about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/caladan/aliases.nix18
-rw-r--r--nix/hosts/caladan/darwin-configuration.nix9
-rw-r--r--nix/hosts/caladan/home_emile.nix306
-rw-r--r--nix/hosts/caladan/home_hydra.nix2
-rw-r--r--nix/hosts/caladan/session_variables.zsh6
-rw-r--r--nix/hosts/corrino/configuration.nix14
-rw-r--r--nix/hosts/corrino/ports.nix3
-rw-r--r--nix/hosts/corrino/www/cs.emile.space.nix54
-rw-r--r--nix/hosts/corrino/www/db.emile.space.nix23
-rw-r--r--nix/hosts/corrino/www/emile.space.nix2
-rw-r--r--nix/hosts/corrino/www/git/cgit.nix29
-rw-r--r--nix/hosts/corrino/www/grafana.emile.space.nix24
-rw-r--r--nix/hosts/corrino/www/hydra.emile.space.nix3
-rw-r--r--nix/hosts/corrino/www/irc.emile.space.nix155
-rw-r--r--nix/hosts/corrino/www/nix-cache/default.nix7
-rw-r--r--nix/hosts/corrino/www/nix-cache/index.txt22
-rw-r--r--nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix58
-rw-r--r--nix/hosts/lampadas/configuration.nix11
18 files changed, 697 insertions, 49 deletions
diff --git a/nix/hosts/caladan/aliases.nix b/nix/hosts/caladan/aliases.nix
index e314f72..58c224e 100644
--- a/nix/hosts/caladan/aliases.nix
+++ b/nix/hosts/caladan/aliases.nix
@@ -1,30 +1,27 @@
 {
   ":q" = "exit";
   ls = "eza";
-  ytop = "btm";
 
   # short forms
   tf = "terraform";
-  h = "mosh hack";
 
   r2help = ''r2 -qq -c "?*~..." --'';
   mosh = "mosh --no-init";
   t = "task";
   tw = "timew";
 
-  ipa = "scutil --nwi";
+  ipa = "scutil --nwi"; # more `ip a` like info on macos
 
   # this can be super nice and super annoying at the same time:
   # ssh = "kitty +kitten ssh";
 
-  light = "kitty +kitten themes --reload-in=all Ayu Light";
-  dark = "kitty +kitten themes --reload-in=all Ayu";
-
-
   ".." = "cd ..";
   "..." = "cd ../..";
   "...." = "cd ../../..";
   "....." = "cd ../../../..";
+  "......" = "cd ../../../../..";
+  "......." = "cd ../../../../../..";
+  "........" = "cd ../../../../../../..";
 
   grep = "grep --color=auto";
   nix-stray-roots = ''
@@ -34,7 +31,7 @@
 
   servethis = "python3 -m http.server";
 
-  # nmap foo
+  # these are the oh-my-zsh nmap plugin aliases which are nice to have around imho
   nmap_open_ports = "nmap --open";
   nmap_list_interfaces = "nmap --iflist";
   nmap_slow = "sudo nmap -sS -v -T1";
@@ -50,6 +47,7 @@
   nmap_full_with_scripts = "sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all " ;
   nmap_web_safe_osscan = "sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy ";
   nmap_ping_scan = "nmap -n -sP";
-  lm = "sudo kitten themes --reload-in=all 3024 Day";
-  dm = "sudo kitten themes --reload-in=all Default";
+
+  light = "sudo kitten themes --reload-in=all 3024 Day";
+  dark = "sudo kitten themes --reload-in=all Default";
 }
diff --git a/nix/hosts/caladan/darwin-configuration.nix b/nix/hosts/caladan/darwin-configuration.nix
index a181b35..2461fd2 100644
--- a/nix/hosts/caladan/darwin-configuration.nix
+++ b/nix/hosts/caladan/darwin-configuration.nix
@@ -85,17 +85,14 @@
     config.allowUnfree = true;
   };
 
-  programs.fish.enable = true;
-
   services.nix-daemon.enable = true;
 
+  # <3
   security.pam.enableSudoTouchIdAuth = true;
 
   environment = {
-    systemPackages = [
-      pkgs.yarr
-    ];
-    shells = with pkgs; [ bashInteractive zsh fish ];
+    systemPackages = [ ]; # set via home-manager
+    shells = with pkgs; [ bashInteractive zsh ];
   };
 
