Shell config refactor

README.md

@@ -45,9 +45,9 @@ Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bl
 
 ### Updating mastodon
 ```sh
-eval "$(nix build --impure --expr 'let pkgs = import <nixpkgs> { }; in pkgs.callPackage ./update.nix {}' --no-link --print-out-paths)/bin/update.sh --ver <commit hash>"
+cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>
 ```
 
 ## Reference configs used
   - https://github.com/Xe/nixos-configs
-  - https://git.nora.codes/nora/nixconfig
+  - https://git.nora.codes/nora/nixconfig

common/default.nix

@@ -42,6 +42,7 @@
     du-dust
     git
     imagemagick
+    jq
     killall
     mtr
     openssl
@@ -51,6 +52,15 @@
     xclip
   ];
 
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    banner = ''
+      Hello mistress ^,,^
+    '';
+    settings.PasswordAuthentication = false;
+  };
+
   # 🥺
   # security.please.enable = true;
 

common/fragments/graphical/audio.nix

@@ -21,7 +21,7 @@
     serviceConfig = {
       ExecStart = "${pkgs.noisetorch}/bin/noisetorch -i -s ${
           if config.networking.hostName == "tears" then
-            "alsa_input.usb-BEHRINGER_UMC202HD_192k-00.HiFi__umc202hd_mono_in_U192k_0_0__source"
+            "UMC202HD_Left"
           else
             "alsa_input.pci-0000_00_1f.3.analog-stereo"
         }";
@@ -37,7 +37,7 @@
 
   home-manager.users.agatha = {
     services.easyeffects = {
-      enable = true;
+      enable = false;
       preset = "DT-770-flat-eq";
     };
 

common/fragments/graphical/default.nix

@@ -49,17 +49,19 @@
     gnome.nautilus
     gnome.totem
     hyperfine
+    just
     magic-wormhole
     neofetch
     nil
     nitrogen
     nmap
     obs-studio
-    unstable.obsidian
+    obsidian
     pfetch
     polybar-spotify
     pridefetch
     prismlauncher
+    rink
     rofi-calc
     rofimoji
     speechd
@@ -70,6 +72,9 @@
     yubioath-flutter
   ];
 
+  # blame Obsidian
+  nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
+
   # Brightness/volume keys
   users.users.agatha.extraGroups = [ "video" ];
 
@@ -134,11 +139,6 @@
       <Multi_key> <m><s> : "/html <span data-mx-spoiler=\"\"></span>"
     '';
 
-    # Fix for apps that expect fonts in the usual location
-    home.file.".local/share/fonts".source =
-      config.home-manager.users.agatha.lib.file.mkOutOfStoreSymlink
-      "/run/current-system/sw/share/X11/fonts";
-
     programs.direnv.enable = true;
     home.sessionVariables = { "DIRENV_LOG_FORMAT" = ""; };
 
@@ -203,22 +203,20 @@
   xdg = {
     portal = {
       enable = true;
-      extraPortals = with pkgs; [
-        xdg-desktop-portal-wlr
-        xdg-desktop-portal-gtk
-      ];
+      config.common.default = "*";
       wlr.enable = true;
     };
   };
 
   fonts.fontconfig.enable = true;
   fonts.fontDir.enable = true;
-  fonts.fonts = with pkgs; [
+  fonts.packages = with pkgs; [
     (nerdfonts.override { fonts = [ "DaddyTimeMono" "NerdFontsSymbolsOnly" ]; })
     cantarell-fonts
     cm_unicode
     corefonts
     crimson
+    crimson-pro
     dejavu_fonts
     fira-code
     fira-code-symbols

