remove unused modules dibbler and worblehat

modules/drumknotty: split into several parts
This also fixes a few issues, such as enabling `createLocalDatabase` for multiple programs, and wraps all the screen logic within a screenrc file. Some assertions were also added to avoid some easy-to-make mistakes.
2026-03-26 11:46:41 +01:00 · 2026-03-26 17:27:05 +09:00 · 2026-03-21 14:34:29 +01:00 · 2026-03-21 13:47:30 +01:00 · 2026-03-21 13:47:30 +01:00 · 2026-03-21 13:47:27 +01:00
22 changed files with 3063 additions and 278 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -15,11 +15,11 @@ keys:
  - &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
  - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
  - &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
-  - &host_lupine-1 age18lta9d683yekz487xwtd99da236d8mgk4ftlmv2jffx858p9qf2s9j868l
-  - &host_lupine-2 age1e0a4ru707v637wzmuxqv0xywmlkhunzgyfy4mrkjc7a23qq8msgq7nqtvt
-  - &host_lupine-3 age1wmrrhd5deatmgflkas636u3rzuk46u9knl02v4t39ncs37xqquhq9vwzye
-  - &host_lupine-4 age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l
-  - &host_lupine-5 age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn
+  - &host_lupine-1 age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
+  - &host_lupine-2 age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
+  - &host_lupine-3 age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
+  - &host_lupine-4 age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
+  - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
  - &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf
  - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
  - &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
--- a/base/services/acme.nix
+++ b/base/services/acme.nix
@@ -2,7 +2,7 @@
 {
  security.acme = {
    acceptTerms = true;
-    defaults.email = "drift@pvv.ntnu.no";
+    defaults.email = "acme-drift@pvv.ntnu.no";
  };

