From 3d698f86319c318265867f10f46e65d6d3564d79 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Sun, 21 Dec 2025 23:31:03 +0200
Subject: [PATCH 01/31] server: do stuff

---
 flake.nix                            |   4 +
 hosts/server/configuration.nix       | 159 ++++++++++++++++-----------
 hosts/server/modules/atproto-pds.nix |  47 ++++----
 hosts/server/modules/cloudflare.nix  |  37 ++++---
 hosts/server/modules/gitea.nix       |  34 ++++++
 hosts/server/modules/spacebar.nix    |  17 +++
 hosts/server/modules/tangled.nix     |  39 ++++---
 modules/nixos/nvidia.nix             | 112 ++++++++++---------
 8 files changed, 278 insertions(+), 171 deletions(-)
 create mode 100644 hosts/server/modules/gitea.nix
 create mode 100644 hosts/server/modules/spacebar.nix

diff --git a/flake.nix b/flake.nix
index db03c4b..303b66b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -29,6 +29,10 @@
 		# Extras
 		tangled.url = "git+https://tangled.sh/@tangled.sh/core";
 		vscode-server.url = "github:nix-community/nixos-vscode-server";
+		spacebar = {
+			url = "github:spacebarchat/server";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
 	};
 
 	# Required by NixOS:
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index b87bd5b..c49c1a3 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -1,84 +1,109 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
-	imports = [
-		./modules/atproto-pds.nix
-		./modules/cloudflare.nix
-		./modules/tangled.nix
-		../../modules/force.nix
-	];
+  imports = [
+    ./modules/atproto-pds.nix
+    ./modules/cloudflare.nix
+    ./modules/tangled.nix
+    ../../modules/force.nix
+    ./modules/gitea.nix
+    ./modules/spacebar.nix
+  ];
 
-	# gcc. shit breaks. wtf
-	environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
+  # gcc. shit breaks. wtf
+  environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
 
-	services.vscode-server.enable = true;
+  services.vscode-server.enable = true;
 
-	systemd.services.ocbwoy3-start-pm2 = {
-		enable = true;
-		description = "Start PM2";
-		after = [ "network.target" ];
-		wantedBy = [ "multi-user.target" ];
-		serviceConfig = {
-			Type = "forking";
-			User = "ocbwoy3";
-			LimitNOFILE = "infinity";
-			LimitNPROC = "infinity";
-			LimitCORE = "infinity";
-			Environment = "PM2_HOME=/home/ocbwoy3/.pm2";
-			PIDFile = "/home/ocbwoy3/.pm2/pm2.pid";
-			Restart = "on-failure";
+  systemd.services.ocbwoy3-start-pm2 = {
+    enable = true;
+    description = "Start PM2";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "forking";
+      User = "ocbwoy3";
+      LimitNOFILE = "infinity";
+      LimitNPROC = "infinity";
+      LimitCORE = "infinity";
+      Environment = "PM2_HOME=/home/ocbwoy3/.pm2";
+      PIDFile = "/home/ocbwoy3/.pm2/pm2.pid";
+      Restart = "on-failure";
 
-			ExecStart = "${pkgs.pm2}/bin/pm2 resurrect";
-			ExecReload = "${pkgs.pm2}/bin/pm2 reload all";
-			ExecStop = "${pkgs.pm2}/bin/pm2 kill";
-		};
-	};
+      ExecStart = "${pkgs.pm2}/bin/pm2 resurrect";
+      ExecReload = "${pkgs.pm2}/bin/pm2 reload all";
+      ExecStop = "${pkgs.pm2}/bin/pm2 kill";
+    };
+  };
 
-	services.openssh.settings = {
-		PubkeyAuthentication = "yes";
-		TrustedUserCAKeys = "/etc/ssh/ca.pub";
-	};
+  services.openssh.settings = {
+    PubkeyAuthentication = "yes";
+    TrustedUserCAKeys = "/etc/ssh/ca.pub";
+  };
 
-	services.openssh = {
-		enable = lib.mkForce true;
-	};
+  services.openssh = {
+    enable = lib.mkForce true;
+  };
 
-	environment.systemPackages = with pkgs; [
-		fastfetch
-		hyfetch
-		pm2
-		steam-run
-	];
+  environment.systemPackages = with pkgs; [
+    fastfetch
+    hyfetch
+    pm2
+    steam-run
+  ];
 
-	users.users.ocbwoy3 = {
-		initialPassword = "thisisapassword42069!"; # not the type passwords i use
-		isNormalUser = true;
-		extraGroups = [ "wheel" "networkmanager" ];
-		shell = pkgs.zsh;
-	};
+  users.users.ocbwoy3 = {
+    initialPassword = "thisisapassword42069!"; # not the type passwords i use
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+    ];
+    shell = pkgs.zsh;
+  };
 
-	virtualisation.docker.enable = true;
+  virtualisation.docker.enable = true;
 
-	services.mongodb = {
-		enable = true;
-		enableAuth = false;
-		package = pkgs.mongodb-ce;
-		replSetName = "rs0"; # dangerous
-		bind_ip = "0.0.0.0";
-	};
+  services.mongodb = {
+    enable = true;
+    enableAuth = false;
+    package = pkgs.mongodb-ce;
+    replSetName = "rs0"; # dangerous
+    bind_ip = "0.0.0.0";
+  };
 
-	networking.firewall = {
-		enable = true;
-		allowedTCPPorts = [ 22 443 3000 3001 8080 25565 ];
-		allowedUDPPorts = [ 22 443 3000 3001 8080 25565 ];
-	};
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      22
+      443
+      3000
+      3001
+      8080
+      25565
+    ];
+    allowedUDPPorts = [
+      22
+      443
+      3000
+      3001
+      8080
+      25565
+    ];
+  };
 
-	catppuccin = {
-		enable = true;
-		flavor = "mocha";
-		accent = "blue";
-	};
+  catppuccin = {
+    enable = true;
+    flavor = "mocha";
+    accent = "blue";
+    gitea.enable = false;
+  };
 
-	system.stateVersion = "23.05"; # DO NOT TOUCH
+  system.stateVersion = "23.05"; # DO NOT TOUCH
 
 }
diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index 58f2c2d..2e3d825 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -1,26 +1,31 @@
-{ config, inputs, pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 
 {
-	
-	# TODO:
-	# Upload PDS backup to /var/lib/pds
-	# and specify secrets in /private/atproto-pds.env
 
-	services.bluesky-pds = {
-		enable = true;
-		pdsadmin.enable = true;
-		environmentFiles = [ "/private/atproto-pds.env" ];
-		settings = {
-			PDS_CRAWLERS = "https://bsky.network";
-			LOG_ENABLED = "true";
-			PDS_HOSTNAME = "pds.ocbwoy3.dev";
-			# PDS_VERSION = "\"ATProto PDS v69420\"";
-			PDS_DID_PLC_URL = "https://plc.directory";
-			PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
-			PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev";
-			PDS_TERMS_OF_SERVICE_URL = "https://ocbwoy3.dev";
-			PDS_ACCEPTING_REPO_IMPORTS = "true";
-		};
-	};
+  # TODO:
+  # Upload PDS backup to /var/lib/pds
+  # and specify secrets in /private/atproto-pds.env
+
+  services.bluesky-pds = {
+    enable = true;
+    pdsadmin.enable = true;
+    environmentFiles = [ "/private/atproto-pds.env" ];
+    settings = {
+      PDS_CRAWLERS = "https://bsky.network";
+      LOG_ENABLED = "true";
+      PDS_HOSTNAME = "pds.ocbwoy3.dev";
+      # PDS_VERSION = "\"ATProto PDS v69420\"";
+      PDS_DID_PLC_URL = "https://plc.directory";
+      PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
+      PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev";
+      PDS_TERMS_OF_SERVICE_URL = "https://ocbwoy3.dev";
+      PDS_ACCEPTING_REPO_IMPORTS = "true";
+    };
+  };
 
 }
diff --git a/hosts/server/modules/cloudflare.nix b/hosts/server/modules/cloudflare.nix
index 7d790a8..805e0f2 100644
--- a/hosts/server/modules/cloudflare.nix
+++ b/hosts/server/modules/cloudflare.nix
@@ -1,21 +1,26 @@
-{ config, inputs, pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 
 {
 
-	environment.systemPackages = with pkgs; [
-		cloudflared
-	];
-	
-	# lib.mkIf (isOCbwoy3 == true)
-	services.cloudflared = {
-		enable = true;
-		tunnels = {
-			"selfhost" = {
-				# 2f83f704-e9f7-49fb-a6c4-d4a8f85d87e4
-				default = "http_status:404";
-				credentialsFile = "/private/cloudflared/selfhost.json";
-			};
-		};
-	};
+  environment.systemPackages = with pkgs; [
+    cloudflared
+  ];
+
+  # lib.mkIf (isOCbwoy3 == true)
+  services.cloudflared = {
+    enable = true;
+    tunnels = {
+      "selfhost" = {
+        # 2f83f704-e9f7-49fb-a6c4-d4a8f85d87e4
+        default = "http_status:404";
+        credentialsFile = "/private/cloudflared/selfhost.json";
+      };
+    };
+  };
 
 }
diff --git a/hosts/server/modules/gitea.nix b/hosts/server/modules/gitea.nix
new file mode 100644
index 0000000..f55f805
--- /dev/null
+++ b/hosts/server/modules/gitea.nix
@@ -0,0 +1,34 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  services.gitea = {
+    enable = true;
+
+    database = {
+      type = "postgres";
+    };
+
+    settings = {
+      server = {
+        DOMAIN = "git.ocbwoy3.dev";
+        ROOT_URL = "https://git.ocbwoy3.dev/";
+        HTTP_PORT = 2222;
+        DISABLE_SSH = true;
+        MAX_UPLOAD_FILE_SIZE = 5242880;
+      };
+
+      attachment = {
+        MAX_SIZE = 5; # MB (this is the one causing the 1024 KiB error)
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}
diff --git a/hosts/server/modules/spacebar.nix b/hosts/server/modules/spacebar.nix
new file mode 100644
index 0000000..1143020
--- /dev/null
+++ b/hosts/server/modules/spacebar.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+
+{
+  imports = [ inputs.spacebar.nixosModules.default ];
+
+  services.spacebarchat-server = {
+    enable = true;
+    package = inputs.spacebar.packages.${pkgs.stdenv.hostPlatform.system}.default;
+    extraEnvironment.PORT = 4067;
+  };
+}
diff --git a/hosts/server/modules/tangled.nix b/hosts/server/modules/tangled.nix
index d93ffa2..ae13ce0 100644
--- a/hosts/server/modules/tangled.nix
+++ b/hosts/server/modules/tangled.nix
@@ -1,21 +1,26 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
-	services.tangled-knot = {
-		enable = true;
-		server = {
-			listenAddr = "0.0.0.0:3003";
-			owner = "did:plc:s7cesz7cr6ybltaryy4meb6y";
-			hostname = "knot.ocbwoy3.dev";
-		};
-	};
+  services.tangled.knot = {
+    enable = true;
+    server = {
+      listenAddr = "0.0.0.0:3003";
+      owner = "did:plc:s7cesz7cr6ybltaryy4meb6y";
+      hostname = "knot.ocbwoy3.dev";
+    };
+  };
 
-	services.tangled-spindle = {
-		enable = true;
-		server = {
-			listenAddr = "0.0.0.0:3004";
-			owner = "did:plc:s7cesz7cr6ybltaryy4meb6y";
-			hostname = "spindle.ocbwoy3.dev";
-		};
-	};
+  services.tangled.spindle = {
+    enable = true;
+    server = {
+      listenAddr = "0.0.0.0:3004";
+      owner = "did:plc:s7cesz7cr6ybltaryy4meb6y";
+      hostname = "spindle.ocbwoy3.dev";
+    };
+  };
 }
diff --git a/modules/nixos/nvidia.nix b/modules/nixos/nvidia.nix
index f60a903..6e230f2 100644
--- a/modules/nixos/nvidia.nix
+++ b/modules/nixos/nvidia.nix
@@ -1,63 +1,75 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
 
-	# options nvidia NVreg_PreserveVideoMemoryAllocations=1
-	boot.extraModprobeConfig = ''
-		options nvidia_drm modeset=1 fbdev=1
-	'';
+  # options nvidia NVreg_PreserveVideoMemoryAllocations=1
+  boot.extraModprobeConfig = ''
+    		options nvidia_drm modeset=1 fbdev=1
+    	'';
 
-	environment.variables = {
-		LIBVA_DRIVER_NAME = "nvidia";
-		GBM_BACKEND = "nvidia-drm";
-		__GLX_VENDOR_LIBRARY_NAME = "nvidia";
-		NVD_BACKEND = "direct";
-		EGL_PLATFORM = "wayland";
-		VDPAU_DRIVER = "va_gl";
-		WAYLAND_DISPLAY = "wayland-1";
-		DISPLAY = ":0";
-		XDG_CURRENT_DESKTOP = "Hyprland";
-		MOZ_ENABLE_WAYLAND = "1"; # Enable Wayland for Firefox
-		CHROMIUM_FLAGS = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-gpu-rasterization --enable-zero-copy"; # Enable Wayland and hardware acceleration for Chromium
-	};
+  environment.variables = {
+    LIBVA_DRIVER_NAME = "nvidia";
+    GBM_BACKEND = "nvidia-drm";
+    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+    NVD_BACKEND = "direct";
+    EGL_PLATFORM = "wayland";
+    VDPAU_DRIVER = "va_gl";
+    WAYLAND_DISPLAY = "wayland-1";
+    DISPLAY = ":0";
+    XDG_CURRENT_DESKTOP = "Hyprland";
+    MOZ_ENABLE_WAYLAND = "1"; # Enable Wayland for Firefox
+    CHROMIUM_FLAGS = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-gpu-rasterization --enable-zero-copy"; # Enable Wayland and hardware acceleration for Chromium
+  };
 
-	environment.sessionVariables = {
-		NIXOS_OZONE_WL = 1;
-		LIBVA_DRIVER_NAME = "nvidia";
-		GBM_BACKEND = "nvidia-drm";
-		__GLX_VENDOR_LIBRARY_NAME = "nvidia";
-		NVD_BACKEND = "direct";
-		EGL_PLATFORM = "wayland";
-	};
+  environment.sessionVariables = {
+    NIXOS_OZONE_WL = 1;
+    LIBVA_DRIVER_NAME = "nvidia";
+    GBM_BACKEND = "nvidia-drm";
+    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+    NVD_BACKEND = "direct";
+    EGL_PLATFORM = "wayland";
+  };
 
-	# obs moment
-	# nixpkgs.config.cudaSupport = true;
+  # obs moment
+  # nixpkgs.config.cudaSupport = true;
 
-	hardware.graphics = { # hardware.graphics since NixOS 24.11
-		enable = true;
-		# driSupport = true;
-		extraPackages = with pkgs; [
-			nvidia-vaapi-driver
-			libvdpau-va-gl
-			vaapiVdpau
-			libvdpau
-		];
-	};
+  hardware.graphics = {
+    # hardware.graphics since NixOS 24.11
+    enable = true;
+    # driSupport = true;
+    extraPackages = with pkgs; [
+      nvidia-vaapi-driver
+      libvdpau-va-gl
+      libva-vdpau-driver
+      libvdpau
+    ];
+  };
 
-	hardware.nvidia = {
-		modesetting.enable = true;
-		powerManagement.enable = false;
-		powerManagement.finegrained = false;
-		open = true;
-		nvidiaSettings = true;
-		package = config.boot.kernelPackages.nvidiaPackages.beta;
-	};
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = true;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.beta;
+  };
 
-	boot.kernelModules = [ "nvidia-uvm" "nvidia-drm" ];
-	boot.blacklistedKernelModules = [ "nouveau" ];
+  boot.kernelModules = [
+    "nvidia-uvm"
+    "nvidia-drm"
+  ];
+  boot.blacklistedKernelModules = [ "nouveau" ];
 
-	boot.kernelParams = [ "nvidia-drm.modeset=1" "nvidia-drm.fbdev=1" ];
+  boot.kernelParams = [
+    "nvidia-drm.modeset=1"
+    "nvidia-drm.fbdev=1"
+  ];
 
-	services.xserver.videoDrivers = ["nvidia"];
+  services.xserver.videoDrivers = [ "nvidia" ];
 
 }

From 9d1e7827538d6a741f7ef4505efc27135c4ae8f6 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Sun, 21 Dec 2025 23:31:15 +0200
Subject: [PATCH 02/31] server: do stuff again

---
 flake.lock                        | 65 ++++++++++++++++++++++++++++---
 hosts/server/configuration.nix    |  6 ++-
 hosts/server/modules/spacebar.nix | 14 +++++++
 3 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index adcb40b..1f64409 100644
--- a/flake.lock
+++ b/flake.lock
@@ -263,6 +263,24 @@
       "inputs": {
         "systems": "systems_6"
       },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_7"
+      },
       "locked": {
         "lastModified": 1694529238,
         "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@@ -277,9 +295,9 @@
         "type": "github"
       }
     },
-    "flake-utils_3": {
+    "flake-utils_4": {
       "inputs": {
-        "systems": "systems_8"
+        "systems": "systems_9"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -341,7 +359,7 @@
     },
     "gomod2nix": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "tangled",
           "nixpkgs"
@@ -1401,6 +1419,7 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_8",
         "nvf": "nvf",
+        "spacebar": "spacebar",
         "tangled": "tangled",
         "tuxstrap": "tuxstrap",
         "vscode-server": "vscode-server",
@@ -1428,6 +1447,27 @@
         "type": "github"
       }
     },
+    "spacebar": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1766286786,
+        "narHash": "sha256-dZxyXq4z674DhAQwCYAzaPG1W1G5HcEOwE/olz5XWGQ=",
+        "owner": "spacebarchat",
+        "repo": "server",
+        "rev": "61f9531556eb828cfb809ad7416df782a89f7fe1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "spacebarchat",
+        "repo": "server",
+        "type": "github"
+      }
+    },
     "sqlite-lib-src": {
       "flake": false,
       "locked": {
@@ -1561,6 +1601,21 @@
         "type": "github"
       }
     },
+    "systems_9": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tangled": {
       "inputs": {
         "actor-typeahead-src": "actor-typeahead-src",
@@ -1615,7 +1670,7 @@
       "inputs": {
         "bun2nix": "bun2nix",
         "nixpkgs": "nixpkgs_11",
-        "systems": "systems_7"
+        "systems": "systems_8"
       },
       "locked": {
         "lastModified": 1760196423,
@@ -1633,7 +1688,7 @@
     },
     "vscode-server": {
       "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": "nixpkgs_12"
       },
       "locked": {
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index c49c1a3..ba11187 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -12,7 +12,9 @@
     ./modules/tangled.nix
     ../../modules/force.nix
     ./modules/gitea.nix
-    ./modules/spacebar.nix
+
+    # DO NOT ENABLE SPACEBAR YET
+    # ./modules/spacebar.nix
   ];
 
   # gcc. shit breaks. wtf
@@ -84,6 +86,7 @@
       443
       3000
       3001
+      4067
       8080
       25565
     ];
@@ -92,6 +95,7 @@
       443
       3000
       3001
+      4067
       8080
       25565
     ];
diff --git a/hosts/server/modules/spacebar.nix b/hosts/server/modules/spacebar.nix
index 1143020..204f69a 100644
--- a/hosts/server/modules/spacebar.nix
+++ b/hosts/server/modules/spacebar.nix
@@ -13,5 +13,19 @@
     enable = true;
     package = inputs.spacebar.packages.${pkgs.stdenv.hostPlatform.system}.default;
     extraEnvironment.PORT = 4067;
+    settings = {
+      api = {
+        endpointPublic = "https://chat.ocbwoy3.dev/api/v9";
+        endpointPrivate = "http://127.0.0.1:4067/api/v9";
+      };
+      cdn = {
+        endpointPublic = "https://chat.ocbwoy3.dev/";
+        endpointPrivate = "http://127.0.0.1:4067/";
+      };
+      gateway = {
+        endpointPublic = "wss://chat.ocbwoy3.dev/";
+        endpointPrivate = "ws://127.0.0.1:4067/";
+      };
+    };
   };
 }

From e4a43291007b52f53be7337553a992d98d8b74b8 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Fri, 26 Dec 2025 17:29:42 +0200
Subject: [PATCH 03/31] nix: remove spacebar

---
 hosts/server/configuration.nix    |  3 ---
 hosts/server/modules/spacebar.nix | 31 -------------------------------
 2 files changed, 34 deletions(-)
 delete mode 100644 hosts/server/modules/spacebar.nix

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index ba11187..e76871f 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -12,9 +12,6 @@
     ./modules/tangled.nix
     ../../modules/force.nix
     ./modules/gitea.nix
-
-    # DO NOT ENABLE SPACEBAR YET
-    # ./modules/spacebar.nix
   ];
 
   # gcc. shit breaks. wtf
diff --git a/hosts/server/modules/spacebar.nix b/hosts/server/modules/spacebar.nix
deleted file mode 100644
index 204f69a..0000000
--- a/hosts/server/modules/spacebar.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
-
-{
-  imports = [ inputs.spacebar.nixosModules.default ];
-
-  services.spacebarchat-server = {
-    enable = true;
-    package = inputs.spacebar.packages.${pkgs.stdenv.hostPlatform.system}.default;
-    extraEnvironment.PORT = 4067;
-    settings = {
-      api = {
-        endpointPublic = "https://chat.ocbwoy3.dev/api/v9";
-        endpointPrivate = "http://127.0.0.1:4067/api/v9";
-      };
-      cdn = {
-        endpointPublic = "https://chat.ocbwoy3.dev/";
-        endpointPrivate = "http://127.0.0.1:4067/";
-      };
-      gateway = {
-        endpointPublic = "wss://chat.ocbwoy3.dev/";
-        endpointPrivate = "ws://127.0.0.1:4067/";
-      };
-    };
-  };
-}

From 4c5ac20b4f256b3bb428fd134d79f3970efc2967 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Wed, 11 Feb 2026 17:15:39 +0200
Subject: [PATCH 04/31] nix

---
 flake.nix                            |  6 +--
 hosts/server/configuration.nix       |  6 ++-
 hosts/server/modules/vaultwarden.nix | 44 ++++++++++++++++++
 modules/force.nix                    | 67 ++++++++++++++--------------
 4 files changed, 86 insertions(+), 37 deletions(-)
 create mode 100644 hosts/server/modules/vaultwarden.nix

diff --git a/flake.nix b/flake.nix
index 303b66b..6287fe3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-	description = "https://tangled.sh/@ocbwoy3.dev/nix";
+	description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)";
 
 	inputs = {
 		# Core
@@ -19,7 +19,7 @@
 		zen-browser.url = "github:0xc000022070/zen-browser-flake";
 
 		# Programs
-		tuxstrap.url = "git+https://tangled.sh/@ocbwoy3.dev/tuxstrap";
+		tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap";
 		
 		# Package tooling
 		chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@@ -27,7 +27,7 @@
 		nvf.url = "github:notashelf/nvf";
 
 		# Extras
-		tangled.url = "git+https://tangled.sh/@tangled.sh/core";
+		tangled.url = "git+https://tangled.sh/tangled.sh/core";
 		vscode-server.url = "github:nix-community/nixos-vscode-server";
 		spacebar = {
 			url = "github:spacebarchat/server";
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index e76871f..a37be07 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -12,6 +12,7 @@
     ./modules/tangled.nix
     ../../modules/force.nix
     ./modules/gitea.nix
+    ./modules/vaultwarden.nix
   ];
 
   # gcc. shit breaks. wtf
@@ -40,9 +41,11 @@
     };
   };
 
-  services.openssh.settings = {
+  services.openssh.settings = lib.mkDefault {
     PubkeyAuthentication = "yes";
     TrustedUserCAKeys = "/etc/ssh/ca.pub";
+    PermitRootLogin = lib.mkDefault "prohibit-password";
+    KbdInteractiveAuthentication = lib.mkDefault false;
   };
 
   services.openssh = {
@@ -62,6 +65,7 @@
     extraGroups = [
       "wheel"
       "networkmanager"
+      "docker"
     ];
     shell = pkgs.zsh;
   };
diff --git a/hosts/server/modules/vaultwarden.nix b/hosts/server/modules/vaultwarden.nix
new file mode 100644
index 0000000..572be8e
--- /dev/null
+++ b/hosts/server/modules/vaultwarden.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "sqlite";
+    environmentFile = "/private/vaultwarden/vaultwarden.env";
+    config = {
+      # Keep data alongside the secret env file so we can back it up together.
+      DATA_FOLDER = "/private/vaultwarden/data";
+      PUSH_RELAY_URI = "https://api.bitwarden.eu";
+      PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
+      DOMAIN = "https://vault.ocbwoy3.dev";
+      ROCKET_ADDRESS = "0.0.0.0";
+      ROCKET_PORT = 8222;
+      WEBSOCKET_ENABLED = true;
+      WEBSOCKET_ADDRESS = "0.0.0.0";
+      WEBSOCKET_PORT = 3012;
+      SIGNUPS_ALLOWED = false;
+    };
+  };
+
+  # Allow vaultwarden to write under /private/vaultwarden and ensure the directory exists.
+  systemd.services.vaultwarden.serviceConfig = {
+    ReadWritePaths = [ "/private/vaultwarden" ];
+  };
+
+  systemd.tmpfiles.settings."10-vaultwarden-private"."/private/vaultwarden/data".d = {
+    user = "vaultwarden";
+    group = "vaultwarden";
+    mode = "0750";
+  };
+
+  # cloudflared!!
+  # networking.firewall.allowedTCPPorts = [
+  #   8222
+  #   3012
+  # ];
+}
diff --git a/modules/force.nix b/modules/force.nix
index d85a245..b5e71a2 100644
--- a/modules/force.nix
+++ b/modules/force.nix
@@ -1,38 +1,39 @@
 { config, pkgs, ... }:
 
 {
-	imports = [
-		./nixos/bootloader.nix
-		./nixos/hardware.nix
-		./nixos/i18n.nix
-		./nixos/network.nix
-		./nixos/nixpkgs.nix
-		./nixos/nvidia.nix
-		./nixos/programs.nix
-		./stuff/nvim.nix
-		./stuff/zsh.nix
-	];
+  imports = [
+    ./nixos/bootloader.nix
+    ./nixos/hardware.nix
+    ./nixos/i18n.nix
+    ./nixos/network.nix
+    ./nixos/nixpkgs.nix
+    ./nixos/nvidia.nix
+    ./nixos/programs.nix
+    ./stuff/nvim.nix
+    ./stuff/zsh.nix
+  ];
 
-	environment.systemPackages = with pkgs; [
-		tmux
-		gh
-		file
-		glib
-		openssl
-		nss
-		glibc
-		nixfmt-rfc-style
-		killall
-		deno
-		bun
-		imagemagick
-		unzip
-		libwebp
-		nix-direnv
-		htop
-		nixpkgs-fmt
-		nixd
-		ffmpeg-full
-		gnupg
-	];
+  environment.systemPackages = with pkgs; [
+    tmux
+    gh
+    file
+    glib
+    openssl
+    nss
+    glibc
+    nixfmt-rfc-style
+    killall
+    deno
+    bun
+    imagemagick
+    unzip
+    libwebp
+    nix-direnv
+    htop
+    nixpkgs-fmt
+    nixd
+    ffmpeg-full
+    gnupg
+    codex
+  ];
 }

From df14f2f7805da6d3e1f909ec0fc0189875719720 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Wed, 11 Feb 2026 17:16:27 +0200
Subject: [PATCH 05/31] deltarune mentioned... dark world pds

---
 hosts/server/modules/atproto-pds.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index 2e3d825..eacf2ec 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -18,12 +18,12 @@
     settings = {
       PDS_CRAWLERS = "https://bsky.network";
       LOG_ENABLED = "true";
-      PDS_HOSTNAME = "pds.ocbwoy3.dev";
-      # PDS_VERSION = "\"ATProto PDS v69420\"";
+      PDS_HOSTNAME = "castletown.darkworld.download";
+      PDS_VERSION = "\"Yo bro what do you think of this Deltarune reference on the AT Protocol?\"";
       PDS_DID_PLC_URL = "https://plc.directory";
       PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
-      PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev";
-      PDS_TERMS_OF_SERVICE_URL = "https://ocbwoy3.dev";
+      PDS_PRIVACY_POLICY_URL = "https://bsky.social/about/support/privacy-policy";
+      PDS_TERMS_OF_SERVICE_URL = "https://bsky.social/about/support/tos";
       PDS_ACCEPTING_REPO_IMPORTS = "true";
     };
   };

From 8b662955ef7d6b5f67bc1f62a256b5b70915ac67 Mon Sep 17 00:00:00 2001
From: OCbwoy3 <ocbwoy3@ocbwoy3.dev>
Date: Wed, 11 Feb 2026 18:06:59 +0200
Subject: [PATCH 06/31] flake: update

---
 flake.lock | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/flake.lock b/flake.lock
index 1f64409..36bec1b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -282,11 +282,11 @@
         "systems": "systems_7"
       },
       "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -366,11 +366,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754078208,
-        "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=",
+        "lastModified": 1763982521,
+        "narHash": "sha256-ur4QIAHwgFc0vXiaxn5No/FuZicxBr2p0gmT54xZkUQ=",
         "owner": "nix-community",
         "repo": "gomod2nix",
-        "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf",
+        "rev": "02e63a239d6eabd595db56852535992c898eba72",
         "type": "github"
       },
       "original": {
@@ -1179,11 +1179,11 @@
     },
     "nixpkgs_10": {
       "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
         "type": "github"
       },
       "original": {
@@ -1631,17 +1631,17 @@
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
-        "lastModified": 1764005195,
-        "narHash": "sha256-PzuWiW/nMxwQTX0i1bHwGazQF4ptLNI9OGwpmhDb9i0=",
+        "lastModified": 1770793790,
+        "narHash": "sha256-USZxj9C74gPROHaKJbWooI1ABjGbYnL3Jj1o84xUfmo=",
         "ref": "refs/heads/master",
-        "rev": "7358ec6edfa4d17b8b8f543d99e83a4705901148",
-        "revCount": 1687,
+        "rev": "e17836203f86a090a9f663d54f3cde82fb57a29d",
+        "revCount": 1945,
         "type": "git",
-        "url": "https://tangled.sh/@tangled.sh/core"
+        "url": "https://tangled.sh/tangled.sh/core"
       },
       "original": {
         "type": "git",
-        "url": "https://tangled.sh/@tangled.sh/core"
+        "url": "https://tangled.sh/tangled.sh/core"
       }
     },
     "treefmt-nix": {
@@ -1673,17 +1673,17 @@
         "systems": "systems_8"
       },
       "locked": {
-        "lastModified": 1760196423,
-        "narHash": "sha256-1BpxEHAJe++YlVznML+8A2nTc9xpsVpLxiuFYG+MTog=",
+        "lastModified": 1764446863,
+        "narHash": "sha256-hmrPWkaD0kXvLawDTrdiQRi3dIOQ6LKiUUvT8YeLkbM=",
         "ref": "refs/heads/dev",
-        "rev": "bf4bd032622ff38f40313f89db98aa82c3700510",
-        "revCount": 55,
+        "rev": "e666ade292ee152d0a34b7abca923d9fbedbc381",
+        "revCount": 61,
         "type": "git",
-        "url": "https://tangled.sh/@ocbwoy3.dev/tuxstrap"
+        "url": "https://tangled.org/kris.darkworld.download/tuxstrap"
       },
       "original": {
         "type": "git",
-        "url": "https://tangled.sh/@ocbwoy3.dev/tuxstrap"
+        "url": "https://tangled.org/kris.darkworld.download/tuxstrap"
       }
     },
     "vscode-server": {

From fa13387a4cc9e32bf2c2e873b9ad33e011d2870d Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 11 Feb 2026 19:04:58 +0200
Subject: [PATCH 07/31] MORE DELTARUNE!!!!

---
 hosts/server/modules/Caddyfile       | 42 ++++++++++++++++++++++++++++
 hosts/server/modules/atproto-pds.nix |  5 ++++
 2 files changed, 47 insertions(+)
 create mode 100644 hosts/server/modules/Caddyfile

diff --git a/hosts/server/modules/Caddyfile b/hosts/server/modules/Caddyfile
new file mode 100644
index 0000000..0440b74
--- /dev/null
+++ b/hosts/server/modules/Caddyfile
@@ -0,0 +1,42 @@
+@root path /
+handle @root {
+	header Content-Type "text/plain; charset=utf-8"
+	respond "
+
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢈⠈⣾⠀⠀⠀⠀⠀⠀⠀⠀⣰⠎⢈⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠑⣹⠿⣧⠌⠀⠀⠀⠀⠀⣬⠷⣿⠛⠑⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⡿⠁⠀⠀⠀⢀⢈⠀⠀⠀⠀⡱⣿⠌⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⣿⣯⢎⢈⢈⣨⣿⣿⣯⢈⢈⢈⣮⣿⣿⠎⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠰⠳⡳⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⡷⠳⠳⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠱⣦⣌⣌⢌⢈⠈⠀⠀⠢⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⠯⠂⠀⠀⢈⢈⣌⣌⣬⠶⠁⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⡱⣿⣿⣿⣿⣯⣯⣌⣜⣹⣞⢹⡳⡷⢳⣙⣾⣙⣌⣬⣯⣿⣿⣿⣿⡿⠁⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠰⠷⠳⡷⣿⣿⣿⣿⣿⣿⣿⣯⣮⣿⣿⣿⣿⣿⣿⣿⡿⠷⠳⠷⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣨⣿⡿⠱⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⡱⣷⣯⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⠿⠀⠀⠱⣷⣿⣿⣿⣿⣿⣿⣿⠷⠁⠀⠰⣿⣿⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⣨⣿⠿⠀⠀⠀⠀⢀⠈⠙⣿⣿⠟⠉⢈⠀⠀⠀⠀⠰⣿⣯⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⣀⣿⡿⠀⠀⠀⠀⠀⡳⣷⣿⣿⣿⣿⣿⡿⠃⠀⠀⠀⠀⡰⣿⣏⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⣌⣾⠗⠀⠀⠀⠀⠀⠀⠀⢀⣟⡻⡷⣻⣿⠏⠀⠀⠀⠀⠀⠀⠐⣷⣮⠈⠀⠀⠀⠀⠀⠀
+⢀⢈⢈⣈⣮⣼⣿⣿⠗⠀⠀⠀⠀⠀⠀⠀⢀⣽⣿⡿⣮⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠐⣷⣿⣿⣮⣌⢈⢈⢈
+⠀⢙⣿⠁⣈⣿⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⠑⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠑⣿⣏⠈⣱⢟⠉
+⠲⠳⣯⡾⠷⠑⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣿⣿⠏⠀⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠑⡷⣮⠿⠳
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⣳⣿⣿⠀⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⣷⣿⣯⣿⣿⣿⠇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡳⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣷⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡳⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+
+This is an AT Protocol Personal Data Server (aka, an atproto PDS)
+
+Most API routes are under /xrpc/
+
+      Code: https://github.com/bluesky-social/atproto
+ Self-Host: https://github.com/bluesky-social/pds
+  Protocol: https://atproto.com
+" 200
+}
+
+handle {
+	reverse_proxy localhost:3000
+}
diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index eacf2ec..ea752fc 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -28,4 +28,9 @@
     };
   };
 
+  services.caddy = {
+    enable = true;
+    virtualHosts."localhost:80".extraConfig = builtins.readFile ./Caddyfile;
+  };
+
 }

From 0a4399045558e0fc0330127fbe1ae35165ce8c8d Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 11 Feb 2026 19:39:57 +0200
Subject: [PATCH 08/31] fixxxxxxx

---
 hosts/server/modules/atproto-pds.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index ea752fc..b332bd0 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -28,8 +28,13 @@
     };
   };
 
+  # Set host header to `localhost` in tunnel settings otherwise you'll end up wasting countless hours of your life
+
   services.caddy = {
     enable = true;
+    globalConfig = ''
+      	auto_https off
+      	'';
     virtualHosts."localhost:80".extraConfig = builtins.readFile ./Caddyfile;
   };
 

From 52c607759158f2a04db8550e990d5f1b66bbd105 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Fri, 13 Feb 2026 20:35:14 +0200
Subject: [PATCH 09/31] EVEN MORE DELTARUNE!!!!!!!1!11!