common/fragments/graphical/iosevka.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{
   # Iosevka Gothic
   nixpkgs.overlays = [
     (final: prev: {
@@ -25,24 +25,24 @@
           capital-h = "serifed"
           capital-i = "serifed"
           capital-q = "crossing"
-          capital-r = "standing"
+          capital-r = "standing-serifed"
           f = "tailed"
           l = "tailed-serifed"
           z = "cursive"
           long-s = "bent-hook-tailed"
-          eszet = "sulzbacher-descending"
-          lower-mu = "tailed"
+          eszet = "sulzbacher-descending-serifless"
+          lower-mu = "tailed-serifed"
           lower-xi = "flat-top"
           three = "flat-top"
           six = "straight-bar"
-          asterisk = "flip-penta-high"
+          asterisk = "turn-penta-high"
           pilcrow = "high"
           caret = "medium"
           paren = "normal"
           brace = "curly-flat-boundary"
           number-sign = "upright"
           ampersand = "closed"
-          at = "short"
+          at = "compact"
           lig-ltgteq = "slanted"
           ascii-single-quote = "raised-comma"
           ascii-grave = "straight"

common/fragments/graphical/lockscreen.nix

@@ -3,7 +3,6 @@
     # Lockscreen
     services.betterlockscreen = {
       enable = true;
-      package = pkgs.unstable.betterlockscreen;
       arguments = [ "dimblur" ];
     };
 

common/fragments/graphical/polybar.nix

@@ -188,7 +188,8 @@
           format-prefix-foreground = "\${colors.foreground-alt}";
 
           label = ''
-            %{A3:${pkgs.dunst}/bin/dunstify ' Calendar' "$(${pkgs.util-linux}/bin/cal --color=always | ${pkgs.gnused}/bin/sed "s#\\x1b\\[7m#<b>#;s#\\x1b\\[27m#</b>#g")​":}%date%%{A} %time%'';
+            %{A3:${pkgs.dunst}/bin/dunstify ' Calendar' "$(${pkgs.util-linux}/bin/cal --color=always | ${pkgs.sd}/bin/sd '\\x1b\[7m' '<b>' | ${pkgs.sd}/bin/sd '\\x1b\[0m' '</b>')":}%date%%{A} %time%
+          '';
         };
 
         "module/filesystem" = {

common/fragments/graphical/spotify.nix

@@ -1,6 +1,7 @@
 { pkgs, ... }: {
   programs.spicetify = with pkgs.spicetify-pkgs; {
     enable = true;
+    spicetifyPackage = pkgs.unstable.spicetify-cli;
 
     enabledExtensions = with extensions; [ shuffle ];
     enabledCustomApps = with apps; [ marketplace lyrics-plus ];

common/fragments/mastodon.nix

@@ -9,6 +9,7 @@
     smtp.fromAddress = "noreply@technogothic.net";
     smtp.createLocally = false;
     database.passwordFile = "/var/lib/mastodon/secrets/db-password";
+    streamingProcesses = 4;
     elasticsearch = {
       host = "127.0.0.1";
       inherit (config.services.elasticsearch) port;

common/fragments/restic.nix

@@ -1,7 +1,4 @@
-{ config, pkgs, ... }: {
-  nixpkgs.overlays = [ (final: prev: { restic = pkgs.unstable.restic; }) ];
-
-  environment.systemPackages = [ pkgs.restic ];
+{ config, ... }: {
   services.restic.backups.${config.networking.hostName} = {
     initialize = true;
 

common/home_manager/common.nix

@@ -10,14 +10,12 @@
       bat
       btop
       choose
-      exa
+      eza
       fd
       fzf
       gnupg
       ouch
       ripgrep
-      tealdeer
-      zoxide
     ];
 
     programs = {
@@ -114,6 +112,14 @@
             };
           }
         ];
+        shellAliases = {
+          ls = "eza -lFhT --group-directories-first --level 1";
+          cat = "bat";
+          ip = "ip -color=always";
+          youtube-dl-audio = ''
+            yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
+          rsync = "rsync -az --partial --info=progress2";
+        };
         functions = {
           expand-dot-to-parent-directory-path = ''
             # expand ... to ../.. etc
@@ -154,12 +160,6 @@
             fish_add_path -a (ruby -e 'print Gem.user_dir')/bin
           end
 
