about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.lock81
-rw-r--r--flake.nix5
-rw-r--r--modules/common/common/nix/default.nix61
-rw-r--r--modules/common/profiles/dev/default.nix4
-rw-r--r--modules/nixos/acme.nix2
-rw-r--r--modules/nixos/endlessh.nix5
-rw-r--r--modules/nixos/fail2ban.nix2
-rw-r--r--modules/nixos/games/steam-run.nix20
-rw-r--r--modules/nixos/git/default.nix4
-rw-r--r--modules/nixos/grafana.nix2
-rw-r--r--modules/nixos/ipfs.nix4
-rw-r--r--modules/nixos/lidarr.nix6
-rw-r--r--modules/nixos/loki.nix2
-rw-r--r--modules/nixos/matrix/dendrite.nix5
-rw-r--r--modules/nixos/matrix/synapse.nix2
-rw-r--r--modules/nixos/murmur.nix2
-rw-r--r--modules/nixos/ntfy.nix2
-rw-r--r--modules/nixos/postgresql.nix2
-rw-r--r--modules/nixos/radarr.nix2
-rw-r--r--modules/nixos/radicale.nix2
-rw-r--r--modules/nixos/redis.nix2
-rw-r--r--modules/nixos/rss-bridge.nix2
-rw-r--r--modules/nixos/rtorrent.nix2
-rw-r--r--modules/nixos/sonarr.nix2
-rw-r--r--modules/nixos/unbound.nix2
-rw-r--r--modules/nixos/vaultwarden.nix2
-rw-r--r--nixosConfigurations/eonwe/default.nix11
-rw-r--r--nixosConfigurations/manwe/mailserver.nix40
-rw-r--r--nixosConfigurations/varda/default.nix2
-rw-r--r--nixosConfigurations/yavanna/default.nix31
30 files changed, 191 insertions, 120 deletions
diff --git a/flake.lock b/flake.lock
index 0d30364..3ed97db 100644
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1680281360,
-        "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
+        "lastModified": 1682101079,
+        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "e64961977f60388dd0b49572bb0fc453b871f896",
+        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
         "type": "github"
       },
       "original": {
@@ -67,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1679223908,
-        "narHash": "sha256-7ns8EL9+AKPH2wHouZLosirLKc3/tRogOUg2kj8vDRA=",
+        "lastModified": 1682873512,
+        "narHash": "sha256-/klMuyTFQLI3HgAPhh0il8RtXUvnLqylwFvlvCcd5Q8=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "8f33d2833cc1391cc7c1a1f0b405820f681e428d",
+        "rev": "75b869828b85755f940ee71b5ecbd824e8f20185",
         "type": "github"
       },
       "original": {
@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1681154394,
-        "narHash": "sha256-avnu1K9AuouygBiwVKuDp6emiTET43az3rcpv0ctLjc=",
+        "lastModified": 1682773107,
+        "narHash": "sha256-+h94XeJnG3uk5imJlBi/1lVmcfCbxHpwZp5u7n3Krwg=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "025912529dd0b31dead95519e944ea05f1ad56f2",
+        "rev": "379d42fad6bc5c28f79d5f7ff2fa5f1c90cb7bf8",
         "type": "github"
       },
       "original": {
@@ -179,11 +179,11 @@
     "flake-registry": {
       "flake": false,
       "locked": {
-        "lastModified": 1681032461,
-        "narHash": "sha256-3xrrC7YpoajVynlvj0+iQev6PWJRjS213ulTi3HNLeo=",
+        "lastModified": 1682423975,
+        "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=",
         "owner": "NixOS",
         "repo": "flake-registry",
-        "rev": "4ea5076e347dda44283714b8f4d580f6922064e9",
+        "rev": "8054bfa00d60437297d670ab3296a117e7059a10",
         "type": "github"
       },
       "original": {
@@ -237,17 +237,14 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "utils": [
-          "flake-utils"
         ]
       },
       "locked": {
-        "lastModified": 1681250798,
-        "narHash": "sha256-fQMROyKzPFBPqJy9J4ffywm02ZuqAI0GW1O1QibVpdQ=",
+        "lastModified": 1682779989,
+        "narHash": "sha256-H8AjcIBYFYrlRobYJ+n1B+ZJ6TsaaeZpuLn4iRqVvr4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "28698126bd825aff21cae9ffd15cf83e169051b0",
+        "rev": "3144311f31194b537808ae6848f86f3dbf977d59",
         "type": "github"
       },
       "original": {
@@ -259,11 +256,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1675359654,
-        "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=",
