bump

augh
oh there we go
2026-03-06 14:08:25 -07:00 · 2026-03-06 00:13:14 -07:00 · 2026-03-06 05:47:42 +00:00 · 2026-03-05 22:29:29 -07:00 · 2026-03-03 16:29:36 -07:00 · 2026-03-01 21:12:54 -07:00
30 changed files with 481 additions and 847 deletions
--- a/configuration-cross.nix
+++ b/configuration-cross.nix
@ -54,27 +54,6 @@
      };
    };

-    systemd.services.nvim-server = {
-      enable = false;
-      wantedBy = [ "multi-user.target" ];
-      description = "Neovim Server";
-      script = ''
-        export PATH="/run/current-system/sw/bin:/run/wrappers/bin:$PATH"
-        nvim --listen /tmp/nvim.sock --headless
-      '';
-      serviceConfig = {
-        User = "audrey";
-        Type = "simple";
-        Restart = "always";
-      };
-      environment = {
-        LOG_CHANNEL_ID = "532689319350108160";
-        CHANNEL_COUNT = "4";
-        DELAY_SECONDS = "5";
-        DEBUG = "0";
-      };
-    };
-
  }) (lib.mkIf (pkgs.stdenv.buildPlatform != pkgs.stdenv.hostPlatform) {
      programs.vim = {
        enable = true;
--- a/configuration-desktop.nix
+++ b/configuration-desktop.nix
@ -4,7 +4,7 @@
  ...
 }:
 {
-  networking.networkmanager.enable = true;
+  #networking.networkmanager.enable = true;

  fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);

@ -28,7 +28,7 @@

    libinput.enable = true;

-    blueman.enable = true;
+    #blueman.enable = true;
  };

  audrey-sway = {
@ -49,12 +49,7 @@

  programs = {
    chromium.enable = true;
-    firefox = {
-      enable = true;
-      nativeMessagingHosts.packages = [
-        pkgs.fx-cast-bridge
-      ];
-    };
+    firefox.enable = true;
    kdeconnect.enable = true;
    partition-manager.enable = true;
    wireshark.enable = true;
@ -66,12 +61,10 @@
        obs-livesplit-one
      ];
    };
-    thunar.enable = true;
  };
-  environment.sessionVariables.TERMINAL = "kitty --single-instance";
+  environment.sessionVariables.TERMINAL = "footclient";

  environment.systemPackages = with pkgs; [
-    kitty
    dino
    discord
    element-desktop
@ -81,11 +74,9 @@
    via
    libimobiledevice

+    dwarfdump
    ffmpeg
    gimp
-    feh
-    vlc
-    mpv

    kdePackages.plasma-thunderbolt
  ];
@ -98,15 +89,15 @@
    mode = "0700";
    age = "1d";
  };
-  systemd.services.sysfs-settings = {
-    description = "Set desktop sysfs tunables";
-    script = ''
-      # https://bugzilla.kernel.org/show_bug.cgi?id=219112
-      test "$(cat /sys/module/kvm/parameters/nx_huge_pages)" = "never" && exit 0 || true
-      echo "never" | tee /sys/module/kvm/parameters/nx_huge_pages
-    '';
-    before = [ "boot-complete.target" ];
-  };
+  #systemd.services.sysfs-settings = {
+  #  description = "Set desktop sysfs tunables";
+  #  script = ''
+  #    # https://bugzilla.kernel.org/show_bug.cgi?id=219112
+  #    test "$(cat /sys/module/kvm/parameters/nx_huge_pages)" = "never" && exit 0 || true
+  #    echo "never" | tee /sys/module/kvm/parameters/nx_huge_pages
+  #  '';
+  #  before = [ "boot-complete.target" ];
+  #};

  hardware.keyboard.qmk.enable = true;
  services.udev.packages = [ pkgs.via ];
--- a/configuration-nixbsd.nix
+++ b/configuration-nixbsd.nix
@ -2,8 +2,6 @@
 let
  nixKey = "/var/lib/nix/binary-cache-key" ;
 in {
-  # it's already default
-  lix.enable = false;
  init.services.nix-key-setup = {
    description = "Generate a nix build signing key";
    startType = "oneshot";
--- a/configuration-nixos.nix
+++ b/configuration-nixos.nix
@ -22,7 +22,7 @@ in {

  console = {
    font = "Lat2-Terminus16";
-    #keyMap = "us";
+    keyMap = "us";
    useXkbConfig = true; # use xkb.options in tty.
  };

@ -48,7 +48,6 @@ in {
  ];

  programs = {
-    zoxide.enable = true;
    firejail.enable = true;
    virt-manager.enable = true;
    nix-ld = {
--- a/configuration.nix
+++ b/configuration.nix
@ -8,11 +8,11 @@ in {
      description = "python packages (p: with p; [ x ]) to include in the global python environment";
    };
  };
-  imports = [ ./overlays/packages.nix ./overlays/lix.nix ./configuration-cross.nix ];
+  imports = [ ./overlays/packages.nix ./configuration-cross.nix ];
  config = {
    nixpkgs.config.allowUnfree = true;

-    nix.settings.extra-experimental-features = "nix-command flakes pipe-operator";
+    nix.settings.extra-experimental-features = "nix-command flakes pipe-operators";
    nix.settings.trusted-users = [ "audrey" ];
    nix.settings.max-jobs = 1;
    nix.settings.cores = 0;
@ -27,6 +27,7 @@ in {
    services.xserver.xkb.options = "caps:escape";

    users.defaultUserShell = pkgs.zsh;
+    # Define a user account. Don't forget to set a password with ‘passwd’.
    users.users.audrey = {
      uid = 1000;
      description = "Audrey Dutcher";
@ -40,47 +41,39 @@ in {
      man-pages-posix
      gnumake
      wget
-      moor
+      #moor
      ripgrep
      fd
      curl
-      btop
+      #btop
      file
      nettools
      psmisc
      units
      units-desktop
      patchelf
-      dwarfdump
      gdb
-      kubectl
+      #kubectl
      p7zip
      unzip
      zip
-      foremost
-      binwalk
+      #foremost
+      #binwalk
      jq
      socat
-      nix-index
+      #nix-index
      openssl
-      wireguard-tools
-      cached-nix-shell
+      #wireguard-tools
+      #cached-nix-shell
      tcpdump
      sqlite
-      cronie
+      #cronie
      editorconfig-core-c
-      (writeShellScriptBin "rhelmot-footclient" ''
-        #!/bin/sh
-        if [ -n "''${RHELMOT_FOOTSOCK:-}" ] && [ -S "''${RHELMOT_FOOTSOCK}" ]; then
-          exec footclient --server-socket="''${RHELMOT_FOOTSOCK}" "$@"
-        fi
-        exec footclient "$@"
-      '')
      (python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages))
    ];

    rhelmot.globalPythonPackages = [ (p: with p; [
-      virtualenvwrapper
+      #virtualenvwrapper
      pylint
      pytest
      ipdb
@ -98,7 +91,6 @@ in {
    programs = {
      kakoune = {
        enable = true;
-        defaultEditor = true;
        plugins = with pkgs.kakounePlugins; [
          kak-fzf
          smarttab-kak
@ -131,19 +123,17 @@ in {
          hdc = "hexdump -ve '\"\\\x\" 1/1 \"%02x\"'";
          nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
          mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
-          woman = "man";
        };
      };
      tmux = {
        enable = true;
        extraConfig = builtins.readFile ./dotfiles/tmux.conf;
      };
-      ssh.extraConfig = builtins.readFile ./dotfiles/ssh-config;
      direnv.enable = true;
      htop.enable = true;
      git = {
        enable = true;
-        lfs.enable = true;
+        #lfs.enable = true;
        config = {
          user.email = "audrey@rhelmot.io";
          user.name = "Audrey Dutcher";
@ -153,19 +143,19 @@ in {
          url."ssh://git@".insteadOf = "git://";
        };
      };
-      bat = {
-        enable = true;
-        extraPackages = with pkgs.bat-extras; [
-          batdiff
-          batman
-          prettybat
-        ];
-        settings = {
-          italic-text = "always";
-          wrap = "never";
-          style = "plain";
-        };
-      };
+      #bat = {
+      #  enable = true;
+      #  extraPackages = with pkgs.bat-extras; [
+      #    batdiff
+      #    batman
+      #    prettybat
+      #  ];
+      #  settings = {
+      #    italic-text = "always";
+      #    wrap = "never";
+      #    style = "plain";
+      #  };
+      #};
    };
    environment.etc."zshrc.local".source = ./dotfiles/zsh-final.sh;

@ -175,67 +165,10 @@ in {
    environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb;
    environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt;

