use experimental snow.flake schema

also move to using user git@tearforge.net
TODO: move to port 22 ;-;

TODO.md

@@ -1,10 +1,9 @@
 - [ ] Update the README.md
 - [ ] switch ssh keys to ECC (fuck RSA)
+- [ ] forgejo not post-quantum (fix that)
 
-- [ ] migrate forge.dobutterfliescry.net -> tearforge.net
-- [ ] rename forgejo user to git
+- [X] migrate forge.dobutterfliescry.net -> tearforge.net
+- [X] rename forgejo user to git
 - [ ] setup my own VPN
-- [ ] connect match to my VPN
+- [ ] connect matcha to my VPN
 - [ ] use matcha to build stuff instead of using my laptop
-
-- [ ] make `ceru` do local and remote deployments

colors.rasi

@@ -0,0 +1,20 @@
+* {
+  background: rgba(51,37,65,0.9);
+  foreground: rgba(198,186,227,0.9);
+  color00: rgba(78,66,70,0.9);
+  color01: rgba(111,91,159,0.9);
+  color02: rgba(120,98,164,0.9);
+  color03: rgba(131,128,181,0.9);
+  color04: rgba(154,127,183,0.9);
+  color05: rgba(157,129,185,0.9);
+  color06: rgba(123,153,183,0.9);
+  color07: rgba(165,148,207,0.9);
+  color08: rgba(115,103,145,0.9);
+  color09: rgba(129,102,193,0.9);
+  color10: rgba(140,112,199,0.9);
+  color11: rgba(145,141,218,0.9);
+  color12: rgba(170,126,217,0.9);
+  color13: rgba(174,130,220,0.9);
+  color14: rgba(135,181,228,0.9);
+  color15: rgba(165,148,207,0.9);
+}

flake.lock

@@ -3,7 +3,6 @@
     "cerulean": {
       "inputs": {
         "deploy-rs": "deploy-rs",
-        "home-manager": "home-manager",
         "microvm": "microvm",
         "nixpkgs": [
           "nixpkgs"
@@ -16,17 +15,14 @@
         ]
       },
       "locked": {
-        "lastModified": 1771194110,
-        "narHash": "sha256-x6rijGWmPL5FTpkr+8vpcKKCOT33QHEV8bP6ibEAXFE=",
-        "owner": "cry128",
-        "repo": "Cerulean",
-        "rev": "d527937829dec0f410f126a2f85e374cb99a2fbb",
-        "type": "github"
+        "lastModified": 1771650297,
+        "narHash": "sha256-7A952ZrngNdgSJWPLvKdVyGCXn1WtuBUMG4JoRTSCso=",
+        "path": "/home/me/cry/mk/cerulean",
+        "type": "path"
       },
       "original": {
-        "owner": "cry128",
-        "repo": "Cerulean",
-        "type": "github"
+        "path": "/home/me/cry/mk/cerulean",
+        "type": "path"
       }
     },
     "deploy-rs": {
@@ -65,17 +61,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1770947070,
-        "narHash": "sha256-g/l/iUET/M+nSrXlwYF2e0KeKqgGpjy3qhwQY4tG62A=",
+        "lastModified": 1771281537,
+        "narHash": "sha256-mSFKM4DEvg1mMk3WaE4VQHOEg4UUxfqqfYUnIxeQeQE=",
         "ref": "refs/heads/main",
-        "rev": "4fc28bfb4f95071d34184c7ba3153eaff87eba41",
-        "revCount": 121,
+        "rev": "3678fe95787bb660c4e9ff9933c5d03693a07a76",
+        "revCount": 122,
         "type": "git",
-        "url": "https://forge.dobutterfliescry.net/cry/site"
+        "url": "https://tearforge.net/cry/site"
       },
       "original": {
         "type": "git",
-        "url": "https://forge.dobutterfliescry.net/cry/site"
+        "url": "https://tearforge.net/cry/site"
       }
     },
     "flake-compat": {
@@ -169,28 +165,6 @@
       }
     },
     "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "cerulean",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1770260404,
-        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "release-25.11",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -220,11 +194,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1770310890,
-        "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=",
+        "lastModified": 1771365290,
+        "narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=",
         "owner": "microvm-nix",
         "repo": "microvm.nix",
-        "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5",
+        "rev": "789c90b164b55b4379e7a94af8b9c01489024c18",
         "type": "github"
       },
       "original": {
@@ -304,11 +278,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770943752,
-        "narHash": "sha256-3vWAy2BCP5liaCEKmeqeVWbTCF/JnukgMOg8qf8mCcg=",
+        "lastModified": 1771375681,
+        "narHash": "sha256-qDDw0ruBZ1kt63j4uVP5Xrd1OxGKIYrSFnig0z6ozSw=",
         "owner": "FlameFlag",
         "repo": "nixcord",
-        "rev": "aa1626057e57eca3686fbc1c3e2ddfde884c6b2a",
+        "rev": "d030dbb48ab020092681a39c878c1d48a553ffc1",
         "type": "github"
       },
       "original": {
@@ -319,11 +293,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1770770419,
-        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
+        "lastModified": 1771208521,
+        "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
+        "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8",
         "type": "github"
       },
       "original": {
@@ -350,11 +324,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1770841267,
-        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
+        "lastModified": 1771008912,
+        "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
+        "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
         "type": "github"
       },
       "original": {
@@ -389,15 +363,15 @@
       "locked": {
         "lastModified": 1770975056,
         "narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=",
-        "owner": "cry128",
-        "repo": "nt",
+        "ref": "refs/heads/main",
         "rev": "f42dcdd49a7921a7f433512e83d5f93696632412",
-        "type": "github"
+        "revCount": 205,
+        "type": "git",
+        "url": "https://tearforge.net/cry/nt"
       },
       "original": {
-        "owner": "cry128",
-        "repo": "nt",
-        "type": "github"
+        "type": "git",
+        "url": "https://tearforge.net/cry/nt"
       }
     },
     "root": {
@@ -405,7 +379,7 @@
         "cerulean": "cerulean",
         "dobutterfliescry-net": "dobutterfliescry-net",
         "grub2-themes": "grub2-themes",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
         "nix-flatpak": "nix-flatpak",
         "nixcord": "nixcord",
         "nixpkgs": "nixpkgs",

