feat: searx, nixpkgs update, vintagestory, katslime

nixos/profiles/dev/packages.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [
-    ida-pro-kat
-    android-studio
+    #ida-pro-kat
+    #android-studio
     bingrep
     hexyl
     jwt-cli

nixos/profiles/gaming/quest.nix

@@ -2,7 +2,6 @@
   environment.systemPackages = with pkgs; [
     gsettings-desktop-schemas
   ];
-  programs.adb.enable = true;
   users.users.kat.extraGroups = ["adbusers"];
   services.udev.extraRules = ''
     SUBSYSTEM=="usb",ATTR{idVendor}=="2833",ATTR{idProduct}=="0186",MODE="0660",GROUP="adbusers",TAG+="uaccess",SYMLINK+="android",SYMLINK+="android%n"

nixos/profiles/gaming/vintagestory.nix

@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+  environment.systemPackages = [
+    pkgs.vintagestory
+  ];
+}

nixos/profiles/gaming/vr.nix

@@ -7,14 +7,11 @@
   inherit (lib.lists) singleton;
   inherit (lib.meta) getExe';
 in {
-  systemd.user.services.wlx-overlay-s = {
-    description = "wlx-overlay-s";
-    path = [
-      pkgs.wayvr-dashboard
-    ];
+  systemd.user.services.wayvr = {
+    description = "wayvr";
     serviceConfig = {
       Type = "simple";
-      ExecStart = getExe' pkgs.wlx-overlay-s "wlx-overlay-s";
+      ExecStart = getExe' pkgs.wayvr "wayvr";
     };
   };
   programs.steam.extraPackages = with pkgs.gst_all_1; [
@@ -82,8 +79,7 @@ in {
   };
 
   environment.systemPackages = with pkgs; [
-    wlx-overlay-s
-    wayvr-dashboard
+    wayvr
     monado-vulkan-layers
     bs-manager
     vrcx

nixos/profiles/graphical/dns.nix

@@ -14,8 +14,5 @@ in {
     enable = false;
     domains = ["~."];
     dnssec = "false";
-    extraConfig = ''
-      DNSOverTLS=yes
-    '';
   };
 }

nixos/profiles/graphical/infra.nix

@@ -35,7 +35,7 @@ in {
     };
     */
     dns = {
-      enable = mkDefault true;
+      enable = mkDefault false;
     };
     monitoring = {
       enable = mkIf config.gensokyo-zone.access.local.enable (mkDefault true);

nixos/profiles/performance/kernel.nix

@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  #boot.zfs.package = pkgs.zfs_cachyos;
+  boot.zfs.package = pkgs.zfs_unstable;
   #boot.kernelPackages = pkgs.linuxPackages_cachyos;
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable;
 }

nixos/servers/dorkdev.nix

@@ -0,0 +1,13 @@
+{ config, inputs, ... }: let
+  domain = "dork.dev";
+in {
+    services.nginx.virtualHosts.${domain} = {
+      enableACME = true;
+      forceSSL = true;
+      locations = {
+        "/" = {
+          root = inputs.kusachi.packages.x86_64-linux.kusachi-site;
+        };
+      };
+    };
+}

nixos/servers/mail/mail.nix

@@ -6,7 +6,7 @@
     enable = true;
     stateVersion = 3;
     fqdn = "rinnosuke.inskip.me";
-    domains = ["dork.dev" "kittywit.ch" "inskip.me"];
+    domains = ["dork.dev" "kittywit.ch" "inskip.me" "katsli.me"];
 
     fullTextSearch.enable = true;
 
@@ -19,11 +19,13 @@
           "@dork.dev"
           "@inskip.me"
           "@kittywit.ch"
+          "@katsli.me"
         ];
         catchAll = [
           "dork.dev"
           "inskip.me"
           "kittywit.ch"
+          "katsli.me"
         ];
       };
     };