+        "lastModified": 1682268411,
+        "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd",
+        "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d",
         "type": "github"
       },
       "original": {
@@ -299,11 +296,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1681262808,
-        "narHash": "sha256-A4CCPgNUDTLnu7WNdcE0GD/IhcIdV9fmNvWl6bC5f8Q=",
+        "lastModified": 1682645728,
+        "narHash": "sha256-ZntcUOTbkw7klRK5kRPIJOp8bB9785CXKPt5eW2X4cc=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "2d5c4d090c759b7cf9ef6292f33d0702dab21d09",
+        "rev": "699ed72b94864505a38c97de3015bdfb992e1f84",
         "type": "github"
       },
       "original": {
@@ -315,11 +312,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1680876084,
-        "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=",
+        "lastModified": 1682836095,
+        "narHash": "sha256-PdzpJhuXBz71AgWNWMMYLbB8GMMce6QguhQY/6HOOcc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2",
+        "rev": "e4a21ddcb45ee5f5c85a5d9e9698debf77fb98c3",
         "type": "github"
       },
       "original": {
@@ -331,11 +328,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1681358109,
-        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
+        "lastModified": 1682809678,
+        "narHash": "sha256-jqR8t82mWotOSgnWZvr6xXCO/tc3fCPTLMPvI7Jo5rA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
+        "rev": "3dcff817eebb7e4afc4e9eae0ce6f722f4d9e399",
         "type": "github"
       },
       "original": {
@@ -347,11 +344,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1681414187,
-        "narHash": "sha256-Vwl5bTDAZA28/M0/31tBgKw9g+vnHtDm6m5EkG9rmHU=",
+        "lastModified": 1682883825,
+        "narHash": "sha256-JJeaDa6bOxf1AcW5ZvTs9skJzMz7uPRPRvDCNdDDflo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f53d20ef81e9d98033ccf34509aace3e99dcfbb7",
+        "rev": "9d27bdd3b5d88ec2c1674fd9b93cf6b6751776ff",
         "type": "github"
       },
       "original": {
@@ -363,11 +360,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1681411673,
-        "narHash": "sha256-23S0skJVstbQtrhy+65Bi4Jrdw74hY1OYbBnuuQausc=",
+        "lastModified": 1682858021,
+        "narHash": "sha256-tMZILw7wABxSRUcJNrwLmBJ7h8+Bf4eyVGXLUyoZIr4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "80d54821fffaffbc90409a1262ea91071e0dff8f",
+        "rev": "923f835a6c8eadb655c08370ade5c42990e790cd",
         "type": "github"
       },
       "original": {
@@ -413,11 +410,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1681413105,
-        "narHash": "sha256-RVurZLx/l83DOSB2Uy92kGyuhMOc+jEieHvjtJy4t90=",
+        "lastModified": 1682879890,
+        "narHash": "sha256-gnNDKsgsLX0dxumLDTuFylSRVvscErxRa0425gUk5Xk=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "81da935a918fa216295272c576705f816f0fc36a",
+        "rev": "57e8229760e718f670cd7b359b509246e6d734ab",
         "type": "github"
       },
       "original": {
@@ -469,11 +466,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1681413034,
-        "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
+        "lastModified": 1682596858,
+        "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
+        "rev": "fb58866e20af98779017134319b5663b8215d912",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 9af2e05..a58fed6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,10 +64,7 @@
       owner = "nix-community";
       repo = "home-manager";
       ref = "master";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-        utils.follows = "flake-utils";
-      };
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
     impermanence = {
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index dea9358..723a2b8 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -99,7 +99,23 @@ with lib; {
           patches = [./patches/alejandra-no-ads.patch];
         });
 
