55 changed files with 188 additions and 603 deletions
--- a/containers/amethyst/flake.nix
+++ b/containers/amethyst/flake.nix
@ -21,8 +21,7 @@
      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
-        #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
+        locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
        locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
      };
--- a/containers/beryllium/configuration.nix
+++ b/containers/beryllium/configuration.nix
@ -9,15 +9,14 @@
  networking.firewall.allowedUDPPorts = [ 6167 ];
  # TODO: this should be generically set
  networking.useHostResolvConf = false;
-  networking.nameservers = [ "8.8.8.8" ];
+  networking.nameservers = [ "fd0d:1::2:1" ];
  services.matrix-continuwuity = {
    enable = true;
    settings.global = {
      # TODO: link this with outer container's address
-      address = [ "10.30.2.2" ];
+      address = [ "fd0d:1::2:2" ];
      server_name = "lava.moe";
      rocksdb_recovery_mode = 2;
    };
  };
 }
--- a/containers/beryllium/flake.nix
+++ b/containers/beryllium/flake.nix
@ -22,9 +22,9 @@
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".extraConfig = "return 302 'https://lava.moe';";
-        locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
+        locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
-        locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
+        locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
-        locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
+        locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
      };
      services.nginx.virtualHosts."lava.moe" = {
@ -52,8 +52,9 @@
      containers.${name} = {
        autoStart = true;
        privateNetwork = true;
-        hostAddress = "10.30.${subnet}.1";
+        hostAddress6 = "fd0d:1::${subnet}:1";
-        localAddress = "10.30.${subnet}.2";
+        localAddress6 = "fd0d:1::${subnet}:2";
        # privateUsers = "pick";
        nixpkgs = nixpkgs;
        ephemeral = true;
        config = { imports = [ ./configuration.nix ]; };
@ -63,6 +64,7 @@
          mountPoint = "/persist";
          isReadOnly = false;
        };
        # flake = "path:" + ./.;
      };
    };
  };
--- a/containers/citrine/configuration.nix
+++ b/containers/citrine/configuration.nix
@ -11,7 +11,7 @@
    enable = true;
    lfs.enable = true;
    settings = {
-      DEFAULT.APP_NAME = "cilly's botanical laboratory";
+      DEFAULT.APP_NAME = "Garden";
      server = {
        DOMAIN = fqdn;
        ROOT_URL = "https://${fqdn}/";
@ -34,8 +34,6 @@
      };
      api.ENABLE_SWAGGER = false;
      other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
      repository.ENABLE_PUSH_CREATE_USER = true;
      repository.ENABLE_PUSH_CREATE_ORG = true;
      service.DISABLE_REGISTRATION = true;
    };
    stateDir = "/persist/forgejo";
--- a/containers/citrine/flake.nix
+++ b/containers/citrine/flake.nix
@ -6,7 +6,7 @@
  outputs = { nixpkgs, catppuccin, ... }:
  let
    name = "citrine";
-    fqdn = "lab.lava.moe";
+    fqdn = "garden.lava.moe";
    subnetId = "3";
    subnet = x: "fd0d:1::${subnetId}:${toString x}";
--- a/containers/diamond/flake.nix
+++ b/containers/diamond/flake.nix
@ -24,7 +24,7 @@
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:8000";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
      };
      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
--- a/containers/emerald/configuration.nix
+++ b/containers/emerald/configuration.nix
@ -16,8 +16,7 @@
      ShareURL = "https://${shareFqdn}";
      EnableSharing = true;
      DataFolder = "/persist/navidrome";
-      MusicFolder = "/binds/music/main";
+      MusicFolder = "/binds/music";
    };
  };
  systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
 }
--- a/containers/emerald/flake.nix
+++ b/containers/emerald/flake.nix
@ -9,11 +9,11 @@
    shareFqdn = "muse.lava.moe";
    subnetId = "5";
-    subnet = x: "fd0d:2::${subnetId}:${toString x}";
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
    host = subnet 1;
    client = subnet 2;
-    subnet4 = x: "10.32.${subnetId}.${toString x}";
+    subnet4 = x: "10.30.${subnetId}.${toString x}";
    host4 = subnet4 1;
    client4 = subnet4 2;
@ -39,7 +39,13 @@
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:4533";
-        listenAddresses = [ "100.67.2.1" ];
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
      };
      services.nginx.virtualHosts."${shareFqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".return = "404";
        locations."/share/".proxyPass = "http://[${client}]:4533";
      };
      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
@ -62,7 +68,7 @@
          isReadOnly = false;
        };
        bindMounts."music" = {
-          hostPath = "/flower/media/music";
+          hostPath = "/persist/media/music";
          mountPoint = "/binds/music";
          isReadOnly = true;
        };
--- a/containers/fluorite/flake.nix
+++ b/containers/fluorite/flake.nix
@ -39,7 +39,7 @@
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:5030";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
      };
      systemd.tmpfiles.rules = [
--- a/containers/garnet/configuration.nix
+++ b/containers/garnet/configuration.nix
@ -1,36 +0,0 @@
 { ... }: {
  system.stateVersion = "25.11";
