  };
-                  pingURL = mkOption {
-                    description = ''
-                      URL path to latency/jitter test on this server.
-                      Append `.php` to the default value if the server uses the php implementation.
-                    '';
-                    default = "backend/empty";
-                    type = nonEmptyStr;
-                  };
-                  getIpURL = mkOption {
-                    description = ''
-                      URL path to IP lookup on this server.
-                      Append `.php` to the default value if the server uses the php implementation.
-                    '';
-                    default = "backend/getIP";
-                    type = nonEmptyStr;
-                  };
-                };
-            }
-          );
-        };
-      };
-    };
-  config = lib.mkIf cfg.enable (
-    let
-      librespeedAssets =
-        pkgs.runCommand "librespeed-assets"
-          (
-            let
-              mapValue =
-                arg:
-                if (lib.isBool arg) then
-                  lib.boolToString arg
-                else if ((lib.isInt arg) || (lib.isFloat arg)) then
-                  toString arg
-                else
-                  "\"${lib.escape [ "\"" ] (toString arg)}\"";
-
-              mapSettings = lib.pipe cfg.frontend.settings [
-                (lib.mapAttrs (name: val: "  s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
-                (lib.attrValues)
-                (lib.concatLines)
-              ];
-            in
-            {
-              preferLocal = true;
-
-              serversList = ''
-                function get_servers() {
-                  return ${builtins.toJSON cfg.frontend.servers}
-                }
-                function override_settings () {
-                ${mapSettings}
-                }
-              '';
-            }
-          )
-          ''
-            cp -r ${pkgs.librespeed-rust}/assets $out
-            chmod 666 $out/servers_list.js
-            cat >$out/servers_list.js <<<"$serversList"
-            substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
-              --replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
-              --replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
-              --replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
-              --replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
-          '';
-    in
-    {
-      assertions = [
-        {
-          assertion = cfg.frontend.useNginx -> cfg.domain != null;
-          message = ''
-            `services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
-          '';
-        }
-      ];
-
-      networking.firewall = lib.mkIf cfg.openFirewall {
-        allowedTCPPorts = [ cfg.settings.listen_port ];
-      };
-      services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
-        ${cfg.domain} = {
-          locations."/".root = librespeedAssets;
-          locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
-          locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
-          enableACME = true;
-          forceSSL = true;
-        };
-      };
-      security.acme.certs = lib.mkIf (cfg.domain != null) {
-        ${cfg.domain} = {
-          reloadServices = [ "librespeed.service" ];
-          webroot = "/var/lib/acme/acme-challenge";
-        };
-      };
-
-      services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
-        {
-          name = cfg.domain;
-          server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
-        }
-      ];
-
-      services.librespeed.settings =
-        let
-          inherit (lib) mkDefault mkIf;
-        in
-        {
-          assets_path =
-            if (cfg.frontend.enable && !cfg.frontend.useNginx) then
-              librespeedAssets
-            else
-              pkgs.writeTextDir "index.html" "";
-
-          bind_address = mkDefault "::";
-          listen_port = mkDefault 8989;
-          base_url = mkDefault "backend";
-          worker_threads = mkDefault "auto";
-
-          database_type = mkDefault "none";
-          database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
-
-          #librespeed-rust will fail to start if the following config parameters are omitted.
-          ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
-          stats_password = mkIf (!cfg.secrets ? "stats_password") "";
-          tls_cert_file =
-            if (cfg.domain != null) then
-              (mkDefault "/run/credentials/librespeed.service/cert.pem")
-            else
-              (mkDefault "");
-          tls_key_file =
-            if (cfg.domain != null) then
-              (mkDefault "/run/credentials/librespeed.service/key.pem")
-            else
-              (mkDefault "");
-
-          enable_tls = mkDefault (cfg.domain != null);
-        };
-
-      systemd.services =
-        let
-          configFile =
-            let
-              mapValue =
-                arg:
-                if (lib.isBool arg) then
-                  lib.boolToString arg
-                else if (lib.isInt arg) then
-                  toString arg
-                else
-                  "\"${lib.escape [ "\"" ] (toString arg)}\"";
-            in
-            with lib;
-            pipe cfg.settings [
-              (filterAttrs (_: val: val != null))
-              (mapAttrs (name: val: "${name}=${mapValue val}"))
-              (attrValues)
-              (concatLines)
-              (pkgs.writeText "${cfg.package.name}-config.toml")
-            ];
-        in
-        {
-          librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
-            description = "LibreSpeed secret helper";
-
-            ExecStart =
-              let
-                script = pkgs.writeShellApplication {
-                  name = "librespeed-secrets";
-                  runtimeInputs = [ pkgs.coreutils ];
-                  text =
-                    ''
-                      cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
-                    ''
-                    + lib.pipe cfg.secrets [
-                      (lib.mapAttrs (
-                        name: file: ''
-                          cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
-                          ${name}="$(<${lib.escapeShellArg file})"
-                          EOF
-                        ''
-                      ))
-                      (lib.concatLines lib.attrValues)
-                    ];
-                };
-              in
-              lib.getExe script;
-
-            serviceConfig = {
-              Type = "oneshot";
-              RemainAfterExit = true;
-              RuntimeDirectory = "librespeed";
-              UMask = "u=rw";
-            };
-          };
-          librespeed = {
-            description = "LibreSpeed server daemon";
-            wantedBy = [ "multi-user.target" ];
-            wants = [ "network-online.target" ];
-            requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
-
-            serviceConfig = {
-              Type = "simple";
-              Restart = "always";
-
-              DynamicUser = true;
-
-              LoadCredential = lib.mkIf (cfg.domain != null) [
-                "cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
-                "key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
-              ];
-
-              ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
-              ExecStart = "${lib.getExe cfg.package} -c ${
-                if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
-              }";
-              WorkingDirectory = "/var/cache/librespeed";
-              RuntimeDirectory = "librespeed";
-              RuntimeDirectoryPreserve = true;
-              StateDirectory = "librespeed";
-              CacheDirectory = "librespeed";
-              SyslogIdentifier = "librespeed";
-
-              ReadOnlyPaths = [ cfg.package ];
-              RestrictSUIDSGID = true;
-              RestrictNamespaces = true;
-              PrivateTmp = true;
-              PrivateDevices = true;
-              PrivateUsers = true;
-              ProtectHostname = true;
-              ProtectClock = true;
-              ProtectKernelTunables = true;
-              ProtectKernelModules = true;
-              ProtectKernelLogs = true;
-              ProtectControlGroups = true;
-              ProtectSystem = "strict";
-              ProtectHome = true;
-              ProtectProc = "invisible";
-              SystemCallArchitectures = "native";
-              SystemCallFilter = "@system-service";
-              SystemCallErrorNumber = "EPERM";
-              LockPersonality = true;
-              NoNewPrivileges = true;
-            };
-          };
-        };
-    }
-  );
-
-  meta.maintainers = with lib.maintainers; [ snaki ];
-}