+    # Enable the OpenSSH daemon.
    services.openssh.enable = true;
-    # uh oh...
-    services.openssh.settings.AcceptEnv = "RHELMOT_SWAYSOCK RHELMOT_FOOTSOCK RHELMOT_WAYLAND_DISPLAY";

-    services.sanoid = lib.mkIf config.boot.zfs.enabled {
-      enable = true;
-      datasets."system/home" = {
-        autosnap = true;
-        autoprune = true;
-        recursive = true;
-        processChildrenOnly = false;
-        yearly = 0;
-        monthly = 2;
-        daily = 7;
-        hourly = 24;
-      };
-      datasets."system/local/var" = {
-        autosnap = true;
-        autoprune = true;
-        recursive = true;
-        processChildrenOnly = false;
-        yearly = 0;
-        monthly = 2;
-        daily = 7;
-        hourly = 24;
-      };
-      datasets."system/local/root" = {
-        autosnap = true;
-        autoprune = true;
-        recursive = true;
-        processChildrenOnly = false;
-        yearly = 0;
-        monthly = 2;
-        daily = 7;
-        hourly = 24;
-      };
-      datasets."system/local/var/lib_docker" = {
-        autosnap = false;
-        recursive = true;
-      };
-    };
    
-    services.syncoid = lib.mkIf config.boot.zfs.enabled {
-      enable = true;
-      # offset 30min from sanoid to reduce I/O spikes and give sanoid a chance to snapshot before we
-      # back up
-      interval = "00/1:30";
-      service = {
-        serviceConfig = {
-          ExecCondition = "+${lib.getExe pkgs.condition-unmetered-network}";
-        };
-      };
-      sshKey = "/var/lib/syncoid/.ssh/id_ed25519";
-      commands."system" = {
-        source = "system";
-        target = "buser@home.rhelmot.io:main/backup/${config.networking.hostName}/system";
-        # xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption
-        #sendOptions = "w";
-        recursive = true;
-        extraArgs = ["--skip-parent" "--sshport" "2252"];
-      };
-    };
  };
 }
+
--- a/dotfiles/kakoune/config/30-fzf.kak
+++ b/dotfiles/kakoune/config/30-fzf.kak
@ -8,11 +8,6 @@ set-option global fzf_grep_command 'rg'
 set-option global fzf_grep_preview_command 'bat'
 set-option global fzf_window_map 'ctrl-n'

-#require-module 'wayland'
-require-module 'kitty'
-#set-option global termcmd "kitty --single-instance sh -c"
-set-option global kitty_window_type 'os-window'
-
 map -docstring "filename search (current dir)" global goto n '<a-;>:filename-search<ret>'
 map -docstring "filename search (file dir)" global goto N '<a-;>:filename-search buffile-dir<ret>'
 map -docstring "full-text search (current dir)" global goto f '<a-;> fg'
@ -31,15 +26,10 @@ define-command -docstring "terminal but floating" terminal-floating -params .. %
 set-option global fzf_terminal_command 'terminal-floating'
 define-command sway-terminal-floating -params .. %{
    nop %sh{ sway fullscreen disable }
-    set-option local termcmd "kitty --single-instance --os-window-title=fzf.kak.picker sh -c"
+    set-option local termcmd "footclient --title=fzf.kak.picker sh -c"
    wayland-terminal-window %arg{@}
 }

-define-command kitty-terminal-floating -params .. %{
-    nop %sh{ sway fullscreen disable }
-    kitty-terminal-window --os-window-class=fzf.kak.picker %arg{@}
-}
-
 define-command -override -hidden -docstring "wrapper command to create new terminal" \
 fzf-window -params .. %{ evaluate-commands %sh{
    if [ -n "${kak_client_env_TMUX:-}" ]; then
--- a/dotfiles/rtfs.jpg
+++ b/dotfiles/rtfs.jpg
--- a/dotfiles/ssh-config
+++ b/dotfiles/ssh-config
@ -1,7 +0,0 @@
-#Match tagged trusted exec "[ -S \"$RHELMOT_FOOTSOCK\" -a -S \"$RHELMOT_SWAYSOCK\" ]"
-#    RemoteForward /home/audrey/.ssh/fwd-footsock-%C.sock ${RHELMOT_FOOTSOCK}
-#    RemoteForward /home/audrey/.ssh/fwd-swaysock-%C.sock ${RHELMOT_SWAYSOCK}
-#    SetEnv RHELMOT_SWAYSOCK=/home/audrey/.ssh/fwd-swaysock-%C.sock
-#    SetEnv RHELMOT_FOOTSOCK=/home/audrey/.ssh/fwd-footsock-%C.sock
-#    StreamLocalBindUnlink yes
-#    ExitOnForwardFailure no
--- a/dotfiles/sway/config
+++ b/dotfiles/sway/config
@ -8,8 +8,12 @@
 ## Environment sync with uwsm and restart daemons
 #

-exec_always 'UWSM_FINALIZE_VARNAMES="${UWSM_FINALIZE_VARNAMES}${UWSM_FINALIZE_VARNAMES:+ }PAM_KWALLET5_LOGIN" uwsm finalize && systemctl --user restart graphical-environment.target'
+#exec_always 'UWSM_FINALIZE_VARNAMES="${UWSM_FINALIZE_VARNAMES}${UWSM_FINALIZE_VARNAMES:+ }PAM_KWALLET5_LOGIN" uwsm finalize'
 exec_always '/etc/sway/generate_palette >~/.cache/sway_palette.json'
+exec waybar
+exec swaync
+exec foot --server
+exec kanshi

 #
 ## Variables
@ -21,9 +25,8 @@ set $left h
 set $down j
 set $up k
 set $right l
-set $term kitty --single-instance
-set $prelaunch uwsm app --
-set $menu fuzzel "--launch-prefix=$prelaunch"
+set $term footclient
+set $menu fuzzel
 set $swaylock swaylock -c 1a1b26

 #
@ -31,7 +34,7 @@ set $swaylock swaylock -c 1a1b26
 #

 # Support legacy X11 apps
-xwayland enable
+#xwayland enable
 # Move containers to scratchpad when they try to minimize
 scratchpad_minimize enable
 # Move the mouse to a container when it focuses
@ -79,7 +82,7 @@ bindsym $mod+Return exec $menu
 ### Command Palette
 bindsym $mod+Ctrl+Return exec /etc/sway/palette
 ### Terminal
-bindsym $mod+t exec $prelaunch $term    
+bindsym $mod+t exec $term    

 #
 ## Special keys
@ -320,7 +323,7 @@ shadow_blur_radius 8
 # Automation
 #

-for_window [app_id="^fzf.kak.picker$"] {
+for_window [title="^fzf.kak.picker$"] {
    floating enable
    resize set width 90ppt height 90ppt
    move position center
--- a/dotfiles/waybar/config.jsonc
+++ b/dotfiles/waybar/config.jsonc
@ -10,7 +10,7 @@
    "custom/launcher": {
        "format": "",
        "tooltip-format": "",
-        "on-click": "fuzzel --launch-prefix=\"uwsm app --\" --no-exit-on-keyboard-focus-loss",
+        "on-click": "fuzzel --no-exit-on-keyboard-focus-loss",
    },
    "systemd-failed-units": {
        "format": "󱗗",
@ -24,8 +24,6 @@
            "class<firefox>":      "<span letter_spacing='10040'>󰈹</span>",
            "class<discord>":      "<span letter_spacing='10240' size='9pt'></span>",
            "class<footclient>":   "<span letter_spacing='10240'></span>",
-            "class<foot>":         "<span letter_spacing='10240'></span>",
-            "class<kitty>":        "<span letter_spacing='10240'></span>",
            "class<Zotero>":       "<span letter_spacing='10240'>󱉟</span>",
            "class<Element>":      "<span letter_spacing='10480'>󰭹</span>",
            "class<im.dino.Dino>": "<span letter_spacing='10480'>󰭹</span>",
--- a/dotfiles/zsh-init.sh
+++ b/dotfiles/zsh-init.sh
@ -7,7 +7,7 @@ unsetopt beep nomatch
 # Aliases
 #

-eval "$(batman --export-env)"
+#eval "$(batman --export-env)"

