Disable hydra/checks

Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/6bc76b872374845ba9d645a2f012b764fecd765f' (2025-06-05)
  → 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f' (2025-11-04)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e4bf85da687027cfc4a8853ca11b6b86ce41d732' (2025-07-21)
  → 'github:nix-community/home-manager/f35d0cb75f0669ac8de18d774b336d3d3560bcde' (2025-11-06)
• Updated input 'lix-module':
    'b90bf629bb.tar.gz?narHash=sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7%2Bb8%3D' (2025-01-18)
  → 'b90bf629bb.tar.gz?narHash=sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7%2Bb8%3D&rev=b90bf629bbd835e61f1317b99e12f8c831017006' (2025-01-18)
• Updated input 'me-emacs':
    'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=14454885f19e63584cc3ce557e97488541f15883' (2025-03-20)
  → 'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=71bb31643363b4a42948505d41f4e1c83a21c868' (2025-09-04)
• Updated input 'microvm':
    'github:astro/microvm.nix/5e193f2c5cf9285f2b478ebd55bb1feebb5abdbf' (2025-07-21)
  → 'github:astro/microvm.nix/1d05a3c26dbb9d4b1cd644e10713a70d8740cb6a' (2025-11-03)
• Updated input 'microvm/spectrum':
    'git+https://spectrum-os.org/git/spectrum?ref=refs/heads/main&rev=37c8663fab86fdb202fece339ef7ac7177ffc201' (2025-06-30)
  → 'git+https://spectrum-os.org/git/spectrum?ref=refs/heads/main&rev=c5d5786d3dc938af0b279c542d1e43bce381b4b9' (2025-10-03)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/e04a388232d9a6ba56967ce5b53a8a6f713cdfcf' (2025-06-30)
  → 'github:LnL7/nix-darwin/b8c7ac030211f18bd1f41eae0b815571853db7a2' (2025-11-05)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c87b95e25065c028d31a94f06a62927d18763fdf' (2025-07-19)
  → 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4' (2025-11-02)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/2c8def626f54708a9c38a5861866660395bb3461' (2025-07-15)
  → 'github:Mic92/sops-nix/5a7d18b5c55642df5c432aadb757140edfeb70b3' (2025-10-20)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c' (2025-04-17)
  → 'github:NixOS/nixpkgs/3cbe716e2346710d6e1f7c559363d14e11c32a43' (2025-10-16)

flake.lock

@@ -1,8 +1,44 @@
 {
   "nodes": {
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1762286984,
+        "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -20,7 +56,25 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -58,11 +112,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741701235,
-        "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
+        "lastModified": 1762458864,
+        "narHash": "sha256-O8NI0pOf1GxPaBRhyspWZmtXLo0tzEEvOfMxNh3/8Jo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
+        "rev": "f35d0cb75f0669ac8de18d774b336d3d3560bcde",
         "type": "github"
       },
       "original": {
@@ -99,7 +153,7 @@
         "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=",
         "rev": "b90bf629bbd835e61f1317b99e12f8c831017006",
         "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006"
       },
       "original": {
         "type": "tarball",
@@ -114,11 +168,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742305973,
-        "narHash": "sha256-1LtwFQf95Wm7HbpX85Hls3mme92ysFvGWWoyWUrRz94=",
+        "lastModified": 1757014957,
+        "narHash": "sha256-iPw1uXPUb4mPSZ/Uneop+1veSN5fEYCrsJwq71zLADs=",
         "ref": "refs/heads/master",
-        "rev": "3f9a4859a98123dd840e928d0e6af60ca921607a",
-        "revCount": 75,
+        "rev": "71bb31643363b4a42948505d41f4e1c83a21c868",
+        "revCount": 88,
         "type": "git",
         "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
       },
@@ -127,6 +181,28 @@
         "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1762200934,
+        "narHash": "sha256-Bv4ZKRPsIc6W7qF1I2fevxFETqRNuG3XOsiRIfJ7YlQ=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "1d05a3c26dbb9d4b1cd644e10713a70d8740cb6a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -134,11 +210,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741229100,
-        "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=",
+        "lastModified": 1762304480,
+        "narHash": "sha256-ikVIPB/ea/BAODk6aksgkup9k2jQdrwr4+ZRXtBgmSs=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab",
+        "rev": "b8c7ac030211f18bd1f41eae0b815571853db7a2",
         "type": "github"
       },
       "original": {
@@ -150,11 +226,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1741513245,
-        "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
+        "lastModified": 1743014863,
+        "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
+        "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1762111121,
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
         "type": "github"
       },
       "original": {
@@ -164,13 +256,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
-        "lastModified": 1731763621,
-        "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
+        "lastModified": 1760596604,
+        "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
+        "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43",
         "type": "github"
       },
       "original": {
@@ -182,24 +274,26 @@
     },
     "root": {
       "inputs": {
+        "deploy-rs": "deploy-rs",
         "home-manager": "home-manager",
         "lix-module": "lix-module",
         "me-emacs": "me-emacs",
+        "microvm": "microvm",
         "nix-darwin": "nix-darwin",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1741644481,
-        "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
         "type": "github"
       },
       "original": {
@@ -208,6 +302,22 @@
         "type": "github"
       }
     },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1759482047,
+        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
+        "ref": "refs/heads/main",
+        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+        "revCount": 996,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -237,6 +347,54 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -12,9 +12,12 @@
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    microvm.url = "github:astro/microvm.nix";
+    microvm.inputs.nixpkgs.follows = "nixpkgs";
+    deploy-rs.url = "github:serokell/deploy-rs";
   };
   
