flake.lock: Update

Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
  → 'github:nix-community/home-manager/3b955f5f0a942f9f60cdc9cacb7844335d0f21c3?narHash=sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA%3D' (2025-09-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545?narHash=sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A%3D' (2025-08-20)
  → 'github:NixOS/nixpkgs/879bd460b3d3e8571354ce172128fbcbac1ed633?narHash=sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI%3D' (2025-10-02)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/42e1afa45385017e72b59ad15c3f786d09a704be?narHash=sha256-hG2eV%2B5tMHSE3XFmJTgx87GrTAD3RJz2Lj%2BzM0TShg4%3D' (2025-08-24)
  → 'github:NixOS/nixpkgs/590c794954a1ab307b9bb3d81757a026009d3e03?narHash=sha256-OHAZ/IDHQ8a4G6MIs/v8GSDW3tRQYHMcF7Ean/PlmYI%3D' (2025-10-05)
• Updated input 'nur':
    'github:nix-community/NUR/20caa31dbef80914895e41b56be4cabc740b2126?narHash=sha256-/W53HyLk4qSrPJjYWdD5SK%2B3p0Ns9Bg6MKHoeqLVqi0%3D' (2025-08-23)
  → 'github:nix-community/NUR/2edcb08c08b541088834d35cf560601038b3c3a2?narHash=sha256-psvkqVBJDv/A2I5pXOIn5rFWYCx0C2ogUmYNA/WH1ys%3D' (2025-10-04)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
  → 'github:nixos/nixpkgs/7df7ff7d8e00218376575f0acdcc5d66741351ee?narHash=sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs%3D' (2025-10-02)
• Updated input 'retiolum':
    'github:krebs/retiolum/1fa596dc8b176c9ea35823b33f8579c6d96fb7f9?narHash=sha256-WyGfu6MvNXrkcbUCwNGX59UvIj38%2BxvIgZEZRdp49lI%3D' (2025-02-26)
  → 'github:krebs/retiolum/17d947cc08bb17ee979e6332e35f89d64033e204?narHash=sha256-uPxzGBAugKayJywTixtipZ6UmoyEwu9t1hwV8PebzS0%3D' (2025-08-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/897ecf2b25be05e6ccb7661703f9f2fdec155f42?narHash=sha256-r0WnHKwA8DQNSHDmN3LNaqu41GbWDYqLS7IQAGR%2B6Wg%3D' (2025-08-23)
  → 'github:oxalica/rust-overlay/bd3a63bbff2c4cb3cd48e9d49f54c2ccad457f70?narHash=sha256-yQwP0JOHi3Icq09GG5ufGuGrq2zIijglVFj3kkF2MHA%3D' (2025-10-04)
• Updated input 'stylix':
    'github:danth/stylix/79be65b20d7b8fb7e8f39ba8121cfe41b7f46808?narHash=sha256-VmheUy4UzWDy/u0TvCCHptgF30peL7wRxkHy7EVpDrQ%3D' (2025-08-20)
  → 'github:danth/stylix/4d065856e936fc6a99ba55d39ac2df9ded6bedbe?narHash=sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk%3D' (2025-10-04)

configs/0ad.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [ pkgs.zeroad ];
+  networking.firewall = {
+    allowedTCPPorts = [ 20595 ];
+    allowedUDPPorts = [ 20595 ];
+  };
+}

configs/neovim.nix

@@ -46,6 +46,7 @@
     pkgs.haskellPackages.haskell-language-server
     pkgs.texlab
     pkgs.nil
+    pkgs.gopls
     pkgs.nixfmt-rfc-style
     pkgs.rust-analyzer
     pkgs.nodePackages.typescript-language-server

configs/packages.nix

@@ -241,6 +241,7 @@ in {
     nodePackages.csslint
     nodePackages.jsonlint
     deno # better node.js
+    go
     texlive.combined.scheme-full
     latexrun
     (aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))

