about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nix/hosts/corrino/configuration.nix39
-rw-r--r--nix/hosts/corrino/modules/authelia.emile.space.nix3
-rw-r--r--nix/hosts/corrino/ports.nix2
-rw-r--r--nix/hosts/corrino/secrets/garage_admin_token.age8
-rw-r--r--nix/hosts/corrino/secrets/garage_metrics_token.agebin0 -> 387 bytes
-rw-r--r--nix/hosts/corrino/secrets/garage_rpc_secret.agebin0 -> 387 bytes
-rw-r--r--nix/hosts/corrino/secrets/new.age8
-rw-r--r--nix/hosts/corrino/secrets/sftpgo_env.age8
-rw-r--r--nix/hosts/corrino/secrets/sftpgo_oidc_client_secret.age7
-rw-r--r--nix/hosts/corrino/www/cgit.emile.space.nix574
-rw-r--r--nix/hosts/corrino/www/cs.emile.space.nix58
-rw-r--r--nix/hosts/corrino/www/ctf.emile.space.nix10
-rw-r--r--nix/hosts/corrino/www/events.emile.space.nix61
-rw-r--r--nix/hosts/corrino/www/git.emile.space.nix172
-rw-r--r--nix/hosts/corrino/www/grafana.emile.space.nix14
-rw-r--r--nix/hosts/corrino/www/hydra.emile.space.nix6
-rw-r--r--nix/hosts/corrino/www/jupyter.emile.space.nix62
-rw-r--r--nix/hosts/corrino/www/magic-hash.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/md.emile.space.nix6
-rw-r--r--nix/hosts/corrino/www/netbox.emile.space.nix6
-rw-r--r--nix/hosts/corrino/www/pgweb.emile.space.nix23
-rw-r--r--nix/hosts/corrino/www/photo.emile.space.nix6
-rw-r--r--nix/hosts/corrino/www/social.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/stream.emile.space.nix8
24 files changed, 87 insertions, 1010 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix
index 80df71b..bc38500 100644
--- a/nix/hosts/corrino/configuration.nix
+++ b/nix/hosts/corrino/configuration.nix
@@ -1,7 +1,6 @@
 { config, pkgs, ... }:
 
 let
-  ports = import ./ports.nix;
   # keys = import ../../users/keys.nix
   # keys = key;
   keys = {
@@ -16,23 +15,20 @@ in {
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
 
+      ./ports.nix
+
+      ./www/git
+
       # web
       ./www/emile.space.nix
       ./www/tmp.emile.space.nix
-      # ./www/git.emile.space.nix
-      ./www/cgit.emile.space.nix
-      # ./www/incus.emile.space.nix
-      # ./www/seafile.emile.space.nix
       ./www/hydra.emile.space.nix
-      # ./www/matrix.emile.space.nix
       ./www/netbox.emile.space.nix
       ./www/grafana.emile.space.nix
       ./www/photo.emile.space.nix
-      # ./www/events.emile.space.nix
       ./www/tickets.emile.space.nix
       ./www/talks.emile.space.nix
       ./www/stream.emile.space.nix
-      ./www/pgweb.emile.space.nix
       ./www/md.emile.space.nix
       ./www/social.emile.space.nix
 
@@ -44,8 +40,6 @@ in {
 
       # general purpose modules
       ./modules/authelia.emile.space.nix
-      # ./modules/sftpgo.emile.space.nix
-      # ./modules/garage.emile.space.nix
 
       # r2wars
       ./www/r2wa.rs.nix
@@ -80,7 +74,7 @@ in {
           enable = true;
       
           # ssh port during boot for luks decryption
-          port = ports.initrd_ssh;
+          port = config.emile.ports.initrd_ssh;
           authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
           hostKeys = [ "/initrd_ssh_host_ecdsa_key" ];
         };
@@ -135,6 +129,27 @@ in {
     };
   };
 
+  time.timeZone = "Europe/Berlin";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    # LC_COLLATE # How to sort stuff
+    # LC_CTYPE # Character recognition of bytes
+    # LC_IDENTIFICATION # What to show as system locale
+    LC_MONETARY = "de_DE.UTF-8"; # Currency formats
+    # LC_MEASSAGES # General message lang
+    LC_MEASUREMENT = "de_DE.UTF-8"; # Units used for numbers
+    LC_NAME = "de_DE.UTF-8"; # Names of persons
+    # LC_NUMERIC # Punctiation of numbers
+    LC_PAPER = "de_DE.UTF-8"; # Paper size
+    LC_TELEPHONE = "de_DE.UTF-8"; # Phone number formats
+    LC_TIME = "de_DE.UTF-8"; # Time format
+  };
+  console = {
+    keyMap = "de-latin1";
+  };
+
   # The mdadm RAID1s were created with 'mdadm --create ... --homehost=hetzner',
   # but the hostname for each machine may be different, and mdadm's HOMEHOST
   # setting defaults to '<system>' (using the system hostname).
@@ -228,7 +243,7 @@ in {
     firewall = {
       enable = true;
       allowedTCPPorts = [
-        ports.gitDaemon # gitDaemon
+        config.emile.ports.gitDaemon # gitDaemon
         80 443 # normal web
       ];
       allowedUDPPorts = [
diff --git a/nix/hosts/corrino/modules/authelia.emile.space.nix b/nix/hosts/corrino/modules/authelia.emile.space.nix
index 4a4a72a..0f77197 100644
--- a/nix/hosts/corrino/modules/authelia.emile.space.nix
+++ b/nix/hosts/corrino/modules/authelia.emile.space.nix
@@ -1,7 +1,6 @@
 { config, pkgs, ... }:
 
 let
-	ports = import ../ports.nix;
 	authelia_port = config.services.authelia.instances.main.settings.server.port;
 in {
 
@@ -106,7 +105,7 @@ in {
 
 				server = {
 					host = "127.0.0.1";
-					port = ports.authelia;
+					port = config.emile.ports.authelia;
 				};
 