 }
diff --git a/nix/hosts/caladan/home_emile.nix b/nix/hosts/caladan/home_emile.nix
index f57daaf..06131dd 100644
--- a/nix/hosts/caladan/home_emile.nix
+++ b/nix/hosts/caladan/home_emile.nix
@@ -1,14 +1,17 @@
-{ pkgs, lib, stdenv, ... }:
+{ pkgs, ... }:
 
 {
   home = {
+    # The state version is required and should stay at the version you
+    # originally installed.
     stateVersion = "22.11";
     username = "emile";
     homeDirectory = "/Users/emile";
   };
 
-  # let home-manager install and manage itself
   programs = {
+
+    # let home-manager install and manage itself
     home-manager.enable = true;
 
     direnv = { 
@@ -56,8 +59,285 @@
     emacs = {
       enable = true;
       package = pkgs.emacs;
+      extraPackages = epkgs: with epkgs; [
+        nix-mode
+        magit
+        meow
+      ];
       extraConfig = ''
         (setq standard-indent 2)
+
+        ;; MELPA Packages
+        (require 'package)
+        (package-initialize)
+        (add-to-list 'package-archives '("melpa" . "https://melpa.org/packages/") t)
+        (unless package-archive-contents
+          (package-refresh-contents))
+
+        ;; Install packages.
+        (dolist (package '(use-package sly corfu org))
+          (unless (package-installed-p package)
+            (package-install package)))
+
+        (use-package org)
+
+        ;(use-package evil-colemak-basics)
+
+        (when (display-graphic-p)
+          (tool-bar-mode 0)
+          (scroll-bar-mode 0))
+        (setq inhibit-startup-screen t)
+
+        (load-theme 'leuven) ;; light theme
+
+        ;; pixel perfect scrolling
+        (setq pixel-scroll-precision-mode 1)
+
+        ;; dont create lockfiles
+        (setq create-lockfiles nil)
+
+        ;; delete excess backup version silently
+        (setq delete-old-versions -1)
+        (setq make-backup-files nil) ; stop creating ~ files
+
+        ;; use version controll
+        (setq version-control t)
+
+        ;; utf8 by default(setq coding-system-for-read 'utf-8)
+        (setq coding-system-for-write 'utf-8)
+
+        ;; org-mode
+        (require 'org)
+        (define-key global-map "\C-cl" 'org-store-link)
+        (define-key global-map "\C-ca" 'org-agenda)
+        (setq org-log-done t)
+
+        ;; random emacs foo
+        (setq-default indent-tabs-mode nil) ;; use spaces, not tabs
+        (setq show-paren-delay 0)
+        (show-paren-mode)
+
+        ;; write customizations to a custom file
+        (setq custom-file (expand-file-name "custom.el" user-emacs-directory))
+
+        ;; Configure SBCL as the Lisp program for SLIME
+        (add-to-list 'exec-path "/Users/emile/.nix-profile/bin")
+        (defvar inerior-lisp-program "clisp")
+
+        ;; configure parinfer to be enabled as a mode when the major lisp mode is enabled
+        (add-to-list 'load-path "/Users/emile/parinfer-rust")
+        (add-hook 'emacs-lisp-mode 'parinfer-rust-mode)
+        (add-hook 'emacs-lisp-mods (lambda () (lispy-mode 1)))
+
+        (require 'meow)
+
+        (defun meow-setup ()
+          "My colemak-dh meow keybindings with some helix influence."
+          (setq meow-cheatsheet-layout meow-cheatsheet-layout-colemak-dh)
+          (meow-motion-overwrite-define-key
+           ;; Use e to move up, n to move down.
+           ;; Since special modes usually use n to move down, we only overwrite e here.
+           '("e" . meow-prev)
+           '("<escape>" . ignore))
+          (meow-leader-define-key
+           '("?" . meow-cheatsheet)
+           ;; To execute the originally e in MOTION state, use SPC e.
+           '("e" . "H-e")
+           '("1" . meow-digit-argument)
+           '("2" . meow-digit-argument)
+           '("3" . meow-digit-argument)
+           '("4" . meow-digit-argument)
+           '("5" . meow-digit-argument)
+           '("6" . meow-digit-argument)
+           '("7" . meow-digit-argument)
+           '("8" . meow-digit-argument)
+           '("9" . meow-digit-argument)
+           '("0" . meow-digit-argument))
+          (meow-normal-define-key
+           '("0" . meow-expand-0)
+           '("1" . meow-expand-1)
+           '("2" . meow-expand-2)
+           '("3" . meow-expand-3)
+           '("4" . meow-expand-4)
+           '("5" . meow-expand-5)
+           '("6" . meow-expand-6)
+           '("7" . meow-expand-7)
+           '("8" . meow-expand-8)
+           '("9" . meow-expand-9)
+           '("-" . negative-argument)
+           '(";" . meow-reverse)
+           '("," . meow-inner-of-thing)
+           '("." . meow-bounds-of-thing)
+           '("[" . meow-beginning-of-thing)
+           '("]" . meow-end-of-thing)
+           '("/" . meow-visit)
+           '("a" . meow-append)
+           '("A" . meow-open-below)
+           '("b" . meow-back-word)
+           '("B" . meow-back-symbol)
+           '("c" . meow-change)
+           ; '("C" . )
+           '("d" . meow-delete)
+           ;'("D" . delete-window)
+           '("e" . meow-next)
+           '("E" . meow-next-expand)
+           '("f" . find-file)
+           '("F" . flycheck-list-errors)
+           '("g" . meow-cancel-selection)
+           '("G" . meow-grab)
+           '("h" . meow-mark-word)
+           '("H" . meow-mark-symbol)
+           '("i" . meow-prev)
