nixos: rework configurations management

24 files changed, 366 insertions, 412 deletions

diff --git a/flake.lock b/flake.lock
index 02137f2..f439301 100644
--- a/flake.lock
+++ b/flake.lock
@@ -745,11 +745,11 @@
     },
     "vpsadminos": {
       "locked": {
-        "lastModified": 1710366851,
-        "narHash": "sha256-/Qhjx2mM87tc0ip+aJUeCYbdUQ5a0eb9GmxeAQvM+bA=",
+        "lastModified": 1710509949,
+        "narHash": "sha256-U4rYEcV40x7VpZfeOw21cZFIZrh+bjxx2iYRtnCRfTc=",
         "owner": "vpsfreecz",
         "repo": "vpsadminos",
-        "rev": "0cb872bfbf463f38c611e5c6d8ec28ee69ed48c2",
+        "rev": "d61fad3eedeaae209870f3f8f4e65e996e778ad0",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 33b647d..945f722 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,62 +6,83 @@
     nixos-hardware.url = "nixos-hardware";
     nixdeploy.url = "gitlab:cynerd/nixdeploy";
     personal-secret.url = "git+ssh://git@cynerd.cz/nixos-personal-secret";
+    shellrc.url = "git+https://git.cynerd.cz/shellrc";
 
     agenix.url = "github:ryantm/agenix";
     shvspy.url = "git+https://github.com/silicon-heaven/shvspy.git?submodules=1";
     shvcli.url = "github:silicon-heaven/shvcli";
 
+    usbkey.url = "gitlab:cynerd/usbkey";
+
     nixturris.url = "gitlab:cynerd/nixturris";
     nixbigclown.url = "github:cynerd/nixbigclown";
     vpsadminos.url = "github:vpsfreecz/vpsadminos";
-
-    shellrc.url = "git+https://git.cynerd.cz/shellrc";
-    usbkey.url = "gitlab:cynerd/usbkey";
   };
 
   outputs = {
     self,
-    nixpkgs,
     flake-utils,
+    nixpkgs,
+    nixdeploy,
+    personal-secret,
+    shellrc,
     agenix,
     shvspy,
     shvcli,
-    nixdeploy,
-    shellrc,
     usbkey,
+    nixturris,
+    nixbigclown,
     ...
   }: let
     inherit (flake-utils.lib) eachDefaultSystem filterPackages;
-    inherit (nixpkgs.lib) mapAttrs' nameValuePair filterAttrs;
+    inherit (nixpkgs.lib) attrValues;
+    revision = self.shortRev or self.dirtyShortRev or "unknown";
   in
     {
-      lib = import ./lib nixpkgs.lib;
       overlays = {
-        noInherit = final: prev: import ./pkgs final prev;
+        lib = final: prev: import ./lib prev;
+        pkgs = final: prev: import ./pkgs final prev;
         default = nixpkgs.lib.composeManyExtensions [
           agenix.overlays.default
-          shvspy.overlays.default
-          shvcli.overlays.default
           nixdeploy.overlays.default
+          self.overlays.pkgs
           shellrc.overlays.default
+          shvcli.overlays.default
+          shvspy.overlays.default
           usbkey.overlays.default
-          self.overlays.noInherit
         ];
       };
-      nixosModules = import ./nixos self;
-      nixosConfigurations = import ./nixos/configurations.nix self;
+
+      nixosModules = let
+        modules = import ./nixos/modules {inherit (nixpkgs) lib;};
+      in
+        modules
+        // {
+          default = {
+            imports =
+              attrValues modules
+              ++ [
+                nixbigclown.nixosModules.default
+                nixdeploy.nixosModules.default
+                nixturris.nixosModules.default
+                personal-secret.nixosModules.default
+                shellrc.nixosModules.default
+                usbkey.nixosModules.default
+              ];
+            config = {
+              nixpkgs.overlays = [self.overlays.default];
+              system.configurationRevision = revision;
+            };
+          };
+        };
+
+      nixosConfigurations = import ./nixos/configurations self;
+      lib = import ./lib nixpkgs.lib;
     }