modules/ooklaserver/default.nix

@@ -1,169 +0,0 @@
-{ config, lib, pkgs, ... }: 
-let
-  cfg = config.kyouma.ooklaserver;
-in {
-  options = {
-    kyouma.ooklaserver = let 
-      inherit (lib) mkOption types;
-    in {
-      enable = lib.mkEnableOption "ookla speedtest server";
-      package = lib.mkPackageOption pkgs "ooklaserver" {};
-      domain = mkOption {
-        description = "Domain to use.";
-        default = null;
-        type = with types; nullOr nonEmptyStr;
-      };
-      openFirewall = mkOption {
-        description = "Whether to open the firewall for the specified ports.";
-        default = false;
-        type = types.bool;
-      };
-      tcpPorts = mkOption {
-        description = ''
-          The server listens on TCP port 5060 and 8080 by default. These ports are required for
-          speedtest.net servers, although more can be added.
-        '';
-        default = [ 5060 8080 ];
-        type = with types; listOf port;
-      };
-      udpPorts = mkOption {
-        description = ''
-          The server listens on UDP port 5060 and 8080 by default. These ports are required for
-          speedtest.net servers, although more can be added.
-        '';
-        default = [ 5060 8080 ];
-        type = with types; listOf port;
-      };
-      settings = mkOption {
-        description = ''
-          OoklaServer configuration written as Nix expression.
-          Comma seperated values should be written as list.
-        '';
-        default = {};
-        type = with lib.types; let 
-          valueType = nullOr (oneOf [
-            bool
-            int
-            str
-            (attrsOf valueType)
-            (listOf (oneOf [ port str ]))
-          ]);
-        in valueType;
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    security.acme.certs.${cfg.domain} = {
-      reloadServices = [ "ooklaserver.service" ];
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-
-    networking.firewall = lib.mkIf cfg.openFirewall {
-      allowedUDPPorts = cfg.udpPorts;
-      allowedTCPPorts = cfg.tcpPorts;
-    };
-
-    kyouma.ooklaserver.settings = let
-      inherit (lib) mkDefault;
-    in {
-      OoklaServer = {
-        inherit (cfg) tcpPorts udpPorts;
-        enableAutoUpdate = false;
-        ssl.useLetsEncrypt = false;
-        useIPv6 = mkDefault true;
-        allowedDomains = mkDefault [ "*.ookla.com" "*.speedtest.net" ];
-        userAgentFilterEnabled = mkDefault true;
-        workerThreadPool = {
-          capacity = mkDefault 30000;
-          stackSizeBytes = mkDefault 102400;
-        };
-        ipTracking = {
-          gcIntervalMinutes = mkDefault 5;
-          maxIdleAgeMinutes = mkDefault 35;
-          slidingWindowBucketLengthMinutes = mkDefault 5;
-          metricTopIpCount = mkDefault 5;
-          maxConnPerIp = mkDefault 500;
-          maxConnPerBucketPerIp = mkDefault 20000;
-        };
-        clientAuthToken.denyInvalid = mkDefault true;
-        websocket.frameSizeLimitBytes = mkDefault 5242880;
-        http.maxHeadersSize = mkDefault 65536;
-      };
-      openSSL.server = {
-        certificateFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/cert.pem";
-        privateKeyFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/key.pem";
-        minimumTLSProtocol = mkDefault "1.2";
-      };
-      logging.loggers.app = {
-        name = mkDefault "Application";
-        channel = {
-          class = mkDefault "ConsoleChannel";
-          pattern = mkDefault "[%p] %t";
-        };
-        level = mkDefault "information";
-      };
-    };
-
-    systemd.services.ooklaserver = let 
-      configFile = let
-        anyToString = arg: if (lib.isBool arg) then
-          lib.boolToString arg
-        else if (lib.isList arg) then 
-          lib.concatStringsSep "," (map (val: toString val) arg)
-        else toString arg;
-      in
-        with lib; lib.pipe cfg.settings [
-        (mapAttrsRecursive (path: val: "${concatStringsSep "." path} = ${anyToString val}"))
-        (collect isString)
-        (concatLines)