+           '("I" . meow-prev-expand)
+           '("j" . meow-join)
+           ; '("J" . )
+           '("k" . meow-kill)
+           '("K" . meow-paren-mode)
+           '("l" . meow-line)
+           '("L" . meow-goto-line)
+           '("m" . meow-block)
+           '("M" . meow-to-block)
+           '("n" . meow-left)
+           '("N" . meow-left-expand)
+           '("o" . meow-right)
+           '("O" . meow-right-expand)
+           '("p" . meow-yank)
+           ; '("P" . )
+           '("q" . meow-quit)
+           ; '("Q" . )
+           '("r" . meow-replace)
+           '("R" . undo-redo)
+           '("s" . meow-insert)
+           '("S" . meow-open-above)
+           '("t" . meow-till)
+           ; '("T" . )
+           '("u" . meow-undo)
+           '("U" . meow-undo-in-selection)
+           '("v" . meow-search)
+           '("w" . meow-next-word)
+           '("W" . meow-next-symbol)
+           '("x" . meow-delete)
+           '("X" . meow-backward-delete)
+           '("y" . meow-save)
+           '("z" . meow-pop-selection)
+           ; '("Z" . )
+           '("'" . repeat)
+           '("<escape>" . ignore)))
+
+
+        (meow-setup)
+        (meow-global-mode 1)
+
+        ;; Corfu completion
+        (use-package corfu
+          :custom
+          (corfu-cycle-tab t)
+          (corfu-auto t)
+          (corfu-auto-prefix 2)
+          (corfu-auto-delay 0.0)
+          (corfu-quit-at-boundary 'separator)
+          (corfu-echo-documentation 0.5)
+          (corfu-preview-current 'insert)
+          (corfu-preselect 'prompt)
+          :bind (:map corfu-map
+                      ("M-SPC" . corfu-insert-separator)
+                      ("RET" . nil)
+                      ("TAB" . corfu-next)
+                      ([tab] . corfu-next)
+                      ("S-TAB" . corfu-previous)
+                      ([backtab] . corfu-previous)
+                      ("S-<return>" . corfu-inser))
+          :init
+          (global-corfu-mode)
+          (corfu-history-mode)
+
+          :config
+          (add-hook 'eshell-mode-hook
+                    (lambda ()
+                      (setq-local corfu-quit-at-boundary t
+                                  corfu-quit-no-match t
+                                  corfu-auto nil)
+                      (corfu-mode))))
+
+        ;; In-margin annotations
+        (use-package marginalia
+          :custom
+          (marginalia-max-relative-age 0)
+          (marginalia-align 'right)
+          :init
+          (marginalia-mode))
+
+        ;; Fancy icons
+        (use-package all-the-icons-completion
+          :after (marginalia all-the-icons)
+          :hook (marginalia . all-the-icons-completion-marginalia-setup)
+          :init (all-the-icons-completion-mode))
+
+        ;; Usable minibuffers
+        (use-package vertico
+          :init (vertico-mode)
+          :custom (vertico-count 13)
+          (vertico-resize t)
+          (vertico-cycle nil)
+          :config (vertico-mode))
+
+        ;; orderless completion
+        ;; This allows searching for space separated terms in any order
+        (use-package orderless
+          :init (setq completion-styles '(orderless basic)
+                      completion-category-defaults nil
+                      completion-category-overrides '((file (styles partial-completion)))
+                      ))
+
+        ;; general purpose emacs settings
+        (use-package emacs
+          :init
+
+          ;; do not allow cursor in the minibuffer prompt
+          (setq minibuffer-prompt-properties
+                '(read-only t cursor-intangible t face minibuffer-prompt))
+          (add-hook 'minibuffer-setup-hook #'cursor-intangible-mode)
+
+          ;; support opening new minibuffers from inside existing minibuffers
+          (setq enable-recursive-minibuffers t)
+
+          ;; Emacs 28 and newer: Hide commands in M-x which do not work in the current
+          ;; mode. Vertico commands are hidden in normal buffers. This setting is
+          ;; useful beyond Vertico.
+          (setq read-extended-command-predicate #'command-completion-default-include-p))
+
+        ;; Add "lisp" to the list of languages babel is allowed to eval
+        ;(setq-default org-babel-lisp-eval-fn #'sly-eval)
+        (org-babel-do-load-languages
+         'org-babel-load-languages
+         '((lisp . t)))
+
+        ;; markdown mode
+        (use-package markdown-mode
+          :ensure t
+          :mode ("README\\.md\\'" . gfm-mode)
+          :init (setq markdown-command "multimarkdown"))
+
+        ;; minibuffer with help when waiting too long
+        (use-package which-key
+          :ensure t
+          :config
+          (setq which-key-idle-delay 0.1)
+          (setq which-key-idle-secondary-delay 0.1)
+          (which-key-mode))
+
+        ;; Display imenu (symbols) in a separate buffer
+        (use-package imenu-list :ensure t
+          :init
+          (setq imenu-list-auto-resize t)
+          (setq imenu-list-focus-after-activation t))
+
+        ;; error checking
+        (use-package flycheck
+          :ensure t
+          :init (global-flycheck-mode))
+
+        (provide '.emacs)                       ; makes flycheck happy
       '';
     };
 