-  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module }@inputs: let
+  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm, deploy-rs }@inputs: let
     overlays = import ./overlays/default.nix inputs;
     modules = import ./modules/default.nix inputs;
 
@@ -60,7 +63,16 @@
             overlays.emacs
           ])
           modules.sops
-          lix-module.nixosModules.default
+          # Broken w/ this nixpkgs input
+          # lix-module.nixosModules.default
+        ];
+      };
+      pericyte = nixosSystem' {
+        modules = [
+          ./machines/pericyte/configuration.nix
+          modules.sops
+          # lix-module.nixosModules.default
+          # microvm.nixosModules.host
         ];
       };
     };
@@ -72,7 +84,7 @@
             overlays.emacs
           ])
           modules.home-manager-darwin
-          lix-module.nixosModules.default
+          # lix-module.nixosModules.default
         ];
       };
     };
@@ -91,8 +103,23 @@
       };
     };
 
+    deploy = {
+      nodes = {
+        pericyte = {
+          hostname = "opcp";
+          sshUser = "root";
+          profiles.system = {
+            user = "root";
+            path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pericyte;
+          };
+        };
+      };
+    };
+    # This is highly advised, and will prevent many possible mistakes
+    # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+
     hydraJobs = {
-      inherit (me-emacs) packages;
+      # inherit (me-emacs) packages;
     };
   };
 }

machines/hippocampus/backups/gitea.nix

@@ -1,6 +1,24 @@
-{ ... }: {
+{ pkgs, config, ... }: {
   services.gitea.dump = {
     enable = true;
     interval = "2:45";
   };
+  systemd.timers."gitea-clear-dump" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+      Unit = "gitea-clear-dump.service";
+    };
+  };
+
+  systemd.services."gitea-clear-dump" = {
+    script = ''
+      ${pkgs.findutils}/bin/find /var/lib/gitea/dump -type f -ctime +5 -exec rm -f {} \;
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = config.services.gitea.user;
+    };
+  };
 }

machines/hippocampus/modules/headscale.nix

@@ -91,7 +91,7 @@ let
       partOf = ["headscale.service"];
 
       script = ''
-        ${cfg.package}/bin/headscale preauthkeys -u ${name} create \
+        ${cfg.package}/bin/headscale preauthkeys -u $(${cfg.package}/bin/headscale users -o json-line list | ${pkgs.jq}/bin/jq '.[] | select(.name=="${name}").id') create \
           ${lib.optionalString options.preAuthEphemeral "--ephemeral"} \
           ${lib.optionalString options.preAuthReusable "--reusable"} \
           --expiration ${options.preAuthExpiration} \

machines/hippocampus/oci/Wireguard.ContainerFile

@@ -0,0 +1,5 @@
+FROM alpine:3.16
+RUN apk add --no-cache bash wireguard-tools jq curl git ncurses
+RUN git clone https://github.com/pia-foss/manual-connections /manual-connections
+WORKDIR /manual-connections
+CMD bash -c "/manual-connections/run_setup.sh && watch -n 60 curl ip.me"