 # standard functions

@ -16,31 +16,7 @@ function nixos-edit() {
 }

 function nixos-apply() {
-    flags=("--sudo" "--use-substitutes")
-    host="$HOST"
-    action="switch"
-    while [[ "$#" != 0 ]]; do
-        case "$1" in
-            --host)
-                host="$2"
-                shift
-                shift
-                ;;
-            --boot)
-                action="boot"
-                shift
-                ;;
-            *)
-                flags+=("$1")
-                shift
-                ;;
-        esac
-    done
-    flags+=("--flake" "$HOME/nixos-config#$host")
-    if [[ "$host" != "$HOST" ]]; then
-        flags+=("--target-host" "$host")
-    fi
-    nixos-rebuild "$action" "${flags[@]}"
+    sudo nixos-rebuild switch --flake ~/nixos-config#$HOST "$@"
 }

 lsflags=()
@ -161,53 +137,6 @@ export SHELL=$(which zsh)
 export npm_config_prefix=~/.local
 export HISTSIZE=100000
 export SAVEHIST=100000
-export CARGO_TARGET_DIR=~/.cache/cargo/obj
-export TEMP=/tmp
-export TMP=/tmp
-export TEMPDIR=/tmp
-export TMPDIR=/tmp
-
-# If remote socket forwards are present, opt in to them
-# If they are invalid, set to a default value so ssh is happy
-if [[ -S "$RHELMOT_SWAYSOCK" ]]; then
-    export SWAYSOCK="$RHELMOT_SWAYSOCK"
-else
-    export RHELMOT_SWAYSOCK=/dev/null
-fi
-if [[ -S "$RHELMOT_FOOTSOCK" ]]; then
-    :
-else
-    export RHELMOT_FOOTSOCK=/dev/null
-fi
-if [[ -S "$RHELMOT_WAYLAND_DISPLAY" ]]; then
-    export WAYLAND_DISPLAY="$RHELMOT_WAYLAND_DISPLAY"
-else
-    export RHELMOT_WAYLAND_DISPLAY=/dev/null
-fi
-
-function _rhelmot_ssh_with_remote_ui_forwarding() {
-    local local_sway local_foot local_wayland
-    local_foot="/dev/null"
-    local_wayland="/dev/null"
-
-    for candidate in "$RHELMOT_FOOTSOCK" "${XDG_RUNTIME_DIR}/foot-${WAYLAND_DISPLAY}.sock" "${XDG_RUNTIME_DIR}/foot.sock" "/tmp/foot.sock"; do
-        if [[ -S "$candidate" ]]; then
-            local_foot="$candidate"
-            break
-        fi
-    done
-    for candidate in "$WAYLAND_DISPLAY" "/run/user/$(id -u)/$WAYLAND_DISPLAY"; do
-        if [[ -S "$candidate" ]]; then
-            local_wayland="$candidate"
-        fi
-    done
-
-    RHELMOT_WAYLAND_DISPLAY="$local_wayland" RHELMOT_SWAYSOCK="$SWAYSOCK" RHELMOT_FOOTSOCK="$local_foot"  command ssh "$@"
-}
-
-function ssh() {
-    _rhelmot_ssh_with_remote_ui_forwarding "$@"
-}

 # site vars, functions, and aliases
 if [ -e ~/.site_aliases.sh ]; then
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "bingosync": {
      "locked": {
-        "lastModified": 1765872749,
-        "narHash": "sha256-ueriWIOHdyMaVFyqQJVSVxsjhoebX5szbPrL67GBQF4=",
+        "lastModified": 1769710902,
+        "narHash": "sha256-cNkfwDSPOew7CPnkEBfVxZl8tMZDAhD7MQP5AKSCEKE=",
        "owner": "rhelmot",
        "repo": "bingosync",
-        "rev": "e94c3ff624b843fd4c02afbdbf22338b1d9c4650",
+        "rev": "7fd458dfb54ff88bc1744223bd6b6f3576bd85da",
        "type": "github"
      },
      "original": {
@ -58,63 +58,118 @@
        "type": "github"
      }
    },
+    "cppnix": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
+        "git-hooks-nix": "git-hooks-nix",
+        "nixpkgs": [
+          "nixbsd",
+          "nixpkgs"
+        ],
+        "nixpkgs-23-11": "nixpkgs-23-11",
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1772745693,
+        "narHash": "sha256-4d0xSh/Vy2xI5jqCKmw/Yuo18uAUtnqvBrllNcmXvqU=",
+        "owner": "rhelmot",
+        "repo": "nix",
+        "rev": "38517c6967041d60e469383bc4ce3c0b4adf00ae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rhelmot",
+        "ref": "freebsd-safe",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_2": {
      "locked": {
        "lastModified": 1733328505,
        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "revCount": 69,
        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
      }
    },
-    "flake-compat_2": {
-      "flake": false,
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixbsd",
+          "cppnix",
+          "nixpkgs"
+        ]
+      },
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
        "type": "github"
      },
      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
        "type": "github"
      }
    },
-    "lix": {
+    "git-hooks-nix": {
      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "nix2container": "nix2container",
+        "flake-compat": [
+          "nixbsd",
+          "cppnix"
+        ],
+        "gitignore": [
+          "nixbsd",
+          "cppnix"
+        ],
        "nixpkgs": [
          "nixbsd",
+          "cppnix",
          "nixpkgs"
        ],
-        "nixpkgs-regression": [
+        "nixpkgs-stable": [
          "nixbsd",
+          "cppnix",
          "nixpkgs"
-        ],
-        "pre-commit-hooks": "pre-commit-hooks"
+        ]
      },
      "locked": {
-        "lastModified": 1732339771,
-        "narHash": "sha256-/ViH3RRdFm9R9WN4szwdwMSbnDnRzNqgkFNR5dBh+Og=",
-        "ref": "freebsd-build",
-        "rev": "a26c6228c31cc66b31a75f24a95f420952a6cbb2",
-        "revCount": 16516,
-        "type": "git",
-        "url": "https://git.lix.systems/artemist/lix.git"
+        "lastModified": 1734279981,
+        "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
+        "type": "github"
      },
      "original": {
-        "ref": "freebsd-build",
-        "type": "git",
-        "url": "https://git.lix.systems/artemist/lix.git"
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
      }
    },
    "mini-tmpfiles": {
@ -125,11 +180,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741473245,
-        "narHash": "sha256-32ekQLovnjpb1NBvt1/WCEn98khSGljX+QkS+SLSNpM=",
+        "lastModified": 1742754557,
+        "narHash": "sha256-nGxgiNhA94eSl8jcQwCboJ5Ed132z8yrFdOoT+rf8bE=",
        "owner": "nixos-bsd",
        "repo": "mini-tmpfiles",
-        "rev": "1ff4fc98963421e0e6b099ccda721d5a1ca4c887",
+        "rev": "534ee577692c7092fdcd035f89bc29b663c6f9ca",
        "type": "github"
      },
      "original": {
@ -138,89 +193,75 @@
        "type": "github"
      }
    },
-    "nix2container": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1724996935,
-        "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
-        "owner": "nlewo",
-        "repo": "nix2container",
-        "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nlewo",
-        "repo": "nix2container",
-        "type": "github"
-      }
-    },
    "nixbsd": {
      "inputs": {
-        "flake-compat": "flake-compat",
-        "lix": "lix",
+        "cppnix": "cppnix",
+        "flake-compat": "flake-compat_2",
        "mini-tmpfiles": "mini-tmpfiles",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
-        "lastModified": 1743152305,
-        "narHash": "sha256-jLO2QaCoEqSVF5+UOPAQKE74U4CAlc/5huuaT7I6RL4=",
+        "lastModified": 1772769953,
+        "narHash": "sha256-3NRnNY5L8dm3bc12nr3wk4sMOWbvO1m5s7/wWXXwx2Q=",
        "owner": "nixos-bsd",
        "repo": "nixbsd",
-        "rev": "79c61bb25529d19cc1e6922b499162b5dda54268",
+        "rev": "87787927615d57969df3faf3cdeeb1bf1f3e1576",
        "type": "github"
      },
      "original": {
        "owner": "nixos-bsd",
-        "ref": "main",
+        "ref": "nixbsd-demo",
        "repo": "nixbsd",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1741684394,
-        "narHash": "sha256-6G65wM+dJUgt0RfzxbN08OnhdY+YiYFdEpExFvPU6yg=",
-        "owner": "nixos-bsd",
+        "lastModified": 1772828289,
+        "narHash": "sha256-rNKF1bFtrV+1Lable7vVxw53W0EM0qCOXW+TfL6wwQs=",
+        "owner": "rhelmot",
        "repo": "nixpkgs",
-        "rev": "30f30c8fdf82dfcbceb0c4e1dafda15e6faaa76d",
+        "rev": "c6b65605b4caf622440e7287e0394a789def6729",
        "type": "github"
      },
      "original": {
-        "owner": "nixos-bsd",
-        "ref": "nixbsd-dev-new",
+        "owner": "rhelmot",
+        "ref": "freebsd-graphical-wip",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
-    "nixpkgs_2": {
+    "nixpkgs-23-11": {
      "locked": {
-        "lastModified": 1770617025,
-        "narHash": "sha256-1jZvgZoAagZZB6NwGRv2T2ezPy+X6EFDsJm+YSlsvEs=",
+        "lastModified": 1717159533,
+        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2db38e08fdadcc0ce3232f7279bab59a15b94482",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.11",
        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
        "type": "github"
      }
    },
-    "pre-commit-hooks": {
-      "flake": false,
+    "nixpkgs-regression": {
      "locked": {
-        "lastModified": 1726745158,
-        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
        "type": "github"
      },
      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
        "type": "github"
      }
    },
@ -229,7 +270,7 @@
        "bingosync": "bingosync",
        "blog-rhelmot-io": "blog-rhelmot-io",
        "nixbsd": "nixbsd",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
--- a/flake.nix
+++ b/flake.nix
@ -1,8 +1,9 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixpkgs.url = "github:rhelmot/nixpkgs/freebsd-graphical-wip";
    #nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixbsd.url = "github:nixos-bsd/nixbsd/main";
+    nixbsd.url = "github:nixos-bsd/nixbsd/nixbsd-demo";
+    nixbsd.inputs.nixpkgs.follows = "nixpkgs";

