16 changed files with 226 additions and 285 deletions
--- a/config/hosts/integra/configuration.nix
+++ b/config/hosts/integra/configuration.nix
@ -1,7 +1,6 @@
 { ... }: { 
  imports = [
    ../../common
-    ../../users/nil
    ../../profiles/builder.nix
    ../../profiles/headless.nix
    ./hardware-configuration.nix
@ -19,7 +18,6 @@

  nix.sshServe.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
--- a/config/hosts/seras/configuration.nix
+++ b/config/hosts/seras/configuration.nix
@ -10,11 +10,7 @@
    ../../services/hydra
    ../../services/update-nixfiles.nix
  ];
-
-  boot.binfmt = {
-    preferStaticEmulators = true;
-    emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
-  };
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  networking.hostName = "seras";
  systemd.network.networks."98-eth-default" = {
--- a/config/profiles/builder.nix
+++ b/config/profiles/builder.nix
@ -15,7 +15,6 @@
    write = true;
    keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdHbFlGDGtBowdOHTfO3sBaLbBLRyyZTsW6ngeaD917 emily@alucard"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch"
--- a/config/services/arrs/default.nix
+++ b/config/services/arrs/default.nix
@ -12,13 +12,6 @@
    wants = [ "mnt-mezzomix.mount" ];
  });

-  nixpkgs.config.permittedInsecurePackages = [
-    "aspnetcore-runtime-wrapped-6.0.36"
-    "aspnetcore-runtime-6.0.36"
-    "dotnet-sdk-wrapped-6.0.428"
-    "dotnet-sdk-6.0.428"
-  ];
-
  systemd.mounts = lib.singleton {
    description = "rclone mount";
    after = [ "network.target" ];
--- a/config/services/hydra/nix-config.nix
+++ b/config/services/hydra/nix-config.nix
@ -1,9 +1,6 @@
 { config, lib, ... }: {
  nix.buildMachines = let
    base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-    x86-64 = [ "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
-    aarch64 = [ "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "gccarch-armv8.2-a+fp16+rcpc+dotprod" ];
-    riscv64 = [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
  in [
    {
      hostName = "localhost";
@ -17,18 +14,18 @@
      hostName = "integra.kyouma.net";
      sshUser = "nix-ssh";
      maxJobs = 2;
-      speedFactor = 24;
+      speedFactor = 4;
      systems = [ "aarch64-linux" ];
-      supportedFeatures = base ++ aarch64 ++ [ "aarch64-linux-native" ];
+      supportedFeatures = base;
      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
    }
    {
      hostName = "schrodinger.kyouma.net";
      sshUser = "root";
-      maxJobs = 2;
+      maxJobs = 0;
      speedFactor = 20;
      systems = [ "riscv64-linux" ];
-      supportedFeatures = base ++ riscv64 ++ [ "riscv64-linux-native" ];
+      supportedFeatures = base ++ [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
    }
  ] ++ lib.forEach (lib.range 0 11) (num: {
@ -36,11 +33,8 @@
      sshUser = "root";
      maxJobs = 2;
      speedFactor = 20;
-      systems = [ "i686-linux" "x86_64-linux" ]
-        ++ lib.optionals (lib.mod num 5 == 0) [ "aarch64-linux" "riscv64-linux" ];
-      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" ] ++ x86-64
-        ++ lib.optionals (lib.mod num 5 == 0) (aarch64 ++ riscv64
-          ++ [ "aarch64-linux-qemu" "riscv64-linux-qemu" "x86_64-linux-native" "i686-linux-native" ]);
+      systems = [ "i686-linux" "x86_64-linux" ];
+      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
  });
  nixpkgs.config.allowUnsupportedSystem = true;
--- a/config/services/jellyfin.nix
+++ b/config/services/jellyfin.nix
@ -2,32 +2,8 @@

  services.jellyfin.enable = true;