-        inherit (pkgsPR "225985" "sha256-wS8vyIEH2gFt3cLvSrROTULu8N8FCUle6cy2zqHN+VI=") mangohud;
+        openmw = super.openmw.overrideAttrs (_: final: {
+          src = super.fetchFromGitHub {
+            owner = "OpenMW";
+            repo = "openmw";
+            rev = "openmw-48-rc9";
+            hash = "sha256-3x+pwtZh+moLN3l1x5Q0rr9TKo3BMaul73ZgywrRBCk=";
+          };
+          patches = [];
+          buildInputs =
+            final.buildInputs
+            ++ (with super; [
+              yaml-cpp
+              luajit
+            ]);
+        });
+
+        inherit (pkgsPR "228852" "sha256-NKZySJ3IVMMeSmpc1zYwse52kxGg0dIrsHTMcO8a73Y=") soju;
       }
       // (with super; let
         np = nodePackages;
@@ -129,33 +145,28 @@ with lib; {
 
   environment.systemPackages = with pkgs;
     optionals this.isHeadful [
-      hydra-check
       nix-top
       nix-tree
     ];
 
-  hm.home = {
-    packages = with pkgs; [nix-index];
-
-    file.".nix-defexpr/default.nix".text =
-      optionalString this.isHeadful
-      (
+  hm.home.file.".nix-defexpr/default.nix".text =
+    optionalString this.isHeadful
+    (
+      let
+        hostname = strings.escapeNixIdentifier this.hostname;
+      in ''
         let
-          hostname = strings.escapeNixIdentifier this.hostname;
-        in ''
-          let
-            self = builtins.getFlake "nixfiles";
-            configurations = self.nixosConfigurations;
-            local = configurations.${hostname};
-          in rec {
-            inherit self;
-            inherit (self) inputs lib;
-            inherit (lib) my;
-            this = my.configurations.${hostname};
-            inherit (local) config;
-            inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
-          } // configurations // local._module.args
-        ''
-      );
-  };
+          self = builtins.getFlake "nixfiles";
+          configurations = self.nixosConfigurations;
+          local = configurations.${hostname};
+        in rec {
+          inherit self;
+          inherit (self) inputs lib;
+          inherit (lib) my;
+          this = my.configurations.${hostname};
+          inherit (local) config;
+          inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
+        } // configurations // local._module.args
+      ''
+    );
 }
diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix
index 210924a..442a03a 100644
--- a/modules/common/profiles/dev/default.nix
+++ b/modules/common/profiles/dev/default.nix
@@ -80,7 +80,11 @@ in {
 
       packages = with pkgs; [
         htmlq
+        hydra-check
         jq
+        nix-index
+        nix-update
+        nixpkgs-review
         yq
       ];
     };
diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix
index d3ad661..49be684 100644
--- a/modules/nixos/acme.nix
+++ b/modules/nixos/acme.nix
@@ -21,6 +21,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/acme"];
+
     security.acme = {
       acceptTerms = true;
       defaults = {
diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix
index 1350a6a..caf9a38 100644
--- a/modules/nixos/endlessh.nix
+++ b/modules/nixos/endlessh.nix
@@ -12,6 +12,11 @@ in {
     port = 22;
   in
     mkIf cfg.enable {
+      ark.directories = [
+        "/var/lib/gotify-server"
+        "/var/lib/private/gotify-server"
+      ];
+
       services.endlessh = {
         enable = true;
         inherit port;
diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix
index 5ac3c9c..a42aab3 100644
--- a/modules/nixos/fail2ban.nix
+++ b/modules/nixos/fail2ban.nix
@@ -11,6 +11,8 @@ in {
     mkEnableOption "fail2ban";
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/fail2ban"];
+
     services.fail2ban = {
       enable = true;
 
diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix
index 1a1e61f..ba18849 100644
--- a/modules/nixos/games/steam-run.nix
+++ b/modules/nixos/games/steam-run.nix
@@ -11,8 +11,9 @@ in {
     enable = mkEnableOption "native Steam runtime";
 
     quirks = {
-      mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
+      crusaderKings3 = mkEnableOption ''fixes for "Crusader Kings III" issues'';
       cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues'';
+      mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues'';
     };
   };
 
@@ -31,6 +32,16 @@ in {
         extraLibraries = _:
           with cfg.quirks;
             []
+            ++ optionals crusaderKings3 [
+              ncurses
+            ]
+            ++ optionals cryptOfTheNecrodancer [
+              (import (builtins.fetchTarball {
+                url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz";
+                sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy";
+              }) {inherit (config.nixpkgs) config localSystem;})
+              .flac
+            ]
             ++ optionals mountAndBladeWarband [
               (glew.overrideAttrs (_: super: let
                 opname = super.pname;
@@ -58,13 +69,6 @@ in {
                   patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so
                 '';
               }))
-            ]
-            ++ optionals cryptOfTheNecrodancer [
-              (import (builtins.fetchTarball {
-                url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz";
-                sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy";
-              }) {inherit (config.nixpkgs) config localSystem;})
-              .flac
             ];
       })
       .run
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix
index 62a200c..9236437 100644
--- a/modules/nixos/git/default.nix
+++ b/modules/nixos/git/default.nix
@@ -24,6 +24,10 @@ in {
   };
 