-        (pkgs.writeTextDir "bin/OoklaServer.properties")
-      ];
-      packageWithCfg = pkgs.symlinkJoin {
-        name = "${cfg.package.name}-with-config";
-        paths = [ cfg.package configFile ];
-      };
-    in {
-      description = "Ookla speedtest server daemon";
-      wantedBy = [ "multi-user.target" ];
-      wants = [ "network-online.target" ];
-
-      serviceConfig = {
-        Type = "simple";
-        Restart = "always";
-
-        User = "ooklaserver";
-        Group = "ooklaserver";
-        DynamicUser = true;
-
-        LoadCredential = [
-          "cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
-          "key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
-        ];
-        ExecStart = "${packageWithCfg}/bin/OoklaServer"; 
-        WorkingDirectory = packageWithCfg;
-        SyslogIdentifier = "ooklaserver";
-
-        ReadOnlyPaths = [ packageWithCfg ];
-        RestrictSUIDSGID = true;
-        RestrictNamespaces = true;
-        PrivateTmp = true;
-        PrivateDevices = true;
-        PrivateUsers = true;
-        ProtectHostname = true;
-        ProtectClock = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectKernelLogs = true;
-        ProtectControlGroups = true;
-        ProtectSystem = "strict";
-        ProtectHome = true;
-        ProtectProc = "invisible";
-        SystemCallArchitectures = "native";
-        SystemCallFilter = "@system-service";
-        SystemCallErrorNumber = "EPERM";
-        LockPersonality = true;
-        NoNewPrivileges = true;
-      };
-    };
-  };
-}

pkgs/build-worker-oci/default.nix

@@ -1,97 +0,0 @@
-# I hate this so much aaa
-{
-  callPackage,
-  dockerTools,
-  openssh,
-  bash,
-  gnused,
-  util-linux,
-}:
-
-dockerTools.buildLayeredImage {
-  name = "build-worker-oci";
-  tag = "latest";
-
-  fromImage = callPackage ./source.nix {};
-
-  maxLayers = 110;
-
-  passthru.updateScript = ./update.sh;
-
-  enableFakechroot = true;
-
-  contents = [ openssh util-linux bash gnused ];
-
-  config.Cmd = [ "/entrypoint.sh" ];
-
-  fakeRootCommands = ''
-    mkdir -p /root
-    cat <<EOF > /root/nix.conf
-    build-users-group = nixbld
-    experimental-features = nix-command flakes
-    sandbox = true
-    substituters = https://cache.kyouma.net https://cache.nixos.org
-    trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
-    max-substitution-jobs = 20
-    max-silent-time = 14400
-    min-free = ${builtins.toString (49152 * 1024 * 1024)}
-    max-free = ${builtins.toString (65536 * 1024 * 1024)}
-    system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
-    EOF
-
-    mkdir -p /root/.ssh
-    cat <<EOF > /root/.ssh/authorized_keys
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
-    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
-    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
-    EOF
-
-    cat <<EOF > /root/.ssh/environment
-    PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
-    EOF
-
-    cat <<EOF > /root/sshd_config
-    AcceptEnv GIT_PROTOCOL
-    AuthenticationMethods publickey
-    AuthorizedPrincipalsFile none
-    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
-    GatewayPorts no
-    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
-    KbdInteractiveAuthentication no
-    KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
-    LogLevel INFO
-    Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
-    PasswordAuthentication no
-    PermitRootLogin prohibit-password
-    PermitUserEnvironment yes
-    PrintMotd no
-    PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
-    StreamLocalBindUnlink yes
-    StrictModes yes
-    UseDns no
-    UsePAM no
-    X11Forwarding no
-    Banner none
-    AddressFamily any
-    Port 2222
-
-    Subsystem sftp ${openssh}/libexec/sftp-server
-    AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
-    HostKey /mnt/data/ssh/ssh_host_ed25519_key
-    EOF
-    
-    mkdir -p /etc/keys
-    mkdir -p /var/empty
-    mkdir -p /var/log
-
-    cp ${./entrypoint.sh} /entrypoint.sh
-    chmod +x /entrypoint.sh
-  '';
-}

