From f72f22b250ecf22657ffc9e6082086377031ea8a Mon Sep 17 00:00:00 2001
From: tzlil <tzlils@protonmail.com>
Date: Sun, 30 Jul 2023 13:19:39 +0300
Subject: clean up a bit

---
 hosts/default.nix                    |  22 ++++-
 hosts/navi/default.nix               |  24 +-----
 hosts/vps/default.nix                |  50 ++---------
 hosts/vps/git.nix                    |  93 --------------------
 hosts/vps/hardware-configuration.nix |  36 ++++++++
 hosts/vps/hydrus.nix                 |  60 -------------
 hosts/vps/maloja.nix                 |  51 -----------
 hosts/vps/matrix.nix                 | 159 -----------------------------------
 hosts/vps/services/git.nix           |  93 ++++++++++++++++++++
 hosts/vps/services/hydrus.nix        |  60 +++++++++++++
 hosts/vps/services/maloja.nix        |  51 +++++++++++
 hosts/vps/services/matrix.nix        | 159 +++++++++++++++++++++++++++++++++++
 hosts/vps/services/website.nix       | 139 ++++++++++++++++++++++++++++++
 hosts/vps/website.nix                | 139 ------------------------------
 mixins/cli.nix                       |   1 +
 profiles/core.nix                    |  43 ----------
 profiles/gentoo.nix                  |  37 --------
 profiles/impermanence.nix            |   7 +-
 profiles/stdenv.nix                  |  37 ++++++++
 profiles/tzlil.nix                   |   7 +-
 20 files changed, 611 insertions(+), 657 deletions(-)
 delete mode 100644 hosts/vps/git.nix
 create mode 100644 hosts/vps/hardware-configuration.nix
 delete mode 100644 hosts/vps/hydrus.nix
 delete mode 100644 hosts/vps/maloja.nix
 delete mode 100644 hosts/vps/matrix.nix
 create mode 100644 hosts/vps/services/git.nix
 create mode 100644 hosts/vps/services/hydrus.nix
 create mode 100644 hosts/vps/services/maloja.nix
 create mode 100644 hosts/vps/services/matrix.nix
 create mode 100644 hosts/vps/services/website.nix
 delete mode 100644 hosts/vps/website.nix
 delete mode 100644 profiles/core.nix
 delete mode 100644 profiles/gentoo.nix
 create mode 100644 profiles/stdenv.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index 164030c..1367391 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -7,7 +7,7 @@ inputs: let
         ../profiles/security.nix
         ../profiles/ssh.nix
         ../profiles/network.nix
-	../profiles/impermanence.nix
+        ../profiles/impermanence.nix
       ];
     }
     inputs.agenix.nixosModules.age
@@ -32,6 +32,11 @@ inputs: let
       hermetic = false;
     };
   };
+
+  stateVersion = v: {
+    home-manager.users.tzlil.home.stateVersion = v;
+    system.stateVersion = v;
+  };
 in {
   navi = inputs.nixpkgs.lib.nixosSystem {
     system = "x86_64-linux";
@@ -41,6 +46,21 @@ in {
         "${inputs.self}/hosts/navi"
         {networking.hostName = "navi";}
         (nixinate "navi")
+        (stateVersion "23.11")
+      ]
+      ++ commonProfiles
+      ++ commonHome;
+  };
+
+  vps = inputs.nixpkgs.lib.nixosSystem {
+    system = "x86_64-linux";
+    specialArgs = {inherit inputs;};
+    modules =
+      [
+        "${inputs.self}/hosts/vps"
+        {networking.hostName = "vps";}
+        (nixinate "vps")
+        (stateVersion "22.05")
       ]
       ++ commonProfiles
       ++ commonHome;
diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix
index 497f5f7..e689bc3 100644
--- a/hosts/navi/default.nix
+++ b/hosts/navi/default.nix
@@ -7,26 +7,22 @@
 }: {
   imports = [
     ./hardware-configuration.nix
-    # ../../profiles/core.nix
     ../../profiles/graphical.nix
     ../../mixins/tailscale.nix
     ../../mixins/cli.nix
     ../../mixins/greet.nix
-    # ../../mixins/hyprland.nix
     ../../mixins/sway.nix
     ../../mixins/pipewire.nix
     ../../mixins/multimedia.nix
-    # ../../mixins/emacs
     ../../mixins/syncthing.nix
   ];
 
   config = {
-    system.stateVersion = "23.11";
     boot = {
       tmp.cleanOnBoot = true;
       initrd = {
         supportedFilesystems = ["btrfs"];
-        availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "usbhid" "snd_usb_audio"];
+        availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "usbhid" "snd_usb_audio" "hid_logitech_dj" "hid_logitech_hidpp"];
       };
       supportedFilesystems = ["ntfs"];
       kernelModules = ["kvm-intel" "snd-seq" "snd-rawmidi" "bridge"];
@@ -45,24 +41,6 @@
 
     time.timeZone = lib.mkDefault "Israel";
 
-    /*
-    fileSystems."/" = {
-      device = "none";
-      fsType = "tmpfs";
-      # hyprland doesnt compile with noexec root
-      options = ["defaults" "size=8G" "mode=755"];
-    };
-
-    fileSystems."/boot" = {
-      device = "/dev/disk/by-uuid/34CB-F158";
-      fsType = "vfat";
-    };
-
-    fileSystems."/nix" = {
-      device = "/dev/disk/by-uuid/8a8cc550-034e-4545-a958-564779f51061";
-      fsType = "btrfs";
-    };
-    */
     zramSwap = {
       enable = true;
       algorithm = "zstd";
diff --git a/hosts/vps/default.nix b/hosts/vps/default.nix
index 3597c5c..4741374 100644
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@@ -5,29 +5,17 @@
   ...
