about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-03-11 12:51:58 +0300
committerAzat Bahawi <azat@bahawi.net>2023-03-11 12:51:58 +0300
commit0ef23d4501592a192ba020a2ac34abb1a3d8fc5e (patch)
tree17f0377d71f7c645acf8502c769a0ade76cbc901
parent2023-02-20 (diff)
2023-03-11
Diffstat (limited to '')
-rw-r--r--darwinConfigurations/mairon/default.nix25
-rw-r--r--flake.lock98
-rw-r--r--flake.nix30
-rw-r--r--modules/common/common/nix/default.nix1
-rw-r--r--modules/common/default.nix1
-rw-r--r--modules/common/emacs/default.nix5
-rw-r--r--modules/common/git.nix2
-rw-r--r--modules/common/openconnect.nix83
-rw-r--r--modules/nixos/beets.nix (renamed from modules/common/beets.nix)0
-rw-r--r--modules/nixos/default.nix3
-rw-r--r--modules/nixos/k3s.nix29
-rw-r--r--modules/nixos/murmur.nix28
-rw-r--r--modules/nixos/profiles/headful.nix22
-rw-r--r--nixosConfigurations/eonwe/default.nix18
-rw-r--r--nixosConfigurations/manwe/default.nix31
-rw-r--r--nixosConfigurations/varda/default.nix12
-rw-r--r--readme.org28
17 files changed, 178 insertions, 238 deletions
diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix
index 2fc9b39..9687120 100644
--- a/darwinConfigurations/mairon/default.nix
+++ b/darwinConfigurations/mairon/default.nix
@@ -1,26 +1,13 @@
-{
-  lib,
-  pkgs,
-  this,
-  ...
-}:
+{lib, ...}:
 with lib; {
   nixfiles.modules.vscode.enable = true;
 
   # TODO Make this per-directory/per-remote.
-  hm = {
-    home.packages = with pkgs; [
-      ansible
-      ansible-lint
-      logcli
-    ];
-
-    programs.git = {
-      userName = mkForce "Firstname Lastname";
-      userEmail = mkForce "username@work.com";
-      signing.key = mkForce "@PGP_KEY@";
-      extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:";
-    };
+  hm.programs.git = {
+    userName = mkForce "Firstname Lastname";
+    userEmail = mkForce "username@work.com";
+    signing.key = mkForce "@PGP_KEY@";
+    extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:";
   };
 