     // eachDefaultSystem (system: let
       pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default;
     in {
-      packages =
-        {default = pkgs.nixdeploy;}
-        // mapAttrs' (n: v:
-          nameValuePair
-          "tarball-${n}"
-          v.buildPlatform.${system}.config.system.build.tarball) (filterAttrs
-          (n: v: v.config.system.build ? tarball)
-          self.nixosConfigurations);
+      packages.default = pkgs.nixdeploy;
       legacyPackages = pkgs;
       devShells = filterPackages system (import ./devShells pkgs);
       formatter = pkgs.alejandra;
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
deleted file mode 100644
index 0e6a4d5..0000000
--- a/nixos/configurations.nix
+++ /dev/null
@@ -1,117 +0,0 @@
-self: let
-  inherit (self.inputs) nixpkgs nixos-hardware nixturris vpsadminos;
-  inherit (nixpkgs.lib) optional hasAttr composeManyExtensions;
-
-  modules = hostname:
-    [
-      self.nixosModules.default
-      self.inputs.personal-secret.nixosModules.default
-      {
-        networking.hostName = hostname;
-        nixpkgs.overlays = [self.overlays.default];
-        system.configurationRevision = self.rev or "dirty";
-      }
-    ]
-    ++ (optional (hasAttr "machine-${hostname}" self.nixosModules) self.nixosModules."machine-${hostname}");
-  specialArgs = {
-    lib = nixpkgs.lib.extend (composeManyExtensions [
-      nixturris.overlays.lib
-      (prev: final: import ../lib prev)
-    ]);
-  };
-
-  genericSystem = {
-    platform ? {system = "x86_64-linux";},
-    extra_modules ? [],
-  }: hostname: {
-    ${hostname} = nixturris.lib.addBuildPlatform (nixpkgs.lib.nixosSystem {
-      inherit specialArgs;
-      modules = (modules hostname) ++ extra_modules ++ [{nixpkgs.hostPlatform = platform;}];
-    });
-  };
-  amd64System = genericSystem {};
-  vpsSystem = genericSystem {
-    extra_modules = [
-      vpsadminos.nixosConfigurations.container
-      {boot.loader.systemd-boot.enable = false;}
-    ];
-  };
-  raspi2System = genericSystem {
-    platform.system = "armv7l-linux";
-    extra_modules = [
-      nixos-hardware.nixosModules.raspberry-pi-2
-      ({pkgs, ...}: {
-        boot.loader.systemd-boot.enable = false;
-        boot.initrd.includeDefaultModules = false;
-      })
-    ];
-  };
-  raspi3System = genericSystem {
-    platform.system = "aarch64-linux";
-    extra_modules = [
-      ({pkgs, ...}: {
-        boot = {
-          kernelPackages = pkgs.linuxPackages_rpi3;
-          initrd.includeDefaultModules = false;
-          loader = {
-            grub.enable = false;
-            systemd-boot.enable = false;
-            generic-extlinux-compatible.enable = true;
-          };
-        };
-      })
-    ];
-  };
-  beagleboneSystem = genericSystem {
-    platform.system = "armv7l-linux";
-    extra_modules = [
-      {
-        boot.loader = {
-          grub.enable = false;
-          systemd-boot.enable = false;
-          generic-extlinux-compatible.enable = true;
-        };
-      }
-    ];
-  };
-
-  vmSystem = system: hostSystem:
-    genericSystem {
-      platform.system = system;
-      extra_modules = [
-        {
-          boot.loader.systemd-boot.enable = false;
-          virtualisation.qemu.package = self.nixosConfigurations."${hostSystem}".pkgs.qemu;
-        }
-      ];
-    };
-  amd64vmSystem = vmSystem "x86_64-linux";
-  armv7lvmSystem = vmSystem "armv7l-linux";
-  aarch64vmSystem = vmSystem "aarch64-linux";
-
-  turrisSystem = board:
-    genericSystem {
-      platform = nixturris.lib.boardPlatform.${board};
-      extra_modules = [
-        nixturris.nixosModules.default