@@ -103,7 +383,7 @@
         "cmd+shift+k" = "move_window up";
         "cmd+shift+l" = "move_window right";
 
-        "cmd+shift+m" = "detach_window ask";
+        # "cmd+shift+m" = "detach_window ask";
 
         "command+j" = "kitten pass_keys.py neighboring_window bottom command+j";
         "command+k" = "kitten pass_keys.py neighboring_window top    command+k";
@@ -112,14 +392,14 @@
         "command+b" = "combine : clear_terminal scroll active : send_text normal,application \x0c";
 
         # "ctrl+n" = "send_text all \x0e";
-        "ctrl+e" = "send_text all \x01h";
-        "ctrl+n" = "send_text all \x01i";
-        "ctrlshift++n" = "send_text all \x01i";
-
-        "ctrl+left" = "resize_window wider";
-        "ctrl+right" = "resize_window narrower";
-        "ctrl+up" = "resize_window shorter";
-        "ctrl+down" = "resize_window taller";
+        # "ctrl+e" = "send_text all \x01h";
+        # "ctrl+n" = "send_text all \x01i";
+        # "ctrlshift++n" = "send_text all \x01i";
+
+        # "ctrl+left" = "resize_window wider";
+        # "ctrl+right" = "resize_window narrower";
+        # "ctrl+up" = "resize_window shorter";
+        # "ctrl+down" = "resize_window taller";
       };
 
       environment = { };
@@ -193,6 +473,10 @@
 
     tiny # irc
 
+    rlwrap
+
+    entr
+
     # blender
 
   # ] ++ lib.optionals stdenv.isDarwin [
diff --git a/nix/hosts/caladan/home_hydra.nix b/nix/hosts/caladan/home_hydra.nix
index 25686da..1161d9a 100644
--- a/nix/hosts/caladan/home_hydra.nix
+++ b/nix/hosts/caladan/home_hydra.nix
@@ -7,8 +7,8 @@
   homeDirectory = "/Users/hydra";
  };
 
- # let home-manager install and manage itself
  programs = {
+  # let home-manager install and manage itself
   home-manager.enable = true;
  };
 
diff --git a/nix/hosts/caladan/session_variables.zsh b/nix/hosts/caladan/session_variables.zsh
index 05badcd..6f850c8 100644
--- a/nix/hosts/caladan/session_variables.zsh
+++ b/nix/hosts/caladan/session_variables.zsh
@@ -6,8 +6,10 @@ export PROMPT="; "		# minimal prompt
 #export RPROMPT="%F{green}%/%F{reset}"
 export RPROMPT="%F{green}%/%F{reset} %D{%K:%M:%S}" 
 