 }: {
   imports = [
-    ../../profiles/core.nix
-    ../../profiles/user.nix
-    ../../profiles/ssh.nix
+    ./hardware-configuration.nix
     ../../mixins/tailscale.nix
     ../../mixins/cli.nix
-    ./website.nix
-    ./git.nix
-    ./hydrus.nix
-    ./matrix.nix
-    ./maloja.nix
+    ./services/website.nix
+    ./services/git.nix
+    ./services/hydrus.nix
+    ./services/matrix.nix
+    ./services/maloja.nix
   ];
 
   config = {
-    _module.args.nixinate = {
-      host = "vps";
-      sshUser = "tzlil";
-      buildOn = "remote"; # valid args are "local" or "remote"
-      substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
-      hermetic = false;
-    };
-
-    networking.hostName = "vps";
-
     boot = {
       kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
       loader.grub.device = "/dev/vda";
@@ -41,34 +29,8 @@
 
     networking.interfaces.ens3.useDHCP = lib.mkDefault true;
 
-    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-    virtualisation.hypervGuest.enable = true;
-
     time.timeZone = lib.mkDefault "Frankfurt";
 
-    fileSystems = {
-      "/" = {
-        device = "none";
-        fsType = "tmpfs";
-        options = ["noexec" "defaults" "size=2G" "mode=755"];
-      };
-      "/nix" = {
-        device = "/dev/disk/by-uuid/e4c4735d-bfdd-477f-bc43-d07510cb6a9a";
-        fsType = "btrfs";
-      };
-      "/boot" = {
-        device = "/dev/disk/by-uuid/7ea63707-099d-4c21-90eb-a51bfa6d8ba5";
-        fsType = "ext4";
-      };
-    };
-
-    swapDevices = [{device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4";}];
-
-    zramSwap = {
-      enable = true;
-      algorithm = "zstd";
-    };
 
     networking.networkmanager.enable = lib.mkForce false;
 
diff --git a/hosts/vps/git.nix b/hosts/vps/git.nix
deleted file mode 100644
index 8bd4653..0000000
--- a/hosts/vps/git.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
-  config = {
-    users.groups.git = {};
-    users.users.git = {
-      isSystemUser = true;
-      description = "tzlil";
-      group = "git";
-      home = "/home/git";
-      packages = [pkgs.git];
-      shell = "${pkgs.git}/bin/git-shell";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgPE76xQXx1kpvWavHGNOWHiZSFdGfz/rQlISGrKsDe"
-      ];
-    };
-
-    # for syntax highlighting
-    users.groups.fcgiwrap = {};
-    users.users.fcgiwrap = {
-      isSystemUser = true;
-      group = "fcgiwrap";
-      packages = [pkgs.highlight pkgs.fcgiwrap];
-    };
-
-    services = {
-      fcgiwrap = {
-        enable = true;
-        user = "fcgiwrap";
-        group = "fcgiwrap";
-      };
-      caddy = {
-        virtualHosts."tzlil.net".extraConfig = ''
-          bind 0.0.0.0
-          ${config.website.defaultHeaders}
-          handle_path /cgit/* {
-            handle /cgit.png {
-              root * ${pkgs.cgit}/cgit
-              file_server
-            }
-            handle /cgit.css {
-              try_files ${pkgs.fetchurl {
-            url = "https://jeremias.stotter.eu/cgi-bin/cgit.cgi/cgit-dark/plain/cgit.css";
-            sha256 = "sha256-wqszujnWV5PRh3L23L1BFj/PKUElpyu1KhjqrHS8lCw=";
-          }} /
-              file_server
-            }
-            handle /favicon.ico {
-              root * ${pkgs.cgit}/cgit
-              file_server
-            }
-            handle {
-              reverse_proxy unix//run/fcgiwrap.sock {
-                transport fastcgi {
-                  env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
-                  env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} {
-            css = "/cgit/cgit.css";
-            logo = "/cgit/cgit.png";
-            favicon = "/favicon.ico";
-            clone-url = pkgs.lib.concatStringsSep " " [
-              "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
-              "ssh://git@tzlil.net:$CGIT_REPO_URL"
-            ];
-            enable-log-filecount = 1;
-            enable-log-linecount = 1;
-            enable-git-config = 1;
-            root-title = "tzlil.net";
-            root-desc = "Tzlil's Git Repositories";
-            scan-path = "/home/git";
-            about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.py";
-            source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
-            logo-link = "/";
-            virtual-root = "/cgit";
-            readme = ":README.md";
-          })}
-                }
-              }
-          }
-          }
-        '';
-      };
-    };
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/home/git";
-        user = "git";
-        group = "git";
-      }
-    ];
-  };
-}
diff --git a/hosts/vps/hardware-configuration.nix b/hosts/vps/hardware-configuration.nix
new file mode 100644
index 0000000..2d9a5fa
--- /dev/null
+++ b/hosts/vps/hardware-configuration.nix
@@ -0,0 +1,36 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+     fileSystems = {
+      "/" = {
+        device = "none";
+        fsType = "tmpfs";
+        options = ["noexec" "defaults" "size=2G" "mode=755"];
+      };
+      "/nix" = {
+        device = "/dev/disk/by-uuid/e4c4735d-bfdd-477f-bc43-d07510cb6a9a";
+        fsType = "btrfs";
+      };
+      "/boot" = {
+        device = "/dev/disk/by-uuid/7ea63707-099d-4c21-90eb-a51bfa6d8ba5";
+        fsType = "ext4";
+      };
+    };
+
+    swapDevices = [{device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4";}];
+
+    zramSwap = {
+      enable = true;
+      algorithm = "zstd";
+    };
+
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    virtualisation.hypervGuest.enable = true;
+
+}
diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix
deleted file mode 100644
index c967fbc..0000000