-        {turris.board = board;}
-      ];
-    };
-  turrisMoxSystem = turrisSystem "mox";
-  turrisOmniaSystem = turrisSystem "omnia";
-in
-  amd64System "albert"
-  // amd64System "binky"
-  // amd64System "errol"
-  // amd64System "ridcully"
-  // vpsSystem "lipwig"
-  // raspi2System "spt-mpd"
-  // raspi3System "adm-mpd"
-  // beagleboneSystem "gaspode"
-  // turrisMoxSystem "dean"
-  // turrisOmniaSystem "spt-omnia"
-  // turrisOmniaSystem "spt-omniax"
-  // turrisMoxSystem "spt-mox"
-  // turrisMoxSystem "spt-mox2"
-  // turrisOmniaSystem "adm-omnia"
-  // turrisOmniaSystem "adm-omnia2"
diff --git a/nixos/machine/adm-mpd.nix b/nixos/configurations/adm-mpd.nix
index ae2ea01..ac3b4de 100644
--- a/nixos/machine/adm-mpd.nix
+++ b/nixos/configurations/adm-mpd.nix
@@ -5,6 +5,8 @@
 }: let
   inherit (lib) filterAttrs;
 in {
+  nixpkgs.hostPlatform.system = "aarch64-linux";
+
   fileSystems = {
     "/" = {
       device = "/dev/mmcblk0p2";
diff --git a/nixos/machine/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 08db3fd..3f857ee 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -1,4 +1,6 @@
 {config, ...}: {
+  turris.board = "omnia";
+
   cynerd = {
     router = {
       enable = true;
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix
index 6a9831a..19ee446 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/configurations/adm-omnia2.nix
@@ -1,4 +1,5 @@
 {config, ...}: {
+  turris.board = "omnia";
   deploy = {
     enable = true;
     ssh.host = "omnia2.adm";
diff --git a/nixos/machine/albert.nix b/nixos/configurations/albert.nix
index b9a2c8e..a6a4ee1 100644
--- a/nixos/machine/albert.nix
+++ b/nixos/configurations/albert.nix
@@ -1,4 +1,6 @@
 {
+  nixpkgs.hostPlatform.system = "x86_64-linux";
+
   cynerd = {
     desktop = {
       enable = true;
diff --git a/nixos/machine/binky.nix b/nixos/configurations/binky.nix
index 569fccb..c51f95b 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -1,6 +1,7 @@
 {lib, ...}: let
   inherit (lib) mkDefault;
 in {
+  nixpkgs.hostPlatform.system = "x86_64-linux";
   deploy = {
     enable = true;
     default = false;
diff --git a/nixos/machine/dean.nix b/nixos/configurations/dean.nix
index 0a97e33..b91083c 100644
--- a/nixos/machine/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,4 +1,6 @@
 {pkgs, ...}: {
+  nixpkgs.hostPlatform.system = "aarch64-linux";
+
   cynerd = {
     openvpn = {
       oldpersonal = true;
diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix
new file mode 100644
index 0000000..497c0fb
--- /dev/null
+++ b/nixos/configurations/default.nix
@@ -0,0 +1,42 @@
+self: let
+  inherit (builtins) readDir;
+  inherit (self.inputs) nixpkgs nixturris;
+  inherit
+    (nixpkgs.lib)
+    filterAttrs
+    composeManyExtensions
+    hasSuffix
+    nameValuePair
+    nixosSystem
+    removeSuffix
+    mapAttrs
+    mapAttrs'
+    ;
+in
+  mapAttrs' (
+    fname: _: let
+      name = removeSuffix ".nix" fname;
+    in
+      nameValuePair name (nixosSystem {
+        modules = [
+          (./. + ("/" + fname))
+          {networking.hostName = name;}
+          self.nixosModules.default
+        ];
+        specialArgs = {
+          inputModules =
+            mapAttrs (v: v.nixosModules) self.inputs
+            // {
+              vpsadminos = self.inputs.vpsadminos.nixosConfigurations.container;
+            };
+          lib = nixpkgs.lib.extend (composeManyExtensions [
+            nixturris.overlays.lib
+            self.overlays.lib
+          ]);
+        };
+      })
+  )
+  (filterAttrs (
+    n: v:
+      v == "regular" && n != "default.nix" && hasSuffix ".nix" n
+  ) (readDir ./.))