  # Let's not spam LetsEncrypt in `nixos-rebuild build-vm` mode:
--- a/flake.lock
+++ b/flake.lock
@@ -1,20 +1,5 @@
 {
  "nodes": {
-    "crane": {
-      "locked": {
-        "lastModified": 1770419512,
-        "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=",
-        "owner": "ipetkov",
-        "repo": "crane",
-        "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ipetkov",
-        "repo": "crane",
-        "type": "github"
-      }
-    },
    "dibbler": {
      "inputs": {
        "nixpkgs": [
@@ -62,11 +47,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1772408722,
-        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
+        "lastModified": 1765835352,
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
        "type": "github"
      },
      "original": {
@@ -82,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770617355,
-        "narHash": "sha256-lauV1yKA67WxnlbiJiwhOT9xI8nTiUqqrrRlgA+rMis=",
+        "lastModified": 1767906545,
+        "narHash": "sha256-LOf08pcjEQFLs3dLPuep5d1bAXWOFcdfxuk3YMb5KWw=",
        "ref": "main",
-        "rev": "36af0316a7370d19db05ef7c0a87e826f4a222d5",
-        "revCount": 24,
+        "rev": "e55cbe0ce0b20fc5952ed491fa8a553c8afb1bdd",
+        "revCount": 23,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
      },
@@ -104,11 +89,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1770617867,
-        "narHash": "sha256-xPLm4C13KUl0zmm1OA+A8UwDSixwtNQ/caRx/WjN+WY=",
+        "lastModified": 1767906494,
+        "narHash": "sha256-Dd6gtdZfRMAD6JhdX0GdJwIHVaBikePSpQXhIdwLlWI=",
        "ref": "main",
-        "rev": "155752914d81a3a3c02fcfc5d840cfdfda07216d",
-        "revCount": 62,
+        "rev": "7258822e2e90fea2ea00b13b5542f63699e33a9e",
+        "revCount": 61,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -139,6 +124,27 @@
        "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
      }
    },
+    "libdib": {
+      "inputs": {
+        "nixpkgs": [
+          "worblehat",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1769338528,
+        "narHash": "sha256-t18ZoSt9kaI1yde26ok5s7aFLkap1Q9+/2icVh2zuaE=",
+        "ref": "refs/heads/main",
+        "rev": "7218348163fd8d84df4a6f682c634793e67a3fed",
+        "revCount": 13,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/libdib.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/libdib.git"
+      }
+    },
    "matrix-next": {
      "inputs": {
        "nixpkgs": [
@@ -232,11 +238,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774824790,
-        "narHash": "sha256-3R2aoykbutdJ7YQaZiU7uO8w4O8b6RjztTPNo8isLTI=",
+        "lastModified": 1769018862,
+        "narHash": "sha256-x3eMpPQhZwEDunyaUos084Hx41XwYTi2uHY4Yc4YNlk=",
        "owner": "oddlama",
        "repo": "nix-topology",
-        "rev": "5765ce41be8a4fb5471a57671c2b740a350c5da0",
+        "rev": "a15cac71d3399a4c2d1a3482ae62040a3a0aa07f",
        "type": "github"
      },
      "original": {
@@ -248,11 +254,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1775064210,
-        "narHash": "sha256-bEqbUNAnoyNZzd8rrhS8QETdDWr+vYzZeaggBLmFLIA=",
-        "rev": "9d1c3efdc713c1ed9679796c08a1a8a193e4704e",
+        "lastModified": 1769724120,
+        "narHash": "sha256-oQBM04hQk1kotfv4qmIG1tHmuwODd1+hqRJE5TELeCE=",
+        "rev": "8ec59ed5093c2a742d7744e9ecf58f358aa4a87d",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.8497.9d1c3efdc713/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.4961.8ec59ed5093c/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -261,11 +267,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1772328832,
-        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
        "type": "github"
      },
      "original": {
@@ -276,11 +282,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1775064351,
-        "narHash": "sha256-KHkwW/A1+H23YBMQGDmPb8cw5LwZFnszVKg5eZ4JWhg=",
-        "rev": "1e6f1bb5bb05d14aea16063ab587c599a68241c2",
+        "lastModified": 1769813739,
+        "narHash": "sha256-RmNWW1DQczvDwBHu11P0hGwJZxbngdoymVu7qkwq/2M=",
+        "rev": "16a3cae5c2487b1afa240e5f2c1811f172419558",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre973082.1e6f1bb5bb05/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre937548.16a3cae5c248/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -368,23 +374,23 @@
        "pvv-nettsiden": "pvv-nettsiden",
        "qotd": "qotd",
        "roowho2": "roowho2",
-        "sops-nix": "sops-nix"
+        "sops-nix": "sops-nix",
+        "worblehat": "worblehat"
      }
    },
    "roowho2": {
      "inputs": {
-        "crane": "crane",
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1770912859,
-        "narHash": "sha256-wtf7YgthGVDY7dhWe8cO42+CD7Y2Pkngvzirwjwvfzg=",
+        "lastModified": 1769834595,
+        "narHash": "sha256-P1jrO7BxHyIKDuOXHuUb7bi4H2TuYnACW5eqf1gG47g=",
        "ref": "main",
-        "rev": "9361dcf941fabb14e94f472754b0e0a26cc56e13",
-        "revCount": 59,
+        "rev": "def4eec2d59a69b4638b3f25d6d713b703b2fa56",
+        "revCount": 49,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
      },
@@ -402,11 +408,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770606655,
-        "narHash": "sha256-rpJf+kxvLWv32ivcgu8d+JeJooog3boJCT8J3joJvvM=",
+        "lastModified": 1767840362,
+        "narHash": "sha256-ZtsFqUhilubohNZ1TgpQIFsi4biZTwRH9rjZsDRDik8=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "11a396520bf911e4ed01e78e11633d3fc63b350e",
+        "rev": "d159ea1fc321c60f88a616ac28bab660092a227d",
        "type": "github"
      },
      "original": {
@@ -464,11 +470,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774910634,
-        "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
+        "lastModified": 1769469829,
+        "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
+        "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
        "type": "github"
      },
      "original": {
@@ -477,6 +483,28 @@
        "repo": "sops-nix",
        "type": "github"
      }
+    },
+    "worblehat": {
+      "inputs": {
+        "libdib": "libdib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773932847,
+        "narHash": "sha256-IklIAdlonrmO8/lkDxNIVz9+ORL4pcVotMTxeyvxzoc=",
+        "ref": "main",
+        "rev": "0871a319f51d3cb0d1abb5b11edb768b39906d3f",
+        "revCount": 104,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/worblehat.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/worblehat.git"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -23,6 +23,9 @@
    dibbler.url = "git+https://git.pvv.ntnu.no/Projects/dibbler.git?ref=main";
    dibbler.inputs.nixpkgs.follows = "nixpkgs";

+    worblehat.url = "git+https://git.pvv.ntnu.no/Projects/worblehat.git?ref=main";
+    worblehat.inputs.nixpkgs.follows = "nixpkgs";
+
    matrix-next.url = "github:dali99/nixos-matrix-modules/v0.8.0";
    matrix-next.inputs.nixpkgs.follows = "nixpkgs";

@@ -188,10 +191,14 @@
      #ildkule-unstable = unstableNixosConfig "ildkule" { };
      skrot = stableNixosConfig "skrot" {
        modules = [
+          self.nixosModules.drumknotty
          inputs.disko.nixosModules.disko
-          inputs.dibbler.nixosModules.default
        ];
-        overlays = [inputs.dibbler.overlays.default];
+        overlays =
+        [
+          inputs.dibbler.overlays.default
+          inputs.worblehat.overlays.default
+        ];
      };
      shark = stableNixosConfig "shark" { };
      wenche = stableNixosConfig "wenche" { };
@@ -287,6 +294,7 @@
      rsync-pull-targets = ./modules/rsync-pull-targets.nix;
      snakeoil-certs = ./modules/snakeoil-certs.nix;
      snappymail = ./modules/snappymail.nix;
+      drumknotty = ./modules/drumknotty;
    };

    devShells = forAllSystems (system: {
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -1,56 +1,32 @@
-{ fp, pkgs, values, lib, ... }:
+{ fp, pkgs, values, ... }:
 {
  imports = [
    ./hardware-configuration.nix