---
 hosts/server/modules/Caddyfile       | 14 ++++++++++++--
 hosts/server/modules/atproto-pds.nix |  2 +-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hosts/server/modules/Caddyfile b/hosts/server/modules/Caddyfile
index 0440b74..71731dc 100644
--- a/hosts/server/modules/Caddyfile
+++ b/hosts/server/modules/Caddyfile
@@ -37,6 +37,16 @@ Most API routes are under /xrpc/
 " 200
 }
 
-handle {
-	reverse_proxy localhost:3000
+@robots path /robots.txt
+handle @robots {
+	header Content-Type "text/plain; charset=utf-8"
+	respond "User-agent: *
+Disallow: /
+" 200
+}
+
+handle {
+	reverse_proxy localhost:3000 {
+        header_up Host castletown.darkworld.download
+    }
 }
diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index b332bd0..5ee554f 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -19,7 +19,7 @@
       PDS_CRAWLERS = "https://bsky.network";
       LOG_ENABLED = "true";
       PDS_HOSTNAME = "castletown.darkworld.download";
-      PDS_VERSION = "\"Yo bro what do you think of this Deltarune reference on the AT Protocol?\"";
+      PDS_VERSION = "\"DELTARUNE TOMMOROW!!!!\"";
       PDS_DID_PLC_URL = "https://plc.directory";
       PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
       PDS_PRIVACY_POLICY_URL = "https://bsky.social/about/support/privacy-policy";

From 25310fe8b94544544af76f8535dfe33852a187b8 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Mon, 23 Feb 2026 18:40:12 +0200
Subject: [PATCH 10/31] works maybe

---
 flake.lock                     | 211 ++++++++++++++++++++++++++++++---
 flake.nix                      | 181 +++++++++++++++-------------
 hosts/server/configuration.nix |  20 +++-
 hosts/server/modules/wafrn.nix |  32 +++++
 hosts/server/slop/openclaw.nix |  46 +++++++
 5 files changed, 388 insertions(+), 102 deletions(-)
 create mode 100644 hosts/server/modules/wafrn.nix
 create mode 100644 hosts/server/slop/openclaw.nix

diff --git a/flake.lock b/flake.lock
index 36bec1b..976eb20 100644
--- a/flake.lock
+++ b/flake.lock
@@ -297,7 +297,25 @@
     },
     "flake-utils_4": {
       "inputs": {
-        "systems": "systems_9"
+        "systems": "systems_8"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_5": {
+      "inputs": {
+        "systems": "systems_10"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -359,7 +377,7 @@
     },
     "gomod2nix": {
       "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": [
           "tangled",
           "nixpkgs"
@@ -419,6 +437,27 @@
       }
     },
     "home-manager_3": {
+      "inputs": {
+        "nixpkgs": [
+          "openclaw",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767909183,
+        "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_4": {
       "inputs": {
         "nixpkgs": [
           "zen-browser",
@@ -1145,6 +1184,24 @@
         "type": "github"
       }
     },
+    "nix-steipete-tools": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_10"
+      },
+      "locked": {
+        "lastModified": 1771639217,
+        "narHash": "sha256-eidzES1s+0/Ngkw0fmLGdZ+NSN6P7RwKD0lPLYGqZoU=",
+        "owner": "openclaw",
+        "repo": "nix-steipete-tools",
+        "rev": "95ebfa73f4421144173f7060433c510a7d2d014a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "openclaw",
+        "repo": "nix-steipete-tools",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1762847253,
@@ -1178,6 +1235,38 @@
       }
     },
     "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1767364772,
+        "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
+      "locked": {
+        "lastModified": 1767767207,
+        "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_12": {
       "locked": {
         "lastModified": 1766070988,
         "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
@@ -1193,7 +1282,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_11": {
+    "nixpkgs_13": {
       "locked": {
         "lastModified": 1754725699,
         "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
@@ -1209,7 +1298,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_12": {
+    "nixpkgs_14": {
       "locked": {
         "lastModified": 1682134069,
         "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@@ -1223,7 +1312,23 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_13": {
+    "nixpkgs_15": {
+      "locked": {
+        "lastModified": 1771419570,
+        "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_16": {
       "locked": {
         "lastModified": 1762977756,
         "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
@@ -1331,11 +1436,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1763835633,
-        "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
+        "lastModified": 1771369470,
+        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
+        "rev": "0182a361324364ae3f436a63005877674cf45efb",
         "type": "github"
       },
       "original": {
@@ -1383,6 +1488,27 @@
         "type": "github"
       }
     },
+    "openclaw": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "home-manager": "home-manager_3",
+        "nix-steipete-tools": "nix-steipete-tools",
+        "nixpkgs": "nixpkgs_11"
+      },
+      "locked": {
+        "lastModified": 1771657318,
+        "narHash": "sha256-xFDNFFN5U9wtMcj1iACmoL6W4PWJeg9C0Pk2+BoY09s=",
+        "owner": "openclaw",
+        "repo": "nix-openclaw",
+        "rev": "fbef2087190ccfca375b351cdaad49bcbaea721a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "openclaw",
+        "repo": "nix-openclaw",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat_2",
@@ -1419,10 +1545,12 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_8",
         "nvf": "nvf",
+        "openclaw": "openclaw",
         "spacebar": "spacebar",
         "tangled": "tangled",
         "tuxstrap": "tuxstrap",
         "vscode-server": "vscode-server",
+        "wafrn": "wafrn",
         "zen-browser": "zen-browser"
       }
     },
@@ -1449,7 +1577,7 @@
     },
     "spacebar": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -1496,6 +1624,21 @@
         "type": "github"
       }
     },
+    "systems_10": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "systems_2": {
       "locked": {
         "lastModified": 1689347949,
@@ -1627,7 +1770,7 @@
         "indigo": "indigo",
         "inter-fonts-src": "inter-fonts-src",
         "lucide-src": "lucide-src",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_12",
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
@@ -1669,8 +1812,8 @@
     "tuxstrap": {
       "inputs": {
         "bun2nix": "bun2nix",
-        "nixpkgs": "nixpkgs_11",
-        "systems": "systems_8"
+        "nixpkgs": "nixpkgs_13",
+        "systems": "systems_9"
       },
       "locked": {
         "lastModified": 1764446863,
@@ -1688,8 +1831,8 @@
     },
     "vscode-server": {
       "inputs": {
-        "flake-utils": "flake-utils_4",
-        "nixpkgs": "nixpkgs_12"
+        "flake-utils": "flake-utils_5",
+        "nixpkgs": "nixpkgs_14"
       },
       "locked": {
         "lastModified": 1753541826,
@@ -1705,6 +1848,42 @@
         "type": "github"
       }
     },
+    "wafrn": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_15",
+        "wafrn-src": "wafrn-src"
+      },
+      "locked": {
+        "lastModified": 1771530828,
+        "narHash": "sha256-U9gTyZILNGjK4kbSKsR6xPGFV/sjvzDFRreDXWyg5hE=",
+        "ref": "refs/heads/main",
+        "rev": "715d83e0a1730b2bb4e649941863ed67d964ad65",
+        "revCount": 11,
+        "type": "git",
+        "url": "https://git.ocbwoy3.dev/kris/wafrn-nix"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.ocbwoy3.dev/kris/wafrn-nix"
+      }
+    },
+    "wafrn-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1770394446,
+        "narHash": "sha256-yUGn0HjwEDJOLlwcNP+ZfCjU04x9Y6PkmeahdcEP23A=",
+        "ref": "main",
+        "rev": "01e89d8fd0ba56d5781e4671a54531563d1a46c6",
+        "revCount": 6083,
+        "type": "git",
+        "url": "https://codeberg.org/wafrn/wafrn"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://codeberg.org/wafrn/wafrn"
+      }
+    },
     "xdph": {
       "inputs": {
         "hyprland-protocols": [
@@ -1748,8 +1927,8 @@
     },
     "zen-browser": {
       "inputs": {
-        "home-manager": "home-manager_3",
-        "nixpkgs": "nixpkgs_13"
+        "home-manager": "home-manager_4",
+        "nixpkgs": "nixpkgs_16"
       },
       "locked": {
         "lastModified": 1764007718,
diff --git a/flake.nix b/flake.nix
index 6287fe3..d9b191f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,97 +1,108 @@
 {
-	description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)";
+  description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)";
 
-	inputs = {
-		# Core
-		nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-		nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-		home-manager.url = "github:nix-community/home-manager";
+  inputs = {
+    # Core
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    home-manager.url = "github:nix-community/home-manager";
 
-		# Desktop + Theming
-		catppuccin.url = "github:catppuccin/nix";
-		hyprland = {
-			url = "github:hyprwm/Hyprland";
-			inputs.nixpkgs.follows = "nixpkgs";
-		};
-		hyprlock.url = "github:hyprwm/hyprlock";
-		hyprsysteminfo.url = "github:hyprwm/hyprsysteminfo";
-		ghostty.url = "github:ghostty-org/ghostty";
-		zen-browser.url = "github:0xc000022070/zen-browser-flake";
+    # Desktop + Theming
+    catppuccin.url = "github:catppuccin/nix";
+    hyprland = {
+      url = "github:hyprwm/Hyprland";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    hyprlock.url = "github:hyprwm/hyprlock";
+    hyprsysteminfo.url = "github:hyprwm/hyprsysteminfo";
+    ghostty.url = "github:ghostty-org/ghostty";
+    zen-browser.url = "github:0xc000022070/zen-browser-flake";
 
-		# Programs
-		tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap";
-		
-		# Package tooling
-		chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
-		nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
-		nvf.url = "github:notashelf/nvf";
+    # Programs
+    tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap";
 
-		# Extras
-		tangled.url = "git+https://tangled.sh/tangled.sh/core";
-		vscode-server.url = "github:nix-community/nixos-vscode-server";
-		spacebar = {
-			url = "github:spacebarchat/server";
-			inputs.nixpkgs.follows = "nixpkgs";
-		};
-	};
+    # Package tooling
+    chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
+    nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
+    nvf.url = "github:notashelf/nvf";
 
-	# Required by NixOS:
-	# ./hardware-configuration.nix 
+    # Extras
+    tangled.url = "git+https://tangled.sh/tangled.sh/core";
+    wafrn.url = "git+https://git.ocbwoy3.dev/kris/wafrn-nix";
+    vscode-server.url = "github:nix-community/nixos-vscode-server";
+    spacebar = {
+      url = "github:spacebarchat/server";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
-	# inputs.home-manager.nixosModules.default
-	# catppuccin.nixosModules.catppuccin
-	# nix-flatpak.nixosModules.nix-flatpak
+    # slop
+    openclaw.url = "github:openclaw/nix-openclaw";
+  };
 
-	outputs = { self, nixpkgs, ... }@inputs: {
-		nixosConfigurations.default = nixpkgs.lib.nixosSystem {
-			specialArgs = {
-				inherit inputs;
-			};
-			modules = [
-				# inputs.nixos-hardware.nixosModules.common-gpu-nvidia
-				inputs.home-manager.nixosModules.default
-				inputs.catppuccin.nixosModules.catppuccin
-				inputs.nix-flatpak.nixosModules.nix-flatpak
-				# inputs.chaotic.nixosModules.default
-				inputs.chaotic.nixosModules.nyx-cache
-				inputs.chaotic.nixosModules.nyx-overlay
-				inputs.chaotic.nixosModules.nyx-registry
-				# ./hosts/default/hardware-configuration.nix
+  # Required by NixOS:
+  # ./hardware-configuration.nix
 
-				# lil hack to not use --impure when rebuilding nixos >:3
-				"/etc/nixos/hardware-configuration.nix"
-				
-				./hosts/default/configuration.nix
-			];
-		};
-		nixosConfigurations.server = nixpkgs.lib.nixosSystem {
-			specialArgs = {
-				inherit inputs;
-			};
-			modules = [
-				inputs.catppuccin.nixosModules.catppuccin
-				inputs.tangled.nixosModules.knot
-				inputs.tangled.nixosModules.spindle
-				inputs.vscode-server.nixosModules.default
+  # inputs.home-manager.nixosModules.default
+  # catppuccin.nixosModules.catppuccin
+  # nix-flatpak.nixosModules.nix-flatpak
 
-				inputs.chaotic.nixosModules.nyx-cache
-				inputs.chaotic.nixosModules.nyx-overlay
-				inputs.chaotic.nixosModules.nyx-registry
+  outputs =
+    { self, nixpkgs, ... }@inputs:
+    {
+      nixosConfigurations.default = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          # inputs.nixos-hardware.nixosModules.common-gpu-nvidia
+          inputs.home-manager.nixosModules.default
+          inputs.catppuccin.nixosModules.catppuccin
+          inputs.nix-flatpak.nixosModules.nix-flatpak
+          # inputs.chaotic.nixosModules.default
+          inputs.chaotic.nixosModules.nyx-cache
+          inputs.chaotic.nixosModules.nyx-overlay
+          inputs.chaotic.nixosModules.nyx-registry
+          # ./hosts/default/hardware-configuration.nix
 
-				# lil hack to not use --impure when rebuilding nixos >:3
-				"/etc/nixos/hardware-configuration.nix"
-				
-				./hosts/server/configuration.nix
-			];
-		};
-		nixosConfigurations.fix_nixpkgs = nixpkgs.lib.nixosSystem {
-			specialArgs = {
-				inherit inputs;
-			};
-			modules = [
-				./modules/nixos/nixpkgs.nix
-				/etc/nixos/configuration.nix
-			];
-		};
-	};
+          # lil hack to not use --impure when rebuilding nixos >:3
+          "/etc/nixos/hardware-configuration.nix"
+
+          ./hosts/default/configuration.nix
+        ];
+      };
+      nixosConfigurations.server = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          #   inputs.home-manager.nixosModules.default
+          inputs.catppuccin.nixosModules.catppuccin
+          inputs.tangled.nixosModules.knot
+          inputs.wafrn.nixosModules.default
+
+          inputs.tangled.nixosModules.spindle
+          inputs.vscode-server.nixosModules.default
+          #   inputs.openclaw.nixosModules.openclaw-gateway
+          #   inputs.openclaw.homeManagerModules.openclaw
+
+          inputs.chaotic.nixosModules.nyx-cache
+          inputs.chaotic.nixosModules.nyx-overlay
+          inputs.chaotic.nixosModules.nyx-registry
+
+          # lil hack to not use --impure when rebuilding nixos >:3
+          "/etc/nixos/hardware-configuration.nix"
+
+          ./hosts/server/configuration.nix
+        ];
+      };
+      nixosConfigurations.fix_nixpkgs = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          ./modules/nixos/nixpkgs.nix
+          /etc/nixos/configuration.nix
+        ];
+      };
+    };
 }
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index a37be07..451cad6 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -8,11 +8,13 @@
 {
   imports = [
     ./modules/atproto-pds.nix
+    ./modules/wafrn.nix
     ./modules/cloudflare.nix
     ./modules/tangled.nix
     ../../modules/force.nix
     ./modules/gitea.nix
     ./modules/vaultwarden.nix
+    # ./slop/openclaw.nix
   ];
 
   # gcc. shit breaks. wtf
@@ -57,6 +59,7 @@
     hyfetch
     pm2
     steam-run
+    opencode
   ];
 
   users.users.ocbwoy3 = {
@@ -70,7 +73,22 @@
     shell = pkgs.zsh;
   };
 
-  virtualisation.docker.enable = true;
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      "log-driver" = "local";
+      "log-opts" = {
+        "max-size" = "10m";
+        "max-file" = "3";
+      };
+      "live-restore" = true;
+    };
+  };
+
+  systemd.services.docker.serviceConfig = {
+    CPUQuota = "200%";
+    MemoryMax = "12G";
+  };
 
   services.mongodb = {
     enable = true;
diff --git a/hosts/server/modules/wafrn.nix b/hosts/server/modules/wafrn.nix
new file mode 100644
index 0000000..28c290d
--- /dev/null
+++ b/hosts/server/modules/wafrn.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+
+{
+
+  # DONT ENABLE YET!!
+  services.wafrn = {
+    enable = false;
+    stateDir = "/var/lib/wafrn";
+    secretsFile = "/private/wafrn/secrets.env";
+    caddyConfigDir = "/private/wafrn/caddy";
+
+    # cloudflared doesnt need https
+    httpPort = 6767;
+    httpsPort = null;
+
+    environment = {
+      DOMAIN_NAME = "cyberworld.darkworld.download";
+      CACHE_DOMAIN = "cyberworld-cache.darkworld.download";
+      MEDIA_DOMAIN = "cyberworld-media.darkworld.download";
+      FRONTEND_MEDIA_URL = "https://cyberworld-media.darkworld.download";
+      FRONTEND_CACHE_URL = "https://cyberworld-cache.darkworld.download/api/cache?media=";
+      FRONTEND_FQDN_URL = "https://cyberworld.darkworld.download";
+      ACME_EMAIL = "kris@darkworld.download";
+    };
+  };
+
+}
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
new file mode 100644
index 0000000..4f9bc68
--- /dev/null
+++ b/hosts/server/slop/openclaw.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+
+  users.openclaw = {
+    isNormalUser = true;
+    home = "/openclaw";
+    description = "OpenClaw Agent";
+    extraGroups = [ "docker" ];
+    group = "agents";
+  };
+
+  home-manager.users.openclaw =
+    {
+      pkgs,
+    }:
+    {
+      programs.openclaw = {
+        enable = true;
+        config = {
+          gateway = {
+            mode = "local";
+            auth = {
+              token = "<gatewayToken>"; # or set OPENCLAW_GATEWAY_TOKEN
+            };
+          };
+
+          channels.telegram = {
+            tokenFile = "/run/agenix/telegram-bot-token"; # any file path works
+            allowFrom = [ 12345678 ]; # your Telegram user ID
+          };
+        };
+
+        # Built-ins (tools + skills) shipped via nix-steipete-tools.
+        plugins = [
+          { source = "github:openclaw/nix-steipete-tools?dir=tools/summarize"; }
+        ];
+      };
+    };
+
+}

From 0e6c5788605788128632055a1a6c2b9071dde38c Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Mon, 23 Feb 2026 20:29:18 +0200
Subject: [PATCH 11/31] slop

---
 flake.lock                     | 835 ++++++++++++++++++++-------------
 flake.nix                      |   5 +-
 hosts/server/configuration.nix |   2 +-
 hosts/server/slop/nix-openclaw |   1 +
 hosts/server/slop/openclaw.nix |  70 +--
 5 files changed, 547 insertions(+), 366 deletions(-)
 create mode 160000 hosts/server/slop/nix-openclaw

diff --git a/flake.lock b/flake.lock
index 976eb20..f6aa70a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,11 +36,44 @@
         ]
       },
       "locked": {
-        "lastModified": 1762356719,
-        "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=",
+        "lastModified": 1770895474,
+        "narHash": "sha256-JBcrq1Y0uw87VZdYsByVbv+GBuT6ECaCNb9txLX9UuU=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7",
+        "rev": "a494d50d32b5567956b558437ceaa58a380712f7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "aquamarine",
+        "type": "github"
+      }
+    },
+    "aquamarine_2": {
+      "inputs": {
+        "hyprutils": [
+          "hyprsysteminfo",
+          "hyprutils"
+        ],
+        "hyprwayland-scanner": [
+          "hyprsysteminfo",
+          "hyprwayland-scanner"
+        ],
+        "nixpkgs": [
+          "hyprsysteminfo",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprsysteminfo",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767024902,
+        "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
+        "owner": "hyprwm",
+        "repo": "aquamarine",
+        "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
         "type": "github"
       },
       "original": {
@@ -108,11 +141,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1763974424,
-        "narHash": "sha256-jPpxBhrBOAKrXPxdrdXnq4w7x3UIkUZjarNLNYkb7Zo=",
+        "lastModified": 1771587924,
+        "narHash": "sha256-eVYOGmF8nQBhudJyU6lHdgJI87kvGz8JyCq5/Vi9Mjk=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "931c6465c3eac4709684dbc320bca243252927df",
+        "rev": "b0c65edbf31c2ad3d84438d82c2310f2c28373f3",
         "type": "github"
       },
       "original": {
@@ -130,11 +163,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1763959064,
-        "narHash": "sha256-GL6i5fTfToGQ5Wby+3zuUpOXofSVJRLK+J3fmPELO0I=",
+        "lastModified": 1765204341,
+        "narHash": "sha256-7xd45skcuLCu2DHxVvU+W/z+7CUOjyv+QPtT4PLZaIU=",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "1708ebd1753a78439a8362a5c32d4e3c7addfa60",
+        "rev": "aacb796ccd42be1555196c20013b9b674b71df75",
         "type": "github"
       },
       "original": {
@@ -147,11 +180,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -163,15 +196,15 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
-        "owner": "edolstra",
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "owner": "NixOS",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
         "type": "github"
       },
       "original": {
-        "owner": "edolstra",
+        "owner": "NixOS",
         "repo": "flake-compat",
         "type": "github"
       }
@@ -214,11 +247,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760948891,
-        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -335,16 +368,17 @@
       "inputs": {
         "flake-compat": "flake-compat",
         "flake-utils": "flake-utils",
+        "home-manager": "home-manager_2",
         "nixpkgs": "nixpkgs_3",
         "zig": "zig",
         "zon2nix": "zon2nix"
       },
       "locked": {
-        "lastModified": 1764001281,
-        "narHash": "sha256-ltKwSNhTbLAg0sD6i8SsLa4RhrQNKYluoTvkuyJwaW4=",
+        "lastModified": 1771866085,
+        "narHash": "sha256-7OfP7+r5NMzTvP/X5qm7CbM0PR+d7VsQRjJ9VlzGZ70=",
         "owner": "ghostty-org",
         "repo": "ghostty",
-        "rev": "b5dfe5dbfe7a3a22e21aa2d78590b3f2999a80fa",
+        "rev": "6a9a21afb6123729b2f3964a0d19770f8a21f8c6",
         "type": "github"
       },
       "original": {
@@ -405,11 +439,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763869804,
-        "narHash": "sha256-2lw+MnkrnygEyUl+3qZjnlCCJF/kJ57GUtYkAQPfLDA=",
+        "lastModified": 1764998300,
+        "narHash": "sha256-fZatn/KLfHLDXnF0wy7JxXqGaZmGDTVufT4o/AOlj44=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "04c27d743d069cad58f9707ee8e165c471b1c7cd",
+        "rev": "27a6182347ccae90a88231ae0dc5dfa7d15815bb",
         "type": "github"
       },
       "original": {
@@ -420,14 +454,17 @@
     },
     "home-manager_2": {
       "inputs": {
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": [
+          "ghostty",
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1764007004,
-        "narHash": "sha256-OnonWWGrUGPc3y1TES/RVCe4Gd75YgdU8aIp07Au4lc=",
+        "lastModified": 1770586272,
+        "narHash": "sha256-Ucci8mu8QfxwzyfER2DQDbvW9t1BnTUJhBmY7ybralo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "125e40fa68b340aee9d474a46b540907e2537b5c",
+        "rev": "b1f916ba052341edc1f80d4b2399f1092a4873ca",
         "type": "github"
       },
       "original": {
@@ -437,6 +474,24 @@
       }
     },
     "home-manager_3": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1771851181,
+        "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_4": {
       "inputs": {
         "nixpkgs": [
           "openclaw",
@@ -457,7 +512,7 @@
         "type": "github"
       }
     },
-    "home-manager_4": {
+    "home-manager_5": {
       "inputs": {
         "nixpkgs": [
           "zen-browser",
@@ -465,11 +520,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762964643,
-        "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=",
+        "lastModified": 1771756436,
+        "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "827f2a23373a774a8805f84ca5344654c31f354b",
+        "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb",
         "type": "github"
       },
       "original": {
@@ -547,11 +602,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762462052,
-        "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=",
+        "lastModified": 1770511807,
+        "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162",
+        "rev": "7c75487edd43a71b61adb01cae8326d277aab683",
         "type": "github"
       },
       "original": {
@@ -576,11 +631,40 @@
         ]
       },
       "locked": {
-        "lastModified": 1759490292,
-        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
+        "lastModified": 1763733840,
+        "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
+        "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprgraphics",
+        "type": "github"
+      }
+    },
+    "hyprgraphics_3": {
+      "inputs": {
+        "hyprutils": [
+          "hyprsysteminfo",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprsysteminfo",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprsysteminfo",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1766946335,
+        "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
+        "owner": "hyprwm",
+        "repo": "hyprgraphics",
+        "rev": "4af02a3925b454deb1c36603843da528b67ded6c",
         "type": "github"
       },
       "original": {
@@ -599,6 +683,7 @@
         "hyprlang": "hyprlang",
         "hyprutils": "hyprutils",
         "hyprwayland-scanner": "hyprwayland-scanner",
+        "hyprwire": "hyprwire",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -607,11 +692,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1763912895,
-        "narHash": "sha256-tTdCVeROhYTwV510tygS5AMutJGz5imM++P4+cXAy2w=",
+        "lastModified": 1771865886,
+        "narHash": "sha256-8DlTG/lNBvbXEUmx3jHsizhBoCEqGl6yRRjNRrxlf88=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "2b0fd417d32278159d0ca1d23fb997588c37995b",
+        "rev": "bc09504ea50901bedf945859bf7bd4c739e1ed38",
         "type": "github"
       },
       "original": {
@@ -653,11 +738,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762755186,
-        "narHash": "sha256-ZjjETUHtoEhVN7JI1Cbt3p/KcXpK8ZQaPHx7UkG1OgA=",
+        "lastModified": 1767023960,
+        "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
         "owner": "hyprwm",
         "repo": "hyprland-guiutils",
-        "rev": "66356e20a8ed348aa49c1b9ceace786e224225b3",
+        "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
         "type": "github"
       },
       "original": {
@@ -678,11 +763,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759610243,
-        "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
+        "lastModified": 1765214753,
+        "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
+        "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
         "type": "github"
       },
       "original": {
@@ -691,32 +776,6 @@
         "type": "github"
       }
     },
-    "hyprland-qt-support": {
-      "inputs": {
-        "hyprlang": "hyprlang_3",
-        "nixpkgs": [
-          "hyprsysteminfo",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprsysteminfo",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1737634706,
-        "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=",
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "rev": "8810df502cdee755993cb803eba7b23f189db795",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "type": "github"
-      }
-    },
     "hyprlang": {
       "inputs": {
         "hyprutils": [
@@ -733,11 +792,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763254292,
-        "narHash": "sha256-JNgz3Fz2KMzkT7aR72wsgu/xNeJB//LSmdilh8Z/Zao=",
+        "lastModified": 1767983607,
+        "narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "deea98d5b61d066bdc7a68163edd2c4bd28d3a6b",
+        "rev": "d4037379e6057246b408bbcf796cf3e9838af5b2",
         "type": "github"
       },
       "original": {
@@ -762,11 +821,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758927902,
-        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
+        "lastModified": 1764612430,
+        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
+        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
         "type": "github"
       },
       "original": {
@@ -777,24 +836,25 @@
     },
     "hyprlang_3": {
       "inputs": {
-        "hyprutils": "hyprutils_3",
+        "hyprutils": [
+          "hyprsysteminfo",
+          "hyprutils"
+        ],
         "nixpkgs": [
           "hyprsysteminfo",
-          "hyprland-qt-support",
           "nixpkgs"
         ],
         "systems": [
           "hyprsysteminfo",
-          "hyprland-qt-support",
           "systems"
         ]
       },
       "locked": {
-        "lastModified": 1737634606,
-        "narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=",
+        "lastModified": 1764612430,
+        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "f41271d35cc0f370d300413d756c2677f386af9d",
+        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
         "type": "github"
       },
       "original": {
@@ -809,15 +869,15 @@
         "hyprlang": "hyprlang_2",
         "hyprutils": "hyprutils_2",
         "hyprwayland-scanner": "hyprwayland-scanner_2",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_5",
         "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1761675634,
-        "narHash": "sha256-Et1jNDB2d3e0b4okIKuyAMktECS+5hk+vMAA7X598ao=",
+        "lastModified": 1771606198,
+        "narHash": "sha256-5to2gGd3CX/tOwORd5ZNpKEr2GRTstNy9g5M1WVhF+s=",
         "owner": "hyprwm",
         "repo": "hyprlock",
-        "rev": "98b86752fe4867bd14ef96a92ea788229af93130",
+        "rev": "5ba5ff5b9493eb4b5bbef31c6a66bcc863cc558d",
         "type": "github"
       },
       "original": {
@@ -828,17 +888,22 @@
     },
     "hyprsysteminfo": {
       "inputs": {
-        "hyprland-qt-support": "hyprland-qt-support",
-        "hyprutils": "hyprutils_4",
-        "nixpkgs": "nixpkgs_7",
+        "aquamarine": "aquamarine_2",
+        "hyprgraphics": "hyprgraphics_3",
+        "hyprlang": "hyprlang_3",
+        "hyprtoolkit": "hyprtoolkit_2",
+        "hyprutils": "hyprutils_3",
+        "hyprwayland-scanner": "hyprwayland-scanner_3",
+        "hyprwire": "hyprwire_2",
+        "nixpkgs": "nixpkgs_6",
         "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1759530744,
-        "narHash": "sha256-8kYeWF9A9YWlmMK/56CFWFwQRgjZ616ScWwL37binP8=",
+        "lastModified": 1767100858,
+        "narHash": "sha256-9JeMRcQyaY8X6J8iAe+O1BrBaz/y6QY8/SLspsMGWhk=",
         "owner": "hyprwm",
         "repo": "hyprsysteminfo",
-        "rev": "fe81610278676d26ff47f62770ac238220285d3a",
+        "rev": "1959f049f5934be215a9eca9fbc1582438f4dbe2",
         "type": "github"
       },
       "original": {
@@ -886,11 +951,56 @@
         ]
       },
       "locked": {
-        "lastModified": 1762463729,
-        "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=",
+        "lastModified": 1764592794,
+        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
         "owner": "hyprwm",
         "repo": "hyprtoolkit",
-        "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532",
+        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "type": "github"
+      }
+    },
+    "hyprtoolkit_2": {
+      "inputs": {
+        "aquamarine": [
+          "hyprsysteminfo",
+          "aquamarine"
+        ],
+        "hyprgraphics": [
+          "hyprsysteminfo",
+          "hyprgraphics"
+        ],
+        "hyprlang": [
+          "hyprsysteminfo",
+          "hyprlang"
+        ],
+        "hyprutils": [
+          "hyprsysteminfo",
+          "hyprutils"
+        ],
+        "hyprwayland-scanner": [
+          "hyprsysteminfo",
+          "hyprwayland-scanner"
+        ],
+        "nixpkgs": [
+          "hyprsysteminfo",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprsysteminfo",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767025790,
+        "narHash": "sha256-LEGGn0KRXr3swO80ESKE72KR6J4arRX/9psBnNF7O0A=",
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "rev": "b42b3281d766e67eca990dba89e85cc7c1d3e26d",
         "type": "github"
       },
       "original": {
@@ -911,11 +1021,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763323331,
-        "narHash": "sha256-+Z0OfCo1MS8/aIutSAW5aJR9zTae1wz9kcJYMgpwN6M=",
+        "lastModified": 1770139857,
+        "narHash": "sha256-bCqxcXjavgz5KBJ/1CBLqnagMMf9JvU1m9HmYVASKoc=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "0c6411851cc779d551edc89b83966696201611aa",
+        "rev": "9038eec033843c289b06b83557a381a2648d8fa5",
         "type": "github"
       },
       "original": {
@@ -936,11 +1046,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759619523,
-        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
+        "lastModified": 1766160771,
+        "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
+        "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f",
         "type": "github"
       },
       "original": {
@@ -950,35 +1060,6 @@
       }
     },
     "hyprutils_3": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprsysteminfo",
-          "hyprland-qt-support",
-          "hyprlang",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprsysteminfo",
-          "hyprland-qt-support",
-          "hyprlang",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1737632363,
-        "narHash": "sha256-X9I8POSlHxBVjD0fiX1O2j7U9Zi1+4rIkrsyHP0uHXY=",
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "rev": "006620eb29d54ea9086538891404c78563d1bae1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "type": "github"
-      }
-    },
-    "hyprutils_4": {
       "inputs": {
         "nixpkgs": [
           "hyprsysteminfo",
@@ -990,11 +1071,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737632363,
-        "narHash": "sha256-X9I8POSlHxBVjD0fiX1O2j7U9Zi1+4rIkrsyHP0uHXY=",
+        "lastModified": 1766253372,
+        "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "006620eb29d54ea9086538891404c78563d1bae1",
+        "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
         "type": "github"
       },
       "original": {
@@ -1015,11 +1096,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755184602,
-        "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
+        "lastModified": 1770501770,
+        "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
+        "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
         "type": "github"
       },
       "original": {
@@ -1040,11 +1121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755184602,
-        "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
+        "lastModified": 1763640274,
+        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
+        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
         "type": "github"
       },
       "original": {
@@ -1053,6 +1134,89 @@
         "type": "github"
       }
     },
+    "hyprwayland-scanner_3": {
+      "inputs": {
+        "nixpkgs": [
+          "hyprsysteminfo",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprsysteminfo",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763640274,
+        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
+        "owner": "hyprwm",
+        "repo": "hyprwayland-scanner",
+        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprwayland-scanner",
+        "type": "github"
+      }
+    },
+    "hyprwire": {
+      "inputs": {
+        "hyprutils": [
+          "hyprland",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1770203293,
+        "narHash": "sha256-PR/KER+yiHabFC/h1Wjb+9fR2Uy0lWM3Qld7jPVaWkk=",
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "rev": "37bc90eed02b0c8b5a77a0b00867baf3005cfb98",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "type": "github"
+      }
+    },
+    "hyprwire_2": {
+      "inputs": {
+        "hyprutils": [
+          "hyprsysteminfo",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprsysteminfo",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprsysteminfo",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1766253414,
+        "narHash": "sha256-O70C7PD8r/8fwrVofU5gaswXrQ7WFg0m/M1eWnm3+1U=",
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "rev": "c0541f6fa55bfc98a7bfdfe07b0e448d616a3a1b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprwire",
+        "type": "github"
+      }
+    },
     "ibm-plex-mono-src": {
       "flake": false,
       "locked": {
@@ -1104,11 +1268,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763714684,
-        "narHash": "sha256-ZNJPAaeSYQTDgvwwE8XHhCz4HiHqYoUyoXdoBE2nxug=",
+        "lastModified": 1764922999,
+        "narHash": "sha256-LSvUxKm6S6ZAd/otQSkAHd3+8KJhi8OwGJGSe0K//B8=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "6178d787ee61b8586fdb0ccb8644fbfd5317d0f3",
+        "rev": "9b9ead1b5591b68f4048e7205ba1397bc85ce6c4",
         "type": "github"
       },
       "original": {
@@ -1132,11 +1296,11 @@
     },
     "mnw": {
       "locked": {
-        "lastModified": 1758834834,
-        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
+        "lastModified": 1770419553,
+        "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
         "owner": "Gerg-L",
         "repo": "mnw",
-        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
+        "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
         "type": "github"
       },
       "original": {
@@ -1145,6 +1309,28 @@
         "type": "github"
       }
     },
+    "ndg": {
+      "inputs": {
+        "nixpkgs": [
+          "nvf",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768214250,
+        "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=",
+        "owner": "feel-co",
+        "repo": "ndg",
+        "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "feel-co",
+        "ref": "refs/tags/v2.6.0",
+        "repo": "ndg",
+        "type": "github"
+      }
+    },
     "nix-flatpak": {
       "locked": {
         "lastModified": 1711997201,
@@ -1186,7 +1372,7 @@
     },
     "nix-steipete-tools": {
       "inputs": {
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_9"
       },
       "locked": {
         "lastModified": 1771639217,
@@ -1204,11 +1390,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1762847253,
-        "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
+        "lastModified": 1771423359,
+        "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
+        "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
         "type": "github"
       },
       "original": {
@@ -1220,11 +1406,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1763421233,
-        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
+        "lastModified": 1771369470,
+        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
+        "rev": "0182a361324364ae3f436a63005877674cf45efb",
         "type": "github"
       },
       "original": {
@@ -1235,22 +1421,6 @@
       }
     },
     "nixpkgs_10": {
-      "locked": {
-        "lastModified": 1767364772,
-        "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_11": {
       "locked": {
         "lastModified": 1767767207,
         "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@@ -1266,7 +1436,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_12": {
+    "nixpkgs_11": {
       "locked": {
         "lastModified": 1766070988,
         "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
@@ -1282,7 +1452,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_13": {
+    "nixpkgs_12": {
       "locked": {
         "lastModified": 1754725699,
         "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
@@ -1298,7 +1468,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_14": {
+    "nixpkgs_13": {
       "locked": {
         "lastModified": 1682134069,
         "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@@ -1312,7 +1482,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_15": {
+    "nixpkgs_14": {
       "locked": {
         "lastModified": 1771419570,
         "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
@@ -1328,113 +1498,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_16": {
-      "locked": {
-        "lastModified": 1762977756,
-        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1763678758,
-        "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 315532800,
-        "narHash": "sha256-sV6pJNzFkiPc6j9Bi9JuHBnWdVhtKB/mHgVmMPvDFlk=",
-        "rev": "82c2e0d6dde50b17ae366d2aa36f224dc19af469",
-        "type": "tarball",
-        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre877938.82c2e0d6dde5/nixexprs.tar.xz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"
-      }
-    },
-    "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1758360447,
-        "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=",
-        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
-        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
-      }
-    },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1763678758,
-        "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_6": {
-      "locked": {
-        "lastModified": 1759831965,
-        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_7": {
-      "locked": {
-        "lastModified": 1737469691,
-        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_8": {
+    "nixpkgs_15": {
       "locked": {
         "lastModified": 1771369470,
         "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
@@ -1450,17 +1514,126 @@
         "type": "github"
       }
     },
-    "nixpkgs_9": {
+    "nixpkgs_2": {
       "locked": {
-        "lastModified": 1761880412,
-        "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
+        "lastModified": 1764950072,
+        "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f61125a668a320878494449750330ca58b78c557",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1770537093,
+        "narHash": "sha256-XV30uo8tXuxdzuV8l3sojmlPRLd/8tpMsOp4lNzLGUo=",
+        "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre942631.fef9403a3e4d/nixexprs.tar.xz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1770841267,
+        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1766902085,
+        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_7": {
+      "locked": {
+        "lastModified": 1771369470,
+        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
+        "rev": "0182a361324364ae3f436a63005877674cf45efb",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_8": {
+      "locked": {
+        "lastModified": 1771008912,
+        "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_9": {
+      "locked": {
+        "lastModified": 1767364772,
+        "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
         "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
         "type": "github"
@@ -1471,15 +1644,16 @@
         "flake-compat": "flake-compat_3",
         "flake-parts": "flake-parts",
         "mnw": "mnw",
-        "nixpkgs": "nixpkgs_9",
+        "ndg": "ndg",
+        "nixpkgs": "nixpkgs_8",
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1762622004,
-        "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=",
+        "lastModified": 1771704400,
+        "narHash": "sha256-8U9xnN4HdxPfAXAft3lBsArWSv1ZTTxJci1lOA/xpno=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909",
+        "rev": "5c38b357da7e8c870350cd1847fb5b2602a28eb0",
         "type": "github"
       },
       "original": {
@@ -1491,9 +1665,9 @@
     "openclaw": {
       "inputs": {
         "flake-utils": "flake-utils_2",
-        "home-manager": "home-manager_3",
+        "home-manager": "home-manager_4",
         "nix-steipete-tools": "nix-steipete-tools",
-        "nixpkgs": "nixpkgs_11"
+        "nixpkgs": "nixpkgs_10"
       },
       "locked": {
         "lastModified": 1771657318,
@@ -1519,11 +1693,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763319842,
-        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
+        "lastModified": 1770726378,
+        "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
+        "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
         "type": "github"
       },
       "original": {
@@ -1537,13 +1711,13 @@
         "catppuccin": "catppuccin",
         "chaotic": "chaotic",
         "ghostty": "ghostty",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager_3",
         "hyprland": "hyprland",
         "hyprlock": "hyprlock",
         "hyprsysteminfo": "hyprsysteminfo",
         "nix-flatpak": "nix-flatpak",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_8",
+        "nixpkgs": "nixpkgs_7",
         "nvf": "nvf",
         "openclaw": "openclaw",
         "spacebar": "spacebar",
@@ -1562,11 +1736,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763865987,
-        "narHash": "sha256-DJpzM8Jz3B0azJcAoF+YFHr8rEbxYLJ0wy1kWZ29HOw=",
+        "lastModified": 1765075567,
+        "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "042d905c01a6eec3bcae8530dacb19cda9758a63",
+        "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
         "type": "github"
       },
       "original": {
@@ -1583,11 +1757,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766286786,
-        "narHash": "sha256-dZxyXq4z674DhAQwCYAzaPG1W1G5HcEOwE/olz5XWGQ=",
+        "lastModified": 1771831936,
+        "narHash": "sha256-mwXntftR14qB1DrxGGMPaZ8wR7k8YwyppEEY0uaZOcU=",
         "owner": "spacebarchat",
         "repo": "server",
-        "rev": "61f9531556eb828cfb809ad7416df782a89f7fe1",
+        "rev": "785f53e7d1f485941e47f13f4558f9568571f9b0",
         "type": "github"
       },
       "original": {
@@ -1770,15 +1944,15 @@
         "indigo": "indigo",
         "inter-fonts-src": "inter-fonts-src",
         "lucide-src": "lucide-src",
-        "nixpkgs": "nixpkgs_12",
+        "nixpkgs": "nixpkgs_11",
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
-        "lastModified": 1770793790,
-        "narHash": "sha256-USZxj9C74gPROHaKJbWooI1ABjGbYnL3Jj1o84xUfmo=",
+        "lastModified": 1771771164,
+        "narHash": "sha256-BGs42swuu0P3GFNjwdXW96Zb0QabdCp8o5EEwIXyWaM=",
         "ref": "refs/heads/master",
-        "rev": "e17836203f86a090a9f663d54f3cde82fb57a29d",
-        "revCount": 1945,
+        "rev": "90c5c1af7fbf275a14a769f8b669369ffecc27b1",
+        "revCount": 1978,
         "type": "git",
         "url": "https://tangled.sh/tangled.sh/core"
       },
@@ -1812,7 +1986,7 @@
     "tuxstrap": {
       "inputs": {
         "bun2nix": "bun2nix",
-        "nixpkgs": "nixpkgs_13",
+        "nixpkgs": "nixpkgs_12",
         "systems": "systems_9"
       },
       "locked": {
@@ -1832,14 +2006,14 @@
     "vscode-server": {
       "inputs": {
         "flake-utils": "flake-utils_5",
-        "nixpkgs": "nixpkgs_14"
+        "nixpkgs": "nixpkgs_13"
       },
       "locked": {
-        "lastModified": 1753541826,
-        "narHash": "sha256-foGgZu8+bCNIGeuDqQ84jNbmKZpd+JvnrL2WlyU4tuU=",
+        "lastModified": 1770124655,
+        "narHash": "sha256-yHmd2B13EtBUPLJ+x0EaBwNkQr9LTne1arLVxT6hSnY=",
         "owner": "nix-community",
         "repo": "nixos-vscode-server",
-        "rev": "6d5f074e4811d143d44169ba4af09b20ddb6937d",
+        "rev": "92ce71c3ba5a94f854e02d57b14af4997ab54ef0",
         "type": "github"
       },
       "original": {
@@ -1850,7 +2024,7 @@
     },
     "wafrn": {
       "inputs": {
-        "nixpkgs": "nixpkgs_15",
+        "nixpkgs": "nixpkgs_14",
         "wafrn-src": "wafrn-src"
       },
       "locked": {
@@ -1927,15 +2101,15 @@
     },
     "zen-browser": {
       "inputs": {
-        "home-manager": "home-manager_4",
-        "nixpkgs": "nixpkgs_16"
+        "home-manager": "home-manager_5",
+        "nixpkgs": "nixpkgs_15"
       },
       "locked": {
-        "lastModified": 1764007718,
-        "narHash": "sha256-0AFVGwghB2NUh/l30fI5q7FeJL3C/xIf1Y8se7NHoG8=",
+        "lastModified": 1771840410,
+        "narHash": "sha256-fxtvkgQLVhHAjWXPhqahYrVky6KjmS3hwhsb1UX/c/8=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "c396e711f7704f8675d34630b3bebcbff465672d",
+        "rev": "24e003a8ad4ab99cabbba6821bd985bb81dbe656",
         "type": "github"
       },
       "original": {
@@ -1960,11 +2134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760401936,
-        "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=",
+        "lastModified": 1763295135,
+        "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=",
         "owner": "mitchellh",
         "repo": "zig-overlay",
-        "rev": "365085b6652259753b598d43b723858184980bbe",
+        "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a",
         "type": "github"
       },
       "original": {
@@ -1975,20 +2149,23 @@
     },
     "zon2nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": [
+          "ghostty",
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1758405547,
-        "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=",
+        "lastModified": 1768231828,
+        "narHash": "sha256-wL/8Iij4T2OLkhHcc4NieOjf7YeJffaUYbCiCqKv/+0=",
         "owner": "jcollie",
         "repo": "zon2nix",
-        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
+        "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071",
         "type": "github"
       },
       "original": {
         "owner": "jcollie",
         "repo": "zon2nix",
-        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
+        "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071",
         "type": "github"
       }
     }
diff --git a/flake.nix b/flake.nix
index d9b191f..94819b1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -75,15 +75,14 @@
           inherit inputs;
         };
         modules = [
-          #   inputs.home-manager.nixosModules.default
+          inputs.home-manager.nixosModules.default
           inputs.catppuccin.nixosModules.catppuccin
           inputs.tangled.nixosModules.knot
           inputs.wafrn.nixosModules.default
 