diff --git a/nixos/machine/errol.nix b/nixos/configurations/errol.nix
index 6f48a17..a9475ef 100644
--- a/nixos/machine/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -6,6 +6,7 @@
 }: let
   inherit (lib) mkDefault;
 in {
+  nixpkgs.hostPlatform.system = "x86_64-linux";
   deploy.enable = true;
 
   cynerd = {
diff --git a/nixos/machine/gaspode.nix b/nixos/configurations/gaspode.nix
index 5e57456..78d8277 100644
--- a/nixos/machine/gaspode.nix
+++ b/nixos/configurations/gaspode.nix
@@ -1,4 +1,6 @@
 {
+  nixpkgs.hostPlatform.system = "armv7l-linux";
+
   fileSystems = {
     "/" = {
       device = "/dev/mmcblk0p2";
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
new file mode 100644
index 0000000..c484541
--- /dev/null
+++ b/nixos/configurations/lipwig.nix
@@ -0,0 +1,237 @@
+{
+  config,
+  pkgs,
+  inputModules,
+  ...
+}: {
+  imports = [inputModules.vpsadminos];
+
+  config = {
+    nixpkgs.hostPlatform.system = "x86_64-linux";
+
+    deploy = {
+      enable = true;
+      ssh.host = "cynerd.cz";
+    };
+
+    cynerd = {
+      syncthing = {
+        enable = false;
+        baseDir = "/nas";
+      };
+      openvpn.oldpersonal = true;
+    };
+
+    boot.loader.systemd-boot.enable = false;
+
+    fileSystems."/nas" = {
+      device = "172.16.128.63:/nas/2682";
+      fsType = "nfs";
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [80 443];
+      allowedUDPPorts = [1194];
+    };
+
+    # Web ######################################################################
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "cynerd.cz" = {
+          forceSSL = true;
+          enableACME = true;
+          locations = {
+            "/".root = ../../web;
+            "/radicale/" = {
+              proxyPass = "http://127.0.0.1:5232/";
+              extraConfig = ''
+                proxy_set_header  X-Script-Name /radicale;
+                proxy_pass_header Authorization;
+              '';
+            };
+          };
+        };
+        "git.cynerd.cz" = {
+          forceSSL = true;
+          useACMEHost = "cynerd.cz";
+          root = "${pkgs.cgit}/cgit";
+          locations."/".tryFiles = "$uri @cgit";
+          locations."@cgit".extraConfig = ''
+            fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+            fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+            fastcgi_param PATH_INFO    $uri;
+            fastcgi_param QUERY_STRING $args;
+            fastcgi_param HTTP_HOST    $server_name;
+          '';
+        };
+        "cloud.cynerd.cz" = {
+          forceSSL = true;
+          useACMEHost = "cynerd.cz";
+        };
+        "grafana.cynerd.cz" = {
+          forceSSL = true;
+          useACMEHost = "cynerd.cz";
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+            extraConfig = "proxy_set_header Host $host;";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+    services.fcgiwrap = {
+      enable = true;
+      inherit (config.services.nginx) group;
+    };
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "cynerd+acme@email.cz";
+      certs."cynerd.cz".extraDomainNames = [
+        "git.cynerd.cz"
+        "cloud.cynerd.cz"
+        "grafana.cynerd.cz"
+      ];
+    };
+
+    # Git ######################################################################
+    services.gitolite = {
+      enable = true;
+      user = "git";
+      group = "git";
+      dataDir = "/var/lib/git";
+      adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
+    };
+    services.gitDaemon = {
+      enable = false;
+      user = "gitdemon";
+      group = "gitdaemon";
+      basePath = "/var/lib/git/repositories";
+    };
+    environment.etc."cgitrc".text = ''
+      root-title=Cynerd's git repository
+      root-desc=All my projects (at least those released to public)
+      #logo=cynerd.cz/wolf.svg
+      virtual-root=/
+
+      # Allow download of tar.gz, tar.bz2 and zip-files
+      snapshots=tar.gz tar.bz2 zip
+      ## List of common mimetypes
+      mimetype.gif=image/gif
+      mimetype.html=text/html
+      mimetype.jpg=image/jpeg
+      mimetype.jpeg=image/jpeg
+      mimetype.pdf=application/pdf
+      mimetype.png=image/png
+      mimetype.svg=image/svg+xml
+
+      source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+      about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+      readme=:README.md
+      readme=:README.adoc
+
+      enable-index-owner=0