    (fp /base)
-    #./services/nginx
+    ./services/nginx

-    #./services/calendar-bot.nix
+    ./services/calendar-bot.nix
    #./services/git-mirrors
-    #./services/minecraft-heatmap.nix
-    #./services/mysql
-    #./services/postgresql
+    ./services/minecraft-heatmap.nix
+    ./services/mysql
+    ./services/postgresql

-    #./services/matrix
+    ./services/matrix
  ];

-  boot.loader = {
-    systemd-boot.enable = false; # no uefi support on this device
-    grub.device = "/dev/disk/by-id/scsi-3600508b1001ca9cf1c96afea40d5451d";
-    grub.enable = true;
-  };
-
-  boot = {
-    zfs = {
-      extraPools = [ "bicepdata" ];
-      requestEncryptionCredentials = false;
-    };
-    supportedFilesystems.zfs = true;
-
-    kernelPackages = pkgs.linuxPackages;
-  };
-
-  services.zfs.autoScrub = {
-    enable = true;
-    interval = "Wed *-*-8..14 00:00:00";
-  };
-
-  networking.hostId = "3b4bf6a5";
-  systemd.network.networks."30-ens10f3" = values.defaultNetworkConfig // {
-    matchConfig.Name = "ens10f3";
-    # IPs belong to guest1.pvv.ntnu.no
-    address = [ "129.241.210.248/25" "2001:700:300:1900::248/63" ];
+  #systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
+  systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
+    #matchConfig.Name = "enp6s0f0";
+    matchConfig.Name = "ens18";
+    address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
+      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
  };
  systemd.network.wait-online = {
    anyInterface = true;
  };

-  # local overrides
-  services.smartd.enable = lib.mkForce false;
-  system.autoUpgrade.enable = lib.mkForce false;
-  #services.userborn.enable = lib.mkForce false;
-  #services.userdbd.enable = lib.mkForce false;
+  services.qemuGuest.enable = true;

  # Don't change (even during upgrades) unless you know what you are doing.
  # See https://search.nixos.org/options?show=system.stateVersion
--- a/hosts/bicep/hardware-configuration.nix
+++ b/hosts/bicep/hardware-configuration.nix
@@ -5,26 +5,39 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];

-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "hpsa" "ohci_pci" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/ec4ab82a-f31e-4f02-a988-99c18160d04a";
-      fsType = "btrfs";
+    { device = "/dev/disk/by-uuid/20e06202-7a09-47cc-8ef6-5e7afe19453a";
+      fsType = "ext4";
    };

-  swapDevices = [
-    {
-      device = "/var/lib/swapfile";
-      size = 8 * 1024;
-    }
-  ];
+  # temp data disk, only 128gb not enough until we can add another disk to the system.
+  fileSystems."/data" =
+    { device = "/dev/disk/by-uuid/c81af266-0781-4084-b8eb-c2587cbcf1ba";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/198B-E363";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -131,7 +131,6 @@ in {
          "repo.pulls"
          "repo.releases"
        ];
-        ALLOW_FORK_INTO_SAME_OWNER = true;
      };
      picture = {
        DISABLE_GRAVATAR = true;
--- a/hosts/lupine/configuration.nix
+++ b/hosts/lupine/configuration.nix
@@ -1,9 +1,10 @@
-{ fp, values, lib, lupineName, ... }:
+{ fp, values, lupineName, ... }:
 {
  imports = [
    ./hardware-configuration/${lupineName}.nix

    (fp /base)
+
    ./services/gitea-runner.nix
  ];