    bingosync.url = "github:rhelmot/bingosync";
    blog-rhelmot-io.url = "git+https://git.lain.faith/rhelmot/blog.rhelmot.io";
@ -28,15 +29,15 @@
          ./sites/${name}/configuration.nix
          { nixpkgs.buildPlatform = platform; }
          self.modules.audrey-sway
-          self.modules.mobile-timezone
+          #self.modules.mobile-timezone
          self.modules.kakoune
          self.modules.zfs-module
-          self.modules.syncthing-cluster
-          {
-            services.syncthing-cluster.deviceIds = ./keys/syncthing;
-            services.syncthing-cluster.coordinator = "hydrangea";
-          }
-          bingosync.nixosModules.default
+          #self.modules.syncthing-cluster
+          #{
+          #  services.syncthing-cluster.deviceIds = ./keys/syncthing;
+          #  services.syncthing-cluster.coordinator = "hydrangea";
+          #}
+          #bingosync.nixosModules.default
          #nixos-defcon.nixosModules.pkgsOverlay
          #nixos-defcon.nixosModules.tulip
          #nixos-defcon.nixosModules.noscope
--- a/keys/nix
+++ b/keys/nix
@ -1,2 +1,2 @@
-clove:UVUGJicEY/PmVWqi4dlqmsNIglGFAsJzgLLsgVrMKsM=
+clove:WbMoKN9/WvTS/tCNa2+75MImjZuqX8X094i5vT0dKTU=
 daisy:HU3mg1KY/sGYVZk243dgJRDLKHASRmu8/IXeGI/sdE8=
--- a/keys/syncthing/clove
+++ b/keys/syncthing/clove
@ -1 +0,0 @@
-WB3OPFM-5S7CLM4-PN7JIWE-H66YCFD-7UKW7PE-7KM4CMT-WPQ5BK5-ZFPMQAM
--- a/modules/audrey-sway.nix
+++ b/modules/audrey-sway.nix
@ -39,93 +39,72 @@ in
            default = [];
            description = "Extra entries to add to the command palette";
        };
-        extraSwayArgs = lib.mkOption {
-            type = lib.types.listOf lib.types.str;
-            default = [];
-            description = "Extra command line arguments with which to launch sway";
-        };
-        blankTimeout = lib.mkOption {
-            type = lib.types.nullOr lib.types.int;
-            default = 300;
-            description = "After how long in seconds idle should the system blank its screens";
-        };
-        lockTimeout = lib.mkOption {
-            type = lib.types.nullOr lib.types.int;
-            default = 360;
-            description = "After how long in seconds idle should the system lock the desktop";
-        };
-        suspendTimeout = lib.mkOption {
-            type = lib.types.nullOr lib.types.int;
-            default = 600;
-            description = "After how long in seconds idle should the system suspend";
-        };
    };

    config = lib.mkIf cfg.enable {
-      programs.regreet.enable = true;
-      services.greetd.settings = {
-        default_session.command = "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe config.programs.sway.package} -c /etc/sway/greeter-config ${builtins.toString cfg.extraSwayArgs}";
-      };
-      programs.regreet.settings = {
-        background.fit = "Fill";
-        GTK.application_prefer_dark_theme = true;
-      };
+      #programs.regreet.enable = true;
+      #services.greetd.settings = {
+      #  default_session.command = "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe config.programs.sway.package} -c /etc/sway/greeter-config";
+      #};
+      #programs.regreet.settings = {
+      #  background.fit = "Fill";
+      #  GTK.application_prefer_dark_theme = true;
+      #};
      environment.etc."sway/config".source = lib.mkForce ../dotfiles/sway/config;
      environment.etc."sway/sws".source = ../dotfiles/sway/sws.sh;
      environment.etc."sway/generate_palette".source = ../dotfiles/sway/generate_palette.sh;
      environment.etc."sway/palette".source = ../dotfiles/sway/palette.sh;
      environment.etc."sway/bg".source = cfg.background;
-      environment.etc."sway/greeter-config".source = lib.mkForce (pkgs.writeText "sway-greeter-config" ''
-        exec "${lib.getExe config.programs.regreet.package}; swaymsg exit"
-        output * scale 2
-        input type:keyboard {
-            xkb_options "caps:escape"
-        }
-        input type:touchpad {
-            dwt enabled
-            dwtp enabled
-            tap enabled
-            tap_button_map lrm
-            natural_scroll enabled
-        }
+      #environment.etc."sway/greeter-config".source = lib.mkForce (pkgs.writeText "sway-greeter-config" ''
+      #  exec "${lib.getExe config.programs.regreet.package}; swaymsg exit"
+      #  output * scale 2
+      #  input type:keyboard {
+      #      xkb_options "caps:escape"
+      #  }
+      #  input type:touchpad {
+      #      dwt enabled
+      #      dwtp enabled
+      #      tap enabled
+      #      tap_button_map lrm
+      #      natural_scroll enabled
+      #  }

-        # Brightness
-        bindsym --locked XF86MonBrightnessDown exec light -U 10
-        bindsym --locked XF86MonBrightnessUp exec light -A 10
+      #  # Brightness
+      #  bindsym --locked XF86MonBrightnessDown exec light -U 10
+      #  bindsym --locked XF86MonBrightnessUp exec light -A 10

-        blur enable
-        corner_radius 8
-        shadows enable
-        shadow_blur_radius 8
-      '');
+      #  blur enable
+      #  corner_radius 8
+      #  shadows enable
+      #  shadow_blur_radius 8
+      #'');
      environment.etc."xdg/waybar".source = ../dotfiles/waybar;
      environment.etc."xdg/swayr".source = ../dotfiles/swayr;
      environment.etc."xdg/fuzzel".source = ../dotfiles/fuzzel;
      environment.etc."xdg/foot".source = ../dotfiles/foot;
      environment.etc."xdg/xdg-desktop-portal-wlr/config".source = ../dotfiles/xdg-desktop-portal-wlr;