flake.lock

@@ -590,11 +590,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755928099,
-        "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4a44fb9f7555da362af9d499817084f4288a957f",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
@@ -675,11 +675,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1702906210,
-        "narHash": "sha256-V/nSui5BkCg0zX6uaIeax/Jrl8voxd0r7FUQRMVrHN0=",
+        "lastModified": 1759437689,
+        "narHash": "sha256-L3gLXmW+9oE+5YosaOSIDtNlXmXxnY8RXDNj2J8uIRs=",
         "owner": "kmein",
         "repo": "menstruation.rs",
-        "rev": "1c8d6f4463fb746eb6c9855d2419cb4e8f48ac50",
+        "rev": "7ae9a7affffd20eafe0158b9b7ca50cc8a77f2af",
         "type": "github"
       },
       "original": {
@@ -1045,11 +1045,11 @@
     },
     "nixpkgs-unstable_2": {
       "locked": {
-        "lastModified": 1755996835,
-        "narHash": "sha256-hG2eV+5tMHSE3XFmJTgx87GrTAD3RJz2Lj+zM0TShg4=",
+        "lastModified": 1759625203,
+        "narHash": "sha256-OHAZ/IDHQ8a4G6MIs/v8GSDW3tRQYHMcF7Ean/PlmYI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "42e1afa45385017e72b59ad15c3f786d09a704be",
+        "rev": "590c794954a1ab307b9bb3d81757a026009d3e03",
         "type": "github"
       },
       "original": {
@@ -1167,11 +1167,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1755704039,
-        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
+        "lastModified": 1759439645,
+        "narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
+        "rev": "879bd460b3d3e8571354ce172128fbcbac1ed633",
         "type": "github"
       },
       "original": {
@@ -1183,11 +1183,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1759381078,
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
         "type": "github"
       },
       "original": {
@@ -1330,11 +1330,11 @@
         "nixpkgs": "nixpkgs_8"
       },
       "locked": {
-        "lastModified": 1755984779,
-        "narHash": "sha256-/W53HyLk4qSrPJjYWdD5SK+3p0Ns9Bg6MKHoeqLVqi0=",
+        "lastModified": 1759614609,
+        "narHash": "sha256-psvkqVBJDv/A2I5pXOIn5rFWYCx0C2ogUmYNA/WH1ys=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "20caa31dbef80914895e41b56be4cabc740b2126",
+        "rev": "2edcb08c08b541088834d35cf560601038b3c3a2",
         "type": "github"
       },
       "original": {
@@ -1438,11 +1438,11 @@
     },
     "retiolum_2": {
       "locked": {
-        "lastModified": 1740597428,
-        "narHash": "sha256-WyGfu6MvNXrkcbUCwNGX59UvIj38+xvIgZEZRdp49lI=",
+        "lastModified": 1756302470,
+        "narHash": "sha256-uPxzGBAugKayJywTixtipZ6UmoyEwu9t1hwV8PebzS0=",
         "owner": "krebs",
         "repo": "retiolum",
-        "rev": "1fa596dc8b176c9ea35823b33f8579c6d96fb7f9",
+        "rev": "17d947cc08bb17ee979e6332e35f89d64033e204",
         "type": "github"
       },
       "original": {
@@ -1529,11 +1529,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755916474,
-        "narHash": "sha256-r0WnHKwA8DQNSHDmN3LNaqu41GbWDYqLS7IQAGR+6Wg=",
+        "lastModified": 1759544920,
+        "narHash": "sha256-yQwP0JOHi3Icq09GG5ufGuGrq2zIijglVFj3kkF2MHA=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "897ecf2b25be05e6ccb7661703f9f2fdec155f42",
+        "rev": "bd3a63bbff2c4cb3cd48e9d49f54c2ccad457f70",
         "type": "github"
       },
       "original": {
@@ -1671,11 +1671,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1755710103,
-        "narHash": "sha256-VmheUy4UzWDy/u0TvCCHptgF30peL7wRxkHy7EVpDrQ=",
+        "lastModified": 1759596342,
+        "narHash": "sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "79be65b20d7b8fb7e8f39ba8121cfe41b7f46808",
+        "rev": "4d065856e936fc6a99ba55d39ac2df9ded6bedbe",
         "type": "github"
       },
       "original": {