flake.nix

@@ -12,16 +12,15 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nt.url = "github:cry128/nt";
-    # nt.url = "/home/me/cry/mk/nt";
+    nt.url = "git+https://tearforge.net/cry/nt";
 
     cerulean = {
-      url = "github:cry128/Cerulean";
-      # url = "/home/me/cry/mk/Cerulean";
+      # url = "git+https://tearforge.net/cry/cerulean";
+      url = "/home/me/cry/mk/cerulean";
       inputs = {
+        nt.follows = "nt";
         systems.follows = "systems";
         nixpkgs.follows = "nixpkgs";
-        nt.follows = "nt";
       };
     };
 
@@ -37,7 +36,7 @@
     };
 
     dobutterfliescry-net = {
-      url = "git+https://forge.dobutterfliescry.net/cry/site";
+      url = "git+https://tearforge.net/cry/site";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         nixpkgs-unstable.follows = "nixpkgs-unstable";
@@ -50,6 +49,8 @@
     extra-experimental-features = "pipe-operators";
   };
 
-  outputs = inputs:
-    import ./snow.nix inputs;
+  outputs = inputs: let
+    inherit (inputs.cerulean) snow;
+  in
+    snow.flake inputs ./.;
 }

groups/all/default.nix

@@ -9,13 +9,16 @@
 
   # NOTE: mkDefault is 1000 and mkForce is 50
   # NOTE: so this is like a second mkDefault
-  security.sudo.wheelNeedsPassword = lib.mkDefault true;
+  security.sudo.wheelNeedsPassword = true;
 
   networking = {
     networkmanager.enable = true;
 
     nftables.enable = true;
-    firewall.enable = lib.mkDefault true;
+    firewall = {
+      enable = lib.mkDefault true;
+      allowPing = lib.mkDefault true;
+    };
 
     # Use CloudFlare's WARP+ 1.1.1.1 DNS service
     nameservers = [
@@ -28,6 +31,7 @@
     enable = true;
     clean.enable = true;
     clean.extraArgs = "--keep-since 7d --keep 3";
+    # TODO: move nh config to be home-manager
     flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you
   };
 

groups/cryde/default.nix

@@ -1,16 +1,20 @@
 {
+  inputs,
   pkgs,
   upkgs,
   config,
   ...
 }: {
-  imports = [
+  imports = with inputs; [
     ./programs.nix
 