-  services.nginx.virtualHosts."watch.kyouma.net" = {
-    forceSSL = true;  
-    http3 = true;
-    quic = true;
-    useACMEHost = "fentanyl.trade";
-    locations = {
-      "= /".return = "302 https://$host/web/";
-      "/" = {
-        proxyPass = "http://[::1]:8096";
-        recommendedProxySettings = true;
-        extraConfig = ''
-          proxy_buffering on;
-        '';
-      };
-      "= /web/" = {
-        proxyPass = "http://[::1]:8096";
-        recommendedProxySettings = true;
-      };
-      "/socket" = {
-        proxyPass = "http://[::1]:8096";
-        recommendedProxySettings = true;
-        proxyWebsockets = true;
-      };
-    };
-  };
  kyouma.nginx.virtualHosts = {
+    "watch.kyouma.net".redirectTo = "fentanyl.trade";
    "fentanyl.trade" = {
      serverAliases = lib.singleton "frotti.ng";
      locations = {
--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@ -34,6 +34,7 @@ in {
      add_header Strict-Transport-Security 	$hsts_header;
      add_header X-Content-Type-Options 	  "nosniff" always;
      add_header X-XSS-Protection 		      "1; mode=block" always;
+      add_header X-Frame-Options 		        "SAMEORIGIN" always;
      add_header Referrer-Policy 		        "same-origin" always;
      add_header Alt-Svc                    'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
      #add_header Content-Security-Policy    "script-src 'self'; object-src 'none'; base-uri 'none';" always;
--- a/config/users/emily/default.nix
+++ b/config/users/emily/default.nix
@ -52,7 +52,7 @@

      #ubuntu_font_family
      libsForQt5.breeze-icons
-      nerd-fonts.symbols-only
+      (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
      jetbrains-mono
      font-awesome
    ];
--- a/config/users/lucy/default.nix
+++ b/config/users/lucy/default.nix
@ -11,7 +11,6 @@
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIId7XvwEHtC9KdGg4Bn+XE+yyBp7/dRToJX9T56mM7ln kosaki@kosaki"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZH8HwE1OxVAArRpc3+c7foYJ/WYjp4BqUyuab9yQyl emilia@emilia"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdONA7yQMPvEgdeCi3uYh4J6K0U5sk/DcwHNa9jv+Jb minorin@kotori"
    ];
  };