   networking = {
diff --git a/flake.lock b/flake.lock
index b13d15f..3f35797 100644
--- a/flake.lock
+++ b/flake.lock
@@ -299,11 +299,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676599101,
-        "narHash": "sha256-CKS6UsOGhoNxGDBt9wyFiWHvtng/+BMAJ4G8ahhe1DE=",
+        "lastModified": 1677969766,
+        "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "de657061b13cf329c57a1a9730a5049a971b40b3",
+        "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
         "type": "github"
       },
       "original": {
@@ -332,17 +332,18 @@
         "97.0": "97.0",
         "98.0": "98.0",
         "99.0": "99.0",
+        "flake-compat": "flake-compat",
         "master": "master",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1676708317,
-        "narHash": "sha256-QqJqtLcDPFGhOg1v9EJzs2H7G/g3IKtewnhRgNpKy5U=",
+        "lastModified": 1676881905,
+        "narHash": "sha256-Im/KQhk3fJouLmIjUQnEU88mJTwqo9QBx9x2KHARyHo=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "fd696871bf40bb7c4c8b3994124d66a459850780",
+        "rev": "b44010831ee47f80327e4f17c3a21e86d3bea8fa",
         "type": "github"
       },
       "original": {
@@ -430,31 +431,23 @@
         "type": "github"
       }
     },
-    "emacs-overlay": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
+    "flake-compat": {
+      "flake": false,
       "locked": {
-        "lastModified": 1676830175,
-        "narHash": "sha256-y3Z7+FRPPln6Ok3Grhp0puC8vMMvE7JrKRsZKixw7o4=",
-        "owner": "nix-community",
-        "repo": "emacs-overlay",
-        "rev": "ea14c62958d96e0f7cfead9d09e097b1891bf7c4",
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
         "type": "github"
       },
       "original": {
-        "owner": "nix-community",
-        "ref": "master",
-        "repo": "emacs-overlay",
+        "owner": "edolstra",
+        "repo": "flake-compat",
         "type": "github"
       }
     },
-    "flake-compat": {
+    "flake-compat_2": {
       "flake": false,
       "locked": {
         "lastModified": 1673956053,
@@ -535,11 +528,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676367705,
-        "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
+        "lastModified": 1678271387,
+        "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
+        "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
         "type": "github"
       },
       "original": {
@@ -584,11 +577,11 @@
     "master": {
       "flake": false,
       "locked": {
-        "lastModified": 1674781645,
-        "narHash": "sha256-NGp5BLOQmiXsUh9nrXP+PeVXyK1c8Ij5EnwtFXAkD9w=",
+        "lastModified": 1675728165,
+        "narHash": "sha256-ebSx6DaXoGKcCoK6UcDnWvdAW6J2X6pJRPD1Pw7UNOw=",
         "owner": "arkenfox",
         "repo": "user.js",
-        "rev": "b99dd27de828be13530ce2f48c9178d34f5f82ab",
+        "rev": "73884850632ffe284f76881786f7d5903b917f58",
         "type": "github"
       },
       "original": {
@@ -607,11 +600,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676598621,
-        "narHash": "sha256-635t9QFKNayo9QXamGBkvh3MbNPjkoRYrIYKz/mg720=",
+        "lastModified": 1678154054,
+        "narHash": "sha256-yFQwkmWZgQrcgHagP/7HP/Vg2/h6JfZuAs7AhbEsCMc=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "60301861c5ea5d33ab6d4d06fd4d013ddb245b0e",
+        "rev": "8118891606aa521d2c8f87da25d2a769c356eb4a",
         "type": "github"
       },
       "original": {
@@ -623,11 +616,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1675933606,
-        "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=",
+        "lastModified": 1678095239,
+        "narHash": "sha256-4F6jovFJcwh6OkMsY94ZrHdrvVqZi1FX5pYv6V9LIQw=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2",
+        "rev": "f6610997b0fc5ea5f9e142c348fca27497efe1c7",
         "type": "github"
       },
       "original": {
@@ -639,11 +632,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1676549890,
-        "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
+        "lastModified": 1678237502,
+        "narHash": "sha256-J4cAbmC9RK+Jus3U88WaxkTsnNlZSroE2xZ9A0rSxL4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
+        "rev": "1eeea1f1922fb79a36008ba744310ccbf96130e2",
         "type": "github"
       },
       "original": {
@@ -655,11 +648,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1676662455,
-        "narHash": "sha256-paR22nF+MrW/iPqtf3EvSsQLkzNh+hftvclG9qif8gA=",
+        "lastModified": 1678280833,
+        "narHash": "sha256-0SPxdBYly0eL+CY/z4HjGqAjAfh9evtvTLsqKnS2prk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "505feabc489e0ddb074f444ac0b1fc792c8da4a8",
+        "rev": "e40b5250ab10f98a5343d78e2c6c83db6a6c4bec",
         "type": "github"
       },
       "original": {
@@ -671,11 +664,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1676656495,
-        "narHash": "sha256-ON7OvLv+U+hXPVfaQG4Ku1d1PWO+ffU7C8SvR8ByxYk=",
+        "lastModified": 1678266329,
+        "narHash": "sha256-rawge6yca5wvm+vcBB0pTp2q1Bf5Nc2Lk05dP7W+Q1E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a3f39ad8c03aa91f7de41ea5d854d0a985e0e9b",
+        "rev": "1e56d76f106e626764ee91785fe32b2342cc836e",
         "type": "github"
       },
       "original": {
@@ -721,11 +714,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1676658325,
-        "narHash": "sha256-s+SFI821NUXxuQqnVeBmHq1tEH5Mg1pYmrlDnxJ8PAo=",
+        "lastModified": 1678286808,
+        "narHash": "sha256-jC/AwS4HmeV255+tYRFOTkC0+sLGUSQFgNV98HjQYvE=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "10c6c5d9b3df8177472b5243ed8d9760f5316174",
+        "rev": "fc66688b4a56184061191482536f1d8de3aea462",
         "type": "github"
       },
       "original": {
@@ -777,11 +770,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676513100,
-        "narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=",
+        "lastModified": 1677832802,
+        "narHash": "sha256-XQf+k6mBYTiQUjWRf/0fozy5InAs03O1b30adCpWeXs=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798",
+        "rev": "382bee738397ca005206eefa36922cc10df8a21c",
         "type": "github"
       },
       "original": {
@@ -798,8 +791,7 @@
         "azahi-cc": "azahi-cc",
         "darwin": "darwin",
         "dns-nix": "dns-nix",
-        "emacs-overlay": "emacs-overlay",
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "flake-registry": "flake-registry",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
diff --git a/flake.nix b/flake.nix
index e5bd0b9..a9e0c30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -77,36 +77,6 @@
       ref = "master";
     };
 