--- a/hosts/lupine/hardware-configuration/lupine-1.nix
+++ b/hosts/lupine/hardware-configuration/lupine-1.nix
@@ -1,4 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# Do not modify this file!  It was generated by 'nixos-generate-config'
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
@@ -14,28 +14,27 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/e88adbb7-de01-4f9b-b338-fffed743c259";
-      fsType = "btrfs";
-      options = [ "subvol=@root" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/e88adbb7-de01-4f9b-b338-fffed743c259";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" "compress=zstd" "noatime" ];
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/81D6-38D3";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
-
--- a/hosts/lupine/hardware-configuration/lupine-2.nix
+++ b/hosts/lupine/hardware-configuration/lupine-2.nix
@@ -14,27 +14,27 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/ab2e1a13-8e95-48d8-970c-64fa2fab52d0";
-      fsType = "btrfs";
-      options = [ "subvol=@root" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/ab2e1a13-8e95-48d8-970c-64fa2fab52d0";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" "noatime" "compress=zstd" ];
+    { device = "/dev/disk/by-uuid/aa81d439-800b-403d-ac10-9d2aac3619d0";
+      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/4A34-6AE5";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/efb7cd0c-c1ae-4a86-8bc2-8e7fd0066650"; }
    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/lupine/hardware-configuration/lupine-3.nix
+++ b/hosts/lupine/hardware-configuration/lupine-3.nix
@@ -1,4 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# Do not modify this file!  It was generated by 'nixos-generate-config'
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
@@ -14,28 +14,27 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0a5bda7c-af55-4d3d-9135-7f7cbb78004d";
-      fsType = "btrfs";
-      options = [ "subvol=@root" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/0a5bda7c-af55-4d3d-9135-7f7cbb78004d";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" "noatime" "compress=zstd" ];
+    { device = "/dev/disk/by-uuid/39ba059b-3205-4701-a832-e72c0122cb88";
+      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/63FA-297B";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/9c72eb54-ea8c-4b09-808a-8be9b9a33869"; }
    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
-
--- a/hosts/lupine/hardware-configuration/lupine-4.nix
+++ b/hosts/lupine/hardware-configuration/lupine-4.nix
@@ -14,27 +14,21 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/fcd51970-f040-4c45-94cf-2b372d4599a2";
-      fsType = "btrfs";
-      options = [ "subvol=@root" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/fcd51970-f040-4c45-94cf-2b372d4599a2";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" "noatime" "compress=zstd" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/A22E-E41A";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    { device = "/dev/disk/by-uuid/c7bbb293-a0a3-4995-8892-0ec63e8c67dd";
+      fsType = "ext4";
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/a86ffda8-8ecb-42a1-bf9f-926072e90ca5"; }
    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/lupine/hardware-configuration/lupine-5.nix
+++ b/hosts/lupine/hardware-configuration/lupine-5.nix
@@ -1,4 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# Do not modify this file!  It was generated by 'nixos-generate-config'
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
@@ -14,27 +14,27 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/85830e14-e2c8-4f04-95fa-d6ab22840bc7";
-      fsType = "btrfs";
-      options = [ "subvol=@root" "compress=zstd" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/85830e14-e2c8-4f04-95fa-d6ab22840bc7";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" "noatime" "compress=zstd" ];
+    { device = "/dev/disk/by-uuid/5f8418ad-8ec1-4f9e-939e-f3a4c36ef343";
+      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/F372-37DF";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/27bf292d-bbb3-48c4-a86e-456e0f1f648f"; }
    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/skrot/configuration.nix
+++ b/hosts/skrot/configuration.nix
@@ -28,26 +28,52 @@

  sops.secrets = {
    "dibbler/postgresql/password" = {
-      owner = "dibbler";
-      group = "dibbler";
+      owner = "drumknotty";
+      group = "drumknotty";
+    };
+    "worblehat/postgresql/password" = {
+      owner = "drumknotty";
+      group = "drumknotty";
    };
  };

-  services.dibbler = {
+  services.drumknotty = {
    enable = true;
    kioskMode = true;
-    limitScreenWidth = 80;
-    limitScreenHeight = 42;