--- a/hosts/vps/hydrus.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  config = {
-    users.groups.hydrus = {};
-    users.users.hydrus = {
-      isSystemUser = true;
-      description = "hydrus";
-      group = "hydrus";
-      home = "/home/hydrus";
-    };
-
-    systemd.services.Xvnc = {
-      description = "Xvnc";
-      wantedBy = ["multi-user.target"];
-
-      serviceConfig = {
-        ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none";
-        User = "hydrus";
-        Group = "hydrus";
-        Restart = "on-failure";
-        RestartSec = "5s";
-      };
-    };
-
-    systemd.services.hydrus = {
-      description = "Hydrus";
-      wantedBy = ["multi-user.target" "Xvnc.service"];
-      wants = ["podman-hydrus-web.service"];
-
-      serviceConfig = {
-        Environment = "DISPLAY=:30";
-        ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus";
-        User = "hydrus";
-        Group = "hydrus";
-        Restart = "on-failure";
-        RestartSec = "5s";
-      };
-    };
-
-    security.lockKernelModules = lib.mkForce false;
-    virtualisation.oci-containers.containers.hydrus-web = {
-      ports = ["100.67.217.90:8080:80"];
-      image = "ghcr.io/floogulinc/hydrus-web:dev";
-    };
-
-    networking.firewall.allowedTCPPorts = [45869];
-
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/home/hydrus";
-        user = "hydrus";
-        group = "hydrus";
-      }
-    ];
-  };
-}
diff --git a/hosts/vps/maloja.nix b/hosts/vps/maloja.nix
deleted file mode 100644
index 3d4530d..0000000
--- a/hosts/vps/maloja.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  config = {
-    users.groups.maloja = {};
-    users.users.maloja = {
-      isSystemUser = true;
-      description = "maloja";
-      group = "maloja";
-      home = "/var/lib/maloja";
-    };
-
-    security.lockKernelModules = lib.mkForce false;
-    virtualisation.oci-containers.containers.maloja = {
-      ports = ["42010:42010"];
-      image = "krateng/maloja";
-      volumes = [
-        "/var/lib/maloja:/data"
-      ];
-      environment = {
-        MALOJA_DATA_DIRECTORY = "/data";
-        MALOJA_SKIP_SETUP = "True";
-        MALOJA_NAME = "tzlil";
-        MAlOJA_PROXY_IMAGES = "True";
-      };
-    };
-
-    # systemd.services.podman-maloja.serviceConfig.User = "maloja";
-    # systemd.services.podman-maloja.serviceConfig.Group = "maloja";
-
-    networking.firewall.allowedTCPPorts = [42010];
-
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/var/lib/maloja";
-        user = "maloja";
-        group = "maloja";
-      }
-    ];
-
-    services.caddy = {
-      virtualHosts."fm.tzlil.net".extraConfig = ''
-        bind 0.0.0.0
-        reverse_proxy :42010
-      '';
-    };
-  };
-}
diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix
deleted file mode 100644
index e2aa1a5..0000000
--- a/hosts/vps/matrix.nix
+++ /dev/null
@@ -1,159 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  config = {
-    # services.matrix-synapse = {
-    #   enable = true;
-    #   settings.server_name = config.networking.domain;
-    #   settings.listeners = [
-    #     {
-    #       port = 8008;
-    #       bind_addresses = ["::1"];
-    #       type = "http";
-    #       tls = false;
-    #       x_forwarded = true;
-    #       resources = [
-    #         {
-    #           names = ["client" "federation"];
-    #           compress = true;
-    #         }
-    #       ];
-    #     }
-    #   ];
-    # };
-    # networking.firewall.allowedTCPPorts = [80 443];
-
-    age.secrets.matrix = {
-      file = ../../secrets/matrix.age;
-      mode = "600";
-      owner = "root";
-      group = "root";
-    };
-
-    services.dendrite = let
-      database_config = {
-        connection_string = "postgresql:///dendrite?host=/run/postgresql";
-        max_open_conns = 10;
-        max_idle_conns = 5;
-      };
-    in {
-      enable = true;
-
-      loadCredential = ["private_key:${config.age.secrets.matrix.path}" "tlsCert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt" "tlsKey:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"];
-
-      # tlsCert = "$CREDENTIALS_DIRECTORY/tlsCert";
-      # tlsKey = "$CREDENTIALS_DIRECTORY/tlsKey";
-
-      # httpPort = null;
-      # httpsPort = 8448;
-
-      settings = {
-        global = {
-          server_name = "tzlil.net";
-          private_key = "$CREDENTIALS_DIRECTORY/private_key";
-
-          # preserve across restarts
-          jetstream.storage_path = "/var/lib/dendrite/";
-
-          dns_cache = {
-            enabled = true;
-            cache_size = 4096;
-            cache_lifetime = "600s";
-          };
-
-          presence = {
-            enable_inbound = true;
-            enable_outbound = true;
-          };
-
-          cache.max_size_estimated = "16gb";
-        };
-        federation_api.key_perspectives = [
-          {
-            server_name = "matrix.org";
-            keys = [
-              {
-                key_id = "ed25519:auto";
-                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
-              }
-              {
-                key_id = "ed25519:a_RXGa";
-                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
-              }
-            ];
-          }
-        ];
-
-        app_service_api.database = database_config;
-        federation_api.database = database_config;
-        key_server.database = database_config;
-        media_api.database = database_config;
-        mscs.database = database_config;
-        room_server.database = database_config;
-        sync_api.database = database_config;
-        user_api.account_database = database_config;
-        user_api.device_database = database_config;
-      };
-    };
-