 				# we're using a file to store the user information
diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix
index 328d12a..3dcf72a 100644
--- a/nix/hosts/corrino/ports.nix
+++ b/nix/hosts/corrino/ports.nix
@@ -1,5 +1,5 @@
 {
-	ports.emile = {
+	emile.ports = {
 		stream_rtmp = 1935;
 		initrd_ssh = 2222;
 		photo = 2342;
diff --git a/nix/hosts/corrino/secrets/garage_admin_token.age b/nix/hosts/corrino/secrets/garage_admin_token.age
new file mode 100644
index 0000000..1bc8704
--- /dev/null
+++ b/nix/hosts/corrino/secrets/garage_admin_token.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 gvwQ2Q +qdhwlgS4MaUdxNROnXkjbWLRHyQs3G4KGHXJHqYVUE
+whoAbhOn+Z2HlQ57GVgEJJFqY9oQX9r4TzzJ2kkOD3Y
+-> ssh-ed25519 m8VklA dsxnbEnyP966b0BiQeW5XqLFGvGDpOmdl3VpnUaOJSY
+SbHtpAxMrQPJ92UZXwPCNE1GLTQ5lqIejHwRYy5K//4
+--- LYG1z15VGoP41kGq2Yphpi8b5/10xM3vq54tyxNOl/w
+
XZ	ܮ0mlp-xYHQ3*P5Ua
+dP*vxʂז)ڵ-I
rzcY
\ No newline at end of file
diff --git a/nix/hosts/corrino/secrets/garage_metrics_token.age b/nix/hosts/corrino/secrets/garage_metrics_token.age
new file mode 100644
index 0000000..d5b31d9
--- /dev/null
+++ b/nix/hosts/corrino/secrets/garage_metrics_token.age
Binary files differdiff --git a/nix/hosts/corrino/secrets/garage_rpc_secret.age b/nix/hosts/corrino/secrets/garage_rpc_secret.age
new file mode 100644
index 0000000..e228d0d
--- /dev/null
+++ b/nix/hosts/corrino/secrets/garage_rpc_secret.age
Binary files differdiff --git a/nix/hosts/corrino/secrets/new.age b/nix/hosts/corrino/secrets/new.age
new file mode 100644
index 0000000..9be87cc
--- /dev/null
+++ b/nix/hosts/corrino/secrets/new.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 gvwQ2Q VtbGsF2Tt1ULvk0uphKdtlYb9pDQ6qyLWgLLuRfGoSs
+1ej6KBYHsYoP86FD1tTutTTtZLaB9Q7RPJOhs0qp4rI
+-> ssh-ed25519 m8VklA VnK3k8GOgjTaVpmMNM9e+7H2CRJLvdildQ1xrR5GdCs
+NSRA/5DEySGP+pAOj5bD4voFDTqHSDQLn3GmHJzbLfM
+--- bQqJjZW7yq51fYLhXYhvIy/yrxqd9brNEkBbyKKIaNU
+'Zff
+cQ&ggN̛tgsqDmnl~Sbm}#>S^ڳZW
u
\ No newline at end of file
diff --git a/nix/hosts/corrino/secrets/sftpgo_env.age b/nix/hosts/corrino/secrets/sftpgo_env.age
new file mode 100644
index 0000000..be9c764
--- /dev/null
+++ b/nix/hosts/corrino/secrets/sftpgo_env.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 gvwQ2Q 225Pnl6irArV4XNAYOlqvnv4Dsl0n0B0Jjd2oWexNAE
+z2pdhakikrjTNzi8MJEtau5yVx3xYY+ajZCIWI/wHR0
+-> ssh-ed25519 m8VklA jJUs+Msu9tH/dtd5jlMC89v74N0FNAyOloMwVVeO/mM
+HvQiM6DAhCzey4M/Zz/ngGo9gLcGjLfSECgNKuxg/tQ
+--- llg2DP4DjaGQ++v4WF97ODsyS4CEhAbuybFtKXgsFp8
+vezKM/CiXGrngDjEp
U&Bd+tSݛt_O+]uo]
++SXF5a4CSmHy(ϳˍ?Q2B8F1IIY*9QKj۪;8l? ϱy@
\ No newline at end of file
diff --git a/nix/hosts/corrino/secrets/sftpgo_oidc_client_secret.age b/nix/hosts/corrino/secrets/sftpgo_oidc_client_secret.age
new file mode 100644
index 0000000..65bee88
--- /dev/null
+++ b/nix/hosts/corrino/secrets/sftpgo_oidc_client_secret.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 gvwQ2Q MAnFAHcV3K0GP/cB3W4dFlBsxdaff56HWA08ynwaFXM
+sSbXNXBqdO2V/sZ/NfgRTk8knT/USLQ0NZH3VOp979M
+-> ssh-ed25519 m8VklA eAjsv8y1tV9VaVE62lOlcIV+Knd+O3dStYGOq48i0EM
+8jefmgs/E1b19fb9rbCk8NWP2PkkMqHEDNlFOjYKad0
+--- CKVUBmV52wAxPzwJ8yG7zXqaQAS4LrBFupBn2CmGf5A
+6nBR۷B&V'ʈhJUB׍^4¬Ti;A~S	f$Zg.^=\WBΔeY~⡨
\ No newline at end of file
diff --git a/nix/hosts/corrino/www/cgit.emile.space.nix b/nix/hosts/corrino/www/cgit.emile.space.nix
deleted file mode 100644
index f309056..0000000
--- a/nix/hosts/corrino/www/cgit.emile.space.nix
+++ /dev/null
@@ -1,574 +0,0 @@
-{ lib, pkgs, ... }:
-
-{
-  environment.systemPackages = with pkgs; [
-	  md4c # used to get md2html for rendering the READMEs
-	];
-
-  services = {
-	  nginx.virtualHosts."git.emile.space" = {
-	    forceSSL = true;
-	    enableACME = true;
-	  };
-
-		cgit.main = {
-			enable = true;
-	 		package = pkgs.cgit-pink;
-			nginx.virtualHost = "git.emile.space";
-			nginx.location = "/";
-			repos = {
-
-        # ops
-				hefe = {
-					desc = "Yet another monorepo (the big nix config)";	
-					path = "/var/lib/git/repositories/hefe.git";
-					section = "Infra";
-					owner = "emile";
-				};
-				vokobe = {
-					desc = "A custom static site generator written in rust";	
-					path = "/var/lib/git/repositories/vokobe.git";
-					section = "Infra";
-					owner = "emile";
-				};
-				massscan-docker = {
-					desc = "A Dockerfile for massscan";	
-					path = "/var/lib/git/repositories/massscan-docker.git";
-					section = "Infra";
-					owner = "emile";
-				};
-				metrics-bundler = {
-					desc = "A super basic metrics bundler";	
-					path = "/var/lib/git/repositories/metrics-bundler.git";
-					section = "Infra";
-					owner = "emile";
-				};
-
-				# matrix
-				matrix-sdk = {
-					desc = "A simpler matrix sdk";	
-					path = "/var/lib/git/repositories/matrix-sdk.git";
-					section = "Matrix";
-					owner = "emile";
-				};
-				matrix-weather-bot = {
-					desc = "A basic weather bot using matrix-sdk";	
-					path = "/var/lib/git/repositories/matrix-weather-bot.git";
-					section = "Matrix";
-					owner = "emile";
-				};
-				
-
-        # radare2
-				radare2-GoReSym = {
-					desc = "A script to load goresym symbols into radare2";	
-					path = "/var/lib/git/repositories/radare2-GoReSym.git";
-					section = "Radare2";
-					owner = "emile";
-				};
-				r2wars = {
-					desc = "A golang implementation of radare2";	
-					path = "/var/lib/git/repositories/r2wars.git";
-					section = "Radare2";
-					owner = "emile";
-				};
-				r2wars-rs = {
-					desc = "A rust implementation of radare2";	
-					path = "/var/lib/git/repositories/r2wars-rs.git";
-					section = "Radare2";
-					owner = "emile";
-				};
-
-				# ctf
-				ctf_clusters = {
-					desc = "visualizing CTF clusters at DEFCON CTF Finals 2022";
-					path = "/var/lib/git/repositories/ctf_clusters.git";
-					section = "CTF";
-					owner = "emile";
-				};
-				lambda = {
-					desc = "hacktm ctf 2023 / misc / know your lambda calculus";
-					path = "/var/lib/git/repositories/lambda.git";
-					section = "CTF";
-					owner = "emile";
-				};
-				ctfdget = {
-					desc = "Simply fetch all challenges from a CTF from CTFd.";
-					path = "/var/lib/git/repositories/ctfdget.git";
-					section = "CTF";
-					owner = "emile";
-				};
-
-        # keyboard
-				zmk-config = {
-					desc = "ferris sweep zmk config";
-					path = "/var/lib/git/repositories/zmk-config.git";
-					section = "Keyboard";
-					owner = "emile";
-				};
-
-				# chaosdorf
-				map = {
-					desc = "A map of the chaosdorf hackspace";
-					path = "/var/lib/git/repositories/map.git";
-					section = "Chaosdorf";
-					owner = "emile";
-				};
-				freitagsfoo = {
-					desc = "A service to submit talks for freitagsfoo";
-					path = "/var/lib/git/repositories/freitagsfoo.git";
-					section = "Chaosdorf";
-					owner = "emile";
-				};
-				inventory = {
-					desc = "A common-lisp mapping and inventory system";
-					path = "/var/lib/git/repositories/inventory.git";
-					section = "Chaosdorf";
-					owner = "emile";
-				};
-
-				# jugend forscht
-				SatelliteComputation = {
-					desc = "Estimating possible Satellite collisions";
-					path = "/var/lib/git/repositories/SatelliteComputation.git";
-					section = "Jugend Forscht 2017";
-					owner = "emile";
-				};
-				GalaxyGeneration = {
-					desc = "Generating Galaxies";
-					path = "/var/lib/git/repositories/GalaxyGeneration.git";
-					section = "Jugend Forscht 2018";
-					owner = "emile";
-				};
-				
-				brute-force = {
-					desc = "A simple benchmark showing how slow this can be";
-					path = "/var/lib/git/repositories/galaxy-sim-brute-force.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				generatePointcloud = {
-					desc = "Generate pointclouds using the NFW profile";