  fileSystems."/var/lib/opencloud" = {
    device = "/flower/data";
    fsType = "none";
    options = [ "bind" ];
  };
  fileSystems."/etc/opencloud" = {
    device = "/persist/cfg";
    fsType = "none";
    options = [ "bind" ];
  };
  # TODO: hardcoded address
  networking.extraHosts = ''
    100.67.2.1 cloud.lava.moe
  '';
  networking.firewall.allowedTCPPorts = [ 9200 ];
  networking.firewall.allowedUDPPorts = [ 9200 ];
  environment.etc."opencloud-admin-pass".text = ''
    IDM_ADMIN_PASSWORD=supersillysecure
  '';
  services.opencloud = {
    enable = true;
    url = "https://cloud.lava.moe";
    address = "10.30.7.2";
    port = 9200;
    environment = {
      PROXY_TLS = "false";
      IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
      IDP_ID_TOKEN_EXPIRATION = "2592000";
    };
    environmentFile = "/etc/opencloud-admin-pass";
  };
 }
--- a/containers/garnet/flake.lock
+++ b/containers/garnet/flake.lock
@ -1,27 +0,0 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1779560665,
        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/containers/garnet/flake.nix
+++ b/containers/garnet/flake.nix
@ -1,84 +0,0 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };
  outputs = { nixpkgs, ... }:
  let
    name = "garnet";
    fqdn = "cloud.lava.moe";
    subnetId = "7";
    subnet = x: "fd0d:1::${subnetId}:${toString x}";
    host = subnet 1;
    client = subnet 2;
    subnet4 = x: "10.30.${subnetId}.${toString x}";
    host4 = subnet4 1;
    client4 = subnet4 2;
    modules = [
      ./configuration.nix
      {
        networking.useHostResolvConf = false;
        networking.nameservers = [ host ];
      }
    ];
  in {
    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
      inherit modules;
    };
    nixosModule = { config, ... }: {
      networking.nat = {
        enable = true;
        enableIPv6 = true;
        internalInterfaces = [ "ve-${name}" ];
      };
      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://${client4}:9200";
          proxyWebsockets = true;
        };
        extraConfig = ''
          proxy_read_timeout 3600s;
          proxy_send_timeout 3600s;
          keepalive_requests 100000;
          keepalive_timeout 5m;
          http2_max_concurrent_streams 512;
        '';
        # TODO: hardcoded address
        listenAddresses = [ "100.67.2.1" ];
      };
      systemd.tmpfiles.rules = [
        "d /persist/containers/${name} 755 root users"
      ];
      containers.${name} = {
        autoStart = true;
        privateNetwork = true;
        hostAddress = host4;
        localAddress = client4;
        hostAddress6 = host;
        localAddress6 = client;
        # privateUsers = "pick";
        nixpkgs = nixpkgs;
        ephemeral = true;
        config = { imports = modules; };
        specialArgs = { inherit fqdn; };
        bindMounts."persist" = {
          hostPath = "/persist/containers/${name}";
          mountPoint = "/persist";
          isReadOnly = false;
        };
        bindMounts."content" = {
          hostPath = "/flower/opencloud";
          mountPoint = "/flower";
          isReadOnly = false;
        };
      };
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1779903856,
+        "lastModified": 1777475243,
-        "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=",
+        "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=",
        "owner": "ezKEa",
        "repo": "aagl-gtk-on-nix",
-        "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29",
+        "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8",
        "type": "github"
      },
      "original": {
@ -128,20 +128,6 @@
      },
      "parent": []
    },
    "c-garnet": {
      "inputs": {
        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "path": "./containers/garnet",
        "type": "path"
      },
      "original": {
        "path": "./containers/garnet",
        "type": "path"
      },
      "parent": []
    },
    "catppuccin": {
      "inputs": {
        "nixpkgs": "nixpkgs_4"
@ -309,11 +295,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1778716662,
+        "lastModified": 1777988971,
-        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
        "type": "github"
      },
      "original": {
@ -327,11 +313,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1778716662,
+        "lastModified": 1777988971,
-        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
+        "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
+        "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
        "type": "github"
      },
      "original": {
@ -404,11 +390,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1778507602,
+        "lastModified": 1776796298,
-        "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
+        "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
+        "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad",
        "type": "github"
      },
      "original": {
@ -510,11 +496,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1779969295,
+        "lastModified": 1778365864,
-        "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=",
+        "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6",
+        "rev": "2f419037039a152448c5f4ae9494154753d1b399",