-    settings = {
-      general.quit_allowed = false;
-      database = {
-        type = "postgresql";
-        postgresql = {
-          username = "pvv_vv";
-          dbname = "pvv_vv";
-          host = "postgres.pvv.ntnu.no";
-          password_file = config.sops.secrets."dibbler/postgresql/password".path;
+    screen = {
+      limitWidth = 80;
+      limitHeight = 42;
+    };
+
+    dibbler = {
+      enable = true;
+      settings = {
+        general.quit_allowed = false;
+        database = {
+          type = "postgresql";
+          postgresql = {
+            username = "pvv_vv";
+            dbname = "pvv_vv";
+            host = "postgres.pvv.ntnu.no";
+            password_file = config.sops.secrets."dibbler/postgresql/password".path;
+          };
+        };
+      };
+    };
+
+    worblehat = {
+      enable = true;
+      settings = {
+        general.quit_allowed = false;
+        database = {
+          type = "postgresql";
+          postgresql = {
+            username = "worblehat";
+            dbname = "worblehat";
+            host = "postgres.pvv.ntnu.no";
+            password = config.sops.secrets."worblehat/postgresql/password".path;
+          };
        };
      };
    };
--- a/modules/drumknotty/default.nix
+++ b/modules/drumknotty/default.nix
@@ -0,0 +1,198 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.drumknotty;
+in
+{
+  imports = [
+    ./dibbler.nix
+    ./worblehat.nix
+  ];
+
+  options.services.drumknotty = {
+    enable = lib.mkEnableOption "DrumknoTTY";
+
+    kioskMode = lib.mkEnableOption "" // {
+      description = ''
+        Whether to let dibbler take over the entire machine.
+
+        This will restrict the machine to a single TTY and make the program unquittable.
+        You can still get access to PTYs via SSH and similar, if enabled.
+      '';
+    };
+
+    screen = {
+      package = lib.mkPackageOption pkgs "screen" { };
+
+      sessionName = lib.mkOption {
+        type = lib.types.str;
+        default = "drumknotty";
+        example = "myscreensessionname";
+        description = ''
+          Sets the screen session name.
+        '';
+      };
+
+      limitHeight = lib.mkOption {
+        type = with lib.types; nullOr ints.unsigned;
+        default = null;
+        example = 42;
+        description = ''
+          If set, limits the height of the screen dibbler uses to the given number of lines.
+        '';
+      };
+
+      limitWidth = lib.mkOption {
+        type = with lib.types; nullOr ints.unsigned;
+        default = null;
+        example = 80;
+        description = ''
+          If set, limits the width of the screen dibbler uses to the given number of columns.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> lib.any (b: b) [
+          cfg.dibbler.enable
+          cfg.worblehat.enable
+        ];
+        message = "DrumknoTTY must have at least one service enabled";
+      }
+    ];
+
+    users = {
+      users.drumknotty = {
+        group = "drumknotty";
+        extraGroups = [ "lp" ];
+        isNormalUser = true;
+
+        # TODO: make this display the error log or error message in case that
+        #       the screen session service is bootlooping or otherwise off.
+        shell =
+          lib.mkIf cfg.kioskMode
+          (pkgs.writeShellScriptBin "login-shell"
+            "${lib.getExe' cfg.screen.package "screen"} -x ${cfg.screen.sessionName} -p dibbler"
+          // {
+            shellPath = "/bin/login-shell";
+          });
+      };
+      groups.drumknotty = { };
+    };
+
+    boot.kernelParams = lib.mkIf cfg.kioskMode [
+      "console=tty1"
+    ];
+
+    services.getty.autologinUser = lib.mkIf cfg.kioskMode "drumknotty";
+
+    systemd.services.drumknotty-screen-session = lib.mkIf cfg.kioskMode {
+      description = "Drumknotty Screen Session";
+      wantedBy = [
+        "default.target"
+      ];
+      after =
+        # TODO: this could be refined
+        if (cfg.dibbler.createLocalDatabase || cfg.worblehat.createLocalDatabase) then
+          [
+            "postgresql.service"
+            "dibbler-setup-database.service"
+            "worblehat-setup-database.service"
+          ]
+        else
+          [
+            "network.target"
+          ];
+
+      serviceConfig = {
+        Type = "forking";
+        RemainAfterExit = false;
+        Restart = "always";
+        RestartSec = "5s";
+        SuccessExitStatus = 1;
+
+        User = "drumknotty";
+        Group = "drumknotty";
+
+        ExecStartPre =
+          let
+            screenArgs = lib.escapeShellArgs [
+              # Send the specified command to a running screen session
+              "-X"
+
+              # Session name
+              "-S"
+              "${cfg.screen.sessionName}"
+
+              "kill"
+            ];
+          in
+          "-${lib.getExe' cfg.screen.package "screen"} ${screenArgs}";
+
+        ExecStart =
+          let
+            screenrc = let
+              convertToFile = lines: lib.pipe lines [
+                lib.concatLists
+                (lib.concatStringsSep "\n")
+                (pkgs.writeText "drumknotty-screenrc")
+              ];
+            in convertToFile [
+              (lib.optionals (cfg.screen.limitWidth != null) [
+                "screen width ${toString cfg.screen.limitWidth}"
+              ])
+              (lib.optionals (cfg.screen.limitHeight != null) [
+                "screen height ${toString cfg.screen.limitHeight}"
+              ])
+
+              (let
+                dibblerArgs = lib.cli.toCommandLineShellGNU { } {
+                  config = "/etc/dibbler/dibbler.toml";
+                };
+              in lib.optionals cfg.dibbler.enable [
+                "screen -t worblehat ${lib.getExe cfg.dibbler.package} ${dibblerArgs} loop"