machines/hippocampus/oci/jelly.nix

@@ -18,10 +18,12 @@
     in {
       containers = {
         wireguard = {
-          image = "thrnz/docker-wireguard-pia";
+          # Derived from the pia-wg.tar.gz
+          # which was built from the containerfile
+          image = "localhost/pia-wg:latest";
           volumes = [
             # "${configDir}/wireguard:/config"
-            "${configDir}/wireguard_pia:/pia"
+            # "${configDir}/wireguard_pia:/pia"
           ];
           ports = getPorts [
             "deluge"
@@ -34,13 +36,23 @@
           ];
           environment = {
             TZ = "America/Toronto";
-	    LOC = "ca";
+       	    LOC = "ca";
+            PIA_DNS = "false"; # - true/false
+            PIA_PF = "false"; # - true/false
+            PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true.
+            MAX_LATENCY = "0.2"; # - numeric value, in seconds
+            AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION
+            # PREFERRED_REGION = ""; # - the region ID for a PIA server
+            DIP_TOKEN = "n";
+            VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong
+            DISABLE_IPV6 = "no"; # - yes/no
           };
           extraOptions = [
-            "--cap-add=ALL"
-            "--pull=newer"
-            "--dns=1.1.1.1"
+            "--privileged" "--dns=1.1.1.1"
             "--env-file=${config.sops.secrets.jellyfin-pia.path}"
+            "--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE"
+            "--cap-drop=MKNOD,AUDIT_WRITE"
+            "--sysctl=net.ipv4.ip_forward=1"
             "--sysctl=net.ipv4.conf.all.src_valid_mark=1"
             "--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
             "--sysctl=net.ipv6.conf.all.disable_ipv6=1"

machines/hippocampus/riscv.nix

@@ -2,4 +2,5 @@
   boot.binfmt.emulatedSystems = [
     "riscv64-linux"
   ];
+  boot.binfmt.preferStaticEmulators = true;
 }

machines/hippocampus/secrets/pass.yaml

@@ -1,7 +1,7 @@
 nextcloud:
     adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str]
     s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
-jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
+jellyfin-pia: ENC[AES256_GCM,data:hOgUAr47FMd2QgzgXBeqv41Paqy6zn6tyWVDbF1JtqcTog/zZC4=,iv:opnxrycFszAhuMARcP48gKF6eL1ERNgWS68wO+s4CIM=,tag:fqimxKdTAh55ANKD3bp46w==,type:str]
 ddclient: ENC[AES256_GCM,data:a31MKnoEZXrj/s8z3+MP9jhQ5/sBjljZphXBJsWj5GU=,iv:YHKCartadDQa59aUf9Fw/KgdgMgsqsVLDAIh/KeqehQ=,tag:hUaUqjcX75xw6eC9axtQmw==,type:str]
 anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str]
 tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str]
@@ -14,10 +14,6 @@ restic:
     passwd: ENC[AES256_GCM,data:vUsAP5+iZo7U55xnUP7Cnk1OxnrO+paHKmT2cuc=,iv:GF7fybEQZIxHPm1Z6Sj5dn/zOR5dRVgikH8LILsTMIs=,tag:Mh61boRPsfHeiSfXmrEx5Q==,type:str]
     backblaze: ENC[AES256_GCM,data:IfWzuIYUrCGYpP68CPFi2vLqq9NVmiVyCE+Z8yi+cnaQwgwNL40lJEPL/U3d0lgsmrsV4GheNJ0oQ9tnrrJeBgZgwMl/CwXMctuUHo+cvVot/cNRd1vCdjRr7WUnw8737uxyW45OaaYbkZRa3NWEGDll1iFDWB2w4n5DTsomyO03tFZB5gckwQYmpjYmK4DcIWyTaEiDrznmkyM+sxoWv9pcTHZIIN7TCHHkzmlMzXXqJnoRfCpdVm/QF9jbrAYs,iv:tOa1FFyggm0ScoRdFk6tACOnQVcZMYaDqeJyX5SMKXc=,tag:EY5jQhZnLP6IzqY9garoEQ==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve
           enc: |
@@ -28,8 +24,7 @@ sops:
             RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
             LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-26T02:45:21Z"
-    mac: ENC[AES256_GCM,data:t5+2iRUJprwwW8GRiQx/h8IOYjjhsq+954GDL2ujXiZVM3oBhESdeBi6aMMwsqABCr+PjP4gb4qHHbduxWlGSZlAh4HSiVwwizI8XV8HZqUqPKBJEqRThzcwznCk4DOGpf1PMbktBX/r50pDeoDcgShKka1bMY8kD385SVklgNE=,iv:EXFXz12HNTMRoW0gIrTEZPHhdTG2cxaWf65uTgT7nZ4=,tag:5XweTiLnO9N8eZb4EPkh6g==,type:str]
-    pgp: []
+    lastmodified: "2025-07-19T19:15:37Z"
+    mac: ENC[AES256_GCM,data:RPGKe5f+5GUnGK3zybRrTnd8N4TprLWBEWLI2HI68Acf1MlJ1AMOWOhpi5xa0Hkxpah8D/d0CEH2ymaO5EBSUamPdYThI4g/4cxNBXboKnALSf91ZUty86/1+14TbI6vFCZ5ghjB4THxszGf47ajIDa/TjHx0yHFWDi7rpApmcw=,iv:ep/NlJfkIkQe5RJ4U2YfZ7/0S4vWqxjg+xrLLnJwfwI=,tag:c01jey2juzoPKux7n/0rug==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.10.2

