test-vm: Add WHIB backend

config-manager/default.nix

@@ -9,7 +9,7 @@ let
   flakePath = config.config-manager.flakePath;
   nixosConfiguration = config.config-manager.nixosConfiguration;
 
-  nh = inputs.nh.packages."${pkgs.stdenv.hostPlatform.system}".default;
+  nh = inputs.nh.packages."${pkgs.system}".default;
 
   config-manager =
     if flakePath == "" then
@@ -33,7 +33,7 @@ let
 
                 update() {
                   echo -e "\033[0;31mUPDATING FLAKE\033[0m"
-                  nix flake update --flake ${flakePath}
+                  nix flake update ${flakePath}
                 }
 
                 switch() {

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1762618334,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
         "type": "github"
       },
       "original": {
@@ -23,39 +23,6 @@
         "type": "github"
       }
     },
-    "aquamarine": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "hyprwayland-scanner": [
-          "hyprland",
-          "hyprwayland-scanner"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1767024902,
-        "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
-        "owner": "hyprwm",
-        "repo": "aquamarine",
-        "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "aquamarine",
-        "type": "github"
-      }
-    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -64,11 +31,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744478979,
-        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
         "type": "github"
       },
       "original": {
@@ -78,39 +45,20 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1766150702,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "emacs-overlay": {
       "inputs": {
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ],
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1767777451,
-        "narHash": "sha256-rWTDh+NZl2hTXmfHPaIpRwSRlhbLHY8UaXTCU5zwzDk=",
+        "lastModified": 1730513067,
+        "narHash": "sha256-0MHc5yR4qmQK4O8MzraisT3gnv907fn813Qb2J134CU=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "32dceb02d7b008d127988876a48c5d471179e8e6",
+        "rev": "6afb2183cef03dcfce47c3bf22b2d44ded54ace0",
         "type": "github"
       },
       "original": {
@@ -119,48 +67,16 @@
         "type": "github"
       }
     },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1767039857,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1765121682,
-        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
         "type": "github"
       },
       "original": {
@@ -169,49 +85,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": [
-          "nix-jetbrains-plugins",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "pre-commit-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -220,11 +93,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745494811,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
         "type": "github"
       },
       "original": {
@@ -240,11 +113,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767792169,
-        "narHash": "sha256-WSAu+ZxF697u/OJDdBLO+YFhtqFsPowrXXOQbjDT/uA=",
+        "lastModified": 1730490306,
+        "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "aea57993a89bfc2a66c0434e0f4383ebf164e2a3",
+        "rev": "1743615b61c7285976f85b303a36cdf88a556503",
         "type": "github"
       },
       "original": {
@@ -253,96 +126,6 @@
         "type": "github"
       }
     },
-    "hyprcursor": {
-      "inputs": {
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1753964049,
-        "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "type": "github"
-      }
-    },
-    "hyprgraphics": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1766946335,
-        "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
-        "owner": "hyprwm",
-        "repo": "hyprgraphics",
-        "rev": "4af02a3925b454deb1c36603843da528b67ded6c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprgraphics",
-        "type": "github"
-      }
-    },
-    "hyprland": {
-      "inputs": {
-        "aquamarine": "aquamarine",
-        "hyprcursor": "hyprcursor",
-        "hyprgraphics": "hyprgraphics",
-        "hyprland-guiutils": "hyprland-guiutils",
-        "hyprland-protocols": "hyprland-protocols",
-        "hyprlang": "hyprlang",
-        "hyprutils": "hyprutils",
-        "hyprwayland-scanner": "hyprwayland-scanner",
-        "hyprwire": "hyprwire",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "pre-commit-hooks": "pre-commit-hooks",
-        "systems": "systems_2",
-        "xdph": "xdph"
-      },
-      "locked": {
-        "lastModified": 1767907620,
-        "narHash": "sha256-zpQr4jkAoARBI22dFDnRekUagdRt6Mfc+ThpSSHm90s=",
-        "owner": "hyprwm",
-        "repo": "Hyprland",
-        "rev": "5b1b79c29c5e0ea974b2a9da5d122dd0f3bedca6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "Hyprland",
-        "type": "github"
-      }
-    },
     "hyprland-contrib": {
       "inputs": {
         "nixpkgs": [
@@ -350,11 +133,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766066098,
-        "narHash": "sha256-d3HmUbmfTDIt9mXEHszqyo2byqQMoyJtUJCZ9U1IqHQ=",
+        "lastModified": 1729224425,
+        "narHash": "sha256-w9dNUedNe2qnhHuhcRf7A1l29+/6DxdMfwN6g4U3c/w=",
         "owner": "hyprwm",
         "repo": "contrib",
-        "rev": "41dbcac8183bb1b3a4ade0d8276b2f2df6ae4690",
+        "rev": "d72bc8b1cd30d448bd438e8328f8eeb4c0f2ddb6",
         "type": "github"
       },
       "original": {
@@ -363,258 +146,6 @@
         "type": "github"
       }
     },
-    "hyprland-guiutils": {
-      "inputs": {
-        "aquamarine": [
-          "hyprland",
-          "aquamarine"
-        ],
-        "hyprgraphics": [
-          "hyprland",
-          "hyprgraphics"
-        ],
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "hyprtoolkit": "hyprtoolkit",
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "hyprwayland-scanner": [
-          "hyprland",
-          "hyprwayland-scanner"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1767023960,
-        "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
-        "owner": "hyprwm",
-        "repo": "hyprland-guiutils",
-        "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-guiutils",
-        "type": "github"
-      }
-    },
-    "hyprland-protocols": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1765214753,
-        "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "type": "github"
-      }
-    },
-    "hyprlang": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1764612430,
-        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "type": "github"
-      }
-    },
-    "hyprtoolkit": {
-      "inputs": {
-        "aquamarine": [
-          "hyprland",
-          "hyprland-guiutils",
-          "aquamarine"
-        ],
-        "hyprgraphics": [
-          "hyprland",
-          "hyprland-guiutils",
-          "hyprgraphics"
-        ],
-        "hyprlang": [
-          "hyprland",
-          "hyprland-guiutils",
-          "hyprlang"
-        ],
-        "hyprutils": [
-          "hyprland",
-          "hyprland-guiutils",
-          "hyprutils"
-        ],
-        "hyprwayland-scanner": [
-          "hyprland",
-          "hyprland-guiutils",
-          "hyprwayland-scanner"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "hyprland-guiutils",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "hyprland-guiutils",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1764592794,
-        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
-        "owner": "hyprwm",
-        "repo": "hyprtoolkit",
-        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprtoolkit",
-        "type": "github"
-      }
-    },
-    "hyprutils": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1766253372,
-        "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "type": "github"
-      }
-    },
-    "hyprwayland-scanner": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1763640274,
-        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
-        "owner": "hyprwm",
-        "repo": "hyprwayland-scanner",
-        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprwayland-scanner",
-        "type": "github"
-      }
-    },
-    "hyprwire": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1767473322,
-        "narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=",
-        "owner": "hyprwm",
-        "repo": "hyprwire",
-        "rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprwire",
-        "type": "github"
-      }
-    },
-    "naviterm": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1757496832,
-        "narHash": "sha256-R5EMcms24G6QGk62iNAMApeZmKsHwCDLj68UUdkhSLw=",
-        "owner": "detoxify92",
-        "repo": "naviterm",
-        "rev": "3b3bd2bace3676000f530b2f47fa28f431c56761",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "detoxify92",
-        "repo": "naviterm",
-        "type": "gitlab"
-      }
-    },
     "nh": {
       "inputs": {
         "nixpkgs": [
@@ -622,11 +153,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767773550,
-        "narHash": "sha256-8VCfAbKKj+OHD5Mz5TBB7mE/zWe/5MyFTbXEayI0WG8=",
+        "lastModified": 1728371783,
+        "narHash": "sha256-ufI7115ims2PPxggpWQhigAUrwlwu155wVgngZzzyZ0=",
         "owner": "viperML",
         "repo": "nh",
-        "rev": "5f279c597e6e2af1757e0cd0b071aeb29d3e85a5",
+        "rev": "afdff9ab4fdb9c329b5d97c5b742242b97f8754d",
         "type": "github"
       },
       "original": {
@@ -650,36 +181,13 @@
         "type": "github"
       }
     },
-    "nix-jetbrains-plugins": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems_4"
-      },
-      "locked": {
-        "lastModified": 1767434185,
-        "narHash": "sha256-S289tJM4HQQStEF9QMCtS93duiYwfecWy/zhBoEb890=",
-        "owner": "nix-community",
-        "repo": "nix-jetbrains-plugins",
-        "rev": "d3b3c5d901ce5980dec75f54f2ca6446f51b3451",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-jetbrains-plugins",
-        "type": "github"
-      }
-    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1767185284,
-        "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
+        "lastModified": 1730537918,
+        "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
+        "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
         "type": "github"
       },
       "original": {
@@ -691,11 +199,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1767640445,
-        "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=",
+        "lastModified": 1730200266,
+        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
+        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
         "type": "github"
       },
       "original": {
@@ -707,16 +215,16 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1767313136,
-        "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
+        "lastModified": 1730327045,
+        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
+        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -742,46 +250,18 @@
         "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
       }
     },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1767281941,
-        "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "disko": "disko",
         "emacs-overlay": "emacs-overlay",
         "home-manager": "home-manager_2",
-        "hyprland": "hyprland",
         "hyprland-contrib": "hyprland-contrib",
-        "naviterm": "naviterm",
         "nh": "nh",
         "nix-gc-env": "nix-gc-env",
-        "nix-jetbrains-plugins": "nix-jetbrains-plugins",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "pppdotpm-site": "pppdotpm-site",
-        "whib-backend": "whib-backend",
-        "whib-frontend": "whib-frontend"
+        "whib-backend": "whib-backend"
       }
     },
     "systems": {
@@ -800,36 +280,6 @@
       }
     },
     "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_4": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -851,80 +301,14 @@
         ]
       },
       "locked": {
-        "lastModified": 1739029248,
-        "narHash": "sha256-ux/Udy0Mhs66P/EQQ8S+xIuXRm9UHEYwSy12IZtlbnA=",
-        "ref": "master",
-        "rev": "222a8f6dde2e9270f6390b5e1e83c7ae1ea48290",
-        "revCount": 371,
-        "type": "git",
-        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
+        "lastModified": 1731143140,
+        "narHash": "sha256-pLxBnIgcAJxvbMglXbeSI5/yxSR0RfFgNW7eQ7oNFR8=",
+        "path": "/home/alex/code/own/whib",
+        "type": "path"
       },
       "original": {
-        "ref": "master",
-        "type": "git",
-        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
-      }
-    },
-    "whib-frontend": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1761508816,
-        "narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=",
-        "ref": "master",
-        "rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef",
-        "revCount": 223,
-        "type": "git",
-        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
-      },
-      "original": {
-        "ref": "master",
-        "type": "git",
-        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
-      }
-    },
-    "xdph": {
-      "inputs": {
-        "hyprland-protocols": [
-          "hyprland",
-          "hyprland-protocols"
-        ],
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "hyprwayland-scanner": [
-          "hyprland",
-          "hyprwayland-scanner"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1761431178,
-        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
-        "owner": "hyprwm",
-        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "xdg-desktop-portal-hyprland",
-        "type": "github"
+        "path": "/home/alex/code/own/whib",
+        "type": "path"
       }
     }
   },

flake.nix

@@ -6,11 +6,6 @@
 
     nixos-hardware.url = "github:nixos/nixos-hardware/master";
 