-# reset the prompt, so we get the time the command was executed
-# in the rprompt
+# Reset the prompt, so we get the time the command was executed
+# in the rprompt. A single second was to much, as it also breaks all the
+# prompt suggestions, 5 seconds seems quite sensible, and you can just hit
+# `TAB` yet another time if you want to see the suggestions again
 TMOUT=5
 TRAPALRM() {
   zle reset-prompt
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix
index 1f054ff..5f012b0 100644
--- a/nix/hosts/corrino/configuration.nix
+++ b/nix/hosts/corrino/configuration.nix
@@ -18,6 +18,9 @@ in {
       ./ports.nix
 
       ./www/git
+      ./www/nix-cache
+
+      # screego
 
       # web
       ./www/emile.space.nix
@@ -36,6 +39,9 @@ in {
       ./www/social.emile.space.nix
       ./www/sso.emile.space.nix
       ./www/s3.emile.space.nix
+      ./www/cs.emile.space.nix
+      ./www/irc.emile.space.nix
+      ./www/db.emile.space.nix
 
       # ./www/irc.emile.space.nix
       # ./www/irc
@@ -456,10 +462,6 @@ in {
     };
   };
 
-  virtualisation.podman = {
-    enable = true;
-    autoPrune.enable = true;
-  };
   virtualisation = {
     # docker.enable = true;
     libvirtd = {
@@ -479,6 +481,10 @@ in {
         };
       };
     };
+    podman = {
+      enable = true;
+      autoPrune.enable = true;
+    };
   };
   # programs.virt-manager.enable = true;
 
diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix
index 2d7ba06..6f17be5 100644
--- a/nix/hosts/corrino/ports.nix
+++ b/nix/hosts/corrino/ports.nix
@@ -11,13 +11,16 @@
 		grafana = 3002;
 		md = 3003;
 		gotosocial = 3004;
+		harmonia = 5000;
 		irc = {
 			 clear = 6667;
 			 ssl = 6697;
 		};
+		hound = 6080;
 		stream = 8080;
 		netbox = 8001;
 		restic = 8002;
+		nocodb = 8003;
 		r2wars-web = 8089;
 		ctf = 8338;
 		magic-hash = 8339;
diff --git a/nix/hosts/corrino/www/cs.emile.space.nix b/nix/hosts/corrino/www/cs.emile.space.nix
new file mode 100644
index 0000000..4f1b91e
--- /dev/null
+++ b/nix/hosts/corrino/www/cs.emile.space.nix
@@ -0,0 +1,54 @@
+{ config, lib, ... }:
+
+let
+
+	# get's all repos configured in cgit and converts them into some JSON that is used by hound
+	repos = builtins.toJSON
+		(lib.mergeAttrsList
+			(map
+				(x: {"${x.name}" = { url = "file://${x.path}"; }; })
+				(lib.mapAttrsToList
+					(name: value: value // { name = "${name}"; })
+					config.services.cgit.main.repos)));
+in {
+	services.nginx.virtualHosts."cs.emile.space" = {
+		forceSSL = true;
+		enableACME = true;
+		locations = {
+			"/" = {
+        proxyPass = "http://${config.services.hound.listen}";
+			};
+		};
+	};
+
+	# add hound user to git group so the local repos can be read
+  # users.users.hound.extraGroups = [ "git" ];
+
+	users.groups."git".members = [ "hound" ];
+
+	# The `.gitignore` of the user `hound` should contain the following:
+	#
+	# [safe]
+  #       directory = /var/lib/git/repositories/*
+  #       directory = /var/lib/git/repositories/faila.git
+  #       directory = /var/lib/git/repositories/faila2.git
+
+	services.hound = {
+		enable = true;
+
+		config = ''
+			{
+			  "dbpath": "/var/lib/hound/data",
+			  "max-concurrent-indexers" : 6,
+		    "vcs-config" : {
+	        "git" : {
+            "detect-ref" : true
+	        }
+		    },
+			  "repos" : ${repos}
+			}
+		'';
+
+		listen = "127.0.0.1:${toString config.emile.ports.hound}";
+	};
+}
diff --git a/nix/hosts/corrino/www/db.emile.space.nix b/nix/hosts/corrino/www/db.emile.space.nix
new file mode 100644
index 0000000..7cb365e
--- /dev/null
+++ b/nix/hosts/corrino/www/db.emile.space.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  services.nginx.virtualHosts."db.emile.space" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:${toString config.emile.ports.nocodb}";
+      };
+    };
+  };
+  virtualisation.oci-containers = {
+    containers = {
+      "noco" = {
+        image = "nocodb/nocodb:latest";
+				volumes = [ "nocodb:/usr/app/data" ];
+        ports = [ "${toString config.emile.ports.nocodb}:8080" ];
+      };
+    };
+  };
+}
diff --git a/nix/hosts/corrino/www/emile.space.nix b/nix/hosts/corrino/www/emile.space.nix
index c39ca31..8b67d84 100644
--- a/nix/hosts/corrino/www/emile.space.nix
+++ b/nix/hosts/corrino/www/emile.space.nix
@@ -13,6 +13,8 @@
         ''; 
       };
 