        "type": "github"
      },
      "original": {
@ -554,11 +540,11 @@
    "linux-tkg": {
      "flake": false,
      "locked": {
-        "lastModified": 1779857514,
+        "lastModified": 1778301982,
-        "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=",
+        "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=",
        "owner": "Frogging-Family",
        "repo": "linux-tkg",
-        "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab",
+        "rev": "d20b99557a90663a016f741398098d4d7b3ad119",
        "type": "github"
      },
      "original": {
@ -576,11 +562,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1780013080,
+        "lastModified": 1778371477,
-        "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=",
+        "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=",
        "owner": "nix-community",
        "repo": "neovim-nightly-overlay",
-        "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226",
+        "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9",
        "type": "github"
      },
      "original": {
@ -592,11 +578,11 @@
    "neovim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1779979065,
+        "lastModified": 1778321961,
-        "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=",
+        "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "5d85669a33e10f1f156b086562458cbbc8054438",
+        "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b",
        "type": "github"
      },
      "original": {
@ -609,14 +595,14 @@
      "inputs": {
        "flake-parts": "flake-parts_2",
        "git-hooks": "git-hooks",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
-        "lastModified": 1779768228,
+        "lastModified": 1778384395,
-        "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=",
+        "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2",
+        "rev": "8368f981774ee25774d016e810d426891174a993",
        "type": "github"
      },
      "original": {
@ -632,11 +618,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1779604987,
+        "lastModified": 1778240325,
-        "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=",
+        "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd",
+        "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee",
        "type": "github"
      },
      "original": {
@ -647,11 +633,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1777268161,
+        "lastModified": 1770841267,
-        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
+        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
+        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
        "type": "github"
      },
      "original": {
@ -694,27 +680,11 @@
    },
    "nixpkgs_10": {
      "locked": {
-        "lastModified": 1779536132,
+        "lastModified": 1777954456,
-        "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=",
+        "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456",
+        "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_11": {
      "locked": {
        "lastModified": 1779560665,
        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
        "type": "github"
      },
      "original": {
@ -724,7 +694,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_12": {
+    "nixpkgs_11": {
      "locked": {
        "lastModified": 1770019141,
        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
@ -854,16 +824,16 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1779560665,
+        "lastModified": 1778274207,
-        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
+        "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
+        "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -910,7 +880,7 @@
    "pastel": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_12",
+        "nixpkgs": "nixpkgs_11",
        "pnpm2nix": "pnpm2nix"
      },
      "locked": {
@ -953,11 +923,11 @@
    "pure": {
      "flake": false,
      "locked": {
-        "lastModified": 1779255807,
+        "lastModified": 1770811375,
-        "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=",
+        "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=",
        "owner": "sindresorhus",
        "repo": "pure",
-        "rev": "cc0759a0de620f191510e2e2f9748194a605b54d",
+        "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2",
        "type": "github"
      },
      "original": {
@ -976,7 +946,6 @@
        "c-diamond": "c-diamond",
        "c-emerald": "c-emerald",
        "c-fluorite": "c-fluorite",
        "c-garnet": "c-garnet",
        "catppuccin": "catppuccin_2",
        "catppuccin-palette": "catppuccin-palette",
        "fast-syntax-highlighting": "fast-syntax-highlighting",
@ -985,7 +954,7 @@
        "neovim-nightly": "neovim-nightly",
        "nix-gaming": "nix-gaming",
        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_11",
+        "nixpkgs": "nixpkgs_10",
        "nvim-treesitter": "nvim-treesitter",
        "pastel": "pastel",
        "pure": "pure",
@ -1007,11 +976,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1777605393,
+        "lastModified": 1770952264,
-        "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=",
+        "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c",