-    emacs-overlay = {
-      type = "github";
-      owner = "nix-community";
-      repo = "emacs-overlay";
-      ref = "master";
-      inputs = {
-        flake-utils.follows = "flake-utils";
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
-
-    # Waiting for patches[1]. Currently, the new profile feature breaks
-    # everything and I don't want to spend 12 hours debugging this shit.
-    #
-    # [1]: https://github.com/nix-community/nix-doom-emacs/pull/316
-    # nix-doom-emacs = {
-    #   # type = "path";
-    #   # path = "/home/azahi/src/nix-doom-emacs";
-    #   type = "github";
-    #   owner = "nix-community";
-    #   repo = "nix-doom-emacs";
-    #   ref = "master";
-    #   inputs = {
-    #     flake-compat.follows = "flake-compat";
-    #     emacs-overlay.follows = "emacs-overlay";
-    #     flake-utils.follows = "flake-utils";
-    #     nixpkgs.follows = "nixpkgs";
-    #   };
-    # };
-
     arkenfox-nixos = {
       type = "github";
       owner = "dwarfmaster";
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index 378cd36..9f80838 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -130,7 +130,6 @@ with lib; {
         tor-browser = tor-browser-bundle-bin;
       }))
     agenix.overlays.default
-    emacs-overlay.overlay
     nur.overlay
   ];
 