-    systemd.services.dendrite.serviceConfig.ExecStart = lib.mkForce (lib.strings.concatStringsSep " " [
-      "${pkgs.dendrite}/bin/dendrite"
-      "--config /run/dendrite/dendrite.yaml"
-      "--http-bind-address :8008"
-      "--https-bind-address :8448"
-      "--tls-cert $CREDENTIALS_DIRECTORY/tlsCert"
-      "--tls-key $CREDENTIALS_DIRECTORY/tlsKey"
-    ]);
-
-    services.postgresql = {
-      enable = true;
-      ensureUsers = [
-        {
-          name = "dendrite";
-          ensurePermissions = {
-            "DATABASE dendrite" = "ALL PRIVILEGES";
-          };
-        }
-      ];
-
-      ensureDatabases = ["dendrite"];
-    };
-
-    # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-    # systemd.services.dendrite.serviceConfig.User = "dendrite";
-    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
-        user = "postgres";
-        group = "postgres";
-      }
-
-      {
-        directory = "/var/lib/private/dendrite";
-        user = "root";
-        group = "root";
-      }
-    ];
-
-    systemd.services.dendrite.after = ["postgresql.service"];
-
-    services.caddy = {
-      # for federation
-      virtualHosts."tzlil.net:8448".extraConfig = ''
-        reverse_proxy /_matrix/* localhost:8008
-      '';
-      # for clients
-      virtualHosts."tzlil.net".extraConfig = ''
-        reverse_proxy /_matrix/* localhost:8008
-        header /.well-known/matrix/* Content-Type application/json
-        header /.well-known/matrix/* Access-Control-Allow-Origin *
-        respond /.well-known/matrix/server `{"m.server": "tzlil.net"}`
-      '';
-    };
-    networking.firewall.allowedTCPPorts = [8448];
-  };
-}
diff --git a/hosts/vps/services/git.nix b/hosts/vps/services/git.nix
new file mode 100644
index 0000000..8bd4653
--- /dev/null
+++ b/hosts/vps/services/git.nix
@@ -0,0 +1,93 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  config = {
+    users.groups.git = {};
+    users.users.git = {
+      isSystemUser = true;
+      description = "tzlil";
+      group = "git";
+      home = "/home/git";
+      packages = [pkgs.git];
+      shell = "${pkgs.git}/bin/git-shell";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgPE76xQXx1kpvWavHGNOWHiZSFdGfz/rQlISGrKsDe"
+      ];
+    };
+
+    # for syntax highlighting
+    users.groups.fcgiwrap = {};
+    users.users.fcgiwrap = {
+      isSystemUser = true;
+      group = "fcgiwrap";
+      packages = [pkgs.highlight pkgs.fcgiwrap];
+    };
+
+    services = {
+      fcgiwrap = {
+        enable = true;
+        user = "fcgiwrap";
+        group = "fcgiwrap";
+      };
+      caddy = {
+        virtualHosts."tzlil.net".extraConfig = ''
+          bind 0.0.0.0
+          ${config.website.defaultHeaders}
+          handle_path /cgit/* {
+            handle /cgit.png {
+              root * ${pkgs.cgit}/cgit
+              file_server
+            }
+            handle /cgit.css {
+              try_files ${pkgs.fetchurl {
+            url = "https://jeremias.stotter.eu/cgi-bin/cgit.cgi/cgit-dark/plain/cgit.css";
+            sha256 = "sha256-wqszujnWV5PRh3L23L1BFj/PKUElpyu1KhjqrHS8lCw=";
+          }} /
+              file_server
+            }
+            handle /favicon.ico {
+              root * ${pkgs.cgit}/cgit
+              file_server
+            }
+            handle {
+              reverse_proxy unix//run/fcgiwrap.sock {
+                transport fastcgi {
+                  env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
+                  env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} {
+            css = "/cgit/cgit.css";
+            logo = "/cgit/cgit.png";
+            favicon = "/favicon.ico";
+            clone-url = pkgs.lib.concatStringsSep " " [
+              "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
+              "ssh://git@tzlil.net:$CGIT_REPO_URL"
+            ];
+            enable-log-filecount = 1;
+            enable-log-linecount = 1;
+            enable-git-config = 1;
+            root-title = "tzlil.net";
+            root-desc = "Tzlil's Git Repositories";
+            scan-path = "/home/git";
+            about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.py";
+            source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+            logo-link = "/";
+            virtual-root = "/cgit";
+            readme = ":README.md";
+          })}
+                }
+              }
+          }
+          }
+        '';
+      };
+    };
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/home/git";
+        user = "git";
+        group = "git";
+      }
+    ];
+  };
+}
diff --git a/hosts/vps/services/hydrus.nix b/hosts/vps/services/hydrus.nix
new file mode 100644
index 0000000..c967fbc
--- /dev/null
+++ b/hosts/vps/services/hydrus.nix
@@ -0,0 +1,60 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  config = {
+    users.groups.hydrus = {};
+    users.users.hydrus = {
+      isSystemUser = true;
+      description = "hydrus";
+      group = "hydrus";
+      home = "/home/hydrus";
+    };
+
+    systemd.services.Xvnc = {
+      description = "Xvnc";
+      wantedBy = ["multi-user.target"];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none";
+        User = "hydrus";
+        Group = "hydrus";
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+
+    systemd.services.hydrus = {
+      description = "Hydrus";
+      wantedBy = ["multi-user.target" "Xvnc.service"];
+      wants = ["podman-hydrus-web.service"];
+
+      serviceConfig = {
+        Environment = "DISPLAY=:30";
+        ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus";
+        User = "hydrus";
+        Group = "hydrus";
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+
+    security.lockKernelModules = lib.mkForce false;