nixos/servers/searxng/default.nix

@@ -0,0 +1,54 @@
+{ config, lib, ... }: let
+  domain = "search.kittywit.ch";
+  cfg = config.services.searx;
+in {
+  sops.secrets.searx-env = {
+    sopsFile = ./secrets.yaml;
+  };
+  systemd.services.nginx.serviceConfig.SupplementaryGroups = [ "searx " ];
+  services = {
+    searx = {
+      enable = true;
+      configureUwsgi = true;
+      redisCreateLocally = true;
+      settings = {
+        server.secret_key = "$SEARXNG_SECRET";
+      };
+      environmentFile = config.sops.secrets.searx-env.path;
+    };
+    uwsgi.instance.vassals.searx = {
+      socket = "/run/searx/uwsgi.sock";
+      chmod-socket = "660";
+    };
+    nginx.virtualHosts.${domain} = {
+      listen = let
+        addrs = ["100.73.129.88" "[fd7a:115c:a1e0::5634:8158]"];
+      in map (addr:
+          {
+            port = 443;
+            ssl = true;
+            inherit addr;
+          }) addrs;
+      enableACME = true;
+      forceSSL = true;
+      acmeRoot = null;
+      locations = {
+        "/" = {
+          recommendedProxySettings = true;
+          recommendedUwsgiSettings = true;
+          uwsgiPass = "unix:${config.services.uwsgi.instance.vassals.searx.socket}";
+          extraConfig = # nginx
+            ''
+                uwsgi_param  HTTP_HOST             $host;
+                uwsgi_param  HTTP_CONNECTION       $http_connection;
+                uwsgi_param  HTTP_X_SCHEME         $scheme;
+                uwsgi_param  HTTP_X_SCRIPT_NAME    ""; # NOTE: When we ever make the path configurable, this must be set to anything not "/"!
+                uwsgi_param  HTTP_X_REAL_IP        $remote_addr;
+                uwsgi_param  HTTP_X_FORWARDED_FOR  $proxy_add_x_forwarded_for;
+            '';
+        };
+        "/static/".alias = lib.mkDefault "${cfg.package}/share/static/";
+      };
+    };
+  };
+}