--- a/flake.lock
+++ b/flake.lock
@ -94,11 +94,11 @@
    "communities": {
      "flake": false,
      "locked": {
-        "lastModified": 1734258374,
-        "narHash": "sha256-HYr2POmGwih2tDm0FlHBueKoCyqATW2aSztgdyc+Ecs=",
+        "lastModified": 1719412992,
+        "narHash": "sha256-WYcu4m9qytW5chFC8ZocDhvMflLIwsLkjz/z5ybjYlI=",
        "owner": "NLNOG",
        "repo": "lg.ring.nlnog.net",
-        "rev": "cb80cd9e60e5381becfb2ad4046c5e5ae60d0543",
+        "rev": "41cf616bae6fba597d074a484aabf1bee9002fb5",
        "type": "github"
      },
      "original": {
@ -136,11 +136,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735644329,
-        "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
        "type": "github"
      },
      "original": {
@ -156,11 +156,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736199437,
-        "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=",
+        "lastModified": 1732742778,
+        "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf",
+        "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8",
        "type": "github"
      },
      "original": {
@ -179,11 +179,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1733919067,
-        "narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=",
+        "lastModified": 1726867691,
+        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
        "owner": "kirelagin",
        "repo": "dns.nix",
-        "rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456",
+        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
        "type": "github"
      },
      "original": {
@ -201,11 +201,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1734984635,
-        "narHash": "sha256-SacvlGIjTZUJbsRFDh70nQQ3H6xVK01JE0E2TaXy+b4=",
+        "lastModified": 1725373953,
+        "narHash": "sha256-hkWPZTAQSDOaoTsdC3t4L8Rm65M3VYw6t4+8aghBPzA=",
        "owner": "wobcom",
        "repo": "fernglas",
-        "rev": "bcd18916c16a4c79ded8dbcb180f6a8604816b58",
+        "rev": "25e55f0275c369d66ccd847e7fc0f4cbd4ca4d26",
        "type": "github"
      },
      "original": {
@ -216,16 +216,17 @@
    },
    "firefox": {
      "inputs": {
+        "neoidiosyn": "neoidiosyn",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1736191668,
-        "narHash": "sha256-hGtOSPwIJTTW0z5qR3Ms23G7dP7/FS6vWHKl1+vqYSQ=",
+        "lastModified": 1732728458,
+        "narHash": "sha256-UpSmqS5aX+UfQ94TDsqv5KDoJnpGT1CbgnzY/Egfc50=",
        "ref": "refs/heads/main",
-        "rev": "505a4a8128befb4b51c1a47c3763a8061a26f751",
-        "revCount": 13,
+        "rev": "0ab60773023ac5c303b402e8a8c84708ea5c59bc",
+        "revCount": 4,
        "type": "git",
        "url": "https://woof.rip/mikael/firefox.git"
      },
@ -234,22 +235,6 @@
        "url": "https://woof.rip/mikael/firefox.git"
      }
    },
-    "firefox-gnome-theme": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1734969791,
-        "narHash": "sha256-A9PxLienMYJ/WUvqFie9qXrNC2MeRRYw7TG/q7DRjZg=",
-        "owner": "rafaelmardojai",
-        "repo": "firefox-gnome-theme",
-        "rev": "92f4890bd150fc9d97b61b3583680c0524a8cafe",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rafaelmardojai",
-        "repo": "firefox-gnome-theme",
-        "type": "github"
-      }
-    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -363,11 +348,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736143030,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "lastModified": 1730504689,
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
        "type": "github"
      },
      "original": {
@ -398,6 +383,24 @@
      "inputs": {
        "systems": "systems_2"
      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_3"
+      },
      "locked": {
        "lastModified": 1726560853,
        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@ -412,9 +415,9 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1731533236,
@ -430,7 +433,7 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_5": {
      "inputs": {
        "systems": [
          "stylix",
@ -466,6 +469,21 @@
        "type": "github"
      }
    },
+    "flakey-profile_2": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
    "florp-about": {
      "inputs": {
        "nixpkgs": [
@ -552,45 +570,18 @@
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1735882644,
-        "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
-    "git-hooks_2": {
-      "inputs": {
-        "flake-compat": [
-          "stylix",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore_2",
-        "nixpkgs": [
-          "stylix",
-          "nixpkgs"
        ],
        "nixpkgs-stable": [
-          "stylix",
-          "git-hooks",
+          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1731363552,
-        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+        "lastModified": 1732021966,
+        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
        "type": "github"
      },
      "original": {
@ -621,41 +612,19 @@
        "type": "github"
      }
    },
-    "gitignore_2": {
-      "inputs": {
-        "nixpkgs": [
-          "stylix",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1732369855,
-        "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
+        "lastModified": 1713702291,