           inputs.tangled.nixosModules.spindle
           inputs.vscode-server.nixosModules.default
-          #   inputs.openclaw.nixosModules.openclaw-gateway
-          #   inputs.openclaw.homeManagerModules.openclaw
+          inputs.openclaw.nixosModules.openclaw-gateway
 
           inputs.chaotic.nixosModules.nyx-cache
           inputs.chaotic.nixosModules.nyx-overlay
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 451cad6..154ee50 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -14,7 +14,7 @@
     ../../modules/force.nix
     ./modules/gitea.nix
     ./modules/vaultwarden.nix
-    # ./slop/openclaw.nix
+    ./slop/openclaw.nix
   ];
 
   # gcc. shit breaks. wtf
diff --git a/hosts/server/slop/nix-openclaw b/hosts/server/slop/nix-openclaw
new file mode 160000
index 0000000..fbef208
--- /dev/null
+++ b/hosts/server/slop/nix-openclaw
@@ -0,0 +1 @@
+Subproject commit fbef2087190ccfca375b351cdaad49bcbaea721a
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index 4f9bc68..3cb9023 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -1,46 +1,50 @@
 {
-  config,
+  inputs,
   pkgs,
-  lib,
   ...
 }:
 
 {
+  home-manager.sharedModules = [
+    inputs.openclaw.homeManagerModules.openclaw
+  ];
 
-  users.openclaw = {
-    isNormalUser = true;
-    home = "/openclaw";
-    description = "OpenClaw Agent";
-    extraGroups = [ "docker" ];
-    group = "agents";
+  home-manager.users.openclaw = {
+    home.username = "openclaw";
+    home.homeDirectory = "/home/openclaw";
+    home.stateVersion = "24.11";
   };
 
-  home-manager.users.openclaw =
-    {
-      pkgs,
-    }:
-    {
-      programs.openclaw = {
-        enable = true;
-        config = {
-          gateway = {
-            mode = "local";
-            auth = {
-              token = "<gatewayToken>"; # or set OPENCLAW_GATEWAY_TOKEN
-            };
-          };
+  users.users.openclaw = {
+    isNormalUser = true;
+    home = "/home/openclaw";
+    createHome = true;
+    description = "OpenClaw Agent";
+    group = "openclaw";
+    extraGroups = [ "docker" ];
+    shell = pkgs.bashInteractive;
+    packages = [
+      inputs.openclaw.packages.${pkgs.system}.openclaw-gateway
+    ];
+  };
 
-          channels.telegram = {
-            tokenFile = "/run/agenix/telegram-bot-token"; # any file path works
-            allowFrom = [ 12345678 ]; # your Telegram user ID
-          };
-        };
+  users.groups.openclaw = { };
 
-        # Built-ins (tools + skills) shipped via nix-steipete-tools.
-        plugins = [
-          { source = "github:openclaw/nix-steipete-tools?dir=tools/summarize"; }
-        ];
-      };
+  systemd.services.openclaw-start-usermode = {
+    enable = true;
+    description = "Start OpenClaw";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "forking";
+      User = "openclaw";
+      LimitNOFILE = "infinity";
+      LimitNPROC = "infinity";
+      Environment = "PWD=/home/openclaw";
+      LimitCORE = "infinity";
+      Restart = "on-failure";
+
+      ExecStart = "${inputs.openclaw.packages.${pkgs.system}.openclaw-gateway}/bin/openclaw gateway";
     };
-
+  };
 }

From d553f10f30e7a17432a0097a6373335db03c260c Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Mon, 23 Feb 2026 22:19:17 +0200
Subject: [PATCH 12/31] systemd?

---
 hosts/server/slop/gogcli.nix   | 36 ++++++++++++++++++++++++++++++++++
 hosts/server/slop/openclaw.nix | 36 ++--------------------------------
 2 files changed, 38 insertions(+), 34 deletions(-)
 create mode 100644 hosts/server/slop/gogcli.nix

diff --git a/hosts/server/slop/gogcli.nix b/hosts/server/slop/gogcli.nix
new file mode 100644
index 0000000..98d26e3
--- /dev/null
+++ b/hosts/server/slop/gogcli.nix
@@ -0,0 +1,36 @@
+{
+  lib,
+  buildGo125Module,
+  fetchFromGitHub,
+}:
+
+buildGo125Module rec {
+  pname = "gogcli";
+  version = "0.11.0";
+
+  src = fetchFromGitHub {
+    owner = "steipete";
+    repo = "gogcli";
+    rev = "v${version}";
+    hash = "sha256-hJU40ysjRx4p9SWGmbhhpToYCpk3DcMAWCnKqxHRmh0=";
+  };
+
+  vendorHash = "sha256-WGRlv3UsK3SVBQySD7uZ8+FiRl03p0rzjBm9Se1iITs=";
+
+  subPackages = [ "cmd/gog" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/steipete/gogcli/internal/cmd.version=${version}"
+    "-X github.com/steipete/gogcli/internal/cmd.commit=v${version}"
+  ];
+
+  meta = with lib; {
+    description = "Google workspace CLI client";
+    homepage = "https://github.com/steipete/gogcli";
+    license = licenses.mit;
+    mainProgram = "gog";
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index 3cb9023..784f378 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -9,42 +9,10 @@
     inputs.openclaw.homeManagerModules.openclaw
   ];
 
-  home-manager.users.openclaw = {
-    home.username = "openclaw";
-    home.homeDirectory = "/home/openclaw";
-    home.stateVersion = "24.11";
-  };
-
-  users.users.openclaw = {
-    isNormalUser = true;
-    home = "/home/openclaw";
-    createHome = true;
-    description = "OpenClaw Agent";
-    group = "openclaw";
-    extraGroups = [ "docker" ];
-    shell = pkgs.bashInteractive;
+  users.users.ocbwoy3 = {
     packages = [
       inputs.openclaw.packages.${pkgs.system}.openclaw-gateway
+      (pkgs.callPackage ./gogcli.nix { })
     ];
   };
-
-  users.groups.openclaw = { };
-
-  systemd.services.openclaw-start-usermode = {
-    enable = true;
-    description = "Start OpenClaw";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "forking";
-      User = "openclaw";
-      LimitNOFILE = "infinity";
-      LimitNPROC = "infinity";
-      Environment = "PWD=/home/openclaw";
-      LimitCORE = "infinity";
-      Restart = "on-failure";
-
-      ExecStart = "${inputs.openclaw.packages.${pkgs.system}.openclaw-gateway}/bin/openclaw gateway";
-    };
-  };
 }

From 872df78291d7d4860b2f03c39c5b2aec3d61b406 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Tue, 24 Feb 2026 19:00:55 +0200
Subject: [PATCH 13/31] server/slop: add brave shim user service and patch
 openclaw brave endpoint

---
 hosts/server/configuration.nix |  1 +
 hosts/server/slop/brave.nix    | 26 ++++++++++++++++++++++++++
 hosts/server/slop/openclaw.nix | 16 +++++++++++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 hosts/server/slop/brave.nix

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 154ee50..7fec228 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -15,6 +15,7 @@
     ./modules/gitea.nix
     ./modules/vaultwarden.nix
     ./slop/openclaw.nix
+    ./slop/brave.nix
   ];
 
   # gcc. shit breaks. wtf
diff --git a/hosts/server/slop/brave.nix b/hosts/server/slop/brave.nix
new file mode 100644
index 0000000..e8846d3
--- /dev/null
+++ b/hosts/server/slop/brave.nix
@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+
+{
+  # Local Brave API shim as a user service
+  systemd.user.services.brave-shim = {
+    description = "Brave Search API shim (DDGS)";
+    wantedBy = [ "default.target" ];
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      WorkingDirectory = "/home/ocbwoy3/Projects/brave_shim";
+      ExecStart = ''
+        ${pkgs.uv}/bin/uv run \
+          --with fastapi \
+          --with uvicorn \
+          --with ddgs \
+          --with pyyaml \
+          python brave_shim.py
+      '';
+      Restart = "always";
+      RestartSec = "3";
+    };
+  };
+}
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index 784f378..a8a249f 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -4,6 +4,18 @@
   ...
 }:
 
+let
+  openclawPatched = inputs.openclaw.packages.${pkgs.system}.openclaw-gateway.overrideAttrs (old: {
+    postInstall = (old.postInstall or "") + ''
+      # Point Brave web-search endpoint to local shim
+      if [ -d "$out/lib/openclaw/dist" ]; then
+        grep -RIl "https://api.search.brave.com/" "$out/lib/openclaw/dist" | while read -r f; do
+          substituteInPlace "$f" --replace-fail "https://api.search.brave.com/" "http://127.0.0.1:8000/"
+        done
+      fi
+    '';
+  });
+in
 {
   home-manager.sharedModules = [
     inputs.openclaw.homeManagerModules.openclaw
@@ -11,8 +23,10 @@
 
   users.users.ocbwoy3 = {
     packages = [
-      inputs.openclaw.packages.${pkgs.system}.openclaw-gateway
+      openclawPatched
       (pkgs.callPackage ./gogcli.nix { })
+      pkgs.uv
+      pkgs.python3
     ];
   };
 }

From a271d6c3b557b2acf0139237ed8899e1032ed881 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Tue, 24 Feb 2026 19:12:25 +0200
Subject: [PATCH 14/31] server/slop: package brave-shim and run via user
 systemd service

---
 hosts/server/slop/brave-shim.nix | 201 +++++++++++++++++++++++++++++++
 hosts/server/slop/brave.nix      |  13 +-
 hosts/server/slop/openclaw.nix   |   1 +
 3 files changed, 206 insertions(+), 9 deletions(-)
 create mode 100644 hosts/server/slop/brave-shim.nix

diff --git a/hosts/server/slop/brave-shim.nix b/hosts/server/slop/brave-shim.nix
new file mode 100644
index 0000000..6c206d7
--- /dev/null
+++ b/hosts/server/slop/brave-shim.nix
@@ -0,0 +1,201 @@
+{ pkgs }:
+
+let
+  pythonEnv = pkgs.python3.withPackages (ps: with ps; [
+    fastapi
+    uvicorn
+    ddgs
+    pyyaml
+  ]);
+in
+pkgs.stdenvNoCC.mkDerivation {
+  pname = "brave-shim";
+  version = "0.1.0";
+  dontUnpack = true;
+
+  installPhase = ''
+    mkdir -p $out/bin $out/share/brave-shim
+
+    cat > $out/share/brave-shim/brave_shim.conf <<'CONF'
+server:
+  host: "127.0.0.1"
+  port: 8000
+
+ssl:
+  use_custom_ca: false
+  ca_bundle_path: "/etc/ssl/certs/ca-certificates.crt"
+  verify_ssl: true
+
+logging:
+  file_path: "/home/ocbwoy3/.local/state/brave-shim/brave_shim.log"
+  level: "INFO"
+
+bot_protection:
+  cache_expiration: 3600
+  min_delay: 1.0
+  max_delay: 2.5
+
+search:
+  default_count: 10
+  local_count: 5
+CONF
+
+    cat > $out/share/brave-shim/brave_shim.py <<'PY'
+import time
+import random
+import yaml
+import uvicorn
+import logging
+import os
+import ssl
+from fastapi import FastAPI, Query
+from ddgs import DDGS
+from pathlib import Path
+
+config_path = Path(os.environ.get("BRAVE_SHIM_CONF", "brave_shim.conf"))
+if not config_path.exists():
+    raise FileNotFoundError(f"Config not found: {config_path}")
+
+with open(config_path, "r") as f:
+    config = yaml.safe_load(f)
+
+os.makedirs(os.path.dirname(config["logging"]["file_path"]), exist_ok=True)
+logging.basicConfig(
+    level=config['logging']['level'],
+    format="%(asctime)s [%(levelname)s] %(message)s",
+    handlers=[logging.FileHandler(config['logging']['file_path'])]
+)
+logger = logging.getLogger("brave_shim")
+
+ssl_cfg = config.get('ssl', {})
+verify_ssl = ssl_cfg.get('verify_ssl', True)
+custom_ca_status = "System Default"
+
+if ssl_cfg.get('use_custom_ca'):
+    ca_path = ssl_cfg['ca_bundle_path']
+    if os.path.exists(ca_path):
+        os.environ["SSL_CERT_FILE"] = ca_path
+        os.environ["REQUESTS_CA_BUNDLE"] = ca_path
+        os.environ["CURL_CA_BUNDLE"] = ca_path
+
+        if not verify_ssl:
+            ssl._create_default_https_context = ssl._create_unverified_context
+            custom_ca_status = f"Active (Verify=OFF, Path={ca_path})"
+            logger.warning("SSL verification disabled")
+        else:
+            try:
+                context = ssl.create_default_context(cafile=ca_path)
+                ssl._create_default_https_context = lambda: context
+                custom_ca_status = f"Active (Path={ca_path})"
+            except Exception as e:
+                logger.error(f"SSL bundle load error: {e}")
+    else:
+        logger.error(f"SSL CA bundle not found: {ca_path}")
+        custom_ca_status = "Error: File not found"
+
+app = FastAPI(title="Brave Search API Shim", docs_url=None, redoc_url=None)
+search_cache = {}
+
+def get_from_cache(q):
+    expiration = config['bot_protection']['cache_expiration']
+    if q in search_cache:
+        timestamp, data = search_cache[q]
+        if time.time() - timestamp < expiration:
+            return data
+    return None
+
+@app.get("/status")
+async def health_check():
+    return {
+        "status": "online",
+        "cache_entries": len(search_cache),
+        "ssl_verify": verify_ssl,
+        "ca_bundle": custom_ca_status
+    }
+
+@app.get("/res/v1/web/search")
+async def search_proxy(q: str = Query(...), count: int = None):
+    res_count = count or config['search']['default_count']
+    cached_res = get_from_cache(q)
+    if cached_res:
+        logger.info(f"CACHE HIT: {q}")
+        return cached_res
+
+    time.sleep(random.uniform(config['bot_protection']['min_delay'], config['bot_protection']['max_delay']))
+    logger.info(f"FETCH WEB: {q}")
+    try:
+        with DDGS(verify=verify_ssl) as ddgs:
+            results = []
+            for r in ddgs.text(q, max_results=res_count):
+                results.append({
+                    "title": r.get("title"),
+                    "url": r.get("href"),
+                    "description": r.get("body"),
+                    "meta_url": {"path": r.get("href")}
+                })
+
+        response_data = {"web": {"results": results}}
+        search_cache[q] = (time.time(), response_data)
+        return response_data
+    except Exception as e:
+        logger.error(f"WEB search error for '{q}': {e}")
+        return {"web": {"results": []}, "error": str(e)}
+
+@app.get("/res/v1/local/pois")
+async def local_proxy(q: str = Query(...), count: int = None):
+    res_count = count or config['search']['local_count']
+    logger.info(f"FETCH LOCAL: {q}")
+    try:
+        with DDGS(verify=verify_ssl) as ddgs:
+            res = [
+                {
+                    "id": str(i),
+                    "name": r["title"],
+                    "address": r["body"][:100],
+                    "phone": "",
+                    "coordinates": {"latitude": 0.0, "longitude": 0.0}
+                }
+                for i, r in enumerate(ddgs.text(f"place {q}", max_results=res_count))
+            ]
+        return {"results": res}
+    except Exception as e:
+        logger.error(f"LOCAL search error for '{q}': {e}")
+        return {"results": []}
+
+@app.get("/res/v1/local/descriptions")
+async def local_descriptions(id: str = Query(...)):
+    return {"descriptions": {id: "Data from DDGS proxy."}}
+
+@app.get("/res/v1/summarizer/summary")
+async def summarizer_proxy(key: str = Query(...)):
+    return {"summary": "Summary ready.", "status": "complete"}
+
+if __name__ == "__main__":
+    logger.info(f"Starting brave-shim on {config['server']['host']}:{config['server']['port']}")
+    uvicorn.run(
+        app,
+        host=config['server']['host'],
+        port=config['server']['port'],
+        access_log=False,
+        log_level="critical"
+    )
+PY
+
+    cat > $out/bin/brave-shim <<EOF
+#!${pkgs.bash}/bin/bash
+set -euo pipefail
+export BRAVE_SHIM_CONF=\"\
+	s	h\
+\"
+EOF
+
+    # simpler wrapper (avoid quoting bugs)
+    cat > $out/bin/brave-shim <<EOF
+#!${pkgs.bash}/bin/bash
+set -euo pipefail
+export BRAVE_SHIM_CONF="''${BRAVE_SHIM_CONF:-$out/share/brave-shim/brave_shim.conf}"
+exec ${pythonEnv}/bin/python $out/share/brave-shim/brave_shim.py
+EOF
+    chmod +x $out/bin/brave-shim
+  '';
+}
diff --git a/hosts/server/slop/brave.nix b/hosts/server/slop/brave.nix
index e8846d3..dc83115 100644
--- a/hosts/server/slop/brave.nix
+++ b/hosts/server/slop/brave.nix
@@ -1,5 +1,8 @@
 { pkgs, ... }:
 
+let
+  braveShim = pkgs.callPackage ./brave-shim.nix { };
+in
 {
   # Local Brave API shim as a user service
   systemd.user.services.brave-shim = {
@@ -10,15 +13,7 @@
 
     serviceConfig = {
       Type = "simple";
-      WorkingDirectory = "/home/ocbwoy3/Projects/brave_shim";
-      ExecStart = ''
-        ${pkgs.uv}/bin/uv run \
-          --with fastapi \
-          --with uvicorn \
-          --with ddgs \
-          --with pyyaml \
-          python brave_shim.py
-      '';
+      ExecStart = "${braveShim}/bin/brave-shim";
       Restart = "always";
       RestartSec = "3";
     };
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index a8a249f..b134cf8 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -25,6 +25,7 @@ in
     packages = [
       openclawPatched
       (pkgs.callPackage ./gogcli.nix { })
+      (pkgs.callPackage ./brave-shim.nix { })
       pkgs.uv
       pkgs.python3
     ];

From d02b8776aa3ffcc6d5e9789d3120977e224e14cd Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Tue, 24 Feb 2026 21:19:51 +0200
Subject: [PATCH 15/31] server: add bun/nodejs/node-gyp for bun global CLI
 installs

---
 hosts/server/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 7fec228..8b2e465 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -61,6 +61,9 @@
     pm2
     steam-run
     opencode
+    bun
+    nodejs
+    node-gyp
   ];
 
   users.users.ocbwoy3 = {

From debd90e1c3f62811af5030068a844f4d66410aff Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Tue, 24 Feb 2026 21:22:33 +0200
Subject: [PATCH 16/31] server: install rocksky as system package wrapper

---
 hosts/server/configuration.nix    | 1 +
 hosts/server/slop/rocksky-cli.nix | 9 +++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 hosts/server/slop/rocksky-cli.nix

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 8b2e465..d9c448c 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -64,6 +64,7 @@
     bun
     nodejs
     node-gyp
+    (pkgs.callPackage ./slop/rocksky-cli.nix { })
   ];
 
   users.users.ocbwoy3 = {
diff --git a/hosts/server/slop/rocksky-cli.nix b/hosts/server/slop/rocksky-cli.nix
new file mode 100644
index 0000000..30afe4a
--- /dev/null
+++ b/hosts/server/slop/rocksky-cli.nix
@@ -0,0 +1,9 @@
+{ pkgs }:
+
+pkgs.writeShellApplication {
+  name = "rocksky";
+  runtimeInputs = [ pkgs.bun ];
+  text = ''
+    exec ${pkgs.bun}/bin/bun x @rocksky/cli "$@"
+  '';
+}

From 98d5f91cc72c2dd93a55a3b671cc009686af14c2 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 15:53:00 +0200
Subject: [PATCH 17/31] browserz

---
 hosts/server/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index d9c448c..98822e5 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -64,6 +64,9 @@
     bun
     nodejs
     node-gyp
+    playwright
+    chromium
+    brave
     (pkgs.callPackage ./slop/rocksky-cli.nix { })
   ];
 

From c37c83b931a74489299b44b74bfc1b0c3acbdc3e Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 16:03:28 +0200
Subject: [PATCH 18/31] server: lock /etc/nixos read-only and force resolv.conf
 to 1.1.1.1

---
 hosts/server/configuration.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 98822e5..44f4fc1 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -128,6 +128,18 @@
     ];
   };
 
+  # Lock /etc/nixos to read-only mode (config lives in /home/ocbwoy3/config).
+  systemd.tmpfiles.rules = [
+    "z /etc/nixos 0555 root root - -"
+  ];
+
+  # Force resolver config to Cloudflare only.
+  networking.nameservers = lib.mkForce [ "1.1.1.1" ];
+  environment.etc."resolv.conf".text = lib.mkForce ''
+    nameserver 1.1.1.1
+  '';
+
+
   catppuccin = {
     enable = true;
     flavor = "mocha";

From 0a4d68e3fd491809a530e4f174612e0426868e89 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 16:05:08 +0200
Subject: [PATCH 19/31] server: add 1.0.0.1 fallback to forced resolv.conf

---
 flake.nix                               |  5 +--
 hosts/server/configuration.nix          |  4 +-
 hosts/server/hardware-configuration.nix | 51 +++++++++++++++++++++++++
 3 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 hosts/server/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 94819b1..d14e7f0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -88,10 +88,9 @@
           inputs.chaotic.nixosModules.nyx-overlay
           inputs.chaotic.nixosModules.nyx-registry
 
-          # lil hack to not use --impure when rebuilding nixos >:3
-          "/etc/nixos/hardware-configuration.nix"
-
           ./hosts/server/configuration.nix
+          ./hosts/server/hardware-configuration.nix
+
         ];
       };
       nixosConfigurations.fix_nixpkgs = nixpkgs.lib.nixosSystem {
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 44f4fc1..2853118 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -134,12 +134,12 @@
   ];
 
   # Force resolver config to Cloudflare only.
-  networking.nameservers = lib.mkForce [ "1.1.1.1" ];
+  networking.nameservers = lib.mkForce [ "1.1.1.1" "1.0.0.1" ];
   environment.etc."resolv.conf".text = lib.mkForce ''
     nameserver 1.1.1.1
+    nameserver 1.0.0.1
   '';
 
-
   catppuccin = {
     enable = true;
     flavor = "mocha";
diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix
new file mode 100644
index 0000000..e7dc2b3
--- /dev/null
+++ b/hosts/server/hardware-configuration.nix
@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5ca305a1-d705-4c99-913c-a2d1c3447282";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/5ca305a1-d705-4c99-913c-a2d1c3447282";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/5ca305a1-d705-4c99-913c-a2d1c3447282";
+      fsType = "btrfs";
+      options = [ "subvol=nix" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/732D-084E";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  # swapDevices = [ { device = "/swap/swapfile"; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

From 9a4b06a0054e4f9be0c693fda4ce90b5d30fa4df Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 16:27:48 +0200
Subject: [PATCH 20/31] fix?