-      programs.uwsm = {
-        enable = true;
-        waylandCompositors.sway = {
-          prettyName = "Sway";
-          binPath = "/run/current-system/sw/bin/sway";
-          extraArgs = cfg.extraSwayArgs;
-        };
-      };
+      #programs.uwsm = {
+      #  enable = true;
+      #  waylandCompositors.sway = {
+      #    prettyName = "Sway";
+      #    binPath = "/run/current-system/sw/bin/sway";
+      #  };
+      #};
      programs.sway = {
        enable = true;
        package = pkgs.swayfx;
        wrapperFeatures.gtk = true;
-        xwayland.enable = true;
+        #xwayland.enable = true;
        extraPackages = with pkgs; [
          swaylock
          swaynotificationcenter
-          swayr
-          pavucontrol
-          pulseaudio
+          #swayr
+          #pavucontrol
+          #pulseaudio
          libnotify
          wdisplays
-          playerctl
+          #playerctl
          grim
          slurp
          swayidle
@ -136,10 +115,11 @@ in
          fuzzel
          gsettings-desktop-schemas
          glib
-          kdePackages.kwallet
-          networkmanagerapplet
+          kanshi
+          #kdePackages.kwallet
+          #networkmanagerapplet
          adwaita-icon-theme
-          reversal-icon-theme
+          #reversal-icon-theme
          whitesur-icon-theme
          xdg-user-dirs
        ];
@ -152,117 +132,114 @@ in
      };
      environment.pathsToLink = [ "/share/gsettings-schemas" ];
      #environment.sessionVariables.XDG_DATA_DIRS = [ "/run/current-system/sw/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}" ];
-      programs.light.enable = true;
+      #programs.light.enable = true;
      security.pam.services.swaylock = {};
      security.pam.loginLimits = [
        { domain = "@users"; item = "rtprio"; type = "-"; value = 1; }
      ];
      security.pam.services = {
-        greetd.kwallet = {
-          enable = true;
-          package = pkgs.kdePackages.kwallet-pam;
-          forceRun = true;
+        #greetd.kwallet = {
+        #  enable = true;
+        #  package = pkgs.kdePackages.kwallet-pam;
+        #  forceRun = true;
+        #};
+        #greetd.rules.session.kwallet.settings.auto_start = true;
      };
-        greetd.rules.session.kwallet.settings.auto_start = true;
-      };
-      security.polkit.enable = true;
+      security.polkit.enable = lib.mkForce false;
+      programs.xwayland.enable = false;
      programs.dconf.enable = true;
-      services.power-profiles-daemon.enable = true;
-      systemd.user.targets.graphical-environment = { };
-      systemd.user.services.kanshi = {
-        description = "Monitor hotswap daemon";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = lib.getExe pkgs.kanshi;
-        };
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.swayidle = {
-        description = "Idle lock + sleep manager";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = ''
-            ${lib.getExe pkgs.swayidle} -w \
-            ${lib.optionalString (cfg.blankTimeout != null) ''
-              timeout ${builtins.toString cfg.blankTimeout} 'swaymsg "output * power off"' \
-                  resume 'swaymsg "output * power on"' \
-            ''} ${lib.optionalString (cfg.lockTimeout != null) ''
-              timeout ${builtins.toString cfg.lockTimeout} '${swaylockCmd} -f' \
-              before-sleep '${swaylockCmd} -f' \
-            ''} ${lib.optionalString (cfg.suspendTimeout != null) ''
-              timeout ${builtins.toString cfg.suspendTimeout} 'systemctl suspend' \
-            ''}
-          '';
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.waybar = {
-        description = "Desktop status bar";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = lib.getExe pkgs.waybar;
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.networkmanagerapplet = {
-        description = "Networkmanager applet";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = lib.getExe pkgs.networkmanagerapplet;
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.pasystray = {
-        description = "Pulseaudio system tray icon";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${lib.getExe pkgs.pasystray} --notify source --notify sink -m 100";
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.kdeconnect-indicator = {
-        description = "KDE connect indicator";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${lib.getBin pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator";
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.swayr = {
-        description = "Sway MRU window switcher";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${lib.getBin pkgs.swayr}/bin/swayrd";
-        };
-        path = [ "/run/current-system/sw" ];
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-      };
-      systemd.user.services.polkit-gnome-authentication-agent-1 = {
-        description = "polkit-gnome-authentication-agent-1";
-        partOf = [ "graphical-environment.target" ];
-        wantedBy = [ "graphical-environment.target" ];
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-          Restart = "on-failure";
-          RestartSec = 1;
-          TimeoutStopSec = 10;
-        };
-      };
-      systemd.packages = [ pkgs.foot ];
-      systemd.user.sockets.foot-server.wantedBy = [ "graphical-environment.target" ];
+      #services.power-profiles-daemon.enable = true;
+      #systemd.user.targets.graphical-environment = { };
+      #systemd.user.services.kanshi = {
+      #  description = "Monitor hotswap daemon";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = lib.getExe pkgs.kanshi;
+      #  };
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.swayidle = {
+      #  description = "Idle lock + sleep manager";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = ''
+      #      ${lib.getExe pkgs.swayidle} -w \
+      #        timeout 300 'swaymsg "output * power off"' \
+      #            resume 'swaymsg "output * power on"' \
+      #        timeout 360 '${swaylockCmd} -f' \
+      #        timeout 600 'systemctl suspend' \
+      #        before-sleep '${swaylockCmd} -f'
+      #    '';
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.waybar = {
+      #  description = "Desktop status bar";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = lib.getExe pkgs.waybar;
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.networkmanagerapplet = {
+      #  description = "Networkmanager applet";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = lib.getExe pkgs.networkmanagerapplet;
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.pasystray = {
+      #  description = "Pulseaudio system tray icon";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = "${lib.getExe pkgs.pasystray} --notify source --notify sink -m 100";
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.kdeconnect-indicator = {
+      #  description = "KDE connect indicator";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = "${lib.getBin pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator";
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.swayr = {
+      #  description = "Sway MRU window switcher";
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = "${lib.getBin pkgs.swayr}/bin/swayrd";
+      #  };
+      #  path = [ "/run/current-system/sw" ];
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #};
+      #systemd.user.services.polkit-gnome-authentication-agent-1 = {
+      #  description = "polkit-gnome-authentication-agent-1";
+      #  partOf = [ "graphical-environment.target" ];
+      #  wantedBy = [ "graphical-environment.target" ];
+      #  serviceConfig = {
+      #    Type = "simple";
+      #    ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      #    Restart = "on-failure";
+      #    RestartSec = 1;
+      #    TimeoutStopSec = 10;
+      #  };
+      #};
+      #systemd.packages = [ pkgs.foot ];
+      #systemd.user.sockets.foot-server.wantedBy = [ "graphical-environment.target" ];

      audrey-sway.extraPaletteEntries = [
          { name = "Command Palette"; }
--- a/modules/kakoune.nix
+++ b/modules/kakoune.nix
@ -19,11 +19,6 @@ in {
            description = "The package that will be linked into the global environment if enabled";
            default = cfg.package.override { plugins = cfg.plugins; };
        };
-        defaultEditor = lib.mkOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Whether to set EDITOR=kak globally";
-        };
        extraPackages = lib.mkOption {
            type = lib.types.listOf lib.types.package;
            default = [];
@ -80,6 +75,5 @@ in {
                destination = "/share/kak/kakrc.local";
            })
        ];
-        environment.variables.EDITOR = lib.mkIf cfg.defaultEditor "kak";
    };
 }
--- a/modules/syncthing-cluster/default.nix
+++ b/modules/syncthing-cluster/default.nix
@ -49,7 +49,6 @@ in {
      inherit (cfg) configDir dataDir user;
      openDefaultPorts = true;
      overrideDevices = true;
-      overrideFolders = false;
      settings.devices = builtins.mapAttrs (_: value: { id = value; autoAcceptFolders = hostname == cfg.coordinator; }) otherDevices;
    };
  } (lib.mkIf (cfg.user != "syncthing") {
--- a/overlays/packages.nix
+++ b/overlays/packages.nix
@ -10,19 +10,6 @@ let overlay = final: prev: {
      hash = "sha256-vwGHiLKSjJor4A+r599DlvSHXkDuuLSSQ4/tWFALMKU=";
    })];
  });
-  sftpgo = prev.sftpgo.overrideAttrs (prev: {
-    # killing and tearing and ripping and maiming
-    postPatch = (prev.postPatch or "") + ''
-      sed -E -i -e '/func preserveUserProfile/a newUser.Groups = user.Groups;' internal/common/eventmanager.go
-    '';
-  });
-  fx-cast-bridge = prev.fx-cast-bridge.overrideAttrs (prev: {
-    postConfigure = (prev.postConfigure or "") + ''
-      substituteInPlace node_modules/mdns/lib/resolver_sequence_tasks.js --replace-fail \
-        'cares.getaddrinfo(req, host, family, 0, false)' \
-        'cares.getaddrinfo(req, host, family, 0, 0)'
-    '';
-  });
  idapro9 = pkgs.callPackage ../pkgs/idapro9.nix {};
  condition-unmetered-network = pkgs.callPackage ../pkgs/condition-unmetered-network {};
  units-desktop = pkgs.callPackage ../pkgs/units-desktop.nix {};
--- a/sites/chrysanthemum/configuration.nix
+++ b/sites/chrysanthemum/configuration.nix
@ -4,22 +4,50 @@

  networking.hostName = "chrysanthemum";
  networking.hostId = "6bb591ac";
+  networking.dhcpcd.wait = "background";
+  networking.interfaces.wlan0.wlandev = "iwlwifi0";
+  services.wpa_supplicant.configFile = "/home/audrey/wpa_supplicant.conf";