machines/hippocampus/servers/public.nix

@@ -25,7 +25,7 @@
     ./public/nextcloud.nix
 
     # Rabb.it at home
-    ./public/watchthingz.nix
+    # ./public/watchthingz.nix
 
     # Pterodactyl Game Server
     ./public/pterodactyl.nix
@@ -47,5 +47,8 @@
 
     # Random Usage, specific port
     ./public/random.nix
+
+    # Perfect Pitch Project
+    ./public/perfect_pitch.nix
   ];
 }

machines/hippocampus/servers/public/headscale.nix

@@ -26,6 +26,9 @@
       dns = {
         base_domain = "tailnet";
         magic_dns = true;
+        nameservers.global = [
+          "1.1.1.1"
+        ];
       };
     };
   };

machines/hippocampus/servers/public/hydra.nix

@@ -17,7 +17,7 @@ in {
     '';
   };
   nix.extraOptions = ''
-    allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab:
+    allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab: https://git.lix.systems
   '';
   systemd.services.hydra = {
     serviceConfig = {

machines/hippocampus/servers/public/nextcloud.nix

@@ -13,7 +13,7 @@ in {
   
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud30;
+    package = pkgs.nextcloud32;
     hostName = "localhost";
     settings = {
       trusted_domains = [
@@ -22,8 +22,7 @@ in {
       ];
     
       trusted_proxies = [
-        "cloud.crompton.cc"
-        "nextcloud.syzygial.cc"
+        "127.0.0.1"
       ];      
 
       overwriteprotocol = "https";

machines/hippocampus/servers/public/perfect_pitch.nix

@@ -0,0 +1,52 @@
+{config, pkgs, ...}:
+
+{
+  systemd.targets.machines.enable = true;
+  systemd.services."perfectpitch-container" = {
+    enable = true;
+    wantedBy = ["machines.target"];
+    environment = {
+      # SYSTEMD_NSPAWN_USE_CGNS = "0";
+    };
+    script = ''
+      exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
+        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \
+        -nbD /var/lib/machines/perfectpitch --machine perfectpitch
+    '';
+    postStart = ''
+      ${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true
+      ${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true
+      ${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true
+    '';
+    serviceConfig = {
+      Type = "notify";
+      Slice = "machine.slice";
+      Delegate = true;
+      DeviceAllow = "/dev/fuse rwm";
+    };
+  };
+  networking.nat = {
+    enable = true;
+    # Check for hostBridge use vb instead of ve
+    internalInterfaces = ["ve-perfectpitch"];
+    externalInterface = "enp0s25";
+    enableIPv6 = true;
+    forwardPorts = [
+     { sourcePort = 8022;
+       destination = "10.2.0.1:22";
+       proto = "tcp";
+     }
+     { sourcePort = 8022;
+       destination = "10.2.0.1:22";
+       proto = "udp";
+     }
+    ];
+  };
+  services.caddy.virtualHosts = {
+    "pitch.crompton.cc" = {
+      extraConfig = ''
+        reverse_proxy 10.2.0.1:8080
+      '';
+    };
+  };
+}

machines/hippocampus/servers/public/pterodactyl.nix

@@ -32,11 +32,11 @@
     externalInterface = "enp0s25";
     enableIPv6 = true;
     forwardPorts = [
-     { sourcePort = "25565:28000";
+     { sourcePort = "25565:26000";
        destination = "10.1.0.1:25565-25600";
        proto = "tcp";
      }
-     { sourcePort = "25565:28000";
+     { sourcePort = "25565:26000";
        destination = "10.1.0.1:25565-25600";
        proto = "udp";
      }

machines/hippocampus/servers/public/tandoor.nix

@@ -18,7 +18,8 @@ in {
   };
 
   systemd.services.tandoor-recipes = {
-    environment.GUNICORN_MEDIA = lib.mkForce null;
+    # https://github.com/TandoorRecipes/recipes/issues/3617
+    environment.GUNICORN_MEDIA = "1"; #lib.mkForce null;
     serviceConfig = {
       EnvironmentFile = config.sops.secrets.tandoor-pass.path;
     };

machines/hippocampus/services/dyndns.nix

@@ -2,7 +2,7 @@
   sops.secrets.ddclient = {};
   services.ddclient = {
     enable = true;
-    usev4 = "web, web=dynamicdns.park-your-domain.com/getip";
+    usev4 = "webv4, web=dynamicdns.park-your-domain.com/getip";
     protocol = "namecheap";
     server = "dynamicdns.park-your-domain.com";
     username = "crompton.cc";