-					path = "/var/lib/git/repositories/generatePointcloud.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				quadtree = {
-					desc = "Simple quadtree implementation";
-					path = "/var/lib/git/repositories/quadtree.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				viewer = {
-					desc = "A viewer for galaxies stored in trees";
-					path = "/var/lib/git/repositories/viewer.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				structs = {
-					desc = "All of the structures used in the GalaxySimulator";
-					path = "/var/lib/git/repositories/structs.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				simulator-container-rewrite = {
-					desc = "Clean rewrite of the simulator-container";
-					path = "/var/lib/git/repositories/simulator-container-rewrite.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				simulator-container = {
-					desc = "Simulating the new position of a galaxye";
-					path = "/var/lib/git/repositories/simulator-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				pres = {
-					desc = "Presentation material";
-					path = "/var/lib/git/repositories/pres.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				manager-container = {
-					desc = "The overall manager";
-					path = "/var/lib/git/repositories/manager-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				generator-container = {
-					desc = "Generates point clouds using the NFW profile";					
-					path = "/var/lib/git/repositories/generator-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				frontpage = {
-					desc = "Web page showing people what the project is about";					
-					path = "/var/lib/git/repositories/frontpage.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				distributor = {
-					desc = "Distributing tasks";					
-					path = "/var/lib/git/repositories/distributor-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				db-controller = {
-					desc = "Interaction with the Database";					
-					path = "/var/lib/git/repositories/db-controller.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				db-container = {
-					desc = "The main database";					
-					path = "/var/lib/git/repositories/db-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				db-actions = {
-					desc = "Actions to be performed on the batabase";					
-					path = "/var/lib/git/repositories/db-actions.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				Writeup = {
-					desc = "Writeups using LaTeX";					
-					path = "/var/lib/git/repositories/Writeup.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				Source = {
-					desc = "Code from the beginning";					
-					path = "/var/lib/git/repositories/Source.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-				NFW-container = {
-					desc = "A container purely for generating galaxies";					
-					path = "/var/lib/git/repositories/NFW-container.git";
-					section = "Jugend Forscht 2019";
-					owner = "emile";
-				};
-
-				# games
-				"0h-gamejam-game" = {
-					desc = "Created a game in 0 hours";
-					path = "/var/lib/git/repositories/0hour-gamejam-game.git";
-					section = "Games";
-					owner = "emile";
-				};
-
-				# 3D
-				"3D" = {
-					desc = "3D models";
-					path = "/var/lib/git/repositories/3D.git";
-					section = "3D";
-					owner = "emile";
-				};
-
-				# http
-				faila = {
-					desc = "The caddy fileserver look, but int pure golang";
-					path = "/var/lib/git/repositories/faila.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				faila2 = {
-					desc = "faila, but simpler";
-					path = "/var/lib/git/repositories/faila2.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				gofuzz = {
-					desc = "wfuzz, but in go. Didn't know ffuf at the time";
-					path = "/var/lib/git/repositories/gofuzz.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				graphClicker = {
-					desc = "A metrics bundler, but with a simple web interface";
-					path = "/var/lib/git/repositories/graphClicker.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				randomHttp = {
-					desc = "A simple HTTP server returning random HTTP codes";
-					path = "/var/lib/git/repositories/randomHTTP.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				redir = {
-					desc = "A webserver with the soul purpose of redirecting.";
-					path = "/var/lib/git/repositories/redir.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-				reqlog = {
-					desc = "A simple request logger";
-					path = "/var/lib/git/repositories/reqlog.git";
-					section = "HTTP";
-					owner = "emile";
-				};
-
-				# honeypot
-				ssh-catch-test = {
-					desc = "A simple honeypot emulating an ssh server.";
-					path = "/var/lib/git/repositories/ssh-catch-test.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				honeypot-monitoring = {
-					desc = "Grafana + Prometheus monitoring";	
-					path = "/var/lib/git/repositories/honeypot-monitoring.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				ftp-grab-password = {
-					desc = "Grab ftp creds (made by twink0r)";	
-					path = "/var/lib/git/repositories/ftp-grab-password.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				log-analyzer = {
-					desc = "Analyse the logs";	
-					path = "/var/lib/git/repositories/honeypot-log-analyzer.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				http-grab-basicauth = {
-					desc = "Grab basicauth creds (made by maride)";	
-					path = "/var/lib/git/repositories/http-grab-basicauth.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				http-grab-url = {
-					desc = "Grab urls (made by twink0r)";	
-					path = "/var/lib/git/repositories/http-grab-url.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				ssh-grab-keypass = {
-					desc = "Grab keys from ssh logins (made by maride)";	
-					path = "/var/lib/git/repositories/ssh-grab-keypass.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				ssh-grab-passwords = {
-					desc = "Grab passwords from ssh logins (made by maride)";	
-					path = "/var/lib/git/repositories/ssh-grab-passwords.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-				ssh-grab-passwords-map = {
-					desc = "A nice visual map of the login attempts";	
-					path = "/var/lib/git/repositories/ssh-grab-passwords-map.git";
-					section = "Honeypot";
-					owner = "emile";
-				};
-
-        # fuzzing
-				stdin-to-tcp = {
-					desc = "Bending stdin to tcp";
-					path = "/var/lib/git/repositories/stdin-to-tcp.git";
-					section = "Fuzzing";
-					owner = "emile";
-				};
-
-				# firmware
-				firmware = {
-					desc = "Gathering firmware via nix";
-					path = "/var/lib/git/repositories/firmware.git";
-					section = "Firmware";
-					owner = "emile";
-				};
-
-				# crypto
-				Substitution-Cracker = {
-					desc = "Some code for cracking substitution ciphers";
-					path = "/var/lib/git/repositories/Substitution-Cracker.git";
-					section = "Crypto";
-					owner = "emile";
-				};
-
-				# fun
-				giff = {
-					desc = "A party service: give it gifs and it'll play them";
-					path = "/var/lib/git/repositories/giff.git";
-					section = "Fun";
-					owner = "emile";
-				};
-				pixeltsunami = {
-					desc = "The obligatory pixelflut client";
-					path = "/var/lib/git/repositories/pixeltsunami.git";
-					section = "Fun";
-					owner = "emile";
-				};
-
-				# circus
-				companion = {
-					desc = "The companion spawned for one user.";
-					path = "/var/lib/git/repositories/companion.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				compose = {
-					desc = "The docker-compose foo";
-					path = "/var/lib/git/repositories/compose.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				container-manager = {