flake.nix

@@ -146,6 +146,7 @@
         power-action = import modules/power-action.nix;
         system-dependent = import modules/system-dependent.nix;
         telegram-bot = import modules/telegram-bot.nix;
+        go-webring = import modules/go-webring.nix;
       };
 
       lib = {
@@ -207,6 +208,7 @@
             agenix.nixosModules.default
             inputs.self.nixosModules.passport
             inputs.self.nixosModules.panoptikon
+            inputs.self.nixosModules.go-webring
             inputs.self.nixosModules.htgen
             inputs.stockholm.nixosModules.reaktor2
             retiolum.nixosModules.retiolum
@@ -239,6 +241,7 @@
             systems/kibbeh/configuration.nix
             agenix.nixosModules.default
             retiolum.nixosModules.retiolum
+            home-manager.nixosModules.home-manager
           ];
         };
         makanek = nixpkgs.lib.nixosSystem rec {
@@ -399,6 +402,7 @@
         q = pkgs.callPackage packages/q.nix {};
         qrpaste = pkgs.callPackage packages/qrpaste.nix {};
         random-zeno = pkgs.callPackage packages/random-zeno.nix {};
+        go-webring = pkgs.callPackage packages/go-webring.nix {};
         rfc = pkgs.callPackage packages/rfc.nix {};
         gimp = pkgs.callPackage packages/gimp.nix {};
         scanned = pkgs.callPackage packages/scanned.nix {};

lib/vim/init.lua

@@ -91,6 +91,7 @@ local language_servers = {
   -- tsserver = {}, -- typescript-language-server
   cssls = {},
   elmls = {}, -- elm-language-server
+  gopls = {}, -- gopls
   denols = {}, -- deno built in
   bashls = {}, -- bash-language-server
   lua_ls = {

modules/go-webring.nix

@@ -0,0 +1,140 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib)
+    mkEnableOption
+    mkPackageOption
+    mkOption
+    types
+    literalExpression
+    mkIf
+    ;
+  cfg = config.services.go-webring;
+
+  defaultAddress = "127.0.0.1:2857";
+in
+
+{
+  options = {
+    services.go-webring = {
+      enable = mkEnableOption "go-webring";
+
+      package = mkPackageOption pkgs "go-webring" { };
+
+      contactInstructions = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Contact instructions for errors";
+        example = "contact the admin and let them know what's up";
+      };
+
+      host = mkOption {
+        type = types.str;
+        description = "Host this webring runs on, primarily used for validation";
+        example = "my-webri.ng";
+      };
+
+      homePageTemplate = mkOption {
+        type = types.str;
+        description = ''
+          This should be any HTML file with the string "{{ . }}" placed
+          wherever you want the table of members inserted. This table is
+          plain HTML so you can style it with CSS.
+        '';
+      };
+
+      listenAddress = mkOption {
+        type = types.str;
+        default = defaultAddress;
+        description = "Host and port go-webring will listen on";
+      };
+
+      members = mkOption {
+        type = types.listOf (
+          types.submodule {
+            options = {
+              username = mkOption {
+                type = types.str;
+                description = "Member's name";
+              };
+              site = mkOption {
+                type = types.str;
+                description = "Member's site URL";
+              };
+            };
+          }
+        );
+        description = "List of members in the webring";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.go-webring = {
+      description = "go-webring service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      requires = [ "network.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''
+          ${lib.getExe cfg.package} \
+            ${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
+            --host ${cfg.host} \
+            --index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
+            --listen ${cfg.listenAddress} \
+            --members ${
+              pkgs.writeText "list.txt" (
+                lib.concatMapStrings (member: member.username + " " + member.site + "\n") cfg.members
+              )
+            }
+        '';
+        User = "go-webring";
+        DynamicUser = true;
+        RuntimeDirectory = "go-webring";
+        WorkingDirectory = "/var/lib/go-webring";
+        StateDirectory = "go-webring";
+        RuntimeDirectoryMode = "0750";
+        Restart = "always";
+        RestartSec = 5;
+
+        # Hardening
+        CapabilityBoundingSet = [ "" ];
+        DeviceAllow = [ "" ];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        PrivateDevices = true;
+        PrivateUsers = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+          "AF_UNIX"
+        ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+        ];
+        UMask = "0077";
+      };
+    };
+    environment.systemPackages = [ cfg.package ];
+  };
+}