pkgs/build-worker-oci/entrypoint.sh

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-cat /etc/passwd > /root/passwd
-rm -f /etc/passwd
-cp /root/passwd /etc/passwd
-echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
-cat /etc/shadow > /root/shadow
-rm -f /etc/shadow
-cp /root/shadow /etc/shadow
-/bin/sed -i "s/root:!/root:*/g" /etc/shadow
-
-[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
-if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
-  ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
-fi
-
-[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
-[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
-[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
-
-rm -rf /mnt/data/nix-store/*
-
-rm -f /etc/nix/nix.conf
-cp /root/nix.conf /etc/nix/nix.conf
-
-/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
-/bin/mount --bind /mnt/data/tmp /tmp
-
-/root/.nix-profile/bin/sshd -D -f /root/sshd_config

pkgs/build-worker-oci/source.nix

@@ -1,11 +0,0 @@
-{
-  dockerTools,
-}:
-
-dockerTools.pullImage {
-  imageName = "nixos/nix";
-  imageDigest = "sha256:fd7a5c67d396fe6bddeb9c10779d97541ab3a1b2a9d744df3754a99add4046f1";
-  sha256 = "1ggkwd9zw8lj97ig7zah7dqy463hfhsgq3iwxxf8117gf8xi422s";
-  finalImageName = "nixos/nix";
-  finalImageTag = "latest";
-}

pkgs/build-worker-oci/update.sh

@@ -1,32 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p skopeo nix-prefetch-docker
-
-set -euo pipefail
-
-while [[ $# -gt 0 ]]; do
-  case $1 in
-    *)
-      echo "Unknown option $1"
-      exit 1
-    ;;
-  esac
-done
-
-IMAGE=$(nix-prefetch-docker --image-name nixos/nix --image-tag latest --arch amd64 --os linux)
-
-cat > ./pkgs/build-worker-oci/source.nix << EOF
-{
-  dockerTools,
-}:
-
-dockerTools.pullImage ${IMAGE}
-EOF
-
-nix build .\#packages.x86_64-linux.build-worker-oci
-
-skopeo --insecure-policy copy docker-archive:"result" \
-  docker://registry.fly.io/build-worker-kyoumanet:latest --dest-creds x:"$(flyctl auth token)" --format v2s2
-
-rm "result"
-
-fly deploy

pkgs/librespeed-go/default.nix

@@ -1,34 +0,0 @@
-{
-  lib,
-  fetchFromGitHub,
-  buildGoModule,
-}:
-let
-  version = "1.1.5";
-  src = fetchFromGitHub {
-    owner = "librespeed";
-    repo = "speedtest-go";
-    rev = "refs/tags/v${version}";
-    hash = "sha256-ywGrodl/mj/WB25F0TKVvaV0PV4lgc+KEj0x/ix9HT8=";
-  };
-in
-buildGoModule {
-  pname = "librespeed-go";
-  inherit version src;
-
-  vendorHash = "sha256-ev5TEv8u+tx7xIvNaK8b5iq2XXF6I37Fnrr8mb+N2WM=";
-
-  ldflags = [ "-w" "-s" ];
-
-  postInstall = ''
-    cp -r web/assets $out/
-  '';
-
-  meta = {
-    description = "A very lightweight speed test implementation in Go.";
-    homepage = "https://github.com/librespeed/speedtest-go";
-    license = lib.licenses.lgpl3Plus;
-    maintainers = with lib.maintainers; [ snaki ];
-    mainProgram = "speedtest";
-  };
-}

pkgs/librespeed-rust/default.nix

@@ -1,38 +0,0 @@
-{
-  lib,
-  fetchFromGitHub,
-  rustPlatform,
-}:
-let
-  # https://github.com/librespeed/speedtest-rust/pull/7
-  version = "unstable-2024-09-28";
-  src = fetchFromGitHub {
-    owner = "librespeed";
-    repo = "speedtest-rust";
-    rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
-    hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
-  };
-in
-rustPlatform.buildRustPackage {
-  pname = "librespeed-rust";
-  inherit version src;
-
-  cargoLock.lockFile = "${src}/Cargo.lock";
-
-  # error: linker `aarch64-linux-gnu-gcc` not found
-  postPatch = ''
-    rm .cargo/config.toml
-  '';
-
-  postInstall = ''
-    cp -r assets $out/
-  '';
-
-  meta = {
-    description = "A very lightweight speed test implementation in Rust.";
-    homepage = "https://github.com/librespeed/speedtest-rust";
-    license = lib.licenses.lgpl3Plus;
-    maintainers = with lib.maintainers; [ snaki ];
-    mainProgram = "librespeed-rs";
-  };
-}