machines/pericyte/configuration.nix

@@ -0,0 +1,29 @@
+{ pkgs, inputs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
+    "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
+
+    ./podman.nix
+    ./container-registry.nix
+    # ./microvm-configuration.nix
+    # ./k3s.nix
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  environment.systemPackages = with pkgs; [
+    git
+    btop
+    tmux
+    oci-cli
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+  # zramSwap.enable = true;
+  networking.hostName = "pericyte";
+  networking.domain = "";
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOaNNSV/wurGA8D7bT+WX4UlHdKqd9SFfVXvSalvHag5qYDPUIsGGkqSNj1dcong9qxrC8y7G7ybWhwRKTKXInXrq6EO4JkVkCSbVqrq8gIv66upsKltvmf0esiOdrpRgHoiup8JKaX93aUT27rykReT39mFwkJZDoD4ViNiK7QmbgDC/9pyGDSJykreSnBoxtczox8Zi+pwN8XMI4nRVdV9hppXMpj38/O3Qaq+oXdHJ2MVNy9D+TqxYofstFbzpJpEb2xA4QYnq/VVJFk8VaZlg3qxelwBJ1GNZO8TMkLA+6b07D3aISyEIQAONviNktPwRPiw903hsDyeKDunDx ssh-key-2025-03-31'' ];
+  system.stateVersion = "25.05";
+}

machines/pericyte/container-registry.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+  services.dockerRegistry = {
+    enable  = true;
+    package = pkgs.distribution;
+  };
+}

machines/pericyte/hardware-configuration.nix

@@ -0,0 +1,18 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = { device = "/dev/disk/by-uuid/FCE4-1F46"; fsType = "vfat"; };
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  swapDevices = [
+    {
+      device = "/swapfile";
+    }
+  ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+}

machines/pericyte/k3s.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }: {
+  networking.firewall = {
+    allowedTCPPorts = [
+      6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+      # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+      # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+    ];
+    allowedUDPPorts = [
+      # 8472 # k3s, flannel: required if using multi-node for inter-node networking
+    ];
+  };
+  services.k3s = {
+    enable = true;
+    role = "server";
+    extraFlags = toString [
+      # "--debug" # Optionally add additional args to k3s
+    ];
+  };
+  environment.systemPackages = with pkgs; [
+    rancher
+  ];
+}

machines/pericyte/microvm-configuration.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+  microvm.autostart = [
+    "vm-starbot"
+    "vm-starbot-dev"
+  ];
+}

machines/pericyte/podman.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }: {
+  # Enable common container config files in /etc/containers
+  virtualisation.containers.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  # Useful other development tools
+  environment.systemPackages = with pkgs; [
+    dive # look into docker image layers
+    skopeo # Inspect images
+    podlet # create quadlets (systemd units)
+    podman-tui # status of containers in the terminal
+    podman-compose # start group of containers for dev
+  ];
+}

machines/pericyte/test.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+  users.groups.peertube = { };
+  users.users.peertube = {
+    isSystemUser = true;
+    group = "peertube";
+    home = "/var/lib/peertube";
+    createHome = true;
+    uid = 2342;
+    subUidRanges = [
+      {
+        count = 65536;
+        startUid = 2147483646;
+      }
+    ];
+    subGidRanges = [
+      {
+        count = 65536;
+        startGid = 2147483647;
+      }
+    ];
+  };
+  virtualisation.oci-containers = {
+    backend = "podman";
+    # containers.peertube = {
+    #   image = "chocobozzz/peertube:latest";
+    #   ports = [ ];
+    #   podman = {
+    #     user = "peertube";
+    #   };
+    # };
+  };
+}

machines/universeair/configuration.nix

@@ -3,7 +3,7 @@ in
   {
     imports = [
       # Install Apps Detactable by Spotlight
-      ./app-fix.nix
+      # ./app-fix.nix
       # Tiling Window Manager
       ./yabai.nix
       # Shortcuts babe, not Automator
@@ -13,6 +13,10 @@ in
     nixpkgs.config.allowUnfree = true;
     # nix.package = pkgs.nixUnstable;
     nix.settings.auto-optimise-store = false;
+    nix.settings.trusted-users = [
+      "root"
+      "universelaptop"
+    ];
 
     users.users.universelaptop = {
       name = "universelaptop";
@@ -141,6 +145,7 @@ in
     
     environment.systemPackages = (with pkgs; [
       me-emacs
+      svgbob
       (aspellWithDicts (p: with p;[
         en
         en-computers
@@ -215,4 +220,5 @@ in
     # Used for backwards compatibility, please read the changelog before changing.
     # $ darwin-rebuild changelog
     system.stateVersion = 4;
+    system.primaryUser = "universelaptop";
   }