+        "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
+        "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
        "type": "github"
      },
      "original": {
        "owner": "GNOME",
-        "ref": "47.2",
+        "ref": "46.1",
        "repo": "gnome-shell",
        "type": "github"
      }
@ -667,11 +636,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736204492,
-        "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=",
+        "lastModified": 1732482255,
+        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a",
+        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
        "type": "github"
      },
      "original": {
@ -756,6 +725,68 @@
      }
    },
    "lix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1732112222,
+        "narHash": "sha256-H7GN4++a4vE49SUNojZx+FSk4mmpb2ifJUtJMJHProI=",
+        "rev": "66f6dbda32959dd5cf3a9aaba15af72d037ab7ff",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/66f6dbda32959dd5cf3a9aaba15af72d037ab7ff.tar.gz?rev=66f6dbda32959dd5cf3a9aaba15af72d037ab7ff"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "flakey-profile": "flakey-profile",
+        "lix": [
+          "firefox",
+          "neoidiosyn",
+          "lix"
+        ],
+        "nixpkgs": [
+          "firefox",
+          "neoidiosyn",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1732603698,
+        "narHash": "sha256-Jw2MhzgCCrKV2MJytehG0cCLIAosBX71p8qmQ6XQlR4=",
+        "rev": "15b999f9c958c475f71fb8c543b9fc2f36ae8730",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/15b999f9c958c475f71fb8c543b9fc2f36ae8730.tar.gz?rev=15b999f9c958c475f71fb8c543b9fc2f36ae8730"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
+      }
+    },
+    "lix-module_2": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "flakey-profile": "flakey-profile_2",
+        "lix": "lix_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729360442,
+        "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
+        "rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
+      }
+    },
+    "lix_2": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "nix2container": "nix2container",
@ -775,28 +806,7 @@
        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
      }
    },
-    "lix-module": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "flakey-profile": "flakey-profile",
-        "lix": "lix_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729360442,
-        "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
-        "rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
-      }
-    },
-    "lix_2": {
+    "lix_3": {
      "flake": false,
      "locked": {
        "lastModified": 1729298361,
@ -810,6 +820,29 @@
        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
      }
    },
+    "neoidiosyn": {
+      "inputs": {
+        "lix": "lix",
+        "lix-module": "lix-module",
+        "nixpkgs": [
+          "firefox",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1732728441,
+        "narHash": "sha256-jaocsiOHZRTjXLBr6RZanVnB/P2tVLtUiA/QR45HBKU=",
+        "ref": "refs/heads/main",
+        "rev": "6028166f27a98fe92913b1923b6e07b35c0c40d0",
+        "revCount": 1,
+        "type": "git",
+        "url": "https://woof.rip/mikael/neoidiosyn.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://woof.rip/mikael/neoidiosyn.git"
+      }
+    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -818,11 +851,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736085891,
-        "narHash": "sha256-bTl9fcUo767VaSx4Q5kFhwiDpFQhBKna7lNbGsqCQiA=",
+        "lastModified": 1732603785,
+        "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "ba9b3173b0f642ada42b78fb9dfc37ca82266f6c",
+        "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a",
        "type": "github"
      },
      "original": {
@ -920,11 +953,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1736237814,
-        "narHash": "sha256-uTdscVaKjnRnBIMuu/oWwdiGhYd/JOQ4YZGHeCoroqs=",
+        "lastModified": 1732483221,
+        "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "ca30f8501ab452ca687a7fdcb2d43e1fb1732317",
+        "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405",
        "type": "github"
      },
      "original": {
@ -955,11 +988,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734649271,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "lastModified": 1720418205,
+        "narHash": "sha256-cPJoFPXU44GlhWg4pUk9oUPqurPlCFZ11ZQPk21GTPU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "655a58a72a6601292512670343087c2d75d859c1",
        "type": "github"
      },
      "original": {
@ -1035,11 +1068,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1736012469,
-        "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
+        "lastModified": 1732521221,
+        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
+        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
        "type": "github"
      },
      "original": {
@ -1066,11 +1099,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1736219611,
-        "narHash": "sha256-osQC3uZOQQrTPTlhEBE6mesPCkYDDOSLsJNNATQZqmw=",
+        "lastModified": 1732726573,
+        "narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "a352bb89b0cd180f5c767689c4cc310109cd4ad8",