+      enable-index-links=1
+      enable-http-clone=1
+      clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+      enable-commit-graph=1
+      branch-sort=age
+
+      remove-suffix=1
+      enable-git-config=1
+      project-list=/var/lib/git/projects.list
+      scan-path=/var/lib/git/repositories/
+    '';
+
+    # Nextcloud ################################################################
+    services.nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud28;
+      https = true;
+      hostName = "cloud.cynerd.cz";
+      datadir = "/nas/nextcloud";
+      config = {
+        adminuser = "cynerd";
+        adminpassFile = "/run/secrets/nextcloud.admin.pass";
+        dbtype = "pgsql";
+        dbhost = "/run/postgresql";
+        dbtableprefix = "oc_";
+      };
+      settings = {
+        #log_type = "systemd";
+        default_phone_region = "CZ";
+      };
+      phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "16";
+      };
+      maxUploadSize = "1G";
+      appstoreEnable = false;
+      extraApps = {
+        inherit
+          (config.services.nextcloud.package.packages.apps)
+          bookmarks
+          calendar
+          contacts
+          cookbook
+          deck
+          forms
+          groupfolders
+          impersonate
+          maps
+          memories
+          notes
+          phonetrack
+          previewgenerator
+          spreed
+          tasks
+          twofactor_nextcloud_notification
+          twofactor_webauthn
+          ;
+        # Additional modules can be fetched with:
+        # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
+        passwords = pkgs.fetchNextcloudApp {
+          url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
+          sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
+          license = "agpl3";
+        };
+        integration_github = pkgs.fetchNextcloudApp {
+          url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
+          sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
+          license = "agpl3";
+        };
+        integration_gitlab = pkgs.fetchNextcloudApp {
+          url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
+          sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
+          license = "agpl3";
+        };
+      };
+    };
+    environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
+
+    # Postgresql ###############################################################
+    services.postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = ["nextcloud"];
+    };
+
+    # Old Syncthing ############################################################
+    services.syncthing = {
+      enable = true;
+      openDefaultPorts = true;
+
+      overrideDevices = false;
+      overrideFolders = false;
+
+      dataDir = "/nas/sync";
+      configDir = "/nas/sync/.syncthing";
+    };
+  };
+}
diff --git a/nixos/machine/ridcully.nix b/nixos/configurations/ridcully.nix
index f4af643..3e2b474 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -1,6 +1,7 @@
 {lib, ...}: let
   inherit (lib) mkDefault;
 in {
+  nixpkgs.hostPlatform.system = "x86_64-linux";
   deploy.enable = true;
 
   cynerd = {
diff --git a/nixos/machine/spt-mox.nix b/nixos/configurations/spt-mox.nix
index edeae8a..7b1ffb8 100644
--- a/nixos/machine/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -1,4 +1,5 @@
 {config, ...}: {
+  turris.board = "mox";
   deploy = {
     enable = true;
     ssh.host = "mox.spt";
diff --git a/nixos/machine/spt-mox2.nix b/nixos/configurations/spt-mox2.nix
index 45035d4..612e85e 100644
--- a/nixos/machine/spt-mox2.nix
+++ b/nixos/configurations/spt-mox2.nix
@@ -1,4 +1,5 @@
 {config, ...}: {
+  turris.board = "mox";
   deploy = {
     enable = true;
     ssh.host = "mox2.spt";
diff --git a/nixos/configurations/spt-mpd.nix b/nixos/configurations/spt-mpd.nix
new file mode 100644
index 0000000..b212932
--- /dev/null
+++ b/nixos/configurations/spt-mpd.nix
@@ -0,0 +1,15 @@
+{inputModules, ...}: {
+  imports = [inputModules.nixos-hardware.raspberry-pi-2];
+
+  config = {
+    nixpkgs.hostPlatform.system = "armv7l-linux";
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/mmcblk0p1";
+        fsType = "btrfs";
+        options = ["compress=lzo"];
+      };
+    };
+  };
+}
diff --git a/nixos/machine/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index ea5b4e1..ca4d211 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -5,6 +5,7 @@