packages/go-webring.nix

@@ -0,0 +1,21 @@
+{ buildGoModule, fetchgit, lib }:
+buildGoModule {
+  pname = "go-webring";
+  version = "2024-12-18";
+
+  src = fetchgit {
+    url = "https://git.sr.ht/~amolith/go-webring";
+    rev = "0b5b1bf21ff91119ea2dd042ee9fe94e9d1cd8d4";
+    hash = "sha256-az6vBOGiZmzfsMjYUacXMHhDeRDmVI/arCKCpHeTcns=";
+  };
+
+  vendorHash = "sha256-3PnXB8AfZtgmYEPJuh0fwvG38dtngoS/lxyx3H+rvFs=";
+
+  meta = {
+    mainProgram = "go-webring";
+    description = "Simple webring implementation";
+    homepage = "https://git.sr.ht/~amolith/go-webring";
+    license = lib.licenses.bsd2; # cc0 as well
+    maintainers = [ lib.maintainers.kmein ];
+  };
+}

packages/scanned.nix

@@ -2,8 +2,12 @@
 {
   writers,
   imagemagick,
+  ghostscript,
+  lib
 }:
 writers.writeDashBin "scanned" ''
+  export PATH=${lib.makeBinPath [ imagemagick ghostscript ]}:$PATH
+
   [ $# -eq 1 -a -f "$1" -a -r "$1" ] || exit 1
 
   ${imagemagick}/bin/convert \

systems/fatteh/configuration.nix

@@ -9,6 +9,7 @@ in {
     ./hardware-configuration.nix
     ../../configs/networkmanager.nix
     ../../configs/default.nix
+    ../../configs/0ad.nix
     # ../../configs/gnome.nix
   ];
 

systems/ful/configuration.nix

@@ -12,6 +12,7 @@ in {
     ./radio.nix
     ./panoptikon.nix
     ./hledger.nix
+    ./go-webring.nix
     ./gemini.nix
     ./wallabag.nix
     ./alew.nix

systems/ful/go-webring.nix

@@ -0,0 +1,39 @@
+{ config, niveumPackages ,... }:
+let
+  port = 2857;
+in
+{
+  services.go-webring = {
+    enable = true;
+    host = "dichtungsring.kmein.de";
+    listenAddress = "127.0.0.1:${toString port}";
+    package = niveumPackages.go-webring;
+    members = [
+      { username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
+      { username = "huldra"; site = "huldras-halbtraum.com"; }
+    ];
+    homePageTemplate = ''
+      <!DOCTYPE html>
+      <html lang="de">
+      <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Dichtungsring</title>
+      </head>
+      <body>
+        <h1>Willkommen beim Dichtungs-Ring</h1>
+        <p>Ein <a href="https://de.wikipedia.org/wiki/Webring">Webring</a> für die Dichtung.</p>
+        <section id="members">
+        <table><tbody>{{ . }}</tbody></table>
+        </section>
+      </body>
+      </html>
+    '';
+  };
+
+  services.nginx.virtualHosts."dichtungsring.kmein.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://${config.services.go-webring.listenAddress}";
+  };
+}

systems/makanek/configuration.nix

@@ -48,7 +48,7 @@ in {
       config.services.grafana.dataDir
       config.services.gitea.stateDir
       config.services.weechat.root
-      config.services.nginx.virtualHosts."www.kmein.de".root
+      config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
       "/var/lib/weechat"
       "/var/lib/codimd"
     ];
@@ -121,7 +121,22 @@ in {
   services.nginx.virtualHosts."www.kmein.de" = {
     addSSL = true;
     enableACME = true;
-    root = "/var/www/kmein.de";
+    locations."/" = {
+      root = "/var/www/kmein.de";
+      extraConfig = ''
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+
+          # Handle preflight requests
+          if ($request_method = 'OPTIONS') {
+              add_header 'Access-Control-Allow-Origin' '*';
+              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+              add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+              return 204; # No Content
+          }
+      '';
+    };
   };
 
   environment.systemPackages = [