+        "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188",
        "type": "github"
      },
      "original": {
@ -1028,11 +997,11 @@
        "systems": "systems_5"
      },
      "locked": {
-        "lastModified": 1779824049,
+        "lastModified": 1777789800,
-        "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=",
+        "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=",
        "owner": "Gerg-L",
        "repo": "spicetify-nix",
-        "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a",
+        "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3",
        "type": "github"
      },
      "original": {
@ -1060,11 +1029,11 @@
    "stevenblack-hosts": {
      "flake": false,
      "locked": {
-        "lastModified": 1779976382,
+        "lastModified": 1778258800,
-        "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=",
+        "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=",
        "owner": "StevenBlack",
        "repo": "hosts",
-        "rev": "d3e838712512490260f051150e3573eeebecfadb",
+        "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -44,7 +44,6 @@
    c-diamond.url = "path:./containers/diamond";
    c-emerald.url = "path:./containers/emerald";
    c-fluorite.url = "path:./containers/fluorite";
    c-garnet.url = "path:./containers/garnet";
  };
  outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@ -1,12 +1,9 @@
-{ inputs, lib, modules, modulesPath, ... }: {
+{ lib, modules, modulesPath, ... }: {
  networking.hostName = "alyssum";
  system.stateVersion = "25.11";
  time.timeZone = "Australia/Melbourne";
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
    passwd.file = ../../secrets/passwd.age;
    navidrome_env.file = ../../secrets/navidrome_env.age;
    wpa_conf = {
      file = ../../secrets/wpa_conf.age;
      path = "/etc/wpa_supplicant/imperative.conf";
@ -23,23 +20,13 @@
    nix-stable
    packages
    security
    tailscale
    modules.services.nginx
    modules.services.syncthing
    inputs.c-emerald.nixosModule
    inputs.c-garnet.nixosModule
    ./filesystem.nix
    ./kernel.nix
    ./networking.nix
    ./home.syncthing.nix
    ./samba.nix
    ../../users/hana
  ];
  me.environment = "headless";
  services.syncthing.user = lib.mkForce "hana";
 }
--- a/hosts/alyssum/filesystem.nix
+++ b/hosts/alyssum/filesystem.nix
@ -26,7 +26,6 @@ in {
    };
    "/boot" = mkLabelMount "stem" "vfat";
    "/flower" = mkBtrfsMount "myosotis" "/@" true;
    "/nix" = submount "/@/nix" false;
    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
    "/persist/.snapshots" = submount "/snap/persist" false;
--- a/hosts/alyssum/home.syncthing.nix
+++ b/hosts/alyssum/home.syncthing.nix
@ -1,39 +0,0 @@
 { config, lib, ... }:
 let
  configOn = user: port: {
    me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
    me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
    systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
    users.users.${user} = {
      hashedPasswordFile = config.age.secrets.passwd.path;
      isNormalUser = true;
      linger = true;
    };
    home-manager.users.${user} = { ... }: {
      home = {
        username = "${user}";
        homeDirectory = "/home/${user}";
        stateVersion = "26.05";
      };
      services.syncthing = {
        enable = true;
        guiAddress = "[::]:${toString port}";
        overrideDevices = false;
        overrideFolders = false;
        settings = {
          options.listenAddresses = [
            "tcp://0.0.0.0:2${toString port}"
            "quic://0.0.0.0:2${toString port}"
            "dynamic+https://relays.syncthing.net/endpoint"
          ];
          defaults.folder.path = "/flower/syncthing/${user}";
        };
      };
    };
  };
 in lib.mkMerge [
  (configOn "kujira" 8385)
  (configOn "cilly" 8386)
 ]
--- a/hosts/alyssum/samba.nix
+++ b/hosts/alyssum/samba.nix
@ -1,84 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  configOn = user: let
    passwd_fname = "passwd_smb${user}";
  in {
    age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
    me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
    me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
    users.users.${user} = {
      hashedPasswordFile = config.age.secrets.passwd.path;
      isNormalUser = true;
    };
    system.activationScripts = {
      init_smbpasswd.text = let
        smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
      in ''
        printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
      '';
    };
    services.samba.settings."${user}" = {
      "path" = "/flower/smb/${user}";
      "browseable" = "yes";
      "read only" = "no";
      "guest ok" = "no";
      "create mask" = "0644";
      "directory mask" = "0755";
      "force user" = user;
      "force group" = "users";
      "valid users" = user;
    };
  };
 in lib.mkMerge [
  (configOn "cilly")
  (configOn "kujira")
  {
    me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
    networking.firewall.allowPing = true;
    services.samba = {
      enable = true;
      package = pkgs.samba4Full;
      openFirewall = true;
      settings = {
        global = {
          "server smb encrypt" = "required";
          "workgroup" = "WORKGROUP";
          "server string" = "smbnix";