     ../../hosts/modules/bashistrans.nix
     ../../hosts/modules/wm/hyprland.nix
     ../../hosts/modules/steam.nix
     ../../hosts/modules/obsidian.nix
+
+    grub2-themes.nixosModules.default
+    nix-flatpak.nixosModules.nix-flatpak
   ];
 
   boot.loader.grub2-theme = {

groups/cryos/default.nix

@@ -7,22 +7,6 @@
     ./programs.nix
   ];
 
-  nixpkgs.config.allowUnfreePredicate = let
-    whitelist = with pkgs;
-      map lib.getName [
-        discord
-        steam
-        steamcmd
-        steam-unwrapped
-
-        winbox
-
-        obsidian
-        gitkraken
-      ];
-  in
-    pkg: builtins.elem (lib.getName pkg) whitelist;
-
   boot.loader = {
     efi = {
       canTouchEfiVariables = true;

groups/cryos/programs.nix

@@ -111,11 +111,12 @@
     libargon2
   ];
 
-  programs = {
-    gnupg.agent = {
-      enable = true;
-      pinentryPackage = pkgs.pinentry-curses;
-      enableSSHSupport = true;
-    };
-  };
+  # services.pcscd.enable = true;
+  # programs = {
+  # gnupg.agent = {
+  #   enable = true;
+  #   pinentryPackage = pkgs.pinentry-curses;
+  #   enableSSHSupport = true;
+  # };
+  # };
 }

groups/server/default.nix

@@ -1,8 +1,15 @@
-{lib, ...}: {
-  networking.firewall = {
-    allowedTCPPorts = [
-      42069 # ssh
-    ];
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        42069 # ssh
+      ];
+    };
+    nftables.enable = true;
   };
 
   security = {
@@ -42,6 +49,7 @@
   services.fail2ban = {
     enable = true;
 
+    ignoreIP = ["192.168.0.0/16"];
     maxretry = 5;
     bantime = "10m"; # 10 minute ban
     bantime-increment = {
@@ -62,10 +70,15 @@
         extraGroups = ["wheel"];
         openssh.authorizedKeys.keys = lib.mkDefault [
           (throw ''
+            You goofy goober :3
             Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`.
           '')
         ];
       };
     };
   };
+
+  environment.systemPackages = with pkgs; [
+    unixtools.netstat
+  ];
 }

homes/me/default.nix

@@ -118,25 +118,31 @@
           hostname = "dobutterfliescry.net";
           user = "cry";
           port = 42069;
-          identityFile = "~/.ssh/id_butterfly";
+          identityFile = "~/keys/butterfly";
           setEnv = {
-            TERM = "linux";
+            TERM = "xterm-256color";
           };
         };
-        clocktown = {
+        hyrule = {
           hostname = "hyrule.dobutterfliescry.net";
           user = "cry";
           port = 42069;
-          identityFile = "~/.ssh/id_hyrule";
+          identityFile = "~/keys/hyrule";
           setEnv = {
-            TERM = "linux";
+            TERM = "xterm-256color";
           };
         };
+        matcha = {
+          hostname = "192.168.88.250";
+          user = "emile";
+          port = 22;
+          identityFile = "~/keys/matcha";
+        };
         youcue = {
           hostname = "moss.labs.eait.uq.edu.au";
           user = "s4740056";
           port = 22;
-          identityFile = "~/.ssh/id_youcue";
+          identityFile = "~/keys/other/youcue";
           setEnv = {
             TERM = "xterm-256color";
           };

homes/modules/fish.nix

@@ -37,6 +37,10 @@
             "The god of the stars rejects your offering. The ritual can only be performed at night."
             "You should have just died..."
             "Supreme Witch, Calamitas has killed every player!"
+
+            "A broken heart beats in fractals" # Key Fairy
+
+            "Remember our promise" # Signalis
           ]
           |> map (x: "\"${x}\"")
           |> builtins.concatStringsSep " ";

hosts/butterfly/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
 
     ./services
   ];
@@ -16,16 +16,16 @@
 
     firewall = {
       allowedTCPPorts = [
+        22 # forgejo ssh
         80 # nginx
         # 143 # IMAP4
         443 # nginx
         # 587 # SMTPS
-        2222 # forgejo ssh
-        2035 # debug (for my job)
+        2222 # TEMP: forgejo ssh
         # 3000 (INTERNAL) forgejo
         # 3306 (INTERNAL) forgejo sqlite3 database
-        5000 # debug (for my job)
         # 8222 (INTERNAL) vaultwarden
+        42069 # ssh
         45000 # minecaft server
       ];
       allowedUDPPorts = [
@@ -57,6 +57,18 @@
     # };
   };
 