diff --git a/modules/common/default.nix b/modules/common/default.nix
index e6040cd..b722cae 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -3,7 +3,6 @@ _: {
     ./alacritty.nix
     ./aria2.nix
     ./bat.nix
-    ./beets.nix
     ./chromium.nix
     ./common
     ./curl.nix
diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix
index 268d77d..2dbe53f 100644
--- a/modules/common/emacs/default.nix
+++ b/modules/common/emacs/default.nix
@@ -46,6 +46,7 @@ in {
                   asmfmt # :editor format
                   bash-language-server # :lang (sh +lsp)
                   clang-tools # :lang (cc +lsp) :editor format
+                  cmake # :term vterm
                   cmake-format # :lang cc :editor format
                   cmigemo # :lang japanese
                   css-language-server # :lang (web +lsp)
@@ -53,6 +54,7 @@ in {
                   dockerfile-language-server # :tools (docker +lsp)
                   editorconfig # :tools editorconfig
                   fd # doom!
+                  gcc # :tools magit :term vterm
                   gnuplot # :lang (org +gnuplot)
                   gnutls # doom!
                   go-language-server # :lang (go +lsp)
@@ -65,6 +67,7 @@ in {
                   html-tidy # :lang web
                   jre # :lang plantuml
                   json-language-server # :lang (json +lsp)
+                  libtool # :term vterm
                   nix-language-server # :lang (nix +lsp)
                   nixfmt # :lang nix :editor format
                   nodePackages.eslint # :lang (json +lsp)
@@ -73,6 +76,7 @@ in {
                   nodePackages.stylelint # :lang web
                   nodejs # :tools debugger
                   pandoc # :lang org markdown latex
+                  perl # term vterm
                   pinentry-emacs # doom!
                   pre-commit # :tools magit
                   ripgrep # doom!
@@ -175,7 +179,6 @@ in {
       programs.emacs = {
         enable = true;
         package = pkgs.emacs28; # Pin to avoid surprises.
-        extraPackages = p: with p; [vterm];
       };
     };
   };
diff --git a/modules/common/git.nix b/modules/common/git.nix
index c3ebafc..ce4e505 100644
--- a/modules/common/git.nix
+++ b/modules/common/git.nix
@@ -68,6 +68,8 @@ in {
               };
               init.defaultBranch = "master";
               status.submoduleSummary = true;
+              github.user = my.username;
+              gitlab.user = my.username;
             }
             // mapAttrs'
             (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) {
diff --git a/modules/common/openconnect.nix b/modules/common/openconnect.nix
deleted file mode 100644
index 936c9d1..0000000
--- a/modules/common/openconnect.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.nixfiles.modules.openconnect;
-in {
-  options.nixfiles.modules.openconnect.enable =
-    mkEnableOption "OpenConnect VPN";
-
-  config = mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = config.networking.networkmanager.enable;
-        message = "NetworkManager is required";
-      }
-    ];
-
-    # Spent three days trying to make this work but still getting "No SSO
-    # handler" even on the HEAD version that 100% has SSO support baked in.
-    # It's all so tiresome[1]... aaand KDE is not supported[2].
-    #
-    # I fucking hate AnyConnect, truly an example of how shit is is non-free
-    # software. SAML also sucks balls. I also hate my company for using this
-    # shit, guess I have no other choice but to use the absolute dogshit laptop
-    # they gave me.
-    #
-    # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
-    # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424
-    # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4
-    # [2]: https://bugs.kde.org/show_bug.cgi?id=448153
-
-    networking.networkmanager.plugins = with pkgs; [
-      ((networkmanager-openconnect.override {
-          withGnome = false;
-          openconnect = openconnect.overrideAttrs (_: _: {
-            version = "unstable-2022-10-23";
-            src = fetchFromGitLab {
-              owner = "openconnect";
-              repo = "openconnect";
-              rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
-              hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
-            };
-          });
-        })
-        .overrideAttrs (_: super: {
-          version = "unstable-2022-09-10";
-          src = fetchFromGitLab {
-            domain = "gitlab.gnome.org";
-            owner = "GNOME";
-            repo = "NetworkManager-openconnect";
-            rev = "3c1590786518e9acca33c250660ad21cae565acd";
-            hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk=";
-          };
-          buildInputs =
-            super.buildInputs
-            ++ [
-              (webkitgtk_4_1.override {
-                inherit (gnome) libsoup;
-              })
-            ];
-          nativeBuildInputs =
-            super.nativeBuildInputs
-            ++ [
-              autoreconfHook
-            ];
-          postPatch = ''
-            substituteInPlace configure.ac \
-              --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" ""
-          '';
-          preAutoreconf = ''
-            autoupdate
-          '';
-          preConfigure = ''
-            NOCONFIGURE=x ./autogen.sh
-            touch gtk4/nm-openconnect-dialog.ui
-          '';
-        }))
-    ];
-  };
-}
diff --git a/modules/common/beets.nix b/modules/nixos/beets.nix
index 83cbff1..83cbff1 100644
--- a/modules/common/beets.nix
+++ b/modules/nixos/beets.nix
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 850d93e..8ac9a29 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -3,6 +3,7 @@ _: {
     ./acme.nix
     ./alertmanager.nix
     ./android.nix
+    ./beets.nix
     ./bluetooth.nix
     ./common
     ./discord.nix
@@ -21,6 +22,7 @@ _: {
     ./grafana.nix
     ./hydra.nix
     ./ipfs.nix
+    ./k3s.nix
     ./kde.nix
     ./libvirtd.nix
     ./lidarr.nix
@@ -29,6 +31,7 @@ _: {
     ./matrix
     ./monitoring
     ./mpd.nix
+    ./murmur.nix
     ./nextcloud.nix
     ./nginx.nix
     ./node-exporter.nix
diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix
new file mode 100644
index 0000000..dcbd052
--- /dev/null
+++ b/modules/nixos/k3s.nix
@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.k3s;
+in {
+  options.nixfiles.modules.k3s = {
+    enable = mkEnableOption "K3s";
+  };
+
+  config = mkIf cfg.enable {
+    ark.directories = [
+      "/etc/rancher/k3s"
+      "/var/lib/rancher/k3s"
+    ];
+
+    services.k3s = {
+      enable = true;
+      role = "server";
+    };
+
+    systemd.services.k3s.environment = {
+      K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
+      K3S_KUBECONFIG_MODE = "600";
+    };
+  };
+}
diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix
new file mode 100644
index 0000000..cbd90d4
--- /dev/null
+++ b/modules/nixos/murmur.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.murmur;
+in {
+  options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur";
+
+  config = mkIf cfg.enable {
+    secrets.murmur-environment = {
+      file = "${inputs.self}/secrets/murmur-environment";
+      owner = "murmur";
+      group = "murmur";
+    };
+
+    services.murmur = {
+      enable = true;
+      openFirewall = true;
+      logDays = -1;
+      registerName = mkDefault my.domain.shire;
+      password = "$MURMUR_PASSWORD";
+      environmentFile = config.secrets."murmur-environment".path;
+    };
+  };
+}
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index d0ca777..67bec29 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -22,6 +22,7 @@ in {
       home.packages = with pkgs; [
         calibre
         imv
+        mumble
         neochat
         tdesktop
         tor-browser
@@ -33,18 +34,15 @@ in {
     boot = {
       kernelPackages = mkDefault pkgs.linuxPackages_latest;
 