-  system.stateVersion = "25.04";
+  system.stateVersion = "25.11";
  environment.etc.machine-id.text = "d3d521900f0e11f0af2b9d9b219a1c36\n";

  security.sudo.wheelNeedsPassword = false;
  hardware.opengl.enable = true;
  services.dbus.enable = true;
-  services.accounts-daemon.enable = true;
-  services.consolekit2.enable = true;
-  services.xserver = {
-    enable = true;
-    displayManager.lightdm.enable = true;
-    displayManager.defaultSession = "xfce";
-    desktopManager.xfce = {
-      enable = true;
-    };
-    exportConfiguration = true;
-  };
+  services.seatd.enable = true;
+  boot.extraModulePackages = [ pkgs.freebsd.wifi-firmware-kmod ];
+  users.users.audrey.extraGroups = [
+    "u2f"
+    "seat"
+    "_video"
+  ];
+  # boot.kernelEnvironment."hw.psm.synaptics_support" = "1";
+  boot.kernelEnvironment."compat.linuxkpi.iwlwifi_disable_11ac" = "0";
+  boot.kernelEnvironment."compat.linuxkpi.iwlwifi_11n_disable" = "0";
+  freebsd.rc.conf.kld_list = "i915kms";
+
+  audrey-sway.enable = true;
+  environment.systemPackages = with pkgs; [
+    firefox
+    foot
+    dino
+    fzf
+    (libinput.override { eventGUISupport = true; })
+    util-linuxMinimal
+  ];
+  fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
+  services.powerd.enable = true;
+  hardware.bsdfan.enable = true;
+
+  #services.accounts-daemon.enable = true;
+  #services.consolekit2.enable = true;
+  #services.xserver = {
+  #  enable = true;
+  #  displayManager.lightdm.enable = true;
+  #  displayManager.defaultSession = "xfce";
+  #  desktopManager.xfce = {
+  #    enable = true;
+  #  };
+  #  exportConfiguration = true;
+  #};
 }
--- a/sites/chrysanthemum/hardware-configuration.nix
+++ b/sites/chrysanthemum/hardware-configuration.nix
@ -2,31 +2,36 @@

 {
  fileSystems."/" =
-    { device = "system/local/root";
-      fsType = "zfs";
-    };
-
-  fileSystems."/nix" =
-    { device = "system/local/nix";
+    { device = "system/tier1/root";
      fsType = "zfs";
    };

  fileSystems."/var" =
-    { device = "system/local/var";
+    { device = "system/tier1/var";
      fsType = "zfs";
    };

  fileSystems."/home" =
-    { device = "system/home";
+    { device = "system/tier1/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "system/scratch/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/tmp" =
+    { device = "system/scratch/tmp";
      fsType = "zfs";
    };

  fileSystems."/boot" =
-    { device = "/dev/gpt/ESP";
+    { device = "/dev/nda0p1";
      fsType = "msdos";
    };

-  swapDevices = [ { device = "/dev/gpt/swap"; } ];
+  #swapDevices = [ { device = "/dev/gpt/swap"; } ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-freebsd";
 }
--- a/sites/clove/configuration.nix
+++ b/sites/clove/configuration.nix
@ -1,83 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [ ./hardware-configuration.nix ../../configuration-desktop.nix ];
-
-  boot.initrd.supportedFilesystems = [ "zfs" ];
-  boot.initrd.systemd.enable = true;
-  services.zfs.autoScrub.enable = true;
-  services.zfs.trim.enable = true;
-  # fstrim is also enabled by nixos-hardware, but only runs for /boot
-
-  networking.hostName = "clove";
-  networking.hostId = "e2a6d757";
-
-  time.timeZone = "America/Phoenix";
-
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
-  networking.firewall.allowedUDPPorts = [ 1337 ];
-  systemd.coredump.enable = false;
-
-  system.stateVersion = "25.11";
-
-  environment.systemPackages = [
-    pkgs.racket
-    pkgs.idapro9
-    pkgs.qemu_kvm
-    (pkgs.runCommand "OVMF-fd" {} ''
-      mkdir -p $out/share/FV
-      ln -s ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $out/share/FV/OVMF_CODE.fd
-    '')
-    pkgs.OVMF.fd
-  ];
-
-  services.tailscale = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  #programs.celestegame = {
-  #  enable = true;
-  #  withEverest = true;
-  #  withOlympus = true;
-  #  writableDir = "/var/lib/celeste";
-  #};
-
-  boot.binfmt.emulatedSystems = [
-    "aarch64-linux"
-    "mips-linux"
-    "mipsel-linux"
-    "armv7l-linux"
-  ];
-  boot.binfmt.preferStaticEmulators = true;
-
-  programs.steam.enable = true;
-  programs.steam.gamescopeSession.enable = true;
-  programs.gamescope.enable = true;
-  programs.gamescope.capSysNice = true;
-  services.pulseaudio.support32Bit = true;
-  hardware.graphics.enable32Bit = true;
-
-  virtualisation.libvirtd = {
-    enable = true;
-    qemu.package = pkgs.qemu_kvm;
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  audrey-sway.background = ../../dotfiles/rtfs.jpg;
-
-  services.syncthing-cluster = {
-    enable = true;
-    device = "WB3OPFM-5S7CLM4-PN7JIWE-H66YCFD-7UKW7PE-7KM4CMT-WPQ5BK5-ZFPMQAM";
-    user = "audrey";
-    configDir = "/home/audrey/.config/syncthing";
-    dataDir = "/home/audrey";
-  };
-
-  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.nvidia.open = true;
-  audrey-sway.extraSwayArgs = [ "--unsupported-gpu" ];
-  audrey-sway.suspendTimeout = null;
-}
--- a/sites/clove/hardware-configuration.nix
+++ b/sites/clove/hardware-configuration.nix
@ -1,72 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "clove/tier1/root";
-      fsType = "zfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/66C8-15C6";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  fileSystems."/var" =
-    { device = "clove/tier1/var";
-      fsType = "zfs";
-    };
-
-  fileSystems."/home" =
-    { device = "clove/tier1/home";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/lib/containers" =
-    { device = "clove/tier2/containers";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/log" =
-    { device = "clove/tier2/log";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/spool" =
-    { device = "clove/tier2/spool";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/tmp" =
-    { device = "clove/scratch/tmp";
-      fsType = "zfs";
-    };
-
-  fileSystems."/nix" =
-    { device = "clove/scratch/nix";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/cache" =
-    { device = "clove/scratch/cache";
-      fsType = "zfs";
-    };
-
-  swapDevices = [ {
-    device = "/dev/disk/by-uuid/31ae9d96-d3dc-45e4-9b36-707df8b4f6c2";
-  } ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/sites/clove/system
+++ b/sites/clove/system
@ -1 +0,0 @@
-nixos
--- a/sites/daisy/cert.pem
+++ b/sites/daisy/cert.pem
@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF1zCCA7+gAwIBAgIUKYdQD74Iefk1CyzHvROGC83Hw6IwDQYJKoZIhvcNAQEL
+BQAwezELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk5ldmFkYTESMBAGA1UEBwwJTGFz
+IFZlZ2FzMRMwEQYDVQQKDApTaGVsbHBoaXNoMRUwEwYDVQQLDAxhd29vLnN5c3Rl
+bXMxGzAZBgNVBAMMEmRvY2tlci5zaGVsbC5waGlzaDAeFw0yNTA4MDQxNjI5NDda
+Fw0zNTA4MDIxNjI5NDdaMHsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZOZXZhZGEx
+EjAQBgNVBAcMCUxhcyBWZWdhczETMBEGA1UECgwKU2hlbGxwaGlzaDEVMBMGA1UE
+CwwMYXdvby5zeXN0ZW1zMRswGQYDVQQDDBJkb2NrZXIuc2hlbGwucGhpc2gwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDyVMA3TRVo52CNfmo4KCEF1UXR
+km3z2fezjsbjEOCeMTsirkFp71g4Cvj4RPCrIASq1DVXkOI6ZaU2OEfm15TcY0Q1
+DG8/zvjVFTOGGNqfCyz+DUSr3qweeAijyLMygjTvK1LrCUJ1daYTdr9es1Qd29dV
+Z2QxWy9+BOpz9oCs8ph+SUCVSfqn11mJ7btgSN9EU8K8f7vhm4PHpruaIJzXh6l0
+tl3wLvXbG8QW1Ms95oBCxiGFKxhAOhGQYlWkODJuh9nF+K/erXv/gmC9Xth/mbL9
+fRJpW+gPK79bhdSTPf9qLmanesRh7ZYxqDW/b7a1moR1u/MNqn4evm0muiz+cb/4
+e6PaRQfwD21dS4FNiJRWtUgSSa0qV7UdvFXvRIev/1f6jbeP0NB6txRxfRwf7cHQ
+ceWIMZgfLeGXjS1VUFnyvEL2iRgFE86YVgaYd6TIafN2tcKBb5CBJCZkkP2BBk17
+NJ/S4h1H0w9u9yyfSz8kvrFf8KMGreRsZGdq776ajI1RNye+kdOQdu8UVN/W2ewu
+E7vBw6NdDRuYGZ/pCULaXgdabiEYnzuwD5k9AKAeArWVDltSk8pS0gv8cI1MXt8J
+TBcSEal5SPwjQNVjahghc3ASydkGN31U0roXuV8+5CjTxfzE6vVsQ2PdF9cSEVHT
+kO6uIlMF7UKlytz2TwIDAQABo1MwUTAdBgNVHQ4EFgQUfMaBc83sxwCnJEeS893N
+hpFQF5gwHwYDVR0jBBgwFoAUfMaBc83sxwCnJEeS893NhpFQF5gwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATt+MoCjOJ7MlgfX/vvgrnjp9RCwY
+ltjg1n2sFzObJN0FpukFYLUdLXNj7YI34qL30FRjVDbEw3Q7ciXDPafqkzu/fMDd
+/QkOnkIPa7oQ1qHGTODN/a3/sDkGcf7Mf1KV2B3QovybhRjB+N35C2zDA6V4TWik
+AKXfqdJJEcSaG9yv1Kp4wmHvEOI0jruK2dks+46Ulw1eGk5xOHtRElfVfvO0LwGz
+8vvv+6WNoBNMw9inzwmEQALvVooWdh4cJnkUIWlSPI2n091dtU57rzvsAnPtV/sW
+Xvn9ZpRxw9vyKUBkWLLQAUbdn+XDM8XXi7zRGaY8b9LKWoNA2PGltpteCYck9za0
+a/F5Jt3f78d/vug/6Q0U2SiWNbqL9pzMX8gLIOuTqw6Rx6W32VY6WT418WqWjfsG
+iySaMbJ+P+EpIFn57UvKV5CgdDFroBLnS1YpYNpZAJJubpJLVyMxQMhb47K5vU6s
+YpsRm96kC0cZvP4J7+xpVilbzIqIHoV1foz0eRhCcS9bY+p22oLQY0EQ2joMnMnq
+VvffPBaIWMkx6hoSaoQl7nhksu1UQrzomGJfOEK+jGkRbo1QI/qz38EuvlUfSayu
+ONbCx7j+x++DyxvIQ9JEuu+cC76CNWjiDU0xFUhURrlS3t5AGe0+2ZBjcxWeX7jF
+iwbYVRB2xqWwxek=
+-----END CERTIFICATE-----
--- a/sites/daisy/configuration.nix
+++ b/sites/daisy/configuration.nix
@ -25,9 +25,9 @@
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
  networking.firewall.allowedUDPPorts = [ 1337 ];
-  systemd.coredump.enable = false;