+      # As the social.emile.space server actually uses redirects from emile.space, they have to be
+      # setup somewhere. Well... this is that place
       "/@hanemile".extraConfig = ''
         return 301 https://social.emile.space/@hanemile;
       '';
diff --git a/nix/hosts/corrino/www/git/cgit.nix b/nix/hosts/corrino/www/git/cgit.nix
index 1e63dfc..b48157a 100644
--- a/nix/hosts/corrino/www/git/cgit.nix
+++ b/nix/hosts/corrino/www/git/cgit.nix
@@ -1,10 +1,33 @@
 { config, lib, pkgs, ... }:
 
+let
+	repodirs = builtins.concatStringsSep "\n"
+		(map
+			(x: "directory = ${x}")
+			(lib.lists.flatten
+				(map
+					(x: lib.attrValues (lib.getAttrs [ "path" ] x))
+					(lib.mapAttrsToList
+						(name: value: value)
+						config.services.cgit.main.repos))));
+in
 {
   environment.systemPackages = with pkgs; [
-	  md4c # used to get md2html for rendering the READMEs
+	  md4c # used to get md2html for rendering the READMEs within cgit-pink
 	];
 
+	# set all the repos as safe
+	environment.etc = {
+	  gitconfig = {
+	    text = ''
+				[http]
+					sslCAinfo = /etc/ssl/certs/ca-certificates.crt
+				[safe]
+					${repodirs}
+	    '';
+		};
+	};
+	
   services = {
 	  nginx.virtualHosts."git.emile.space" = {
 	    forceSSL = true;
@@ -469,7 +492,7 @@
 				# articles
 				barnes-hut = {
 					desc = "A one pager compressing the JuFo19 project";
-					path = "/var/lib/git/repositories/paged-out-barnes-hut.git";
+					path = "/var/lib/git/repositories/barnes-hut.git";
 					section = "Articles";
 					owner = "emile";
 				};
@@ -544,7 +567,7 @@
 
 		# exposing stuff
 		gitDaemon = {
-			enable = true;
+			enable = false;
 
 			user = "git";
 			group = "git";
diff --git a/nix/hosts/corrino/www/grafana.emile.space.nix b/nix/hosts/corrino/www/grafana.emile.space.nix
index 3464421..eaf88b5 100644
--- a/nix/hosts/corrino/www/grafana.emile.space.nix
+++ b/nix/hosts/corrino/www/grafana.emile.space.nix
@@ -2,12 +2,22 @@
 
 {
   services = {
-    nginx.virtualHosts."grafana.emile.space" = {
-      addSSL = true;
-      enableACME = true;
-      locations."/" = {
-          proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}/";
-          proxyWebsockets = true;
+    nginx.virtualHosts = {
+      "grafana.emile.space" = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+            proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}/";
+            proxyWebsockets = true;
+        };
+      };
+      "prometheus.emile.space" = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+            proxyPass = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}/";
+            proxyWebsockets = true;
+        };
       };
     };
 
@@ -47,6 +57,8 @@
     prometheus = {
       enable = true;
       retentionTime = "356d";
+
+      listenAddress = "[::1]";
       port = config.emile.ports.prometheus;
 