+        "rev": "fc9178d124eba824f1862513314d351784e1a84c",
        "type": "github"
      },
      "original": {
@ -1081,7 +1114,7 @@
    },
    "nuschtosSearch": {
      "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_4",
        "ixx": "ixx",
        "nixpkgs": [
          "nixvim",
@ -1089,11 +1122,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735854821,
-        "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=",
+        "lastModified": 1731936508,
+        "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
        "owner": "NuschtOS",
        "repo": "search",
-        "rev": "836908e3bddd837ae0f13e215dd48767aee355f0",
+        "rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
        "type": "github"
      },
      "original": {
@ -1148,15 +1181,15 @@
        "dns": "dns",
        "fernglas": "fernglas",
        "firefox": "firefox",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "florp-about": "florp-about",
        "florp-branding": "florp-branding",
        "florp-moderation": "florp-moderation",
        "home-manager": "home-manager",
        "hydra": "hydra",
        "kyouma-www": "kyouma-www",
-        "lix": "lix",
-        "lix-module": "lix-module",
+        "lix": "lix_2",
+        "lix-module": "lix-module_2",
        "nixos-hardware": "nixos-hardware",
        "nixos-needsreboot": "nixos-needsreboot",
        "nixpkgs": "nixpkgs_4",
@ -1173,11 +1206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736203741,
-        "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
+        "lastModified": 1732575825,
+        "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
+        "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
        "type": "github"
      },
      "original": {
@ -1192,10 +1225,8 @@
        "base16-fish": "base16-fish",
        "base16-helix": "base16-helix",
        "base16-vim": "base16-vim",
-        "firefox-gnome-theme": "firefox-gnome-theme",
        "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_4",
-        "git-hooks": "git-hooks_2",
+        "flake-utils": "flake-utils_5",
        "gnome-shell": "gnome-shell",
        "home-manager": [
          "home-manager"
@ -1203,18 +1234,17 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_4",
+        "systems": "systems_5",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
-        "tinted-tmux": "tinted-tmux",
-        "tinted-zed": "tinted-zed"
+        "tinted-tmux": "tinted-tmux"
      },
      "locked": {
-        "lastModified": 1736201929,
-        "narHash": "sha256-TC6nITVcD+qxjPOWGmLAshuOkILocvzxfHj0Vsu6FAI=",
+        "lastModified": 1732608183,
+        "narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "1d7b70ed9ee4c3b24ed6b0c7c64a0ee5fcc4ae10",
+        "rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334",
        "type": "github"
      },
      "original": {
@ -1283,6 +1313,21 @@
        "type": "github"
      }
    },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "tinted-foot": {
      "flake": false,
      "locked": {
@ -1333,22 +1378,6 @@
        "type": "github"
      }
    },
-    "tinted-zed": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1725758778,
-        "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
-        "owner": "tinted-theming",
-        "repo": "base16-zed",
-        "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "tinted-theming",
-        "repo": "base16-zed",
-        "type": "github"
-      }
-    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
@ -1379,11 +1408,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736115332,
-        "narHash": "sha256-FBG9d7e0BTFfxVdw4b5EmNll2Mv7hfRc54hbB4LrKko=",
+        "lastModified": 1732643199,
+        "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "1788ca5acd4b542b923d4757d4cfe4183cc6a92d",
+        "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c",
        "type": "github"
      },
      "original": {
--- a/modules/nginx/default.nix
+++ b/modules/nginx/default.nix
@ -5,13 +5,13 @@
    add_header Alt-Svc                    'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
    #add_header Content-Security-Policy   "script-src 'self'; object-src 'none'; base-uri 'none';" always;
    add_header X-Content-Type-Options 	  "nosniff" always;
-    add_header X-Frame-Options 		        "SAMEORIGIN" always;
    add_header X-XSS-Protection 		      "1; mode=block" always;
+    add_header X-Frame-Options 		        "SAMEORIGIN" always;
    add_header Referrer-Policy 		        "same-origin" always;
  '';
  createHost = vhostName: vhostCfg: {
    extraConfig = lib.optionalString (vhostCfg ? "extraConfig") (
-      vhostCfg.extraConfig
+      vhostCfg.extraConfig + "\n" + extraConfig
    ) + lib.optionalString (
      if (vhostCfg ? "verifyClientCert") then 
        vhostCfg.verifyClientCert
@ -20,7 +20,7 @@
      ssl_client_certificate ${./kyouma_Root_CA.pem};
      ssl_verify_client on;
      ssl_verify_depth 1;
-    '' + "\n" + extraConfig;
+    '';
    forceSSL = true;
  } //
  lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
--- a/pkgs/build-worker-oci/default.nix
+++ b/pkgs/build-worker-oci/default.nix
@ -1,13 +1,11 @@
 # I hate this so much aaa
 {
-  lib,
  callPackage,
  dockerTools,
  openssh,
  bash,
  gnused,
  util-linux,
-  qemu-user
 }:

