many changes, too lazy to explain

TODO.md

@@ -1,5 +1,6 @@
 - [ ] Update the README.md
 - [ ] switch ssh keys to ECC (fuck RSA)
+- [ ] forgejo not post-quantum (fix that)
 
 - [X] migrate forge.dobutterfliescry.net -> tearforge.net
 - [X] rename forgejo user to git

colors.rasi

@@ -0,0 +1,20 @@
+* {
+  background: rgba(51,37,65,0.9);
+  foreground: rgba(198,186,227,0.9);
+  color00: rgba(78,66,70,0.9);
+  color01: rgba(111,91,159,0.9);
+  color02: rgba(120,98,164,0.9);
+  color03: rgba(131,128,181,0.9);
+  color04: rgba(154,127,183,0.9);
+  color05: rgba(157,129,185,0.9);
+  color06: rgba(123,153,183,0.9);
+  color07: rgba(165,148,207,0.9);
+  color08: rgba(115,103,145,0.9);
+  color09: rgba(129,102,193,0.9);
+  color10: rgba(140,112,199,0.9);
+  color11: rgba(145,141,218,0.9);
+  color12: rgba(170,126,217,0.9);
+  color13: rgba(174,130,220,0.9);
+  color14: rgba(135,181,228,0.9);
+  color15: rgba(165,148,207,0.9);
+}

flake.lock

@@ -3,7 +3,9 @@
     "cerulean": {
       "inputs": {
         "deploy-rs": "deploy-rs",
-        "home-manager": "home-manager",
+        "home-manager": [
+          "home-manager"
+        ],
         "microvm": "microvm",
         "nixpkgs": [
           "nixpkgs"
@@ -16,17 +18,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1771194110,
-        "narHash": "sha256-x6rijGWmPL5FTpkr+8vpcKKCOT33QHEV8bP6ibEAXFE=",
-        "owner": "cry128",
-        "repo": "Cerulean",
-        "rev": "d527937829dec0f410f126a2f85e374cb99a2fbb",
-        "type": "github"
+        "lastModified": 1771399468,
+        "narHash": "sha256-Nppe/RD8/zJZ9e1vhX/Ma1fKZ+rMbp8ZFPMflTLGbk8=",
+        "ref": "refs/heads/main",
+        "rev": "870bbb1f3738736ea248c171685bffdb242e294a",
+        "revCount": 172,
+        "type": "git",
+        "url": "https://tearforge.net/cry/cerulean"
       },
       "original": {
-        "owner": "cry128",
-        "repo": "Cerulean",
-        "type": "github"
+        "type": "git",
+        "url": "https://tearforge.net/cry/cerulean"
       }
     },
     "deploy-rs": {
@@ -65,17 +67,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1770947070,
-        "narHash": "sha256-g/l/iUET/M+nSrXlwYF2e0KeKqgGpjy3qhwQY4tG62A=",
+        "lastModified": 1771281537,
+        "narHash": "sha256-mSFKM4DEvg1mMk3WaE4VQHOEg4UUxfqqfYUnIxeQeQE=",
         "ref": "refs/heads/main",
-        "rev": "4fc28bfb4f95071d34184c7ba3153eaff87eba41",
-        "revCount": 121,
+        "rev": "3678fe95787bb660c4e9ff9933c5d03693a07a76",
+        "revCount": 122,
         "type": "git",
-        "url": "https://forge.dobutterfliescry.net/cry/site"
+        "url": "https://tearforge.net/cry/site"
       },
       "original": {
         "type": "git",
-        "url": "https://forge.dobutterfliescry.net/cry/site"
+        "url": "https://tearforge.net/cry/site"
       }
     },
     "flake-compat": {
@@ -169,28 +171,6 @@
       }
     },
     "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "cerulean",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1770260404,
-        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "release-25.11",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -220,11 +200,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1770310890,
-        "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=",
+        "lastModified": 1771365290,
+        "narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=",
         "owner": "microvm-nix",
         "repo": "microvm.nix",
-        "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5",
+        "rev": "789c90b164b55b4379e7a94af8b9c01489024c18",
         "type": "github"
       },
       "original": {
@@ -304,11 +284,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770943752,
-        "narHash": "sha256-3vWAy2BCP5liaCEKmeqeVWbTCF/JnukgMOg8qf8mCcg=",
+        "lastModified": 1771375681,
+        "narHash": "sha256-qDDw0ruBZ1kt63j4uVP5Xrd1OxGKIYrSFnig0z6ozSw=",
         "owner": "FlameFlag",
         "repo": "nixcord",
-        "rev": "aa1626057e57eca3686fbc1c3e2ddfde884c6b2a",
+        "rev": "d030dbb48ab020092681a39c878c1d48a553ffc1",
         "type": "github"
       },
       "original": {
@@ -319,11 +299,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1770770419,
-        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
+        "lastModified": 1771208521,
+        "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
+        "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8",
         "type": "github"
       },
       "original": {
@@ -350,11 +330,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1770841267,
-        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
+        "lastModified": 1771008912,
+        "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
+        "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
         "type": "github"
       },
       "original": {
@@ -389,15 +369,15 @@
       "locked": {
         "lastModified": 1770975056,
         "narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=",
-        "owner": "cry128",
-        "repo": "nt",
+        "ref": "refs/heads/main",
         "rev": "f42dcdd49a7921a7f433512e83d5f93696632412",
-        "type": "github"
+        "revCount": 205,
+        "type": "git",
+        "url": "https://tearforge.net/cry/nt"
       },
       "original": {
-        "owner": "cry128",
-        "repo": "nt",
-        "type": "github"
+        "type": "git",
+        "url": "https://tearforge.net/cry/nt"
       }
     },
     "root": {
@@ -405,7 +385,7 @@
         "cerulean": "cerulean",
         "dobutterfliescry-net": "dobutterfliescry-net",
         "grub2-themes": "grub2-themes",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
         "nix-flatpak": "nix-flatpak",
         "nixcord": "nixcord",
         "nixpkgs": "nixpkgs",