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     nh = {
       url = "github:viperML/nh";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -33,38 +28,19 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    hyprland = {
-      url = "github:hyprwm/Hyprland";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     hyprland-contrib = {
       url = "github:hyprwm/contrib";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-jetbrains-plugins = {
-      url = "github:nix-community/nix-jetbrains-plugins";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    naviterm = {
-      url = "gitlab:detoxify92/naviterm";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     pppdotpm-site = {
       url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     whib-backend = {
-      url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    whib-frontend = {
-      url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
+      # url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=nix-flake";
+      url = "path:/home/alex/code/own/whib";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
@@ -85,17 +61,6 @@
           ];
         };
 
-        manatee = inputs.nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
-          modules = [
-            ./hosts/manatee/configuration.nix
-            ./hosts/manatee/home.nix
-          ];
-        };
-
         backwards = inputs.nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           specialArgs = {
@@ -107,22 +72,16 @@
           ];
         };
 
-        tadpole =
-          let
-            system = "x86_64-linux";
-          in
-          inputs.nixpkgs.lib.nixosSystem {
-            inherit system;
-            specialArgs = {
-              inherit inputs;
-            };
-            modules = [
-              ./hosts/tadpole/configuration.nix
-              ./hosts/tadpole/home.nix
-              inputs.whib-backend.nixosModules.${system}.default
-              inputs.whib-frontend.nixosModules.${system}.default
-            ];
+        tadpole = inputs.nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs = {
+            inherit inputs;
           };
+          modules = [
+            ./hosts/tadpole/configuration.nix
+            ./hosts/tadpole/home.nix
+          ];
+        };
 
         test-vm =
           let
@@ -136,7 +95,6 @@
             modules = [
               ./hosts/test-vm/configuration.nix
               inputs.whib-backend.nixosModules.${system}.default
-              inputs.whib-frontend.nixosModules.${system}.default
             ];
           };
       };

hosts/backwards/configuration.nix

@@ -15,7 +15,7 @@
 
   console.keyMap = "sv-latin1";
 
-  services.pulseaudio.enable = false;
+  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
@@ -24,24 +24,12 @@
     pulse.enable = true;
   };
 
-  hardware = {
-    graphics = {
-      enable = true;
-      extraPackages = [
-        pkgs.intel-media-driver
-        pkgs.libvdpau-va-gl
-      ];
-    };
-  };
-
   users.users.alex = {
     isNormalUser = true;
     description = "alex";
     extraGroups = [
       "networkmanager"
       "wheel"
-      "video"
-      "render"
     ];
     packages = [ ];
   };

hosts/backwards/modules/age/default.nix

@@ -8,7 +8,7 @@
     };
 
     environment.systemPackages = [
-      inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
+      inputs.agenix.packages."${pkgs.system}".default
     ];
   };
 }

hosts/backwards/modules/audiobookshelf/default.nix

@@ -10,17 +10,17 @@ in
   };
 
   config = lib.mkIf enabled {
-    users.users.audiobookshelf = {
-      isSystemUser = true;
-      description = "audiobookshelf";
-      group = "storage";
+    fileSystems."/home/alex/media" = {
+      device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
+      fsType = "ext4";
+      options = [ "nofail" ];
     };
 
     services.audiobookshelf = {
       enable = true;
 
-      user = "audiobookshelf";
-      group = "storage";
+      user = "alex";
+      group = "users";
 
       host = "0.0.0.0";
       port = 8000;

hosts/backwards/modules/calibre-web/default.nix

@@ -14,18 +14,16 @@ in
       calibre-web = {
         enable = true;
 
-        user = "storage";
-        group = "storage";
+        user = "alex";
+        group = "users";
 
         listen = {
           ip = "0.0.0.0";
           port = 8083;
         };
 
-        dataDir = "/mnt/media/public/books";
-
         options = {
-          calibreLibrary = "/mnt/media/public/books";
+          calibreLibrary = "/home/alex/sync/books";
           enableBookUploading = true;
         };
       };

hosts/backwards/modules/default.nix

@@ -15,6 +15,9 @@ in
       nginx.enable = true;
       syncthing.enable = true;
       restic.enable = true;
+      transmission.enable = true;
+      audiobookshelf.enable = true;
+      calibre-web.enable = true;
     };
   };
 }

hosts/backwards/modules/firefox/default.nix

@@ -29,7 +29,7 @@ let
   ff-alex = pkgs.writeShellApplication {
     name = "ff-alex";
     text = ''
-      ${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
+      ${wrapped}/bin/firefox -P alex --new-window "$@"
     '';
   };
 

hosts/backwards/modules/games/default.nix

@@ -2,16 +2,16 @@
 {
   home-manager.users.alex = {
     home.packages = [
-      pkgs.nethack
-
       pkgs.moonlight-qt
 
       pkgs.pcsx2
-      (pkgs.retroarch.withCores (cores: [
-        pkgs.libretro.snes9x
-        pkgs.libretro.genesis-plus-gx
-        pkgs.libretro.swanstation
-      ]))
+      (pkgs.retroarch.override {
+        cores = [
+          pkgs.libretro.snes9x
+          pkgs.libretro.genesis-plus-gx
+          pkgs.libretro.swanstation
+        ];
+      })
     ];
   };
 }

hosts/backwards/modules/git/gitconfig

@@ -4,3 +4,6 @@
 
 [url "git@github.com:"]
     insteadOf = https://github.com/
+
+[url "git@codeberg.org:"]
+    insteadOf = https://codeberg.org/

hosts/backwards/modules/gnome/default.nix

@@ -8,14 +8,6 @@
       };
     };
 
-    desktopManager = {
-      gnome.enable = true;
-    };
-
-    displayManager = {
-      gdm.enable = true;
-    };
-
     xserver = {
       enable = true;
 
@@ -23,6 +15,14 @@
         layout = "se";
         variant = "";
       };
+
+      desktopManager = {
+        gnome.enable = true;
+      };
+
+      displayManager = {
+        gdm.enable = true;
+      };
     };
   };
 

hosts/backwards/modules/jellyfin/default.nix

@@ -0,0 +1,87 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  nginxEnabled = config.mod.nginx.enable;
+in
+{
+  fileSystems."/home/alex/media" = {
+    device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  # 1. enable vaapi on OS-level
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+
+  hardware = {
+    graphics = {
+      enable = true;
+
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-vaapi-driver # previously vaapiIntel
+        vaapiVdpau
+        libvdpau-va-gl
+        intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+        vpl-gpu-rt # QSV on 11th gen or newer
+      ];
+    };
+  };
+
+  services = {
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+
+      user = "alex";
+      group = "users";
+
+      dataDir = "/home/alex/media/jellyfin";
+    };
+
+    prowlarr.enable = true;
+
+    sonarr = {
+      enable = true;
+
+      user = "alex";
+      group = "users";
+    };
+
+    radarr = {
+      enable = true;
+
+      user = "alex";
+      group = "users";
+    };
+
+    jellyseerr.enable = true;
+
+    nginx = lib.mkIf nginxEnabled {
+      virtualHosts."jelly.ppp.pm" = {
+        locations = {
+          "/" = {
+            proxyPass = "http://127.0.0.1:8096";
+          };
+
+          "/socket" = {
+            proxyPass = "http://127.0.0.1:8096";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+  ];
+}

hosts/backwards/modules/restic/default.nix

@@ -46,7 +46,6 @@ in
           repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
 
           paths = [ "/home/alex/sync" ];
-          exclude = [ "/home/alex/sync/reading-material" ];
 
           timerConfig = {
             OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -66,8 +65,7 @@ in
       secrets = {
         "restic-password".file = ../../../../secrets/backwards/restic-password.age;
         "restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
-        "restic-cloud-sync-repository".file =
-          ../../../../secrets/backwards/restic-cloud-sync-repository.age;
+        "restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age;
       };
     };
   };

hosts/backwards/modules/ssh/default.nix

@@ -23,34 +23,17 @@ in
         enable = true;
 
         matchBlocks = {
-          "manatee" = {
-            hostname = "manatee";
-            user = "alex";
-            identityFile = "/home/alex/.ssh/alex.backwards-manatee";
-            port = 1122;
-          };
-
           "git.ppp.pm" = {
             hostname = "git.ppp.pm";
             identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
           };
 
-          "*" = {
-            forwardAgent = false;
-            addKeysToAgent = "no";
-            compression = false;
-            serverAliveInterval = 0;
-            serverAliveCountMax = 3;
-            hashKnownHosts = false;
-            userKnownHostsFile = "~/.ssh/known_hosts";
-            controlMaster = "no";
-            controlPath = "~/.ssh/master-%r@%n:%p";
-            controlPersist = "no";
+          "codeberg.org" = {
+            hostname = "codeberg.org";
+            identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
           };
         };
       };
-
-      home.packages = [ pkgs.sshfs ];
     };
 
     environment.etc."ssh/authorized_keys_command" = {
@@ -101,19 +84,6 @@ in
         path = "${rootSSHKeyPath}/root.backwards.pub";
       };
 
-      "alex.backwards-manatee" = {
-        file = ../../../../secrets/backwards/alex.backwards-manatee.age;
-        path = "/home/alex/.ssh/alex.backwards-manatee";
-        owner = "alex";
-        group = "users";
-      };
-      "alex.backwards-manatee.pub" = {
-        file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
-        path = "/home/alex/.ssh/alex.backwards-manatee.pub";
-        owner = "alex";
-        group = "users";
-      };
-
       "alex.pinwheel-backwards.pub" = {
         file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
         path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
@@ -131,6 +101,19 @@ in
         owner = "alex";
         group = "users";
       };
+
+      "alex.backwards-codeberg.org" = {
+        file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
+        path = "/home/alex/.ssh/alex.backwards-codeberg.org";
+        owner = "alex";
+        group = "users";
+      };
+      "alex.backwards-codeberg.org.pub" = {
+        file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
+        path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
+        owner = "alex";
+        group = "users";
+      };
     };
   };
 }

hosts/backwards/modules/syncthing/default.nix

@@ -34,7 +34,6 @@ in
         devices = {
           phone.id = config.lib.syncthing.phone;
           pinwheel.id = config.lib.syncthing.pinwheel;
-          tablet.id = config.lib.syncthing.tablet;
         };
 
         folders = {
@@ -75,7 +74,7 @@ in
           };
 
           books = {
-            path = "/home/alex/sync/reading-material/books";
+            path = "/home/alex/sync/books";
             devices = [ "pinwheel" ];
             versioning = {
               type = "staggered";

hosts/backwards/modules/transmission/default.nix

@@ -6,6 +6,8 @@
 }:
 let
   enabled = config.mod.transmission.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
 in
 {
   options = {
@@ -20,27 +22,31 @@ in
         enable = true;
         package = pkgs.transmission_4;
 
-        openFirewall = true;
+        user = "alex";
+        group = "users";
 
-        user = "storage";
-        group = "storage";
-
-        home = "/mnt/media/public/.ts-home";
+        home = "/home/alex/media/ts-home";
         downloadDirPermissions = "775";
 
         settings = {
-          incomplete-dir-enabled = false;
-          download-dir = "/mnt/media/public/downloads";
-
           rpc-bind-address = "0.0.0.0";
+          rpc-port = 9191;
+
+          incomplete-dir-enabled = false;
+          download-dir = "/home/alex/media/downloads";
 