---
 hosts/server/configuration.nix | 50 +++++++++++++++++++++++++++++++-
 modules/stuff/zsh.nix          | 53 ++++++++++++++++++++--------------
 2 files changed, 80 insertions(+), 23 deletions(-)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 2853118..ca8da57 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -81,6 +81,51 @@
     shell = pkgs.zsh;
   };
 
+  nixpkgs.overlays = [
+    (final: prev: {
+      nixos-rebuild = prev.writeShellScriptBin "nixos-rebuild" ''
+                set -euo pipefail
+
+                action="''${1:-}"
+                case "$action" in
+                  switch|boot|test|build|dry-activate)
+                    needs_flake=1
+                    ;;
+                  *)
+                    needs_flake=0
+                    ;;
+                esac
+
+                has_flake=0
+                for arg in "$@"; do
+                  case "$arg" in
+                    --flake|--flake=*)
+                      has_flake=1
+                      break
+                      ;;
+                  esac
+                done
+
+                if [ "$needs_flake" -eq 1 ] && [ "$has_flake" -eq 0 ]; then
+                  cat >&2 <<'EOF'
+
+        🚨🚨🚨 WARNING: DANGEROUS SYSTEM REBUILD 🚨🚨🚨
+        This host is FLAKE-MANAGED. Do not attempt to rebuild the system from /etc/nixos.
+
+        Please ensure you are running THIS EXACT COMMAND inside /home/ocbwoy3/config:
+
+           sudo nixos-rebuild switch --flake /home/ocbwoy3/config#server --impure --cores 4 -L --upgrade
+
+        Aborting unsafe nixos-rebuild invocation.
+        EOF
+                  exit 64
+                fi
+
+                exec ${prev.nixos-rebuild}/bin/nixos-rebuild "$@"
+      '';
+    })
+  ];
+
   virtualisation.docker = {
     enable = true;
     daemon.settings = {
@@ -134,7 +179,10 @@
   ];
 
   # Force resolver config to Cloudflare only.
-  networking.nameservers = lib.mkForce [ "1.1.1.1" "1.0.0.1" ];
+  networking.nameservers = lib.mkForce [
+    "1.1.1.1"
+    "1.0.0.1"
+  ];
   environment.etc."resolv.conf".text = lib.mkForce ''
     nameserver 1.1.1.1
     nameserver 1.0.0.1
diff --git a/modules/stuff/zsh.nix b/modules/stuff/zsh.nix
index c8380d8..bd5065d 100644
--- a/modules/stuff/zsh.nix
+++ b/modules/stuff/zsh.nix
@@ -1,28 +1,37 @@
-{ config, inputs, pkgs, lib, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
 
-	programs.direnv = {
-		enable = true;
-		enableZshIntegration = true;
-	};
+  programs.direnv = {
+    enable = true;
+    enableZshIntegration = true;
+  };
 
-	programs.zsh = {
-		enable = true;
-		autosuggestions.enable = true;
-		zsh-autoenv.enable = true;
-		syntaxHighlighting.enable = true;
-		ohMyZsh = {
-			enable = true;
-			plugins = [ "git" "direnv" ];
-			theme = "robbyrussell";
-		};
-		shellAliases = {
-			# ultimate cpu killer 3000
-			nixrebuild = "sudo nixos-rebuild switch --flake .#default --impure --cores 20 -L --upgrade";
-			dangerous-nixrebuild-server = "sudo nixos-rebuild switch --flake .#server --impure --cores 4 -L --upgrade";
-			neofetch = "fastfetch";
-		};
-	};
+  programs.zsh = {
+    enable = true;
+    autosuggestions.enable = true;
+    zsh-autoenv.enable = true;
+    syntaxHighlighting.enable = true;
+    ohMyZsh = {
+      enable = true;
+      plugins = [
+        "git"
+        "direnv"
+      ];
+      theme = "robbyrussell";
+    };
+    shellAliases = {
+      # ultimate cpu killer 3000
+      nixrebuild = "sudo nixos-rebuild switch --flake .#default --impure --cores 20 -L --upgrade";
+      dangerous-nixrebuild-server = "sudo nixos-rebuild switch --flake /home/ocbwoy3/config#server --impure --cores 4 -L --upgrade";
+      neofetch = "fastfetch";
+    };
+  };
 
 }

From c95c70f9d21856092a1a191e5ba7a21ad6a8729e Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 21:50:20 +0200
Subject: [PATCH 21/31] openclaw: rewrite Brave API base URL to local
 brave-shim

---
 hosts/server/slop/openclaw.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index b134cf8..d9d4386 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -9,8 +9,11 @@ let
     postInstall = (old.postInstall or "") + ''
       # Point Brave web-search endpoint to local shim
       if [ -d "$out/lib/openclaw/dist" ]; then
-        grep -RIl "https://api.search.brave.com/" "$out/lib/openclaw/dist" | while read -r f; do
-          substituteInPlace "$f" --replace-fail "https://api.search.brave.com/" "http://127.0.0.1:8000/"
+        grep -RIl "https://api.search.brave.com" "$out/lib/openclaw/dist" | while read -r f; do
+          substituteInPlace "$f" \
+            --replace "https://api.search.brave.com/res/v1/" "http://127.0.0.1:8000/res/v1/" \
+            --replace "https://api.search.brave.com/" "http://127.0.0.1:8000/" \
+            --replace-fail "https://api.search.brave.com" "http://127.0.0.1:8000"
         done
       fi
     '';

From a292a97d3f812f1bafd887b33649c0436ecab17e Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 22:01:54 +0200
Subject: [PATCH 22/31] openclaw: hard-rewrite Brave web search endpoint to
 local shim

---
 hosts/server/slop/openclaw.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index d9d4386..97c8295 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -9,11 +9,15 @@ let
     postInstall = (old.postInstall or "") + ''
       # Point Brave web-search endpoint to local shim
       if [ -d "$out/lib/openclaw/dist" ]; then
+        # Web-search tool hardcodes Brave endpoint in bundled JS.
+        # No runtime config option exists for Brave base URL in this OpenClaw version,
+        # so rewrite it at build-time to local brave-shim.
         grep -RIl "https://api.search.brave.com" "$out/lib/openclaw/dist" | while read -r f; do
           substituteInPlace "$f" \
+            --replace "https://api.search.brave.com/res/v1/web/search" "http://127.0.0.1:8000/res/v1/web/search" \
             --replace "https://api.search.brave.com/res/v1/" "http://127.0.0.1:8000/res/v1/" \
             --replace "https://api.search.brave.com/" "http://127.0.0.1:8000/" \
-            --replace-fail "https://api.search.brave.com" "http://127.0.0.1:8000"
+            --replace "https://api.search.brave.com" "http://127.0.0.1:8000"
         done
       fi
     '';

From 47e31d509053c21672e046fd08d23124ea7ef5ab Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 22:05:12 +0200
Subject: [PATCH 23/31] openclaw: patch brave endpoint in installPhase
 (postInstall not executed)

---
 hosts/server/slop/openclaw.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index 97c8295..d315878 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -6,12 +6,13 @@
 
 let
   openclawPatched = inputs.openclaw.packages.${pkgs.system}.openclaw-gateway.overrideAttrs (old: {
-    postInstall = (old.postInstall or "") + ''
-      # Point Brave web-search endpoint to local shim
+    installPhase = old.installPhase + ''
+      # Point Brave web-search endpoint to local shim.
+      # NOTE: upstream installPhase script does not run postInstall hooks,
+      # so patch directly at the end of installPhase.
       if [ -d "$out/lib/openclaw/dist" ]; then
         # Web-search tool hardcodes Brave endpoint in bundled JS.
-        # No runtime config option exists for Brave base URL in this OpenClaw version,
-        # so rewrite it at build-time to local brave-shim.
+        # No runtime config option exists for Brave base URL in this OpenClaw version.
         grep -RIl "https://api.search.brave.com" "$out/lib/openclaw/dist" | while read -r f; do
           substituteInPlace "$f" \
             --replace "https://api.search.brave.com/res/v1/web/search" "http://127.0.0.1:8000/res/v1/web/search" \

From 0c42a480c65fdd5ee37b40cd931fb4dd73668620 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Wed, 25 Feb 2026 22:07:15 +0200
Subject: [PATCH 24/31] openclaw: fix installPhase append newline for brave
 endpoint patch

---
 hosts/server/slop/openclaw.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index d315878..9ab8f63 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -6,7 +6,7 @@
 
 let
   openclawPatched = inputs.openclaw.packages.${pkgs.system}.openclaw-gateway.overrideAttrs (old: {
-    installPhase = old.installPhase + ''
+    installPhase = old.installPhase + "\n" + ''
       # Point Brave web-search endpoint to local shim.
       # NOTE: upstream installPhase script does not run postInstall hooks,
       # so patch directly at the end of installPhase.

From 08f94eaafce05b4bb92d53e51dd0e6d880370aa8 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Sat, 7 Mar 2026 10:49:33 +0200
Subject: [PATCH 25/31] pds: tenna

---
 flake.lock                                    | 150 ++++++++++--------
 hosts/server/modules/Caddyfile                |   8 +
 hosts/server/modules/atproto-pds.nix          |  16 +-
 .../modules/system-utdr-assets/default.nix    |  21 +++
 .../modules/system-utdr-assets/favicon.png    | Bin 0 -> 16690 bytes
 .../modules/system-utdr-assets/logo.png       | Bin 0 -> 884405 bytes
 .../modules/system-utdr-assets/tenna.ico      | Bin 0 -> 16958 bytes
 7 files changed, 129 insertions(+), 66 deletions(-)
 create mode 100644 hosts/server/modules/system-utdr-assets/default.nix
 create mode 100644 hosts/server/modules/system-utdr-assets/favicon.png
 create mode 100644 hosts/server/modules/system-utdr-assets/logo.png
 create mode 100644 hosts/server/modules/system-utdr-assets/tenna.ico

diff --git a/flake.lock b/flake.lock
index f6aa70a..6e27c24 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,11 +36,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770895474,
-        "narHash": "sha256-JBcrq1Y0uw87VZdYsByVbv+GBuT6ECaCNb9txLX9UuU=",
+        "lastModified": 1772292445,
+        "narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "a494d50d32b5567956b558437ceaa58a380712f7",
+        "rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f",
         "type": "github"
       },
       "original": {
@@ -141,11 +141,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1771587924,
-        "narHash": "sha256-eVYOGmF8nQBhudJyU6lHdgJI87kvGz8JyCq5/Vi9Mjk=",
+        "lastModified": 1772153824,
+        "narHash": "sha256-T65qXmlcD9qFpPTi+mOXsn4dIkO2N8Ls67nqmuzepv0=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "b0c65edbf31c2ad3d84438d82c2310f2c28373f3",
+        "rev": "4b0f5b7bf7b3eeb484d49524f3c9791864ab9362",
         "type": "github"
       },
       "original": {
@@ -374,11 +374,11 @@
         "zon2nix": "zon2nix"
       },
       "locked": {
-        "lastModified": 1771866085,
-        "narHash": "sha256-7OfP7+r5NMzTvP/X5qm7CbM0PR+d7VsQRjJ9VlzGZ70=",
+        "lastModified": 1772342074,
+        "narHash": "sha256-EMHTNX4EX7PzRLIvSd3C53SuLNmAb/edaeBzEVPA1Ns=",
         "owner": "ghostty-org",
         "repo": "ghostty",
-        "rev": "6a9a21afb6123729b2f3964a0d19770f8a21f8c6",
+        "rev": "25f12080cb567a1a78980effbfe8692dbdcbba44",
         "type": "github"
       },
       "original": {
@@ -478,11 +478,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1771851181,
-        "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=",
+        "lastModified": 1772330611,
+        "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c",
+        "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400",
         "type": "github"
       },
       "original": {
@@ -520,11 +520,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771756436,
-        "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=",
+        "lastModified": 1772330611,
+        "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb",
+        "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400",
         "type": "github"
       },
       "original": {
@@ -692,11 +692,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1771865886,
-        "narHash": "sha256-8DlTG/lNBvbXEUmx3jHsizhBoCEqGl6yRRjNRrxlf88=",
+        "lastModified": 1772319987,
+        "narHash": "sha256-CWzTcI/f/tEHvJWPR0jU/Rf0razol+uCdFm3TK7QOfo=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "bc09504ea50901bedf945859bf7bd4c739e1ed38",
+        "rev": "2928d6af0ad1fa9f950c4ea8394739a468b5e34f",
         "type": "github"
       },
       "original": {
@@ -792,11 +792,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767983607,
-        "narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=",
+        "lastModified": 1771866172,
+        "narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "d4037379e6057246b408bbcf796cf3e9838af5b2",
+        "rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41",
         "type": "github"
       },
       "original": {
@@ -1021,11 +1021,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770139857,
-        "narHash": "sha256-bCqxcXjavgz5KBJ/1CBLqnagMMf9JvU1m9HmYVASKoc=",
+        "lastModified": 1771271487,
+        "narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "9038eec033843c289b06b83557a381a2648d8fa5",
+        "rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d",
         "type": "github"
       },
       "original": {
@@ -1175,11 +1175,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770203293,
-        "narHash": "sha256-PR/KER+yiHabFC/h1Wjb+9fR2Uy0lWM3Qld7jPVaWkk=",
+        "lastModified": 1771606233,
+        "narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=",
         "owner": "hyprwm",
         "repo": "hyprwire",
-        "rev": "37bc90eed02b0c8b5a77a0b00867baf3005cfb98",
+        "rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a",
         "type": "github"
       },
       "original": {
@@ -1375,11 +1375,11 @@
         "nixpkgs": "nixpkgs_9"
       },
       "locked": {
-        "lastModified": 1771639217,
-        "narHash": "sha256-eidzES1s+0/Ngkw0fmLGdZ+NSN6P7RwKD0lPLYGqZoU=",
+        "lastModified": 1772109967,
+        "narHash": "sha256-0oWZtmVJcI7Mc6nAXf7XM4FHLJv+H1X/8Gh31uJCyJ0=",
         "owner": "openclaw",
         "repo": "nix-steipete-tools",
-        "rev": "95ebfa73f4421144173f7060433c510a7d2d014a",
+        "rev": "2b97c49e03657af1574aee5a34f57b38fba90035",
         "type": "github"
       },
       "original": {
@@ -1390,11 +1390,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1771423359,
-        "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
+        "lastModified": 1771969195,
+        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
+        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
         "type": "github"
       },
       "original": {
@@ -1406,11 +1406,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
+        "lastModified": 1771848320,
+        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
+        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
         "type": "github"
       },
       "original": {
@@ -1500,11 +1500,11 @@
     },
     "nixpkgs_15": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
+        "lastModified": 1772198003,
+        "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
+        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
         "type": "github"
       },
       "original": {
@@ -1593,11 +1593,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
+        "lastModified": 1772198003,
+        "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
+        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
         "type": "github"
       },
       "original": {
@@ -1649,11 +1649,11 @@
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1771704400,
-        "narHash": "sha256-8U9xnN4HdxPfAXAft3lBsArWSv1ZTTxJci1lOA/xpno=",
+        "lastModified": 1772219256,
+        "narHash": "sha256-8RH/xcZOEDf2fJ5h/PSXKxmTnsIMV4AXBj3F8ZdJgyw=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "5c38b357da7e8c870350cd1847fb5b2602a28eb0",
+        "rev": "c07410f1838ce6a44708c49b8ed6fb061babc5ac",
         "type": "github"
       },
       "original": {
@@ -1670,11 +1670,11 @@
         "nixpkgs": "nixpkgs_10"
       },
       "locked": {
-        "lastModified": 1771657318,
-        "narHash": "sha256-xFDNFFN5U9wtMcj1iACmoL6W4PWJeg9C0Pk2+BoY09s=",
+        "lastModified": 1772348525,
+        "narHash": "sha256-4FglS6O9oDpIF+kYhikaLUBhZkhzTWF//xlnJK3ZBHY=",
         "owner": "openclaw",
         "repo": "nix-openclaw",
-        "rev": "fbef2087190ccfca375b351cdaad49bcbaea721a",
+        "rev": "80373ef96a21a15761753ab5dd25fe3d8d680e5a",
         "type": "github"
       },
       "original": {
@@ -1683,6 +1683,31 @@
         "type": "github"
       }
     },
+    "pion-webrtc": {
+      "inputs": {
+        "flake-utils": [
+          "spacebar",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "spacebar",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772089711,
+        "narHash": "sha256-N4XQECQRWDirbf4mrZ0w5eCKPO5o2yNZv4LwW5SS4j0=",
+        "owner": "spacebarchat",
+        "repo": "pion-webrtc",
+        "rev": "d18098fd78687a2864ea8e696596d412889f9250",
+        "type": "github"
+      },
+      "original": {
+        "owner": "spacebarchat",
+        "repo": "pion-webrtc",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat_2",
@@ -1693,11 +1718,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770726378,
-        "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
+        "lastModified": 1772024342,
+        "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
+        "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
         "type": "github"
       },
       "original": {
@@ -1754,14 +1779,15 @@
         "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "pion-webrtc": "pion-webrtc"
       },
       "locked": {
-        "lastModified": 1771831936,
-        "narHash": "sha256-mwXntftR14qB1DrxGGMPaZ8wR7k8YwyppEEY0uaZOcU=",
+        "lastModified": 1772304584,
+        "narHash": "sha256-IhORc4Xe3uTXuo69FX8uWLAWJNW2oHOgXICD0K5NFXs=",
         "owner": "spacebarchat",
         "repo": "server",
-        "rev": "785f53e7d1f485941e47f13f4558f9568571f9b0",
+        "rev": "829ada260753e0e45e0ac1db20c8f19afd2420cf",
         "type": "github"
       },
       "original": {
@@ -1948,11 +1974,11 @@
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
-        "lastModified": 1771771164,
-        "narHash": "sha256-BGs42swuu0P3GFNjwdXW96Zb0QabdCp8o5EEwIXyWaM=",
+        "lastModified": 1772351673,
+        "narHash": "sha256-Aq2qHTc6cHl8BGvGceRE/U3jxG50l4sR00V2jDPmzbM=",
         "ref": "refs/heads/master",
-        "rev": "90c5c1af7fbf275a14a769f8b669369ffecc27b1",
-        "revCount": 1978,
+        "rev": "f7c358408ce27f0f196a380d4730a5ae77b44c4d",
+        "revCount": 1993,
         "type": "git",
         "url": "https://tangled.sh/tangled.sh/core"
       },
@@ -2105,11 +2131,11 @@
         "nixpkgs": "nixpkgs_15"
       },
       "locked": {
-        "lastModified": 1771840410,
-        "narHash": "sha256-fxtvkgQLVhHAjWXPhqahYrVky6KjmS3hwhsb1UX/c/8=",
+        "lastModified": 1772332855,
+        "narHash": "sha256-LPNnG/TXua9dSal3Ka+Rj0s34gbkJ4/AhxWBzn87j0E=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "24e003a8ad4ab99cabbba6821bd985bb81dbe656",
+        "rev": "04e0729057ea01c3336f4751290a20f4ec564727",
         "type": "github"
       },
       "original": {
diff --git a/hosts/server/modules/Caddyfile b/hosts/server/modules/Caddyfile
index 71731dc..ab2a1cf 100644
--- a/hosts/server/modules/Caddyfile
+++ b/hosts/server/modules/Caddyfile
@@ -1,3 +1,11 @@
+@favicon path /favicon.ico
+handle @favicon {
+	root * /lib/system-utdr-assets
+	rewrite * /tenna.ico
+	header Content-Type "image/vnd.microsoft.icon" # <-- microslop
+	file_server
+}
+
 @root path /
 handle @root {
 	header Content-Type "text/plain; charset=utf-8"
diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix
index 5ee554f..8d0b24c 100644
--- a/hosts/server/modules/atproto-pds.nix
+++ b/hosts/server/modules/atproto-pds.nix
@@ -5,6 +5,10 @@
   ...
 }:
 
+let
+  systemUtdrAssets = pkgs.callPackage ./system-utdr-assets { };
+in
+
 {
 
   # TODO:
@@ -19,17 +23,21 @@
       PDS_CRAWLERS = "https://bsky.network";
       LOG_ENABLED = "true";
       PDS_HOSTNAME = "castletown.darkworld.download";
-      PDS_VERSION = "\"DELTARUNE TOMMOROW!!!!\"";
+      PDS_VERSION = "\"That feeling when Deltarune........ tomorrow! :3\"";
       PDS_DID_PLC_URL = "https://plc.directory";
-      PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
-      PDS_PRIVACY_POLICY_URL = "https://bsky.social/about/support/privacy-policy";
-      PDS_TERMS_OF_SERVICE_URL = "https://bsky.social/about/support/tos";
+      PDS_CONTACT_EMAIL_ADDRESS = "kris@darkworld.download";
+      #   PDS_PRIVACY_POLICY_URL = "https://bsky.social/about/support/privacy-policy";
+      #   PDS_TERMS_OF_SERVICE_URL = "https://bsky.social/about/support/tos";
       PDS_ACCEPTING_REPO_IMPORTS = "true";
     };
   };
 
   # Set host header to `localhost` in tunnel settings otherwise you'll end up wasting countless hours of your life
 
+  systemd.tmpfiles.rules = [
+    "L+ /lib/system-utdr-assets - - - - ${systemUtdrAssets}/lib/system-utdr-assets"
+  ];
+
   services.caddy = {
     enable = true;
     globalConfig = ''
diff --git a/hosts/server/modules/system-utdr-assets/default.nix b/hosts/server/modules/system-utdr-assets/default.nix
new file mode 100644
index 0000000..b92adca
--- /dev/null
+++ b/hosts/server/modules/system-utdr-assets/default.nix
@@ -0,0 +1,21 @@
+{ stdenvNoCC, lib }:
+
+stdenvNoCC.mkDerivation {
+  pname = "system-utdr-assets";
+  version = "1.0.0";
+
+  src = ./.;
+
+  installPhase = ''
+        mkdir -p "$out/lib/system-utdr-assets"
+        cp "$src/tenna.ico" "$out/lib/system-utdr-assets/tenna.ico"
+    	cp "$src/logo.png" "$out/lib/system-utdr-assets/logo.png"
+    	cp "$src/favicon.png" "$out/lib/system-utdr-assets/favicon.png"
+  '';
+
+  meta = with lib; {
+    description = "System Undertale & Deltarune assets";
+    license = licenses.unfree;
+    maintainers = with maintainers; [ ];
+  };
+}
diff --git a/hosts/server/modules/system-utdr-assets/favicon.png b/hosts/server/modules/system-utdr-assets/favicon.png
new file mode 100644
index 0000000000000000000000000000000000000000..9d3adbfec1c0aebe391b59c492f95edf87244c98
GIT binary patch
literal 16690
zcmeAS@N?(olHy`uVBq!ia0y~yU~m9o4mJh`#=Cir9t;c&jKx9jPK-BC>eMqZFtDUM
z`Z_W&Z0zU$lgP@zz@U)q5#-CjP^HGe(9pub@QZ<gq2UDsL#Y7+!>a@a2CEqi4B`cI
zb_LonFfecyctjR6Fz6|RFk{71`!WUw1qM$S$B+s}#tMh_{R~8dbK9T&hbcy8!^B9V
zv6}E74ZsvJ!psKA!`L92kr6D#$OPiRFh~%DLHu*upMfX_urd$}W+aFW!bYA_a5)g4
zFh({3nT_HGyv88w!cYj31bGt~!xRy;0z&~T9AGBE{R*-MCJ3TQ4+oGgVlc=i5Jp!E
z5(8m$ajbl73bBcSG{gM};^0yQl7r$4MxIiJP&Ot7G5{183=9mQ<PXL$K8OZkkQ!v2
zEXW)f`~Uy{44~)$(I7Dp4dR2?Q0&OSzyQvX81V>Iz<{m^#D}JFkhj5_VQPmH4GLip
z#^xuGI0&Q5;S5A{g+%kQ*#gpxOB^JJfw3vZCWfIACV;LOoext7qCtrQM1wItg<u5?
z47l?GNHZv{<HHyCJO||us96vSBNjku9)>|mK<tEs1Q3%!%~AwRBNG^z36$oM6(I9D
zxj{7~IH$tBj$r_@W*8gf3K$zNjV&BNWkX?MAvkD2^5_QObOFd#kn=$pr0M*Q=O79L
z!~Fu1!Da(U9ENFEl*4Qolr$(<K$upJLx}@)OVBMQCJxBagKjSdA7m&9V@Ti-0I3CG
z9MUMl7+D!bmJAND7L#l=$Y2o0rx7F%!uZsn%Ml#{u=pp{0(1+}`8X3HH7$ZU9^G;f
zA8Sztv)s@_5~PMAjH?KQ8H&{bFiC7Qtc=Ab2NDCxgXmwselgrQ{0_v#i%E6>UeiET
z$A3hnsp}*TRt~C4U=9QI2f>0+0#_oGh02peAz1>}2MT@=W`sz9(i;ea<zNJc089c`
zIslmktKwj4vC$xlLE`ulAV?mk13;26M=-N8GUz!=fP{#`#99tA46g$~3Xn0(LC9k0
zY(hRpS3k-h4FS9%07`T)j8`F=<hkw7l+lE6a&Z+zI5iNG06Ca}f#D96CZwE!>JC7*
zkr+qN)B(tj!Ntbw07?rLV)Wy60LaxaLx>4Zka`$~>4Wic(F7fUOCz<!sp<fvP$GIP
zhbRZYf)mLCya8b3DdmJ$0g@z94nR_mlL>Pi%&|BXqDfHA0chqD&BfUsfcc1MlTa0&
zWnf@nW?*2rYvd^vf+~f|!|DJEEl0J1fq?;EwBT(OQ`#?pHO(+wgd{NFX@H;u_UzdM
z9smZlhS4$1BQS9opA;Hz6o3qJad80;AcNQ-i?B7xVPYV8kU9{CiGkSoFhK|4(~K^M
zY$>v17#J8XGB7acqpJt;sp<fbfiR5b7(Gz04ZT|iQcE=lp!pbNHaf<d<*DWXkZs7m
z2JvCpknC~*WC$UQ%jd*c4l<iyHUuex;SV1^Fns;`6~+bAAYa2USOApbcE5lz3DUS6
z@Cu|8<_i!Tg!%dT8F+Yjz~usnj|>0%3mGH87xXZ_SQ7?F61hGgrAUT3ni$JL_TY2?
zND|o*AU-LWDh@!l@Z9!ipz8GxvKS6FtC6P^G3sz=A9TVcT(0|IYXJtG<3=4c8UiRG
zaBllE8A?hH6vGC9gSSY;=N??1CblTVXEwSVHoK^053X7f-3>(Zu{oA#%~%xTG7pzH
z79;QqQ9S@awt=z*h^95BMj()#1wfv|<p63WPkPuvQ2>A(2*TI`f|`MV#g4Uv1|L9r
zh{06J0@U^_y2H@}m|C6(*+Z2S05S-Ku{e}s^J!rw$gMC;u>)ZS!DwnZ_}unqpw#&n
zW-f@PMM?u%0y29rVw!s%<Y`(20L6nI)JjDl4-&#u&jKI|(LDeXBR2V>>m^nn$PRKa
zNdbWFIC3ncksf{{PpMDjm`!nVCC5^b9u_tx25Ajm1|jg~1CR&<!<{p48NPk|!|?a_
zKZpSF<VS2Hpu}h=IsnjPpOir>VjKceqhcZqqKLvzZ+&8Tbq{s8kSL94ifB;?qFI5;
zJ$LRLssNchX*E7Fb)sscS^$7Xi(%N<*qGtOi4)+lRG1iu{{8zmgOQODstb^KA3uJ?
z&;!zU_AF@n4M`yb1H<KgFHr@^<Pn_(2$>HWsm7)TmpC@Hph0MC>aSe60uC5-J*{Qa
z7(5*V(1l6jQ!M~UvXw-|IyyS=2{Ux9pcDcXgAC0>ISdR8mJAFGClFlhEUIMz?8Y--
zjX7LuNfpn@$-$@PI6g_394P^C3Z{wHG$>Yy!Qqa144{2CAPlVrLG2o3Owg$y#RL_>
z6p&gKf;<7zi!EP+#E~&fEwUIceOC{@V)*qPrK^B<T>!F~=<GpL2H^56x`Sa8VaVc?
zG?!@_03c6+Vits94hD(A*rd|vo~Oj)FuO_00w7K3*#IO)i&i1XTx3iO&x6b-IRHSK
zKp0y<fW&cOHA`UzZhkfl>6Z__fSa^`ei7gPr$)@f971*gzziTYAYl5)rK#z8a@{bh
tZ!`p`83LcUGT9jz7@9%n0#MUjGR)d*bb=|=tG)=N)zj6_Wt~$(69DG8^DF=W