+  services.pixiecore = {
+    enable = false;
+
+    port = 1234;
+    statusPort = 1234;
+    openFirewall = true;
+    listen = "0.0.0.0";
+
+    quick = "xyz";
+    mode = "boot";
+  };
+
   users.users.cry = {
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"

hosts/butterfly/services/default.nix

@@ -1,5 +1,7 @@
 {...}: {
   imports = [
     ./nginx.nix
+    ./forgejo.nix
+    ./vaultwarden.nix
   ];
 }

hosts/butterfly/services/forgejo.nix

@@ -1,10 +1,39 @@
-{...}: {
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.services.forgejo;
+in {
+  # REF: https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/services/misc/forgejo.nix
+  # REF: forgejo doesn't create the user/group by default if its name isn't "forgejo"
+  users.users = lib.mkIf (cfg.user != "forgejo") {
+    ${cfg.user} = {
+      home = cfg.stateDir;
+      useDefaultShell = true;
+      group = cfg.group;
+      isSystemUser = true;
+    };
+  };
+  users.groups = lib.mkIf (cfg.group != "forgejo") {
+    ${cfg.group} = {};
+  };
+
   # more options here: https://mynixos.com/nixpkgs/options/services.forgejo
   # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
   #       (might need me to override settings in the nixpkg)
   # TODO: create a custom theme for forgejo (modify the source files most likely)
   services.forgejo = {
     enable = true;
+
+    # XXX: WARNING: XXX: WARNING: XXX: TODO: set user="git" and settings.server.SSH_PORT=22
+    # XXX: WARNING: XXX: WARNING: XXX: TODO: (currently both cause errors)
+    # XXX: WARNING: XXX: WARNING: XXX: TODO: THE USER FAILS I THINK CAUSE THE DIRECTORY DOESNT CHANGE THE USER PERMISSIONS
+
+    user = "git"; # user forgejo runs as
+    # group = "forgejo"; # group forgejo runs as
+    # stateDir = "/var/lib/forgejo";
+
     # enable support for Git Large File Storage
     lfs.enable = true;
     database = {
@@ -17,9 +46,9 @@
     settings = {
       server = {
         # ENABLE_ACME = true;
-        # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev"
-        DOMAIN = "dobutterfliescry.net"; # should this be "imbored.dev"?
-        ROOT_URL = "https://forge.dobutterfliescry.net"; # full public URL of the Forgejo server
+        # ACME_EMAIL = "them@dobutterfliescry.net";
+        DOMAIN = "tearforge.net";
+        ROOT_URL = "https://tearforge.net";
         # address and port to listen on
         HTTP_ADDR = "127.0.0.1";
         HTTP_PORT = 3000;
@@ -40,7 +69,7 @@
         DEFAULT_PRIVATE = "private"; # last, private, public
         # repo/org created on push to non-existent
         ENABLE_PUSH_CREATE_USER = true;
-        ENABLE_PUSH_CREATE_ORG = false;
+        ENABLE_PUSH_CREATE_ORG = true;
         DEFAULT_PUSH_CREATE_PRIVATE = true;
         MAX_CREATION_LIMIT = -1;
       };
@@ -67,7 +96,7 @@
       "ui.meta" = {
         AUTHOR = "Emile Clark-Boman - emileclarkb";
         DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?";
-        KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies";
+        KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies,cry,tearforge";
       };
 
       markdown = {
@@ -119,12 +148,11 @@
       # email.incoming = { ... };
 