-					desc = "The meta container managemer";
-					path = "/var/lib/git/repositories/container-manager.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				landingpage = {
-					desc = "The landing page";
-					path = "/var/lib/git/repositories/landingpage.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				manager = {
-					desc = "The manager";
-					path = "/var/lib/git/repositories/manager.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				register = {
-					desc = "The registration";
-					path = "/var/lib/git/repositories/register.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				scoreboard = {
-					desc = "The scoreboard";
-					path = "/var/lib/git/repositories/scoreboard.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				static = {
-					desc = "Some static files";
-					path = "/var/lib/git/repositories/static.git";
-					section = "Circus";
-					owner = "emile";
-				};
-				vpn = {
-					desc = "The VPN stuff";
-					path = "/var/lib/git/repositories/vpn.git";
-					section = "Circus";
-					owner = "emile";
-				};
-
-				# articles
-				barnes-hut = {
-					desc = "A one pager compressing the JuFo19 project";
-					path = "/var/lib/git/repositories/paged-out-barnes-hut.git";
-					section = "Articles";
-					owner = "emile";
-				};
-
-				# satellite
-				tle = {
-					desc = "golang tle lib";
-					path = "/var/lib/git/repositories/tle.git";
-					section = "Satellite";
-					owner = "emile";
-				};
-				tle2json = {
-					desc = "golang tle to json";
-					path = "/var/lib/git/repositories/tle2json.git";
-					section = "Satellite";
-					owner = "emile";
-				};
-			};
-			settings = {
-				css = "https://emile.space/cgit.css";
-				root-title = "git.emile.space";
-				root-desc = "";
-
-				enable-index-owner = 0; # why show this? I own 'em all!
-		    enable-commit-graph = 1;
-				max-repo-count = 5000; # like: why not?
-
-			  readme = ":README.md";
-				about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
-				source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
-
-				summary-log = 50;
-
-        # mobile friendly
-				head-include = builtins.toFile "cgit_head.html" ''
-				  <meta name="viewport" content="width=device-width initial-scale=1.0"/>
-				'';
-
-				footer = builtins.toFile "cgit_footer.html" ''
-				  <div class="footer">
-						<div class="float-left">
-							generated by <a href='https://git.causal.agency/cgit-pink/'>cgit-pink ${pkgs.cgit-pink.version}</a>
-						</div>
-						<div class="float-right">
-							<a href="https://social.emile.space/@hanemile/feed.rss" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/rss.svg" alt="rss feed of @hanemile@chaos.social mastodon" height="32px"></a>
-							<a href="https://lieu.cblgh.org/" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/lieu.svg" alt="lieu webring search engine" height="32px"></a>
-							<a href="https://webring.xxiivv.com/#emile" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/webring.svg" alt="XXIIVV webring" height="32px"></a>
-							<a rel="me" href="https://social.emile.space/@hanemile" target="_blank" class="icon"><img class="webring" src="https://emile.space/activitypub.svg" alt="activitypub" height="32px"/></a>
-					</div>
-				'';
-
-			};
-		};
-
-		# access control
-		gitolite = {
-		  enable = true;
-
-			dataDir = "/var/lib/git";
-
-			user = "git";
-			group = "git";
-
-			description = "emile";
-
-	    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZi43zHEsoWaQomLGaftPE5k0RqVrZyiTtGqZlpWsew emile@caladan";
-	    extraGitoliteRc = ''
-		    $RC{UMASK} = 0027;
-		    $RC{GIT_CONFIG_KEYS} = '.*';
-		  '';
-		};
-
-		# exposing stuff
-		gitDaemon = {
-			enable = true;
-
-			user = "git";
-			group = "git";
-
-			repositories = []; # use all repos under basePath
-			exportAll = true;
-			basePath = "/var/lib/git/repositories";
-
-			listenAddress = "git.emile.space";
-			port = 9418;
-
-			options = "--timeout=30"; # extra Config
-		};
-	};
-
-  users.extraUsers.nginx.extraGroups = [ "git" ];
-
-	# Have to use lib.mkForce below, as the gitolite and gitDaemon user both
-	# configure the git user and group (differently)
-
-  users.users.git = {
-    isSystemUser = true;
-    useDefaultShell = true;
-		description = lib.mkForce "cgit-pink, gitolite and gitDaemon";
-    group = "git";
-    extraGroups = [ "gitea" ];
-    home = "/var/lib/git";
-    uid = lib.mkForce 127;
-  };
-  users.groups.git = {
-		gid = lib.mkForce 127;
-	};
-}
diff --git a/nix/hosts/corrino/www/cs.emile.space.nix b/nix/hosts/corrino/www/cs.emile.space.nix
deleted file mode 100644
index b095162..0000000
--- a/nix/hosts/corrino/www/cs.emile.space.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-# Run sourcegraph, including its entire machinery, in a container.
-# Running it outside of a container is a futile endeavour for now.
-
-# adapted from https://cs.tvl.fyi/depot/-/blob/ops/modules/sourcegraph.nix
-
-{ config, ... }:
-
-let
-  ports = import ../ports.nix;
-in {
-  services.nginx.virtualHosts."cs.emile.space" = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations = {
-      "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.cs}";
-
-        extraConfig = ''
-          location = / {
-            return 301 https://cs.emile.space/hefe;
-          }
-
-          location / {
-            proxy_set_header X-Sg-Auth "Anonymous";
-            proxy_pass http://localhost:7080;
-          }
-
-          location /users/Anonymous/settings {
-            return 301 https://cs.emile.space;
-          }
-        '';
-      };
-    };
-  };
-
-  virtualisation.oci-containers.backend = "docker";
-  virtualisation.oci-containers.containers.sourcegraph = {
-    image = "sourcegraph/server:5.1.1";
-
-    ports = [
-      "127.0.0.1:${toString ports.cs}:7080"
-    ];
-
-    volumes = [
-      "/var/lib/sourcegraph/etc:/etc/sourcegraph"
-      "/var/lib/sourcegraph/data:/var/opt/sourcegraph"
-    ];
-
-    # Sourcegraph needs a higher nofile limit, it logs warnings
-    # otherwise (unclear whether it actually affects the service).
-    extraOptions = [
-      "--ulimit"
-      "nofile=10000:10000"
-    ];
-  };
-}
-
diff --git a/nix/hosts/corrino/www/ctf.emile.space.nix b/nix/hosts/corrino/www/ctf.emile.space.nix
index 5c9d49a..1d8b382 100644
--- a/nix/hosts/corrino/www/ctf.emile.space.nix
+++ b/nix/hosts/corrino/www/ctf.emile.space.nix
@@ -1,15 +1,13 @@
-{ ... }:
+{ config, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."ctf.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.ctf}";
+        proxyPass = "http://127.0.0.1:${toString config.emile.ports.ctf}";
       };
     };
   };
@@ -20,7 +18,7 @@ in {
       "ctfd" = {
         image = "ctfd/ctfd";
         ports = [
-          "${toString ports.ctf}:8000"
+          "${toString config.emile.ports.ctf}:8000"
         ];
       };
     };
diff --git a/nix/hosts/corrino/www/events.emile.space.nix b/nix/hosts/corrino/www/events.emile.space.nix
deleted file mode 100644
index d7f5d50..0000000
--- a/nix/hosts/corrino/www/events.emile.space.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{ ... }:
-
-let
-  ports = import ../ports.nix;
-in {
-  services.nginx.virtualHosts."events.emile.space" = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations = {
-      "/" = {
-        extraConfig = ''
-          proxyPass = "http://[::1]:${toString ports.events}";
-        '';
-      };
-    };
-  };
-
-  # Create users:
-  #
-  # go into the mobilizon-launchers directory within the nix store (systemctl
-  # status mobilizon..., you'll find it there somehow)
-  #
-  # ; sudo -u mobilizon ./bin/mobilizon_ctl users.new emile@emile.space --moderator --admin
-
-  services = {