-      # There are (arguably) not a lot of reasons to keep mitigations enabled
-      # for on machine that is not web-facing. First of all, to completely
-      # mitigate any possible Spectre holes one would need to disable
-      # Hyperthreading altogether which will essentially put one's computer into
-      # the stone age by not being able to to effectively utilise multi-core its
-      # multicore capabilities. Secondly, by enabling mitigations, we introduce
-      # a plethora of performance overheads[1], which, albeit small, but still
-      # contribute to the overall speed of things. This is however still poses a
-      # security risk, which I am willing to take.
-      #
-      # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
-      kernelParams = ["mitigations=off"];
+      kernelParams = [
+        # https://wiki.archlinux.org/title/improving_performance#Watchdogs
+        "nowatchdog"
+        "kernel.nmi_watchdog=0"
+        # A security risk I'm willing to take for a reason[1].
+        #
+        # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+        "mitigations=off"
+      ];
 
       loader = {
         efi.canTouchEfiVariables = true;
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index a5a07ab..f66478d 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -59,13 +59,17 @@ with lib; {
     # some patching and whatnot.
     kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 
-    # Silence benign MCE errors:
-    # ```
-    # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
-    # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
-    # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
-    # ```
-    kernelParams = ["mce=nobootlog"];
+    kernelParams = [
+      # Silence benign MCE errors:
+      # ```
+      # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
+      # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
+      # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
+      # ```
+      "mce=nobootlog"
+      # Required for Hogwats Legacy.
+      "clearcpuid=514"
+    ];
 
     # The boot drive is Samsung SSD 980 PRO 2TB.
     initrd.kernelModules = ["nvme"];
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index 12d929e..a47cd88 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   ...
 }:
@@ -34,6 +35,7 @@ with lib; {
       enable = true;
       domain = my.domain.azahi;
     };
+    murmur.enable = true;
     radicale.enable = true;
     rss-bridge.enable = true;
     shadowsocks.enable = true;
@@ -44,6 +46,35 @@ with lib; {
     vaultwarden.enable = true;
   };
 