flake.nix

@@ -12,16 +12,16 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nt.url = "github:cry128/nt";
-    # nt.url = "/home/me/cry/mk/nt";
+    nt.url = "git+https://tearforge.net/cry/nt";
 
     cerulean = {
-      url = "github:cry128/Cerulean";
-      # url = "/home/me/cry/mk/Cerulean";
+      # url = "git+https://tearforge.net/cry/cerulean";
+      url = "/home/me/cry/mk/cerulean";
       inputs = {
+        nt.follows = "nt";
         systems.follows = "systems";
         nixpkgs.follows = "nixpkgs";
-        nt.follows = "nt";
+        home-manager.follows = "home-manager";
       };
     };
 
@@ -37,7 +37,7 @@
     };
 
     dobutterfliescry-net = {
-      url = "git+https://forge.dobutterfliescry.net/cry/site";
+      url = "git+https://tearforge.net/cry/site";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         nixpkgs-unstable.follows = "nixpkgs-unstable";
@@ -50,6 +50,8 @@
     extra-experimental-features = "pipe-operators";
   };
 
-  outputs = inputs:
-    import ./snow.nix inputs;
+  outputs = inputs: let
+    inherit (inputs.cerulean) snow;
+  in
+    snow.flake inputs ./.;
 }

groups/all/default.nix

@@ -9,13 +9,16 @@
 
   # NOTE: mkDefault is 1000 and mkForce is 50
   # NOTE: so this is like a second mkDefault
-  security.sudo.wheelNeedsPassword = lib.mkDefault true;
+  security.sudo.wheelNeedsPassword = true;
 
   networking = {
     networkmanager.enable = true;
 
     nftables.enable = true;
-    firewall.enable = lib.mkDefault true;
+    firewall = {
+      enable = lib.mkDefault true;
+      allowPing = lib.mkDefault true;
+    };
 
     # Use CloudFlare's WARP+ 1.1.1.1 DNS service
     nameservers = [
@@ -28,6 +31,7 @@
     enable = true;
     clean.enable = true;
     clean.extraArgs = "--keep-since 7d --keep 3";
+    # TODO: move nh config to be home-manager
     flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you
   };
 

groups/cryde/default.nix

@@ -1,16 +1,20 @@
 {
+  inputs,
   pkgs,
   upkgs,
   config,
   ...
 }: {
-  imports = [
+  imports = with inputs; [
     ./programs.nix
 