+    virtualisation.oci-containers.containers.hydrus-web = {
+      ports = ["100.67.217.90:8080:80"];
+      image = "ghcr.io/floogulinc/hydrus-web:dev";
+    };
+
+    networking.firewall.allowedTCPPorts = [45869];
+
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/home/hydrus";
+        user = "hydrus";
+        group = "hydrus";
+      }
+    ];
+  };
+}
diff --git a/hosts/vps/services/maloja.nix b/hosts/vps/services/maloja.nix
new file mode 100644
index 0000000..3d4530d
--- /dev/null
+++ b/hosts/vps/services/maloja.nix
@@ -0,0 +1,51 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  config = {
+    users.groups.maloja = {};
+    users.users.maloja = {
+      isSystemUser = true;
+      description = "maloja";
+      group = "maloja";
+      home = "/var/lib/maloja";
+    };
+
+    security.lockKernelModules = lib.mkForce false;
+    virtualisation.oci-containers.containers.maloja = {
+      ports = ["42010:42010"];
+      image = "krateng/maloja";
+      volumes = [
+        "/var/lib/maloja:/data"
+      ];
+      environment = {
+        MALOJA_DATA_DIRECTORY = "/data";
+        MALOJA_SKIP_SETUP = "True";
+        MALOJA_NAME = "tzlil";
+        MAlOJA_PROXY_IMAGES = "True";
+      };
+    };
+
+    # systemd.services.podman-maloja.serviceConfig.User = "maloja";
+    # systemd.services.podman-maloja.serviceConfig.Group = "maloja";
+
+    networking.firewall.allowedTCPPorts = [42010];
+
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/var/lib/maloja";
+        user = "maloja";
+        group = "maloja";
+      }
+    ];
+
+    services.caddy = {
+      virtualHosts."fm.tzlil.net".extraConfig = ''
+        bind 0.0.0.0
+        reverse_proxy :42010
+      '';
+    };
+  };
+}
diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix
new file mode 100644
index 0000000..e2aa1a5
--- /dev/null
+++ b/hosts/vps/services/matrix.nix
@@ -0,0 +1,159 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  config = {
+    # services.matrix-synapse = {
+    #   enable = true;
+    #   settings.server_name = config.networking.domain;
+    #   settings.listeners = [
+    #     {
+    #       port = 8008;
+    #       bind_addresses = ["::1"];
+    #       type = "http";
+    #       tls = false;
+    #       x_forwarded = true;
+    #       resources = [
+    #         {
+    #           names = ["client" "federation"];
+    #           compress = true;
+    #         }
+    #       ];
+    #     }
+    #   ];
+    # };
+    # networking.firewall.allowedTCPPorts = [80 443];
+
+    age.secrets.matrix = {
+      file = ../../secrets/matrix.age;
+      mode = "600";
+      owner = "root";
+      group = "root";
+    };
+
+    services.dendrite = let
+      database_config = {
+        connection_string = "postgresql:///dendrite?host=/run/postgresql";
+        max_open_conns = 10;
+        max_idle_conns = 5;
+      };
+    in {
+      enable = true;
+
+      loadCredential = ["private_key:${config.age.secrets.matrix.path}" "tlsCert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt" "tlsKey:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"];
+
+      # tlsCert = "$CREDENTIALS_DIRECTORY/tlsCert";
+      # tlsKey = "$CREDENTIALS_DIRECTORY/tlsKey";
+
+      # httpPort = null;
+      # httpsPort = 8448;
+
+      settings = {
+        global = {
+          server_name = "tzlil.net";
+          private_key = "$CREDENTIALS_DIRECTORY/private_key";
+
+          # preserve across restarts
+          jetstream.storage_path = "/var/lib/dendrite/";
+
+          dns_cache = {
+            enabled = true;
+            cache_size = 4096;
+            cache_lifetime = "600s";
+          };
+
+          presence = {
+            enable_inbound = true;
+            enable_outbound = true;
+          };
+
+          cache.max_size_estimated = "16gb";
+        };
+        federation_api.key_perspectives = [
+          {
+            server_name = "matrix.org";
+            keys = [
+              {
+                key_id = "ed25519:auto";
+                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
+              }
+              {
+                key_id = "ed25519:a_RXGa";
+                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
+              }
+            ];
+          }
+        ];
+
+        app_service_api.database = database_config;
+        federation_api.database = database_config;
+        key_server.database = database_config;
+        media_api.database = database_config;
+        mscs.database = database_config;
+        room_server.database = database_config;
+        sync_api.database = database_config;
+        user_api.account_database = database_config;
+        user_api.device_database = database_config;
+      };
+    };
+
+    systemd.services.dendrite.serviceConfig.ExecStart = lib.mkForce (lib.strings.concatStringsSep " " [
+      "${pkgs.dendrite}/bin/dendrite"
+      "--config /run/dendrite/dendrite.yaml"
+      "--http-bind-address :8008"
+      "--https-bind-address :8448"
+      "--tls-cert $CREDENTIALS_DIRECTORY/tlsCert"
+      "--tls-key $CREDENTIALS_DIRECTORY/tlsKey"
+    ]);
+
+    services.postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = "dendrite";
+          ensurePermissions = {
+            "DATABASE dendrite" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+
+      ensureDatabases = ["dendrite"];
+    };
+
+    # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
+    # systemd.services.dendrite.serviceConfig.User = "dendrite";
+    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        user = "postgres";
+        group = "postgres";
+      }
+
+      {
+        directory = "/var/lib/private/dendrite";
+        user = "root";
+        group = "root";
+      }