       # optional
-      # TODO: fill this in once my mail server is configured
       mailer = {
         ENABLED = false;
-        SMTP_ADDR = "mail.dobutterfliescry.net";
-        FROM = "iforgor@dobutterfliescry.net";
-        USER = "iforgor@dobutterfliescry.net";
+        SMTP_ADDR = "mail.tearforge.net";
+        FROM = "noreply@tearforge.net";
+        USER = "noreply@tearforge.net";
       };
 
       log = {

hosts/butterfly/services/nginx.nix

@@ -43,16 +43,15 @@
           locations."/".proxyPass = "${localhost}:8222";
         }
         // std;
-      # "tearforge.net" =
-      #   {
-      #     forceSSL = true;
-      #     extraConfig = ''
-      #       client_max_body_size 512M;
-      #     '';
-      #     locations."/".proxyPass = "${localhost}:3000";
-      #   }
-      #   // std;
-      # "tearforge.net" = forge;
+      "tearforge.net" =
+        {
+          forceSSL = true;
+          extraConfig = ''
+            client_max_body_size 512M;
+          '';
+          locations."/".proxyPass = "${localhost}:3000";
+        }
+        // std;
     };
   };
 }

hosts/hyrule/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   # super duper minimum grub2 config

hosts/lolcathost/default.nix

@@ -1,6 +1,6 @@
 {...}: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   networking.hostName = "lolcathost";

hosts/matcha/default.nix

@@ -0,0 +1,26 @@
+{...}: {
+  imports = [
+    ./hardware.nix
+    ./state.nix
+  ];
+
+  boot.loader = {
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot/efi";
+    };
+    grub = {
+      efiSupport = true;
+      device = "nodev";
+    };
+  };
+
+  networking.hostName = "matcha";
+
+  users.users.cry = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYwbPjW26fHivB+UpxRArY7nFI09VLAD9xxOiPk/u+YPAOVR8SYTpsHj3L8kI3ENRtt3PRJb97ZfLpPaAJ0LJiZv4qzisDjbfck12FxSDseQlF2JaJZ4wrJ9llcqJbRLKd5wV4KotrDm8Ct2JSBFOdTBQBGJqtNrLOcAtDqVmDPXsWyONINegtcYHumTbJcQU1ksCABdjW5R1dhJesOuMOM8EvrUtDyftvD7sgnBlXTzybP9c1AphUuBMSR5yEz/cDl+iPtQq7tgB+iepCCuNMGQu1wZFPBCMrZtMoxq6gzmZ4oV+W6tfmGEbtdkY+ix+2j960Zngcw7Gj+aYyMY2TyVJuJmIvlzfcrlsbr1TH35Y/5oYhJA+X6aFpgomUsurJ6/QdI1wQ+ceUCnZEeg/8z+WNaq/Bp2hPzT9Y7SPWolpaotDhh9wiuyVqn5VQqwL2lELfvZM4Lu8l6vRPDeMZTemI1nc5jg3aVpJqZTPqFVcCWrWXfdCFwnfy/SdU0JAprCzVvoqkwDHsJwkxY/NcxlNGNha+8oYZgSH1CZhEp3Z7CDJCTDd5PxxCQHs90ENCWFsoGQIV01dAgwD63460En9q2kGr6gO2aRewMD5Vr8AzeGV87vsR3ARpPQVzEWLX08B076Idjwrz8aebdRYBEg7WCxRe5UVI1i/V8j/zQw== emile@deadlyserver.com"
+      "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGEvtRs3C4hjSuvVm2lukqOvObCz5gVlFthcvpGHAqlBgZo47CNJM78WoviEQWceqtu9ZzJdRJ7qEK9ZGvTM0XTSgExkOs6YdS3J7M3i3YS1vcj9KVPinLhiE90aED/319pbYKFrRs/lRzl8XLeaPNqenNMNJBqeary8+r5u9JC6zYCeQ== me@lolcathost"
+    ];
+  };
+}

hosts/matcha/hardware.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d54a5644-744b-4b2a-8c4b-c12836498724";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/9513ded6-662e-42f7-926e-64d198c2ae7c"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/matcha/state.nix

@@ -0,0 +1,20 @@
+{...}: {
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.11"; # Did you read the comment?
+}

hosts/myputer/default.nix

@@ -5,7 +5,7 @@
   ...
 }: {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
   ];
 