literal 0
HcmV?d00001

diff --git a/hosts/server/modules/system-utdr-assets/logo.png b/hosts/server/modules/system-utdr-assets/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..85dbb09da17cf6a123a5b8894418e76eb4ccf74e
GIT binary patch
literal 884405
zcmeAS@N?(olHy`uVBq!ia0y~yVEn?sz_^oxje&uYU;NuT1_lPk;vjb?#+xT~>KPaq
zSkfJR9T^xl_H+M9WMyDrP)PO&@?~JCQe$9fXklRZ#lXPO@PdJ%)PRBERRRNp)eHs(
z@q#(K0&N%=7&r?&B8wRq^pruEv0|xx83Tg?gQtsQNChK9Qsdk@hEXsY0;3@?qC$X?
z8ooWZ{n>w*IYypRR524~9xZ8#9g6I6m_w-*0LW%j%S@OXK{OMH7>pR%;~@8;^Fd;i
zVw!lK77hh@^xXDm_dqnYFikv9spIejo+71YBkLcOo=0{dE!i~jJQWJ34Yc$$%xsEF
zdzeA!NtMz7KsS$pf#HLZr<5SfK5Ed^jCm7kI0$A2df-vp;~;ye=6NGesk0yhVfftk
zXGSpgV5O<%c`P182@EXqc!jVed%Wt&k)*2U(UU4U4#K8~R_0RG^XLvgxBVFpx)?Eh
zdc-=&9W?bk0|UcnkR_zxbK9S_AgiZUtb^>Jy636j*lLi&=z*#3d1^YE3IU1NIfKgc
z^vdh75TUu}$@LJeV;vL#H1RyT!^sT*kOOIn$!^=z(L?V+gZW5-5NPBnbpVM^Hj^eX
zPqu5YYXo&>1Q-|?V0b^Z0-h|-Q_FJfex;u%3#C>WdPq`g1Wx_ucRa@_M-2&*J%4Wd
zvlwbvOpF=m0ZZ+`ASc-`CdT1IK@B;cC)!_2mMme&%*<p+PfurHWMqV6bOWYNor*3*
z7e2{V9eQDhoHRimB*xYM|HCJEz{=6}y?y(ZK}bjlEQd@WCwug^1hP6}*;I{rkf)F_
z%n`_9AT~@KMuWsa_{^CzU?E{)VVtQ1tbj@cRXvaFCdLN~lwoTDkj05*8yg!lfC2=B
zVR}F*1cqT^)S^i)`Ke_wA#;!e;M1p14E+533`U+($l5^ph~zAcYyizt0kS2OvibP<
z;3;D1(xu48fdT-Ak;RE(4++mB`y?tV3LFsIw{J%lCW}q7=c!TR664aNM~}h_Kv<qf
zrae79i7^JR8j?Ma*E9+xkv(T)16o{#-N2&M29N|OzawLi7)f|g7I?^o9kOqb>-@gi
z-~d3DCYe3pF+X?iTzK-v=Xzw1<5Ne998EnxapFY0ZUH6pl#~<{HMn9OMG*soBO0G9
zE-25CtP#1n%fZ9KplKtD(+rRYiS!UoGtgt5T7@pfG5_PsADoVcNq_<X#wL}fmB&Hu
zAj|XUA%FeIYmix3F)Y?W0RY2T6=D%Y_c#LsgE$stWD8NHv?mn%umB+2l~9dFo>H%%
zOsY_1<$0LR$ax<o#=-_kOiIRr4BY%|FkzDDuOELg+&caiMGtyvLy;ttLy_k}c47+v
zkT|vRp!7V*le7*1T6i4fZb%vhu_(YG$AK^fM&Q#*)pb9}7Ezq+kqyJg#*sSmjXb3$
z;nO!NHyQ$?Aut*OqaiRF0;3@?8UmvsFd725LxAGuEOc!xe2FOy+w{17L52)P0~hDE
zKXYJUVAxNFy#%$K+x~1b0|SE(Od+)cl+xZChNp3KRABBWiaxjfnF6w>L7J#xF321h
zrqtswbEr+<r?!FU=F!CC)Q%mPqe(G0-fU(Tv1<Wn5(o?o4A)@}AFMP*9>-Pq7<o!*
z(Za*H>?6l6imNu5rN~K=8V*D@4`c^5%mkSO!xY6h%n)=M-O=ds#PF%@QFJ@0=5cB}
zlp2AD?pb6$)jW=DD7D$t4pfl)2BpVo9osbZIJF#4i`b^R$Eo2+Y6Td`bNDb#lRBxM
zfOdf3?xjXR!VN=XP~GDcIu@e?gyvqVajEWcYPpQU03_&)LF;jXE~iid%{@+RJ||Wk
zh5m(WC%dgqM~8lZy7n&v1H(5XPboPlpCXDZkJHi9SUpFL{7>_wj@9K93Q{BBNgjAa
zw-k9#42Awd(f;}UPlh`u-=T<6lS8t{ku9f{r$Kh`3bHexn~!DP97riyct|F7vV4lB
ziJ}-sGYf+o5D>s1Cnv}7`}c2#88c>p<<S=k-n(~?K~Yf=ydoN`fKCL}JPum!NsOBx
zK77a^FE0;Qs;sOGXTuoifddn#CQY@Z4st9y200X64B6A@@*qA4g8~tR%gV|?T$*62
zd7K)qLk=X6dEMRJ;4A<N1P}&^Q43QosZ+~AFmphG0As^Ejkdq-3j+fKSqB4w%pFuQ
z4ssAS3<?AoMv~`dU|@jlYXePWB1sWu4hfGVdjm@VfTT(8#}C@14olu3UlD;x?sHHS
z<5%{-B*IO^D*<^Hh6(5bc@!BFP>v~0QH=lo`47`X3PnIk8JiKv%~iBQ4x4g<V&uel
zBSBM1PymZz5KV$Mij|V=aU)MDlC}-v@(@TIgo*J1a%>Z$o)|S0C3Rvfz@-LPl15j5
zan}nJA+$k={;n;d#I6NEF$bALa_l2(CYDWXEMqh8-#<{bjZKC!F^WBoFG(WDFv#;D
zOp0^S%|?rPQjEe-ORmS=kxfE(AhI0D^T-%kjubXEJq@xKR4;;Pk}>*l6vzNZMg|5Z
z7DfhURwf2*J28+DS@_bP7Yu*@peFG_<8hFWuz4ONPHjwWPlMb?Zc+#71)U56N-^uf
zoFPVl98MJ{pWFWI4g&)N=Fkd-rqd#}K~AEY$3ceS!&tJ#Tq92@)ZO^_3>cLg4S~@R
z7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5E$kmK({U`u5iTCb;VFhtNuBLMI;J9uXGAy
zU|@JQl#YcN&`2jH!eQ|+SR(%1_Gdd77#L6nondZ-(SyaUF!!L-6b(P38%9h1x$Vzp
z(b9Zk%!VdXyb%sE2dWOl9F%y-L^=ZlL+U_=;JNM3K9XYpV2=2q6zL2D9FTmZL^??A
z0J|6D1gv<VBi$d#RdTnBHHlseFxcx&B!3NVrdH$Cx&dw3!Gh=9_Gh4@Q=c+0Fo3cb
zhz*m1(}N+_iOtG`!L9Is!@?L8k&f&x0s%Y2$Wtm4S^Yq;3Apisk*Ad5K)8!oI|sVF
z$8aZsT#|vIVPFJsuAms~5e^EjK^N&DN8yY3bK9R?1F0D(d~W-*QU(TwKpghNwv^(K
z9vs4hGSZ<zGXYAYQ<~@k^x~h}{%j8e149=s`)F}xJTAK^5g&AQI<jZ*)t&fC17tI(
z#m46r1_p+OMxIg$)Uu1#<_zjc2YDV}VACt&@wtJ4f#H&or<6X(twRM5`bY-_B%VMI
zHu98O2U0^TjK^-+vRGPKO*3-`bDfUtY0z04$b1-kEsQ}6dN@WnD4d2wq#Jok(S0k@
zx$V!~KmmjUQ{{dz9A?v8ct}J#zEC)~{aG_Uc?#rq;?hg4+wO6hPiyfZAL$GX3^n+Q
zVR8ZxpLz6ZJd)#XV)YD(h8)Z@=e9pP%)r2a`#Mqv2GB`FpsE10i<+5%fdSMO5P<2Y
z0?lINDFrf<3Puf_5p<1od^u>~f`C3Y52g}=ZjnBcBOEDN@fvwbfzFCS5~4p7R20(O
z)^ppR4d^l$CMHJkMq<!rVo4Pq1|caf3_pMW@|)q_+4ta$!he5*Y6lD@NCH(FUG7A$
z1whh=!UWxJLbptZVlxtlE(w5vfdT8{Hy&X&231pGB<Bnqlaq&)LEE1EUFPU6$G3eS
zT`j%&G;hh{E8+)Bgws3F2iiWGNBTf}aMXUx5TIA_j%hO<5mJw8!DAF$3UnF@oP)-|
zW#5-CUl_Q#LC4miX&B<%VUg3ZMd*bK7Z^a|FpMvrKx!^uzKo%ShldB{*h*010AUP;
zLrh>$Mmi`G2x0VaMpv(|Puk3<j*bpWB0)9}JwbpX9vgn~0`*uhbT<wb{-7-02TS0<
z+yP4vFg}b1MLdiRq9r9IK@?VecH2{Msex6J&Vr+nPC<Z!N&{@#&zw2KU}|cLB4z9)
z4dbJp9>%~x_kR1JEZ$+EGgN646BDde#n-Q2v3UuU2#_&0HB=R&d87}f@n@=r9Fc}4
zBqV@~bx>6>Sb72jTD(8H`hh`Co0=11M8*UW%0Q7sgfeO<5ocgvcts6^h&5wCBmMoe
z9}IHZ#5#50)#0kc(OrgX2zIcPdNeQIp#g$*5AeUgpsEb2Vh~fH$Od6zocQ(QFJhDp
zs2aLNx{;^Upen;bMK>W#PON~ct6Rt4lB1QbdIq$3r^KhAoCk_HkQpEv#0Rm7!KA1q
z#ypT3Ttzxa4ul6w(GGG8U2;0eB3zhIVByk-E{>x+gszP0{6D|`F%a-W(7;Eyq<zID
z>}vt&nd?FKWYkkL20*zNl;c5Wg2v22G&+9%{5gY!gao=URrmxVe$Z}`pzFvGzIk>~
zEbxl3F{qf3zraFPR+iz(lP4gfP%tQQpa@WbLm<LIXOY2&<EUUARgIu)q=Q_3Zu>LP
z8YR5;%4qX3h{_J$>CH=fUoiarjlCB#@WnbPl<{M{fsbD+WwPhCKkH*)U?`-_6o_sO
z8xaQ3(kBRyeDd1iSK!D5)!Ag4VsGRrb%;#8bkjCqkq+}Ap&}oqZYa=0A(w-~alj)T
z<OmoZ!U>??$Wy8a=8wTn52{EfC9uwIfA)=mfq|10J!GhrGV+vqPKLfwEu$eY8Umvs
zFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?R6}5^|I%>mYXOF;k4D`+
z8UmvsFd71*Aut*OqaiRF0#pxyK{3sGZu_%O3=9ms=)M~&3lz}ZJ=pmJ9_fS@Q4HpY
zKezo^76Su=3IhYf5+hHkbAvsyVeT8yNGBBGFh>ryh{xyd!RA(27$VaHz6k=^F}T?0
zwm);lB}Z>@d=U<E3v}f#h&gESfJHi?z(WhMU1<CP;S%ZQ0WCd=377$kbYdJgRMilf
zI0npnqmfQz&=2;AB+?sTWkV*?hgzTyX7>(cq)!1SyJ1WW)`%alNH_A7${oh>J*d4l
zV39tkLuHsdZYV`Mu8VI6R}@W2{<9wYT7W@$_18cr0L&{Hutz884)YDzr3S5N<Dk9z
zORMo}9X*e!z=$FvPpR(=3=E9twm*wtU|?8|p#ULZfM5=O)?go-9aO_f=e9q)$H2g#
zh$C7De5WBX&GW$?;h?Y`=rSJU1~@kIlv09oFd5G<h3G2+jnE+a+Dd)f234dJ^4_`a
z&jviejXb5+6LRNZmmiFgZh|M!XnOTB9(#wC)S!!WBTuQbgE@rHZGVRQ$bSX~sln`a
znA-+jq=Os=tvf-?!H99TEr!aG7K1X<2V+cw+;ndHvn?QcsN*3Q>F2gTdpdxD?v2at
zL0&qcID5!NI>P|fo9DJa!+Op+N@xxd&R~x8JA*6?`Ea>sDCKgH9|mot8+l5pf*gnq
z6EiY~O&_^p1nhf6uDJuHZ_q~iKm`b?_8NIg$&;#Qpw$oRNXJ)f63Bg23s(a6WKhi_
zIvO;nBb|=nfYqvV+n>F}DghNV@|2nhWezC{7U^~FN2{=}1sGi3F&;qYh~cq&K&Pnj
zxQn0^ECCQyI8X}kZ6G_h{n^q1bl2a3vYS$S2YsXy@L&`Hd9tO?ZGYy5OEbQ92QEE>
zNqneBIxWL;CoK&hNVA7Zq(2zQKpJj#50ywyq-VgN+y3k)F8hXh(GK$0kcf1A%S;LM
zsX=}u2eXl*X{hKK5|K_QFliL=*sKl4COFi@hDD@PGtluRAR|wyb=0(Lpv)Rn%b^Jc
z0=@`=>iqzvVTl>%EE!ZCNz`zt&p{rhYowps{tUDh&In}jFu|aW8=yuXD3SePU;ytS
zgWXC93fo;qo>Jk1&95Mb(Zx;Ywm(Z}U|^U*7t02pB@2x_r4j~<vp^}7UTztw5e^F9
z_;cHz4dfgG$PI8z&q#+`Izky|28+Mx66r)Vzy?crj0krO+37)2VuzWPkpXleJGUS!
zgOZ^TR;`b&eqi|U;s<C$EyLg6ptcxRWfTdX+y2Y}-#`;ZhLfO~<_)=X+n*^gFfiQ5
z<|bVyaRwGPvI?8K0>U)|z7_y<P4oSW?-{<l{e{hYgv1^jc}mF<QbcQcdgOYnkq`11
znUN3DI$#*&W>r&Ry!M~pf%8sRjMI_v8bl*Wva%eF+%gi36&MVj9I!|?^uV`2a4-bT
z@O8t0Mf&g!QU-F{EOZN!(MYFTP!Ar9=+Tg)iElyOv7DS7u-U(U{bFEeXJ=Tyem%pJ
zCr`j)Fyg_32MqG^`1dJHn>LNX&CQKLMFn)QKTPNFr3YoCgCdleAfGaY@R6hn3JMJW
z|NqBn94@<hdwUs*ii&XR!zc0oA8z~b>7$q2pex>SMFPD71ZGchaWQys2jrf}$Viwl
zQS{$GqmfQjK*1E@%at%S$TT+fCr+GT`1<uLIEQ1CN7oNhqojoUz^fH2R=^X$!-o%%
zwUf%G&9EPdt{8MV9prvcB;dm_F)<)zaEz|j+}xaji;LKkDj~+)y?Ym)NI>R6L@`NF
zbpgu#ApHCHZ%hUFML^eA;a5Qi*+CiUg#5i^$r3_JD3%9BJPhM9jE#*AUIN(J+2K+)
z=){L)q|-YTVUZ8&3E;B(@ZrPo1aR&4C0xn|h4^TslMoG{t{*G`Y}~jJr_Pu>4+bMo
zDLB4z^E^x~Xn7TkJzz9FX56qgWhohk1=Xjp5CcU5j6IO_qD6}s;^X6qbpp-99iKx+
zb2`4zAwe!KE)L!hBtjb~BY^M`BGgh{$)FsZp}H^WY#?&!11**IKfP>CXf1#>0|Nsn
zA;4Tqm(pM~*TaIFMl>ifz%Y8Z6N{C|2>^>Ub%X{i(qBIKLbeb3`ugB{hf=p`?%cU>
zcMl|k=EVuV#gfCVVTT@(pb<hI9v*aIe0-Y62gvf#`W+MsL}E}e&BR2r!f_3e&Y)Ns
z&3u65vPLBKkYG-nI1xVR0&0}OFbyJn1$bF50|O|Bhtex>K$g+mE?h<YU@hK3kxb1%
zu{3mGXfB(?;1a1vm+&U!_R-><PzWK(gNk<~E>`B{eJ>e6OQx|(4idr9NGA{x#6&c*
z5raL#L2ji-oer`GEB^6qPz+0Bb=z<j9MDL=e(3dphb^f7M#nUA)aY(j8U-vtWB2UY
zgVHi5sDT6pcy_sfX5Y?{U=&T24rorNsn4ij`1bAFi8cjagcEHDofOimAqP4}dr%x!
z;Ns!}o*AQN_&&T0I|2v0se|nd8@l9lS|6kR>eVakp-m^zcTYh_($L8=Dp*68NT-53
zF^u@|0g=1J#l<n?=_Np@SRZV;9271C9_fF`JQ#qVpC9CYI0m)A>+0&@e0nf$9)E+^
zn!y<1AO{l>>E73z90{!j02xI&zPuOjWea#MSho)Kyuaq=W|USsC{f@wfI`V{AMq}Y
z2DND@w1GC-iAVsnu^8D@Ld7MrT4Z)$U?9W({ri!HFxcwq>KJ0w5Fq4cTDNH^@`GsO
zt2%ndJl-2?356sspE@`=fSc#Yl|HgsCnqOlE>+ls+&Wmxd6?(vIt_$t`VHn75KYNc
z97sPsFo8%n8SK|d(=(@ohN%c9G6Dfgk2s~sj=>(`AkPtu1dt+XV`6eV$WG9SKd@;p
zP|J)@jGaMVXJF2Bd3^mN!<&cSK+eL62Yay&bNGNnI>>TjBOas{ALig;VbHV@#ixWQ
zInc_@SNFa${QLVKjET~Orf8@{I=#ka(SireUBJM=K=En1Kfe5780u95I5g-;3|LMF
z`H@<=9c0!(<DrtvLE$u@kq&YI2oHzIA4-u<*Va2Ig0W#}fSF*E8wz4j_YVc9g55YM
zayr;0NW@Ue`9m$jLBTvIBOT;0eE8h<XAKMt4E6ZbP(d!=$Wv+(70elQMhwYF#}$es
zB!*T728MM;o>GHmO%pCZjf#(kz-S1JhQMeDFfi0|epy1FwE&}`JsJX|Aut*OqaiRF
z0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*
zAut*OqaiRF0;3^7j}Wls-|j!U7JwchJ!;2j2#kinXb6mkz-S1JhQMeDjE2By2#kin
zXb23c5ExeboTwG@(EU>W3=9ks3=9k$3=9m&hoBgb?vJ8YNROIBuMil`=nM=D=e9q4
z!oa{FO-`T>#jVTa_;Xax&<=qSozc&2e+D|!8&qRc8jBB%Jf##VHDtK!KezoE=*p8b
zMEWyhP#?caq$dW8vJsonX>s7mXzh+YS)bef>^=i%J`uY#LDA80B^X2m6^zJ?PK!(q
z3+a)PD7VatHUi~cPZ!4!nBVcy=e9q~Wnf^S)`33$MxIie@Yy#ihdTrY#rbl$oj3Gk
z&TW4tIrLmjeHWkG{_G1CGdakC8_#WjwhhD>#iWP8XhtVJ%n0dtMo7VMmxs2VxM|=|
zPw4Cj4U8V%Mvi858pJO&q0_+R!EfZb?ax|h>`GdnA4+5A4~+36HKRYLb#Ra1%wA28
zupPnSOIGlX)Qs*!R%nfC8dM=Ln%RkujuDyBM_0KKpFl=c4v!ERkr|y%QO8Rsdq%Ap
z4FQ57Fp@Jmt!^gF1<k7)c}jt%mk36{r~<M>-~cF`N!8t1{NI$6wE(1=KNQrD$b~e>
z5p!<)Gd2bWhEEI(4D86_<g&?0h~(Ne81<do{)~r#f#EZa+}3F1DFwR4i$=x|V`DiR
zztxTS+>S4P$sGMzZsaKyh0olPAV+4{VGEjXMxIi%n54&M*RT~E$!&RJA{DelgBW$l
zY9gta$dSz*QfyH3285~LXi$@j3dW3VBSteip7^I^xPCOVLjo3**<qN0fng~`lq7N{
zNvcN`V-11PraRVPK@~i={n<YT1_rXi3Y5rEO&hs9atgoE@S{$88LiQY2uCANDNs1A
zCqn6{5*#5wP9|qyU`WGZ+^8^#AwX6wMWP+UMmdS6D!}|*Y2+!@0ppBB`rP(se;F7U
zK!qhq-XE>aNeV8!ibpd#-r&KMB&TK?$qAO6@B)SUNDecQ|B>)A_riNrT?;^RiHqcz
zQ6`ZgaBllEBO;X!8)cwP`{ZVL1_lO`VG|I8#3Q2_oy3SBv(`CFqBTQWIdl~bxtsPu
zhsuqp@S;a#k7jgwgfiqv+N*T3YCx@lW^!_u%88Gj97&t#8||-?8Ls3uOUY~zkm*YL
zYJ(mPL)NJg!#P~&8w=QN8?Di?hYK;Hj>ITJS95Orv!m!@!-0Qp`!i52KAOn~X=ILO
zbTT8x$W!V70|P@V8QQIe+u$5@Dh;%|h2-EEt;tCaGO{#`W^}TG4Wh}&Q>uo6fnfuL
zM-n+~2AiN=7;@6lztK!iQktPi@n|2NqTqvQh9-6hhXit{Cv<ZC&A`C0)5ufGgM^?O
zRZ3w9kW&&<Xr;{oR}reN1)$J9)YVRI<{iq-`E%Q!ttK-RTShZHnIT7kHd-CWLV=Tp
ztX9y14`MGPgL(1@0|NsWj5EY&qONs8^Aqpr5j|)jLMQG3)b4ch8J(>$@{}T{56($v
zXHvyFGMn#fMl(58f}boyMl(8D!8UR=L8sJ64ge!hsZf$NjcTA;2#jWQss$z3pao!(
z1mfKGXF4P(A5f*|wm(x~U|=A5N{!qxi~;rRFtdC#qf;?LjXb3i$uRCR8F~gv3+T>d
zQtbwfU6870R6UhLU^JssIY7xV4%FubVRH1+OV7FO&mNOu*IhElF37NIR13Zk7|rPT
zLWev#Me?*UFn}^U2$QRyR{G9ue>R7KfkB2;^Nl>ER7lk`s-89>FuHh#=x}{wG@Xs~
zwE$$ER)g%Sb4H$0<eX9qHv>9f@5aEu;LO0lpoKK02P)|QGcYh9pOyEMfq~%`0|Nu-
z((+yC2WOI55RD#<4Udh1XN-tUe{TCT&@|YHI}~EzlNZBB1_p-T3=9mf85kJ$GB7aA
zM=wMMfg4AJ6NYU@C$knB5s^MjJ?RMDfHX|KN13;VWkw&(<dh|fA+CFck*8GT5cdPs
zoj>d{I&^Ud$@9Kc57|)z2QmcyLyz$uNH+{ByFmjpgUUgaIOg2;XFcRB?x4iZQN4pQ
z1Q;pUfHNpPM5&{OO^psZjg*0bf!u=%DGkR_{ev(BMpx${B4s#bbkLL$!e@hs#mLCO
zz{<hQz$47YAR^1fz|9Z3(s>X$kP1$D_v{<P^E+P{etiSo=RgGmsbj<{BTuPt>KHY&
zO&JzjR?lsJM%JyIh8~hbJNAfjeE~<BGwEvqh%y?7A|WX*1`x&}O%>tuJD!tj4romQ
zsd|Q``XS$6hb|J~B{g<5ZAD4dGOB*)g#h2sb25!w%-Q&@Zpi0$1_p+BQo~0`hLeGV
zdswt?NcH+iQ$HNiH&x<nI0Qr<sUab+BS5N_QT2l$1ejQc%@`BiLvuJ}bh-!HsD%R)
z0-#aOfw6h$+d7)jhkhK67#}c>=5(^-dNiYx9dy_=K79C)0hA!=jY0NecM)OH%F0T-
zZa#7ZbigHHb4FDR-Vhkg=tRWLo;`c;W(4F+t)KupiirqAsjP$&dpkNh@Vds<))uG#
z&z=SC6vV5YYLb6`fwtOG&A1U|&}c><2GRZC!2^c>|H)rKbo%sZvO~ed!~|y{Kz1ub
zz{vg;eb)kz?f;>uaWvBt5o<0kF5pZB%2<@(tgI}owozgxNUyxSJXUjw6$E8mkU8l1
z*RNj;%a<=F)))+RpcV&m%csA;A43g|1wPQ&{2^ofXhx@FR85;UjgGcaZWSvlD?>y?
z1kOV4%o)-ywkRqp!rBr@Pfus~_z`q~1?6r=Ghwvd4-Jsfj1CQmQHt~sFg7;ES_pu;
z6{MIpYt}3V0RaK5g#f5UFm>uwQj9}ZJGw#&8XBV+9U2g$6!k&?)RjQ*23)>O{_)p2
zIXU1$z{pdI0fx8l-vBOT2)KH*Mu!H_kY9F0&QUW1wbKPuJ3+%8g#u*?6oC=M0Zrq9
zM)+yr<t+<OJokyWkfMdzL(R<5j84ZG8_npX1@_mkUm19KXmXNJ0RscWMABR{v{jEb
z-G_Gk4QtnPb8~~6=b#o341+R%a&j`I{+__VzyO+?M8*!38akNuk7o4296O_K!w3N`
zE-r>SbLL<a0HA_^)L8&D!}n91`IU9@e1^bUfYD5k7W1^^Dk&*pH6B!BVU-vaBq;=N
z%?RKMcOnc26$C^m8~jR!d`2hd0I^GZUJOXg?Ao;ptGzVplVY`NxC(-n=z_*Wu;F|6
z?vd+l&^0&Y>K#=2hI~dRCp7>50d>>J(Mg#eWo2c`3>cxhL96vvtXKh_Zo`(5L1Lhl
zepC(~Sq26Mbt;=VV8)Hej1CIz?_WSy3V~Ron3ND8l;J>`j@p==ot+^vl5Uqb6f!U{
zfM%wikP<F~T`kB%gWZipxsTMjb#^Xh1}!@=qRghIB2Xs4W*%r@37hy}62s;8!Q@69
zZn?m~z+i|&ZbS%=*yVx))qEcjsfxy)4E0W6$W5$d;Nix7U?@3bH#BzkfEqtyGy3SB
zXX>RpTDL|n?|aEG8ef#f*NE+-Qx<Hay6G7LqnVuY(8in5+gGm@9|CIuu!RDsPlin#
zr`WUGWL*}4)4bs<aplUD0rB3AW1#!kNw)eO$vTF)hG8=>2Z|?B2j@U~=)Lg;*Webd
zo5Hy41%&~nm{x8l;|dqBS4R8l;9x)@@Ye1qDn~gq4FOu7%0kObURqj8^>F$A`8NZ(
znVjm5872k}w;KH>0|SE^DRD#Z8vXb0-wbSQ*l%W}Rm}(r4@xsTXni?oxhcpjTH*^k
zpEFQ!MBW=CPpQ#Mxv)ggu*&El|B>2!*RT;`;N)QiX{8&+mFZ}i(dp(n3M`_q77sS^
zlv+oD^}|~0h;O>zIP!+>5ezy>1)HUfjg8oZhrQVAM_(yzs!NS#a{S3;#MkJc;GuW(
z9b_l2S{)>J`0!x{8yg!CbJ$}FYw^*hI*}=4#MkJcaJqAr{<AUo4psymxdbW*VA#XM
zgW>MoyCA0y8%*hd8)#&Gv_DRKau{|sI>_rB51)UAtpy;p&koWL!UNHFpEqwF1Er^`
zJb(V2K|(?T<b@%DDXh^!he!^~G)&9L8<qifZu_%#1_p)-N&;>mn)aZBDL}ioHgDcc
zveSpkpdN*pJk!WiY6i)HGpd1sfwS>j-LTB<pvWb+Y6t0s;en{;VRj?a#l^)8eSLk%
zLMZH!kkdhJcN9;La!3k+VVluGp>S^dv)c>|3@RWtxtNQel|kK7gk0^T`k*23_2Vyw
zTgTr*c_dLsj69`mNzyT@7$XFRbw-EzmKwD?%q%fQZU$*}J{WhDCNc!bX}6Eo;zR~6
z5z0nHMu&yNx$V!47#JAncR4W3VkphT#K@p(A;iGNhkdCWRN0`WK*#p{{Q8IC>xbVA
zpj!ItJDMHi^V!H#YP3Y9Qfe4c866g8)U4rQX3~O|(%@wfSD@Za2cV4k?%8*S&u@M*
z{QV6%RPW!P{|x{BLD;nL1G#37*5>4f9Cm#pGNXfnVyI+xkXuI}b~Eyn+C2jOO*1c#
z*o+Pf(R16M&1Ya>NPzJNh@N%)KmcqlzyLX6@L4-rtJ5Y<Mtr7657u+rpS@yWU>MyV
zg&r{U;fou2N`b<kKDLb@TShZFp2$A8{h2WX1H&0SN=Buq69Q|DJf%XZW7McA*g{}5
zqhkvdDu_Wx`^y*@7y=j=7}%*`<WMnUBLf2i=<b>mMxIjVK#o4Q{h1B}1A`0$0|PSy
z1H*HeI7n_3(<cN*Gdg|3nV>D_wm)lNU|^_ZU|<;NdAMH;3=F+So>El=9X+aGGz3ON
zU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhn*gg|na+}zQ%0D~nqM%^(Q0;3@?
z8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*O
zqaiRF0;3@?8UmvsFd71shkz~rcK^|}0F;O0s0pJXFd71*Aut*OqaiRF0;3@?8Umvs
zFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*AutL?LtwCk
z!01|l!4ear?idY$(GVC7fzc2c4S|6V0nWy6bp!8;Q5TGcz-S1JhQMeDjE2By2#kin
zXb6mkz-S1JhQMeDjE2By2#kinXb6mkzz7L}(M#H}L^Slmw0H&v1_1^J25trh23DA|
z(Tl!eAu&o1r4Sgnj2`ho>){|h7vS9XXH5(Y47DUgq@$6i)BzIIk18DvfdLDFfy?v*
z=4Dii&uxF^z`($;A61lS-T@;|DMzAJk18AufdLAE5uMS`ZGV=)z`!t{!mw{N@{|JI
zlT4v8BS-tW?ax5>N$WE(Fjzt_TYtvDz;Ky?f#I5wr_}S26B6|E>4?qf=e9pnU|?Xl
zPmQ1+?ZXonis!aJJIBDlU`UMW(J&<@l!#X|k~8{$;)98x%I`*=Qd|U8jbH`mwm%~$
zymgH{rLK(NV56GXnW$#c5HbkbFQ=x9InQl>rbA5whm%=kW^zyvTt2t`nHz{PiYW_$
z5t-2`7<|JQ+MqrrKKT(TM?ofsh1bq=+n>q7IHNRqAuv)iI(eZ*K-Xxkjv7Ez$mB2s
zAD-L(j2XrmrAZHg5tq@=ZGUD&dN3jBxNG@#HgRhKrX%SZ(adw(pFN>+0OV5Hyb)#G
zh|Ba03=CQ{jA0uZnmuHUKDYfD4+8^(G?g9PPi6B)lyM_5qf<Kpj;I7fq-Wm|sg5LN
z=e9pPLz0G3#qbaqi5XoO?t2<AptTtdOde83!uJeN+118WHgCijHxe^Cwfm0fi3POc
z3teo)@Xu|3_I|{8b_jWNBxdv@G>#u$8k;}ZjR)-nq?sGfZGYxMGsB0m!6R~&92KX4
za3+nBxSaFc_Ggj|3=H&W(Tr{^!kO~0ON_)C9eYTOic%v4RH<PI5oS0*&k`U)>8KJ=
z2#jWQP$<v<pWFT{od(8|Z=}qrU46u@1t8xJRGkK>T$=LgX=?f~Gki4D(=I}NXlL}G
zHCcw9E*q`ki4X0On$b5AA4FuU1T7#TTk{arNbe0lqqRDb31y^a^qWM64<*VDQlfc?
z>ZNx^AELoTe`k->jQ)VuK|MlGqZ!?+PwRw5ruic^qn{u%yol8{QV)~-Mr;64L)}Q6
z&LlV7Mr1}e@{|G{bwqBM5!5$=50X4gFmOf{3`hu!$czpRX@4k9RceISGQCs{Ogx5-
z@Ngy>jL21TuuwX;{TXN*WC4s%DLtC_7#OI&0&)F}_+@z30*r<^>8W-k*X|5Po>GMj
z3=CAO<taY+g7o+sj5>bN$WfC)861RZWd5)=c0^}%P|O;6N^OEB9?;gvyC5+r{tKl^
zp_Y=Oc$liSqJh7pj69|CXkhNhF_N?KTiu9m%j1h`=#jD{U-belIq(@h?B&jFf3}W+
zfgz9@9vux&YJ?&K!-%ieaRno}7qFe%{_Hg_Ge?TJk*8D;0|NuC_X>}c;G~K_M>9HA
zf)T|Kk#pOhrJ{(8K#q~8lq~}TL&ga7`k?gkXhz2$Eyx{r{3=mpXQ6UOCeO%IYUXIu
zdvL`4Xhz2$59;`(amzyQYsRf$1j&FhI|z>;FAqAej%IW`QDWpNMb7X$%tTTyWryh*
zw)99kQFG3;=YDwB0t|Q@k7jzpQJ_dz$*2k<LV%nB%SIy19aTa^2#jWQ0)b@YDMj`+
zxO3Z|jV4q?_;Mha#IZ)`_CVqSheTDQ8J&m#qoA)@M}+aiUdg%b&!UFCCkMF)M>9I{
z5j5I_CqAsuRg$xW@CUjfqkQs1U^Jr>8FrL3;fb_jSSo{_6-|!c=(bIc9LEhcJ);?Y
zsKwaOb1zv3!W(%?)eJqa4qg|JW^~fx<|S#$!FxJK;t7)AU^=(`*<3JVlo;?37|rOU
zMZpZxl!H|-1Ct|@NFvAE6bycnW8H|*Lrg|ruDX?TFs}s|kcc94>c@9L96P|4p4<NH
z(f~VQ)Ow^4ASTlzDIaByh5+FZfUb_yC9D#w3P-G>qk<HLz-UINDENred~W-*k#;aT
z*~jscyKR`bm>9XLMl(9;aSu9dfmB^2A8bLY1%pNXx$Vys7#J9|$#jninfgYx5eR|N
zj7}hcut<}0Ul3^TI_Mr^EXEBxA#$(Fd0^xzb#~Z=#vt*~XhtV7B8)txu8^n&rhM4n
z<pf<Q!v^y(DYTKN)aWWiQUZ)bwWArG!~ml}x$3#?&p@YBQeecO*Gkqx83qOha+b>u
z`oI`W4jj$s<i&<KdD<9`k*ROcYdg37*?n>yY2+ytL$2OYeZ+;paL(wZH7~1Zz81j9
zQ|c9QL5-n`?cDZf%ow7>LjW`&M~+X(4NG$D8nJqYbEc<tq>_6$VlJ&6MsM>exzfeR
zQ;OV{61}}Sr0pBc=wwD8=x{_bwSw-BB2(+&(*_-kBiCX3$kjNikF*dN&FG|s7rN?Q
z=mH~<PwrqG=<Y1%5g1+r;^ondPC>96c}lsHqy60WXLHEWH`w%?+y3l4xo#TW&_Zs=
zk*9AoqmvhI$hzJmbBJUo6RB>nD>ER|fn>J=$h2?7Ya7kz6ea;9PbndCjDT(eAxG<=
z&~tA4v(4l>#K==hnq0l3`p64`(Tq-BxKTsbVrm#NfM)oRX?Hi7`bM=;5CWqaor1ta
z(z*tTO)N72heE4elHoL83xLCJdJ8wv+rm-%MsHuGRvJj8mO(?o910cy1sQoteHjXV
z9BytLt=*{*qa!f!lG6qGYUC-ko(jP|Y6LkUz}fh%ZZx-(6LQ$~+`}$BEJY*9@RbA^
zdPcQSDFj9{I+X&Ffq|imdPWUilg@2_=0=X|Mqty2oM57vp3#g>rJyBejqJJY&l;#?
zJw1)tNl(j0?V?TyjAnG|gd@48#FMLWAoNkN(EZ{-xOdb}L<o##bVOJT1dH6go&(`l
zke!_%f>dneDMjv*I#R6~RgWVCMl(8&fEg9W8UnFcMH!UWt_d6|YXPu_z)%t$&GbVl
zwuYu#rG}=nhnK5IGx`9>=eh0A_6)ESh_asCK|~`@spmvlFsg{AAuyWJsT;iHECX|<
zWcLVlosZWva?ZmZJv0t)kkU_bG^0~DtjWCy+~?f(XUD1Qlz}(R$Wv<c7}$Z22Cxf8
zGdegJs6&u>TO-VJi*wtbeS&cY6Mb&`v%7=IJ)>?RJp@KGI_Y6XOC7xDwm%D`r3GY~
ztwe^tcVy@p)k32X7|rO^57<TujU?w1I0~)At^M5gXQjAh@yfX3l^vC&YX~sX)wU60
z86{^UgMx?}hpnC4{>+GhfuWdzfx&@+fq{bovPT(Iu>S+u!N9=qA1Ve)1E4{~0}Kod
zy+)o==b-Xnid?@?!w+Bw(3H?QQ}Al!tpxx@I8B3fq#90cW`Ty+2Ph4qK$#RdgM!3B
ze0Bx~1}+e15aM@6o>Ibt&|M?eNh2bopWFTnbhRg_wi~e#Jpdm6$-uw>!myUZ1O^6%
zi$<POzXrf9Bi_nkozW?*RY!c{pm6|zS}LF!2T<z-)V%<uMUWWGS`Zr~4#FTdNF2ll
zsRQW&4g4*naMlB4=7_+cKpU1G9nIv!GFowY3Und+=v~dYLWhBYVOVDL(M*mf#)q-g
z&=?FHm<Rwhg$BlE8reDmE-t50$PImCM+<n|aX9QUIs*g48Qk6-l^O0KFq+x1$MA5>
z=-7QaDmr39;N13SL+zjs662=5y(g3WwE)8^)1TY^Y(9yhH>!MihQRgV=`HeoHLNl^
z0|P?>`9U$Na~OpHXocV~@($%*88#XH-1cXwln2MC3Bx4>pi6^?i+3pY$FRxh3=9l?
z6o<yB0mCT-b`K}dQ0f;JN(~r9`gsPCTj=f-W>!#{4O%?L$iT?Rz`)GP$RI4s#UQRg
ze6W1~@|)qyyI%|+U;SYC@#PQ0f9Tq@zrX)6{0A9LcVAItAz61|Q)J^H);ugS`d}Y%
zWnyAvVC7^YIpfhg-Ei`-GJvqC95=~UzkKk8;n|JPB<ma1K%Wp878#v^fq|@(Q4BpK
z=@ZH$z!p%;0fe!671UCAapw!er&m82{{0(zO#^Ix8fs$0C8LAdtt5rLirHw(j$Q!N
zN>DTqq{zC9dtNa7`!iZdkQ<03XAp8N!mH0X+SP~rwE%FV&uxE3)**$wLZEHlaAQUp
zgFFO4U7<nl#6j)6!I9}H3!*5>w2$f@3L(Ha98&542K0ywJ}GtH0Sxj{tH}ugHcn=e
zwVm7kES+Rc!&L)k<F~pIncKw`iJyZSu8}{~{KYNEMvjw%$<Z_%^^C}jJ{%)*xcf;+
zijy2KYLKI8IO-X38J$~@bvVZ3u=f*aD4z^Zj&{_bfi~hYx|+EN)a#?vXb6m)5EyY8
zedI*#s868>+>ZvtXh4vk1{Qjy9-_ip0P-C$s*}_ZfG*`HRon1WKU%vFzc?NB5h4Ue
zGdeUZhRga`sCNc8b>qej22D*(up{H+;~BWQxf%Zb`^Uh-!ou+9&mV^0zkf5Zva*8t
zj~_o~*tl^cSS>yxDk_R$=~A**3&M^4`t>WrzJ2=`E?>UPpsTCP;NalEz{@)<#<WH&
zGH5Ih`E#L3JvETlyIji4%Ne@5x}d>JKk7f3n@mBOoQDVZ8iUx_Scb`yCo}N#^V82W
zIBYt<<2eo)oWdWBJf$dGfsfPZp(Qa|;t>&F4<9~cU}OYs0w;_IB9jy01)NIoWpa?F
z#fuj+2nYzk{jaU94X*h?a-(?YgurM<CnByC6o&cfqeO%OOv$xt*BJEl^uQTEAt8YQ
z)FOb%(USi0?GHJ|{~$-xaMUxJ(T8KKlHjL^hzJr?qbgmva3KSzMF4B<?Af!2f!r<x
zs>ztV&u>5%J7S6x5V=o4e#A(RX7nK*)u2H=N;22-<;$rS0<NyE3`|T+;M#uT#EDch
z7i7?<w`67Xg&@77n1Nw5qZ5$|9z1wJgevltfHLat-S`hWoIQIs!`ZWE8D74839dCk
zdO&!=f(0a5oRxD(9^YC3keMJ1YLZWw0J;*HB;&CvE+{AfXa35{O04pv3jX*+dNbb0
zQ)(uu_6%3`qa*Nij9E}~7n^mUOomN-pv6D~lG)kW3|qHurHWHPg{Qo{JXvO4-uIH>
z&o9!Z$VYE#L<IF{?T!eGQ5ISVfHLKlEnDENi7#KiFo3!ZXv&D@f(AH2g&hcAx^#(X
zeWMB~4}sB)PI(xP7!yE?eL&p?PzwZ<=_zTJ>+9=-oA#hgf8@xK5fg?3<<ZfMK2RY)
z#O(!T`nI+<aBUCj+cz{cknJN|TU&Uh2W9-7J9m<8)~H78AuyWJv4;!YL_ter>1G*?
zEaKwgVyLgL2WNUvZC_DQL6J=!9v&zeA2e0~GM6GlN4VzEj6T2#KwVvZfL%a+>)YGg
z!I?fSEsZLMgZlPa710dee|)2gc_Yz~(TqM4W1UWZo;h<SIKzXQ_LSE0N6+kIuntsV
zF!GdQ2ugKe`1tt)oqRDotQnnNqhmaR`k(05jkG4|ix)2#+}+(7NF8-&d0t|RZ!G|F
zxMs$bF+>NYGH`Js?w}f-YD0w3Xr@Pm1<hHbnI1KWKYskkP+VNhFn8`;R0%5Zf<5CH
z)^1-k<kL45f&y&BXfqxh45P$AgaBwu?3_7sz)gKnD+jb^|K`n`4A$1x6gy|__C+8w
zKo>v3@Q6MPel(+llEWw-6d?d=@u;b(F@WaSK^cGQ)Tz{T*9-;*22iH|&H(BUP}Afg
zVAhat+6=Y>De%QPC?TWEgAz2l*eD+}1h9o2rYe#}3>X*~E|RQk2x=Iu(T8B9jYKDd
z3PcbF9fQTpO!_@eIKu1#w3gq6Lw?u@k7o2?6O|*wBRV=d;B)stnI5#LhDyG6g=TnA
z(;kFL+bT#UN6^xk(Tq;Z&?Um`GiS~ap=wkKwh)k$lY<ZBf!5&{78YVtMvhoKG~<(_
zcTnmXaeZ_h2Qda#4yrZ%NQzWk{Y+5pM3O<HiV23mxpU_jjE#*6sw1F);{37Ne~&0=
z?9bE1F@%6!bdw%&wfmI=ujm%IqZSQZ2pAa|fouLvn>G!cBL<PpBQB#4qOc!z3XMbH
z)vH$w`}gmsu`NTx_|Z!qhDJP%x)M(afY#W9&Znnj-#i}Uhldnr<F~ruklWugFffds
z=07~rBuTyi9kyp;VnUK05)`i@LG7SdIvm>XB;TL%<16W>5Dxm79L5d=&8r0k1)*$U
z2aR;nFq8jfU|<LzPC+^xGCIktAD-O!G@Rma(E8=wyLSwrlP5u$k`fHstiFEzdV2bk
zot~D_!!C;F6X@YcLUxe4E*4}StuJc>*@2Ehi5*=G#2+g2ZJ^sC+1S`XP9CoK3j+hg