+
+              ])
+
+              (let
+                worblehatArgs = lib.cli.toCommandLineShellGNU { } {
+                  config = "/etc/worblehat/config.toml";
+                };
+              in lib.optionals cfg.worblehat.enable [
+                "screen -t worblehat ${lib.getExe cfg.worblehat.package} ${worblehatArgs} cli"
+              ])
+
+              [ "select 0" ]
+            ];
+
+            screenArgs = lib.escapeShellArgs [
+              # -dm creates the screen in detached mode without accessing it
+              "-dm"
+
+              # Session name
+              "-S"
+              "${cfg.screen.sessionName}"
+
+              # Set optimal output mode instead of VT100 emulation
+              "-O"
+
+              # Enable login mode, updates utmp entries
+              "-l"
+
+              # Config file path
+              "-c"
+              "${screenrc}"
+            ];
+          in
+            "${lib.getExe' cfg.screen.package "screen"} ${screenArgs}";
+      };
+    };
+  };
+}
--- a/modules/drumknotty/dibbler.nix
+++ b/modules/drumknotty/dibbler.nix
@@ -0,0 +1,113 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  mainCfg = config.services.drumknotty;
+  cfg = config.services.drumknotty.dibbler;
+
+  format = pkgs.formats.toml { };
+in
+{
+  options.services.drumknotty.dibbler = {
+    enable = lib.mkEnableOption "";
+
+    package = lib.mkPackageOption pkgs "dibbler" { };
+
+    settings = lib.mkOption {
+      description = "Configuration for dibbler";
+      default = { };
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+    };
+
+    createLocalDatabase = lib.mkEnableOption "" // {
+      description = ''
+        Whether to set up a local postgres database automatically.
+
+        ::: {.note}
+        You must set up postgres manually before enabling this option.
+        :::
+      '';
+    };
+  };
+
+  config = lib.mkIf (mainCfg.enable && cfg.enable) {
+    assertions = [
+      {
+        assertion = cfg.createLocalDatabase -> config.services.postgresql.enable;
+        message = "PostgreSQL must be enabled for dibbler to create a local database";
+      }
+    ];
+
+    environment.systemPackages = [ cfg.package ];
+    environment.etc."dibbler/dibbler.toml".source = format.generate "dibbler.toml" cfg.settings;
+
+    services.drumknotty.dibbler.settings = {
+      limits = {
+        low_credit_warning_limit = lib.mkDefault (-100);
+        user_recent_transaction_limit = lib.mkDefault 100;
+      };
+
+      printer = {
+        label_type = lib.mkDefault "62";
+        label_rotate = lib.mkDefault false;
+      };
+
+      database = {
+        type = lib.mkIf cfg.createLocalDatabase "postgresql";
+        postgresql = {
+          username = lib.mkDefault "dibbler";
+          dbname = lib.mkDefault "dibbler";
+
+          host = lib.mkIf cfg.createLocalDatabase "/run/postgresql";
+        };
+      };
+    };
+
+    services.drumknotty.dibbler.settings.general = lib.mkIf mainCfg.kioskMode {
+      quit_allowed = false;
+      stop_allowed = false;
+    };
+
+    services.postgresql = lib.mkIf cfg.createLocalDatabase {
+      authentication = ''
+        local ${cfg.settings.database.postgresql.dbname} ${cfg.settings.database.postgresql.username} peer map=${cfg.settings.database.postgresql.username}
+      '';
+      identMap = ''
+        ${cfg.settings.database.postgresql.username} drumknotty ${cfg.settings.database.postgresql.username}
+      '';
+      ensureDatabases = [ cfg.settings.database.postgresql.dbname ];
+      ensureUsers = [{
+        name = cfg.settings.database.postgresql.username;
+        ensureDBOwnership = true;
+        ensureClauses.login = true;
+      }];
+    };
+
+    systemd.services.dibbler-setup-database = lib.mkIf cfg.createLocalDatabase {
+      description = "Dibbler database setup";
+
+      wantedBy = [ "default.target" ];
+      requiredBy = [ "drumknotty-screen-session.service" ];
+      before = [ "drumknotty-screen-session.service" ];
+      after = [ "postgresql.service" ];
+
+      unitConfig = {
+        ConditionPathExists = "!/var/lib/dibbler/.db-setup-done";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${lib.getExe cfg.package} --config /etc/dibbler/dibbler.toml create-db";
+        ExecStartPost = "${lib.getExe' pkgs.coreutils "touch"} /var/lib/dibbler/.db-setup-done";
+        StateDirectory = "dibbler";
+
+        User = "drumknotty";
+        Group = "drumknotty";
+      };
+    };
+  };
+}
--- a/modules/drumknotty/worblehat.nix
+++ b/modules/drumknotty/worblehat.nix
@@ -0,0 +1,209 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  mainCfg = config.services.drumknotty;
+  cfg = config.services.drumknotty.worblehat;
+
+  format = pkgs.formats.toml { };
+in
+{
+  options.services.drumknotty.worblehat = {
+    enable = lib.mkEnableOption "";
+
+    package = lib.mkPackageOption pkgs "worblehat" { };
+
+    settings = lib.mkOption {
+      description = "Configuration for worblehat";
+      default = { };
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+    };
+
+    createLocalDatabase = lib.mkEnableOption "" // {
+      description = ''
+        Whether to set up a local postgres database automatically.
+
+        ::: {.note}
+        You must set up postgres manually before enabling this option.
+        :::
+      '';
+    };
+
+    deadline-daemon = {
+      enable = lib.mkEnableOption "" // {
+        description = ''
+          Whether to enable the worblehat deadline-daemon service,
+          which periodically checks for upcoming deadlines and notifies users.
+
+          Note that this service is independent of the main worblehat service,
+          and must be enabled separately.
+        '';
+      };
+