-          # Required to have empty user/pass to satisfy transmissionA
-          # https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
-          rpc-whitelist-enabled = false;
           rpc-authentication-required = true;
-          rpc-username = "";
-          rpc-password = "";
+          rpc-whitelist-enabled = false;
+          rpc-username = "transmission";
+          rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
+        };
+      };
 
+      nginx = lib.mkIf nginxEnabled {
+        virtualHosts."ts.ppp.pm" = {
+          locations."/" = {
+            proxyPass = "http://localhost:9191";
+          };
         };
       };
     };

hosts/manatee/configuration.nix

@@ -1,56 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [
-    ../../config-manager/default.nix
-    ../../shared-modules/syncthing.nix
-    ./hardware-configuration.nix
-    ./disk-config.nix
-    ./modules
-  ];
-
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-  nixpkgs.config.allowUnfree = true;
-
-  users.users.alex = {
-    isNormalUser = true;
-    description = "alex";
-    extraGroups = [
-      "wheel"
-      "storage"
-    ];
-  };
-
-  environment.variables.EDITOR = "vim";
-
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-  ];
-
-  config-manager = {
-    flakePath = "/home/alex/config";
-  };
-
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
-  # to actually do that.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
-
-}

hosts/manatee/disk-config.nix

@@ -1,243 +0,0 @@
-{
-  inputs,
-  pkgs,
-  config,
-  ...
-}:
-{
-  imports = [ inputs.disko.nixosModules.disko ];
-
-  config = {
-    users.groups.storage = { };
-
-    users.users.storage = {
-      isSystemUser = true;
-      description = "storage";
-      group = "storage";
-    };
-
-    systemd.tmpfiles.settings = {
-      "10-media-public" = {
-        "/mnt/media/public" = {
-          d = {
-            # Create directory
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-          z = {
-            # Ensure permissions are inherited
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-        };
-      };
-
-      "10-cameras-public" = {
-        "/mnt/cameras/public" = {
-          d = {
-            # Create directory
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-          z = {
-            # Ensure permissions are inherited
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-        };
-      };
-
-      "10-sync-public" = {
-        "/mnt/sync/public" = {
-          d = {
-            # Create directory
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-          z = {
-            # Ensure permissions are inherited
-            user = "storage";
-            group = "storage";
-            mode = "2775";
-          };
-        };
-      };
-    };
-
-    environment.systemPackages = [
-      pkgs.smartmontools
-    ];
-
-    services.smartd = {
-      enable = true;
-      devices = [
-        { device = config.disko.devices.disk.root.device; }
-        { device = config.disko.devices.disk.disk1.device; }
-        { device = config.disko.devices.disk.disk2.device; }
-      ];
-    };
-
-    services.zfs.autoScrub.enable = true;
-
-    networking.hostId = "0a9474e7"; # Required by ZFS
-    disko.devices = {
-      disk = {
-        root = {
-          type = "disk";
-          device = "/dev/nvme0n1";
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                size = "500M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "umask=0077" ];
-                };
-              };
-
-              root = {
-                size = "100%";
-                content = {
-                  type = "filesystem";
-                  format = "ext4";
-                  mountpoint = "/";
-                };
-              };
-            };
-          };
-        };
-
-        disk1 = {
-          type = "disk";
-          device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
-          content = {
-            type = "gpt";
-            partitions = {
-              zfs = {
-                size = "100%";
-                content = {
-                  type = "zfs";
-                  pool = "storage";
-                };
-              };
-            };
-          };
-        };
-
-        disk2 = {
-          type = "disk";
-          device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
-          content = {
-            type = "gpt";
-            partitions = {
-              zfs = {
-                size = "100%";
-                content = {
-                  type = "zfs";
-                  pool = "storage";
-                };
-              };
-            };
-          };
-        };
-        disk3 = {
-          type = "disk";
-          device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
-          content = {
-            type = "gpt";
-            partitions = {
-              zfs = {
-                size = "100%";
-                content = {
-                  type = "zfs";
-                  pool = "storage";
-                };
-              };
-            };
-          };
-        };
-
-        disk4 = {
-          type = "disk";
-          device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
-          content = {
-            type = "gpt";
-            partitions = {
-              zfs = {
-                size = "100%";
-                content = {
-                  type = "zfs";
-                  pool = "storage";
-                };
-              };
-            };
-          };
-        };
-      };
-
-      zpool = {
-        storage = {
-          type = "zpool";
-
-          mode = {
-            topology = {
-              type = "topology";
-              vdev = [
-                {
-                  mode = "mirror";
-                  members = [
-                    "disk1"
-                    "disk2"
-                  ];
-                }
-                {
-                  mode = "mirror";
-                  members = [
-                    "disk3"
-                    "disk4"
-                  ];
-                }
-              ];
-            };
-          };
-
-          rootFsOptions = {
-            mountpoint = "none";
-            compression = "zstd";
-            xattr = "sa";
-            "com.sun:auto-snapshot" = "false";
-          };
-
-          datasets = {
-            media = {
-              type = "zfs_fs";
-              mountpoint = "/mnt/media";
-              options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
-            };
-
-            cameras = {
-              type = "zfs_fs";
-              mountpoint = "/mnt/cameras";
-              options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
-            };
-
-            sync = {
-              type = "zfs_fs";
-              mountpoint = "/mnt/sync";
-              options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/manatee/hardware-configuration.nix

@@ -1,39 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "nvme"
-    "ahci"
-    "usb_storage"
-    "usbhid"
-    "sd_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/manatee/home.nix

@@ -1,22 +0,0 @@
-{ inputs, ... }:
-{
-  imports = [ inputs.home-manager.nixosModules.home-manager ];
-
-  config = {
-    home-manager = {
-      useGlobalPkgs = true;
-      useUserPackages = true;
-
-      users.alex = {
-        programs.home-manager.enable = true;
-
-        home.username = "alex";
-        home.homeDirectory = "/home/alex";
-
-        home.packages = [ ];
-
-        home.stateVersion = "24.11";
-      };
-    };
-  };
-}

hosts/manatee/modules/age/default.nix

@@ -1,14 +0,0 @@
-{ inputs, pkgs, ... }:
-{
-  imports = [ inputs.agenix.nixosModules.default ];
-
-  config = {
-    age = {
-      identityPaths = [ "/etc/ssh/manatee" ];
-    };
-
-    environment.systemPackages = [
-      inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
-    ];
-  };
-}

hosts/manatee/modules/boot/default.nix

@@ -1,43 +0,0 @@
-{
-  inputs,
-  lib,
-  config,
-  ...
-}:
-let
-  configurationLimit = config.mod.gc.configurationLimit;
-in
-{
-  imports = [ inputs.nix-gc-env.nixosModules.default ];
-
-  options = {
-    mod.gc = {
-      configurationLimit = lib.mkOption {
-        type = lib.types.int;
-        default = 10;
-        description = "number of configuration generations to keep";
-      };
-    };
-  };
-
-  config = {
-    nix.gc = {
-      automatic = true;
-      dates = "weekly";
-
-      # `delete_generations` added by nix-gc-env
-      delete_generations = "+${builtins.toString configurationLimit}";
-    };
-
-    boot = {
-      loader = {
-        systemd-boot = {
-          enable = true;
-          inherit configurationLimit;
-        };
-
-        efi.canTouchEfiVariables = true;
-      };
-    };
-  };
-}

hosts/manatee/modules/certs/default.nix

@@ -1,31 +0,0 @@
-{ config, ... }:
-{
-  security.acme = {
-    acceptTerms = true;
-
-    defaults = {
-      email = "acme@ppp.pm";
-    };
-
-    certs = {
-      "ha.ppp.pm" = {
-        dnsProvider = "hetzner";
-        environmentFile = config.age.secrets.hetzner-dns.path;
-        group = "nginx";
-
-        extraLegoFlags = [
-          "--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
-          "--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
-          "--dns-timeout=60"
-          "--http-timeout=60"
-        ];
-      };
-    };
-  };
-
-  age = {
-    secrets = {
-      "hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
-    };
-  };
-}

hosts/manatee/modules/default.nix

@@ -1,27 +0,0 @@
-{ lib, ... }:
-let
-  toModulePath = dir: _: ./. + "/${dir}";
-  filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
-in
-{
-  imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
-
-  config = {
-    mod = {
-      gc.configurationLimit = 10;
-
-      ssh.enable = true;
-      git.enable = true;
-
-      nginx.enable = true;
-      syncthing.enable = true;
-      transmission.enable = true;
-      calibre-web.enable = true;
-      audiobookshelf.enable = true;
-      jellyfin.enable = true;
-      immich.enable = true;
-      navidrome.enable = true;
-      komga.enable = true;
-    };
-  };
-}

hosts/manatee/modules/git/default.nix

@@ -1,39 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  enabled = config.mod.git.enable;
-in
-{
-  options = {
-    mod.git = {
-      enable = lib.mkEnableOption "enable git module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    home-manager.users.alex = {
-      programs.git = {
-        enable = true;
-
-        includes = [
-          { path = ./gitconfig; }
-        ];
-
-        settings = {
-          rerere.enable = true;
-        };
-      };
-
-      home.packages = [ pkgs.tig ];
-
-      home.file.".tigrc".text = ''
-        set main-view-line-number = yes
-        set main-view-line-number-interval = 1
-      '';
-    };
-  };
-}

hosts/manatee/modules/git/gitconfig

@@ -1,9 +0,0 @@
-[user]
-    name = Alexander Heldt
-    email = me@alexanderheldt.se
-
-[url "git@github.com:"]
-    insteadOf = https://github.com/
-
-[url "gitea@git.ppp.pm:"]
-    insteadOf = https://git.ppp.pm/

hosts/manatee/modules/home-assistant/default.nix

@@ -1,138 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  nginxEnabled = config.mod.nginx.enable;
-in
-{
-  hardware.bluetooth.enable = true;
-
-  virtualisation.oci-containers = {
-    backend = "podman";
-
-    containers.homeassistant = {
-      image = "ghcr.io/home-assistant/home-assistant:stable";
-
-      volumes = [
-        "/home/alex/.config/home-assistant:/config"
-        # Pass in bluetooth
-        "/run/dbus:/run/dbus:ro"
-      ];
-
-      environment.TZ = "Europe/Stockholm";
-
-      extraOptions = [
-        "--network=host"
-
-        # Allows HA to perform low-level network operations (scan/reset adapter)
-        "--cap-add=NET_ADMIN"
-        "--cap-add=NET_RAW"
-
-        # Pass in Zigbee antenna
-        "--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
-      ];
-    };
-  };
-
-  services = {
-    blueman.enable = true;
-
-    nginx = lib.mkIf nginxEnabled {
-      recommendedProxySettings = true;
-
-      virtualHosts."ha.ppp.pm" = {
-        forceSSL = true;
-        useACMEHost = "ha.ppp.pm";
-
-        extraConfig = ''
-          proxy_buffering off;
-        '';
-
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:8123";
-          proxyWebsockets = true;
-        };
-      };
-    };
-  };
-
-  systemd.user = {
-    timers = {
-      "update-hetzner-ha-dns" = {
-        unitConfig = {
-          Description = "updates Hetzner DNS for home-assistant";
-        };
-
-        timerConfig = {
-          Unit = "update-hetzner-ha-dns.service";
-          OnCalendar = "*-*-* *:00/30:00";
-          Persistent = true;
-        };
-
-        wantedBy = [ "timers.target" ];
-      };
-    };
-
-    services = {
-      "update-hetzner-ha-dns" = {
-        unitConfig = {
-          Description = "updates Hetzner DNS for home-assistant";
-        };
-
-        serviceConfig = {
-          Type = "exec";
-          EnvironmentFile = config.age.secrets.hetzner-dns.path;
-        };
-
-        path = [
-          pkgs.curl
-          pkgs.coreutils # For `cat`
-          pkgs.jq
-        ];
-
-        script = ''
-          LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
-          INTERFACE="enp3s0"
-
-          CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
-
-          LAST_IP=""
-          if [[ -f "$LAST_IP_FILE" ]]; then
-              LAST_IP=$(cat "$LAST_IP_FILE")
-          fi
-
-          if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
-              echo "IP unchanged, NOOP update."
-              exit 0
-          else
-              echo "Updating IP"
-
-              JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
-
-              curl \
-                --fail \
-              	-X POST \
-                -H "Authorization: Bearer $HETZNER_API_TOKEN" \
-                -H "Content-Type: application/json" \
-                -d "$JSON_BODY" \
-                "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/ha/A/actions/set_records" \
-                && echo $CURRENT_IP > $LAST_IP_FILE
-          fi
-        '';
-      };
-    };
-  };
-
-  age = {
-    secrets = {
-      "hetzner-dns" = {
-        file = ../../../../secrets/manatee/hetzner-dns.age;
-        owner = "alex";
-        group = "users";
-      };
-    };
-  };
-}