pkgs/nyastodon/default.nix

@@ -1,28 +1,161 @@
-{
-  callPackage,
-  mastodon,
-  patches ? [],
+{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
+, yarn-berry, callPackage, ruby, writeShellScript
+, brotli
+
+  # Allow building a fork or custom version of Mastodon:
+, pname ? "nyastodon"
+, version ? srcOverride.version
+, patches ? []
+  # src is a package
+, srcOverride ? callPackage ./source.nix { inherit patches; }
+, gemset ? ./. + "/gemset.nix"
+, yarnHash ? srcOverride.yarnHash
 }:
-let 
-  src = callPackage ./source.nix {
-    inherit patches;
+
+stdenv.mkDerivation rec {
+  inherit pname version;
+
+  src = srcOverride;
+
+  mastodonGems = bundlerEnv {
+    name = "${pname}-gems-${version}";
+    inherit version gemset ruby;
+    gemdir = src;
   };
 
-  yarn-deps = callPackage ./yarn.nix {
-    inherit src;
-    hash = src.yarnHash;
+  mastodonModules = stdenv.mkDerivation {
+    pname = "${pname}-modules";
+    inherit src version;
+
+    yarnOfflineCache = callPackage ./yarn.nix {
+      src = srcOverride;
+      hash = yarnHash;
+    };
+
+    nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
+
+    RAILS_ENV = "production";
+    NODE_ENV = "production";
+
+    buildPhase = ''
+      runHook preBuild
+
+      export HOME=$PWD
+      # This option is needed for openssl-3 compatibility
+      # Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
+      export NODE_OPTIONS=--openssl-legacy-provider
+
+      export YARN_ENABLE_TELEMETRY=0
+      mkdir -p ~/.yarn/berry
+      ln -sf $yarnOfflineCache ~/.yarn/berry/cache
+
+      yarn install --immutable --immutable-cache
+
+      patchShebangs ~/bin
+      patchShebangs ~/node_modules
+
+      # skip running yarn install
+      rm -rf ~/bin/yarn
+
+      OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
+        rails assets:precompile
+      yarn cache clean
+      rm -rf ~/node_modules/.cache
+
+      # Create missing static gzip and brotli files
+      gzip --best --keep ~/public/assets/500.html
+      gzip --best --keep ~/public/packs/report.html
+      find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
+        -exec gzip --best --keep --force {} ';'
+      brotli --best --keep ~/public/packs/report.html
+      find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
+        -exec brotli --best --keep {} ';'
+
+      runHook postBuild
+    '';
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out/public
+      cp -r node_modules $out/node_modules
+      cp -r public/assets $out/public
+      cp -r public/packs $out/public
+
+      runHook postInstall
+    '';
   };
 
-  nyastodon = mastodon.override {
-    pname = "nyastodon";
-    srcOverride = src;
-    gemset = ./gemset.nix;
+  propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
+  nativeBuildInputs = [ brotli ];
+  buildInputs = [ mastodonGems nodejs-slim ];
+
+  buildPhase = ''
+    runHook preBuild
+
+    ln -s $mastodonModules/node_modules node_modules
+    ln -s $mastodonModules/public/assets public/assets
+    ln -s $mastodonModules/public/packs public/packs
+
+    patchShebangs bin/
+    for b in $(ls $mastodonGems/bin/)
+    do
+      if [ ! -f bin/$b ]; then
+        ln -s $mastodonGems/bin/$b bin/$b
+      fi
+    done
+
+    # Remove execute permissions
+    chmod 0444 public/emoji/*.svg
+
+    # Create missing static gzip and brotli files
+    find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
+      -exec gzip --best --keep --force {} ';' \
+      -exec brotli --best --keep {} ';'
+    find public/emoji -type f -name '.*.svg' \
+      -exec gzip --best --keep --force {} ';' \
+      -exec brotli --best --keep {} ';'
+    ln -s assets/500.html.gz public/500.html.gz
+    ln -s assets/500.html.br public/500.html.br
+    ln -s packs/sw.js.gz public/sw.js.gz
+    ln -s packs/sw.js.br public/sw.js.br
+    ln -s packs/sw.js.map.gz public/sw.js.map.gz
+    ln -s packs/sw.js.map.br public/sw.js.map.br
+
+    rm -rf log
+    ln -s /var/log/mastodon log
+    ln -s /tmp tmp
+
+    runHook postBuild
+  '';
+
+  installPhase = let
+    run-streaming = writeShellScript "run-streaming.sh" ''
+      # NixOS helper script to consistently use the same NodeJS version the package was built with.
+      ${nodejs-slim}/bin/node ./streaming
+    '';
+  in ''
+    runHook preInstall
+
+    mkdir -p $out
+    cp -r * $out/
+    ln -s ${run-streaming} $out/run-streaming.sh
+
+    runHook postInstall
+  '';
+
+  passthru = {
+    tests.mastodon = nixosTests.mastodon;
+    # run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
+    updateScript = ./update.sh;
   };
 