     ../../hosts/modules/bashistrans.nix
     ../../hosts/modules/wm/hyprland.nix
     ../../hosts/modules/steam.nix
     ../../hosts/modules/obsidian.nix
+
+    grub2-themes.nixosModules.default
+    nix-flatpak.nixosModules.nix-flatpak
   ];
 
   boot.loader.grub2-theme = {

groups/cryos/programs.nix

@@ -111,13 +111,12 @@
     libargon2
   ];
 
-  services.pcscd.enable = true;
-
-  programs = {
-    gnupg.agent = {
-      enable = true;
-      pinentryPackage = pkgs.pinentry-curses;
-      enableSSHSupport = true;
-    };
-  };
+  # services.pcscd.enable = true;
+  # programs = {
+  # gnupg.agent = {
+  #   enable = true;
+  #   pinentryPackage = pkgs.pinentry-curses;
+  #   enableSSHSupport = true;
+  # };
+  # };
 }

groups/server/default.nix

@@ -49,6 +49,7 @@
   services.fail2ban = {
     enable = true;
 
+    ignoreIP = ["192.168.0.0/16"];
     maxretry = 5;
     bantime = "10m"; # 10 minute ban
     bantime-increment = {
@@ -69,6 +70,7 @@
         extraGroups = ["wheel"];
         openssh.authorizedKeys.keys = lib.mkDefault [
           (throw ''
+            You goofy goober :3
             Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`.
           '')
         ];

homes/me/default.nix

@@ -118,25 +118,31 @@
           hostname = "dobutterfliescry.net";
           user = "cry";
           port = 42069;
-          identityFile = "~/.ssh/id_butterfly";
+          identityFile = "~/keys/butterfly";
           setEnv = {
-            TERM = "linux";
+            TERM = "xterm-256color";
           };
         };
-        clocktown = {
+        hyrule = {
           hostname = "hyrule.dobutterfliescry.net";
           user = "cry";
           port = 42069;
-          identityFile = "~/.ssh/id_hyrule";
+          identityFile = "~/keys/hyrule";
           setEnv = {
-            TERM = "linux";
+            TERM = "xterm-256color";
           };
         };
+        matcha = {
+          hostname = "192.168.88.250";
+          user = "emile";
+          port = 22;
+          identityFile = "~/keys/matcha";
+        };
         youcue = {
           hostname = "moss.labs.eait.uq.edu.au";
           user = "s4740056";
           port = 22;
-          identityFile = "~/.ssh/id_youcue";
+          identityFile = "~/keys/other/youcue";
           setEnv = {
             TERM = "xterm-256color";
           };

hosts/butterfly/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
 
     ./services
   ];

hosts/hyrule/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   # super duper minimum grub2 config

hosts/lolcathost/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   networking.hostName = "lolcathost";