 }: let
   hosts = config.cynerd.hosts.spt;
 in {
+  turris.board = "omnia";
   deploy = {
     enable = true;
     ssh.host = "omnia.spt";
diff --git a/nixos/machine/spt-omniax.nix b/nixos/configurations/spt-omniax.nix
index 8edef49..4f9e0e0 100644
--- a/nixos/machine/spt-omniax.nix
+++ b/nixos/configurations/spt-omniax.nix
@@ -1,4 +1,6 @@
 {
+  turris.board = "omnia";
+
   cynerd = {
     router = {
       enable = true;
diff --git a/nixos/default.nix b/nixos/default.nix
deleted file mode 100644
index b740024..0000000
--- a/nixos/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-self: let
-  machines = import ./machine self;
-  modules = import ./modules self;
-in
-  modules
-  // machines
-  // {
-    default = {
-      imports = with self.inputs;
-        [
-          nixdeploy.nixosModules.default
-          shellrc.nixosModules.default
-          usbkey.nixosModules.default
-          nixbigclown.nixosModules.default
-        ]
-        ++ builtins.attrValues modules;
-    };
-  }
diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix
deleted file mode 100644
index 4aa05ba..0000000
--- a/nixos/machine/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-self: let
-  inherit (builtins) readDir;
-  inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix;
-in
-  mapAttrs'
-  (n: v: nameValuePair "machine-${removeSuffix ".nix" n}" (import (./. + "/${n}")))
-  (filterAttrs
-    (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix")
-    (readDir ./.))
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
deleted file mode 100644
index ac868f5..0000000
--- a/nixos/machine/lipwig.nix
+++ /dev/null
@@ -1,228 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  deploy = {
-    enable = true;
-    ssh.host = "cynerd.cz";
-  };
-
-  cynerd = {
-    syncthing = {
-      enable = false;
-      baseDir = "/nas";
-    };
-    openvpn.oldpersonal = true;
-  };
-
-  fileSystems."/nas" = {
-    device = "172.16.128.63:/nas/2682";
-    fsType = "nfs";
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [80 443];
-    allowedUDPPorts = [1194];
-  };
-
-  # Web ######################################################################
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "cynerd.cz" = {
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/".root = ../../web;
-          "/radicale/" = {
-            proxyPass = "http://127.0.0.1:5232/";
-            extraConfig = ''
-              proxy_set_header  X-Script-Name /radicale;
-              proxy_pass_header Authorization;
-            '';
-          };
-        };
-      };
-      "git.cynerd.cz" = {
-        forceSSL = true;
-        useACMEHost = "cynerd.cz";
-        root = "${pkgs.cgit}/cgit";
-        locations."/".tryFiles = "$uri @cgit";
-        locations."@cgit".extraConfig = ''
-          fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
-          fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
-          fastcgi_param PATH_INFO    $uri;
-          fastcgi_param QUERY_STRING $args;
-          fastcgi_param HTTP_HOST    $server_name;
-        '';
-      };
-      "cloud.cynerd.cz" = {
-        forceSSL = true;
-        useACMEHost = "cynerd.cz";
-      };
-      "grafana.cynerd.cz" = {
-        forceSSL = true;
-        useACMEHost = "cynerd.cz";
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
-          extraConfig = "proxy_set_header Host $host;";
-          proxyWebsockets = true;
-        };
-      };
-    };
-  };
-  services.fcgiwrap = {
-    enable = true;
-    inherit (config.services.nginx) group;
-  };
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "cynerd+acme@email.cz";
-    certs."cynerd.cz".extraDomainNames = [
-      "git.cynerd.cz"
-      "cloud.cynerd.cz"
-      "grafana.cynerd.cz"
-    ];
-  };
-
-  # Git ######################################################################
-  services.gitolite = {
-    enable = true;
-    user = "git";
-    group = "git";
-    dataDir = "/var/lib/git";
-    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
-  };
-  services.gitDaemon = {
-    enable = false;
-    user = "gitdemon";
-    group = "gitdaemon";
-    basePath = "/var/lib/git/repositories";
-  };
-  environment.etc."cgitrc".text = ''
-    root-title=Cynerd's git repository
-    root-desc=All my projects (at least those released to public)
-    #logo=cynerd.cz/wolf.svg
-    virtual-root=/
-