hosts/manatee/modules/immich/default.nix

@@ -1,35 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.immich.enable;
-in
-{
-  options = {
-    mod.immich = {
-      enable = lib.mkEnableOption "Enable immich module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    users.users.immich = {
-      isSystemUser = true;
-      group = "storage";
-
-      extraGroups = [
-        "render"
-        "video"
-      ];
-    };
-
-    services.immich = {
-      enable = true;
-
-      user = "immich";
-      group = "storage";
-
-      host = "0.0.0.0";
-
-      mediaLocation = "/mnt/cameras/public";
-      accelerationDevices = [ "/dev/dri/renderD128" ];
-    };
-  };
-}

hosts/manatee/modules/jellyfin/default.nix

@@ -1,59 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-let
-  enabled = config.mod.jellyfin.enable;
-in
-{
-  options = {
-    mod.jellyfin = {
-      enable = lib.mkEnableOption "Enable jellyfin module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    users.users.jellyfin = {
-      isSystemUser = true;
-      group = "storage";
-
-      extraGroups = [
-        "render"
-        "video"
-      ];
-    };
-
-    hardware = {
-      graphics = {
-        enable = true;
-        extraPackages = [
-          pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
-          pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
-        ];
-
-      };
-    };
-
-    services = {
-      jellyfin = {
-        enable = true;
-        openFirewall = true;
-
-        user = "jellyfin";
-        group = "storage";
-      };
-    };
-
-    networking = {
-      firewall.allowedTCPPorts = [ 8096 ];
-    };
-
-    environment.systemPackages = [
-      pkgs.jellyfin
-      pkgs.jellyfin-web
-      pkgs.jellyfin-ffmpeg
-    ];
-  };
-}

hosts/manatee/modules/komga/default.nix

@@ -1,28 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.komga.enable;
-in
-{
-  options = {
-    mod.komga = {
-      enable = lib.mkEnableOption "Enable komga module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    users.users.komga = {
-      isSystemUser = true;
-      group = "storage";
-    };
-
-    services.komga = {
-      enable = true;
-
-      user = "komga";
-      group = "storage";
-
-      settings.server.port = 8002;
-      openFirewall = true;
-    };
-  };
-}

hosts/manatee/modules/navidrome/default.nix

@@ -1,33 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-let
-  navidromeEnabled = config.mod.navidrome.enable;
-in
-{
-  options = {
-    mod.navidrome = {
-      enable = lib.mkEnableOption "Enable navidrome module";
-    };
-  };
-
-  config = {
-    services = lib.mkIf navidromeEnabled {
-      navidrome = {
-        enable = true;
-        openFirewall = true;
-
-        user = "navidrome";
-        group = "storage";
-        settings = {
-          Port = 4533;
-          Address = "0.0.0.0";
-          MusicFolder = "/mnt/media/public/music";
-        };
-      };
-    };
-  };
-}

hosts/manatee/modules/network/default.nix

@@ -1,50 +0,0 @@
-{ ... }:
-let
-  hostAddress = "192.168.50.203";
-in
-{
-  networking = {
-    hostName = "manatee";
-
-    # Required for asymmetric routing (sending replies out a different interface
-    # than the default route). Without this, the kernel drops the return traffic.
-    firewall.checkReversePath = "loose";
-
-    defaultGateway = "192.168.50.1";
-    nameservers = [ "1.1.1.1" ];
-    interfaces = {
-      enp3s0 = {
-        useDHCP = false;
-        ipv4 = {
-          addresses = [
-            {
-              address = hostAddress;
-              prefixLength = 24;
-            }
-          ];
-        };
-
-        ipv4.routes = [
-          {
-            address = "0.0.0.0";
-            prefixLength = 0;
-            via = "192.168.50.1"; # Router
-            options = {
-              table = "100";
-            };
-          }
-        ];
-      };
-    };
-
-    localCommands = ''
-      # Ensure local LAN traffic uses the main table, e.g. responds to the local machine
-      ip rule list | grep -q "192.168.50.0/24 lookup main" || \
-      ip rule add to 192.168.50.0/24 lookup main priority 4999
-
-      # All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
-      ip rule list | grep -q "from ${hostAddress} lookup 100" || \
-      ip rule add from ${hostAddress} lookup 100 priority 5000
-    '';
-  };
-}

hosts/manatee/modules/nginx/default.nix

@@ -1,28 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.nginx.enable;
-in
-{
-  options = {
-    mod.nginx = {
-      enable = lib.mkEnableOption "Enable nginx module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    services = {
-      nginx = {
-        enable = true;
-
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 443 ];
-      };
-    };
-  };
-}

hosts/manatee/modules/ssh/default.nix

@@ -1,119 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  enabled = config.mod.ssh.enable;
-
-  authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
-  rootSSHKeyPath = "/etc/ssh";
-in
-{
-  options = {
-    mod.ssh = {
-      enable = lib.mkEnableOption "enable ssh module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    home-manager.users.alex = {
-      programs.ssh = {
-        enable = true;
-
-        matchBlocks = {
-          "git.ppp.pm" = {
-            hostname = "git.ppp.pm";
-            identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
-          };
-
-          "*" = {
-            forwardAgent = false;
-            addKeysToAgent = "no";
-            compression = false;
-            serverAliveInterval = 0;
-            serverAliveCountMax = 3;
-            hashKnownHosts = false;
-            userKnownHostsFile = "~/.ssh/known_hosts";
-            controlMaster = "no";
-            controlPath = "~/.ssh/master-%r@%n:%p";
-            controlPersist = "no";
-          };
-        };
-      };
-    };
-
-    environment.etc."ssh/authorized_keys_command" = {
-      mode = "0755";
-      text = ''
-        #!${pkgs.bash}/bin/bash
-        for file in ${authorizedKeysPath}/*; do
-          ${pkgs.coreutils}/bin/cat "$file"
-        done
-      '';
-    };
-
-    services = {
-      openssh = {
-        enable = true;
-        ports = [ 1122 ];
-
-        hostKeys = [
-          {
-            path = "${rootSSHKeyPath}/root.manatee";
-            type = "ed25519";
-          }
-        ];
-
-        settings = {
-          PasswordAuthentication = false;
-          KbdInteractiveAuthentication = false;
-        };
-
-        authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
-        authorizedKeysCommandUser = "root";
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 1122 ];
-      };
-    };
-
-    age.secrets = {
-      "root.manatee" = {
-        file = ../../../../secrets/manatee/root.manatee.age;
-        path = "${rootSSHKeyPath}/root.manatee";
-      };
-      "root.manatee.pub" = {
-        file = ../../../../secrets/manatee/root.manatee.pub.age;
-        path = "${rootSSHKeyPath}/root.manatee.pub";
-      };
-
-      "alex.pinwheel-manatee.pub" = {
-        file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
-        path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
-      };
-
-      "alex.backwards-manatee.pub" = {
-        file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
-        path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
-      };
-
-      "alex.manatee-git.ppp.pm" = {
-        file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
-        path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
-        owner = "alex";
-        group = "users";
-      };
-      "alex.manatee-git.ppp.pm.pub" = {
-        file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
-        path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
-        owner = "alex";
-        group = "users";
-      };
-    };
-  };
-}

hosts/manatee/modules/syncthing/default.nix

@@ -1,61 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.syncthing.enable;
-in
-{
-  options = {
-    mod.syncthing = {
-      enable = lib.mkEnableOption "Enable syncthing module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    services.syncthing = {
-      enable = true;
-
-      cert = config.age.secrets.syncthing-cert.path;
-      key = config.age.secrets.syncthing-key.path;
-
-      user = "storage";
-      group = "storage";
-
-      dataDir = "/mnt/sync/public";
-
-      guiAddress = "0.0.0.0:8384";
-
-      settings = {
-        gui = {
-          user = "syncthing";
-          password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
-          insecureSkipHostcheck = false;
-        };
-
-        devices = {
-          pinwheel.id = config.lib.syncthing.pinwheel;
-        };
-
-        folders = {
-          org = {
-            path = "/mnt/sync/public/org";
-            devices = [
-              "pinwheel"
-            ];
-            versioning = {
-              type = "staggered";
-              params = {
-                maxage = "2592000"; # 30 days
-              };
-            };
-          };
-        };
-      };
-    };
-
-    age = {
-      secrets = {
-        "syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
-        "syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
-      };
-    };
-  };
-}

hosts/manatee/modules/tailscale/default.nix

@@ -1,11 +0,0 @@
-{ ... }:
-{
-  # If an exit node is used, set:
-  # tailscale set --exit-node-allow-lan-access
-  services.tailscale.enable = true;
-
-  networking.firewall = {
-    checkReversePath = "loose";
-    allowedUDPPorts = [ 41641 ];
-  };
-}

hosts/pinwheel/configuration.nix

@@ -17,10 +17,7 @@
   users.users.alex = {
     isNormalUser = true;
     description = "alex";
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-    ];
+    extraGroups = [ "wheel" ];
   };
 
   environment.systemPackages = with pkgs; [

hosts/pinwheel/home.nix

@@ -14,19 +14,17 @@
         home.homeDirectory = "/home/alex";
 
         home.packages = [
-          inputs.whib-backend.packages.${pkgs.stdenv.hostPlatform.system}.whib-import
-          # pkgs.beekeeper-studio
+          inputs.whib-backend.packages.${pkgs.system}.whib-import
+          pkgs.beekeeper-studio
           pkgs.bitwarden-desktop
           pkgs.gimp
           pkgs.zip
-          pkgs.unzip
           pkgs.unar
           pkgs.jq
           pkgs.dbeaver-bin
           pkgs.htop
-          pkgs.onlyoffice-desktopeditors
+          pkgs.onlyoffice-bin
           pkgs.wdisplays
-          pkgs.vlc
         ];
 
         home.stateVersion = "23.05";

hosts/pinwheel/modules/age/default.nix

@@ -11,7 +11,7 @@
     };
 
     environment.systemPackages = [
-      inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
+      inputs.agenix.packages."${pkgs.system}".default
     ];
   };
 }

hosts/pinwheel/modules/colors/default.nix

@@ -3,7 +3,7 @@
     colors = {
       foreground = "bd93f9";
       foreground-dim = "644294";
-      background = "1E1E2F";
+      background = "1E2029";
 
       gray = "3a3a3a";
       warning = "ff6969";

hosts/pinwheel/modules/default.nix

@@ -33,7 +33,6 @@ in
       rust.enable = true;
       scala.enable = true;
       python.enable = true;
-      gleam.enable = true;
 
       keyboard.enable = true;
       containers = {

hosts/pinwheel/modules/dunst/default.nix

@@ -7,6 +7,8 @@
       settings = {
         global = {
           monitor = 1;
+          width = 300;
+          height = 300;
           offset = "10x10";
           origin = "top-right";
           transparency = 10;

hosts/pinwheel/modules/emacs/config.org

@@ -479,34 +479,7 @@ Setup prefix for keybindings.
 