       exporters = {
diff --git a/nix/hosts/corrino/www/hydra.emile.space.nix b/nix/hosts/corrino/www/hydra.emile.space.nix
index 97d5962..6628a67 100644
--- a/nix/hosts/corrino/www/hydra.emile.space.nix
+++ b/nix/hosts/corrino/www/hydra.emile.space.nix
@@ -57,7 +57,8 @@
       <git-input>
         timeout = 3600
       </git-input>
-      evaluator_restrict_eval = false
+      binary_cache_public_uri = https://nix-cache.emile.space
     '';
+      # evaluator_restrict_eval = false
   };
 }
diff --git a/nix/hosts/corrino/www/irc.emile.space.nix b/nix/hosts/corrino/www/irc.emile.space.nix
new file mode 100644
index 0000000..f738d62
--- /dev/null
+++ b/nix/hosts/corrino/www/irc.emile.space.nix
@@ -0,0 +1,155 @@
+{ config, ... }:
+
+{
+	# Create a tls cert for the irc server
+	security.acme.certs = {
+		"irc.emile.space" = {
+			webroot = "/var/lib/acme/acme-challenge/";
+			email = "acme@emile.space";
+			postRun = "cp fullchain.pem /home/ergo/ && cp key.pem /home/ergo && chown ergo:ergo /home/ergo/*.pem && systemctl reload ergo.service";
+		};
+	};
+
+	# Allow ergo to access the created cert
+	# The systemd server runs using a dynamic user, so the below inserts the .pem files
+	#   into "/run/credentials/ergochat.service/key.pem"
+	systemd.services.ergochat.serviceConfig = {
+		LoadCredential = [
+			"fullchain.pem:/var/lib/acme/irc.emile.space/fullchain.pem"
+			"key.pem:/var/lib/acme/irc.emile.space/key.pem"
+		];
+	};
+
+	# allow connections to the port from the "outside"
+  networking.firewall.allowedTCPPorts = [ config.emile.ports.irc.ssl ];
+
+	services.ergochat = {
+		enable = true;
+
+		# https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
+		settings = {
+		  accounts = {
+		    authentication-enabled = true;
+		    multiclient = {
+		      allowed-by-default = true;
+		      always-on = "opt-out";
+		      auto-away = "opt-out";
+		      enabled = true;
+		    };
+		    registration = {
+		      enabled = true;
+		      allow-before-connect = true;
+		      bcrypt-cost = 4;
+		      email-verification = {
+		        enabled = false;
+		      };
+		      throttling = {
+		        duration = "10m";
+		        enabled = true;
+		        max-attempts = 30;
+		      };
+		    };
+		  };
+		  channels = {
+		    default-modes = "+ntC";
+		    registration = {
+		      enabled = true;
+		    };
+		  };
+		  datastore = {
+		    autoupgrade = true;
+		    path = "/var/lib/ergo/ircd.db";
+		  };
+		  history = {
+		    enabled = true;
+		    autoreplay-on-join = 0;
+		    autoresize-window = "3d";
+		    channel-length = 2048;
+		    chathistory-maxmessages = 100;
+		    client-length = 256;
+		    restrictions = {
+		      expire-time = "1w";
+		      grace-period = "1h";
+		      query-cutoff = "none";
+		    };
+		    retention = {
+		      allow-individual-delete = false;
+		      enable-account-indexing = false;
+		    };
+		    tagmsg-storage = {
+		      default = false;
+		      whitelist = [
+		        "+draft/react"
+		        "+react"
+		      ];
+		    };
+		    znc-maxmessages = 2048;
+		  };
+		  limits = {
+		    awaylen = 390;
+		    channellen = 64;
+		    identlen = 20;
+		    kicklen = 390;
+		    nicklen = 32;
+		    topiclen = 390;
+		  };
+		  network = {
+		    name = "emilespace";
+		  };
+		  server = {
+		    casemapping = "permissive";
+		    check-ident = false;
+		    enforce-utf = true;
+		    forward-confirm-hostnames = false;
+		    ip-cloaking = {
+		      enabled = false;
+		    };
+		    ip-limits = {
+		      count = false;
+		      throttle = false;
+		    };
+		    listeners = {
+					# sts only port
+		      ":6667".sts-only = true;
+
+					# loopback listeners
+		      # "127.0.0.1:6668" = {};
+		      # "[::]:6668" = {};
+
+		      ":${toString config.emile.ports.irc.ssl}" = {
+						tls = {
+							cert = "/run/credentials/ergochat.service/fullchain.pem";
+							key = "/run/credentials/ergochat.service/key.pem";
+						};
+
+						# for cloud load balancers setting a PROXY header, NOT reverse proxies...
+						proxy = false;
+
+						min-tls-version = 1.2;
+					};
+		    };
+		    lookup-hostnames = false;
+		    max-sendq = "1M";
+		    name = "emile.space";
+		    relaymsg = {
+		      enabled = false;
+		    };
+				sts = {
+					enabled = true; # redirect from plain to tls if supported
+