          "netbios name" = "smbnix";
          "security" = "user";
          "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
          "hosts deny" = "0.0.0.0/0";
          "guest account" = "nobody";
          "map to guest" = "bad user";
        };
        "public" = {
          "path" = "/flower/smb/public";
          "browseable" = "yes";
          "read only" = "no";
          "guest ok" = "yes";
          "create mask" = "0644";
          "directory mask" = "0755";
          "force user" = "hana";
          "force group" = "users";
        };
      };
    };
    services.samba-wsdd = {
      enable = true;
      openFirewall = true;
    };
    services.avahi = {
      enable = true;
      openFirewall = true;
      nssmdns4 = true;
      publish.enable = true;
      publish.userServices = true;
    };
  }
 ]
--- a/hosts/anemone/default.nix
+++ b/hosts/anemone/default.nix
@ -28,7 +28,6 @@
    printing
    security
    snapper
    tailscale
    wireguard
    ./filesystem.nix
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@ -5,6 +5,7 @@
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
    navidrome_env.file = ../../secrets/navidrome_env.age;
    slskd_env.file = ../../secrets/slskd_env.age;
    wg_dandelion.file = ../../secrets/wg_dandelion.age;
  };
@ -18,7 +19,6 @@
    nix-stable
    packages
    security
    tailscale
    wireguard
    modules.services.banksia
@ -30,12 +30,12 @@
    inputs.c-beryllium.nixosModule
    inputs.c-citrine.nixosModule
    inputs.c-diamond.nixosModule
    inputs.c-emerald.nixosModule
    inputs.c-fluorite.nixosModule
    ./filesystem.nix
    ./kernel.nix
    ./networking.nix
    ./nginx.nix
    ../../users/hana
  ];
--- a/hosts/dandelion/filesystem.nix
+++ b/hosts/dandelion/filesystem.nix
@ -22,7 +22,7 @@ in {
    "/" = {
      device = "rootfs";
      fsType = "tmpfs";
-      options = [ "defaults" "size=6G" "mode=755" ];
+      options = [ "defaults" "size=12G" "mode=755" ];
    };
    "/boot" = mkLabelMount "UEFI" "vfat";
--- a/hosts/dandelion/nginx.nix
+++ b/hosts/dandelion/nginx.nix
@ -1,8 +0,0 @@
 { ... }: {
  services.nginx.virtualHosts."muse.lava.moe" = {
    useACMEHost = "lava.moe";
    forceSSL = true;
    locations."/".return = "404";
    locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
  };
 }
--- a/hosts/hyacinth/default.nix
+++ b/hosts/hyacinth/default.nix
@ -18,7 +18,6 @@
    bluetooth
    ccache
    corectrl
    docker
    flatpak
    greetd
    gui
@ -29,7 +28,6 @@
    printing
    security
    snapper
    tailscale
    wireguard
    modules.services.syncthing
--- a/hosts/hyacinth/packages.nix
+++ b/hosts/hyacinth/packages.nix
@ -1,6 +1,5 @@
 { pkgs, ... }: {
  environment.systemPackages = with pkgs; [
    discord
    jetbrains.idea
    texliveFull
  ];
--- a/modules/binds.nix
+++ b/modules/binds.nix
@ -1,13 +0,0 @@
 { config, lib, ...}: {
  imports = [ ./options.nix ];
  fileSystems = lib.mapAttrs (dest: key: let
    target = if (lib.strings.hasPrefix "/" key)
      then key
      else "/persist/binds/${key}";
  in {
    depends = [ "/persist" ];
    device = target;
    fsType = "none";
    options = [ "bind" ];
  }) config.me.binds;
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -14,7 +14,6 @@ let
    }) paths
  );
 in {
  binds = ./binds.nix;
  options = ./options.nix;
  services = mkAttrsFromPaths [
    ./services/banksia.nix
@ -50,7 +49,6 @@ in {
    ./system/printing.nix
    ./system/security.nix
    ./system/snapper.nix
    ./system/tailscale.nix
    ./system/virtualisation.nix
    ./system/wireguard.nix
  ];
--- a/modules/options.nix
+++ b/modules/options.nix
@ -44,10 +44,5 @@ in {
      type = types.bool;
      default = false;
    };
    binds = lib.mkOption {
      type = with lib.types; attrsOf str;
      default = {};
    };
  };
 }
--- a/modules/services/banksia.nix
+++ b/modules/services/banksia.nix
@ -4,7 +4,7 @@
    "banksia.lava.moe" = {
      useACMEHost = "lava.moe";
      forceSSL = true;
-      locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
+      locations."/".return = "302 https://github.com/cillynder/Banksia";
      locations."/api".proxyPass = "http://localhost:8080/";
    };
  };
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -6,7 +6,7 @@
      email = "me@lava.moe";
      group = "nginx";
      dnsProvider = "cloudflare";
-      environmentFile = config.age.secrets."acme_dns".path;
+      credentialsFile = config.age.secrets."acme_dns".path;
    };
    certs."lava.moe" = {
      extraDomainNames = [
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@ -1,8 +1,7 @@
 { config, ... }:
 let
  dir = "/persist/shared/.syncthing";
-  user = if config.me.gui then "rin" else "hana";
+  uid = toString config.users.users.rin.uid;
  uid = toString config.users.users."${user}".uid;
  gid = toString config.users.groups.users.gid;
 in
 {
@ -14,10 +13,9 @@ in
  services.syncthing = {
    enable = true;
    openDefaultPorts = true;
-    user = user;
+    user = "rin";
    group = "users";
    dataDir = "/persist/shared/.syncthing/data";
    configDir = "/persist/shared/.syncthing/config";
    guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
  };
 }
--- a/modules/services/unbound.nix
+++ b/modules/services/unbound.nix
@ -27,12 +27,8 @@ in {
        forward-addr = [
          "2606:4700:4700::1111@853#cloudflare-dns.com"