 dockerTools.buildLayeredImage {
@ -22,34 +20,11 @@ dockerTools.buildLayeredImage {

  enableFakechroot = true;

-  contents = [ openssh util-linux bash gnused qemu-user ];
+  contents = [ openssh util-linux bash gnused ];

  config.Cmd = [ "/entrypoint.sh" ];

-  fakeRootCommands = let
-    system-features = [
-      "benchmark"
-      "big-parallel"
-      "nixos-test"
-      "uid-range"
-
-      "gccarch-x86-64"
-      "gccarch-x86-64-v2"
-      "gccarch-x86-64-v3"
-      "gccarch-armv8-a"
-      "gccarch-armv8.1-a"
-      "gccarch-armv8.2-a"
-      "gccarch-armv8.2-a+fp16+rcpc+dotprod"
-      "gccarch-rv64imac"
-      "gccarch-rv64imacfd"
-      "gccarch-rv64gc"
-
-      "riscv64-linux-qemu"
-      "aarch64-linux-qemu"
-      "x86_64-linux-native"
-      "i686-linux-native"
-    ];
-  in ''
+  fakeRootCommands = ''
    mkdir -p /root
    cat <<EOF > /root/nix.conf
    build-users-group = nixbld
@ -61,14 +36,12 @@ dockerTools.buildLayeredImage {
    max-silent-time = 14400
    min-free = ${builtins.toString (49152 * 1024 * 1024)}
    max-free = ${builtins.toString (65536 * 1024 * 1024)}
-    extra-platforms = aarch64-linux i686-linux riscv64-linux
-    system-features = ${toString system-features}
+    system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
    EOF

    mkdir -p /root/.ssh
    cat <<EOF > /root/.ssh/authorized_keys
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdHbFlGDGtBowdOHTfO3sBaLbBLRyyZTsW6ngeaD917 emily@alucard
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
@ -121,9 +94,7 @@ dockerTools.buildLayeredImage {
    mkdir -p /var/empty
    mkdir -p /var/log

-    substitute ${./entrypoint.sh} /entrypoint.sh \
-      --subst-var-by qemu-aarch64 ${lib.getExe' qemu-user "qemu-aarch64"} \
-      --subst-var-by qemu-riscv64 ${lib.getExe' qemu-user "qemu-riscv64"} 
+    cp ${./entrypoint.sh} /entrypoint.sh
    chmod +x /entrypoint.sh
  '';
 }
--- a/pkgs/build-worker-oci/entrypoint.sh
+++ b/pkgs/build-worker-oci/entrypoint.sh
@ -26,14 +26,4 @@ cp /root/nix.conf /etc/nix/nix.conf
 /bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
 /bin/mount --bind /mnt/data/tmp /tmp

-# Register QEMU binaries for user mode emulation
-aarch64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'
-aarch64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
-
-riscv64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'
-riscv64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
-
-echo ":qemu-aarch64:M::$aarch64_magic:$aarch64_mask:@qemu-aarch64@:POCF" >/proc/sys/fs/binfmt_misc/register
-echo ":qemu-riscv64:M::$riscv64_magic:$riscv64_mask:@qemu-riscv64@:POCF" >/proc/sys/fs/binfmt_misc/register
-
 /root/.nix-profile/bin/sshd -D -f /root/sshd_config
--- a/pkgs/build-worker-oci/source.nix
+++ b/pkgs/build-worker-oci/source.nix
@ -4,8 +4,8 @@

 dockerTools.pullImage {
  imageName = "nixos/nix";
-  imageDigest = "sha256:5a0d942e11cf154230289c4bca0cb391c44ed8e83561f3f8f2ef708bc0edda93";
-  sha256 = "1jc1hzqafc4qx8lw9nialf82qj37jxjynpzsprwk76pzb868x2iw";
+  imageDigest = "sha256:133a1607deea14a02c2bc0850e275ed135814235a1147f68967afee261caea2b";
+  sha256 = "0602a59g14l1jiqfffz14hcp982qaqczi5f0ylvv0h9pp2pqrqs5";
  finalImageName = "nixos/nix";
  finalImageTag = "latest";
 }
--- a/pkgs/build-worker-oci/update.sh
+++ b/pkgs/build-worker-oci/update.sh
@ -29,5 +29,4 @@ skopeo --insecure-policy copy docker-archive:"result" \

 rm "result"

-fly deploy --app build-worker-kyoumanet
-fly deploy --app build-worker-kyoumanet-cdg
+fly deploy
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -2,11 +2,7 @@ final: prev: {
  nyastodon = final.callPackage ./nyastodon/default.nix {};
  upgrade-system = final.callPackage ./upgrade-system/default.nix {};
  update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
-  build-worker-oci = final.callPackage ./build-worker-oci/default.nix {
-    qemu-user = final.pkgsStatic.qemu-user.override {
-      hostCpuTargets = [ "aarch64-linux-user" "riscv64-linux-user" ];
-    };
-  };
+  build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
  librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
  librespeed-go = final.callPackage ./librespeed-go/default.nix {};
  akkoma-fe-domi = final.callPackage ./akkoma-fe-domi/default.nix {};