+    ];
+
+    systemd.services.dendrite.after = ["postgresql.service"];
+
+    services.caddy = {
+      # for federation
+      virtualHosts."tzlil.net:8448".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+      '';
+      # for clients
+      virtualHosts."tzlil.net".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+        header /.well-known/matrix/* Content-Type application/json
+        header /.well-known/matrix/* Access-Control-Allow-Origin *
+        respond /.well-known/matrix/server `{"m.server": "tzlil.net"}`
+      '';
+    };
+    networking.firewall.allowedTCPPorts = [8448];
+  };
+}
diff --git a/hosts/vps/services/website.nix b/hosts/vps/services/website.nix
new file mode 100644
index 0000000..5d1d48a
--- /dev/null
+++ b/hosts/vps/services/website.nix
@@ -0,0 +1,139 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  options.website.defaultHeaders = lib.mkOption {
+    type = lib.types.str;
+    default = ''
+      header {
+        -Server
+        -Date
+        -Last-Modified
+        -Etag
+        -Accept-Ranges
+        # disable indexing by search engines
+
+        X-Robots-Tag "noindex, nofollow"
+
+       # disable FLoC tracking
+        # Permissions-Policy interest-cohort=()
+
+        # enable HSTS
+        # Strict-Transport-Security max-age=31536000;
+
+        # disable clients from sniffing the media type
+        # X-Content-Type-Options nosniff
+
+        # clickjacking protection
+        # X-Frame-Options DENY
+
+        # keep referrer data off of HTTP connections
+        # Referrer-Policy no-referrer-when-downgrade
+      }
+    '';
+  };
+  config = {
+    services.caddy = {
+      enable = true;
+      virtualHosts = {
+        "tzlil.net".extraConfig = ''
+          bind 0.0.0.0
+          handle_path / {
+            try_files ${pkgs.writeText "index.html" ''
+            <style>
+            @media (prefers-color-scheme: dark) {
+                body { background-color: #121212; color: #d4d4d4; }
+                a { color: #7878ff; }
+                a:visited { color: #6464fa; }
+            }
+            </style>
+            <pre>
+            ~?~+=I?~~IIIII++,:   .?= .,I=O8OZ.DNNO, ZD7:::=.? ,,:,,I,,:,~+?II?I?II?=+=~+7$ZO
+            ?==++??==+I???7..:.   :II$77?I+ID~NND8.ZMN7~=~I7:,., :?7,.,.~+?I???????,+~7+$ZOZ
+            7+===I+~===?I77:  ?   ,$7$.:.,I?=7NNNINMMMNOI=++ .~==I$7, ..++?I???I+=?.+:O+ZZOZ
+            ===++I+==?III??I,?,   ~I7NN,..  ??ONNNMMMD$777$7I$ZOO$7?....+=????I~=+,:+,O8DNMM
+            ~=~==7II=+I?II7I,I+,8Z.II8D+=~:.,7$NMMMMMN8$7~. ..  :88I. ..?=?++I:~+=.~~~NMMMNN
+            ~====II?I~+?I?$7I?~8D7+7$ZZNONDN8Z8NMMMMMMNNON:=. :,$.I7  .,+=??I:,=, .:,=DNNMMN
+            =+?==+==?~+=I?$$I+88D:I$8NMNDDNNNDNNNMMMMMMMMM8I$77=MMDO.  :~=+?,,,   .~,?8DDD8D
+            =~=+==I7I=IIIIO$=~OOD=I7ODNNNNMNNDNDNMMMMMMMMNO$O+OZ 78.,.I::++:..   .,::=888OOO
+            ===I=I?~=?I???$I$?OODZ=7Z8NDONNN7D88MMMMMMMMMMNNNN8DNN~..~:7,,+7?,:,:::+8=Z888OO
+            ~+===7?=??I????7Z7ZOD8I777$+NNN:OOZOMMMMMMMMMMMMMMNMM+..~=?=O:+?::=+~:~+IDD888OZ
+            I==II??=I???=::7OI?O88Z=I~,?ZDD,Z$IDMMMMMMMMMMMMMMMM:$$?.~?+=?:,~+?I??==+++I8OOO
+            ==+++??+=.,~,~:7Z$?7I77$=. $I$8I$7+~8NMMMMMMMMMMMMDDMN$ ,:+?=.~==?II+++=+=?II+OZ
+            ==+?+I?,=:+?=~~??I++~7$$$= 777Z,$Z$$ONNMMMMMMMMMMMMMM8? .~=?:.==+?I~+?=+=??II?I8
+            ?=+?I:=~??II=~~, II?+ 7$7?=?77$?$Z:8NMMMNMMMMMMMMMMMD7 ,,===::~=?II.??++?++III+~
+            ??+.I+I=+I+??=~=~ =I+:?7$77?$$$ZI7Z8DM7NMMNMMMMMMMMOI. .,=~~.~~+I?:???==~????II?
+            I??:==?I++I?~==+=~:.?I7I77$?IZ$ZODDOIDNNNNNMMMMNM8?.:. ,,+=,::~+==II=~,=?+?IIIII
+            ??I:?=,=+++?II+=:,:, +77777$$777ODDMMNO~DNNNDD8?..::: .,,+~.,::=??????=+?IIIII?I
+            ????++=~:=?IIIII=~:: ~~+II77$$7$ZO8NMMMND.+:   .=7+=~ ,,:?...~II??+??I?+??IIII?I
+            ??III7II+~:?II7+II?, ~,:,~7777$$$I$8DNMMNO   .~I  .Z:.,:~: ,+???+=,IIIIII??IIIII
+            ???I7I:,~=:,+II+=~I??:.,,,.:77777777$ODMM8 .:+ZI. ,~,..~~ :II?==~:?II??IIIIIIIII
+            No matter where you go, everyone's connected
+
+            my name is tzlil, i'm 18 and from israel
+            i currently work as a security researcher
+            but in a few months i will be drafted to the army
+
+            i like music <a href="https://fm.tzlil.net">https://fm.tzlil.net</a>
+
+            my interests:
+            plan9
+            lambda calculus
+            functional programming
+            binary exploitation
+            keyboards and layouts
+            yggdrasil
+            nixos
+
+            my wares:
+            hard:
+              aurora lily58 with sunset kailh low profile
+              laptop(s):
+              - lenovo v14
+
+              phone:
+              - google pixel 7
+
+              OUT OF COMMISSION
+              <s>desktop:</s>
+              <s>- amd ryzen 5 5600g</s>
+
+            soft:
+              <a href="/cgit/flake.git">nixos</a>
+              keepassxc
+              syncthing
+              tailscale (to mesh between my devices)
+              grapheneos
+              <a href="/cgit/flake.git/tree/hosts/vps/hydrus.nix">hydrus</a>
+
+            ctfs i played in:
+              google ctf 2023 - 96th place (solo)
+              tfcctf 2022     - 4th place
+              google ctf 2022 - 100th place
+
+            contact info:
+            tzlil:tzlil.net
+            tzlils@protonmail.com
+            tzlil@irc.libera.chat
+
+            /cgit/ for repositories
+            </pre>
+          ''} /
+            file_server
+          }
+        '';
+      };
+    };
+    networking.firewall.allowedTCPPorts = [80 443];
+
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/var/lib/caddy";
+        user = "caddy";