+					# how long clients should be forced to use TLS for.
+					# (Emile): no clue why, can I set something like \infty here?
+					duration = "12m";
+
+				};
+		  };
+			logging = [
+				{
+					method = "stderr";
+					type = "* -userinput -useroutput";
+					level = "debug";
+				}
+			];
+		};
+	};
+}
diff --git a/nix/hosts/corrino/www/nix-cache/default.nix b/nix/hosts/corrino/www/nix-cache/default.nix
new file mode 100644
index 0000000..da2537c
--- /dev/null
+++ b/nix/hosts/corrino/www/nix-cache/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+	imports = [
+		./nix-cache.emile.space.nix
+	];
+}
diff --git a/nix/hosts/corrino/www/nix-cache/index.txt b/nix/hosts/corrino/www/nix-cache/index.txt
new file mode 100644
index 0000000..514b288
--- /dev/null
+++ b/nix/hosts/corrino/www/nix-cache/index.txt
@@ -0,0 +1,22 @@
+Nix Cache by emile
+
+Public key:
+
+	nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A=
+
+NixOS Configuration:
+
+  nix.settings = {
+    substituters = [
+      "https://nix-cache.emile.space"
+    ];
+    trusted-public-keys = [
+			"nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A="
+    ];
+  }
+
+Try:
+
+  nix build --substituters "https://nix-cache.emile.space" \
+  --trusted-public-keys "nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A=" \
+  "git+https://git.emile.space/hefe.git#r2wars-web"
diff --git a/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix b/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix
new file mode 100644
index 0000000..690e422
--- /dev/null
+++ b/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix
@@ -0,0 +1,58 @@
+{ ... }:
+
+{
+	services.nginx.virtualHosts."nix-cache.emile.space" = {
+		forceSSL = false;
+		enableACME = false;
+	};
+  #   locations = {
+  #     "/" = {
+  #       root = "/var/www/emile.space";
+  #       extraConfig = ''
+  #         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  #       ''; 
+  #     };
+		# };
+		# locations."= /" = {
+		# 	index = "/index.txt";
+		# };
+  #   locations."= /index.txt" = {
+  #     root = ./index.txt;
+  #   };
+  #   locations."= /nix/store/" = {
+  #     extraConfig = ''
+  #       return 404;
+  #     '';
+  #   };
+  #   locations."/nix/store/" = {
+  #     root = "/";
+  #     extraConfig = ''
+  #       autoindex on;
+  #       autoindex_exact_size off;
+  #     '';
+  #   };
+  #   locations."/" = {
+		# 	proxyPass = "http://${config.services.harmonia.settings.bind}";
+		# 	extraConfig = ''
+	 #      proxy_set_header Host $host;
+	 #      proxy_redirect http:// https://;
+	 #      proxy_http_version 1.1;
+	 #      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	 #      proxy_set_header Upgrade $http_upgrade;
+	 #      proxy_set_header Connection $connection_upgrade;
+
+	 #      zstd on;
+	 #      zstd_types application/x-nix-archive;
+		# 	'';
+		# };
+	# };
+
+ #  services.harmonia = {
+	# 	enable = true;
+
+	# 	# TODO(emile): manage this using age
+	# 	signKeyPath = "/var/lib/secrets/harmonia.secret";
+
+ #    settings.bind = "[::1]:${toString config.emile.ports.harmonia}";
+	# };
+}
diff --git a/nix/hosts/lampadas/configuration.nix b/nix/hosts/lampadas/configuration.nix
index 2453a88..748164c 100644
--- a/nix/hosts/lampadas/configuration.nix
+++ b/nix/hosts/lampadas/configuration.nix
@@ -153,14 +153,15 @@ in {
         load printers = no
         server min protocol = SMB3
         server smb encrypt = required 
-        read raw = Yes
-        write raw = Yes
-        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
         min receivefile size = 16384
         use sendfile = true
         aio read size = 16384
         aio write size = 16384
         server multi channel support = yes
+        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
+        read raw = Yes
+        write raw = Yes
+        large readwrite = yes
       '';
       shares = {
         public = {
@@ -172,8 +173,8 @@ in {
           "available" = "yes";
           "create mask" = "2775";
           "directory mask" = "2775";
-          "force create mask" = "2775";
-          "force directory mask" = "2775";
+          # "force create mask" = "2775";
+          # "force directory mask" = "2775";
           "force user" = "samba-guest";
           "comment" = "public data";
           "writable" = "yes";