-          # Aliases
-          alias cat bat
-          alias ip 'ip -color=always'
-          alias youtube-dl-audio 'yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'
-          alias rsync 'rsync -az --partial --info=progress2'
-
           bind . 'expand-dot-to-parent-directory-path'
 
           if test -d ~/.gnupg
@@ -170,15 +170,17 @@
             gpg-connect-agent updatestartuptty /bye > /dev/null
           end
         '';
-        interactiveShellInit = ''
-          if type -q exa
-              alias ls 'exa -lFhT --group-directories-first --level 1'
-          end
+      };
 
-          if type -q zoxide
-              zoxide init --cmd v fish | source
-          end
-        '';
+      tealdeer = {
+        enable = true;
+        settings = { updates.auto_update = true; };
+      };
+
+      zoxide = {
+        enable = true;
+        enableFishIntegration = true;
+        options = [ "--cmd v" ];
       };
 
       command-not-found.enable = false;

common/pkgs/bspm.nix

@@ -10,7 +10,7 @@ pkgs.buildGoModule rec {
     sha256 = "sha256-ocnvTUANmJ6186Dktr5GaotbkZKZymKiIHICgTIRtjc=";
   };
 
-  vendorSha256 = "sha256-Oj6i4/K0LAubu2aSoXcC6bZtTp8/N0cbvG+KWjA5/nw=";
+  vendorHash = "sha256-Oj6i4/K0LAubu2aSoXcC6bZtTp8/N0cbvG+KWjA5/nw=";
 
   doCheck = false;
 

common/pkgs/mastodon/default.nix

@@ -1,26 +1,21 @@
-{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv
-, nixosTests, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0
-, writeShellScript, fetchYarnDeps, fixup_yarn_lock, brotli
-
+{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn, callPackage
+, imagemagick, ffmpeg, file, ruby, writeShellScript, fetchYarnDeps
+, fixup_yarn_lock, brotli
 # Allow building a fork or custom version of Mastodon:
-, pname ? "mastodon", version ? import ./version.nix, srcOverride ? null
-, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
-}:
+, pname ? "mastodon", version ? srcOverride.version, patches ? [ ]
+  # src is a package
+, srcOverride ? callPackage ./source.nix { inherit patches; }
+, gemset ? ./. + "/gemset.nix", yarnHash ? srcOverride.yarnHash }:
 
 stdenv.mkDerivation rec {
   inherit pname version;
 
-  # Using overrideAttrs on src does not build the gems and modules with the overridden src.
-  # Putting the callPackage up in the arguments list also does not work.
-  src =
-    if srcOverride != null then srcOverride else callPackage ./source.nix { };
+  src = srcOverride;
 
   mastodonGems = bundlerEnv {
     name = "${pname}-gems-${version}";
-    inherit version;
-    ruby = ruby_3_0;
+    inherit version gemset ruby;
     gemdir = src;
-    gemset = dependenciesDir + "/gemset.nix";
     # This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
     # symlinks with directories, resolving this error when running rake:
     #   /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
@@ -41,7 +36,7 @@ stdenv.mkDerivation rec {
 
     yarnOfflineCache = fetchYarnDeps {
       yarnLock = "${src}/yarn.lock";
-      sha256 = "sha256-WsPNqV1PC2YjL37qnWfRTj8LaIBUI7+C0cWTfFd7HGo=";
+      hash = yarnHash;
     };
 
     nativeBuildInputs = [
@@ -57,6 +52,8 @@ stdenv.mkDerivation rec {
     NODE_ENV = "production";
 
     buildPhase = ''
+      runHook preBuild
+
       export HOME=$PWD
       # This option is needed for openssl-3 compatibility
       # Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
@@ -84,13 +81,19 @@ stdenv.mkDerivation rec {
       brotli --best --keep ~/public/packs/report.html
       find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
         -exec brotli --best --keep {} ';'
+
+      runHook postBuild
     '';
 
     installPhase = ''
+      runHook preInstall
+
       mkdir -p $out/public
       cp -r node_modules $out/node_modules
       cp -r public/assets $out/public
       cp -r public/packs $out/public
+
+      runHook postInstall
     '';
   };
 