+        group = "caddy";
+      }
+    ];
+  };
+}
diff --git a/hosts/vps/website.nix b/hosts/vps/website.nix
deleted file mode 100644
index 5d1d48a..0000000
--- a/hosts/vps/website.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  options.website.defaultHeaders = lib.mkOption {
-    type = lib.types.str;
-    default = ''
-      header {
-        -Server
-        -Date
-        -Last-Modified
-        -Etag
-        -Accept-Ranges
-        # disable indexing by search engines
-
-        X-Robots-Tag "noindex, nofollow"
-
-       # disable FLoC tracking
-        # Permissions-Policy interest-cohort=()
-
-        # enable HSTS
-        # Strict-Transport-Security max-age=31536000;
-
-        # disable clients from sniffing the media type
-        # X-Content-Type-Options nosniff
-
-        # clickjacking protection
-        # X-Frame-Options DENY
-
-        # keep referrer data off of HTTP connections
-        # Referrer-Policy no-referrer-when-downgrade
-      }
-    '';
-  };
-  config = {
-    services.caddy = {
-      enable = true;
-      virtualHosts = {
-        "tzlil.net".extraConfig = ''
-          bind 0.0.0.0
-          handle_path / {
-            try_files ${pkgs.writeText "index.html" ''
-            <style>
-            @media (prefers-color-scheme: dark) {
-                body { background-color: #121212; color: #d4d4d4; }
-                a { color: #7878ff; }
-                a:visited { color: #6464fa; }
-            }
-            </style>
-            <pre>
-            ~?~+=I?~~IIIII++,:   .?= .,I=O8OZ.DNNO, ZD7:::=.? ,,:,,I,,:,~+?II?I?II?=+=~+7$ZO
-            ?==++??==+I???7..:.   :II$77?I+ID~NND8.ZMN7~=~I7:,., :?7,.,.~+?I???????,+~7+$ZOZ
-            7+===I+~===?I77:  ?   ,$7$.:.,I?=7NNNINMMMNOI=++ .~==I$7, ..++?I???I+=?.+:O+ZZOZ
-            ===++I+==?III??I,?,   ~I7NN,..  ??ONNNMMMD$777$7I$ZOO$7?....+=????I~=+,:+,O8DNMM
-            ~=~==7II=+I?II7I,I+,8Z.II8D+=~:.,7$NMMMMMN8$7~. ..  :88I. ..?=?++I:~+=.~~~NMMMNN
-            ~====II?I~+?I?$7I?~8D7+7$ZZNONDN8Z8NMMMMMMNNON:=. :,$.I7  .,+=??I:,=, .:,=DNNMMN
-            =+?==+==?~+=I?$$I+88D:I$8NMNDDNNNDNNNMMMMMMMMM8I$77=MMDO.  :~=+?,,,   .~,?8DDD8D
-            =~=+==I7I=IIIIO$=~OOD=I7ODNNNNMNNDNDNMMMMMMMMNO$O+OZ 78.,.I::++:..   .,::=888OOO
-            ===I=I?~=?I???$I$?OODZ=7Z8NDONNN7D88MMMMMMMMMMNNNN8DNN~..~:7,,+7?,:,:::+8=Z888OO
-            ~+===7?=??I????7Z7ZOD8I777$+NNN:OOZOMMMMMMMMMMMMMMNMM+..~=?=O:+?::=+~:~+IDD888OZ
-            I==II??=I???=::7OI?O88Z=I~,?ZDD,Z$IDMMMMMMMMMMMMMMMM:$$?.~?+=?:,~+?I??==+++I8OOO
-            ==+++??+=.,~,~:7Z$?7I77$=. $I$8I$7+~8NMMMMMMMMMMMMDDMN$ ,:+?=.~==?II+++=+=?II+OZ
-            ==+?+I?,=:+?=~~??I++~7$$$= 777Z,$Z$$ONNMMMMMMMMMMMMMM8? .~=?:.==+?I~+?=+=??II?I8
-            ?=+?I:=~??II=~~, II?+ 7$7?=?77$?$Z:8NMMMNMMMMMMMMMMMD7 ,,===::~=?II.??++?++III+~
-            ??+.I+I=+I+??=~=~ =I+:?7$77?$$$ZI7Z8DM7NMMNMMMMMMMMOI. .,=~~.~~+I?:???==~????II?
-            I??:==?I++I?~==+=~:.?I7I77$?IZ$ZODDOIDNNNNNMMMMNM8?.:. ,,+=,::~+==II=~,=?+?IIIII
-            ??I:?=,=+++?II+=:,:, +77777$$777ODDMMNO~DNNNDD8?..::: .,,+~.,::=??????=+?IIIII?I
-            ????++=~:=?IIIII=~:: ~~+II77$$7$ZO8NMMMND.+:   .=7+=~ ,,:?...~II??+??I?+??IIII?I
-            ??III7II+~:?II7+II?, ~,:,~7777$$$I$8DNMMNO   .~I  .Z:.,:~: ,+???+=,IIIIII??IIIII
-            ???I7I:,~=:,+II+=~I??:.,,,.:77777777$ODMM8 .:+ZI. ,~,..~~ :II?==~:?II??IIIIIIIII
-            No matter where you go, everyone's connected
-
-            my name is tzlil, i'm 18 and from israel
-            i currently work as a security researcher
-            but in a few months i will be drafted to the army
-
-            i like music <a href="https://fm.tzlil.net">https://fm.tzlil.net</a>
-
-            my interests:
-            plan9
-            lambda calculus
-            functional programming
-            binary exploitation
-            keyboards and layouts
-            yggdrasil
-            nixos
-
-            my wares:
-            hard:
-              aurora lily58 with sunset kailh low profile
-              laptop(s):
-              - lenovo v14
-
-              phone:
-              - google pixel 7
-
-              OUT OF COMMISSION
-              <s>desktop:</s>
-              <s>- amd ryzen 5 5600g</s>
-
-            soft:
-              <a href="/cgit/flake.git">nixos</a>
-              keepassxc
-              syncthing
-              tailscale (to mesh between my devices)
-              grapheneos
-              <a href="/cgit/flake.git/tree/hosts/vps/hydrus.nix">hydrus</a>
-
-            ctfs i played in:
-              google ctf 2023 - 96th place (solo)
-              tfcctf 2022     - 4th place
-              google ctf 2022 - 100th place
-
-            contact info:
-            tzlil:tzlil.net
-            tzlils@protonmail.com
-            tzlil@irc.libera.chat
-
-            /cgit/ for repositories
-            </pre>
-          ''} /
-            file_server
-          }
-        '';
-      };
-    };
-    networking.firewall.allowedTCPPorts = [80 443];
-
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/var/lib/caddy";
-        user = "caddy";
-        group = "caddy";
-      }
-    ];
-  };
-}
diff --git a/mixins/cli.nix b/mixins/cli.nix
index 6fd5ce6..936098d 100644
--- a/mixins/cli.nix
+++ b/mixins/cli.nix
@@ -15,6 +15,7 @@
       imports = [
         inputs.viper-nix-common.homeModules.xdg
       ];
+      programs.command-not-found.dbPath = inputs.programsdb.packages.${pkgs.system}.programs-sqlite;
       home = {
         packages = with pkgs; [
           rsync
diff --git a/profiles/core.nix b/profiles/core.nix
deleted file mode 100644
index 4fefbdd..0000000
--- a/profiles/core.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  inputs,
-  ...