   networking = {

nixpkgs.nix

@@ -4,15 +4,11 @@
   system,
   ...
 } @ args: {
-  nixpkgs.channels.default = rec {
-    default = pkgs;
-    # nixpkgs (stable branch)
-    pkgs = {
-      inherit system;
-      source = inputs.nixpkgs;
+  nixpkgs.channels = {
+    default = {
       overlays = [
         inputs.dobutterfliescry-net.overlays.default
-        (import ./overlays/default.nix args)
+        (import ./overlays args)
       ];
       config = {
         # allowUnfree = false;
@@ -29,13 +25,37 @@
           ];
       };
     };
+
+    # nixpkgs (stable branch)
+    # pkgs = {
+    #   inherit system;
+    #   source = inputs.nixpkgs;
+    #   overlays = [
+    #     inputs.dobutterfliescry-net.overlays.default
+    #     (import ./overlays args)
+    #   ];
+    #   config = {
+    #     # allowUnfree = false;
+    #     allowBroken = false;
+    #     allowUnfreePredicate = pkg:
+    #       builtins.elem (lib.getName pkg) [
+    #         "discord"
+    #         "steam"
+    #         "steamcmd"
+    #         "steam-unwrapped"
+
+    #         "obsidian"
+    #         "gitkraken"
+    #       ];
+    #   };
+    # };
     # nixpkgs-unstable
     upkgs = {
       inherit system;
       source = inputs.nixpkgs-unstable;
       overlays = [
         inputs.dobutterfliescry-net.overlays.default
-        (import ./overlays/default.nix args)
+        (import ./overlays args)
       ];
       config = {
         allowUnfree = false;

overlays/default.nix

@@ -1,4 +1,4 @@
-{inputs, ...}: (
+{...}: (
   self: super: {
     angry-oxide = import ../packages/angryoxide {
       pkgs = super;

snow.nix

@@ -1,7 +1,8 @@
-{cerulean, ...} @ inputs:
-cerulean.mkNexus ./. (self: {
-  nexus = {
-    specialArgs = {inherit inputs;};
+{inputs, ...} @ args: {
+  nodes = {
+    base = inputs.nixpkgs;
+    args = {inherit inputs;};
+    homeManager = inputs.home-manager;
 
     groups = {
       # wait.. that's too cold...
@@ -13,36 +14,31 @@ cerulean.mkNexus ./. (self: {
       server = {};
     };
 
-    nodes = let
-      inherit
-        (self.nexus)
-        groups
-        ;
-    in {
+    nodes = {
       # my laptop <3 :3
       lolcathost = {
         system = "x86_64-linux";
-        groups = [groups.cryos.cryde];
-        extraModules = with inputs; [
-          grub2-themes.nixosModules.default
-          nix-flatpak.nixosModules.nix-flatpak
-        ];
+        groups = groups: [groups.cryos.cryde];
+        # modules = with inputs; [
+        #   grub2-themes.nixosModules.default
+        #   nix-flatpak.nixosModules.nix-flatpak
+        # ];
       };
 
       # i be on my puter frfr
       myputer = {
         system = "x86_64-linux";
-        groups = [groups.cryos.cryde];
-        extraModules = with inputs; [
-          grub2-themes.nixosModules.default
-          nix-flatpak.nixosModules.nix-flatpak
-        ];
+        groups = groups: [groups.cryos.cryde];
+        # modules = with inputs; [
+        #   grub2-themes.nixosModules.default
+        #   nix-flatpak.nixosModules.nix-flatpak
+        # ];
       };
 
       # courtesy of aurora <3
       butterfly = {
         system = "x86_64-linux";
-        groups = [groups.server];
+        groups = groups: [groups.server];
         deploy.ssh = {
           host = "dobutterfliescry.net";
           user = "cry";
@@ -53,7 +49,7 @@ cerulean.mkNexus ./. (self: {
       # pls dont sue me im broke
       hyrule = {
         system = "x86_64-linux";
-        groups = [groups.server];
+        groups = groups: [groups.server];
         deploy.ssh = {
           host = "hyrule.dobutterfliescry.net";
           user = "cry";
@@ -61,11 +57,17 @@ cerulean.mkNexus ./. (self: {
       };
 
       # call me a statistician the way she spreads in my sheets
-      # matcha = {
-      #   system = "x86_64-linux";
-      #   groups = [groups.server];
-      #   deploy.ssh.host = "bedroom.dobutterfliescry.net";
-      # };
+      matcha = {
+        system = "x86_64-linux";
+        groups = groups: [groups.server];
+        deploy = {
+          remoteBuild = true;
+          ssh = {
+            host = "192.168.88.250"; # <- DEBUG: TEMP: TODO: switch to `matcha.dobutterfliescry.net`
+            user = "emile";
+          };
+        };
+      };
     };
   };
-})
+}