  system.stateVersion = "24.11";
+  #services.immich.enable = true;

  hardware.ipu6 = {
    enable = true;
--- a/sites/daisy/key.pem
+++ b/sites/daisy/key.pem
@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDyVMA3TRVo52CN
+fmo4KCEF1UXRkm3z2fezjsbjEOCeMTsirkFp71g4Cvj4RPCrIASq1DVXkOI6ZaU2
+OEfm15TcY0Q1DG8/zvjVFTOGGNqfCyz+DUSr3qweeAijyLMygjTvK1LrCUJ1daYT
+dr9es1Qd29dVZ2QxWy9+BOpz9oCs8ph+SUCVSfqn11mJ7btgSN9EU8K8f7vhm4PH
+pruaIJzXh6l0tl3wLvXbG8QW1Ms95oBCxiGFKxhAOhGQYlWkODJuh9nF+K/erXv/
+gmC9Xth/mbL9fRJpW+gPK79bhdSTPf9qLmanesRh7ZYxqDW/b7a1moR1u/MNqn4e
+vm0muiz+cb/4e6PaRQfwD21dS4FNiJRWtUgSSa0qV7UdvFXvRIev/1f6jbeP0NB6
+txRxfRwf7cHQceWIMZgfLeGXjS1VUFnyvEL2iRgFE86YVgaYd6TIafN2tcKBb5CB
+JCZkkP2BBk17NJ/S4h1H0w9u9yyfSz8kvrFf8KMGreRsZGdq776ajI1RNye+kdOQ
+du8UVN/W2ewuE7vBw6NdDRuYGZ/pCULaXgdabiEYnzuwD5k9AKAeArWVDltSk8pS
+0gv8cI1MXt8JTBcSEal5SPwjQNVjahghc3ASydkGN31U0roXuV8+5CjTxfzE6vVs
+Q2PdF9cSEVHTkO6uIlMF7UKlytz2TwIDAQABAoICACrgMug188lNUuiGCu4nr3wU
+OZe0dE7WbHyxEOCBDnT+2esvcLR5HB9CVb27mOd2MU02Yb++C0Dw1hPrTlF6KET8
+LUfDjPV5vc4Zw7WAtUG5nPrQRyuvqL11WHX+HzKbFhmRDUk3qLIWoE1GT+LGEOZ9
+jLJ4KiKPcy41WXQuE6NGAxQpCsu/PKGwuQ9t6B7HlfVFaqmmYgwvU1giWIQTLBz4
+TFOxpppF/MsJNR8jBFjN7TijTK/+qXpHq+7jbyqwpL+ouq/L6fYYtN1G6K3o155w
+B9rQ486Pa9YvU9qyKaPprsTPM+uDDbcT7eSYUfYuomGsVq5sFDuBRHJVGAPnoekE
+ybrHST0MBwMqt3IUzNTfoNkO+/JKlEdAIMvmTkZERgw1yLokNUHlvoWSdiKkbpp
+ZsFpsS6nLucaUg2YxKRBkUFNXIwmO9RcCrax0putRkLeW+iYDd/1HyD8xyCpBLyG
+v/e0uUepx2i/T096YBNLrIj95Lqh1rdGOXmN2b98vEJhgZN0FCmmlIiMbYXYlrpQ
+8+6yNjpc36fFa0Af2xtv0RwULj1pEVI2QjTJCecKk9rjYBVOM8gp6xVpjy538+Zy
+yvkhKchILT4fZq8wXD8LBnFuFRjpgFQnHbN46J++y4+o0t8Kfjq+v8ttuCXLLkks
+LVCUu7GAWjejxWdQ0t/xAoIBAQD8MNQ2U6BzlVmTKjLhl9HrJd1zFEDVFDRseJjs
+YIfknIAtZMP12F810QQD0MMFisge8iDy+pm5K1GrauL5yKQUPExszFHLx9SyL4Ui
+TtsfWwHXFRged4+HS0RAqTCYpdfsKbnAYfpJCw99H1x0E6mcz2DBKS7vlO6gqhCL
+SkKwBtoXzh8IX8JpFI6blHGIZNdKF00a7iavG8ct7awHxZ5fhENnxz0QF/RCSXrG
+DIWJFC/Sa+iOq5YKQ9BjrVEsm2BwSfdD7DO1mrBYFutRz99aaACXnDnRscYPQw1G
+Et71wWE3qtkObMzIJhoEoS8gghRTpwW2/g8mueMpiFe61W6/AoIBAQD1/cvmSlGQ
+9S6mDpbSOo8r3kbcdj/Apv7rY18Ais8kynOADqlCbS3svWSL8h6tkD1SsA1ypsrq
+4n3ko5c/7IjqqRgeFE9ZNAFFTiqrbSw7W2EdH3/OtUJQUehu335Yl3mDqMu86874
+iGaHMQSfCRI2Cl7xbbseoZo7r0OiBhb8ERjTl8cJfVud9nO+oS267VyremmvDgmT
+c/SPiMJaFdQKy9l8c+VC89eTXnmzPeBERhmWhLdX9L4k+pjNtaSP2bc9W05pMzy4
+ST1XcyRT7ab1uaI7gs0RQApPrvUQuts2XnAr+mZ4K/xlvKxBQ7vEtNrkb4UunLt2
+ORZyD+AiMexxAoIBAByMfomD4AcVoiVJwqbNJANlrvMHGOvGNMUOxekEaH3VxaDd
+5l0fWG/kMHsqF9m5wzvVlytKeTqAD+fC2t0B/KkZxmEOpDfYcFiXjo+6s42SJNwv
+VCKm0EW1nI1hWdH9/DqM4q1Hqii4qtE0SqgNTcclpsNXISwYBQeFGQhbqL76l5fY
+SqUNChoRLK+qF0wkdka56o2g5houn9awMChVE7+mXmcSI/R9cbZLUS24XymMcnl0
+o8f63qpc0OtnxGezUzCC/w3eYGAvmcTvG0aQrK00VtTS56y4Xj5+DbOgEUNq19GQ
+cq/yWyBRR+K8SHR6pUhvAPOdQSPWKUQbXisVXEsCggEBAPP6woZphdb5Z0gqRirD
+DAedkbjNy9Ofjk0XJT3bbzJ1XfNQF06cDSW2fwhSn1zUKA5gMSZbCf3HoMfp/XTY
+fMAJ8LK8wCqgavY7XhTi1jEVJBAHkvMJUnlpk9iL8LubmVkdTN3XIFPerZo+4u99
+xsM0rBBXHnV2IQw7fCAyXA+sQWx0KGRgIkNdElWrdTjmfbhSVIncqWDHbHQEV4eU
+CNigcNh/9o7eXR18YcaGg24T/QMOJO6m/wScTHwTQeGvNZA0hGPQ/tNlSOL4f7qC
+hstHUAIobI5EbzWzOLtcKVoWdrkXxRRBxDd/13Vv4cdq/YP+nCCsMT5DxuBgoJQp
+4fECggEAc0joAOCppQsqi0+MYtnz+sLnN0LkedI4Pc+BrFgZe+pa0gOuz816Xf6R
+nJEuRo1DcbyOZ0/DldQdoMFd9c6kmFO2WIHJ4JsZXDRCZWFGIeakVQyepbB2J0n9
+dqSL7+o3nTtYtIbVbhIwQi0FGSLNIzyKycms0rxG4Rz3B9dzk+NEdrBYdCV/eiVo
+DHAnokgLTRKyINMiUreB/QUxg+4TOarXBJJPhqEQjHgVXXRhQzk4EH3EsU6wjFSo
+/q0J2vQ1CJJDM0YKV4izWSCjvpd6MuMPyHBCOVqWpMy3cOwzRGTO0asaG43GK1H3
+VkJw2xvYBO477ta66id4RDUBBXXzQQ==
+-----END PRIVATE KEY-----
--- a/sites/hydrangea/configuration.nix
+++ b/sites/hydrangea/configuration.nix
@ -37,15 +37,10 @@