-}: {
-  # imports = [
-  #   ../profiles/security.nix
-  #   ../profiles/network.nix
-  # ];
-  config = {
-    # system.stateVersion = "22.5";
-    # nix = {
-    #   registry.nixpkgs.flake = inputs.nixpkgs;
-    #   gc.automatic = true;
-    #   optimise.automatic = true;
-    #   settings = {
-    #     allowed-users = ["root"];
-    #     trusted-users = ["root"];
-    #     sandbox = true;
-    #   };
-    #   extraOptions = ''
-    #     experimental-features = nix-command flakes
-    #   '';
-    # };
-    # users.mutableUsers = false;
-    # environment.defaultPackages = lib.mkForce [];
-
-    programs.command-not-found.dbPath = inputs.programsdb.packages.${pkgs.system}.programs-sqlite;
-
-    # boot = {
-    #   tmp.cleanOnBoot = true;
-    #   kernelParams = [
-    #     "init_on_free=1"
-    #     "page_poison=1"
-    #     "page_alloc.shuffle=1"
-    #     "slab_nomerge"
-    #     "vsyscall=none"
-    #   ];
-    # };
-  };
-}
diff --git a/profiles/gentoo.nix b/profiles/gentoo.nix
deleted file mode 100644
index 337a306..0000000
--- a/profiles/gentoo.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  inputs,
-  ...
-}: {
-  imports = [];
-  config = {
-    nix.binaryCaches = [
-      "https://cache.nixos.org/"
-      "https://cache.allvm.org/"
-    ];
-
-    nix.binaryCachePublicKeys = [
-      "gravity.cs.illinois.edu-1:yymmNS/WMf0iTj2NnD0nrVV8cBOXM9ivAkEdO1Lro3U="
-    ];
-
-    nativeStdenv =
-      prev.stdenvAdapters.withCFlags ["-O3" "-pipe" "-march=native"]
-      (prev.overrideCC prev.llvmPackages_latest.stdenv
-        (prev.wrapCCWith rec {
-          cc = prev.llvmPackages_latest.clang-unwrapped;
-          bintools = final.wrapBintoolsWith {
-            coreutils = final.uutils-coreutils;
-            libc = final.musl;
-            bintools =
-              final.binutils-unwrapped.overrideAttrs
-              (old: {
-                postInstall = ''
-                  ln -sf ${final.mold}/bin/mold $out/bin/ld
-                '';
-              });
-          };
-        }));
-  };
-}
diff --git a/profiles/impermanence.nix b/profiles/impermanence.nix
index 5fdd9eb..c222a43 100644
--- a/profiles/impermanence.nix
+++ b/profiles/impermanence.nix
@@ -1,4 +1,5 @@
-{inputs,
+{
+  inputs,
   config,
   lib,
   options,
@@ -20,8 +21,8 @@ in {
         [
         ]
         ++ sshHostKeys
-	++ (map (x: x + ".pub") sshHostKeys);
+        ++ (map (x: x + ".pub") sshHostKeys);
     };
-    age.identityPaths = (map (x: "/nix/persist" + x) sshHostKeys);
+    age.identityPaths = map (x: "/nix/persist" + x) sshHostKeys;
   };
 }
diff --git a/profiles/stdenv.nix b/profiles/stdenv.nix
new file mode 100644
index 0000000..337a306
--- /dev/null
+++ b/profiles/stdenv.nix
@@ -0,0 +1,37 @@
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  ...
+}: {
+  imports = [];
+  config = {
+    nix.binaryCaches = [
+      "https://cache.nixos.org/"
+      "https://cache.allvm.org/"
+    ];
+
+    nix.binaryCachePublicKeys = [
+      "gravity.cs.illinois.edu-1:yymmNS/WMf0iTj2NnD0nrVV8cBOXM9ivAkEdO1Lro3U="
+    ];
+
+    nativeStdenv =
+      prev.stdenvAdapters.withCFlags ["-O3" "-pipe" "-march=native"]
+      (prev.overrideCC prev.llvmPackages_latest.stdenv
+        (prev.wrapCCWith rec {
+          cc = prev.llvmPackages_latest.clang-unwrapped;
+          bintools = final.wrapBintoolsWith {
+            coreutils = final.uutils-coreutils;
+            libc = final.musl;
+            bintools =
+              final.binutils-unwrapped.overrideAttrs
+              (old: {
+                postInstall = ''
+                  ln -sf ${final.mold}/bin/mold $out/bin/ld
+                '';
+              });
+          };
+        }));
+  };
+}
diff --git a/profiles/tzlil.nix b/profiles/tzlil.nix
index 5e85f35..f2e2505 100644
--- a/profiles/tzlil.nix
+++ b/profiles/tzlil.nix
@@ -40,7 +40,6 @@
 
     home-manager.users.tzlil = {pkgs, ...} @ hm: {
       home = {
-        stateVersion = "22.05";
         username = "tzlil";
         homeDirectory = "/home/tzlil";
         sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
@@ -60,9 +59,9 @@
         Unit = {
           Description = "SSH Agent";
         };
-	Install = {
-	  WantedBy = ["default.target"];
-	};
+        Install = {
+          WantedBy = ["default.target"];
+        };
         Service = {
           ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
           ExecStart =
-- 
cgit 1.4.1