+      onCalendar = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          How often to trigger rendering the map,
+          in the format of a systemd timer onCalendar configuration.
+
+          See {manpage}`systemd.timer(5)`.
+        '';
+        default = "*-*-* 10:15:00";
+      };
+    };
+  };
+
+  config = lib.mkMerge [
+    {
+      assertions = [
+        {
+          assertion = cfg.createLocalDatabase -> config.services.postgresql.enable;
+          message = "PostgreSQL must be enabled for worblehat to create a local database";
+        }
+      ];
+
+      # TODO: Retrieve defaults from the example config file in the project code.
+      services.drumknotty.worblehat.settings = {
+        logging = {
+          debug = lib.mkDefault true;
+          debug_sql = lib.mkDefault false;
+        };
+
+        database = {
+          type = lib.mkDefault "sqlite";
+          sqlite.path = lib.mkDefault "./worblehat.sqlite";
+          postgresql = {
+            host = lib.mkDefault "localhost";
+            port = lib.mkDefault 5432;
+            username = lib.mkDefault "worblehat";
+            password = lib.mkDefault "/var/lib/worblehat/db-password";
+            database = lib.mkDefault "worblehat";
+          };
+        };
+
+        flask = {
+          TESTING = lib.mkDefault true;
+          DEBUG = lib.mkDefault true;
+          FLASK_ENV = lib.mkDefault "development";
+          SECRET_KEY = lib.mkDefault "change-me";
+        };
+
+        smtp = {
+          enabled = lib.mkDefault false;
+          host = lib.mkDefault "smtp.pvv.ntnu.no";
+          port = lib.mkDefault 587;
+          username = lib.mkDefault "worblehat";
+          password = lib.mkDefault "/var/lib/worblehat/smtp-password";
+          from = lib.mkDefault "worblehat@pvv.ntnu.no";
+          subject_prefix = lib.mkDefault "[Worblehat]";
+        };
+
+        deadline_daemon = {
+          enabled = lib.mkDefault true;
+          dryrun = lib.mkDefault false;
+          warn_days_before_borrowing_deadline = lib.mkDefault [
+            5
+            1
+          ];
+          days_before_queue_position_expires = lib.mkDefault 14;
+          warn_days_before_expiring_queue_position_deadline = lib.mkDefault [
+            3
+            1
+          ];
+        };
+      };
+    }
+
+    (lib.mkIf ((mainCfg.enable && cfg.enable) || cfg.deadline-daemon.enable) {
+      environment.systemPackages = [ cfg.package ];
+      environment.etc."worblehat/config.toml".source = format.generate "worblehat-config.toml" cfg.settings;
+    })
+
+    (lib.mkIf (mainCfg.enable && cfg.enable) {
+      services.drumknotty.worblehat.settings.general = lib.mkIf mainCfg.kioskMode {
+        quit_allowed = false;
+        stop_allowed = false;
+      };
+
+      services.drumknotty.worblehat.settings.database = lib.mkIf cfg.createLocalDatabase {
+        type = "postgresql";
+        postgresql.host = "/run/postgresql";
+      };
+
+      services.postgresql = lib.mkIf cfg.createLocalDatabase {
+        authentication = ''
+          local ${cfg.settings.database.postgresql.database} ${cfg.settings.database.postgresql.username} peer map=${cfg.settings.database.postgresql.username}
+        '';
+        identMap = ''
+          ${cfg.settings.database.postgresql.username} drumknotty ${cfg.settings.database.postgresql.username}
+        '';
+        ensureDatabases = [ cfg.settings.database.postgresql.database ];
+        ensureUsers = [{
+          name = cfg.settings.database.postgresql.username;
+          ensureDBOwnership = true;
+          ensureClauses.login = true;
+        }];
+      };
+
+      systemd.services.worblehat-setup-database = lib.mkIf cfg.createLocalDatabase {
+        description = "Worblehat database setup";
+
+        wantedBy = [ "default.target" ];
+        requiredBy = [ "drumknotty-screen-session.service" ];
+        before = [ "drumknotty-screen-session.service" ];
+        after = [ "postgresql.service" ];
+
+        unitConfig = {
+          ConditionPathExists = "!/var/lib/worblehat/.db-setup-done";
+        };
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${lib.getExe cfg.package} --config /etc/worblehat/config.toml create-db";
+          ExecStartPost = "${lib.getExe' pkgs.coreutils "touch"} /var/lib/worblehat/.db-setup-done";
+          StateDirectory = "worblehat";
+
+          User = "drumknotty";
+          Group = "drumknotty";
+        };
+      };
+    })
+
+    (lib.mkIf cfg.deadline-daemon.enable {
+      systemd.timers.worblehat-deadline-daemon = lib.mkIf cfg.deadline-daemon.enable {
+        description = "Worblehat Deadline Daemon";
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = cfg.deadline-daemon.onCalendar;
+          Persistent = true;
+        };
+      };
+
+      systemd.services.worblehat-deadline-daemon = lib.mkIf cfg.deadline-daemon.enable {
+        description = "Worblehat Deadline Daemon";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        serviceConfig = {
+          Type = "oneshot";
+          CPUSchedulingPolicy = "idle";
+          IOSchedulingClass = "idle";
+
+          ExecStart =
+            let
+              worblehatArgs = lib.cli.toCommandLineShellGNU { } {
+                config = "/etc/worblehat/config.toml";
+              };
+            in
+            "${lib.getExe cfg.package} ${worblehatArgs} deadline-daemon";
+
+          User = "drumknotty";
+          Group = "drumknotty";
+        };
+      };
+    })
+  ];
+}
--- a/packages/bluemap.nix
+++ b/packages/bluemap.nix
@@ -1,14 +1,12 @@
-{ lib, stdenvNoCC, fetchurl, makeWrapper, javaPackages }:
-let
-  jre = javaPackages.compiler.temurin-bin.jre-25;
-in
+{ lib, stdenvNoCC, fetchurl, makeWrapper, jre }:
+
 stdenvNoCC.mkDerivation rec {
  pname = "bluemap";
-  version = "5.20";
+  version = "5.15";