zu(*a2J%WZqjgIc8Q9cbqU>IidcMJ>+UJMN2#U-E$4}^zhCI=-45(eW^f86#QY-<5P
zUKqvn4gt`u6ZE!|iuO4&FfbgTqIpBkC{T$u<Q$Fe;B(ubePm!@;6oS3#~*FR;|m>3
zIb2;3OqBy8!pAMh;OiR7;BN2Fprc{<*2q&zWMEt}IBg}Nb|0J`fVygQNF5pwBY~RR
zy@A0{#|)oWheZX3&x54O4VR2QI_^Mf%+pZ)ym|8&5)%`tX2ba%&q+0FG(Dh&*l@|{
zptC~-(ENs%`~Ayr22LJUylO@z35UQ?nLQxvli{smxRiV(->Lih;n(3Evvl$uXgw;O
ztRlr4P{B`%`eCnjSY&h~Pbrcw4*K|#tV_CweS#p>gZ=&eq-r5a{mm0^NKy|~JfcU~
zp<#eR4U3G9;v*tCq~6s_q_M+R+2O;7vHGpHwic^6wFJL?_)U&cB)9O$v1BOe837sn
z(v|##(X{~7N|fKeePaM^ETNWpv^K}cQ);w!M+@ZPGBAhct)ayQZRP-7U`}sW-@SX6
zK}AJ{-qsRr-_?VoCx{RoSOgRfr;H9d*qf7pe+Q*BXfp>bN3uZ$3CNB?>3JNE`ttrK
z!>{k4&1E<g;1(V&9k7JWaB9ZeVDaCe61sEe&VaawmYF;wBZKOG0u_3<PlA@HlVvpM
zMhCJq4rfinYBdq5yW6BRcp1bMc<36xxR#ZI5;v_Jg3C^7*!SVX2L{j`Ow=$7W(FCH
zWnfxCSF{eRG!6F{g^b};qmvvIFYkbME0U~@CK`s)U>7I=92^`NXpzZZKOSA{0197f
z;}M<F|Na3T>QC(;#c!U!zdu$5G(1Ix;lYCkSnVWMu&k_%0d&ARsMP_(pc5IXU6X^R
zKc8Hs=&%rRV*NDI)D5S>xFHdDOP4NX;NhWfcL6k_56Yl}J%BFndr65C7aDm=jSj@&
z2*D9uqvHq@nhJAsa}#O)6Wu>DBXcbPC4F>I;2L>KC4lHrj6DQKGd=cj85JE`ArLjR
zoJ)V#4!4Xxy2*k5X^3JQDXh)k8F@-Ar`Qq0+<@Vh(dQ54_zDRbG<SN@Ef_EEenF94
zMxIi_6d5o=G!M6oevZ_5d-H_;Q#&(f&cy1>wQJWh*x1-GeEbMHF$=4bVI}zL;TMK~
ze<_*;ks4M3LPO6CtAz&Vwm&msU|={)YIqH%bLEiT{`~oK1_=oXWT9ch2F(au*hx`s
zUSQ-YHF4Mk2#q~5tZH;4PbrdXbQ*^*MaD}?N`h}NS+HOM186rHMTQMB%@k(x!=ss;
zv<Mwm8J#q*BUE2M`WnHZ6AM(M5o;CbTsF`Y9cWoAGM+VS7O_SQDs>lkQB;$Imb}^x
zDh~|-#|+1ePVySpAD{m)P&o2SR#cOc*|AxWo}Lb_@v+GboY=qh2W}C!7U1!<j|~6*
zQPf8Vo#Q@mULB$~564WeOKw~YRK{0RQzO^OLr&kDN8c!M^PADbCddoEVKp!Z3j$Ji
zx54zm=z$oh1KEAz#0dsVOG^-wBur^5fh5Z)P)un-YUC+3EYm9mK}xjN;aH=CJP*2K
z9Ym9bDNT@MS<1k`U}0gw0Lrv$)~q4dh~cbnbR!ETvCG-`t!}vH_6SM>2BdeOay-cH
z;NW0zt_S6OLfg`gA3qM#GUzdd;aNYrn}xC{9=7cvO55<DVAZe@8NCex6cALvlw|bL
zc01(}FkEYNP{>fcjOxabHw-_%jo$wT3e17RqnVsKAwO(0x{;?8=w>g951G4u==Ffi
z#Zf1EhrB7Hhbd4g3Wsge9Tq<4wm&mqU|={8<5NO2F*7n~*@`l-axhb3%!t$b`Q1;3
zJEurL36gHL`Mi^$6UP)7JY5_|!ak#6pXot4?A-QeptD~-gV@x<ENn~+44}|MUkm~j
zV`gP!5SHbl`ze*w@*lb8ynOJ50d!~|70&ZA9&YQM$qiF#=mRB7YM3)5%%H|#9VH&+
z7iVXXROKDAgMFYGfgfM~Fns&;o8i;zp9~*f{GcQ_@am;o&5qX<!$)#NWpq%q4RmG)
zxd9!EDRDChNpTK}0^sY%UkvY_eP{Um<|o77-~YkuSN{#bX`7=N9X*v$#vh3TAFCJ`
z7{VwEHtOnrb?++!2qT-yE5Zh@{ki$skcBB?gPPTEAAbX9V30we8XDZhM(=)rBnKAX
z99ZjzpY0>AMh8XVV64?a?i$7L5YRR9l)3`vjWQ?>fnht<Mj&KHw?q*Lpn;Sg&E(V%
z{Slebp<AL7sUMu9CQ=~;$li`f1-pl>5hJqc4vWom+n*^gFff3wNF1FchXu;O(tnLS
zrAFeo5qY7`cmJd~apwY{m_MR3JuD>7ZGR@lz`#J!-6AlvMrraxV06@-{IDaWb3``d
z(E|mvV+xwcjM3#r`E(0`!8Z>;H?Py)qR|>1OBkQq{_G?J1A`eBsZk*sg#fgmrIG2Q
z#*SumJZa$E_Gh5xJg8ZZN7bklr6Dky$tev%!um%uI^i&4IJf;-DFXvT7ZFNFm5>$!
z=Zrk1M!QR-g&A3@M>9HE!G>Scx$VzDOWQyv!?iLnFj(VPJ*;G(FfcH5GcYiKj>EZV
z<SF$F<U8mM9FhzS44}J^;o=~<QB0o@7|rPP31?8Nz=45*p`3w%!G(c=VJJ^0eP>``
zuo>NDMyG^BC2K}AI+X&F5@XJ7e+H`U8W|WEQYkTqN_uZIFfjBQc}iiwNsdaEj2c7V
z5ExV$eWs%AeKOVp&^N>ez_xSSpMhEfMGOoKzErXv)Vu~YvoA0(Fx-Zo(nBSqM~xW`
zfzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z
z5Eu=C(GVC7fzc2c1*0J_8UlzAkmoz;Ke`qG5gwzg(GVC7fzc2c4S~@R7!85Z5Eu=C
z(GVC7fzc2c4FSqS;C}-{J>{m1nlKsyqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?
z8UmvsFd71*AwX^jIOwo0A6*MTZs?8b8x4Wc5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fx#C7w*1>i
z&jlEK(K70y(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7
zfzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@RAUgy`*8-3obfX$aLtr!nMnhmU1V%$(
zGz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!n
zM!{$ZjE2CV41v+L0E04GMjbU80;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFvLUP
zVT)Y#5ck5U^G8EqGz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nhHwa&SWlbC
zz@Wh3>EakNguOB9^wAI)4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7
zfzc2c4S~@R7!85J8Ul=i)nTLV8u$=6xBXcV0|P@Z18Ay(a_8J+U|?`G@|1c`xlyAg
zjE2By2#kinXb7N(z-Wbz9wLLCzhcrma0N@lwE*X~KT}{}V8~%$V8~!#VBn@hkTe>3
zN;S~Io>41CLtr!nMnhmkgurO!J|dzSw<phSf0n?&z%U=T3YyCtF!Gdgq`57l7L10#
zXb6mkz%UPi(F%Q-M=&n$o!kD*fq{WxKQ8$J5C;v-9~c08N39&jA#iT{GiC+`hB5{Q
zhGYf?24yn5`hbCf;Rgc)gQ=0H)E6@Jk7^kW0lJ02XoXI<pdLIHo!kBlRFQ)!^ugmO
zh)YH*bx1gjk`#o%x$V!=85kI5P+$Zht#=q07_5yvrCt$II4VCH0`v@l(F&cOp*;xf
zI=B7V{{eG`Xxn!i&|*8{*8<cVc}g`6n0rSp9<m{DZu_%~3=9l<boPL&k*CxiI@>vF
z-Dn744S~_h9c!=*Pr(7L*hvf0^`M1%qrD;00&S$KKDYhZJq88_#R2xeiIJz&*#UOL
zsP!W}1eiv+|3{4X&uxF!GlV=F$iTo*G=$tc>eK-UfpgoR&4D&j2f8u``Toqg?az*#
z+y0CV#2Lk-AutdjFxo>Oh)^E@JD~;N0N6~Cm9|EnQb#B<VN~<53xPqnxDz>ye={&J
zs2X`nJwz59WsimcJ-}!WogSe)z;>M5{>*5Aoj|Vjhso7Qb$#z9o$)7aEdbS>Flr!b
z2tY@jK#M(5B?b?Vm4Sib*17G^<OYwEMqM&eLSVFV9~m)iGgQ5KZu_&*LurO;<Wbq(
z=e9osEu1W-vaz%<4m1S+5IU+r3-d?K91Q`iAuw8@V-1#JCnz(7eN;Jw-9GAcDuuwg
z?axXX7#M1)WE{PW8O$RI^a_Jfd*~Sg4_oA_M{9L@hWNnQ^>*N_rr2gSX!nd_gGLP)
znjvs*`!iz(28OPo==yWppEV9ecaOSxXokROg+4UnjZ{}ZB~`;9Q(p_cQD%@iYw$bg
zq2j5m;j$Ls-1cWY3=9mX2Y;yJbRlS{0jK1s#ApamGXzE}cWQ>_;5F;o;B^|&E?YY~
z!A^8o4JU=53kinuRvk{z_LI@HJDif_;PuN;&M1R7R0pBUK!wU6bQU>I8a>^EoKPEr
zdZ1f3hTBOlqqi0f!L&G3oIKh?A1X0LxjUCpZp5H4;mn|L#i%3b5duSYy9S=XaR4>0
zN0-Fo387IbvO{3BLMJ=uhMdL;L(auG96UOFi6dZ!nQ-ea9wVf+0Aj<;d&u4yT^^4d
z8l!BggurO!PL*IB5{7_oxVSMSTuRuH_Joy;su%_#09qV347`Ee3!q**c9~Jp(GVan
z1V$@#^1^M%=`!+^`o+M&aB#>u9J_;u+Z-!)Uyh2>`--*E5FZVJAsqsv75b2lK9U_j
z99F)AJlzW-M)9x@0rg?;!%+{8h5!{qV6;M~VqgvdqmB;&HxhDUl#!>@b3%$n<wrwc
zAVVO7CD<HkEdVi289kVWm{1y3Lv#p?R_;Ux)v!<qnp2-OM12Cf`pUq_Q)>ATb^oZd
zNe_XOq-z;EI*dG}MlUoNI?**GTsm5z4~b}^jw7LS>TL`R4Bx3^BHc{MGxC&TGxC%I
zHAv`Y>8M2m9s-L8+y%68K%<eT)acnDv<cf0ZR%*E8iCP&Zu>LPwNWJu3=FM<-20J6
zo>D6Yxf@5FN23rpxBZzU0|Uby1_lN$8d*VaV@D60p?8RnF#AR;^br=}$l%=eXPgWS
z426TVVt>QHz#t7BRX}$3D0>8jz`5<uS{N7@s)w+b4=^w=fO_O0dPsPKIpo6u64wF@
z34e_=M~+tRBQ3_U`1joQXUq%?44`{i?HCvsiWnFe46rC02q6a}PpRRu1#ck2Z&=uQ
zZu_(K3=9kbL&P&`MxIi)hlpE8ojJ@xV6;LXW)Vsc??6v;tEYoq{}>n;l#M*49?-$A
zQ7Z;<2%OvgES-UYVa6bJA}D?88hJ{68KmwTb=C+8fzb+mghVv8y?Ji?Gtdfj7HXS|
z!#qPHPpJzy<VJ-@Pzapc{_HRV1H)iC2mYOrr<Cvrih@zE4(1Se*dkXwy6k;0$I#$*
zTQD7+cmCY=XX~JsXw%W!QL6@92pD-v*+Q3$gT~?qgY!nq(7_N33=GEmt~?rD3xE_C
zqX`o!Fh-dqg}@GyR8y`vkb!~W;koV46eu@p)P$iP0!E%vLC{Lxgn@zK{s8*t!vNYn
zYV~LcpoGBa7(7aFjB-c`fpgoRRWdLzfHu98qK#6upbhq7qZ62v2IKJ5e{TCTV+IC>
zT?`BiLUi&WXnFhS=`nN)>``m*hrnosjz4@xWeJ49x$VzDOMF!bD5JLYXCqH3K582}
zYTob(0eW3|1|20BJ^?rClOY`fqeJdPI{F6Q@kX9fstgPam+0&g-gDcZ4dgH@oxMA1
z9VsDjZu_%2q^PGr?PCh`j%pnZ0ayr_H$RT1`dWa|${iNGqcqteVB{&K&%nU2k8A_T
z)2IO5TSuPmQC-6_1kP=L21<*`bn@I_Ka!D7!7ysgU<rZI3VpD|#1MCfk*Ab10|P?_
zoxMS?f}76X8nup`5P<HESWAvxa`YH^O3frk->9C^5TI2Ej8^Eh3fU28E~tQm&M&^B
zllNty2iViex>0Kec?k4@PAQ_38$k>4=w#KXHKQRwTnLO-=){H7s45ad0D1}sz2>_?
zL#!mYZdB=T41sgopCvLdFr?DSZ)=P^rOwgGu2E}7LxAWI7=Q}h>)JFUs;>ng+QXv?
z=^p|{o>EG5vbBIt_KaFH2txog<bH1Zvpoz94D;yZy#EXg44{Stova(RW;6td4}k%w
z+=+MGsLCN90`xcpJ8H;>(x?Z>3W0OmpNTOrFnnTQU;wS<Aj=FgG?|W`jX*}IjcTDw
z2#i+fbP47WYsngV`25`VXM^>24|;fiB-`<lfq{XZXKXAr@{~F|k^_9y?}Ix8=$RP?
zcSwx7j_M(BZu>I_1_p-xR5uvYz+Vgu3<^e`QqM7^Mn#5O2%Ovg%!q-3f!-DCb0beF
zso@ruqy8CQAu!rQCn-K3EUAAox)y+>AcHD4@{~Hjz`y{ic%dRRqu3Z27(!@f`l!K!
zCIrrHe-<+U6+6Rd#Xe|~z^Fs;gurO!jwf(NrKl1D?Nl*^upym<m5izw${}!W`?D+t
z28PA-_5*Z_CcUj4wQn>8NDhI~;dhdQY*YiOA#iT{vu_Lx44kCuBSXErk*5^s@(wbz
zj%pdqA#iT{vl0ddhHg5$@sp9K6hEEq9JOvV1jr77(H=V4K{u+Agb=VHK`kXpcS7e{
zDKTSI?;s0-bK9RyAArhy;%H?)$P&V+a|nmP!xp*f(QZ27a2on5?j#mJ9z<&a&TW78
zk%57MUe~Jm7<o!<9r}?t>VtFJpUq}qU`U~JNaz}QN?oC|ouk%`h5*GOFj~1&9E76=
z5EBCDwm-9DU|={%j9MzGX*Kecs-couqs9zC2%Ovg>@6KHLkIhCbOIe545P#l4S~@L
zeTYWfP;~aW?axj!Fff?W(d`?IJf#BZXy2$+R0sh&?uA5g?Pz6=5*(wPAs7Oqlj=h-
z(uS&&jXb5y>FoA^bK9TMYuP=Wy*50p8>q^hfq}tfc!ubxuSQY`jP}q+Qfv<rzn<Iv
z40KpFajuEFoid$zYXLy^nj3jaohHumQB?yK0_V0r1C6Y#8vy%FMvsacfKVT`lIkHa
zTDem_NJkAMCIm>T;E6F1znW_d3=D=wo>KHU0SCWJMrE;vzyMX|pvIn(k*CxHtd1HL
z91VdX76PNg??WuYhKqCQJa?(Zz`zhbT*7WR`2%{b+8G80hJomrgKlIQt;~m0f*Rp|
z8SSBu@B}cB-aohfnIr=P!!tU%fp_#uEjora0jth!e`d_UzyPYu38<vH^bsRZDO;+W
zI%?o(2n=utjP}q6I08np_0U^ac<C4h@91b31H(5z&o$Ir3qV(=)6=p6tk@k#D|ULu
z^r&6*41v+got~jRY8OTbKzq;hT6xTRZu_%G7>*bfplb-6+x|>pfO_e!(3^$m>fcez
zMniyJAuw8@(<`J$?ZFuW(ACEDIvhrJ^wM>lQ9&<>oAj~>$sRK!PpLgf{88p;2n@Rr
z7_HEUU6c-456xp>VE92N*T+HU^66yVs5P(<IJf;-0|NsC=w4iy5Ity%(JhSh2<A~c
z1{#c3=mQ-CqxOSC06Mqc3+B+C09_GhL3?Y4unnq3A3SKk7NDMvA@r4jfkDd1Qwns7
zAsww9wQ4j31||eXEBAp3_fcE1gaGt>_8VBFXdx6!3qwcE#2o_Xwm+limcq?Oo>Dx}
zMk8)VjmnIMz%UAd(F%PSMdonuijk+3CIbV*KRWmYbXpl5tQoZe6aweAKLZW9PX@8+
zfJ==$rTpk%&!`onAuy;yV6;LXRM9c&7-$GIL+Md!7=!@mP#FdWhD8hv45IY#j*+KS
z4?XM|wPQ2{23rV>R_KE*Mn>JkVB{$UT0}+jkbo}MqPaaI*#c-~4qE(3ui^Ga2G#}p
z_t1VVz(|hPQNIs`5O~-kS3O$84~3W-btA1pz@JtIkD3b)fl3AjhEO<<wv1o&Y8}$n
z8>6O=h5&gXFj}FL7jC1vXdeP!Xm16B93AW!u~wYh{>+GhfuV|y0iaGtyGE@V4S_)y
z0;3iBpo@}G2SG#N4V0!OB}7ZZN6lt9OUE!M8NFVOj-fqj)u0T4(F%P~M$4$97#J89
z(jye0y-0dkHKOb|xBVGCZ|AvW<S9k30}f~wkNWHXD~zrMpjq&aID<#8Xd7`+K6E@x
zr;FC#GcYj7K@XoFI)O8YU3zZ&GY19+hW&JM;tL~BDbQ7abh2*Ln$Zv#ydf~!TOYh}
zGwL!1hF^3D1VIJ{hR^4=KU+x$yGDu?U3Bv3pV7*kP9Z&N&5#Iz(F%P?MAL|M<aRpx
zJPb4<aBlmv!*sNB*jWX=a?O-Z9y6ztJ)_o)hQN>rfzb+mNJP_!b>xHr@VO1NVh0@(
zJ^<DaT`QrNq2H&I50)8uN}Z#VU8B|z2mw`wT|J{~0SE*Voux<T)9D=Gqt=lY0-%bP
zG#yk|y~xN@DxT`54l@IxC(V4Om$!^OrAEsxdIk2VJwql0Mtkc+CaOlJLkB^@4Z5H8
z|Huq|l6?J<B-NBD9z7_CvhW+#JxoJjv_c=I5j&i`H3%wohI8AW(PewxP>eU|C<?vG
zlIIKz3_FHmIE}h_Gz4fJ0;9uLv<~4>^Qi{TZGV=|z`!trY6g;M5G@)ONC(e@dYu9c
z3=CWh3=E(v%wQEH=!!ZJo0)-u0Yrl?fG5%AR8<b!h42G<eI73Z0|UryRJ8<;VG%~2
zQlq;Q@C4AP6lo!#@&2L6a9j&8TDg;!4n|cEa0o!}?gS0>atyFjMy;oR2&^~qlnSE1
zwWBtUhQQDWfzb+mXv7m%R}OUV6|1901xG_*aD~8k1_p)~3=9m585kJ;k6!RHxFToN
zHPj7((F&cq;Yk<Mp!1h>v1`<l(GVC70h))vBL)VB`3wvU3r5eZr+HWpYYRpz^dS_z
z7x%ol_4oHb)gk2MQKycEz-S1N9s-S{BMGDj+DO!4yuSA>uC)N8mHQA$5u-iyAreue
z&KwN^>V?1-BTp$`>KQj`(y$MKhb?l|qqX`Fh~{(KpMj1y11*gn0<Il(;%Eqrh5(gA
zAj8O0Y9^J<95rqjh5%@f%rNxU@bS{Q?ax4WNsd<L!zW5deKHyXq=vwZbK9ToB~{a?
z`jHm`qZRt#kMp9z@5E6Tj)uT!2+%kLoX%~3wu{Dgj2b`0LtuyuxxaF4P{FkpV2H;6
z5zdERb#;+}fq{<*<)cbQLtr!nMn(vv8F@<09vNO8^(CnxFhnYMQoS{_)kAN@c+9}S
z06Jo9XnSVV^`jv$8UoY|fiDaU3~EN6QlPVPscG)0S;HU%Mu*=AXC#6)td3UZgEMYM
zT{Rj40~rE53=9mm1L=TKy9aLwjP}q6S=^l4{>+Ghf#K{RbJnPH273rFGB7Z+FfuSQ
zBC_=V|B&0{Kw=;!k`&lCFfow2e}BP34FCT@^gwu{<RA@!KSrKXtb^2Tqs|(@5J2Sq
z0d&Ohw%W8WtCPI70Oz(p`^Lb)FwnPl47=z7RcuVq$`4klA$t-g2CC>l;-Cr<L=(aw
z^>DSIoCU2LVdCgC$UG)yMg~SE1_owUCI&tcb_S5Ugr&F`SlEWg;Mv!YzZkx}|Hbg@
z`(K97Z+?Qj%<%U&G+@9y1_oHTfViNr|M&O*Xu|>&7{uezQ)-A0s}Z9TR0NF}&klBv
zp4<NH7y|=?B|Y59#>vbeB!j=*04iv~351b>0aPJ^`AiH9|3R0AF))BDB@i1_Ie}=9
zyJ2jYdWQcDAOzMAlE;O?W`iV&u#1%qaw8ZA4+{gRas=^*OJxWOf>Deb0xutcrjQvJ
zKD_wB@b~vW21w-(X%zhb3#C!p3#bMRPu>F~PbtOW>9tW`ksAUm<Z2w%N8J!OxBVGt
z4xKKQIVV30gNCIjbv-a@+Gq&SC<Me6KvT#J3^1BlYySND$ME~tUxwd5{xW=c`2*Y#
z`1;{DxP|!-G|hn42mm)K86gb>kR9-m7Z3*zMjmZoU}RwU^Ap<Q#iNG`QbJTPW7LRY
z76PLc`XGqVbK9SR?v6~Lms8|*N7vrbE38ND8MqJtjoN@PCl4zFp9uY~<-N4`1;!Ku
z4MG8}IYI*)MvWYDAuv29?S@>iV>q}BLxe^G!m^wUpaPCK<4Y}%9wcuq0CDDzsu~S}
z;T;0R_VOtV1@O!mg=UOuA7&viTDcE!ghE%lo72M?tn5q-a@wOkb$W#Ls2w9W1VC#%
z=-~U&gQ(~b$V1JF(F%RwW6XvgPGDqWWYDq`qlZ<ac8rF=hz<c>5jMK`|J?Rx4Ro<+
z)RG|+0;3iBz(>_YdN@JbP87U4oE~<K+A$geBRK>_<+<tQ{djs=G-}V#2!YWGeQ3lJ
z#ja%KfNcAs*q|X}fcX}eg`;Z$hD>w~Q-^}quFz=+o`0AI;i$LB41v+goy>q6O4{W0
zM)Unpimy?(4*d`Sozp-EUyPRDbO_`jWyQl5x$4nWF{Gl5JjV)2jo!gdUdWB=8V!L#
z9Rj0E-v@Q{(BE;R6*~RHeALF#5Eu=CVIBf>+RH|l<86j{R1GWdjaKNxDmq6!Gvq_y
z5!byVqiX?%d^C=FU^D~<Is`_KlpE+67`1;yguvIYUm3o9`NHt@=~K9WrKP1AczAdi
zxVh=JWEyVwC}T7PMnhoug}`WUefY)ci1g91W5*aOD=Wcwj)I0h2O9=e+!7KJ493RB
za17#u#9?lI`0(L?#T}@@L2URXBqT6w-MW?G)vH$wzkmN8FgK4{%rH9qKAH$nLSS@(
z1xj$xpL1^eGnyaXZ0I3LH;;iTr5Q73Fm!Zu(9O=_WYO;3yBS<uT<Geh)vH%CgoTAs
z&CcZHWCl>BudA!ez|TK2w_IG>`x1PG9Mu99yFnj}Jf#G&OO1+-#1I&*&<8lyhf9SH
zs>l@-6b3jnhlll`Yrg2|6VM0&RqXrGW3z(9wE%s6eGEZCK@9Tp@>FrcU^L|7?ib)I
z;b`o(Pez_nBeV5H<A5Ei#*Yra57n3(WbPiV*r^jCpx!!lOd7nV6crUQfYJ-7QGtxh
z%gY%~ojS$v`SWK6dN**W8Cu`J{H8}`4s!B45HX5JLjV>6qZK+VBu44c5E$SPc<|r>
z-G|;mUOs*LG>95-+||{^U~X>Cz{khOz{JD^UmFn~9?r05&mM+%@7@iGivIP(uk;Gb
zh4iv$)SjUc0;3iB(1@o&?@CZ*H0T{Uh#Xi}R>lAdGf+<yh6id0+Qh^JTv385cF;Wd
zAPOe1Q&z27#o+4d${;K(j8f5q7W9FpeZYza5%KBGFS@wK$Wv<c78kmN^w6<nbUuB6
z<7&9fr^A8~RKU`Dft-<%5rc|~3WJc45Ca<<8v_Ri2e?-Ust`fqN=ix$Jv}`P-QC?V
zXAz`9l`66#P>&E)i6Dy+V*C2~G87jVGgw(!F|e|-5>h_o<UfA=$Z+}cWrkU^W-%;Y
zym-*LKR!O5AvZUdK|@1>^lgETnrl2sTnj)<09@YplHt!UnlDWMV&o~sON@I))r_1F
z7_Hm~IIf3V<vzf{3Aa8yJsn&L!378~&?|QW%15QqLI4zg@87>?xOC|f!<H>u7<zkq
z(Nqi^x2~>^AvidgK~qzcE{!faRp{@GJf(yOE>uTt9*iL{I{ZEuV`bD$6o<got5+#D
zW7GiRLjbhU4K#Y<;NSorDFIdR$QU%$FlEXV;tiyt%BH3!27P^f@W>9xoiGgAa(V6A
zwV}GlezfeSVj3APMveB+2RJ52d+4-@08pV#ipikLhZOarYN-<f-@bigxOeX!!`iiL
z!M%FWYIo|GOui}Z?(X3I^_G^F3{p~3B=_p+)I%TLn@)Zd4_lq1t-N6ywWA&*HUvN`
zt%+4Ts*buLz{SPIprfP1P+woq@afYh@IpOM;|g?q?&i&#89;O7)U}bYX*+lBWQdH6
z1aGqgt=9lG4zc0+^XD^w){hW2k;W>zX7Cx&U@ZWRT|H_%jYD9xw@%{#CS?3*Z=FyG
zktYu-jEU6=s!WJgJF0GALjY8n(t0r_B|hA=X%mA2w;4Sa$c@gYQxZ|bRPShoKEM$>
zTA|Y>0!Axz+Jx(1GZl1B{f!$p80OBM%P@WV^ugvluzPaiD;aFeoEa45R2f)VsJ1KO
zt&yjc2-t#AVl)I`A@Hz8u6ndqhlR!f(WA9GZ32F@R;Nw44i!^jllAlF&12~A?;n)T
z_OK6P2=s_#Fwik0r?!7@<S8XIC_Ognr~wOs(F%RQf*xY=XoU_52Wpd}6*{#;ba<Et
z+h`B!(l1-KY{+=Z)z+WE-z|(mRY{9MR7f1;?q^1xQqmyCP{j@B!q<<k1)yE*jaKfo
z3tOU09<AJo3MP^jjaKd?2ib_%0J=Z+*|TR1XV0ExSh;c~1L!EbArdH;7#J8D85kJW
z4H5T_I+I2rFj}G0C}4>-cC<n#Hl#>XH(H^S7G9&Oi3<VHB>wsH=NUk!8i6*r6Q^sy
zRDEP%U;v#AFqMIU;rW2MV$@=~g}~^ZHo67%s70e8Fd70wJp{P9xfyJ1Y#2bN8iBS;
z4CHA#M1&>i4%TW028L%03=IFFcrOD3gE0|$N0ki05E!k{hhU_QI(ak%Mnhn5gaGKG
zf$Z#T_~v?0B@fzbS6W&+I2?%S3MU2zhBMI09aPERWME)OWnf^C#8f&ef-3~B$ni!F
z_O$?`!|%9ak51yF!|${S=+WVK+Jx(<sg#AlqeqVzPM$o;5Ed3jnL+f?{g{D)VJ-s$
z!wLolhC2)l41eik?Wir}hQMfVo!pQc)i)XfqaiRF0wjijoSYm(XlN)(?;g~{fBEty
z_}V+r@p>d0NlWFj3=9mQdtGlZFfjZ<>ft-k($Z10$q#|i3Z4A08`U{XLLf0QahUjI
z)Eh%J1jNL|7-C{#z<1h$DtH(Mot1m$%o&E}=H|iVwfzhX3?Mw1+%)PI28Pi~)CW2h
z&|}D*Pn4ZO*?44~O+m_#J17l+3Q!O|ibq3WsD!}r<Hs35cgXJ9vuB{3JUV4NP$7@Q
zUSfLackX{kAM9%ZaCmQ27(E0&z5dDY_2Vye;bF~>jg2MAe~T9{CQ1FM;?WQo=nw#1
zA-8+?Zun6C<jIo<+DW7K4{!*KwzdX10_f3O2YFFMo{K?N6STVp#2fy2!-fqEfq{V}
zd33bLPEv4<DyDG=z>c^*eE2Z<P<zlpI5f7BRO3hM4^l&n#_C5SgvJ3(jPdlS)R|cr
z8T4Evh;h!aPy@P*n~#r=B)^PS=p+T#sA4LG0B99F=o0y&q9Q7pNEc%Y85kHQ(8Z=v
zONb5u7NS*-Dx_ryfDWFHqNN3Y|A4ll($a>(Wi~G_@8ELKsB1=S2!I-j@87>?0G&9u
zV#NxEsZ&7*x((UjxW~Z2pgd$<Kg=CI+$;3czIU>R+FF2K1_lP2R_>rQ{rK8P23f6<
zGXxLv^C%t-0a}E>ix)2#PMtc%(ACw&aP;U=T39g{&CF(CV3;`=9X9GFNC=D$zeB=d
zz)5-x!Gk=hX(!6S!8P35bReHHjIMx(1jB%npfl1z`>#Pqs@}VIkKy_A=M12^Vvxf?
zJy{U_=MQN6GXnz?6B8J}dGiKbVS?0y<VW#<hQI;_28NW;17`*_4v4aRWR&bg1;v0X
z0u5^^(b^TC-~43YkQ<G5T8HyUHy?Dn8R*{f^78VL9uz~(|DeiyAp--$fuZK`QTH-1
zFg$FLs~#=h2TxMyVqjpHL2KuHdi#?>RF0e0){L4zf<xf;?b{4$YHA}m1O}DYe=;yI
zTwq{e*ucQRumgI&>z6_0!coUiEd)l#-KiFolpAzz`!mo%%1jIlzupBeqWxL`Hcn;+
zZF@1w9X<q17(In%U?Pdsa32^~4ryBtF)%PJVPIg`GJ2Qlkd8;HJASmcPW2$A$iPnw
z3=9GknLt4EzrQ1EDLjGT7?mCkfdLJH^2}C-a6h8YDE?sNDJ3|d4j#39P=~;1g+92V
zhnOS&D01<?f1?#TMFBXfc~FM{XfLCcl@)`eq$C3e2L}TyD=YYzHISo!{X!h2$i~J7
z5(2NJ1T6sg_wOIW-@ktun3<WutMridp|9WrX#|OZ^uSj6y?^$Lft{6uK~z|rK}J%Z
zK}lYXK~zYLfs2y|YzIgW6)?@q2P(L6)QABLfzb+m00SS3)jt>*7)U!R1&bm0g#P{c
z&+y~hpAob49bZ_C$_<VXfK`fv!!_i&;_|+i41a$8BTqB&x@c|z@lF|4IT%A=w8b~L
zV&xe<ob&k&Xw3|*Y&zkr_>A^z0chp=QFBK_fYK14(<s<z<xXit4RigYmHXg|;EnWf
z&d1lFK>>Q$G-}6a2oMf|L3o%sVMimW`2FKA185WsNr+ZV(0UtMnLTRmFbILs3Vjeo
zqLHUm0|NsC&0FE$KKvd;z8-bTa0`Kqj0}>zWMX1MlKR1>`0An8^l}nt^Ekci8ntH#
zhQR1{wm}wY=e9q)&j1>|rm?#;Y(yA1d01&|%fK2>>Q<`ZFt0nXAr7(q<HwH-0s^FM
z+!(51|NQP}h8MT#v)$XsQ);xlh9t335=RJ(E|9|!FaszIYK7O++WrR@J}_w7h|=1c
zA!h#mXKS)Rttn3z$B-fBbQ(Dqv>F_A0}1GS)*Cl&Fg$qhfC0n@iGx;$gRK4e^Cwsw
zbcr{JKT<KhDs~122LF*7#-siwJ_JTvf5e9s-Bi-+0C+<WNxJ!IAS@!ax4v}gQiiA~
znqQ_v)1Y|x@FByD88a9<Iyz`-548;+YQ6QB_rEYayZM>g!GOy=&^|m~BTp$1jZ4j_
z_-F_)jLxSI&O|V@O5?#9h75D&%pu8T(b3T)sUJ*=K@~Zu0i&RxFyt!p!4!^!+yYwJ
zerfMZdRFEjC*2vX%t660iV20lXoXHFga$@_5<RS?!+u(Ncmt;$$;rt$<#0)WDn?v#
zgIOF@kq>6~;d9&J!-w%n4+^>e{}~wGJ^RLRan}omzrSg|h85k<tI-8U`J*9#Ed)j@
zbZntAz+y(8QqSq(gx8P0(!-h|We2EY1l<cdq#O-)?5-OQ;FXm_b1gt&VIjkZ4<8t8
zY;3^38LR~8NaZ_c-ZDJA^l>1ZcpADZW+3bywR4Dtz-Z+@#3GEE&V6x*KC5=A>1I;R
z0$toqs-DS{CzGmWz}15mu?@H*a5%u*+nWJ&|LXDM#~DDEse_Jb1<jxL_4P6E^Yi1-
zH8_NSegDgFarX;`FK-8ADtob!r<B>?2#HZw422LFT_86|W9i)XXP~|6G+zZj+!x7#
zqW8p!6AYG?mLMk47*yd9t#}YA1Wg}MbAeoYdpm=xt1E+sh6V#S_sF@X7t|}icK8*;
z?;ms@YKNsJT_aDaD=^L|JsJYUgurNpPE05bkQ#cdeAl!S9T8{0gBFjG5{*N(LMO$K
zqiV5-z}Jtz7;YVZi(QfqqNDrJ=@7`n)ryBLa@C{b?!z^9iS*aIr{9QFIkJ?2Hert}
z9}kdk|4vsqF-Xq^0Ieb&z}o%UXze~gX>yoYJ6gF9lZYhO8!zvUuA0LZc9$+)!X`W_
zHjG2y;gt^zpsUsf$cxJu7#P$C$nH^Vhe-&G9w|4tBk~CY1B1-qcH+=*9cbT_t*tH5
zjs+b={^iS;5jBxabl?m#h2K8^X1ICu%|Q9;Kd2%%@|3zgP!1Ticld<BXb*jG$7T26
zcHYo&9XWfYczAdiLPA0qhUOl(p%XU)<x<c}xVz`x4P<3L-^f#nX|ysQs1z{#>>aJp
z2X~wvp@;LX9(+X)YX;no=g&#s`@eSWS_V+X4q9ag!o9t{44|du1MZno2T&9OzkfpZ
zr+s?$lYDbr-`q8$&RPItBTuO$@*Og&b2J1nLtu0XJZ6{-DiL}tg9mw7M2?F=R%>u?
z7zVkMQry+m#ZX>ePN^|){h(V+OifJ({bp;pgGV?6bTr)i=idhE1Q}51Pcib8$^|h-
z@n{H8I|N26bZUnvmCZZ1{TXPZsy3C4#cJG0+23~T*f9ocYiq1wKrO-M=4OW2*jNU6
zd3kCXIcg4tApja~2aQaDR<%=T6j|CwSF@89Y@?b;2!YWGorJ&|2&Lz?KLZ{8xu0Hk
zv$8WWXjqFfu&@pPnVI$L*E0kK1<@;LaoPi#7LbsTz$rf}L3s#V+Vg_p?;p@wG|J5)
z!-Q`}o>C*{$R08RXjBVzLSXop+SCcB0W-zOQ|bT%0|N-t#SOoI{sV90IltpM!_!-z
z=wjzUSrQl+$N)NBX2psX1LXv;y^@lWBwry1);LNK41rH?elUR2@&H!mptD^EUuACm
zuP&ZCYXJzx!Ki|P34zhx`oM%c$+n)`{_F<>0|PtB8mXjVB%CGt@#9B^%a<>M?=0QA
zbt{!Zj(B504GrQ|kE$dT0xutYVR&|fZWo<nbI#~Fuh>FmRE%aJFj}G0ENH1~@VV{J
zj2IXg&QjM@(oADvXJXKG6ems75LXR4RSs0i*VNQ7Y~Q|}roI`i(5V-^16-M}HS&}S
zp`LF>O&SdW;zD3__?@_L8gNxco>J!+7#Lay(jk9-{sRwXf-aLDNO#cFZdO)S1|uUQ
zhHcxnfrsir_kw~BugT2Jq^dJOSC&!Lz!7fP0QSs5z4Fn@e1xaJf%5)n4}G9Qo(y}>
zZGXnYz`!t%fq@~E4DD3a!Y#zgpk^jQRWpaWVK;8vU^sK;40xqG%rE}_{@_#S-oAay
zuyf~5m@t?I$yHQTFj!bvfcc{YbwU6%e@-2fNHXPxk*Aa-NjgRqlNSO3b^2PPYXJy`
z-Du@bFo*`10%!#f>b2($w98mIpeyBBM+bcdIxa@-M})utRPGr@o>DUrE*NEvhQPpt
zz-Wa&FyT(It>?BsGhkp~IL*MoFeuLK7m?>;kkuUi2i8y=aia#%Gz6|6dCl<S%O9HB
zfn@l5BTp$IB>pIKGz11T1V$_L0S$i2EkC#Y8R+B`x*Q`*tZNyW7#Sp0c^E|HxEYw3
zN0S(_;Wny{vJm+3?GMBCL$4__gm~TTMxIi?h*v(Uax?^J9|EJLE$zdYE;gLo{tPsi
z_lz!<k!T4sD<gxX8ZU#e6xV14Ph!}ODkm-kK)VI59C*b5TEt154vJJQG4hm(rO1R)
z%_B1ev?TYY(Q7Th!xp*f(Hedjrn7U~pDkrzV2B!qUc>1nW)?;UAsJ2vRt{!xOJXD(
ziH9>VhL{BC%+}w({xbad`iJ4g?Jo=<J_rwDZ-AD$gU)Uq#7-P_+DHt6(F%PS$NIVL
z&r}!~7;Z5zFpT(kX6I&RVCQ0C;1ObD;1gwM0L>F{a1Dy}2*V}?e*f|t?3Xu>zcGA#
z`IF)IkH294FeC05c}l4cGe3=bXPAV*h%e}eNj&2826UPHI|c>@R-B4PC2)oSI}Zzk
zFsSFx#>5~b#f4MdP?z}n@fX9F_rJg^%)Y+=#qjSR1EfM8uyfJ}XNZp8#4<SJWz<!W
z5E!k{A>lBr$#dJEDKIcF++ko~U>?>U9YD_sNpmuA@Uk%Q2(mG7^Rv;#C7{!PK)vCw
z?;$;7x>!20EpajOl-fJ8gJ9J6gE<6fRiOu7Qd>>0wE%-Td<Ui5pcOo558UXnF@rLO
zMjbWCL!i^hQ>tQ+yK&TcBRm8~j|&+g3Bbrx>Vc7`lqdrOL*fYW@~AgQLx5T#u%3Z|
zp^sXIjhZtW0<;PNTJ_dx<=#<qsT2ax%h^{mFffev*r^nzqs9!&5U4lulxiB5J{$Ga
zunU3F3Vql`Dd`@94#!VmU|{ekUH7PtQ7~*nAj!y6YW}eG-KfWgT?mX;=$KJju*P7`
z=vn}za5=aA*%k%{25%&xQRZj}jHD2lY~(35;1?^5qyQiFE9D_DTDemmhQrzf=uvf5
z3=9l8!`h>xo*NATL<oc%c}lH9a7S6AAuu#TV6;LX8u2t}TnQbj-^jqgpf_k7HR_Pj
z5TH&7Y&G(f@}Z7Vqo$080R2N?v_hwUm=7x(&uxEZ%)r2~j)8$eZdiG2)H5R~1WJuO
zrFuq^he!Q7JVRi#LLXl7s;}EoHt5y@oZJ4)2pY_83=9mq3=9mi3=9m)&;xKlC)<Ix
zQi9G81s#Y3I<pK!|AWed#9{KF^a_#(o#+D62cn@yk5VHv1YR&OFo13^0?}d&3=G^1
z3=En?hQ)aX28NlVm!1<DTBFK_R0x0y%OU09QOAyk0CEUG=lem|(}B*mpU%L*z&BVf
zmPdByC>v)8d|_Z<xXi%7u#16#;ee5+)B&6-M<qr>U^E2qhQMfrjyHHlC5KB0oZJ3P
zhk=0s)VtS!?#btbF8TxI0qNo5PdfSoR1yDSU|;}^s(?mQKvw@?U|;~@4-5<ppfwi^
zMxIg)Ac;{t8UmvsK>H8?6=t-zWz>ez5E!B%06mz;fq{WRn}LBLWQckL=4{YZ#!m(Y
z1`rLZh++93#0E`kd}Lr?_{G4$u$h5@0aRgwhNhpxG>_7wAut*OqaiRF0;3^7ObBF1
z=CBRAwE)C8d{oV72#kinXb23t5O~-kS3T$)HR_<z5Eu=C(GVC7fzc2c4S~@R7!85Z
z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!83D7y^fjrgV(11sH)5
zKkDVt5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7
zfzc2c4S~@R7zLvtFd71*Aut*O!!`tL`M3Lzt_2vj(L3s~(GVC7fzc2c4S~@R7!85Z
z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c
z4S^9D0;6jIMqs3mdU-SiMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0q
zLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(SckyqT7Y34y`!ER4S~@R7!85Z
z5Eu=C(GVC70cwQ+<1;<Ui_|h~)SS@}7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C
z(GVC7fzc2c4S~@R7!85Z5Eu;s+J?Zz{Gi1Q43biwE{-9zwQ1D!(GVC7fzc2c4S~@R
z7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Ev{W@auJ?
UsP}$XFOYjYUHx3vIVCg!0EB-D5dZ)H