  services.nginx = {
    enable = true;
-    additionalModules = [
-      pkgs.nginxModules.rtmp
-    ];
-
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    clientMaxBodySize = "10g";

    virtualHosts = {
      "home.rhelmot.io" = {
@ -90,55 +85,8 @@
          proxyWebsockets = true;
        };
      };
-      "sftpgo.home.rhelmot.io" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:3006";
-          proxyWebsockets = true;
    };
  };
-      "jellyfin.home.rhelmot.io" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:8096";
-          proxyWebsockets = true;
-        };
-      };
-      # "owncast.home.rhelmot.io" = {
-      #   enableACME = true;
-      #   forceSSL = true;
-      #   locations."/" = {
-      #     proxyPass = "http://127.0.0.1:3007";
-      #     proxyWebsockets = true;
-      #   };
-      # };
-      "127.0.0.1:1934" = {
-        listen = [{ addr = "127.0.0.1"; port = 1934; ssl = false; }];
-        locations."/" = {
-          root = "/var/www/stream/";
-          tryFiles = "/$arg_name =404";
-        };
-      };
-    };
-
-    appendConfig = ''
-      rtmp {
-        server {
-          listen 1935;
-          chunk_size 4000;
-          application live {
-            live on;
-            allow publish all;
-            allow play all;
-            notify_method get;
-            on_publish http://127.0.0.1:1934/;
-          }
-        }
-      }
-    '';
-  };

  services.vaultwarden = {
    enable = true;
@ -180,14 +128,6 @@
    settings = {
      newVersionCheck.enabled = false;
      server.externalDomain = "https://immich.home.rhelmot.io";
-      oauth = {
-        enabled = true;
-        autoLaunch = true;
-        buttonText = "Single Sign-On";
-        clientId = "immich";
-        clientSecret._secret = "/var/lib/immich/oidc-client-secret";
-        issuerUrl = "https://auth.rhelmot.io/realms/rhelmot";
-      };
    };
  };

@ -254,65 +194,12 @@
    settings.gui.user = "audrey";
  };

-  services.sftpgo = {
-    enable = true;
-    dataDir = "/var/lib/sftpgo";
-    extraReadWriteDirs = [
-      "/var/lib/jellyfin/library"
-    ];
-    settings = {
-      tz = "local";
-      httpd.bindings = [{
-        port = 3006;
-        # 1 means OIDC for the WebAdmin UI.
-        # 2 means OIDC for the WebClient UI.
-        # 4 means login form for the WebAdmin UI.
-        # 8 means login form for the WebClient UI.
-        # 16 means the admin token endpoint for REST API.
-        # 32 means the user token endpoint for REST API.
-        # 64 means admin API key login.
-        # 128 means user API key login.
-        disabled_login_methods = 1 + 8;
-        oidc = {
-          config_url = "https://auth.rhelmot.io/realms/rhelmot";
-          client_id = "sftpgo";
-          client_secret_file = "/var/lib/sftpgo/oidc-client-secret";
-          redirect_base_url = "https://sftpgo.home.rhelmot.io";
-          username_field = "preferred_username";
-          scopes = [
-            "openid"
-            "profile"
-            "email"
-            "sftpgo"
-          ];
-        };
-      }];
-      sftpd.bindings = [{
-        port = 28022;
-        address = "0.0.0.0";
-      }];
-      sftpd.password_authentication = false;
-    };
-  };
-
-  services.jellyfin = {
-    enable = true;
-  };
-
-  # services.owncast = {
-  #   enable = true;
-  #   port = 3007;
-  #   rtmp-port = 1935;
-  # };
-
  # TODO
+  # - sftpgo
  # - transfer old nextcloud files
-  # - move old data files to sftpgo/audrey?
-  # - alerting
+  # - jellyfin
  # ON HOLD
  # - dyndns
  #   - https://github.com/qdm12/ddns-updater/pull/1046
  #   - https://github.com/ddclient/ddclient/pull/852
-  # - hedgedoc keycloak
-  #   - waiting for hedgedoc2 release to get oidc
 }
--- a/sites/hydrangea/hardware-configuration.nix
+++ b/sites/hydrangea/hardware-configuration.nix
@ -21,8 +21,6 @@
    "main/hedgedoc".mountPoint = "/var/lib/hedgedoc";
    "main/immich".mountPoint = "/var/lib/immich";
    "main/syncthing".mountPoint = "/var/lib/syncthing";
-    "main/jellyfin".mountPoint = "/var/lib/jellyfin";
-    "main/jellyfin-cache".mountPoint = "/var/cache/jellyfin";
  };

  fileSystems."/boot" = {
--- a/sites/sunflower/configuration.nix
+++ b/sites/sunflower/configuration.nix
@ -102,14 +102,12 @@
      "mspa"
      "wiki-js"
      "forgejo"
-      "keycloak"
    ];
    ensureUsers = [
      { name = "bingosync"; ensureDBOwnership = true; }
      { name = "mspa"; ensureDBOwnership = true; }
      { name = "wiki-js"; ensureDBOwnership = true; }
      { name = "forgejo"; ensureDBOwnership = true; }
-      { name = "keycloak"; ensureDBOwnership = true; }
    ];
    authentication = pkgs.lib.mkOverride 10 ''
      #type database  DBuser  auth-method optional_ident_map
@ -123,7 +121,6 @@
       defaultmap      bingosync bingosync
       defaultmap      wiki-js   wiki-js
       defaultmap      forgejo   forgejo
-       defaultmap      keycloak  keycloak
    '';
  };

@ -252,6 +249,8 @@
          proxyPass = "http://192.168.100.11:3000";
          proxyWebsockets = true;
          recommendedProxySettings = true;
+          extraConfig = ''
+          '';
        };
      };
      "anons.ee" = {
@ -261,14 +260,8 @@
          proxyPass = "http://192.168.100.11:3000";
          proxyWebsockets = true;
          recommendedProxySettings = true;
-        };
-      };
-      "auth.rhelmot.io" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:3030";
-          proxyWebsockets = true;
+          extraConfig = ''
+          '';
        };
      };
    };
@ -299,22 +292,4 @@
    config.imports = [ ./anonsee.nix ];
  };
  services.nginx.logError = "stderr info";
-
-  services.keycloak = {
-    enable = true;
-    database.host = "/run/postgresql";
-    database.type = "postgresql";
-    initialAdminPassword = "bitesyouchangeme";
-    plugins = with pkgs.keycloak.plugins; [
-      junixsocket-common
-      junixsocket-native-common
-    ];
-    settings = {
-      hostname = "auth.rhelmot.io";
-      http-host = "127.0.0.1";
-      http-port = 3030;
-      proxy-headers = "xforwarded";
-      http-enabled = true;
-    };
-  };
 }
Author	SHA1	Message	Date
Audrey	79f6995431	bump	2026-03-06 14:08:25 -07:00
Audrey	32301ed3d6	augh	2026-03-06 00:13:14 -07:00
Audrey	bc4205d3ee	oh there we go	2026-03-06 05:47:42 +00:00
Audrey	9fb72416ca	almost there	2026-03-05 22:29:29 -07:00
Audrey	7cf36bd2b5	rg good	2026-03-03 16:29:36 -07:00
Audrey	4a2f311176	more chrysanthemum	2026-03-01 21:12:54 -07:00
Audrey	32f224b494	oops	2026-02-25 05:12:58 -07:00
Audrey	52c8c73d9d	what	2026-02-25 05:09:19 -07:00
Audrey	ac0a851962	chrysanthemum attempt	2026-02-24 09:16:33 -07:00
				`@ -1 +0,0 @@`
				`WB3OPFM-5S7CLM4-PN7JIWE-H66YCFD-7UKW7PE-7KM4CMT-WPQ5BK5-ZFPMQAM`