machines/universeair/libresprite_TODO_PR.nix

@@ -0,0 +1,18 @@
+      (libresprite.overrideAttrs (old: {
+        src = pkgs.fetchFromGitHub {
+          owner = "LibreSprite";
+          repo = "LibreSprite";
+          rev = "c99d3666b17ff731824e3eccc79cf3ec48564ad5";
+          fetchSubmodules = true;
+          sha256 = "sha256-mdMdHQvl6Mt0oisZ4c/Wk6dvklq3Iyz05brbFxSIaj0=";
+        };
+        patches = [];
+        buildInputs = old.buildInputs ++ (with pkgs; [
+          libarchive
+          tinyxml-2
+        ]);
+        postPatch = ''
+          sed -i -e 's/if(''${CMAKE_SYSTEM_NAME} MATCHES "Darwin")/if(FALSE)/' CMakeLists.txt
+        '';
+        meta.broken = false;
+      }))

machines/universeair/skhd.nix

@@ -2,7 +2,7 @@
   services.skhd = {
     enable = true;
     skhdConfig = ''
-      cmd + shift - e : open '${pkgs.me-emacs}/Applications/Emacs.app'
+      cmd + shift - e : open '${(pkgs.me-emacs.override {withNativeCompilation = false;})}/Applications/Emacs.app'
       cmd + shift + ctrl - e : kitty -d ~ -1
     '';
   };

machines/universedesktop/configuration.nix

@@ -34,6 +34,9 @@
 
         # ccache, y'know for blenders and whatnots
         ./ccache.nix
+
+        # So we can run riscv 'natively'
+        ./riscv.nix
       ];
 
     fileSystems."/home/universe/tmp" = {

machines/universedesktop/desktop/default.nix

@@ -3,6 +3,7 @@
     ./audio.nix
     ./graphics.nix
     # ./dwl.nix # Sadly, nVidia seems to be too broken too often on wayland
-    ./dwm.nix 
+    ./dwm.nix
+    # ./niri.nix
   ];
 }

machines/universedesktop/desktop/dwl.nix

@@ -91,8 +91,8 @@ in {
     # Recommended by upstream, required for screencast support
     # https://github.com/YaLTeR/niri/wiki/Important-Software#portals
     extraPortals = [
-      #pkgs.xdg-desktop-portal-gnome
-      #pkgs.xdg-desktop-portal-gtk
+      pkgs.xdg-desktop-portal-gnome
+      pkgs.xdg-desktop-portal-gtk
     ];
 
     wlr.enable = true;

machines/universedesktop/desktop/dwm.nix

@@ -2,11 +2,7 @@
   nixpkgs.overlays = [
     (final: prev: {
       st = prev.st.override {
-        conf = builtins.readFile (pkgs.substituteAll {
-          src = ./dwm/st-config.def.h;
-          env = {
-          };
-        });
+        conf = builtins.readFile (pkgs.replaceVars ./dwm/st-config.def.h {});
       };
     })
   ];
@@ -18,21 +14,18 @@
         emacsclient --create-frame --alternate-editor=""
       '';
     in pkgs.dwm.override {
-      conf = pkgs.substituteAll {
-        src = ./dwm/config.h;
-        env = {
-          dmenucmd="${pkgs.dmenu}/bin/dmenu_run";
-          termcmd="${pkgs.st}/bin/st";
-          editcmd="${launch_emacs}";
-          playcmd=pkgs.writeScript "playerctl-play-pause" ''
-            #!${pkgs.bash}/bin/bash
-            ${pkgs.playerctl}/bin/playerctl play-pause
-          '';
-          scrncmd=pkgs.writeScript "screenshot-region" ''
-            #!${pkgs.bash}/bin/bash
-            ${pkgs.maim}/bin/maim -o -s | ${pkgs.xclip}/bin/xclip -sel clip -t image/png
-          '';
-        };
+      conf = pkgs.replaceVars ./dwm/config.h {
+        dmenucmd="${pkgs.dmenu}/bin/dmenu_run";
+        termcmd="${pkgs.st}/bin/st";
+        editcmd="${launch_emacs}";
+        playcmd=pkgs.writeScript "playerctl-play-pause" ''
+          #!${pkgs.bash}/bin/bash
+          ${pkgs.playerctl}/bin/playerctl play-pause
+        '';
+        scrncmd=pkgs.writeScript "screenshot-region" ''
+          #!${pkgs.bash}/bin/bash
+          ${pkgs.maim}/bin/maim -o -s | ${pkgs.xclip}/bin/xclip -sel clip -t image/png
+        '';
       };
       patches = [
         ./dwm/fullscreen.patch
@@ -48,6 +41,16 @@
 	  enable = true;
     background = "#000000";
   };
+  services.xserver.config = lib.mkAfter ''
+Section "InputClass"
+        Identifier "joystick catchall"
+        MatchIsJoystick "on"
+        MatchDevicePath "/dev/input/event*"
+        Driver "joystick"
+        Option "StartKeysEnabled" "False"
+        Option "StartMouseEnabled" "False"
+EndSection
+  '';
   environment.sessionVariables = {
     GTK_THEME="Adwaita-dark";
   };