 * Flycheck
 #+BEGIN_SRC emacs-lisp
-  (use-package flycheck
-    :preface
-    (defun mp-flycheck-eldoc (callback &rest _ignored)
-      "Print flycheck messages at point by calling CALLBACK."
-      (when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
-        (mapc
-         (lambda (err)
-           (funcall callback
-             (format "%s: %s"
-                     (let ((level (flycheck-error-level err)))
-                       (pcase level
-                         ('info (propertize "I" 'face 'flycheck-error-list-info))
-                         ('error (propertize "E" 'face 'flycheck-error-list-error))
-                         ('warning (propertize "W" 'face 'flycheck-error-list-warning))
-                         (_ level)))
-                     (flycheck-error-message err))
-             :thing (or (flycheck-error-id err)
-                        (flycheck-error-group err))
-             :face 'font-lock-doc-face))
-         flycheck-errors)))
-
-    (defun mp-flycheck-prefer-eldoc ()
-      (add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
-      (setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
-      (setq flycheck-display-errors-function nil)
-      (setq flycheck-help-echo-function nil))
-
-    :hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
+  (use-package flycheck)
 
   (use-package flycheck-eglot
     :after (flycheck eglot)
@@ -530,12 +503,6 @@ Setup prefix for keybindings.
         (add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
 
   (use-package eglot
-    :preface
-    (defun mp-eglot-eldoc ()
-  	(setq eldoc-echo-area-use-multiline-p nil)
-      (setq eldoc-documentation-strategy
-        'eldoc-documentation-compose-eagerly))
-
     :config
     (add-to-list 'eglot-server-programs
       '(scala-mode .
@@ -544,9 +511,6 @@ Setup prefix for keybindings.
     (add-to-list 'eglot-server-programs
        '(nix-mode . ("nixd")))
 
-    (add-to-list 'eglot-server-programs
-      '(gleam-ts-mode . ("gleam" "lsp")))
-
     (setq-default eglot-workspace-configuration
       '(
         :metals (
@@ -556,7 +520,6 @@ Setup prefix for keybindings.
     )
 
     :hook (
-           (eglot-managed-mode . mp-eglot-eldoc)
            (go-mode . eglot-ensure)
            (go-mode . alex/organize-imports-on-save)
            (go-mode . alex/format-on-save)
@@ -566,9 +529,6 @@ Setup prefix for keybindings.
            (nix-mode . eglot-ensure)
            (nix-mode . alex/format-on-save)
 
-           (gleam-ts-mode . eglot-ensure)
-           (gleam-ts-mode . alex/format-on-save)
-
            (python-mode . eglot-ensure)
            (javascript-mode . eglot-ensure)
            (js-mode . eglot-ensure)
@@ -589,6 +549,13 @@ Setup prefix for keybindings.
     :after eglot
     :config (eglot-booster-mode))
 #+END_SRC
+** Eldoc-box
+#+BEGIN_SRC emacs-lisp
+  (use-package eldoc-box
+    :after eglot
+    :bind (:map eglot-mode-map
+              ("M-h" . eldoc-box-help-at-point)))
+#+END_SRC
 ** Go
 #+BEGIN_SRC emacs-lisp
   (use-package go-mode
@@ -606,12 +573,6 @@ Setup prefix for keybindings.
     )
   )
 #+END_SRC
-** Gleam
-#+BEGIN_SRC emacs-lisp
-  (use-package gleam-ts-mode
-    :mode "\\.gleam\\'"
-  )
-#+END_SRC
 ** YAML
 #+BEGIN_SRC emacs-lisp
   (use-package yaml-mode
@@ -643,8 +604,7 @@ Setup prefix for keybindings.
 #+BEGIN_SRC emacs-lisp
   (setq
    js-indent-level 2
-   js2-basic-offset 2
-   indent-tabs-mode nil)
+   js2-basic-offset 2)
 
   (add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode))
 #+END_SRC

hosts/pinwheel/modules/firefox/default.nix

@@ -29,14 +29,14 @@ let
   ff = pkgs.writeShellApplication {
     name = "ff";
     text = ''
-      ${wrapped}/bin/firefox-devedition --ProfileManager
+      ${wrapped}/bin/firefox --ProfileManager
     '';
   };
 
   ff-alex = pkgs.writeShellApplication {
     name = "ff-alex";
     text = ''
-      ${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
+      ${wrapped}/bin/firefox -P alex --new-window "$@"
     '';
   };
 

hosts/pinwheel/modules/fonts/default.nix

@@ -3,8 +3,8 @@
   fonts.packages = [
     pkgs.noto-fonts
     pkgs.noto-fonts-cjk-sans
-    pkgs.noto-fonts-color-emoji
-    pkgs.nerd-fonts.jetbrains-mono
+    pkgs.noto-fonts-emoji
+    pkgs.nerdfonts
     pkgs.liberation_ttf
   ];
 }

hosts/pinwheel/modules/fzf/default.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 {
   home-manager.users.alex = {
     programs.fzf = {

hosts/pinwheel/modules/git/default.nix

@@ -23,7 +23,7 @@ in
           { path = ./gitconfig; }
         ];
 
-        settings = {
+        extraConfig = {
           rerere.enable = true;
         };
       };

hosts/pinwheel/modules/git/gitconfig

@@ -5,5 +5,8 @@
 [url "git@github.com:"]
     insteadOf = https://github.com/
 
+[url "git@codeberg.org:"]
+    insteadOf = https://codeberg.org/
+
 [url "gitea@git.ppp.pm:"]
     insteadOf = https://git.ppp.pm/

hosts/pinwheel/modules/gleam/default.nix

@@ -1,25 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  enabled = config.mod.gleam.enable;
-in
-{
-  options = {
-    mod.gleam = {
-      enable = lib.mkEnableOption "enable gleam module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    home-manager.users.alex = {
-      home.packages = [
-        pkgs.gleam
-        pkgs.erlang
-      ];
-    };
-  };
-}

hosts/pinwheel/modules/go/default.nix

@@ -15,14 +15,26 @@ in
   };
 
   config = lib.mkIf enabled {
+    nixpkgs.overlays =
+      let
+        buildGo122 = pkgs: pkg: pkg.override { buildGoModule = pkgs.buildGo122Module; };
+      in
+      [
+        (final: prev: {
+          go = prev.go_1_22;
+          gopls = buildGo122 prev prev.gopls;
+          go-tools = buildGo122 prev prev.go-tools;
+          govulncheck = buildGo122 prev prev.govulncheck;
+          gotestsum = buildGo122 prev prev.gotestsum;
+        })
+      ];
+
     home-manager.users.alex = {
       programs.go = {
         enable = true;
 
         package = pkgs.go;
-        env = {
-          GOPATH = "/home/alex/code/go";
-        };
+        goPath = "code/go";
       };
 
       home.packages = [

hosts/pinwheel/modules/hyprland/default.nix

@@ -1,5 +1,4 @@
 {
-  inputs,
   pkgs,
   lib,
   config,
@@ -16,31 +15,21 @@ in
   };
 
   config = lib.mkIf enabled {
-    programs.hyprland = {
-      enable = true;
-      package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
-      portalPackage =
-        inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
-
-      xwayland = {
-        enable = true;
-      };
-    };
-
     home-manager.users.alex = {
       wayland.windowManager.hyprland = {
         enable = true;
 
+        xwayland = {
+          enable = true;
+        };
+
         extraConfig = ''
           exec-once=waybar
-          exec-once=hyprctl setcursor Adwaita 24
 
           env = GDK_DPI_SCALE,1.5
-          env = HYPRCURSOR_THEME,Adwaita
-          env = HYPRCURSOR_SIZE,24
+          env = XCURSOR_SIZE,64
 
-          monitor=eDP-1, 1920x1200, auto-center-down, 1
-          monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
+          monitor=eDP-1, 1920x1200, 0x0, 1
 
           workspace = 1, monitor:HDMI-A-1
           workspace = 2, monitor:HDMI-A-1
@@ -53,13 +42,6 @@ in
           workspace = 9, monitor:eDP-1
           workspace = 10, monitor:eDP-1
 
-          workspace = w[tv1], gapsout:0, gapsin:0
-          workspace = f[1], gapsout:0, gapsin:0
-          windowrule = border_size 0, match:float 0, match:workspace w[tv1]
-          windowrule = rounding 0, match:float 0, match:workspace w[tv1]
-          windowrule = border_size 0, match:float 0, match:workspace f[1]
-          windowrule = rounding 0, match:float 0, match:workspace f[1]
-
           exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
         '';
 
@@ -102,6 +84,7 @@ in
 
           dwindle = {
             force_split = 2;
+            no_gaps_when_only = 1;
           };
 
           bind =
@@ -189,6 +172,87 @@ in
     # openGL is needed for wayland/hyprland
     hardware.graphics.enable = true;
 
-    boot.kernelParams = [ "i915.enable_psr=0" ];
+    systemd.user.services.hyprland-monitors = {
+      # systemctl --user restart hyprland-monitors.service
+      # journalctl --user -u hyprland-monitors.service -e -f
+      unitConfig = {
+        Description = "handles hyprland monitor connect/disconnect";
+      };
+
+      wantedBy = [ "graphical-session.target" ];
+      requires = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+
+      path = [
+        pkgs.coreutils # to include `cat`
+        pkgs.waybar
+        pkgs.hyprland
+        pkgs.socat
+        pkgs.jq
+        pkgs.bc
+        pkgs.libnotify
+      ];
+
+      script =
+        let
+          moveWSToMonitor =
+            monitor: first: last:
+            if last < first then
+              throw "'first' has to be less than or equal to 'last'"
+            else
+              builtins.genList (
+                n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}"
+              ) (last - first + 1);
+
+          external = moveWSToMonitor "HDMI-A-1" 1 5;
+          internal = moveWSToMonitor "eDPI-1" 6 10;
+          onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
+        in
+        ''
+          update() {
+            HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
+
+            INTERNAL_WIDTH=1920
+            INTERNAL_HEIGHT=1200
+
+            if [ $HDMI_STATUS = "connected" ]; then
+              notify-send "Using external and laptop monitor"
+
+              hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
+
+              HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
+              HDMI_WIDTH=$(echo $HDMI | jq .width)
+              HDMI_HEIGHT=$(echo $HDMI | jq .height)
+
+              INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
+              if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
+              INTERNAL_POS_Y=$HDMI_HEIGHT
+
+              hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
+              hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
+            else
+              notify-send "Using only laptop monitor"
+
+              hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
+              hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
+            fi
+          }
+
+          handle() {
+            case $1 in
+              monitoradded\>\>*|monitorremoved\>\>*)
+                echo "handling event: \"$1\""
+                update ;;
+            esac
+          }
+
+          echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
+
+          # Do initial configuration
+          update
+
+          socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
+        '';
+    };
   };
 }

hosts/pinwheel/modules/network/default.nix

@@ -1,22 +1,21 @@
-{ pkgs, ... }:
 {
-  home-manager = {
-    users.alex = {
-      home.packages = [ pkgs.networkmanager ];
-    };
-  };
+  services.connman = {
+    enable = true;
 