@@ -98,6 +101,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ mastodonGems nodejs-slim ];
 
   buildPhase = ''
+    runHook preBuild
+
     ln -s $mastodonModules/node_modules node_modules
     ln -s $mastodonModules/public/assets public/assets
     ln -s $mastodonModules/public/packs public/packs
@@ -130,6 +135,8 @@ stdenv.mkDerivation rec {
     rm -rf log
     ln -s /var/log/mastodon log
     ln -s /tmp tmp
+
+    runHook postBuild
   '';
 
   installPhase = let
@@ -138,14 +145,19 @@ stdenv.mkDerivation rec {
       ${nodejs-slim}/bin/node ./streaming
     '';
   in ''
+    runHook preInstall
+
     mkdir -p $out
     cp -r * $out/
     ln -s ${run-streaming} $out/run-streaming.sh
+
+    runHook postInstall
   '';
 
   passthru = {
     tests.mastodon = nixosTests.mastodon;
-    updateScript = callPackage ./update.nix { };
+    # run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
+    updateScript = ./update.sh;
   };
 
   meta = with lib; {

common/pkgs/mastodon/source.nix

@@ -1,11 +1,18 @@
 # This file was generated by pkgs.mastodon.updateScript.
-{ fetchgit, applyPatches }: let
-  src = fetchgit {
-    url = "https://github.com/AgathaSorceress/mastodon.git";
-    rev = "8fbaf6711d6d33de2fcc62888a7109993a5c8f24";
-    sha256 = "1y2lv9fib3rasqdd1b7xi9q1chsk2d98hm3lmgg9grsy4f0nwn81";
-  };
-in applyPatches {
-  inherit src;
-  patches = [];
+{ fetchFromGitHub, applyPatches, patches ? [] }:
+let
+  version = "8fbaf6711d6d33de2fcc62888a7109993a5c8f24";
+in
+(
+  applyPatches {
+    src = fetchFromGitHub {
+      owner = "AgathaSorceress";
+      repo = "mastodon";
+      rev = "${version}";
+      hash = "sha256-AVlugSNe55feq3RUiFITU0MWcIr9rNAa1iqPFV3aVPg=";
+    };
+    patches = patches ++ [];
+  }) // {
+  inherit version;
+  yarnHash = "sha256-WsPNqV1PC2YjL37qnWfRTj8LaIBUI7+C0cWTfFd7HGo=";
 }

common/pkgs/mastodon/update.nix

@@ -1,27 +0,0 @@
-{ pkgs }:
-let
-  binPath = with pkgs;
-    lib.makeBinPath [
-      yarn2nix
-      bundix
-      coreutils
-      diffutils
-      nix-prefetch-git
-      gnused
-      jq
-    ];
-in pkgs.runCommand "mastodon-update-script" {
-  nativeBuildInputs = [ pkgs.makeWrapper ];
-
-  meta = {
-    maintainers = with pkgs.lib.maintainers; [ happy-river ];
-    description =
-      "Utility to generate Nix expressions for Mastodon's dependencies";
-    platforms = pkgs.lib.platforms.unix;
-  };
-} ''
-  mkdir -p $out/bin
-  cp ${./update.sh} $out/bin/update.sh
-  patchShebangs $out/bin/update.sh
-  wrapProgram $out/bin/update.sh --prefix PATH : ${binPath}
-''

common/pkgs/mastodon/update.sh

@@ -1,20 +1,22 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
 set -e
 
-URL=https://github.com/AgathaSorceress/mastodon.git
+OWNER=mastodon
+REPO=mastodon
 