   config = mkIf cfg.server.enable {
+    ark.directories = [
+      config.services.gitolite.dataDir
+    ];
+
     nixfiles.modules.nginx = {
       enable = true;
       virtualHosts.${cfg.server.domain} = {
diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix
index e8630c4..c191e38 100644
--- a/modules/nixos/grafana.nix
+++ b/modules/nixos/grafana.nix
@@ -27,6 +27,8 @@ in {
     db = "grafana";
   in
     mkIf cfg.enable {
+      ark.directories = [config.services.grafana.dataDir];
+
       secrets = {
         grafana-key = {
           file = "${inputs.self}/secrets/grafana-key";
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix
index 6d32ec6..16e986c 100644
--- a/modules/nixos/ipfs.nix
+++ b/modules/nixos/ipfs.nix
@@ -108,6 +108,10 @@ in {
             }
           )
         ];
+
+        localDiscovery = true;
+
+        startWhenNeeded = true;
       };
 
       networking.firewall = rec {
diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix
index 8439ec0..ffa0735 100644
--- a/modules/nixos/lidarr.nix
+++ b/modules/nixos/lidarr.nix
@@ -17,6 +17,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/lidarr"];
+
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.lidarr.servers."127.0.0.1:8686" = {};
@@ -31,5 +33,9 @@ in {
       user = "rtorrent";
       group = "rtorrent";
     };
+
+    systemd.tmpfiles.rules = with config.services.lidarr; [
+      "d /var/lib/lidarr/root 0755 ${user} ${group} - -"
+    ];
   };
 }
diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix
index fe3c2eb..90a051c 100644
--- a/modules/nixos/loki.nix
+++ b/modules/nixos/loki.nix
@@ -24,6 +24,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = [config.services.loki.configuration.common.path_prefix];
+
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index 35647cb..bd19f8b 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -28,6 +28,11 @@ in {
     db = "dendrite";
   in
     mkIf cfg.enable {
+      ark.directories = [
+        "/var/lib/dendrite"
+        "/var/lib/private/dendrite"
+      ];
+
       secrets.dendrite-private-key = {
         file = "${inputs.self}/secrets/dendrite-private-key";
         mode = "0444"; # The user is dynamic so the file must be world-readable.
diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
index 1117f23..a74ebb4 100644
--- a/modules/nixos/matrix/synapse.nix
+++ b/modules/nixos/matrix/synapse.nix
@@ -21,6 +21,8 @@ in {
     port = 8448;
   in
     mkIf cfg.enable {
+      ark.directories = ["/var/lib/matrix-synapse"];
+
       nixfiles.modules = {
         nginx = {
           enable = true;
diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix
index cbd90d4..8ac7899 100644
--- a/modules/nixos/murmur.nix
+++ b/modules/nixos/murmur.nix
@@ -10,6 +10,8 @@ in {
   options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur";
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/murmur"];
+
     secrets.murmur-environment = {
       file = "${inputs.self}/secrets/murmur-environment";
       owner = "murmur";
diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix
index f8510d5..edbe7e5 100644
--- a/modules/nixos/ntfy.nix
+++ b/modules/nixos/ntfy.nix
@@ -40,6 +40,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.files = [config.services.ntfy-sh.settings.auth-file];
+
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {};
diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix
index c7085ce..89b24b8 100644
--- a/modules/nixos/postgresql.nix
+++ b/modules/nixos/postgresql.nix
@@ -37,6 +37,8 @@ in {
       }
     ];
 
+    ark.directories = [config.services.postgresql.dataDir];
+
     services = {
       postgresql = {
         enable = true;
diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix
index c706eae..1551934 100644
--- a/modules/nixos/radarr.nix
+++ b/modules/nixos/radarr.nix
@@ -17,6 +17,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/radarr"];
+
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.radarr.servers."127.0.0.1:7878" = {};
diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix
index c903d39..d072899 100644
--- a/modules/nixos/radicale.nix
+++ b/modules/nixos/radicale.nix
@@ -21,6 +21,8 @@ in {
     port = 5232;
   in
     mkIf cfg.enable {
+      ark.directories = ["/var/lib/radicale"];
+
       secrets.radicale-htpasswd = {
         file = "${inputs.self}/secrets/radicale-htpasswd";
         owner = "radicale";
diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix
index 166407e..ca25101 100644
--- a/modules/nixos/redis.nix
+++ b/modules/nixos/redis.nix
@@ -10,6 +10,8 @@ in {
   options.nixfiles.modules.redis.enable = mkEnableOption "Redis";
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/redis-default"];
+
     services = {
       redis = {
         servers.default = {
diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix
index fef1070..1fcaac8 100644
--- a/modules/nixos/rss-bridge.nix
+++ b/modules/nixos/rss-bridge.nix
@@ -17,6 +17,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/rss-bridge"];
+
     nixfiles.modules.nginx = {
       enable = true;
       virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly;
diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix
index 4014a3b..a4cade7 100644
--- a/modules/nixos/rtorrent.nix
+++ b/modules/nixos/rtorrent.nix
@@ -31,6 +31,8 @@ in {
       (let
         port = 50000;
       in {
+        ark.directories = [baseDir];
+
         systemd = {
           services.rtorrent = {
             description = "rTorrent";
diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix
index 5990ff1..2d2feb9 100644
--- a/modules/nixos/sonarr.nix
+++ b/modules/nixos/sonarr.nix
@@ -17,6 +17,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/sonarr"];
+
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.sonarr.servers."127.0.0.1:8989" = {};
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 79d52eb..d24b79e 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -22,6 +22,8 @@ in {
     adblock-conf = "${config.services.unbound.stateDir}/adblock.conf";
   in
     mkIf cfg.enable {
+      ark.directories = [config.services.unbound.stateDir];
+
       nixfiles.modules.redis.enable = true;
 