hosts/matcha/default.nix

@@ -0,0 +1,26 @@
+{...}: {
+  imports = [
+    ./hardware.nix
+    ./state.nix
+  ];
+
+  boot.loader = {
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot/efi";
+    };
+    grub = {
+      efiSupport = true;
+      device = "nodev";
+    };
+  };
+
+  networking.hostName = "matcha";
+
+  users.users.cry = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYwbPjW26fHivB+UpxRArY7nFI09VLAD9xxOiPk/u+YPAOVR8SYTpsHj3L8kI3ENRtt3PRJb97ZfLpPaAJ0LJiZv4qzisDjbfck12FxSDseQlF2JaJZ4wrJ9llcqJbRLKd5wV4KotrDm8Ct2JSBFOdTBQBGJqtNrLOcAtDqVmDPXsWyONINegtcYHumTbJcQU1ksCABdjW5R1dhJesOuMOM8EvrUtDyftvD7sgnBlXTzybP9c1AphUuBMSR5yEz/cDl+iPtQq7tgB+iepCCuNMGQu1wZFPBCMrZtMoxq6gzmZ4oV+W6tfmGEbtdkY+ix+2j960Zngcw7Gj+aYyMY2TyVJuJmIvlzfcrlsbr1TH35Y/5oYhJA+X6aFpgomUsurJ6/QdI1wQ+ceUCnZEeg/8z+WNaq/Bp2hPzT9Y7SPWolpaotDhh9wiuyVqn5VQqwL2lELfvZM4Lu8l6vRPDeMZTemI1nc5jg3aVpJqZTPqFVcCWrWXfdCFwnfy/SdU0JAprCzVvoqkwDHsJwkxY/NcxlNGNha+8oYZgSH1CZhEp3Z7CDJCTDd5PxxCQHs90ENCWFsoGQIV01dAgwD63460En9q2kGr6gO2aRewMD5Vr8AzeGV87vsR3ARpPQVzEWLX08B076Idjwrz8aebdRYBEg7WCxRe5UVI1i/V8j/zQw== emile@deadlyserver.com"
+      "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGEvtRs3C4hjSuvVm2lukqOvObCz5gVlFthcvpGHAqlBgZo47CNJM78WoviEQWceqtu9ZzJdRJ7qEK9ZGvTM0XTSgExkOs6YdS3J7M3i3YS1vcj9KVPinLhiE90aED/319pbYKFrRs/lRzl8XLeaPNqenNMNJBqeary8+r5u9JC6zYCeQ== me@lolcathost"
+    ];
+  };
+}

hosts/matcha/hardware.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d54a5644-744b-4b2a-8c4b-c12836498724";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/9513ded6-662e-42f7-926e-64d198c2ae7c"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/matcha/state.nix

@@ -0,0 +1,20 @@
+{...}: {
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.11"; # Did you read the comment?
+}

hosts/myputer/default.nix

@@ -5,7 +5,7 @@
   ...
 }: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   networking = {

nixpkgs.nix

@@ -4,7 +4,7 @@
   system,
   ...
 } @ args: {
-  nixpkgs.channels.default = rec {
+  nixpkgs.channels = rec {
     default = pkgs;
     # nixpkgs (stable branch)
     pkgs = {

overlays/default.nix

@@ -1,4 +1,4 @@
-{inputs, ...}: (
+{...}: (
   self: super: {
     angry-oxide = import ../packages/angryoxide {
       pkgs = super;

snow.nix

@@ -1,7 +1,8 @@
 {cerulean, ...} @ inputs:
 cerulean.mkNexus ./. (self: {
   nexus = {
-    specialArgs = {inherit inputs;};
+    base = inputs.nixpkgs;
+    args = {inherit inputs;};
 
     groups = {
       # wait.. that's too cold...
@@ -23,20 +24,20 @@ cerulean.mkNexus ./. (self: {
       lolcathost = {
         system = "x86_64-linux";
         groups = [groups.cryos.cryde];
-        extraModules = with inputs; [
-          grub2-themes.nixosModules.default
-          nix-flatpak.nixosModules.nix-flatpak
-        ];
+        # modules = with inputs; [
+        #   grub2-themes.nixosModules.default
+        #   nix-flatpak.nixosModules.nix-flatpak
+        # ];
       };
 
       # i be on my puter frfr
       myputer = {
         system = "x86_64-linux";
         groups = [groups.cryos.cryde];
-        extraModules = with inputs; [
-          grub2-themes.nixosModules.default
-          nix-flatpak.nixosModules.nix-flatpak
-        ];
+        # modules = with inputs; [
+        #   grub2-themes.nixosModules.default
+        #   nix-flatpak.nixosModules.nix-flatpak
+        # ];
       };
 
       # courtesy of aurora <3
@@ -61,11 +62,17 @@ cerulean.mkNexus ./. (self: {
       };
 
       # call me a statistician the way she spreads in my sheets
-      # matcha = {
-      #   system = "x86_64-linux";
-      #   groups = [groups.server];
-      #   deploy.ssh.host = "bedroom.dobutterfliescry.net";
-      # };
+      matcha = {
+        system = "x86_64-linux";
+        groups = [groups.server];
+        deploy = {
+          remoteBuild = true;
+          ssh = {
+            host = "192.168.88.250"; # <- DEBUG: TEMP: TODO: switch to `matcha.dobutterfliescry.net`
+            user = "emile";
+          };
+        };
+      };
     };
   };
 })