          "2606:4700:4700::1001@853#cloudflare-dns.com"
          "2001:4860:4860::8888@853#dns.google"
          "2001:4860:4860::8844@853#dns.google"
          "1.1.1.1@853#cloudflare-dns.com"
          "1.0.0.1@853#cloudflare-dns.com"
          "8.8.8.8@853#dns.google"
          "8.8.4.4@853#dns.google"
        ];
      }];
@ -41,10 +37,8 @@ in {
        access-control = [
          "127.0.0.1/8      allow"
          "10.0.0.0/8       allow"
          "100.64.0.0/10    allow"
          "192.168.100.0/24 allow"
-          "fd0d::/16        allow"
+          "fd0d::/16 allow"
          "fd7a:115c:a1e0::/48 allow"
          "${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
        ];
        domain-insecure = [ "\"local.lava.moe\"" ];
--- a/modules/system/base.nix
+++ b/modules/system/base.nix
@ -1,5 +1,5 @@
 { config, inputs, modules, ... }: {
-  imports = [ modules.binds modules.options ];
+  imports = [ modules.options ];
  environment.etc = {
    "machine-id".source = "/persist/machine-id";
--- a/modules/system/input.nix
+++ b/modules/system/input.nix
@ -6,19 +6,7 @@
        "-arinterval 15"
      ];
    };
    xkb.options = "caps:escape";
  };
-  services.keyd = {
+  console.useXkbConfig = true;
    enable = true;
    keyboards = {
      default = {
        ids = [ "*" ];
        settings = {
          main = {
            capslock = "esc";
            esc = "capslock";
          };
        };
      };
    };
  };
 }
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@ -1,6 +1,5 @@
-{ config, inputs, pkgs, ... }: {
+{ config, lib, pkgs, ... }: {
  nix = {
    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
    package = pkgs.nixVersions.latest;
    settings = rec {
--- a/modules/system/packages.nix
+++ b/modules/system/packages.nix
@ -16,6 +16,7 @@
    neovim
    nfs-utils
    ntfs3g
    oci-cli
    ripgrep
    rsync
    sshfs
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@ -49,7 +49,7 @@
        {
          groups = [ "wheel" ];
          keepEnv = true;
-          persist = true;
+          persist = config.me.environment != "laptop";
        }
      ];
    };
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@ -1,13 +0,0 @@
 { config, lib, ... }: {
  age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
  me.binds."/var/lib/tailscale" = "tailscale";
  networking.firewall.trustedInterfaces = [ "tailscale0" ];
  networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
  services.tailscale = {
    enable = true;
    authKeyFile = config.age.secrets.tailscale_auth.path;
    openFirewall = true;
    useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
  };
 }
--- a/modules/system/wireguard.nix
+++ b/modules/system/wireguard.nix
@ -6,7 +6,7 @@ let
  serverIp = gcSecrets.wireguard.gateway;
  forwarding = {
-    "22727" = [ "10.100.0.3" "7777" ];
+#    "22727" = [ "10.100.0.3" "7777" ];
  };
  mapForwards = type:
@ -18,8 +18,6 @@ let
      in ''
        ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
        ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
        ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
        ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
      '') forwarding
    );
--- a/modules/user/eww.nix
+++ b/modules/user/eww.nix
@ -21,9 +21,9 @@ let
    '';
  };
 in {
-  home.packages = with pkgs; [ iw socat ];
+  home.packages = with pkgs; [ socat ];
  programs.eww = {
    enable = true;
    configDir = res;
  };
  xdg.configFile."eww".source = res;
 }
--- a/modules/user/git.nix
+++ b/modules/user/git.nix
@ -10,7 +10,6 @@
      user.email = "mini@cilly.moe";
      core.abbrev = 11;
      safe.directory = "/home/rin/Projects/flakes";
      init.defaultBranch = "master";
    };
  };
 }
--- a/modules/user/neovim-minimal.nix
+++ b/modules/user/neovim-minimal.nix
@ -9,8 +9,6 @@
    vimAlias = true;
    vimdiffAlias = true;
    withNodeJs = false;
    withPython3 = false;
    withRuby = false;
    plugins = with pkgs.vimPlugins; [
      fzf-vim
--- a/modules/user/neovim.nix
+++ b/modules/user/neovim.nix
@ -1,9 +1,9 @@
-{ config, lib, pkgs, sysConfig, ... }:
+{ config, lib, pkgs, ... }:
 let
  luaconf = pkgs.writeText "config.lua"
    (lib.replaceStrings
-      ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"]
+      ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"]
-      ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName]
+      ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor]
      (builtins.readFile ../../res/config.lua));
 in {
  systemd.user.tmpfiles.rules = [
@ -17,11 +17,8 @@ in {
    vimdiffAlias = true;
    #package = pkgs.neovim-nightly;
    withNodeJs = true;
    withPython3 = true;
    withRuby = false;
    extraPackages = with pkgs; [
      nixd
      rust-analyzer
      texlab
      astro-language-server
--- a/packages/linux-lava/sources.nix
+++ b/packages/linux-lava/sources.nix
@ -1,8 +1,8 @@
 { fetchFromGitHub, inputs, lib }:
 let
-  version = "7.0.10";
+  version = "7.0.5";
  kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv";
-  kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj";
+  kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d";
  mm = lib.versions.majorMinor version;
  hasPatch = (builtins.length (builtins.splitVersion version)) == 3;
--- a/res/config.lua
+++ b/res/config.lua