-  networking = {
-    wireless.enable = false; # Wireless is managed by networkmanager
-
-    networkmanager = {
-      enable = true;
-
-      wifi = {
-        backend = "iwd";
-      };
+    wifi = {
+      backend = "iwd";
     };
 
+    networkInterfaceBlacklist = [
+      "vmnet"
+      "vboxnet"
+      "virbr"
+      "ifb"
+      "ve"
+      "docker"
+      "br-"
+      "wg-"
+    ];
   };
 
   networking = {

hosts/pinwheel/modules/openvpn/default.nix

@@ -18,12 +18,13 @@ in
     home-manager.users.alex = {
       home.packages = [
         pkgs.openvpn
+        pkgs.update-systemd-resolved
       ];
     };
 
     services.resolved = {
-      enable = true;
-      dnssec = "false";
+      enable = false;
+      dnssec = "true";
       domains = [ "~." ];
       fallbackDns = [
         "1.1.1.1#one.one.one.one"

hosts/pinwheel/modules/screenshot/default.nix

@@ -8,7 +8,7 @@
 let
   hyprlandEnabled = config.mod.hyprland.enable;
 
-  grimblast = inputs.hyprland-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast;
+  grimblast = inputs.hyprland-contrib.packages.${pkgs.system}.grimblast;
   area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area";
   screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output";
 in

hosts/pinwheel/modules/sound/default.nix

@@ -10,7 +10,7 @@ in
 {
   users.users.alex.extraGroups = [ "audio" ];
 
-  services.pulseaudio.enable = false;
+  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
 
   services.pipewire = {

hosts/pinwheel/modules/spotify/default.nix

@@ -1,5 +1,4 @@
 {
-  inputs,
   pkgs,
   lib,
   config,
@@ -14,18 +13,18 @@ in
       settings = {
         bind =
           let
-            prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous";
-            next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next";
+            prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
+            next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
           in
           [
             ", XF86AudioPrev, exec, ${prev}"
             ", XF86AudioNext, exec, ${next}"
-            ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
-            ", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause"
+            ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
+            ", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
 
             "$mod ALT, LEFT, exec, ${prev}"
             "$mod ALT, RIGHT, exec, ${next}"
-            "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
+            "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
           ];
       };
     };
@@ -33,7 +32,6 @@ in
     home.packages = [
       pkgs.playerctl
       pkgs.spotify
-      inputs.naviterm.packages.${pkgs.stdenv.hostPlatform.system}.default
     ];
   };
 

hosts/pinwheel/modules/ssh/default.nix

@@ -5,13 +5,6 @@
       enable = true;
 
       matchBlocks = {
-        "manatee" = {
-          hostname = "manatee";
-          user = "alex";
-          identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
-          port = 1122;
-        };
-
         "backwards" = {
           hostname = "backwards";
           user = "alex";
@@ -19,6 +12,12 @@
           port = 1122;
         };
 
+        "andromeda" = {
+          hostname = "andromeda.a2x.se";
+          user = "alex";
+          identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
+        };
+
         "tadpole" = {
           hostname = "65.21.106.222";
           user = "alex";
@@ -31,23 +30,15 @@
           identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
         };
 
+        "codeberg.org" = {
+          hostname = "codeberg.org";
+          identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
+        };
+
         "git.ppp.pm" = {
           hostname = "git.ppp.pm";
           identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
         };
-
-        "*" = {
-          forwardAgent = false;
-          addKeysToAgent = "no";
-          compression = false;
-          serverAliveInterval = 0;
-          serverAliveCountMax = 3;
-          hashKnownHosts = false;
-          userKnownHostsFile = "~/.ssh/known_hosts";
-          controlMaster = "no";
-          controlPath = "~/.ssh/master-%r@%n:%p";
-          controlPersist = "no";
-        };
       };
     };
 
@@ -55,19 +46,6 @@
   };
 
   age.secrets = {
-    "alex.pinwheel-manatee" = {
-      file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
-      path = "/home/alex/.ssh/alex.pinwheel-manatee";
-      owner = "alex";
-      group = "users";
-    };
-    "alex.pinwheel-manatee.pub" = {
-      file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
-      path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
-      owner = "alex";
-      group = "users";
-    };
-
     "alex.pinwheel-backwards" = {
       file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
       path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -94,6 +72,19 @@
       group = "users";
     };
 
+    "alex.pinwheel-codeberg.org" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
+      path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
+      owner = "alex";
+      group = "users";
+    };
+    "alex.pinwheel-codeberg.org.pub" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
+      path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
+      owner = "alex";
+      group = "users";
+    };
+
     "alex.pinwheel-git.ppp.pm" = {
       file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
       path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -107,6 +98,19 @@
       group = "users";
     };
 
+    "alex.pinwheel-andromeda" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
+      path = "/home/alex/.ssh/alex.pinwheel-andromeda";
+      owner = "alex";
+      group = "users";
+    };
+    "alex.pinwheel-andromeda.pub" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
+      path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
+      owner = "alex";
+      group = "users";
+    };
+
     "alex.pinwheel-tadpole" = {
       file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
       path = "/home/alex/.ssh/alex.pinwheel-tadpole";

hosts/pinwheel/modules/syncthing/default.nix

@@ -16,7 +16,6 @@
       devices = {
         phone.id = config.lib.syncthing.phone;
         backwards.id = config.lib.syncthing.backwards;
-        manatee.id = config.lib.syncthing.manatee;
       };
 
       folders = {
@@ -25,7 +24,6 @@
           devices = [
             "phone"
             "backwards"
-            "manatee"
           ];
           versioning = {
             type = "staggered";
@@ -58,7 +56,7 @@
         };
 
         books = {
-          path = "/home/alex/sync/reading-material/books";
+          path = "/home/alex/sync/books";
           devices = [ "backwards" ];
           versioning = {
             type = "staggered";

hosts/pinwheel/modules/vim/default.nix

@@ -18,7 +18,7 @@ in
     };
 
     programs.git = lib.mkIf gitEnabled {
-      settings = {
+      extraConfig = {
         core = {
           editor = "vim";
         };

hosts/pinwheel/modules/vm/default.nix

@@ -17,10 +17,7 @@ in
   config = lib.mkIf enabled {
     virtualisation = {
       spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM
-      libvirtd = {
-        enable = true;
-        qemu.vhostUserPackages = [ pkgs.virtiofsd ];
-      };
+      libvirtd.enable = true;
     };
 
     users.users.alex = {

hosts/pinwheel/modules/waybar/default.nix

@@ -7,14 +7,14 @@
 let
   hyprlandEnabled = config.mod.hyprland.enable;
 
-  music-status = pkgs.writeShellScript "music-status" ''
-    STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1)
+  spotify-status = pkgs.writeShellScript "spotify-status" ''
+    STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1)
 
     if [ "$STATUS" = "No players found" ]; then
       echo ""
     else
       FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
-      OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT")
+      OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT")
       case "$STATUS" in
         "Playing")
           echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -85,25 +85,11 @@ let
   '';
 
   work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
-    ACTIVE_ENVS=""
+    STAGING=$(systemctl is-active openvpn-work-staging.service)
+    [ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
 
-    STAGING_STATUS=$(systemctl is-active openvpn-work-staging.service)
-    if [ "$STAGING_STATUS" == "active" ]; then
-        ACTIVE_ENVS="S"
-    fi
-
-    PRODUCTION_STATUS=$(systemctl is-active openvpn-work-production.service)
-    if [ "$PRODUCTION_STATUS" == "active" ]; then
-        if [ -n "$ACTIVE_ENVS" ]; then
-            ACTIVE_ENVS="$ACTIVE_ENVS&amp;P"
-        else
-            ACTIVE_ENVS="P"
-        fi
-    fi
-
-    if [ -n "$ACTIVE_ENVS" ]; then
-        echo "WORK-VPN $ACTIVE_ENVS ON"
-    fi
+    PRODUCTION=$(systemctl is-active openvpn-work-production.service)
+    [ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0
   '';
 
   toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''
@@ -140,7 +126,7 @@ in
           modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
           modules-right = [
             "custom/work-vpn-status"
-            "custom/music"
+            "custom/spotify"
             "custom/container-status"
             "custom/dunst"
             "bluetooth"
@@ -156,8 +142,8 @@ in
             interval = 2;
           };
 
-          "custom/music" = {
-            exec = music-status;
+          "custom/spotify" = {
+            exec = spotify-status;
             interval = 2;
             max-length = 70;
             tooltip = false;
@@ -236,10 +222,7 @@ in
           height = 30;
           spacing = 20;
           fixed-center = false;
-          output = [
-            "HDMI-A-1"
-            "DP-3"
-          ];
+          output = [ "HDMI-A-1" ];
 
           modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
           modules-right = [

hosts/pinwheel/modules/work/default.nix

@@ -1,5 +1,4 @@
 {
-  inputs,
   pkgs,
   lib,
   config,
@@ -18,15 +17,10 @@ in
     };
 
     home.packages = [
-      # (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; })
-      # (pkgs.callPackage ./syb-cli.nix { })
-
-      (inputs.nix-jetbrains-plugins.lib."${pkgs.stdenv.hostPlatform.system}".buildIdeWithPlugins
-        pkgs.jetbrains
-        "idea"
-        [ "IdeaVIM" ]
-      )
+      # (pkgs.callPackage ./pants.nix { inherit (pkgs) system; })
+      (pkgs.callPackage ./syb-cli.nix { })
 
+      (pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
       (pkgs.google-cloud-sdk.withExtraComponents [
         pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
       ])
@@ -39,23 +33,10 @@ in
       # for `radio`
       pkgs.go-mockery
       pkgs.golangci-lint
-
-      (pkgs.writeShellScriptBin "work-vpn" ''
-        case $1 in
-          up)
-            sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
-            ;;
-          down)
-            sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
-            ;;
-        esac
-      '')
     ];
 
     programs.go = lib.mkIf goEnabled {
-      env = {
-        GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
-      };
+      goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
     };
 
     programs.git = lib.mkIf gitEnabled {

hosts/pinwheel/modules/zsh/default.nix

@@ -54,7 +54,7 @@ in
           }
         ];
 