-    mobilizon = {
-      enable = true;
-      settings.":mobilizon" = {
-        "Mobilizon.Web.Endpoint" = {
-          url.host = "events.emile.space";
-          http.port = ports.events;
-
-          # The IP address to listen on. Defaults to [::1] notated as a byte
-          # tuple.
-          # (Yes, this is an elexir application and they've mapped the type system
-          # into nix)
-          http.ip = {
-            _elixirType = "tuple";
-            value = [ 0 0 0 0 0 0 0 1 ];
-          };
-
-          has_reverse_proxy = true;
-        };
-
-        "Mobilizon.Storage.Repo" = {
-          username = "mobilizon";
-          socket_dir = "/var/run/postgresql";
-          database = "mobilizon_prod";
-        };
-
-        ":instance" = rec {
-          name = "events.emile.space";
-          hostname = "emile.space";
-          email_reply_to = email_from;
-          email_from = "noreply@$emile.space";
-        };
-      };
-    };
-  };
-}
diff --git a/nix/hosts/corrino/www/git.emile.space.nix b/nix/hosts/corrino/www/git.emile.space.nix
deleted file mode 100644
index 2d3dca7..0000000
--- a/nix/hosts/corrino/www/git.emile.space.nix
+++ /dev/null
@@ -1,172 +0,0 @@
-{ lib, pkgs, config, ... }:
-
-let
-  cfg = config.services.gitea;
-  ports = import ../ports.nix;
-  authelia-location = ''
-    set $upstream_authelia http://127.0.0.1:9091/api/authz/auth-request;
-
-    ## Virtual endpoint created by nginx to forward auth requests.
-    location /internal/authelia/authz {
-      ## Essential Proxy Configuration
-      internal;
-      proxy_pass $upstream_authelia;
-
-      ## Headers
-      ## The headers starting with X-* are required.
-      proxy_set_header X-Original-Method $request_method;
-      proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header Content-Length "";
-      proxy_set_header Connection "";
-
-      ## Basic Proxy Configuration
-      proxy_pass_request_body off;
-      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
-      proxy_redirect http:// $scheme://;
-      proxy_http_version 1.1;
-      proxy_cache_bypass $cookie_session;
-      proxy_no_cache $cookie_session;
-      proxy_buffers 4 32k;
-      client_body_buffer_size 128k;
-
-      ## Advanced Proxy Configuration
-      send_timeout 5m;
-      proxy_read_timeout 240;
-      proxy_send_timeout 240;
-      proxy_connect_timeout 240;
-    }
-  '';
-
-  authelia-authrequest = ''
-    ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
-    auth_request /internal/authelia/authz;
-
-    ## Save the upstream metadata response headers from Authelia to variables.
-    auth_request_set $user $upstream_http_remote_user;
-    auth_request_set $groups $upstream_http_remote_groups;
-    auth_request_set $name $upstream_http_remote_name;
-    auth_request_set $email $upstream_http_remote_email;
-
-    ## Inject the metadata response headers from the variables into the request made to the backend.
-    proxy_set_header Remote-User $user;
-    proxy_set_header Remote-Groups $groups;
-    proxy_set_header Remote-Email $email;
-    proxy_set_header Remote-Name $name;
-
-    ## Configure the redirection when the authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method'
-    ## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url
-    ## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily.
-
-    ## Modern Method: Set the $redirection_url to the Location header of the response to the Authz endpoint.
-    auth_request_set $redirection_url $upstream_http_location;
-
-    ## Modern Method: When there is a 401 response code from the authz endpoint redirect to the $redirection_url.
-    error_page 401 =302 $redirection_url;
-
-    ## Legacy Method: Set $target_url to the original requested URL.
-    ## This requires http_set_misc module, replace 'set_escape_uri' with 'set' if you don't have this module.
-    # set_escape_uri $target_url $scheme://$http_host$request_uri;
-
-    ## Legacy Method: When there is a 401 response code from the authz endpoint redirect to the portal with the 'rd'
-    ## URL parameter set to $target_url. This requires users update 'auth.example.com/' with their external authelia URL.
-    # error_page 401 =302 https://auth.example.com/?rd=$target_url;
-  '';
-in {
-  services.nginx.virtualHosts."git.emile.space" = {
-    forceSSL = true;
-    enableACME = true;
-
-    # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
-    # extraConfig = authelia-location;
-
-    locations = {
-      "/" = {
-        # proxyPass = "http://127.0.0.1:3000";
-        proxyPass = "http://127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}";
-
-        # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
-        # extraConfig = authelia-authrequest;
-      };
-    };
-  };
-
-	# auth via authelia
-	services.authelia.instances.main.settings.identity_providers.oidc.clients = [
-  	{
-  		id = "git";
-
-  		# ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-  		secret = "$pbkdf2-sha512$310000$4bi9wRkfcqnjbdmgt7rU.g$pQ2mC6GW4.BQwanGKKFhFyIx6Y.WY80xd/YpmlYOPnlnGBWpp0dSOTv6a/2yqSA5D.EuRkGCyeexSE5FdCK2TA";
-  		public = false;
-  		authorization_policy = "two_factor";
-  		redirect_uris = [
-  			"https://git.emile.space/user/oauth2/authelia/callback"
-  		];
-  		scopes = [
-  			"openid"
-  			"email"
-  			"profile"
-  		];
-  	}
-  ];
-
-  services.gitea = rec {
-    enable = true;
-
-    appName = "git.emile.space";
-
-    # unstable in order to use the 1.20... version
-    #package = pkgs.forgejo;
-    package = pkgs.unstable.forgejo;
-
-    stateDir = "/var/lib/gitea";
-    repositoryRoot = "${stateDir}/repositories";
-
-    settings = {
-      service.DISABLE_REGISTRATION = true;
-
-      DEFAULT = {
-        WORK_PATH = "/var/lib/gitea";
-      };
-
-      server = {
-        DOMAIN = pkgs.lib.mkForce "git.emile.space";
-        ROOT_URL = pkgs.lib.mkForce "https://git.emile.space";
-        HTTP_PORT = ports.git;
-
-        #START_SSH_SERVER = true;
-        BUILTIN_SSH_SERVER_USER = "git";
-        SSH_USER = "gitea";
-        SSH_DOMAIN = "git.emile.space";
-
-        REPO_INDEXER_ENABLED = true;
-      };
-
-      indexer = {
-        REPO_INDEXER_ENABLED = true;
-        ISSUE_INDEXER_PATH = "${stateDir}/indexers/issues.bleve";
-        REPO_INDEXER_PATH = "${stateDir}/indexers/repos.bleve";
-        MAX_FILE_SIZE = 1048576;
-        REPO_INDEXER_INCLUDE = "";
-        REPO_INDEXER_EXCLUDE = "resources/bin/**";
-      };
-
-      #federation = {
-      #  enable = true;
-      #  share_user_statistics = true;
-      #  max_size = 4;
-      #};
-    };
-  };
-
-  users.users.git = {
-    isSystemUser = true;
-    useDefaultShell = true;
-    group = "git";
-    extraGroups = [ "gitea" ];
-    home = cfg.stateDir;
-    uid = 127;
-  };
-  users.groups.git = { };
-}
diff --git a/nix/hosts/corrino/www/grafana.emile.space.nix b/nix/hosts/corrino/www/grafana.emile.space.nix
index 7627ad2..3464421 100644
--- a/nix/hosts/corrino/www/grafana.emile.space.nix
+++ b/nix/hosts/corrino/www/grafana.emile.space.nix
@@ -1,8 +1,6 @@
 { config, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services = {
     nginx.virtualHosts."grafana.emile.space" = {
       addSSL = true;
@@ -18,7 +16,7 @@ in {
       settings = {
         server = {
           http_addr = "127.0.0.1";
-          http_port = ports.grafana;
+          http_port = config.emile.ports.grafana;
           domain = "grafana.emile.space";
           root_url = "https://grafana.emile.space/";
         };
@@ -49,21 +47,21 @@ in {
     prometheus = {
       enable = true;
       retentionTime = "356d";
-      port = ports.prometheus;
+      port = config.emile.ports.prometheus;
 