+  # To play old LAN games with the boys.
+  secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
+  networking = mkIf config.nixfiles.modules.wireguard.server.enable {
+    wireguard.interfaces.wg70 = {
+      ips = ["10.70.0.1/16"];
+      listenPort = 7070;
+      privateKeyFile = config.secrets."wireguard-private-key-70".path;
+      peers = [
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.1/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.2/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.3/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.4/32"];
+        }
+      ];
+    };
+    firewall.allowedUDPPorts = [7070];
+  };
+
   boot = {
     loader.grub = {
       enable = true;
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index ea1dc3c..340ea8b 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -5,10 +5,7 @@ with lib; {
 
     acme.enable = true;
 
-    games.minecraft.server = {
-      enable = false; # Disabled because no one is playing now.
-      memory = "6G";
-    };
+    k3s.enable = true;
   };
 
   boot = {
@@ -47,13 +44,6 @@ with lib; {
     }
   ];
 
-  # TODO
-  services.k3s = {
-    enable = false;
-    role = "server";
-    extraFlags = "--disable traefik";
-  };
-
   zramSwap = {
     enable = true;
     memoryPercent = 25;
diff --git a/readme.org b/readme.org
index 01cd869..82127a6 100644
--- a/readme.org
+++ b/readme.org
@@ -1,34 +1,22 @@
-#+options: ':t *:t -:t ::t <:t H:3 \n:nil ^:t arch:headline author:t
-#+options: broken-links:nil c:nil creator:nil d:(not "LOGBOOK") date:t e:t
-#+options: email:nil f:t inline:t num:nil p:nil pri:nil prop:nil stat:t tags:t
-#+options: tasks:t tex:t timestamp:t title:t toc:t todo:t |:t
 #+title: nixfiles
-#+date: <2022-03-08 Tue>
 #+author: Azat Bahawi
 #+email: azat@bahawi.net
 #+language: en
-#+select_tags: export
-#+exclude_tags: noexport
-#+creator: Emacs 27.2 (Org mode 9.5)
 
-An [[https://en.wikipedia.org/wiki/Infrastructure_as_code][IaC]] recipe for my digital infrastructure. An evolution of the [[https://github.com/azahi/dotfiles][dotfiles]] thingy
+An [[https://en.wikipedia.org/wiki/Infrastructure_as_code][IaC]] recipe for my digital infrastructure. An evolution of the [[https://git.azahi.cc/dotfiles][dotfiles]] thingy
 I had going for several years.
 
-If you stumbled across this repository on GitHub, GitLab and such, the version
-you are currently looking at is a /stripped/ down rendition of the actual
-*nixfiles* where IP addresses, domain names, secrets and other sensitive
-information was removed or replaced with gibberish. This is done so that you can
-get a general understanding of how stuff is made without me spilling the beans
-too much... pls no pwn.
+If you stumbled across this repository online, the version you are currently
+looking at is a /stripped/ down rendition of the /actual/ *nixfiles* where IP
+addresses, domain names, secrets and other sensitive information was removed or
+replaced with gibberish. This is done so that you can get a general
+understanding of how stuff is defined without me spilling the beans too much...
+pls no pwn.
 
 If you are looking to get into declarative configuration management with [[https://nixos.org][NixOS]],
 I /highly/ suggest to take this repository /only/ as a reference and not just
 mindlessly copy-paste everything.
 
-For help, reach out directly to [[https://azahi.cc][me]], or come by /#nixos/ over at [[https://libera.chat][Libera.Chat]] or
-join the official NixOS Matrix [[https://matrix.to/#/#community:nixos.org][server]]. Для русскоязычной поддержки есть
-неофициальный Telegram [[https://t.me/ru_nixos][канал]].
-
 * Inspiration and Credits
 
 Big thanks to everyone involved with [[https://github.com/NixOS][Nix/NixOS/Nixpkgs]] and everything around
@@ -42,4 +30,4 @@ project:
 - [[https://github.com/grahamc/nixos-config][grahamc]]
 - [[https://github.com/gytis-ivaskevicius/nixfiles][gytis-ivaskevicius]]
 - [[https://github.com/hlissner/dotfiles][hlissner]]
-- [[https://github.com/ncfavier/config][ncfavier]] (Also big thanks for shilling and helping out)
+- [[https://github.com/ncfavier/config][ncfavier]]

Consider giving Nix/NixOS a try! <3