nixos/servers/searxng/secrets.yaml

@@ -0,0 +1,137 @@
+searx-env: ENC[AES256_GCM,data:SN6klLp/1NN/Hryet/hFLu0SOtfHPkUCOI02kLRNlQR648dE8UrphDKSIYG0J2VLw7bE9XrykY4FxhK5LdBtg8FCGac/Kkmal7zXEbNLCMo=,iv:uTDs08pTR33HPlAgLWXiGHmsczACx6sar0XbKMYpG+I=,tag:5p8mMaGrjWqv0oLoxuEynA==,type:str]
+sops:
+    shamir_threshold: 1
+    age:
+        - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbTNnWit5R2EvNmdZcmJD
+            c0V6ekNwNUF5bEFjL2xrZUU0eHBDRG1UbFdnCk1CLzY0cGhhUjRJbzFwNFVwL3FY
+            RmJ3b3A2dGEzNTFYUDFKWVZKZnF5a1kKLS0tIFFQMnFOeTF5dmtPWUcxd05FazFq
+            b2JFZU5ORE9kOFBpNzM1SmlaeGtNSW8KD16YQNXKJse7rj+FBkZ0D2RM2BpcNThI
+            m8D5n/tLUZ0OjVh37FLYtqXnhqKlw4PXJyZ59WkSZLLvXuiM++9g8g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGS29nZ09SY1l4VVNqS1BN
+            YnF4SnlOdm1YK3ZOZzU3b0xBNEUrMlFvZVVZCnNyYjBERGZSSkVJbExvMDQvekVC
+            ODJxZXBQZVk1VnBBVi93SHZoTEZCMTQKLS0tIExCUWc5UG0rYlM2RmNHb3A3QXVo
+            VmNJSFROL1NtRVN4cFZlY2lUTjFIWVEK770h7Sk2fl1f3UHKUSj/MkhfGy1Wy554
+            biEzP7B++CDtmCyFTGxPlW3dD7+fC9SM1/1CN04zu8xIi9lDdpJP3A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a0m73qr8hhuz8xemv4vymf4wmpghm2hst8wgrn3pn65ext5mf4ksk0vsdm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRThSRWNZWTdMRzFXRWla
+            dHZpUGlsWnBJYXNiVjRIMEpSNjl1RzkycVZ3CmtFL0M2aHA5dHkxQkxEVmFQcVJ6
+            Z3FGREdEajlocEYyUnJZSksxL3g4WmcKLS0tIFlMVXdDbThmZGMvaGZhNEQwdm1Q
+            ckllR2xoYi94R3JOd2FKWjFTMDN6cU0KVjQQhC31JTmsckuY/ZV+mn4UT7mDjEQN
+            ne8ww4s+IhZaMLZVcZpOcqCsllfWHI0kGXhLLJa84E1AROvrfJh55Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaW5hZHRBM1VtekV4MU93
+            RHpKQ2prR09ObUJwVjZlWWtGZ1ZodDlGQ0Q0Ci9sbXJNbzhDS0ZxL3M0ZlNpcUU5
+            Z3g4Q3NheFJrQVo5eUNLam5uWUllLzgKLS0tIGR1WTQxLzAvQXArMmpMNGtKNXor
+            dHVIYnQyMGRBejhTQnlianZoTEcrZXMKYSzBcWH8FqqRzf3a5emets+wjbLLUpsc
+            UFet4jSGJP5eJXD3rQk1EIMdi2MxFUzjq/nl7jwqVAVR46XCrbJQ7w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZnhBR2QyZ2ltMG1MM056
+            Yy9Eb2hmakpzZmU1VUllZUw3azUzd0tPeW40CjkwV3NlUVhPOUhra3pQVkxFdmZo
+            MFFOWmpEbUd4b0Jzb1NGNDRrQmhtRzAKLS0tIHZBWGpxdm11aVdYcmp0dm4wMUxD
+            ZXNCLzgzeG56WUhPb2ZIUFF4eWR1L2MKIUgIfb31zqiVncpj2Vu2dueAMbMhL8EC
+            T1TDy58V24DvV4z+wzfHPwKJYHX90dc6G3Gl2C5Yd2Yqm44EacsztA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSDYwcVJSRy8yQmVWQVpW
+            dmVCMTJLME9IekVxTnZVYTJpRzZGbEwwNUFVClFyNVlZYjRhTlpXVXh5bUpBUW1l
+            THRKRytnV2NVaEo0ZkEwOEtCOXR2cUkKLS0tIEFSeFJtL2ZmelJaWW05WnJXNG52
+            Sk9ZaitMcWlPU3ZZeitnZDlMVmJLYzgKlUsyPYCotrD9hCuv/9DWaErtolKgXTg5
+            +kADH2LEiJqzwG9rhzQw+uCQBm3Qn5CU/ndVqT4cDpeTkg6LivP9Hw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aFJxTGxRRDI5MlJZZ1dB
+            aEYrVEJGQ2RQYy84ZzRsWk4vK3VoZ2NDSUZjCk5vdzFoUXBQR1BvNE93dE1pYUhO
+            QmNSQzN1eG5Dcjh0UDloNklHWFYyZ2cKLS0tIFlWc2QyYXJGVW52THRueVMvUDRX
+            NzA4VUlWRkxseHlvdG1ib0dyait1QlEKHZ9PjxcwRUKC026Ck7Gw5V35EdIc9fym
+            bCH4h7I/KfVgH+oBKiwGYkwinmSqQXb+rWVGORBFMkxzqZjIXU4fWA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1rt0ngkum32wt6l2wnyr40hmwd9ulmzqfarg5vk62zqp0uvj4lyuqd2atgq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwU0tTK3M2SHFVU2tEdU8v
+            Z1VxVkxOR3VyWWd3UGkwMXdQdC9UZEgyREdRCkhJdDdUdjhQVDY1MXgrZEFmN0JU
+            N1pHK0djUnpWZFpLN0FzaWNRZ3FJaVEKLS0tIFVDWWRIOUVQcm5udXZUa1p6VHlm
+            SUFoZ3MxTGorVWxMbDRNS2pFQ2RlSU0KIz/9bdnkzIni5/2P2zcvrJotv+DHV7rB