       exporters = {
         node = {
           enable = true;
           enabledCollectors = [ "systemd" ];
-          port = ports.prometheus_node_exporter;
+          port = config.emile.ports.prometheus_node_exporter;
         };
         systemd = {
           enable = true;
-          port = ports.prometheus_systemd_exporter;
+          port = config.emile.ports.prometheus_systemd_exporter;
         };
         smartctl = {
           enable = true;
-          port = ports.prometheus_smartctl_exporter;
+          port = config.emile.ports.prometheus_smartctl_exporter;
         };
       };
       scrapeConfigs = [
diff --git a/nix/hosts/corrino/www/hydra.emile.space.nix b/nix/hosts/corrino/www/hydra.emile.space.nix
index 00405f4..97d5962 100644
--- a/nix/hosts/corrino/www/hydra.emile.space.nix
+++ b/nix/hosts/corrino/www/hydra.emile.space.nix
@@ -1,8 +1,6 @@
 { config, pkgs, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."hydra.emile.space" = {
     forceSSL = true;
     enableACME = true;
@@ -30,7 +28,7 @@ in {
     });
 
     listenHost = "*";
-    port = ports.hydra;
+    port = config.emile.ports.hydra;
     hydraURL = "https://hydra.emile.space"; # externally visible URL
 