-  modules = callPackage ./modules.nix {
-    inherit nyastodon yarn-deps;
+  meta = with lib; {
+    description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
+    homepage = "https://joinmastodon.org";
+    license = licenses.agpl3Plus;
+    platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
+    maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
   };
-in
-  nyastodon.overrideAttrs (_: {
-    mastodonModules = modules;
-  })
+}
+

pkgs/nyastodon/modules.nix

@@ -1,75 +0,0 @@
-# copied from https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/modules.nix
-{
-  stdenv,
-  nodejs-slim,
-  yarn-berry,
-  brotli,
-  # previous inputs
-  nyastodon,
-  yarn-deps,
-}:
-stdenv.mkDerivation {
-  pname = "glitch-modules";
-  inherit (nyastodon) src version;
-
-  yarnOfflineCache = yarn-deps;
-
-  nativeBuildInputs = [nyastodon.mastodonGems nyastodon.mastodonGems.wrappedRuby] ++ [nodejs-slim yarn-berry brotli];
-
-  RAILS_ENV = "production";
-  NODE_ENV = "production";
-
-  buildPhase = ''
-    runHook preBuild
-
-    export HOME=$PWD
-    # This option is needed for openssl-3 compatibility
-    # Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
-    export NODE_OPTIONS=--openssl-legacy-provider
-
-    export YARN_ENABLE_TELEMETRY=0
-    # what the actual *fuck* https://github.com/yarnpkg/berry/issues/6309
-    export UV_USE_IO_URING=0
-    mkdir -p ~/.yarn/berry
-    ln -sf $yarnOfflineCache ~/.yarn/berry/cache
-
-    yarn install --immutable --immutable-cache
-
-    patchShebangs ~/bin
-    patchShebangs ~/node_modules
-
-    # skip running yarn install
-    rm -rf ~/bin/yarn
-
-    OTP_SECRET=precompile_placeholder \
-    SECRET_KEY_BASE=precompile_placeholder \
-    ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
-    ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
-    ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
-      rails assets:precompile
-    yarn cache clean
-    rm -rf ~/node_modules/.cache
-
-    # Create missing static gzip and brotli files
-    gzip --best --keep ~/public/assets/500.html
-    gzip --best --keep ~/public/packs/report.html
-    find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-      -exec gzip --best --keep --force {} ';'
-    brotli --best --keep ~/public/packs/report.html
-    find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-      -exec brotli --best --keep {} ';'
-
-    runHook postBuild
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/public
-    cp -r node_modules $out/node_modules
-    cp -r public/assets $out/public
-    cp -r public/packs $out/public
-
-    runHook postInstall
-  '';
-}

pkgs/nyastodon/source.nix

@@ -1,17 +1,17 @@
 # This file was generated by pkgs.mastodon.updateScript.
-{ lib, fetchgit, applyPatches, patches ? [] }:
+{ fetchgit, applyPatches, patches ? [] }:
 let
-  version = "4.3.0-alpha.5+glitch+cat+1.0.8";
+  version = "v4.3.0-alpha.3+glitch+cat+1.0.0+nya-1.2.2";
 in
 (
   applyPatches {
     src = fetchgit {
-      url = "https://woof.rip/mirrors/catstodon.git";
-      rev = "7d8714db8135f5c3dfc81964887248d76a797788";
-      hash = "sha256-VPXsIRAZxNOaLRI+g2gDy582BYx5t/SHv4xIrGAFTz0=";
+      url = "https://git.bsd.gay/fef/nyastodon.git";
+      rev = "refs/heads/develop";
+      hash = "sha256-YFQPzsqJxGOS4E/1+chB+C7vD+NlgFiRekDsGZdcL9c=";
     };
     patches = patches ++ [];
   }) // {
   inherit version;
-  yarnHash = "sha256-kkjRYQPjWB1udlpIH2Q+a+bbiqXw1T/dgv3KmQk/YBY=";
+  yarnHash = "sha256-XYTQaeSCaws9pR2QAYX2Y4F4BXLdQdBwYV9rCE3tYRA=";
 }

pkgs/nyastodon/update.sh

@@ -2,7 +2,7 @@
 #! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-git gnused jq prefetch-yarn-deps yarn-lock-converter
 set -e
 
-URL=https://woof.rip/mirrors/catstodon.git
+URL=https://git.bsd.gay/fef/nyastodon.git
 