-    # Allow download of tar.gz, tar.bz2 and zip-files
-    snapshots=tar.gz tar.bz2 zip
-    ## List of common mimetypes
-    mimetype.gif=image/gif
-    mimetype.html=text/html
-    mimetype.jpg=image/jpeg
-    mimetype.jpeg=image/jpeg
-    mimetype.pdf=application/pdf
-    mimetype.png=image/png
-    mimetype.svg=image/svg+xml
-
-    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
-    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-
-    readme=:README.md
-    readme=:README.adoc
-
-    enable-index-owner=0
-    enable-index-links=1
-    enable-http-clone=1
-    clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
-    enable-commit-graph=1
-    branch-sort=age
-
-    remove-suffix=1
-    enable-git-config=1
-    project-list=/var/lib/git/projects.list
-    scan-path=/var/lib/git/repositories/
-  '';
-
-  # Nextcloud ################################################################
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud28;
-    https = true;
-    hostName = "cloud.cynerd.cz";
-    datadir = "/nas/nextcloud";
-    config = {
-      adminuser = "cynerd";
-      adminpassFile = "/run/secrets/nextcloud.admin.pass";
-      dbtype = "pgsql";
-      dbhost = "/run/postgresql";
-      dbtableprefix = "oc_";
-    };
-    settings = {
-      #log_type = "systemd";
-      default_phone_region = "CZ";
-    };
-    phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
-    phpOptions = {
-      "opcache.interned_strings_buffer" = "16";
-    };
-    maxUploadSize = "1G";
-    appstoreEnable = false;
-    extraApps = {
-      inherit
-        (config.services.nextcloud.package.packages.apps)
-        bookmarks
-        calendar
-        contacts
-        cookbook
-        deck
-        forms
-        groupfolders
-        impersonate
-        maps
-        memories
-        notes
-        phonetrack
-        previewgenerator
-        spreed
-        tasks
-        twofactor_nextcloud_notification
-        twofactor_webauthn
-        ;
-      # Additional modules can be fetched with:
-      # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
-      passwords = pkgs.fetchNextcloudApp {
-        url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
-        sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
-        license = "agpl3";
-      };
-      integration_github = pkgs.fetchNextcloudApp {
-        url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
-        sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
-        license = "agpl3";
-      };
-      integration_gitlab = pkgs.fetchNextcloudApp {
-        url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
-        sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
-        license = "agpl3";
-      };
-    };
-  };
-  environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
-
-  # Postgresql ###############################################################
-  services.postgresql = {
-    enable = true;
-    ensureUsers = [
-      {
-        name = "nextcloud";
-        ensureDBOwnership = true;
-      }
-    ];
-    ensureDatabases = ["nextcloud"];
-  };
-
-  # Old Syncthing ############################################################
-  services.syncthing = {
-    enable = true;
-    openDefaultPorts = true;
-
-    overrideDevices = false;
-    overrideFolders = false;
-
-    dataDir = "/nas/sync";
-    configDir = "/nas/sync/.syncthing";
-  };
-}
diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix
deleted file mode 100644
index 28f5f99..0000000
--- a/nixos/machine/spt-mpd.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  fileSystems = {
-    "/" = {
-      device = "/dev/mmcblk0p1";
-      fsType = "btrfs";
-      options = ["compress=lzo"];
-    };
-  };
-}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 7afdc95..ea2acb3 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,9 +1,10 @@
-self: let
+{lib}: let
   inherit (builtins) readDir;
-  inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix;
+  inherit (lib) filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix;
 in
   mapAttrs'
-  (n: v: nameValuePair "cynerd-${removeSuffix ".nix" n}" (./. + "/${n}"))
-  (filterAttrs
-    (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix")
-    (readDir ./.))
+  (fname: _: nameValuePair (removeSuffix ".nix" fname) (./. + ("/" + fname)))
+  (filterAttrs (
+    n: v:
+      v == "regular" && n != "default.nix" && hasSuffix ".nix" n
+  ) (readDir ./.))