     # Directory that holds Hydra garbage collector roots.
diff --git a/nix/hosts/corrino/www/jupyter.emile.space.nix b/nix/hosts/corrino/www/jupyter.emile.space.nix
deleted file mode 100644
index 18e56a0..0000000
--- a/nix/hosts/corrino/www/jupyter.emile.space.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ pkgs, config, ... }:
-
-let
-  ports = import ../ports.nix;
-in {
-  services.nginx.virtualHosts."jupyter.emile.space" = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations = {
-      "/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.jupyter.port}";
-      };
-    };
-  };
-
-  services.jupyter = {
-    enable = true;
-
-    ip = "127.0.0.1";
-    port = ports.jupyter;
-
-    # ; python3
-    # >>> from notebook.auth import passwd
-    # >>> passwd("the_password_here")
-    password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$WdU+DaBjTaiV1IQDRJUczg$N734yZ45++Kgl26lFEZau58ru8e7P/IgL9N6sf+kw9E'";
-
-    notebookConfig = ''
-      c.NotebookApp.allow_remote_access = True
-      c.NotebookApp.allow_origin = '*'
-    '';
-
-    kernels = {
-      python3 = let
-        env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
-                ipykernel
-              ]));
-      in {
-        displayName = "Python 3";
-        argv = [
-          "${env.interpreter}"
-          "-m"
-          "ipykernel_launcher"
-          "-f"
-          "{connection_file}"
-        ];
-        language = "python";
-        #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
-        #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
-        extraPaths = {
-          "cool.txt" = pkgs.writeText "cool" "cool content";
-        };
-      };
-    };
-
-    group = "jupyter";
-    user = "jupyter";
-  };
-
-  users.users.jupyter.group = "jupyter";
-  users.groups.jupyter = {};
-}
diff --git a/nix/hosts/corrino/www/magic-hash.emile.space.nix b/nix/hosts/corrino/www/magic-hash.emile.space.nix
index 4f57d12..f41fb80 100644
--- a/nix/hosts/corrino/www/magic-hash.emile.space.nix
+++ b/nix/hosts/corrino/www/magic-hash.emile.space.nix
@@ -1,15 +1,13 @@
 { config, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."magic-hash.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.magic-hash}";
+        proxyPass = "http://127.0.0.1:${toString config.emile.ports.magic-hash}";
       };
     };
   };
@@ -20,7 +18,7 @@ in {
       "ctfd" = {
         image = "magic-hash";
         ports = [
-          "${toString ports.magic-hash}:80"
+          "${toString config.emile.ports.magic-hash}:80"
         ];
         environment = {
 