-        initContent = lib.strings.concatStringsSep "\n" [
+        initExtra = lib.strings.concatStringsSep "\n" [
           "export KEYTIMEOUT=1"
           "bindkey -v '^?' backward-delete-char"
           "bindkey '^a' beginning-of-line"

hosts/tadpole/modules/age/default.nix

@@ -8,7 +8,7 @@
     };
 
     environment.systemPackages = [
-      inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
+      inputs.agenix.packages."${pkgs.system}".default
     ];
   };
 }

hosts/tadpole/modules/certs/default.nix

@@ -17,21 +17,6 @@
         webroot = "/var/lib/acme/acme-challenge/";
         group = "nginx";
       };
-
-      "whib.ppp.pm" = {
-        webroot = "/var/lib/acme/acme-challenge/";
-        group = "nginx";
-      };
-
-      "api.whib.ppp.pm" = {
-        webroot = "/var/lib/acme/acme-challenge/";
-        group = "nginx";
-      };
-
-      "grafana.whib.ppp.pm" = {
-        webroot = "/var/lib/acme/acme-challenge/";
-        group = "nginx";
-      };
     };
   };
 }

hosts/tadpole/modules/default.nix

@@ -22,8 +22,6 @@ in
       };
 
       pppdotpm-site.enable = true;
-      whib-backend.enable = true;
-      whib-frontend.enable = true;
     };
   };
 }

hosts/tadpole/modules/gitea/default.nix

@@ -7,6 +7,8 @@
 let
   conf = config.mod.gitea;
   gitDomain = "git.${conf.baseDomain}";
+
+  nginxEnable = config.mod.nginx.enable;
 in
 {
   options = {
@@ -35,12 +37,8 @@ in
     };
   };
 
-  config = lib.mkIf conf.enable {
+  config = lib.mkIf (conf.enable && nginxEnable) {
     assertions = [
-      {
-        assertion = config.services.nginx.enable;
-        message = "Option 'config.services.nginx' must be enabled";
-      }
       {
         assertion = conf.baseDomain != "";
         message = "Option 'mod.gitea.baseDomain' cannot be empty";
@@ -64,11 +62,6 @@ in
           ROOT_URL = "https://${gitDomain}";
 
           SSH_PORT = 1122; # see `ssh` module
-          HTTP_PORT = 3001;
-        };
-
-        oauth2 = {
-          JWT_CLAIM_ISSUER = "https://${gitDomain}/";
         };
 
         database = {
@@ -128,7 +121,7 @@ in
         useACMEHost = gitDomain;
 
         locations."/" = {
-          proxyPass = "http://0.0.0.0:3001";
+          proxyPass = "http://0.0.0.0:3000";
           proxyWebsockets = true;
         };
       };

hosts/tadpole/modules/ppp.pm-site/default.nix

@@ -6,6 +6,8 @@
 }:
 let
   enabled = config.mod.pppdotpm-site.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
 in
 {
   imports = [ inputs.pppdotpm-site.nixosModules.default ];
@@ -16,14 +18,7 @@ in
     };
   };
 
-  config = lib.mkIf enabled {
-    assertions = [
-      {
-        assertion = config.services.nginx.enable;
-        message = "Option 'config.services.nginx' must be enabled";
-      }
-    ];
-
+  config = lib.mkIf (enabled && nginxEnabled) {
     services.pppdotpm-site = {
       enable = true;
       domain = "ppp.pm";

hosts/tadpole/modules/ssh/default.nix

@@ -28,17 +28,9 @@ in
             identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
           };
 
-          "*" = {
-            forwardAgent = false;
-            addKeysToAgent = "no";
-            compression = false;
-            serverAliveInterval = 0;
-            serverAliveCountMax = 3;
-            hashKnownHosts = false;
-            userKnownHostsFile = "~/.ssh/known_hosts";
-            controlMaster = "no";
-            controlPath = "~/.ssh/master-%r@%n:%p";
-            controlPersist = "no";
+          "codeberg.org" = {
+            hostname = "codeberg.org";
+            identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
           };
         };
       };
@@ -109,6 +101,19 @@ in
         owner = "alex";
         group = "users";
       };
+
+      "alex.tadpole-codeberg.org" = {
+        file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
+        path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
+        owner = "alex";
+        group = "users";
+      };
+      "alex.tadpole-codeberg.org.pub" = {
+        file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
+        path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
+        owner = "alex";
+        group = "users";
+      };
     };
   };
 }

hosts/tadpole/modules/whib/default.nix

@@ -1,79 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}:
-let
-  backendEnabled = config.mod.whib-backend.enable;
-  frontendEnabled = config.mod.whib-frontend.enable;
-in
-{
-  options = {
-    mod.whib-backend = {
-      enable = lib.mkEnableOption "enable WHIB backend";
-    };
-
-    mod.whib-frontend = {
-      enable = lib.mkEnableOption "enable WHIB frontend";
-    };
-  };
-
-  config = {
-    assertions = [
-      {
-        assertion = backendEnabled && config.services.nginx.enable;
-        message = "Option 'config.services.nginx' must be enabled";
-      }
-    ];
-
-    services = {
-      whib-backend = lib.mkIf backendEnabled {
-        enable = true;
-
-        backend = {
-          domain = "api.whib.ppp.pm";
-          useACMEHost = "api.whib.ppp.pm";
-
-          environmentFile = config.age.secrets.whib-backend-env-vars.path;
-        };
-
-        postgres = {
-          environmentFile = config.age.secrets.whib-postgres-env-vars.path;
-
-          backup = {
-            interval = "*-*-* 00:00:00 UTC";
-
-            environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
-            gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
-          };
-        };
-
-        grafana = {
-          domain = "grafana.whib.ppp.pm";
-          useACMEHost = "grafana.whib.ppp.pm";
-
-          environmentFile = config.age.secrets.whib-grafana-env-vars.path;
-        };
-      };
-
-      whib-frontend = lib.mkIf frontendEnabled {
-        enable = true;
-
-        domain = "whib.ppp.pm";
-        useACMEHost = "whib.ppp.pm";
-        backendHost = "https://api.whib.ppp.pm";
-      };
-    };
-
-    age.secrets = {
-      "whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
-      "whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;
-
-      "whib-postgres-backup-env-vars".file =
-        ../../../../secrets/tadpole/whib-postgres-backup-env-vars.age;
-      "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
-
-      "whib-grafana-env-vars".file = ../../../../secrets/tadpole/whib-grafana-env-vars.age;
-    };
-  };
-}

hosts/test-vm/configuration.nix

@@ -3,7 +3,6 @@
   imports = [
     ./ppp.pm-site.nix
     ./whib-backend.nix
-    ./whib-frontend.nix
   ];
 
   config = {
@@ -14,7 +13,6 @@
     mod = {
       pppdotpm-site.enable = false;
       whib-backend.enable = true;
-      whib-frontend.enable = true;
     };
 
     users.users.a = {
@@ -26,9 +24,9 @@
     security.sudo.wheelNeedsPassword = false;
 
     virtualisation.vmVariant = {
-      # following configuration is added only when building VM the *first* time with `build-vm`
+      # following configuration is added only when building VM with build-vm
       virtualisation = {
-        diskSize = 8192;
+        diskSize = 4096;
         memorySize = 2048;
         cores = 3;
         graphics = false;
@@ -38,8 +36,6 @@
     # Resize terminal to host terminal size
     environment.loginShellInit = ''
       ${pkgs.xterm}/bin/resize
-
-      echo alias 'sd' can be used to shutdown the VM
     '';
 
     environment.interactiveShellInit = ''

hosts/test-vm/whib-backend.nix

@@ -1,5 +1,4 @@
 {
-  pkgs,
   lib,
   config,
   ...
@@ -15,68 +14,19 @@ in
   };
 
   config = lib.mkIf enabled {
-    services.whib-backend =
-      let
-        backendEnvVars = pkgs.writeText "backend-env-vars" ''
-          SIGNING_KEY=signingkey
-          POSTGRES_DB=whib
-          POSTGRES_USER=whib
-          POSTGRES_PASSWORD=pgpassword
-        '';
+    services.whib-backend = {
+      enable = true;
+      domain = "whib-backend.local";
 
-        postgresEnvVars = pkgs.writeText "postgres-env-vars" ''
-          POSTGRES_DB=whib
-          POSTGRES_USER=whib
-          POSTGRES_PASSWORD=pgpassword
-        '';
-
-        postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
-          PGDATABASE=whib
-          PGUSER=whib
-          PGPASSWORD=pgpassword
-          B2_BUCKET=a
-          B2_APPLICATION_KEY_ID=b
-          B2_APPLICATION_KEY=c
-        '';
-
-        gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
-          foobar
-        '';
-
-        grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
-          GF_SECURITY_ADMIN_PASSWORD=grafanapassword
-          GF_USERS_ALLOW_SIGN_UP=false
-        '';
-
-      in
-      {
-        enable = true;
-
-        backend = {
-          domain = "whib-backend.local";
-
-          environmentFile = backendEnvVars;
-        };
-
-        postgres = {
-          environmentFile = postgresEnvVars;
-
-          backup = {
-            interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
-
-            environmentFile = postgresBackupEnvVars;
-            gpgPassphraseFile = gpgPassphraseFile;
-
-          };
-        };
-
-        grafana = {
-          domain = "grafana.local";
-
-          environmentFile = grafanaEnvVars;
-        };
+      backend = {
+        signingKey = "super-secret-key";
       };
 
+      postgres = {
+        password = "postgrespassword";
+      };
+    };
+
     virtualisation.vmVariant = {
       virtualisation = {
         sharedDirectories = {
@@ -88,35 +38,15 @@ in
 
         forwardPorts = [
           {
-            # Service API
             from = "host";
             host.port = 8080;
             guest.port = 8080;
           }
           {
-            # Service Metrics
-            from = "host";
-            host.port = 8181;
-            guest.port = 8181;
-          }
-          {
-            # Postgres
             from = "host";
             host.port = 5432;
             guest.port = 5432;
           }
-          {
-            # Grafana
-            from = "host";
-            host.port = 3000;
-            guest.port = 3000;
-          }
-          {
-            # Prometheus
-            from = "host";
-            host.port = 9090;
-            guest.port = 9090;
-          }
         ];
       };
     };

hosts/test-vm/whib-frontend.nix

@@ -1,34 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.whib-frontend.enable;
-in
-{
-  options = {
-    mod.whib-frontend = {
-      enable = lib.mkEnableOption "enable WHIB backend";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    services.whib-frontend = {
-      enable = true;
-
-      domain = "whib-frontend.local";
-      port = "8081";
-      backendHost = "https://api.whib.ppp.pm/"; # "whib-backend.local";
-    };
-
-    virtualisation.vmVariant = {
-      virtualisation = {
-        forwardPorts = [
-          {
-            # Service API
-            from = "host";
-            host.port = 8081;
-            guest.port = 8081;
-          }
-        ];
-      };
-    };
-  };
-}

secrets/backwards/alex.backwards-codeberg.org.pub.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
+odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
+-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
+IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
+--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
+ ¦Ì\5çܤ‰}õyñÐáAý_J§

secrets/manatee/alex.manatee-git.ppp.pm.pub.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 wkRvNA NmI7zT9UKGRlh3wQIt61Xww4p4pHMf9dtbZjYoWZ8Uw
-f+zEnvRCRG5jg/jvJyhn7cDwNQiQdycS1MjbEnD64Tc
--> ssh-ed25519 +oNaHQ 73NC7E0ns+6Y5mSZFdlkPhZHWsqxe61CMnEqFEMZ90I
-hRfah4GDNd7Jcrfy0Xc6mGtTFGugm1R9EQTXWIQ3Dlo
---- nCgXbaJ4nU1ovuOTtD025pzEwmtr2svW2XXj+oqd49g
-©Éßâ—‹Õ.íý‹Q1pUv‚i@ÅÖyQ§h7ëˆn.r	•¿%ÖÖ"YLÕRmwÊ÷ÜŒ§ã‹$gÜñjâíϸ<C38F>§ßKYéÅ<>òïg&ÞMeˆwÝoÓä°ï¨¡ºêÝí*³½4W€8ìäÒ»Näÿn«@Qèìc^¬ý WÆ‹…Ï‹ñ8SÂ…À