machines/universedesktop/desktop/graphics.nix

@@ -9,7 +9,7 @@
       powerManagement.finegrained = false;
       nvidiaSettings = true;
       open = true;
-      package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
+      # package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
       #package = let 
       #  rcu_patch = pkgs.fetchpatch {
       #    url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";

machines/universedesktop/desktop/niri.nix

@@ -1,7 +1,106 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, ... }: let 
+  launch_emacs = pkgs.writeScript "emacsclient-or-start" ''
+    #!${pkgs.bash}/bin/bash
+    emacsclient --create-frame --alternate-editor=""
+  '';
+in {
   imports = [
     ./wayland.nix
   ];
 
-  programs.niri.enable = true;
+  services.displayManager.sessionPackages = [ pkgs.dwl ];
+  #services.gnome.gnome-keyring.enable = lib.mkDefault true;
+  systemd.packages = [ pkgs.dwl ];
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      wlroots_0_19 = prev.wlroots_0_18.overrideAttrs (old: {
+        src = final.fetchFromGitLab {
+          domain = "gitlab.freedesktop.org";
+          owner = "wlroots";
+          repo = "wlroots";
+          rev = "d305934ebe6852785a1f425ee96861f0b7280d76"; # 0.19-prev # 25-01-25
+          hash = "sha256-NnPSC5p/phTFe+nWp9vl8LUbmBO/RXSSUuDZ2boucXY=";
+        };
+      });
+      dwl = (prev.dwl.override { wlroots = final.wlroots_0_19; }).overrideAttrs (old: let
+        dwl-patches = pkgs.fetchgit {
+          url = "https://codeberg.org/dwl/dwl-patches.git";
+          rev = "4a869141fa643d9be792a9aa44a42cf7f7f882ad";
+          hash = "sha256-xlaK9xMrc+KDNecsyByRIxXmPEZ2dmP4FQ0bMojsyws=";
+        };
+        patches = let
+          dwl-patch = p: "${dwl-patches}/patches/${p}/${p}.patch";
+        in [
+          (dwl-patch "ipc")
+          (dwl-patch "restore-monitor")
+          (dwl-patch "regexrules")
+          (dwl-patch "autostart")
+        ];
+      in {
+        version = "21-09-2024";
+        
+        src = final.fetchFromGitea {
+          domain = "codeberg.org";
+          owner = "dwl";
+          repo = "dwl";
+          rev = "d1c2f434983562bd7d2ace15ab0c05155be603bc";
+          hash = "sha256-SpfjQfzvbpDiihziyKGPoBwvp3evgCQQhhjldAE/MwY=";
+        };
+ 
+        patches = (old.patches or []) ++ patches;
+        postPatch = (old.postPatch or "") + ''
+          export termcmd=${pkgs.foot}/bin/foot
+          export editcmd=${launch_emacs}
+          export menucmd=${pkgs.fuzzel}/bin/fuzzel
+          export barcmd=${pkgs.waybar}/bin/waybar
+          export playcmd=${pkgs.writeScript "playerctl-play-pause" ''
+            #!${pkgs.bash}/bin/bash
+            ${pkgs.playerctl}/bin/playerctl play-pause
+          ''}
+          export scrncmd=${pkgs.writeScript "screenshot-region" ''
+           #!${pkgs.bash}/bin/bash
+           ${pkgs.slurp}/bin/slurp | ${pkgs.grim}/bin/grim -g - - | ${pkgs.wl-clipboard}/bin/wl-copy
+          ''}
+          substituteAll ${./dwl/config.def.h} ./config.def.h
+        '';
+        postInstall = ''
+          chmod ugo+x $out/share/wayland-sessions/dwl.desktop
+        '';
+        passthru.providedSessions = ["dwl"];
+      });
+    })
+  ];
+
+
+  security = {
+    polkit.enable = true;
+    pam.services.swaylock = { };
+  };
+
+  services.graphical-desktop.enable = true;
+
+  services.xserver.desktopManager.runXdgAutostartIfNone = lib.mkDefault true;
+
+  environment.systemPackages = with pkgs; [
+    dwl
+    waybar
+    foot
+    pwvucontrol
+  ];
+}
+{ config, pkgs, lib, ... }: {
+  programs.niri.enable = true;
+
+  environment.sessionVariables = {
+    # Breaks WebCord
+    # NIXOS_OZONE_WL=1;
+    WLR_NO_HARDWARE_CURSORS=1;
+    SDL_VIDEODRIVER="wayland";
+    QT_QPA_PLATFORM="wayland-egl";
+    QT_WAYLAND_DISABLE_WINDOW_DECORATIONS="1";
+    __JAVA_AWT_WM_NONREPARENTING=1;
+    GTK_THEME="Adwaita-dark";
+  };
+
 }