 POSITIONAL=()
 while [[ $# -gt 0 ]]; do
@@ -38,7 +38,7 @@ done
 
 if [[ -n "$POSITIONAL" ]]; then
     echo "Usage: update.sh [--url URL] [--ver VERSION] [--rev REVISION] [--patches PATCHES]"
-    echo "If URL is not provided, it defaults to https://woof.rip/mirrors/nyastodon.git"
+    echo "If URL is not provided, it defaults to https://git.bsd.gay/fef/nyastodon.git"
     echo "If VERSION is not provided, it defaults to the latest git revision."
     echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
     exit 1
@@ -79,7 +79,7 @@ HASH=$(echo "$JSON" | jq -r .hash)
 
 cat > source.nix << EOF
 # This file was generated by pkgs.mastodon.updateScript.
-{ lib, fetchgit, applyPatches, patches ? [] }:
+{ fetchgit, applyPatches, patches ? [] }:
 let
   version = "$VERSION";
 in
@@ -93,7 +93,7 @@ in
     patches = patches ++ [$PATCHES];
   }) // {
   inherit version;
-  yarnHash = lib.fakeHash;
+  yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
 }
 EOF
 SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"

pkgs/overlay.nix

@@ -1,8 +1,5 @@
 final: prev: {
-  nyastodon = final.callPackage ./nyastodon/default.nix {};
-  upgrade-system = final.callPackage ./upgrade-system/default.nix {};
-  update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
-  build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
-  librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
-  librespeed-go = final.callPackage ./librespeed-go/default.nix {};
+  nyastodon = final.callPackage ./nyastodon/default.nix {  };
+  upgrade-system = final.callPackage ./upgrade-system/default.nix {  };
+  update-nixfiles = final.callPackage ./update-nixfiles/default.nix {  };
 }

pkgs/update-nixfiles/update-nixfiles.sh

@@ -42,7 +42,7 @@ wait_for_hydra () {
   local hydra_rev
   local counter
   counter=0
-  git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)"
+  git_rev="$(gitin rev-parse update-inputs)"
   while true; do
     hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
     if [[ "${git_rev}" == "${hydra_rev}" ]]; then

secrets/services/hydra.yaml

@@ -2,7 +2,6 @@ services:
     hydra:
         signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
         id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
-        id_ed25519_hydra-eval: ENC[AES256_GCM,data:8YLmxuh+2ul1VtCbpXk5gORM97R5jgxkq/0GGUgAGgrUzKxeW+7onXTD3DoCz5sMaLOgtgM4ZEuMLQIxBQIwbmGPubZZhaP1nYsrgMxz/ZEjnHc7o2EOgrIa6B7v1w16D9uqRqfvA47jHyA5SoDEo7iJcEF9o34cyxCGQe0AHkhnCxcFY3u1ZNMCQ6WBPl4rlyAvZcaba6ySss9WQuzVs7IlJyOEr0F1zgl6R9cj700UnVrd27pId9xBhN1xtwob23+BnSIbq7u7HBECrQLwfDwXaDbVpHfk+cPEG23DzRXVeiy8KGEVBVE5nzx6WpRfTbh45CP0LrDVR+/G3crKiuK4mHqAtJ3UnW45clM3Gcz7VygCsjGArO3pVp4cctOZu0lD+AfAjmgl7tz7xTVLLPNhglraSLbWL3TUQ7rdtKIGggrJD7uo7k2RpUHemMtZk2+o42tYJ4uHKVELf+vACoGHGYn/2Vn6NWZEITlpOXCNNRMd7eYunFwN4HX2m9vRwUR8vtPJyOUeC957kln3,iv:r0ejnmyxNFabwzJn5gJL0tId/jP0FTrL0utFWd/DiRA=,tag:RsObDcDIkbr3tg2863b19Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +17,8 @@ sops:
             enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
             YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-23T22:18:12Z"
-    mac: ENC[AES256_GCM,data:80Dul9VV/MpL/IgWilpne4szz28rQPV0fgdjTfX33c6hO1OiARDFrY6hRTAk38AKakkIFwmneBlmTfFpgN6pstqX9f4YNtHLdi6KXoJzBL9v6+gyY5ypJwKftpXcKUuJUo/A03HA8Grq4vhOqsUEO7HXofj96GxKcMtHONgcTbI=,iv:v140qo5vnEsJhObV5GgLgBbU2/AoROfSSvEiAXl+Kgg=,tag:vitC7J3pSGA9WkNzfFVmXw==,type:str]
+    lastmodified: "2024-05-14T12:01:05Z"
+    mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str]
     pgp:
         - created_at: "2024-05-10T18:05:16Z"
           enc: |-