@ -108,18 +108,18 @@ require('lualine').setup {
 -- many thanks to @kristijanhusak
 -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125
 function _G.javascript_indent()
-    local line = vim.fn.getline(vim.v.lnum)
+  local line = vim.fn.getline(vim.v.lnum)
-    local prev_line = vim.fn.getline(vim.v.lnum - 1)
+  local prev_line = vim.fn.getline(vim.v.lnum - 1)
-    if line:match('^%s*[%*/]%s*') then
+  if line:match('^%s*[%*/]%s*') then
-        if prev_line:match('^%s*%*%s*') then
+    if prev_line:match('^%s*%*%s*') then
-            return vim.fn.indent(vim.v.lnum - 1)
+      return vim.fn.indent(vim.v.lnum - 1)
        end
        if prev_line:match('^%s*/%*%*%s*$') then
            return vim.fn.indent(vim.v.lnum - 1) + 1
        end
    end
    if prev_line:match('^%s*/%*%*%s*$') then
      return vim.fn.indent(vim.v.lnum - 1) + 1
    end
  end
-    return vim.fn['GetJavascriptIndent']()
+  return vim.fn['GetJavascriptIndent']()
 end
 vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()')
@ -157,17 +157,22 @@ vim.api.nvim_create_autocmd("LspAttach", {
    end
 })
-vim.diagnostic.config({
+vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with(
-    focusable = false,
+    vim.lsp.diagnostic.on_publish_diagnostics, {
-    virtual_text = false,
+        focusable = false,
-    underline = true,
+        virtual_text = false,
-    signs = true,
+        underline = true,
-    update_in_insert = true
+        signs = true,
-})
+        update_in_insert = true
    }
 )
 vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with(
    vim.lsp.handlers.signature_help, { focusable = false }
 )
 capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
-local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
+local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
 for _, lsp in ipairs(servers) do
    vim.lsp.config(lsp, {
        capabilities = capabilities,
@ -292,32 +297,6 @@ vim.lsp.config("diagnosticls", {
 })
 vim.lsp.enable("diagnosticls")
 -- LSP/nixd
 vim.lsp.config("nixd", {
  cmd = { "nixd" },
  filetypes = { "nix" },
  root_markers = { "flake.nix", ".git" },
  settings = {
    nixd = {
      nixpkgs = {
        expr = "import <nixpkgs> { }",
      },
      formatting = {
        command = { "nixfmt" },
      },
      options = {
        nixos = {
          expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options',
        },
        home_manager = {
          expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []',
        },
      },
    },
  },
 })
 vim.lsp.enable("nixd")
 -- LSP/Signatures
 require("lsp_signature").setup {
    hint_enable = false,
--- a/res/eww/eww.yuck
+++ b/res/eww/eww.yuck
@ -1,5 +1,4 @@
 (defwindow mainbar :monitor 0
                   :geometry (geometry :x "0%"
                                       :y "0%"
                                       :width "100%"
@ -40,15 +39,14 @@
  `cat /sys/class/power_supply/_BAT_PATH_/capacity`)
 (defpoll pbat_status :interval "1s" :run-while bat-enabled
  `cat /sys/class/power_supply/_BAT_PATH_/status`)
-(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled
+(defpoll network_strength :interval "1s" :run-while wifi-enabled
-  `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`)
+  `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`)
 (defpoll wifi_strength :interval "1s" :run-while wifi-enabled
  `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`)
 (defpoll bluetooth_device :interval "1s" :run-while bt-enabled
  `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`)
 (defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled
  `bluetoothctl devices Connected | wc -l`)
 (deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh")
 (deflisten ltitle :initial "" "./scripts/title.sh")
 (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh")
 (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh")
@ -109,22 +107,22 @@
 (defwidget network []
  (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}`
    (box :orientation "horizontal"
-         :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")}
+         :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")}
-         :spacing {(network-extended && wifi_ssid != "") ? 5 : 0}
+         :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0}
         :space-evenly false
      (label :text {
-          (wifi_ssid == "") ? ""
+          (lnetwork == "Disconnected") ? ""
-        : (wifi_strength == "") ? ""
+        : (network_strength == "") ? ""
-        : (wifi_strength < 75) ? ""
+        : (network_strength < 20) ? ""
-        : (wifi_strength < 65) ? ""
+        : (network_strength < 30) ? ""
-        : (wifi_strength < 60) ? ""
+        : (network_strength < 55) ? ""
-        : (wifi_strength < 50) ? ""
+        : (network_strength < 80) ? ""
        : ""}
             :class "base pill-icon")
      (revealer :transition "slideleft"
-                :reveal {network-extended && wifi_ssid != ""}
+                :reveal {network-extended && lnetwork != "Disconnected"}
                :duration 150
-        (label :text wifi_ssid
+        (label :text lnetwork
               :class "base")))))
 (defwidget battery []
--- a/res/eww/scripts/network.sh
+++ b/res/eww/scripts/network.sh
@ -0,0 +1,19 @@
 #!/usr/bin/env bash