secrets/manatee/hetzner-dns.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 wkRvNA mr8aDxrNmdcxT5BEXJ32Q4DckYKidh3zblrSm8GV3hg
-JngH+sfId8Z6SuXnQo9EQR0nw+y7LfdgYgI7SYisPL4
--> ssh-ed25519 +oNaHQ QI1+VLIa1sN8HSzBXoAGio7TcfxpGERw30uNlMCmejw
-m3+nrTwsAb/Fg1p9JCYnc7jS9uteMO3AbUtDbKP60Dk
---- etDNlalBL2SdgfFxIhDCAWXpXcSZr+BlCoTt6yIUiBQ
-èZw œ»ØÁëkáÂÎó4=UÉÜ:J
-ã–›½p#"ˆà^pŠî!KÚÔ
-¯’cŽC÷ô´cd¾·"g.óÒ¦ó¥_(ÄA% ¶Ýp<C39D>ÇÏGA2`CqÖPš¢<C5A1>P¾Ç$jåMººŒþ¾ƒ™_â

secrets/manatee/root.manatee.pub.age

@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 wkRvNA UqHbjXvBR0t5JDL698Ir+5Ea/8P12dlRwf8s8K4DLxU
-T4hCFBfgcGjX4bdcY3FAOAT+Y//gigh2wD+tulkzYg0
--> ssh-ed25519 +oNaHQ rYO/FGLizmtgBbaum8n7Ey/fxLLzBY+qdCGEGA2eglg
-wWzReIBthn3dm8yfSljaIkyTVcegNQBFyUbUyWRpryU
---- 4LIzUebAHUKqBwVaLPQntXiuj1hfyTvoRb9VusyQ01w
-ϪI<EFBFBD>k^éfèíL2²³Y‘‘΋Ki„ˆkRÍ;½ýO›ŒúÕª9î­.hA
-„Ã^õBl%Ì1Uñøy}YË0cÇ!vHÆ‹«ý­Ï½tjv†ß…ºAoE¡¤‚˜D¥Ø¬tCbòi5ä4ab[ïogìÃcá¤9´X@

secrets/manatee/syncthing-key.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 wkRvNA YbZzduvipUNKn6QnmQu9b/qFNLKXZ4rIykPEBUvvGGs
-aITJQ+ska4vfDL0Z7+wocYZYi5/QjodjHGJj7caE2+Q
--> ssh-ed25519 +oNaHQ s8fl+itCgMK/Hl621+xEdlXl3w1v+Zyx/XihIvh1ahk
-BuumBEu6B2Csxr2VRRagyPnF/T7Thoz1Fq9F/NIAa0o
---- /VPi7PCZNCHPL5dSS+QeSsZLUqBzJZygOWHKVYMyLIM
-Æ éƒqAˆsÔ	“x

secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 vxPbZg IKvbUY2e3wCrphoiFOKJYxyWvj4DjMlW1yv1VrZ/kBk
+8sS9cNUsb8NtPHD5iKx8dfcgKxLObcZDfWJohduWEl4
+-> ssh-ed25519 +oNaHQ nIY6nLvP+HIUlCumO/MxGoBGfutwfwv4zlvsLCuu2C8
+eFqY9TaVsYoKulu5e++WI1zYzoBinEVUJt/lDan+ttQ
+--- 67CbghCaK4yhjqH6vHEUzfeFth9PmX8h+qTKHocKGzk
+iFÞ0ƒV•5œ1²·‹7‰¡~w&Õ´>¨Žƒ1¶bƒ…Å化ÆgŽ«cì6Fb<46>snÁ5àhk6¥W?0Ô@­
+ûÞó³|CѼÄm<C384>ð›GÍ1‹.½

secrets/pinwheel/alex.pinwheel-manatee.pub.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 vxPbZg eRWhz6fZKuP5v5E16uZg6si0/vlp3FdzcWud0OfAV38
-9ipUEQuy7IZZRi5RtoiH5/f093YCicJ/3VpH0TC7lh4
--> ssh-ed25519 wkRvNA 938EBkoteypEXGVYII8KP1sm4fpN7MmasqN+lxW70DQ
-qt5DS5u1oCPvlOwO0DsoZp0OdEgZ/hRIJkD77c19Kts
--> ssh-ed25519 +oNaHQ LJSsvOsWwHm+JygGKZ31+IBLKPNadx1OvIcA4Zm34G8
-AtSUR73XCikmAovR8YidLDy7WqZhsvjozzZM82qLsQA
---- wDbiqcaXCRtSYx4qTqxFe8xn56J5ZkdtPrMs5Ba+4No
-‹dŸíð¿RM“E¡ìþÎ4¬\û`ŸûÎÄXì0€ú¤=‡¾’lå€.À3Ò¡Îd&`‡øC«Ö'×Ï¿½'¿~Ï+£˜Ü½0ÁŠ`Gaù©b‘ÎR,d›:¤èQ|Ñ”…ãôùæÅ}BÏIߪ#‹c™©L§Ë%ö¿eD¾Rpú™Û˜6

secrets/pinwheel/work-github-token.age

@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 vxPbZg kPlQg/h4GOsYY4xhXBt7tf3FKpRLKcCWJ++qzFyEW0U
-HPEO63dlU+IxFyRH11bBRDi0mCeW8CGgMChm6s62JHs
--> ssh-ed25519 +oNaHQ uVezQzhewJvvudpJHCqFDRikj/J4tJXN85ESjkXoJjU
-cGUGizHtXZ/d+vO9jVoURNC19vHo77rXq5Cnd4cRwUU
---- DtoPmQklXZeD4zDS/wJvQhx26S8kM2S64Rf9R+AlO2Y
-'—rû|j„±.ØÉ­ÛìŸ{ÈA–ª_4ž§qêMÿmE7¨“Ù¾š
+-> ssh-ed25519 vxPbZg Bmvy3//fQLVj/L4NPxOJ97lZi3mnr4JRYd4LMsQhZFo
+AUKgDUPbXxY9hdvw/p227xJs1zy97bZdzSq+dU8SvjI
+-> ssh-ed25519 +oNaHQ GLTMdsKIZZQBuTUQGfNvow1vawla7/MHIBHMzeIjp1w
+HcbCdXR0TkTe7MxctOubSCB00zc2LD8mmQsluhYxIMs
+--- jg1CbPpvJyFLXfpizH6ibgJ8Fil8lsxjpysOk2QOJks
+³¬W7Lõg)]¦©<C2A6>å<6;U‰Ð\îí ‘´ôE¬
+rÞã
‰A•Ñú'Õ8|ÝxXÊãèjÞœ¥=#TùήÕ§¥/

secrets/secrets.nix

@@ -1,7 +1,6 @@
 let
-  # see `<host>/modules/age/default.nix` where these are defined
+  # see `modules/age/default.nix` where these are defined
   pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel";
-  manatee = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqJi/Oml2s/2KBqzLrCF77YJKn36Gute8jaTCEkHEZN root.manatee";
   backwards = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTK3CUtTsgavuLlbfOqCbHYLtUrIKqnSqYmtzGCZnv root.backwards";
   tadpole = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbyj/vYafqpJH33jFz5HV+gwCiEIJTpxKrEFrBWx73A root@tadpole";
   alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTgiHYcdhS87pPnduLunZVEgLVj4EtbG9XVSZP1l5s5 alex";
@@ -9,14 +8,16 @@ in {
   "pinwheel/syncthing-cert.age".publicKeys = [ pinwheel alex ];
   "pinwheel/syncthing-key.age".publicKeys = [ pinwheel alex ];
   "pinwheel/tailscale-preferred-exit-node.age".publicKeys = [ pinwheel alex ];
-  "pinwheel/alex.pinwheel-manatee.age".publicKeys = [ pinwheel alex ];
-  "pinwheel/alex.pinwheel-manatee.pub.age".publicKeys = [ pinwheel manatee alex ];
   "pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ];
   "pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ];
   "pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-github.com.pub.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-andromeda.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-andromeda.pub.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-codeberg.org.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ];
 
@@ -26,36 +27,24 @@ in {
   "pinwheel/work-staging-ovpn.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-production-ovpn.age".publicKeys = [ pinwheel alex ];
 
-  "manatee/root.manatee.age".publicKeys = [ manatee alex ];
-  "manatee/root.manatee.pub.age".publicKeys = [ manatee alex ];
-  "manatee/alex.manatee-git.ppp.pm.age".publicKeys = [ manatee alex ];
-  "manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ];
-  "manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
-  "manatee/syncthing-key.age".publicKeys = [ manatee alex ];
-  "manatee/hetzner-dns.age".publicKeys = [ manatee alex ];
-
   "backwards/root.backwards.age".publicKeys = [ backwards alex ];
   "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];
-  "backwards/alex.backwards-manatee.age".publicKeys = [ backwards alex ];
-  "backwards/alex.backwards-manatee.pub.age".publicKeys = [ backwards manatee alex ];
   "backwards/syncthing-cert.age".publicKeys = [ backwards alex ];
   "backwards/syncthing-key.age".publicKeys = [ backwards alex ];
-  "backwards/restic-password.age".publicKeys = [ backwards alex ];
+  "backwards/restic-sync-password.age".publicKeys = [ backwards alex ];
   "backwards/restic-cloud-sync-key.age".publicKeys = [ backwards alex ];
   "backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ];
+  "backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
+  "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
   "backwards/alex.backwards-git.ppp.pm.age".publicKeys = [ backwards alex ];
   "backwards/alex.backwards-git.ppp.pm.pub.age".publicKeys = [ backwards alex ];
   "backwards/wireless-network-secrets.age".publicKeys = [ backwards alex ];
 
   "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
   "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
+  "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
+  "tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
   "tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
   "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
   "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
-
-  "tadpole/whib-backend-env-vars.age".publicKeys = [ tadpole alex ];
-  "tadpole/whib-postgres-env-vars.age".publicKeys = [ tadpole alex ];
-  "tadpole/whib-postgres-backup-env-vars.age".publicKeys = [ tadpole alex ];
-  "tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ];
-  "tadpole/whib-grafana-env-vars.age".publicKeys = [ tadpole alex ];
 }

secrets/tadpole/whib-gpg-key.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 5R7G9A Q6V8S5312DQhP0QtPbAlbn+uDER6jpi+gvn40ndmnn0
-soymoaAKbNlYicSbtHhqn54D0zVBHBuHUKngex/VgoM
--> ssh-ed25519 +oNaHQ cpzCyu/9Jrm9Rx5C/rhuZku6uJWjrlHpCYxWOwuwQWw
-1GA8NsLeOTo/zHs/k0vt/N8hH+2MXfMNRy+qKBqi3fM
---- 5O74sFn1xDZ53xHM7KHZ+ge7DzdnhyeB0W0znMk7NYQ
-u¡™™²wèDüms"<22>š4¸—ýÙwÞüG¼LÏur	7V`G=	‰¡ã„C¼Èn2±¯n‚§3S~go¡½¾ìõcsþ@7œƳ