machines/universedesktop/programs/art.nix

@@ -5,41 +5,9 @@
         python-final: python-prev: let
           py = python-prev;
         in {
-          opencamlib = py.toPythonModule (pkgs.stdenv.mkDerivation rec {
-            pname = "opencamlib";
-            version = "2019.07";
-            nativeBuildInputs = (with pkgs;[
-              cmake
-              git
-              doxygen
-              boost
-              texlive.combined.scheme-full
-            ]);
-            propagatedNativeBuildInputs = [
-              py.python
-              py.boost
-              py.vtk
-            ];
-            postPatch = ''
-              mkdir -p $out/${py.python.sitePackages}/{lib,ocl}
-              sed -e 's#LIBRARY DESTINATION ''${PYTHON_ARCH_PACKAGES}#LIBRARY DESTINATION '"$out"'/${py.python.sitePackages}#g' -i src/pythonlib/pythonlib.cmake
-              sed -e 's#DESTINATION ''${PYTHON_SITE_PACKAGES}#DESTINATION '"$out"'/${py.python.sitePackages}#g' -i src/pythonlib/pythonlib.cmake
-            '';
-            cmakeFlags = [
-              "-DVERSION_STRING=2019.07"
-              "-DBUILD_CXX_LIB=ON"
-              "-DBUILD_PY_LIB=ON"
-              "-DUSE_PY_3=ON"
-              "-DCMAKE_BUILD_TYPE=Release"
-            ];
-            src = pkgs.fetchFromGitHub {
-              owner = "aewallin";
-              repo = "opencamlib";
-              rev = "2019.07";
-              sha256 = "1a8pxp1mh8x3bfsb0l97vgxrpk482p7q9jprkd4m9hv69vva2bdz";
-            };
-          });
           equation = py.buildPythonPackage {
+            pyproject = true;
+            build-system = [ py.setuptools ];
             pname = "Equation";
             version = "1.2.01";
             nativeBuildInputs = [
@@ -52,6 +20,8 @@
             };
           };
           morphio = py.toPythonModule ( pkgs.stdenv.mkDerivation rec {
+            pyproject = true;
+            build-system = [ py.setuptools ];
             pname = "MorphIO";
             version = "3.3.4";
             nativeBuildInputs = (with pkgs; [
@@ -85,20 +55,20 @@
     blender_cuda = prev.blender.override {
       cudaSupport = true;
     };
-    blender = final.blender_cuda.withPackages (p: with p; [
-      # OpenCAMLib support
-      shapely
-      equation
-      #opencamlib
-      # NeuroMorphoVis support
-      matplotlib
-      seaborn
-      pandas
-      pillow
-      h5py
-      morphio
-      # TODO add BluePy support?
-    ]);
+#    blender = final.blender_cuda.withPackages (p: with p; [
+#      # OpenCAMLib support
+#      shapely
+#      equation
+#      opencamlib
+#      # NeuroMorphoVis support
+#      matplotlib
+#      seaborn
+#      pandas
+#      pillow
+#      h5py
+#      morphio
+#      # TODO add BluePy support?
+#    ]);
     # Update RX and Aseprite
     rx = prev.rx.overrideAttrs (old: {
       version = "git";
@@ -118,6 +88,7 @@
 
     rx
     aseprite-unfree
+    pixelorama
     gimp
     
     glaxnimate

machines/universedesktop/programs/desktop.nix

@@ -24,9 +24,7 @@
       nextcloud-client
       libsForQt5.kdeconnect-kde
 
-      vesktop
-      slack
-      signal-desktop
+      discord
       zoom-us
 
       anki

machines/universedesktop/programs/games.nix

@@ -5,6 +5,7 @@
   xdg.portal.enable = true;
   xdg.portal.wlr.enable = true;
   xdg.portal.config.common.default = "*";
+  # On X11: Steam requires a compositor for BigPicture
   programs.steam.enable = true;
   # Game compat
   programs.gamemode.enable = true;

machines/universedesktop/programs/terminal.nix

@@ -9,7 +9,8 @@
     htop
     btop
     xclip
-    screen
+    tio
+    tmux
     usbutils
     man-pages
     man-pages-posix

machines/universedesktop/riscv.nix

@@ -0,0 +1,6 @@
+{ config, pkgs, lib, ... }: {
+  boot.binfmt.emulatedSystems = [
+    "riscv64-linux"
+  ];
+  boot.binfmt.preferStaticEmulators = true;
+}