 init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1)
 if [[ -z $init ]]; then
    echo Disconnected
 else
    echo $init
 fi
 nmcli monitor | while read -r line ; do
    if [[ $line == *"is now the primary connection" ]]; then
        conn=$(echo $line | cut -d\' -f2)
        echo $conn
    fi
    if [[ $line == "There's no primary connection" ]]; then
        echo Disconnected
    fi
 done
--- a/secrets.nix
+++ b/secrets.nix
@ -7,15 +7,12 @@ let
  rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
 in {
-  "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ];
+  "secrets/passwd.age".publicKeys = [ anemone blossom rin ];
  "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
  "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
  "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
-  "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
+  "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ];
-  "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
+  "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ];
  "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
  "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
  "secrets/warden_admin.age".publicKeys = [ rin ];
  "secrets/wg_anemone.age".publicKeys = [ anemone rin ];
  "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ];
--- a/secrets/acme_dns.age
+++ b/secrets/acme_dns.age
@ -1,11 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs
+-> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8
-07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok
+1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8
-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4
+-> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA
-FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84
+MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80
-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8
+-> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg
-xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE
+RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI
-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o
+--- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg
-aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM
+ºöHì¦<C3AC>)kñÞ#%3cªQÎÚº¿Ï•žè1?žad|‚ì³„Ù—²õo2Š¡
--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8
+Bð)¾ä=ÿZió˜9çpR<70>¦î	ÉKl<>žgû Õž’éhŒ
 Zr2îŽ.	Òõ~Mú’P€þXÅ¹1¼)pÌ9Rî–9ªScLzhQü™ßO†Ä0íH7£•ŽLÌj¦5½
üâÏöÒ\©›l9˜7ÓôçÜ«nœ©¡>¹æ¢
--- a/secrets/navidrome_env.age
+++ b/secrets/navidrome_env.age
--- a/secrets/passwd.age
+++ b/secrets/passwd.age
--- a/secrets/passwd_smbcilly.age
+++ b/secrets/passwd_smbcilly.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
 i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
 -> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
 +pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
 --- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
 Æ*Œl\ÈWç!J7E/´»îò"f@%\ìüÏ[¨òj8fÓ¶›ž
--- a/secrets/passwd_smbkujira.age
+++ b/secrets/passwd_smbkujira.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
 IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
 -> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
 QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
 --- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
 TÎ <ç‘R#d<>Ä†ÌŽlLkáN¦½º8´cÃ_N¬)±ŠT
--- a/secrets/slskd_env.age
+++ b/secrets/slskd_env.age
--- a/secrets/tailscale_auth.age
+++ b/secrets/tailscale_auth.age
@ -1,13 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM
 10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8
 -> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc
 vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8
 -> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU
 CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs
 -> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA
 KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE
 -> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg
 xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g
 --- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY
 –äxHQ•<>Š)þôÛûkö)Ä‰Bâ³~Û•‚Ö–Zv?·–ˆ¦%lQx
OwZIs©Û„óf4á‹D¯”ûÇ”þ*îOtÝ³¶0.m[qß_[¯ÿ°¨žvº×Û
--- a/users/rin/packages.nix
+++ b/users/rin/packages.nix
@ -15,25 +15,19 @@ in {
    ffmpeg
    gnupg
    kitty
    nil
    nodejs_latest
    pamixer
    pnpm
    unrar
    yt-dlp
  ] ++ lib.optionals (config.me.environment == "desktop") [
    krita
    lutris
    mangohud
    inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
    qmk
-    tetrio-desktop
+    unrar
-    tor-browser
+    weechat
-    virt-manager
+    yt-dlp
    winetricks
  ] ++ lib.optionals config.me.gui [
    android-studio
    brightnessctl
    drawio
    element-desktop
    evince
    eww
    feh
@ -42,9 +36,17 @@ in {
    gamescope
    gimp3
    grim
    jetbrains.gateway
    #kotatogram-desktop
    krita
    lm_sensors
    lutris
    insomnia
    maim
    mangohud
    me.psensor
    inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
    # inputs.nix-gaming.packages.x86_64-linux.wine-osu
    obsidian
    pavucontrol
    (prismlauncher.override {
@ -58,9 +60,13 @@ in {
    screenkey
    slurp
    swaybg
    tetrio-desktop
    texliveFull
    tor-browser
    transmission-remote-gtk
    vesktop
    virt-manager
    winetricks
    zathura
    zenity