 POSITIONAL=()
 while [[ $# -gt 0 ]]; do
     key="$1"
 
     case $key in
-        --url)
-            URL="$2"
+        --owner)
+            OWNER="$2"
             shift # past argument
             shift # past value
             ;;
-        --ver)
-            VERSION="$2"
+        --repo)
+            REPO="$2"
             shift # past argument
             shift # past value
             ;;
@@ -35,29 +37,21 @@ while [[ $# -gt 0 ]]; do
     esac
 done
 
-if [[ -z "$VERSION" || -n "$POSITIONAL" ]]; then
-    echo "Usage: update.sh [--url URL] --ver VERSION [--rev REVISION] [--patches PATCHES]"
-    echo "URL may be any path acceptable to 'git clone' and VERSION the"
-    echo "semantic version number.  If VERSION is not a revision acceptable to"
-    echo "'git checkout', you must provide one in REVISION.  If URL is not"
-    echo "provided, it defaults to https://github.com/mastodon/mastodon.git."
-    echo "PATCHES, if provided, should be one or more Nix expressions"
-    echo "separated by spaces."
+if [[ -n "$POSITIONAL" ]]; then
+    echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--rev REVISION] [--patches PATCHES]"
+    echo "OWNER and REPO must be paths on github."
+    echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
+    echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
     exit 1
 fi
 
-if [[ -z "$REVISION" ]]; then
-    REVISION="$VERSION"
-fi
-
-rm -f gemset.nix version.nix source.nix
-TARGET_DIR="$PWD"
-
+rm -f gemset.nix source.nix
+cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
 
 WORK_DIR=$(mktemp -d)
 
 # Check that working directory was created.
-if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
+if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
     echo "Could not create temporary directory"
     exit 1
 fi
@@ -70,29 +64,37 @@ function cleanup {
 }
 trap cleanup EXIT
 
-echo "Fetching source code $REVISION from $URL"
-JSON=$(nix-prefetch-git --url "$URL" --rev "$REVISION"  2> $WORK_DIR/nix-prefetch-git.out)
-SHA=$(echo $JSON | jq -r .sha256)
-FETCHED_SOURCE_DIR=$(grep '^path is' $WORK_DIR/nix-prefetch-git.out | sed 's/^path is //')
-
-echo "Creating version.nix"
-echo \"$VERSION\" | sed 's/^"v/"/' > version.nix
+echo "Fetching source code $REVISION"
+JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
+HASH=$(echo "$JSON" | jq -r .hash)
 
 cat > source.nix << EOF
 # This file was generated by pkgs.mastodon.updateScript.
-{ fetchgit, applyPatches }: let
-  src = fetchgit {
-    url = "$URL";
-    rev = "$REVISION";
-    sha256 = "$SHA";
-  };
-in applyPatches {
-  inherit src;
-  patches = [$PATCHES];
+{ fetchFromGitHub, applyPatches, patches ? [] }:
+let
+  version = "$REVISION";
+in
+(
+  applyPatches {
+    src = fetchFromGitHub {
+      owner = "$OWNER";
+      repo = "$REPO";
+      rev = "\${version}";
+      hash = "$HASH";
+    };
+    patches = patches ++ [$PATCHES];
+  }) // {
+  inherit version;
+  yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
 }
 EOF
 SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
 
 echo "Creating gemset.nix"
 bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
-echo "" >> $TARGET_DIR/gemset.nix  # Create trailing newline to please EditorConfig checks
+echo "" >> gemset.nix  # Create trailing newline to please EditorConfig checks
+
+echo "Creating yarn-hash.nix"
+YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
+YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
+sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix

common/pkgs/mastodon/version.nix

@@ -1 +0,0 @@
-"8fbaf6711d6d33de2fcc62888a7109993a5c8f24"