literal 0
HcmV?d00001

diff --git a/hosts/server/modules/system-utdr-assets/tenna.ico b/hosts/server/modules/system-utdr-assets/tenna.ico
new file mode 100644
index 0000000000000000000000000000000000000000..d960b9196a4bd6abbc514288a28ee99badaf16c5
GIT binary patch
literal 16958
zcmZQzU}RuqaBu+83Je-f3=Con3=A3!3=9qo3=9nn5OD?&aA06i)`MUWcNC9?z-S1J
zhQMeDP&WjgZ9m8SZ2P(Y)W9H@J==bc1w;=<ObtJhV#Z(z15(^fZMB0T3`q6U&ktYz
zV*{V>zxe-R?<JD*%0T-co8O=BxrohsR1rhBZy^1T?iLWADxM@@2*@5}JP={<Z2P&F
z$Zi0!2{;=p&A`C$9~pxMNhCmap<{Z70lNLfcmdhpAT}|2aH&DJf3W-i!-o&xc>nSR
zd)bG}pSZ-I@4A3dPSP_B(8C{>J7MCW_y%DZpBgl}8$f(|g#pMeWK76EAisk!K6M~@
zY`Czn5T`a|H-Okf+5a$4VhaP996J5-z!kdZgJ;{%$$-KdhSA-GjSuq^HaUD^#OQ;$
z14h$24LsX^?j+1E5RK3MFgarU0aJ@i!}JlNZ>~86PX~1HKisat;(r|B<4B9J0Qngi
zBgYpmHq3pv<S7-;&dvtcuP}SC&{PWwWWR&h#JC;i9%9r|Lk-M6BznO8PYr+JGXu%5
z=xM=%YMy6cU;xEAGREg7m>kG$Fg7)5khwVUMQZvP*(_wggV@CQ2joU#)Dcp1`SNA-
zxCQg4m9@glWMsF}f(`OBGA86^kUYr$APi!YgF$-H@vmRMz(%2unb5+|$Yvt@9mEDZ
z0*OF&r;(A-|KrDxgX0KU9OiZ;Z757we+gL+h<)bF85DIO&S3KY?%lgF{0ee6J`C~$
zGDcS$A0Lk_jlur?^*cQ6gW>}@u4usq*@28P97LqR*|TSfR7qGFvU_OZXJj*x?E<k0
zyN>oMK<<EHWVh0S4YLPE)82RZZTNWe$&gI{_<cpZENHwL78f9z7IBVlCdeLYVNm(~
z_32v_55GBm`~QnQ7g6GsSo_f3N((-*ZW#!5wD2#wnFHZ3BJJcucPp*<M7oEpG)#oq
zXP#|8cOD6^p_M-=F&CRZh&2ygFR}UtlR8TMK&k$L3=8zN59GLIi2ENU?~nSQoDjeq
zZz0bV`s<=r+NG8`^bP@Px%=7nb4=7Si(X+sZTF&^_iX#Qef07RIrgBtmmD+D_0Ymh
zbUUcQr<FU=%?0tP;a+N+0df~Irl$GG=7QMNG@Dvxf!u|Rsbwz69AtArY>?Ps!XP)H
zV`{q(&HO>t??H1LXe^kj-bXhd#HXqSWEuu?2R2NmaagrsGan>|RWTg}L2kf>sp$+{
zcEH4`X%{JG!R*ID%aCFgKD9W^hxf7Y>7}I{K6g>mUVQd|<fv&EDQ1D}#)U~Shmcxa
zc7VhQ>7}JS$bMXyn)c$d10+sOdq_14WIr}csyW1{r<Xm%xCL1az1{U}`#EJ~`v(IX
zwk~ooxMkE0qaiRF0;3@?8Un<J0LlbBUd|5&hW#J~3=9nX|NsC0!@$76jzs@}@;@*z
zFfjlB|NjB#-~lw60m^5nhseWe`~UwBfZU8uvqQxhanSrwaddqo@Imfmu!p(_i3a%t
z<lg^3>_33K{r^Y(k9rW}!+&)8k3B>jPRoP%5C8uIh136s|Nn#O!~g$-!t4Lx|Nq-T
z@-VvjKS&5H*!=(h|9|ZN|AWHs5BvZBAp8F?LunYF{r`VPP`JZr{{R2M`uP9<e-APj
K>=+P(C=39)egSI$

literal 0
HcmV?d00001


From 2a16184fba1f93e023ce16d8adbcbc985605f0d1 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Sat, 7 Mar 2026 11:29:32 +0200
Subject: [PATCH 26/31] pds: prophecy

---
 hosts/server/modules/Caddyfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/server/modules/Caddyfile b/hosts/server/modules/Caddyfile
index ab2a1cf..3183dca 100644
--- a/hosts/server/modules/Caddyfile
+++ b/hosts/server/modules/Caddyfile
@@ -42,6 +42,8 @@ Most API routes are under /xrpc/
       Code: https://github.com/bluesky-social/atproto
  Self-Host: https://github.com/bluesky-social/pds
   Protocol: https://atproto.com
+
+As foretold in the prophecy.
 " 200
 }
 

From eebf3f61596570d663e60922039d6797dbadeec3 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Sat, 14 Mar 2026 17:02:37 +0200
Subject: [PATCH 27/31] feat: add openclaw sandboxed user, sudo policy, fs
 restrictions, docker proxy, watchdog

---
 modules/openclaw-docker-env.nix |  6 +++
 modules/openclaw-docker.nix     | 32 +++++++++++++
 modules/openclaw-fs.nix         | 29 ++++++++++++
 modules/openclaw-sudo.nix       | 17 +++++++
 modules/openclaw-user.nix       | 15 ++++++
 modules/openclaw-watchdog.nix   | 82 +++++++++++++++++++++++++++++++++
 6 files changed, 181 insertions(+)
 create mode 100644 modules/openclaw-docker-env.nix
 create mode 100644 modules/openclaw-docker.nix
 create mode 100644 modules/openclaw-fs.nix
 create mode 100644 modules/openclaw-sudo.nix
 create mode 100644 modules/openclaw-user.nix
 create mode 100644 modules/openclaw-watchdog.nix

diff --git a/modules/openclaw-docker-env.nix b/modules/openclaw-docker-env.nix
new file mode 100644
index 0000000..23b18e9
--- /dev/null
+++ b/modules/openclaw-docker-env.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  environment.variables = {
+    DOCKER_HOST = "tcp://127.0.0.1:2375";
+  };
+}
diff --git a/modules/openclaw-docker.nix b/modules/openclaw-docker.nix
new file mode 100644
index 0000000..e7d8a15
--- /dev/null
+++ b/modules/openclaw-docker.nix
@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+{
+  virtualisation.oci-containers.containers.docker-socket-proxy = {
+    image = "tecnativa/docker-socket-proxy:latest";
+    autoStart = true;
+    volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
+    environment = {
+      CONTAINERS = "1";
+      IMAGES = "1";
+      NETWORKS = "1";
+      VOLUMES = "1";
+      INFO = "1";
+      POST = "1";
+      BUILD = "1";
+      COMMIT = "0";
+      CONFIGS = "0";
+      DISTRIBUTION = "0";
+      EXEC = "0";
+      GRPC = "0";
+      PLUGINS = "0";
+      SECRETS = "0";
+      SERVICES = "0";
+      SESSION = "0";
+      SWARM = "0";
+      SYSTEM = "0";
+      TASKS = "0";
+      AUTH = "0";
+      ALLOW_RESTARTS = "1";
+    };
+    ports = [ "127.0.0.1:2375:2375" ];
+  };
+}
diff --git a/modules/openclaw-fs.nix b/modules/openclaw-fs.nix
new file mode 100644
index 0000000..5573390
--- /dev/null
+++ b/modules/openclaw-fs.nix
@@ -0,0 +1,29 @@
+{ ... }:
+{
+  fileSystems =
+    let
+      bindRO = src: {
+        device = src;
+        fsType = "none";
+        options = [ "bind" "ro" ];
+      };
+      bindHide = src: {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = [ "size=0" "mode=000" ];
+      };
+    in
+    {
+      "/home/openclaw/private/AT Protocol" = bindHide "/private/AT Protocol";
+      "/home/openclaw/private/cloudflared" = bindHide "/private/cloudflared";
+      "/home/openclaw/private/vaultwarden" = bindHide "/private/vaultwarden";
+      "/home/openclaw/protected" = bindHide "/protected";
+    };
+
+  systemd.tmpfiles.rules = [
+    "d /home/openclaw/private 0750 openclaw openclaw -"
+    "d /home/openclaw/protected 0000 root root -"
+    "f /home/openclaw/private/tangled.env 0000 root root -"
+    "f /home/openclaw/private/cloudflared.pem 0000 root root -"
+  ];
+}
diff --git a/modules/openclaw-sudo.nix b/modules/openclaw-sudo.nix
new file mode 100644
index 0000000..d6617d4
--- /dev/null
+++ b/modules/openclaw-sudo.nix
@@ -0,0 +1,17 @@
+{
+  security.sudo.extraRules = [
+    {
+      users = [ "openclaw" ];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/cat";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/docker";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}
diff --git a/modules/openclaw-user.nix b/modules/openclaw-user.nix
new file mode 100644
index 0000000..1473b9d
--- /dev/null
+++ b/modules/openclaw-user.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  users.users.openclaw = {
+    isSystemUser = false;
+    isNormalUser = true;
+    home = "/home/openclaw";
+    createHome = true;
+    group = "openclaw";
+    extraGroups = [ "docker" ];
+    shell = pkgs.bash;
+    description = "OpenClaw agent sandboxed user";
+  };
+
+  users.groups.openclaw = { };
+}
diff --git a/modules/openclaw-watchdog.nix b/modules/openclaw-watchdog.nix
new file mode 100644
index 0000000..ccff3d3
--- /dev/null
+++ b/modules/openclaw-watchdog.nix
@@ -0,0 +1,82 @@
+{ pkgs, ... }:
+{
+  systemd.services.openclaw-watchdog = {
+    description = "Post-rebuild health watchdog";
+    after = [ "network.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "/etc/openclaw/nixos-rollback.sh check";
+    };
+    onFailure = [ "nixos-rollback.service" ];
+  };
+
+  systemd.services.nixos-rollback = {
+    description = "Autonomous NixOS rollback";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "/etc/openclaw/nixos-rollback.sh rollback";
+    };
+  };
+
+  environment.etc."openclaw/nixos-rollback.sh" = {
+    mode = "0750";
+    text = ''
+      #!/usr/bin/env bash
+      set -euo pipefail
+
+      WEBHOOK="$(cat /run/secrets/discord-webhook 2>/dev/null || echo "")"
+      UNITS=("sshd" "docker" "bluesky-pds" "cloudflared")
+      HOSTNAME="$(hostname)"
+
+      notify() {
+        [ -z "$WEBHOOK" ] && return
+        curl -s -X POST "$WEBHOOK" \
+          -H "Content-Type: application/json" \
+          -d "{\"content\": \"$1\"}"
+      }
+
+      check_units() {
+        for unit in "''${UNITS[@]}"; do
+          if ! systemctl is-active --quiet "$unit"; then
+            return 1
+          fi
+        done
+        return 0
+      }
+
+      check_ssh() {
+        timeout 5 bash -c 'echo > /dev/tcp/127.0.0.1/22' 2>/dev/null
+      }
+
+      do_check() {
+        for i in $(seq 1 6); do
+          sleep 10
+          if check_units && check_ssh; then
+            notify "**[$HOSTNAME] NixOS switch healthy** — all units OK after rebuild."
+            exit 0
+          fi
+        done
+        exit 1
+      }
+
+      do_rollback() {
+        notify "**[$HOSTNAME] ROLLBACK TRIGGERED** — health check failed. Rolling back..."
+        if nixos-rebuild switch --rollback; then
+          sleep 15
+          if check_units && check_ssh; then
+            notify "**[$HOSTNAME] Rollback successful** — previous generation restored."
+          else
+            notify "**[$HOSTNAME] URGENT — rollback also failed.** Manual intervention needed."
+          fi
+        else
+          notify "**[$HOSTNAME] URGENT — rollback command failed.** Manual intervention needed."
+        fi
+      }
+
+      case "''${1:-check}" in
+        check) do_check ;;
+        rollback) do_rollback ;;
+      esac
+    '';
+  };
+}

From 6b886eeea80aeb8bdb378f4a4035c1cf8619a8ac Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Thu, 19 Mar 2026 17:39:44 +0200
Subject: [PATCH 28/31] tailscale

---
 flake.nix                            |  7 ++-
 hosts/server/configuration.nix       |  3 ++
 hosts/server/modules/vaultwarden.nix | 12 ++---
 hosts/server/slop/brave-shim.nix     |  2 +-
 hosts/server/slop/openclaw.nix       | 75 ++++++++++++++++++++--------
 modules/force.nix                    |  3 ++
 modules/nixos/network.nix            | 13 +++--
 modules/openclaw-fs.nix              | 32 +++---------
 modules/openclaw-user.nix            | 12 -----
 9 files changed, 89 insertions(+), 70 deletions(-)

diff --git a/flake.nix b/flake.nix
index d14e7f0..96d8b9b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -82,12 +82,17 @@
 
           inputs.tangled.nixosModules.spindle
           inputs.vscode-server.nixosModules.default
-          inputs.openclaw.nixosModules.openclaw-gateway
 
           inputs.chaotic.nixosModules.nyx-cache
           inputs.chaotic.nixosModules.nyx-overlay
           inputs.chaotic.nixosModules.nyx-registry
 
+          ./modules/openclaw-user.nix
+          ./modules/openclaw-sudo.nix
+          ./modules/openclaw-fs.nix
+          ./modules/openclaw-docker.nix
+          ./modules/openclaw-docker-env.nix
+          ./modules/openclaw-watchdog.nix
           ./hosts/server/configuration.nix
           ./hosts/server/hardware-configuration.nix
 
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index ca8da57..865b843 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -23,6 +23,9 @@
 
   services.vscode-server.enable = true;
 
+  # Avoid clobber failures in Home Manager activations (e.g., openclaw user).
+  home-manager.backupFileExtension = "hmbackup";
+
   systemd.services.ocbwoy3-start-pm2 = {
     enable = true;
     description = "Start PM2";
diff --git a/hosts/server/modules/vaultwarden.nix b/hosts/server/modules/vaultwarden.nix
index 572be8e..e21413f 100644
--- a/hosts/server/modules/vaultwarden.nix
+++ b/hosts/server/modules/vaultwarden.nix
@@ -25,16 +25,16 @@
     };
   };
 
-  # Allow vaultwarden to write under /private/vaultwarden and ensure the directory exists.
+  # Allow vaultwarden to write under /private/vaultwarden and ensure the directories exist.
   systemd.services.vaultwarden.serviceConfig = {
     ReadWritePaths = [ "/private/vaultwarden" ];
   };
 
-  systemd.tmpfiles.settings."10-vaultwarden-private"."/private/vaultwarden/data".d = {
-    user = "vaultwarden";
-    group = "vaultwarden";
-    mode = "0750";
-  };
+  # Create parent/data directories with proper ownership before startup.
+  systemd.tmpfiles.rules = [
+    "d /private/vaultwarden 0750 vaultwarden vaultwarden -"
+    "d /private/vaultwarden/data 0750 vaultwarden vaultwarden -"
+  ];
 
   # cloudflared!!
   # networking.firewall.allowedTCPPorts = [
diff --git a/hosts/server/slop/brave-shim.nix b/hosts/server/slop/brave-shim.nix
index 6c206d7..14decaf 100644
--- a/hosts/server/slop/brave-shim.nix
+++ b/hosts/server/slop/brave-shim.nix
@@ -27,7 +27,7 @@ ssl:
   verify_ssl: true
 
 logging:
-  file_path: "/home/ocbwoy3/.local/state/brave-shim/brave_shim.log"
+  file_path: "/home/openclaw/.local/state/brave-shim/brave_shim.log"
   level: "INFO"
 
 bot_protection:
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index 9ab8f63..e8a69be 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -6,30 +6,37 @@
 
 let
   openclawPatched = inputs.openclaw.packages.${pkgs.system}.openclaw-gateway.overrideAttrs (old: {
-    installPhase = old.installPhase + "\n" + ''
-      # Point Brave web-search endpoint to local shim.
-      # NOTE: upstream installPhase script does not run postInstall hooks,
-      # so patch directly at the end of installPhase.
-      if [ -d "$out/lib/openclaw/dist" ]; then
-        # Web-search tool hardcodes Brave endpoint in bundled JS.
-        # No runtime config option exists for Brave base URL in this OpenClaw version.
-        grep -RIl "https://api.search.brave.com" "$out/lib/openclaw/dist" | while read -r f; do
-          substituteInPlace "$f" \
-            --replace "https://api.search.brave.com/res/v1/web/search" "http://127.0.0.1:8000/res/v1/web/search" \
-            --replace "https://api.search.brave.com/res/v1/" "http://127.0.0.1:8000/res/v1/" \
-            --replace "https://api.search.brave.com/" "http://127.0.0.1:8000/" \
-            --replace "https://api.search.brave.com" "http://127.0.0.1:8000"
-        done
-      fi
-    '';
+    installPhase =
+      old.installPhase
+      + "\n"
+      + ''
+        # Point Brave web-search endpoint to local shim.
+        # NOTE: upstream installPhase script does not run postInstall hooks,
+        # so patch directly at the end of installPhase.
+        if [ -d "$out/lib/openclaw/dist" ]; then
+          # Web-search tool hardcodes Brave endpoint in bundled JS.
+          # No runtime config option exists for Brave base URL in this OpenClaw version.
+          grep -RIl "https://api.search.brave.com" "$out/lib/openclaw/dist" | while read -r f; do
+            substituteInPlace "$f" \
+              --replace "https://api.search.brave.com/res/v1/web/search" "http://127.0.0.1:8000/res/v1/web/search" \
+              --replace "https://api.search.brave.com/res/v1/" "http://127.0.0.1:8000/res/v1/" \
+              --replace "https://api.search.brave.com/" "http://127.0.0.1:8000/" \
+              --replace "https://api.search.brave.com" "http://127.0.0.1:8000"
+          done
+        fi
+      '';
   });
 in
 {
-  home-manager.sharedModules = [
-    inputs.openclaw.homeManagerModules.openclaw
-  ];
-
-  users.users.ocbwoy3 = {
+  users.users.openclaw = {
+    isSystemUser = false;
+    isNormalUser = true;
+    home = "/home/openclaw";
+    createHome = true;
+    group = "openclaw";
+    extraGroups = [ "docker" ];
+    shell = pkgs.bash;
+    description = "OpenClaw agent sandboxed user";
     packages = [
       openclawPatched
       (pkgs.callPackage ./gogcli.nix { })
@@ -38,4 +45,30 @@ in
       pkgs.python3
     ];
   };
+
+  users.groups.openclaw = { };
+
+  # Keep the openclaw user's systemd --user instance running so the gateway stays up.
+  # Using activation script because services.logind.lingerUsers isn't available in this release.
+  system.activationScripts.enableOpenclawLinger.text = ''
+    ${pkgs.systemd}/bin/loginctl enable-linger openclaw || true
+  '';
+
+  # Run OpenClaw gateway only under the dedicated openclaw user (user systemd service).
+  home-manager.users.openclaw = { pkgs, ... }: {
+    imports = [ inputs.openclaw.homeManagerModules.openclaw ];
+
+    home.stateVersion = "24.11";
+    programs.openclaw = {
+      enable = true;
+      package = openclawPatched;
+      instances.default = {
+        enable = true;
+        # Linux user service only; prevent accidental launchd usage.
+        launchd.enable = false;
+        systemd.enable = true;
+      };
+    };
+  };
+
 }
diff --git a/modules/force.nix b/modules/force.nix
index b5e71a2..107b677 100644
--- a/modules/force.nix
+++ b/modules/force.nix
@@ -13,6 +13,8 @@
     ./stuff/zsh.nix
   ];
 
+  services.tailscale.enable = true;
+
   environment.systemPackages = with pkgs; [
     tmux
     gh
@@ -21,6 +23,7 @@
     openssl
     nss
     glibc
+    kitty
     nixfmt-rfc-style
     killall
     deno
diff --git a/modules/nixos/network.nix b/modules/nixos/network.nix
index 93ac9b0..679814a 100644
--- a/modules/nixos/network.nix
+++ b/modules/nixos/network.nix
@@ -2,11 +2,14 @@
 
 {
 
-	#! Disable default nameservers to prevent ISP espionage
-	networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+  #! Disable default nameservers to prevent ISP espionage
+  networking.nameservers = [
+    "1.1.1.1"
+    "1.0.0.1"
+  ];
 
-	networking.hostName = "ralsei-pc";
-	networking.networkmanager.enable = true;
-	networking.resolvconf.enable = false;
+  networking.hostName = "kris-server";
+  networking.networkmanager.enable = true;
+  networking.resolvconf.enable = false;
 
 }
diff --git a/modules/openclaw-fs.nix b/modules/openclaw-fs.nix
index 5573390..c6d50e5 100644
--- a/modules/openclaw-fs.nix
+++ b/modules/openclaw-fs.nix
@@ -1,29 +1,13 @@
 { ... }:
 {
-  fileSystems =
-    let
-      bindRO = src: {
-        device = src;
-        fsType = "none";
-        options = [ "bind" "ro" ];
-      };
-      bindHide = src: {
-        device = "tmpfs";
-        fsType = "tmpfs";
-        options = [ "size=0" "mode=000" ];
-      };
-    in
-    {
-      "/home/openclaw/private/AT Protocol" = bindHide "/private/AT Protocol";
-      "/home/openclaw/private/cloudflared" = bindHide "/private/cloudflared";
-      "/home/openclaw/private/vaultwarden" = bindHide "/private/vaultwarden";
-      "/home/openclaw/protected" = bindHide "/protected";
-    };
-
   systemd.tmpfiles.rules = [
-    "d /home/openclaw/private 0750 openclaw openclaw -"
-    "d /home/openclaw/protected 0000 root root -"
-    "f /home/openclaw/private/tangled.env 0000 root root -"
-    "f /home/openclaw/private/cloudflared.pem 0000 root root -"
+    "d /private 0750 root root -"
+    "z /private/AT\x20Protocol 0700 root root -"
+    "z /private/cloudflared 0700 root root -"
+    "z /private/cloudflared.pem 0600 root root -"
+    "z /private/wafrn 0700 root root -"
+    "z /private/tangled.env 0600 root root -"
+    "z /private/vaultwarden 0700 root root -"
+    "z /protected 0700 root root -"
   ];
 }
diff --git a/modules/openclaw-user.nix b/modules/openclaw-user.nix
index 1473b9d..6e5b8c3 100644
--- a/modules/openclaw-user.nix
+++ b/modules/openclaw-user.nix
@@ -1,15 +1,3 @@
 { pkgs, ... }:
 {
-  users.users.openclaw = {
-    isSystemUser = false;
-    isNormalUser = true;
-    home = "/home/openclaw";
-    createHome = true;
-    group = "openclaw";
-    extraGroups = [ "docker" ];
-    shell = pkgs.bash;
-    description = "OpenClaw agent sandboxed user";
-  };
-
-  users.groups.openclaw = { };
 }

From 5d33a277b32aefa0a552a33e1ddf4ba61da2d547 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Thu, 19 Mar 2026 20:23:00 +0200
Subject: [PATCH 29/31] a