diff --git a/nix/hosts/corrino/www/md.emile.space.nix b/nix/hosts/corrino/www/md.emile.space.nix
index d7bdd00..7ad7a94 100644
--- a/nix/hosts/corrino/www/md.emile.space.nix
+++ b/nix/hosts/corrino/www/md.emile.space.nix
@@ -1,8 +1,6 @@
 { config, pkgs, ... }:
 
-let
-	ports = import ../ports.nix;
-in {
+{
 	services.nginx.virtualHosts."md.emile.space" = {
 		forceSSL = true;
 		enableACME = true;
@@ -61,7 +59,7 @@ in {
 
 		settings = {
 			host = "127.0.0.1";
-			port = ports.md;
+			port = config.emile.ports.md;
 
 			domain = "md.emile.space";
 
diff --git a/nix/hosts/corrino/www/netbox.emile.space.nix b/nix/hosts/corrino/www/netbox.emile.space.nix
index e87d118..fdfadc0 100644
--- a/nix/hosts/corrino/www/netbox.emile.space.nix
+++ b/nix/hosts/corrino/www/netbox.emile.space.nix
@@ -1,8 +1,6 @@
 { config, pkgs, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."netbox.emile.space" = {
     forceSSL = true;
     enableACME = true;
@@ -27,7 +25,7 @@ in {
     enableLdap = false;
     settings = {};
     secretKeyFile = config.age.secrets.netbox_secret.path;
-    port = ports.netbox;
+    port = config.emile.ports.netbox;
     listenAddress = "[::1]";
   };
 
diff --git a/nix/hosts/corrino/www/pgweb.emile.space.nix b/nix/hosts/corrino/www/pgweb.emile.space.nix
deleted file mode 100644
index 1ce8063..0000000
--- a/nix/hosts/corrino/www/pgweb.emile.space.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ pkgs, ... }:
-
-let
-  ports = import ../ports.nix;
-in {
-  services.nginx.virtualHosts."pgweb.emile.space" = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations = {
-      "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.pgweb}";
-      };
-    };
-  };
-
-  environment.systemPackages = with pkgs; [ pgweb ];
-
-  # systemd.services.pgweb = {
-  #   wantedBy = [ "multi-user.target" ];
-  #   serviceConfig.ExecStart = "${pkgs.pgweb}/bin/pwgeb";
-  # };
-}
diff --git a/nix/hosts/corrino/www/photo.emile.space.nix b/nix/hosts/corrino/www/photo.emile.space.nix
index 6ebf94d..9c1e97a 100644
--- a/nix/hosts/corrino/www/photo.emile.space.nix
+++ b/nix/hosts/corrino/www/photo.emile.space.nix
@@ -1,8 +1,6 @@
 { config, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."photo.emile.space" = {
     forceSSL = true;
     enableACME = true;
@@ -19,7 +17,7 @@ in {
     enable = true;
 
     address = "127.0.0.1";
-    port = ports.photo;
+    port = config.emile.ports.photo;
 
     passwordFile = config.age.secrets.photoprism_password.path;
 
diff --git a/nix/hosts/corrino/www/social.emile.space.nix b/nix/hosts/corrino/www/social.emile.space.nix
index ddfa5ef..62e1933 100644
--- a/nix/hosts/corrino/www/social.emile.space.nix
+++ b/nix/hosts/corrino/www/social.emile.space.nix
@@ -1,8 +1,6 @@
 { config, pkgs, ... }:
 
-let
-	ports = import ../ports.nix;
-in {
+{
 
 	# the reverse proxy to gotosocial
   services.nginx.virtualHosts."social.emile.space" = {
@@ -10,7 +8,7 @@ in {
     enableACME = true;
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.gotosocial}";
+        proxyPass = "http://127.0.0.1:${toString config.emile.ports.gotosocial}";
 				proxyWebsockets = true;
         extraConfig = ''
           client_max_body_size 40M;
@@ -79,7 +77,7 @@ in {
 		package = pkgs.gotosocial;
 		settings = {
 			host = "social.emile.space";
-			port = ports.gotosocial;
+			port = config.emile.ports.gotosocial;
 			bind-address = "127.0.0.1";
 			account-domain = "emile.space";
 			db-type = "sqlite";
diff --git a/nix/hosts/corrino/www/stream.emile.space.nix b/nix/hosts/corrino/www/stream.emile.space.nix
index 21ee627..3104ab6 100644
--- a/nix/hosts/corrino/www/stream.emile.space.nix
+++ b/nix/hosts/corrino/www/stream.emile.space.nix
@@ -1,8 +1,6 @@
 { config, ... }:
 
-let
-  ports = import ../ports.nix;
-in {
+{
   services.nginx.virtualHosts."stream.emile.space" = {
     forceSSL = true;
     enableACME = true;
@@ -20,7 +18,7 @@ in {
     openFirewall = true;
     listen = "0.0.0.0";
     dataDir = "/var/lib/owncast";
-    rtmp-port = ports.stream_rtmp;
-    port = ports.stream; # web interface
+    rtmp-port = config.emile.ports.stream_rtmp;
+    port = config.emile.ports.stream; # web interface
   };
 }