flake.lock

@@ -53,11 +53,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1696800008,
-        "narHash": "sha256-dQ2Xf1K5qH18J7h3pzx4ffp6n1nwN+2L8jv6OBXPLzQ=",
+        "lastModified": 1700940986,
+        "narHash": "sha256-+7eo8Y0YkuQeGDIHtEGPpoJQNGSxpzkg4UPR63xJiss=",
         "owner": "AgathaSorceress",
         "repo": "colorpickle",
-        "rev": "a1a21aebbc9b9716136ab9cc6f77bf5346f8e7ba",
+        "rev": "61c77e71b5586412b6deecc2389fc39072e4b60f",
         "type": "github"
       },
       "original": {
@@ -68,26 +68,17 @@
     },
     "crane": {
       "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": [
-          "helix",
-          "flake-utils"
-        ],
         "nixpkgs": [
           "helix",
           "nixpkgs"
-        ],
-        "rust-overlay": [
-          "helix",
-          "rust-overlay"
         ]
       },
       "locked": {
-        "lastModified": 1688772518,
-        "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
+        "lastModified": 1701025348,
+        "narHash": "sha256-42GHmYH+GF7VjwGSt+fVT1CQuNpGanJbNgVHTAZppUM=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
+        "rev": "42afaeb1a0325194a7cdb526332d2cb92fddd07b",
         "type": "github"
       },
       "original": {
@@ -113,22 +104,6 @@
       }
     },
     "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_3": {
       "flake": false,
       "locked": {
         "lastModified": 1668681692,
@@ -164,11 +139,11 @@
         "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -242,11 +217,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1699520217,
-        "narHash": "sha256-+b4R/GUQrRBGGpmDXna8w28ueeK7FhIYhQTSHqFJuqo=",
+        "lastModified": 1702485432,
+        "narHash": "sha256-3wcT7NGgH1Du9w+acJEnrorr49g2c2040m00FNNFLWs=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "6ab774da0b473c36a437d90abcdac3558353d32e",
+        "rev": "7c55190806f31595e18da2b56c8ca54d8f5b33b7",
         "type": "github"
       },
       "original": {
@@ -262,16 +237,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1695108154,
-        "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
+        "lastModified": 1702195709,
+        "narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "07682fff75d41f18327a871088d20af2710d4744",
+        "rev": "6761b8188b860f374b457eddfdb05c82eef9752f",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -316,7 +291,7 @@
     },
     "mms": {
       "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils_3",
         "nix": "nix",
         "nixpkgs": [
@@ -465,11 +440,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1699343069,
-        "narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
+        "lastModified": 1702272962,
+        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
+        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
         "type": "github"
       },
       "original": {
@@ -524,16 +499,16 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1699291058,
-        "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=",
+        "lastModified": 1702346276,
+        "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
+        "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
         "type": "indirect"
       }
     },
@@ -596,11 +571,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690424156,
-        "narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=",
+        "lastModified": 1701137803,
+        "narHash": "sha256-0LcPAdql5IhQSUXJx3Zna0dYTgdIoYO7zUrsKgiBd04=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "f335a0213504c7e6481c359dc1009be9cf34432c",
+        "rev": "9dd940c967502f844eacea52a61e9596268d4f70",
         "type": "github"
       },
       "original": {
@@ -617,11 +592,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1699469086,
-        "narHash": "sha256-FC350WZKaTh+b0c3THfrJW9WNu1Y0oC9Y9F5z32gIFk=",
+        "lastModified": 1699986787,
+        "narHash": "sha256-eYlLWibKtHN/uWJQLzOMRXpoTbO6VcFTfVY4dpgdJcQ=",
         "owner": "the-argus",
         "repo": "spicetify-nix",
-        "rev": "f395fe14de6d934159d3aa5cc904bbb41f1ea053",
+        "rev": "3c702af1f717b7876fac08809201b1368d0d956c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,12 +1,12 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
     nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
 
     vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-23.05";
+      url = "github:nix-community/home-manager/release-23.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -130,11 +130,8 @@
             ./hosts/bloodletting/configuration.nix
             (import "${home-manager}/nixos")
             mms.module
-            "${nixpkgs-unstable}/nixos/modules/services/web-apps/mastodon.nix"
           ];
 