secrets/services/nyastodon.yaml

@@ -1,38 +0,0 @@
-services:
-    nyastodon:
-        secretKeyBaseFile: ENC[AES256_GCM,data:VywfWY41tcM6zDCMlCLnOh5hRCkb3dLCmfDgcT0QoKTqlV2QqlutQMOAG4DA06HuIyext6DGOkvAsDGLIHb7SWblU6UaQgpoUCp+WpHqCc/fxzg9EsOy9ApF4ESCj/Fb+l55eRS7QlC7isU9zxWW5H9ccMxbmZcGePN8aGyZbaU=,iv:GHg1/Q64uuxFmbt9X/+WbmuHUVlXcK7fd0W+flYoxVs=,tag:8tlsSUXfyb67Cx4Eejmg9A==,type:str]
-        otpSecretFile: ENC[AES256_GCM,data:Gu0MAnP4E+oTNtVeqeKpI3RceCotoqo2kVKJXiCEUtw3Sm206nDIyfdcX7r7Ho+nlpwe05gYFYSb+ISgmz8p8bTxmAc2J/1fFnmC+6V/3d5sNP+a0KIdA0xVZ+HRTqe+N8X1n8n0FzbBvps5IZ4Y02Jvf7dK5QQyxj6H5fFzdhs=,iv:QrO78qm4jCBbdDPqoprVUHMM6XC9YTQ+U4zAnMVaHcM=,tag:HIzQUwsYi3i+SoDbbuaMUg==,type:str]
-        vapidPrivateKeyFile: ENC[AES256_GCM,data:YhT0xABuEa8VIlpzl1IAd5Jkni9xKBazF0EJssDfRfry7RHvrj5qyMkK17w=,iv:cfbspnityKGgGOohXcwGY6h8k2VbW35wa+Lzc/Z71mc=,tag:bK02soRkqcmkPKB/n2w/ug==,type:str]
-        vapidPublicKeyFile: ENC[AES256_GCM,data:CIv5x7oG4oJ13suTlMUEDnih26rQ6XhHFiyXz3kRjVkNiWFylLxRvpmCRvgogFQoH05MRTTm50qPK7GTFc0N/XMucGSS4bHpZFc/g/OJJAfjHWUixamK0w==,iv:Vo9txxYAY0YOmv23w94S7K0vh8QntCKiK7/VwA439P8=,tag:UtJmMFnnyYPgypDFBtgKjQ==,type:str]
-        extraEnvFile: ENC[AES256_GCM,data:kaMYIkHq7TluFww4SnQiVrEgm0+yIbXFucbMWRzdpq0KSrBD2Wim014KljfnGC6udMGApzhACHCRx0K5HtjxUW0dtoasQOregHZQL8peuvm8hWwsvAm4Y+uNY4zz6XU+2vZgUFLFWkJdRjWngc4Va2lLn0rGGV1GtGHUJrvCjNz931XGjVERaSqfBbcJ5YzrevIreixCqcqTPWm5VlpGYtzS3dQptqRb/fu/x3ewZIRUV0pwDCZC4x0PNTI7I2fEyWrNEqwaA/7gPIwu600PGYf5gIP+1UNLhbhdGJjCl6PKL2srNs8=,iv:3Dfw5FEGvHzvCIslTFAoy0Y6Vzp/KjT4sAJq7nWgBSs=,tag:CZmVCBJrxVyCvtV03qaP7A==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTdsY1F6bXFtNWcvTlEw
-            YVBSUHFKOFVaUTBBNDQ1YURrTDcyTkMrcndzClRZbkw1a2xzU2lwZDM3QVE5dFhs
-            ay8rYmt5QUFVTGpNVzJkTzlTOElSZVUKLS0tIGYwUDFKazhNcFZvNVEwT3R3K2FM
-            Y0RKVmdleHJBZ0lkNzNJbVc2UzY5dU0KEK8p4FnlZ5LRXl4LAYBnhKssxS5wVOzn
-            sK+T3B6sduuFsCDtKj8PslRHqhqUzKx9zHnmEzVdknz5lMu3VR8dig==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-14T18:02:20Z"
-    mac: ENC[AES256_GCM,data:M5jjc6EjOS07PEc36z5Bj5wKYcIILFH34AWgdQDWsST4xeyFl+I0nDBJNxfsHuh9j5DOiqVSQsgGVww5ldb491JC6CDwAbjU/vAU9qmncBU6QGH3li/iqUQgL5i6JRBwdiuaDG+MUG9uYuyJoQrFFY64ysKcZEu50Uz3ZFE4zzA=,iv:EIewnDy+oBC1x/TMLbF7qwrjvq/eRW6D5VXOpmWQUf0=,tag:E7OQfoVQFABZw6CrFpBb0g==,type:str]
-    pgp:
-        - created_at: "2024-08-14T17:48:29Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4D1GtNSlou/HkSAQdAjC0ApM8rgWrRJZNhQp67X7SsTM3bR6eG39MKdzyDIXYw
-            pXMhu4F75V2X22ptlUfvIyCZWk2Xo4O3DvyjjTPXPucvgKDq3sCrUZ5s7PzuSPkL
-            0l4BybEwUNioL8xs8+Mft6kFAXiXQX3f4Y5IYNi2L5uboDEASyXpmwE14FAITeIO
-            XAsG0U6WAh/GtOtaP4R7samvM67e4CSbijxM4FaITZa1K4LcmSeVGl3SgiSAuDj2
-            =KquB
-            -----END PGP MESSAGE-----
-          fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1