       services = {
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 7d51667..2475ed3 100644
--- a/modules/nixos/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
@@ -21,6 +21,8 @@ in {
     db = "vaultwarden";
   in
     mkIf cfg.enable {
+      ark.directories = ["/var/lib/bitwarden_rs"];
+
       secrets.vaultwarden-environment = {
         file = "${inputs.self}/secrets/vaultwarden-environment";
         owner = "vaultwarden";
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index 3db651e..2c53b64 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -18,6 +18,7 @@ with lib; {
       lutris.enable = true;
       minecraft.client.enable = true;
       steam.enable = true;
+      steam-run.quirks.crusaderKings3 = true;
     };
     android.enable = true;
     bluetooth.enable = true;
@@ -26,13 +27,23 @@ with lib; {
     qutebrowser.enable = true;
     mpd.enable = true;
     ipfs.enable = true;
+
+    common.nix.allowedUnfreePackages = ["burpsuite"];
   };
 
   hm = {
     home.packages = with pkgs; [
+      burpsuite
+      gzdoom
       kdenlive
+      nikto
       obs-studio
+      openmw
+      openttd
       radeontop
+      vcmi
+      whatweb
+      zap
     ];
 
     programs = {
diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix
index 0667a49..acd625b 100644
--- a/nixosConfigurations/manwe/mailserver.nix
+++ b/nixosConfigurations/manwe/mailserver.nix
@@ -7,36 +7,46 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  nixfiles.modules.redis.enable = true;
+  ark.directories = with config.mailserver; [
+    "/var/lib/dovecot"
+    "/var/lib/postfix"
+    config.security.dhparams.params.dovecot2.path
+    dkimKeyDirectory
+    mailDirectory
+    sieveDirectory
+  ];
 
-  secrets = {
+  secrets = with config.mailserver; {
     dkim-key-azahi-cc = {
       file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-rohan-net = {
       file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-gondor-net = {
       file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-shire-net = {
       file = "${inputs.self}/secrets/dkim-key-shire-net";
-      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
   };
 
-  nixfiles.modules.acme.enable = true;
+  nixfiles.modules = {
+    acme.enable = true;
+    redis.enable = true;
+  };
 
   mailserver = let
     cert = config.certs.${my.domain.shire};
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index 340ea8b..2ff8993 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -5,7 +5,7 @@ with lib; {
 
     acme.enable = true;
 
-    k3s.enable = true;
+    k3s.enable = false;
   };
 
   boot = {
diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix
index 908b6d3..ba298f8 100644
--- a/nixosConfigurations/yavanna/default.nix
+++ b/nixosConfigurations/yavanna/default.nix
@@ -14,38 +14,19 @@ with lib; {
     # ipfs.enable = true;
   };
 
-  boot = {
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
-
-    # NOTE This is probably not required, but I cannot test this out without
-    # risking "bricking" my VPS because Kimsufi/OVH doesn't provide a console
-    # access. This configuration was generated via nixos-infect[1] and at the
-    # time I didn't bother to test for loaded kernel modules and just left the
-    # automatically (IIRC) generated `hardware-configuration.nix' as is.
-    #
-    # There's, however, no indication that any NVME drives are being used and,
-    # as the matter of fact, the VPS itself is on KVM, so... I'm still not going
-    # to risk it, though.
-    #
-    # [1]: https://github.com/elitak/nixos-infect
-    initrd.availableKernelModules = ["nvme"];
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+    configurationLimit = 5;
   };
 
   fileSystems."/" = {
-    device = "/dev/sda1";
+    device = "/dev/sda2";
     fsType = "ext4";
     options = ["noatime"];
   };
 
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 4 * 1024;
-    }
-  ];
+  swapDevices = [{device = "/dev/sda3";}];
 
   zramSwap = {
     enable = true;

Consider giving Nix/NixOS a try! <3