---
 flake.lock                     | 372 ++++++++++++++++++---------------
 flake.nix                      |   1 -
 hosts/server/configuration.nix |   3 -
 hosts/server/slop/openclaw.nix |  25 +--
 4 files changed, 212 insertions(+), 189 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6e27c24..4a093cf 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,11 +36,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772292445,
-        "narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=",
+        "lastModified": 1773436376,
+        "narHash": "sha256-OUPRrprbgN27BXHuWkMAPSCfLLQ/uwpWghEfKYN2iAg=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f",
+        "rev": "43f10d24391692bba3d762931ee35e7f17f8e8b8",
         "type": "github"
       },
       "original": {
@@ -69,11 +69,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767024902,
-        "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
+        "lastModified": 1772460678,
+        "narHash": "sha256-NYaWs8fYJ38IgFld0hGSdT2LEVhrgO8SiRReBjIH7YY=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
+        "rev": "5d2cb726b16ee349df443f84b64cff53221b6983",
         "type": "github"
       },
       "original": {
@@ -141,11 +141,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1772153824,
-        "narHash": "sha256-T65qXmlcD9qFpPTi+mOXsn4dIkO2N8Ls67nqmuzepv0=",
+        "lastModified": 1773403535,
+        "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "4b0f5b7bf7b3eeb484d49524f3c9791864ab9362",
+        "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
         "type": "github"
       },
       "original": {
@@ -177,6 +177,28 @@
         "type": "github"
       }
     },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "tangled",
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1772176312,
+        "narHash": "sha256-Yjo/QCJvY9GUhAzwac/m6Rx3oxvRyEaiT5DQ5o+T6g4=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "92d91250c1acd59beabc51208192adc92f31aeb5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -276,7 +298,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_6"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -294,7 +316,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_7"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -311,24 +333,6 @@
       }
     },
     "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_7"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_4": {
       "inputs": {
         "systems": "systems_8"
       },
@@ -346,7 +350,7 @@
         "type": "github"
       }
     },
-    "flake-utils_5": {
+    "flake-utils_4": {
       "inputs": {
         "systems": "systems_10"
       },
@@ -367,18 +371,17 @@
     "ghostty": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
         "home-manager": "home-manager_2",
         "nixpkgs": "nixpkgs_3",
         "zig": "zig",
         "zon2nix": "zon2nix"
       },
       "locked": {
-        "lastModified": 1772342074,
-        "narHash": "sha256-EMHTNX4EX7PzRLIvSd3C53SuLNmAb/edaeBzEVPA1Ns=",
+        "lastModified": 1773934729,
+        "narHash": "sha256-HrX1rEHZDcFQdJCTYv7XXsrsr2cKxXRFzAHaY+QLvmw=",
         "owner": "ghostty-org",
         "repo": "ghostty",
-        "rev": "25f12080cb567a1a78980effbfe8692dbdcbba44",
+        "rev": "c2e9de224eaf09a2ce3e7cb2f6c26d6d577ed8f0",
         "type": "github"
       },
       "original": {
@@ -411,7 +414,7 @@
     },
     "gomod2nix": {
       "inputs": {
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "tangled",
           "nixpkgs"
@@ -478,11 +481,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1772330611,
-        "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=",
+        "lastModified": 1773935367,
+        "narHash": "sha256-+RjULqqbCYmOJG+99pNqEGRJV7bX8DYPbxKUhKWFKsI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400",
+        "rev": "a7ec5440474cdcc9939cc67c320f01aea0a2f195",
         "type": "github"
       },
       "original": {
@@ -520,11 +523,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772330611,
-        "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=",
+        "lastModified": 1773422513,
+        "narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400",
+        "rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056",
         "type": "github"
       },
       "original": {
@@ -573,11 +576,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753964049,
-        "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
+        "lastModified": 1772461003,
+        "narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
         "owner": "hyprwm",
         "repo": "hyprcursor",
-        "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
+        "rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
         "type": "github"
       },
       "original": {
@@ -602,11 +605,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770511807,
-        "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
+        "lastModified": 1772461523,
+        "narHash": "sha256-mI6A51do+hEUzeJKk9YSWfVHdI/SEEIBi2tp5Whq5mI=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "7c75487edd43a71b61adb01cae8326d277aab683",
+        "rev": "7d63c04b4a2dd5e59ef943b4b143f46e713df804",
         "type": "github"
       },
       "original": {
@@ -631,11 +634,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763733840,
-        "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
+        "lastModified": 1772461523,
+        "narHash": "sha256-mI6A51do+hEUzeJKk9YSWfVHdI/SEEIBi2tp5Whq5mI=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
+        "rev": "7d63c04b4a2dd5e59ef943b4b143f46e713df804",
         "type": "github"
       },
       "original": {
@@ -660,11 +663,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766946335,
-        "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
+        "lastModified": 1772461523,
+        "narHash": "sha256-mI6A51do+hEUzeJKk9YSWfVHdI/SEEIBi2tp5Whq5mI=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "4af02a3925b454deb1c36603843da528b67ded6c",
+        "rev": "7d63c04b4a2dd5e59ef943b4b143f46e713df804",
         "type": "github"
       },
       "original": {
@@ -692,11 +695,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1772319987,
-        "narHash": "sha256-CWzTcI/f/tEHvJWPR0jU/Rf0razol+uCdFm3TK7QOfo=",
+        "lastModified": 1773926276,
+        "narHash": "sha256-dasCo1RATJvJWjPaVkbXPvjbWE+4f69bnRNGwtsh7Ao=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "2928d6af0ad1fa9f950c4ea8394739a468b5e34f",
+        "rev": "ad46ff635bcf7b4877b03e97d8e85468f025f4a1",
         "type": "github"
       },
       "original": {
@@ -738,11 +741,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767023960,
-        "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
+        "lastModified": 1772467975,
+        "narHash": "sha256-kipyuDBxrZq+beYpZqWzGvFWm4QbayW9agAvi94vDXY=",
         "owner": "hyprwm",
         "repo": "hyprland-guiutils",
-        "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
+        "rev": "5e1c6b9025aaf4d578f3eff7c0eb1f0c197a9507",
         "type": "github"
       },
       "original": {
@@ -763,11 +766,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765214753,
-        "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
+        "lastModified": 1772460177,
+        "narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
+        "rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
         "type": "github"
       },
       "original": {
@@ -792,11 +795,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771866172,
-        "narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=",
+        "lastModified": 1772459629,
+        "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41",
+        "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
         "type": "github"
       },
       "original": {
@@ -821,11 +824,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764612430,
-        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
+        "lastModified": 1772459629,
+        "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
+        "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
         "type": "github"
       },
       "original": {
@@ -850,11 +853,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764612430,
-        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
+        "lastModified": 1772459629,
+        "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
+        "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
         "type": "github"
       },
       "original": {
@@ -873,11 +876,11 @@
         "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1771606198,
-        "narHash": "sha256-5to2gGd3CX/tOwORd5ZNpKEr2GRTstNy9g5M1WVhF+s=",
+        "lastModified": 1772469074,
+        "narHash": "sha256-au/9emt9qbCX44i43vXLVV63Jl4x+jL8d5BlsCy+Y+c=",
         "owner": "hyprwm",
         "repo": "hyprlock",
-        "rev": "5ba5ff5b9493eb4b5bbef31c6a66bcc863cc558d",
+        "rev": "512e71d05cfb69b6dd5a5262bc6675845beddd4c",
         "type": "github"
       },
       "original": {
@@ -899,11 +902,11 @@
         "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1767100858,
-        "narHash": "sha256-9JeMRcQyaY8X6J8iAe+O1BrBaz/y6QY8/SLspsMGWhk=",
+        "lastModified": 1772476157,
+        "narHash": "sha256-Cuqhd0Ry5cd3TWrmL8Y2TO9ABVeacYpswarVXrVJvT4=",
         "owner": "hyprwm",
         "repo": "hyprsysteminfo",
-        "rev": "1959f049f5934be215a9eca9fbc1582438f4dbe2",
+        "rev": "6abb64f66a48c342183fcc42419875905993a2d4",
         "type": "github"
       },
       "original": {
@@ -951,11 +954,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764592794,
-        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
+        "lastModified": 1772462885,
+        "narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
         "owner": "hyprwm",
         "repo": "hyprtoolkit",
-        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
+        "rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
         "type": "github"
       },
       "original": {
@@ -996,11 +999,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767025790,
-        "narHash": "sha256-LEGGn0KRXr3swO80ESKE72KR6J4arRX/9psBnNF7O0A=",
+        "lastModified": 1772462885,
+        "narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
         "owner": "hyprwm",
         "repo": "hyprtoolkit",
-        "rev": "b42b3281d766e67eca990dba89e85cc7c1d3e26d",
+        "rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
         "type": "github"
       },
       "original": {
@@ -1021,11 +1024,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771271487,
-        "narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=",
+        "lastModified": 1773436263,
+        "narHash": "sha256-n+2xFJngUkBqUJD5FsbVnYEHBTyDFSqtBIwQIGPXWWo=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d",
+        "rev": "5e228db6821380a5875d5643176c5c46a47b8134",
         "type": "github"
       },
       "original": {
@@ -1046,11 +1049,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766160771,
-        "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=",
+        "lastModified": 1772459870,
+        "narHash": "sha256-xxkK2Cvqxpf/4UGcJ/TyCwrvmiNWsKsJfFzHMp2bxis=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f",
+        "rev": "e63f3a79334dec49f8eb1691f66f18115df04085",
         "type": "github"
       },
       "original": {
@@ -1071,11 +1074,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766253372,
-        "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
+        "lastModified": 1772459870,
+        "narHash": "sha256-xxkK2Cvqxpf/4UGcJ/TyCwrvmiNWsKsJfFzHMp2bxis=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
+        "rev": "e63f3a79334dec49f8eb1691f66f18115df04085",
         "type": "github"
       },
       "original": {
@@ -1096,11 +1099,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770501770,
-        "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
+        "lastModified": 1772459835,
+        "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
+        "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
         "type": "github"
       },
       "original": {
@@ -1121,11 +1124,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763640274,
-        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
+        "lastModified": 1772459835,
+        "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
+        "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
         "type": "github"
       },
       "original": {
@@ -1146,11 +1149,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763640274,
-        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
+        "lastModified": 1772459835,
+        "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
+        "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
         "type": "github"
       },
       "original": {
@@ -1175,11 +1178,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771606233,
-        "narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=",
+        "lastModified": 1773074819,
+        "narHash": "sha256-qRqYnXiKoJLRTcfaRukn7EifmST2IVBUMZOeZMAc5UA=",
         "owner": "hyprwm",
         "repo": "hyprwire",
-        "rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a",
+        "rev": "f68afd0e73687598cc2774804fedad76693046f0",
         "type": "github"
       },
       "original": {
@@ -1204,11 +1207,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766253414,
-        "narHash": "sha256-O70C7PD8r/8fwrVofU5gaswXrQ7WFg0m/M1eWnm3+1U=",
+        "lastModified": 1772463520,
+        "narHash": "sha256-GIjASzYnV4fK19HnyJKmHyqyxHxIpjusK9foEA4Yo+4=",
         "owner": "hyprwm",
         "repo": "hyprwire",
-        "rev": "c0541f6fa55bfc98a7bfdfe07b0e448d616a3a1b",
+        "rev": "4e1933ae5602b350c5b6633f5c932549c9b8aca2",
         "type": "github"
       },
       "original": {
@@ -1294,6 +1297,18 @@
         "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"
       }
     },
+    "mermaid-src": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-/YOdECG2V5c3kJ1QfGvhziTT6K/Dx/4mOk2mr3Fs/do=",
+        "type": "file",
+        "url": "https://cdn.jsdelivr.net/npm/mermaid@11.12.3/dist/mermaid.min.js"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://cdn.jsdelivr.net/npm/mermaid@11.12.3/dist/mermaid.min.js"
+      }
+    },
     "mnw": {
       "locked": {
         "lastModified": 1770419553,
@@ -1375,11 +1390,11 @@
         "nixpkgs": "nixpkgs_9"
       },
       "locked": {
-        "lastModified": 1772109967,
-        "narHash": "sha256-0oWZtmVJcI7Mc6nAXf7XM4FHLJv+H1X/8Gh31uJCyJ0=",
+        "lastModified": 1773561580,
+        "narHash": "sha256-wT0bKTp45YnMkc4yXQvk943Zz/rksYiIjEXGdWzxnic=",
         "owner": "openclaw",
         "repo": "nix-steipete-tools",
-        "rev": "2b97c49e03657af1574aee5a34f57b38fba90035",
+        "rev": "cd4c429ff3b3aaef9f92e59812cf2baf5704b86f",
         "type": "github"
       },
       "original": {
@@ -1390,11 +1405,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1771969195,
-        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
+        "lastModified": 1773533765,
+        "narHash": "sha256-qonGfS2lzCgCl59Zl63jF6dIRRpvW3AJooBGMaXjHiY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
+        "rev": "f8e82243fd601afb9f59ad230958bd073795cbfe",
         "type": "github"
       },
       "original": {
@@ -1406,11 +1421,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1771848320,
-        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
+        "lastModified": 1773122722,
+        "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
+        "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
         "type": "github"
       },
       "original": {
@@ -1438,11 +1453,11 @@
     },
     "nixpkgs_11": {
       "locked": {
-        "lastModified": 1766070988,
-        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "lastModified": 1771848320,
+        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
         "type": "github"
       },
       "original": {
@@ -1500,11 +1515,11 @@
     },
     "nixpkgs_15": {
       "locked": {
-        "lastModified": 1772198003,
-        "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
+        "lastModified": 1773389992,
+        "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
+        "rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
         "type": "github"
       },
       "original": {
@@ -1545,11 +1560,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1770841267,
-        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
+        "lastModified": 1773389992,
+        "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
+        "rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
         "type": "github"
       },
       "original": {
@@ -1561,11 +1576,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1766070988,
-        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "lastModified": 1772433332,
+        "narHash": "sha256-izhTDFKsg6KeVBxJS9EblGeQ8y+O8eCa6RcW874vxEc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "rev": "cf59864ef8aa2e178cccedbe2c178185b0365705",
         "type": "github"
       },
       "original": {
@@ -1577,11 +1592,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1766902085,
-        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "lastModified": 1772433332,
+        "narHash": "sha256-izhTDFKsg6KeVBxJS9EblGeQ8y+O8eCa6RcW874vxEc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "rev": "cf59864ef8aa2e178cccedbe2c178185b0365705",
         "type": "github"
       },
       "original": {
@@ -1593,11 +1608,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1772198003,
-        "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
+        "lastModified": 1773821835,
+        "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
+        "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
         "type": "github"
       },
       "original": {
@@ -1649,11 +1664,11 @@
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1772219256,
-        "narHash": "sha256-8RH/xcZOEDf2fJ5h/PSXKxmTnsIMV4AXBj3F8ZdJgyw=",
+        "lastModified": 1773927734,
+        "narHash": "sha256-hjf4JtCVGXO3/1SznMKKC+qFsIxQcVhZvPpoNuBYdFY=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "c07410f1838ce6a44708c49b8ed6fb061babc5ac",
+        "rev": "618cbe6aac5e72f1f9dc0d0dde145ee2d452df71",
         "type": "github"
       },
       "original": {
@@ -1664,17 +1679,17 @@
     },
     "openclaw": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
         "home-manager": "home-manager_4",
         "nix-steipete-tools": "nix-steipete-tools",
         "nixpkgs": "nixpkgs_10"
       },
       "locked": {
-        "lastModified": 1772348525,
-        "narHash": "sha256-4FglS6O9oDpIF+kYhikaLUBhZkhzTWF//xlnJK3ZBHY=",
+        "lastModified": 1773851886,
+        "narHash": "sha256-+3ygZuf5K8mtSGMMEZ/h+vxGvXCu1CmiB+531KMagH8=",
         "owner": "openclaw",
         "repo": "nix-openclaw",
-        "rev": "80373ef96a21a15761753ab5dd25fe3d8d680e5a",
+        "rev": "64d410666821866c565e048a4d07d6cf5d8e494e",
         "type": "github"
       },
       "original": {
@@ -1695,11 +1710,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772089711,
-        "narHash": "sha256-N4XQECQRWDirbf4mrZ0w5eCKPO5o2yNZv4LwW5SS4j0=",
+        "lastModified": 1773624569,
+        "narHash": "sha256-CKfTu9nDD85yv7hHxCKl8tGv4R+/Yj44ANAwvqSO2q4=",
         "owner": "spacebarchat",
         "repo": "pion-webrtc",
-        "rev": "d18098fd78687a2864ea8e696596d412889f9250",
+        "rev": "5382e83ccbb0305a91b9ae92eae2ee9f5ac39398",
         "type": "github"
       },
       "original": {
@@ -1718,11 +1733,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772024342,
-        "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
+        "lastModified": 1772893680,
+        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
+        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
         "type": "github"
       },
       "original": {
@@ -1753,6 +1768,23 @@
         "zen-browser": "zen-browser"
       }
     },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1772094427,
+        "narHash": "sha256-TiVs6OUBJEvajHdJZ5nIq0KognNJooUWuLGPFfQacSw=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "56b59a832858329c2f947f9b7bdf1a49da39c981",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    },
     "rust-overlay": {
       "inputs": {
         "nixpkgs": [
@@ -1776,18 +1808,18 @@
     },
     "spacebar": {
       "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
         "pion-webrtc": "pion-webrtc"
       },
       "locked": {
-        "lastModified": 1772304584,
-        "narHash": "sha256-IhORc4Xe3uTXuo69FX8uWLAWJNW2oHOgXICD0K5NFXs=",
+        "lastModified": 1773907380,
+        "narHash": "sha256-WYk3b21eH8xvbShG4J8MO4IizF5p2NkB1FaIPYaZfKY=",
         "owner": "spacebarchat",
         "repo": "server",
-        "rev": "829ada260753e0e45e0ac1db20c8f19afd2420cf",
+        "rev": "6438953a4ba1b885fb0f9e9df23c077875ec331f",
         "type": "github"
       },
       "original": {
@@ -1810,6 +1842,7 @@
       }
     },
     "systems": {
+      "flake": false,
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1962,6 +1995,7 @@
     "tangled": {
       "inputs": {
         "actor-typeahead-src": "actor-typeahead-src",
+        "fenix": "fenix",
         "flake-compat": "flake-compat_4",
         "gomod2nix": "gomod2nix",
         "htmx-src": "htmx-src",
@@ -1970,15 +2004,16 @@
         "indigo": "indigo",
         "inter-fonts-src": "inter-fonts-src",
         "lucide-src": "lucide-src",
+        "mermaid-src": "mermaid-src",
         "nixpkgs": "nixpkgs_11",
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
-        "lastModified": 1772351673,
-        "narHash": "sha256-Aq2qHTc6cHl8BGvGceRE/U3jxG50l4sR00V2jDPmzbM=",
+        "lastModified": 1773930822,
+        "narHash": "sha256-Hj0S1/w1c70B2+pfHTIiCPDh452H5UmfF8UTlYMt4Hs=",
         "ref": "refs/heads/master",
-        "rev": "f7c358408ce27f0f196a380d4730a5ae77b44c4d",
-        "revCount": 1993,
+        "rev": "2c7b9392ec1a2971b108a60a5dbc886134895670",
+        "revCount": 2081,
         "type": "git",
         "url": "https://tangled.sh/tangled.sh/core"
       },
@@ -2031,7 +2066,7 @@
     },
     "vscode-server": {
       "inputs": {
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": "nixpkgs_13"
       },
       "locked": {
@@ -2112,11 +2147,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761431178,
-        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
+        "lastModified": 1772669058,
+        "narHash": "sha256-XhnY0aRuDo5LT8pmJVPofPOgO2hAR7T+XRoaQxtNPzQ=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
+        "rev": "906d0ac159803a7df2dc1f948df9327670380f69",
         "type": "github"
       },
       "original": {
@@ -2131,11 +2166,11 @@
         "nixpkgs": "nixpkgs_15"
       },
       "locked": {
-        "lastModified": 1772332855,
-        "narHash": "sha256-LPNnG/TXua9dSal3Ka+Rj0s34gbkJ4/AhxWBzn87j0E=",
+        "lastModified": 1773737882,
+        "narHash": "sha256-P6k0BtT1/idYveVRdcwAZk8By9UjZW8XOMhSoS6wTBY=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "04e0729057ea01c3336f4751290a20f4ec564727",
+        "rev": "a7f1db35d74faf04e5189b3a32f890186ace5c28",
         "type": "github"
       },
       "original": {
@@ -2150,21 +2185,18 @@
           "ghostty",
           "flake-compat"
         ],
-        "flake-utils": [
-          "ghostty",
-          "flake-utils"
-        ],
         "nixpkgs": [
           "ghostty",
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1763295135,
-        "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=",
+        "lastModified": 1773145353,
+        "narHash": "sha256-dE8zx8WA54TRmFFQBvA48x/sXGDTP7YaDmY6nNKMAYw=",
         "owner": "mitchellh",
         "repo": "zig-overlay",
-        "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a",
+        "rev": "8666155d83bf792956a7c40915508e6d4b2b8716",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 96d8b9b..732c7e8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -75,7 +75,6 @@
           inherit inputs;
         };
         modules = [
-          inputs.home-manager.nixosModules.default
           inputs.catppuccin.nixosModules.catppuccin
           inputs.tangled.nixosModules.knot
           inputs.wafrn.nixosModules.default
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 865b843..ca8da57 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -23,9 +23,6 @@
 
   services.vscode-server.enable = true;
 
-  # Avoid clobber failures in Home Manager activations (e.g., openclaw user).
-  home-manager.backupFileExtension = "hmbackup";
-
   systemd.services.ocbwoy3-start-pm2 = {
     enable = true;
     description = "Start PM2";
diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix
index e8a69be..f00eeab 100644
--- a/hosts/server/slop/openclaw.nix
+++ b/hosts/server/slop/openclaw.nix
@@ -28,6 +28,8 @@ let
   });
 in
 {
+  imports = [ inputs.openclaw.nixosModules.openclaw-gateway ];
+
   users.users.openclaw = {
     isSystemUser = false;
     isNormalUser = true;
@@ -54,21 +56,14 @@ in
     ${pkgs.systemd}/bin/loginctl enable-linger openclaw || true
   '';
 
-  # Run OpenClaw gateway only under the dedicated openclaw user (user systemd service).
-  home-manager.users.openclaw = { pkgs, ... }: {
-    imports = [ inputs.openclaw.homeManagerModules.openclaw ];
-
-    home.stateVersion = "24.11";
-    programs.openclaw = {
-      enable = true;
-      package = openclawPatched;
-      instances.default = {
-        enable = true;
-        # Linux user service only; prevent accidental launchd usage.
-        launchd.enable = false;
-        systemd.enable = true;
-      };
-    };
+  # Run OpenClaw gateway as a NixOS system service under the dedicated user.
+  services.openclaw-gateway = {
+    enable = true;
+    package = openclawPatched;
+    createUser = false;
+    user = "openclaw";
+    group = "openclaw";
+    stateDir = "/home/openclaw/.local/share/openclaw";
   };
 
 }

From fc729c8aae00bf0b838dad048b9f39cdf0654b86 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Fri, 27 Mar 2026 23:01:48 +0200
Subject: [PATCH 30/31] a

---
 hosts/default/packages.nix           | 291 ++++++++++++++-------------
 hosts/server/configuration.nix       |  86 ++++++--
 hosts/server/modules/vaultwarden.nix |  12 +-
 3 files changed, 222 insertions(+), 167 deletions(-)

diff --git a/hosts/default/packages.nix b/hosts/default/packages.nix
index 5b22873..d2733a0 100644
--- a/hosts/default/packages.nix
+++ b/hosts/default/packages.nix
@@ -1,155 +1,168 @@
-{ inputs, config, pkgs, lib, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
-	
-	fonts.packages = with pkgs; [
-		noto-fonts
-		noto-fonts-cjk-sans
-		noto-fonts-emoji
-		monaspace
-		geist-font
-		# nerdfonts
-		nerd-fonts.geist-mono
-		nerd-fonts.monaspace
-		nerd-fonts.symbols-only
-		minecraftia
-	];
 
-	programs.seahorse.enable = true;
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-emoji
+    monaspace
+    geist-font
+    # nerdfonts
+    nerd-fonts.geist-mono
+    nerd-fonts.monaspace
+    nerd-fonts.symbols-only
+    minecraftia
+  ];
 
-	environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
+  programs.seahorse.enable = true;
 
-	security.polkit = {
-		enable = true;
-	};
+  environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
 
-	security.soteria.enable = true;
+  security.polkit = {
+    enable = true;
+  };
 
-	# surely they should add programs.discord!!
-	environment.systemPackages = with pkgs; [
-		(discord.override {
-			withEquicord = true;
-		})
+  security.soteria.enable = true;
 
-		# hyprland stuff
-		inputs.hyprlock.packages.${pkgs.stdenv.hostPlatform.system}.hyprlock
-		inputs.hyprsysteminfo.packages.${pkgs.stdenv.hostPlatform.system}.hyprsysteminfo
-		
-		# roblox
-		inputs.tuxstrap.packages.${pkgs.stdenv.hostPlatform.system}.default
-		
-		# minecraft
-		qemu
-		(writeShellScriptBin "qemu-system-x86_64-uefi" ''
-			qemu-system-x86_64 \
-				-bios ${OVMF.fd}/FV/OVMF.fd \
-				"$@"
-		'')
-		(writeShellScriptBin "regretevator" ''xdg-open roblox://placeId=4972273297'')
-		(writeShellScriptBin "kaijuparadise" ''xdg-open roblox://placeId=6456351776'')
-		(writeShellScriptBin "sewh" ''xdg-open roblox://placeId=16991287194'')	
+  # surely they should add programs.discord!!
+  environment.systemPackages = with pkgs; [
+    mosh
+    (discord.override {
+      withEquicord = true;
+    })
 
-		(writeShellScriptBin "fix-gtk" ''${inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland}/bin/hyprctl dispatch exec "${pkgs.xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk -r"'')
-		(callPackage ./apps/wl-shimeji.nix {})
-		(writeShellScriptBin "stop-shimejis" ''${inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland}/bin/hyprctl dispatch exec "shimejictl stop"'')
-		# (writeShellScriptBin "partynoob" ''shimejictl summon PartyNoob'')
-		# inputs.quickshell.packages.${pkgs.stdenv.hostPlatform.system}.default
-		kdePackages.qtdeclarative
-		catppuccin-gtk
-		catppuccin
-		catppuccin-qt5ct
-		catppuccin-catwalk
-		catppuccin-whiskers
-		mission-center
-		# nvtopPackages.full
-		libxkbcommon
-		ffmpeg-full
-		gnupg
-		code-cursor
-		nix-direnv
-		htop
-		nixpkgs-fmt
-		nixd
-		catppuccin-cursors.mochaBlue
-		unzip
-		libwebp
-		ifuse
-		w3m
-		imagemagick
-		alacritty
-		libimobiledevice
-		direnv
-		nautilus
-		kdePackages.dolphin
-		kdePackages.kservice
-		qpwgraph
-		wget
-		git
-		fastfetch
-		vscode
-		nodejs
-		bun
-		yarn
-		(python3.withPackages (subpkgs: with subpkgs; [
-			requests
-			pypresence
-			pygobject3
-		]))
-		# wrangler
-		fontforge
-		xclip
-		gamescope
-		yt-dlp
-		fontforge-gtk
-		deno
-		wofi
-		waybar
-		hyprpaper
-		dunst
-		swww
-		swappy
-		slurp
-		grim
-		wayland-utils
-		wl-clipboard
-		github-cli
-		cliphist
-		pywal
-		pavucontrol
-		wlogout
-		libnotify
-		killall
-		networkmanagerapplet
-		blueman
-		arrpc
-		playerctl
-		mangohud
-		jq
-		github-cli
-		file
-		nwg-look
-		# rhythmbox
-		hyprpolkitagent
+    # hyprland stuff
+    inputs.hyprlock.packages.${pkgs.stdenv.hostPlatform.system}.hyprlock
+    inputs.hyprsysteminfo.packages.${pkgs.stdenv.hostPlatform.system}.hyprsysteminfo
 
-		# important
-		glib
-		openssl
-		nss
-		glibc # C LIBRARY DO NOT REMOVE VERY IMPORTANT
-		gobject-introspection 
-		gimp3
-		mpv
-		nixfmt-rfc-style
+    # roblox
+    inputs.tuxstrap.packages.${pkgs.stdenv.hostPlatform.system}.default
 
-		protonvpn-cli
-		protonvpn-gui
-		(writeShellScriptBin "protonvpn" ''${pkgs.protonvpn-cli}/bin/protonvpn-cli "$@"'')
+    # minecraft
+    qemu
+    (writeShellScriptBin "qemu-system-x86_64-uefi" ''
+      			qemu-system-x86_64 \
+      				-bios ${OVMF.fd}/FV/OVMF.fd \
+      				"$@"
+      		'')
+    (writeShellScriptBin "regretevator" "xdg-open roblox://placeId=4972273297")
+    (writeShellScriptBin "kaijuparadise" "xdg-open roblox://placeId=6456351776")
+    (writeShellScriptBin "sewh" "xdg-open roblox://placeId=16991287194")
 
-		kdePackages.kdialog
+    (writeShellScriptBin "fix-gtk" ''${
+      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland
+    }/bin/hyprctl dispatch exec "${pkgs.xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk -r"'')
+    (callPackage ./apps/wl-shimeji.nix { })
+    (writeShellScriptBin "stop-shimejis" ''${
+      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland
+    }/bin/hyprctl dispatch exec "shimejictl stop"'')
+    # (writeShellScriptBin "partynoob" ''shimejictl summon PartyNoob'')
+    # inputs.quickshell.packages.${pkgs.stdenv.hostPlatform.system}.default
+    kdePackages.qtdeclarative
+    catppuccin-gtk
+    catppuccin
+    catppuccin-qt5ct
+    catppuccin-catwalk
+    catppuccin-whiskers
+    mission-center
+    # nvtopPackages.full
+    libxkbcommon
+    ffmpeg-full
+    gnupg
+    code-cursor
+    nix-direnv
+    htop
+    nixpkgs-fmt
+    nixd
+    catppuccin-cursors.mochaBlue
+    unzip
+    libwebp
+    ifuse
+    w3m
+    imagemagick
+    alacritty
+    libimobiledevice
+    direnv
+    nautilus
+    kdePackages.dolphin
+    kdePackages.kservice
+    qpwgraph
+    wget
+    git
+    fastfetch
+    vscode
+    nodejs
+    bun
+    yarn
+    (python3.withPackages (
+      subpkgs: with subpkgs; [
+        requests
+        pypresence
+        pygobject3
+      ]
+    ))
+    # wrangler
+    fontforge
+    xclip
+    gamescope
+    yt-dlp
+    fontforge-gtk
+    deno
+    wofi
+    waybar
+    hyprpaper
+    dunst
+    swww
+    swappy
+    slurp
+    grim
+    wayland-utils
+    wl-clipboard
+    github-cli
+    cliphist
+    pywal
+    pavucontrol
+    wlogout
+    libnotify
+    killall
+    networkmanagerapplet
+    blueman
+    arrpc
+    playerctl
+    mangohud
+    jq
+    github-cli
+    file
+    nwg-look
+    # rhythmbox
+    hyprpolkitagent
 
-		(writeShellScriptBin "roblox-studio-patcher" ''${pkgs.bun}/bin/bun run /home/ocbwoy3/config/scripts/bin/patchInternalRobloxStudio.ts'')
-		# firefox-devedition 
+    # important
+    glib
+    openssl
+    nss
+    glibc # C LIBRARY DO NOT REMOVE VERY IMPORTANT
+    gobject-introspection
+    gimp3
+    mpv
+    nixfmt-rfc-style
 
-	];
+    protonvpn-cli
+    protonvpn-gui
+    (writeShellScriptBin "protonvpn" ''${pkgs.protonvpn-cli}/bin/protonvpn-cli "$@"'')
+
+    kdePackages.kdialog
+
+    (writeShellScriptBin "roblox-studio-patcher" "${pkgs.bun}/bin/bun run /home/ocbwoy3/config/scripts/bin/patchInternalRobloxStudio.ts")
+    # firefox-devedition
+
+  ];
 
 }
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index ca8da57..edec60b 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -5,6 +5,48 @@
   ...
 }:
 
+let
+  mkUserService = pkgs.writeShellScriptBin "mk-user-service" ''
+        set -euo pipefail
+
+        if [ "$#" -lt 2 ]; then
+          echo "Usage: mk-user-service <name> <exec command...>" >&2
+          exit 1
+        fi
+
+        name="$1"
+        shift
+
+        unitDir="''${XDG_CONFIG_HOME:-$HOME/.config}/systemd/user"
+        unitFile="$unitDir/$name.service"
+
+        mkdir -p "$unitDir"
+
+        if [ -e "$unitFile" ]; then
+          echo "Refusing to overwrite existing unit: $unitFile" >&2
+          exit 2
+        fi
+
+        cat > "$unitFile" <<EOF
+    [Unit]
+    Description=$name
+
+    [Service]
+    Type=simple
+    ExecStart=$*
+    Restart=on-failure
+    RestartSec=2
+
+    [Install]
+    WantedBy=default.target
+    EOF
+
+        echo "Created $unitFile"
+        echo "Next steps:"
+        echo "  systemctl --user daemon-reload"
+        echo "  systemctl --user enable --now $name.service"
+  '';
+in
 {
   imports = [
     ./modules/atproto-pds.nix
@@ -23,27 +65,6 @@
 
   services.vscode-server.enable = true;
 
-  systemd.services.ocbwoy3-start-pm2 = {
-    enable = true;
-    description = "Start PM2";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "forking";
-      User = "ocbwoy3";
-      LimitNOFILE = "infinity";
-      LimitNPROC = "infinity";
-      LimitCORE = "infinity";
-      Environment = "PM2_HOME=/home/ocbwoy3/.pm2";
-      PIDFile = "/home/ocbwoy3/.pm2/pm2.pid";
-      Restart = "on-failure";
-
-      ExecStart = "${pkgs.pm2}/bin/pm2 resurrect";
-      ExecReload = "${pkgs.pm2}/bin/pm2 reload all";
-      ExecStop = "${pkgs.pm2}/bin/pm2 kill";
-    };
-  };
-
   services.openssh.settings = lib.mkDefault {
     PubkeyAuthentication = "yes";
     TrustedUserCAKeys = "/etc/ssh/ca.pub";
@@ -56,9 +77,11 @@
   };
 
   environment.systemPackages = with pkgs; [
+    mosh
     fastfetch
     hyfetch
-    pm2
+    bash
+    jdk
     steam-run
     opencode
     bun
@@ -81,6 +104,25 @@
     shell = pkgs.zsh;
   };
 
+  users.users.kris = {
+    initialPassword = "thisisapassword42069!";
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "docker"
+    ];
+    shell = pkgs.zsh;
+    packages = [
+      pkgs.mrpack-install
+      mkUserService
+    ];
+  };
+
+  system.activationScripts.enableKrisLinger.text = ''
+    ${pkgs.systemd}/bin/loginctl enable-linger kris || true
+  '';
+
   nixpkgs.overlays = [
     (final: prev: {
       nixos-rebuild = prev.writeShellScriptBin "nixos-rebuild" ''
diff --git a/hosts/server/modules/vaultwarden.nix b/hosts/server/modules/vaultwarden.nix
index e21413f..714f46e 100644
--- a/hosts/server/modules/vaultwarden.nix
+++ b/hosts/server/modules/vaultwarden.nix
@@ -9,10 +9,10 @@
   services.vaultwarden = {
     enable = true;
     dbBackend = "sqlite";
-    environmentFile = "/private/vaultwarden/vaultwarden.env";
+    environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
     config = {
       # Keep data alongside the secret env file so we can back it up together.
-      DATA_FOLDER = "/private/vaultwarden/data";
+      DATA_FOLDER = "/var/lib/vaultwarden/data";
       PUSH_RELAY_URI = "https://api.bitwarden.eu";
       PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
       DOMAIN = "https://vault.ocbwoy3.dev";
@@ -25,15 +25,15 @@
     };
   };
 
-  # Allow vaultwarden to write under /private/vaultwarden and ensure the directories exist.
+  # Allow vaultwarden to write under /var/lib/vaultwarden and ensure the directories exist.
   systemd.services.vaultwarden.serviceConfig = {
-    ReadWritePaths = [ "/private/vaultwarden" ];
+    ReadWritePaths = [ "/var/lib/vaultwarden" ];
   };
 
   # Create parent/data directories with proper ownership before startup.
   systemd.tmpfiles.rules = [
-    "d /private/vaultwarden 0750 vaultwarden vaultwarden -"
-    "d /private/vaultwarden/data 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden/data 0750 vaultwarden vaultwarden -"
   ];
 
   # cloudflared!!

From 099ef7b987641a9683d41959655907bf0a90df51 Mon Sep 17 00:00:00 2001
From: Kris <ocbwoy3@ocbwoy3.dev>
Date: Sat, 28 Mar 2026 00:02:32 +0200
Subject: [PATCH 31/31] aa

---
 hosts/server/configuration.nix   |  1 +
 hosts/server/modules/zipline.nix | 17 +++++++++++++++++
 modules/openclaw-fs.nix          |  1 +
 modules/openclaw-watchdog.nix    |  2 +-
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 hosts/server/modules/zipline.nix

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index edec60b..becd920 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -56,6 +56,7 @@ in
     ../../modules/force.nix
     ./modules/gitea.nix
     ./modules/vaultwarden.nix
+    ./modules/zipline.nix
     ./slop/openclaw.nix
     ./slop/brave.nix
   ];
diff --git a/hosts/server/modules/zipline.nix b/hosts/server/modules/zipline.nix
new file mode 100644
index 0000000..37afd5f
--- /dev/null
+++ b/hosts/server/modules/zipline.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  services.zipline = {
+    enable = true;
+    environmentFiles = [ "/private/zipline/zipline.env" ];
+    settings = {
+      CORE_HOSTNAME = "127.0.0.1";
+      CORE_PORT = 3015;
+    };
+  };
+}
diff --git a/modules/openclaw-fs.nix b/modules/openclaw-fs.nix
index c6d50e5..858309d 100644
--- a/modules/openclaw-fs.nix
+++ b/modules/openclaw-fs.nix
@@ -8,6 +8,7 @@
     "z /private/wafrn 0700 root root -"
     "z /private/tangled.env 0600 root root -"
     "z /private/vaultwarden 0700 root root -"
+    "d /private/zipline 0700 root root -"
     "z /protected 0700 root root -"
   ];
 }
diff --git a/modules/openclaw-watchdog.nix b/modules/openclaw-watchdog.nix
index ccff3d3..027f9d4 100644
--- a/modules/openclaw-watchdog.nix
+++ b/modules/openclaw-watchdog.nix
@@ -25,7 +25,7 @@
       set -euo pipefail
 
       WEBHOOK="$(cat /run/secrets/discord-webhook 2>/dev/null || echo "")"
-      UNITS=("sshd" "docker" "bluesky-pds" "cloudflared")
+      UNITS=("sshd" "docker" "bluesky-pds" "cloudflared" "zipline")
       HOSTNAME="$(hostname)"
 
       notify() {