+            rLoXjLNECGB6Uj0p5imqGNLmHGI8VFxABpK7xIx4ANI9xRBPAT7FGg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOHJVaDYzaUJ2RysxMzlz
+            TDhwa3lSK3h4blhFOUhpMm9ESTQ1cVlaK0dBCjdxTTV4Qy91eXNESnpIY3RBREdK
+            bHlQeE15cEx0R2tYU3JBMStlMys4QjgKLS0tIDIwakhTNWsvbWFHc0F2MGdGdDd2
+            eFZmS2NKdWpIRDVpOW9TNGJNZGxEOFkKOqK4s64AXIlXCwWM3XZWrs2J9YI1K4qb
+            MEy7IToJwkV7Obhf3XH/OrmnAkTa8RvIiAp6xcayOzJ5dyp2WbND0g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMTJndExyWXVieFhvOWhk
+            ZUFZQ2JBa1Zmank5K3JKU3ZmSjZYYWFOdmo4CnlQMFJxTmNGZWlsWnZhOFYzRVNm
+            ckpQRjJtbVY2MmRZMld3c0I4SEhwdjQKLS0tIHhLVm9VL3Q3cUVRZlkrc1IyYnBQ
+            cVlYNUpCdGNnN1J2VHJWVjcydHIrK0kKAT67m/3scZzYSi/z+PgvLs33RpfpmuYz
+            9vVQ9ONRmZLboagm2sJPgUkJVaVoLCaAQDVa4XLThpVEEp7zgsQCig==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTEF1RTJaVko0UGxvUGdE
+            ZEd2QmlzeFhNVXlaTHFPandoREpKUjdTZlRZCmdsclFDaWJrOEhwcnFremo2Ymx6
+            YVFTdHVuSnFRSU1RcWUxQVRBanN1enMKLS0tIEJ3WmZtVmdVakZocXA2YkpWN3pw
+            MkNMWEFucHp0Rnp4RzBTa1ZpUWNGbDAKIQia/KWjx+EEY20B8qRYWOSw2wYEGqi6
+            W1Z/yR5bu4Y6xQveTR13E9UwWFjsdd4y3UTBr1lXwJViAaELnY0LYw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nxgmdahcjhmtrf7q66jep55cjdcw6tfpw722jr4gytaykgf89ugqxufgyd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c2tRYnNyVGZwTCtXN3Nv
+            SUxjZVJlQVh6RU9MSjJjVkliMEI3WDZNWEdrCmJNWWxFcmZqamowUDR3aE1vZFVo
+            aXVNZ1VrOUdHeXBhMTRYbUZWWlZ0aUEKLS0tIHpVekJidlFnMzJ4M3l1MzhEQVc3
+            MjA5MmZwcWpuTUJMdDQ2aEE2UXlXcEEK8g4fyXpelh/HXzRWwBQzXV7fD7uXcG67
+            2ZT9+SrDyPqJX19MeOaRz1GrByCnvRSm5bJhQpl8bzLZWGPnKkHE0Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-29T22:22:37Z"
+    mac: ENC[AES256_GCM,data:zx3ouEx2Z4hJd/URBG6VSwQHg5PvRkBHniL+PfDoKPkLl/9X+XQqnYFgJhmnmpbt86SQs2QE8z2pr+V/X1d7QmB+mEni7EHibfj4D90cS/PYNUaadfA4OZo0oQ2DFp7KrSODO+KBpjWOslxYQZp7bqc6poSBfhldF+qTB4VxL4U=,iv:ZPTOYsmbR6h+++NEORtS/fg9VY8NjuU/lBcHHwxvcRM=,tag:P060lZssXo9QZHEJq6czJA==,type:str]
+    pgp:
+        - created_at: "2026-01-29T22:21:58Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA82M54yws73UARAAidMC+AnJC5aE8eXPv37kk5Sr/wlfPAgqvPSaO9dWadOW
+            oziaahw+TZAl8lFZbxjImJ9oMd/cjSgD8v8rboEgziKe3bKHsBVuvUFjnvwAL+2p
+            tUiihE1Vmeb6XOOUEZ37cgvddTxya8qEOgfIZq3YfTGRkj7hs+eZSt98Y0+6LP0l
+            +VJs5IqiyVzva3/oKFiOOrQ17BJ75z2EGs9hfY6Fz4LNPxRq6abA/8LAMGFIlE9K
+            adx+X7Qz6s/Z++qMZrUJV+K/D8QH9lvSTranaXbIc2KOjGo7QhxSCHAF4yXotGs9
+            fljPSFmyFZlVkOA2cHJKbU2gN8H70TSpmWFESJ7ZT5uGeqAuG+lVpOB4F9eeTZwa
+            jHUxhu33Px5HsLXoJN7tz1qYhw0EFZQLzfN+S1OMYAcJsGACfw+3BeAuGOr1SiWV
+            R/lP6fPszO4M8hUtWFlIYV9myGonbvxQF3Lu816TsinfzX/WfWJUwsdTYXftuccg
+            XPD4HlfsmapdYo4MHiHXzGJIh7SiX1i0Jkvy9fb7TBu3Ucul1AZyhg5yLGSmqOXW
+            wUM3rwWJVB5oniIDz048qhqubukzRrqTD1NbhNh24xlzauTV4GZ0BzWI4maKjTv5
+            5UBGMegL6I/COCNMgaZeIZkdS/JnuXiibJWFDurMwWosoXcYRYYsTRFX1X+TLJzS
+            XgFVc6SnWJbMFNg7ueoWcDgSPsymuUqsqGokUFINcBAsYcM1zV8iuYeiqGTzwL0h
+            BL7w0VeWdFETSEKSMeb9qov9+6dAxdypRMWaqKnWKGAtQRNEsET8p3Ac6Pbxq94=
+            =QAcT
+            -----END PGP MESSAGE-----
+          fp: CD8CE78CB0B3BDD4
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0

nixos/servers/web/acme.nix

@@ -5,6 +5,7 @@
 }: {
   security.acme = {
     defaults = {
+      dnsResolver = "1.1.1.1:53";
       dnsProvider = "cloudflare";
       credentialsFile = config.sops.secrets.acme_credentials.path;
       email = lib.mkDefault "acme@inskip.me";