-          disabledModules = [ "services/web-apps/mastodon.nix" ];
-
           deployment = {
             targetUser = "root";
             targetHost = "bloodletting";

hosts/bloodletting/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, lib, ... }: {
   imports = [
     ./hardware-configuration.nix
     ../../common/users/julia.nix
@@ -59,15 +59,6 @@
     interface = "ens20";
   };
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    banner = ''
-      Hello mistress ^,,^
-    '';
-    settings.PasswordAuthentication = false;
-  };
-
   # Open ports in the firewall.
   networking.firewall = {
     allowedTCPPorts = [ 20 21 22 80 443 990 ];
@@ -114,6 +105,18 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
+    upstreams = {
+      "backend-mastodon-streaming" = {
+        servers = builtins.listToAttrs (map (i: {
+          name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
+          value = { fail_timeout = "0"; };
+        }) (lib.range 1 config.services.mastodon.streamingProcesses));
+        extraConfig = ''
+          least_conn;
+        '';
+      };
+    };
+
     virtualHosts."technogothic.net" = {
       useACMEHost = "technogothic.net";
       forceSSL = true;
@@ -202,9 +205,16 @@
         proxyWebsockets = true;
       };
 
-      locations."/api/v1/streaming/" = {
-        proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
+      locations."^~ /api/v1/streaming/" = {
+        proxyPass = "http://backend-mastodon-streaming/";
         proxyWebsockets = true;
+        priority = 2300;
+
+        extraConfig = ''
+          proxy_buffering off;
+          proxy_redirect off;
+          tcp_nodelay on;
+        '';
       };
 
       extraConfig = "client_max_body_size 64M;";

hosts/ritual/configuration.nix

@@ -21,15 +21,6 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    banner = ''
-      Hello mistress ^,,^
-    '';
-    settings.PasswordAuthentication = false;
-  };
-
   virtualisation = {
     podman = {
       enable = true;

hosts/tears/configuration.nix

@@ -21,15 +21,6 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    banner = ''
-      Hello mistress ^,,^
-    '';
-    settings.PasswordAuthentication = false;
-  };
-
   virtualisation = {
     podman = {
       enable = true;

hosts/tears/hardware-configuration.nix

@@ -53,4 +53,44 @@
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode =
     lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # Workaround for UMC202HD only exposing a single stereo input
+  environment.etc."pipewire/pipewire.conf.d/91-umc202hd.conf".text = ''
+      context.modules = [
+        {   name = libpipewire-module-loopback
+            args = {
+                node.description = "UMC202HD Left Input Mono"
+                capture.props = {
+                    node.name = "capture.UMC202HD_Left"
+                    audio.position = [ AUX0 ]
+                    stream.dont-remix = true
+                    target.object = "alsa_input.usb-BEHRINGER_UMC202HD_192k-00.analog-stereo"
+                    node.passive = true
+                }
+                playback.props = {
+                    node.name = "UMC202HD_Left"
+                    media.class = "Audio/Source"
+                    audio.position = [ MONO ]
+                }
+            }
+        }
+        {   name = libpipewire-module-loopback
+            args = {
+                node.description = "UMC202HD Right Input Mono"
+                capture.props = {
+                    node.name = "capture.UMC_202HD_Right"
+                    audio.position = [ AUX1 ]
+                    stream.dont-remix = true
+                    target.object = "alsa_input.usb-BEHRINGER_UMC202HD_192k-00.analog-stereo"
+                    node.passive = true
+                }
+                playback.props = {
+                    node.name = "UMC202HD_Right"
+                    media.class = "Audio/Source"
+                    audio.position = [ MONO ]
+                }
+            }
+        }
+    ]
+  '';
 }