  src = fetchurl {
    url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
-    hash = "sha256-txDN/vG429BHT09TrSB8uQhmB8irrmvvOXX4OX3OSC0=";
+    hash = "sha256-g50V/4LtHaHNRMTt+PK/ZTf4Tber2D6ZHJvuAXQLaFI=";
  };

  dontUnpack = true;
@@ -17,10 +15,7 @@ stdenvNoCC.mkDerivation rec {

  installPhase = ''
    runHook preInstall
-
-    makeWrapper ${jre}/bin/java $out/bin/bluemap \
-      --add-flags "-jar $src"
-
+    makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src"
    runHook postInstall
  '';

--- a/packages/ooye/fix-lockfile.patch
+++ b/packages/ooye/fix-lockfile.patch
--- a/packages/ooye/package.nix
+++ b/packages/ooye/package.nix
@@ -10,19 +10,22 @@ let
 in
 buildNpmPackage {
  pname = "delete-your-element";
-  version = "3.5.1";
+  version = "3.3-unstable-2026-01-21";
  src = fetchFromGitea {
    domain = "git.pvv.ntnu.no";
    owner = "Drift";
    repo = "delete-your-element";
-    rev = "80ac1d9d79207b6327975a264fcd9747b99a2a5d";
-    hash = "sha256-fcBpUZ+WEMUXyyo/uaArl4D1NJmK95isWqhFSt6HzUU=";
+    rev = "04d7872acb933254c0a4703064b2e08de31cfeb4";
+    hash = "sha256-CkKt+8VYjIhNM76c3mTf7X6d4ob8tB2w8T6xYS7+LuY=";
  };

  inherit nodejs;

-  npmDepsHash = "sha256-EYxJi6ObJQOLyiJq4C3mV6I62ns9l64ZHcdoQxmN5Ao=";
+  patches = [ ./fix-lockfile.patch ];
+
+  npmDepsHash = "sha256-tiGXr86x9QNAwhZcxSOox6sP9allyz9QSH3XOZOb3z8=";
  dontNpmBuild = true;
+  makeCacheWritable = true;

  nativeBuildInputs = [ makeWrapper ];

--- a/secrets/lupine/lupine.yaml
+++ b/secrets/lupine/lupine.yaml
@@ -7,126 +7,126 @@ gitea:
        lupine-5: ENC[AES256_GCM,data:+PYUtLBx9MdIebR0nWSNGKKCyKcGpI62BXj7AN1iV4wU4+2awrWZ2Q==,iv:PALEU/sYebhPTO4ZXEm2uV6z9hN678ZxqOSnaHVlyro=,tag:Enb08N6TYlOh+x70pcpJYA==,type:str]
 sops:
    age:
-        - recipient: age18lta9d683yekz487xwtd99da236d8mgk4ftlmv2jffx858p9qf2s9j868l
+        - recipient: age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRDdtTmdvRDRPaU53Mjd3
-            S25SeU5rUnZibmh2Y01HZUVhZjVWUVBJVXlvCm1uaURNYURGRUhhc25vSmFodEJC
-            RnRob3VLNHYycDlMRkwya3JJK092UlUKLS0tIFMwMExQZTVxVDAwYzRSaDhTRC80
-            VU5jeTBFcGYvNE9tVUVuNmV5WjMycjgKF9GIvJTczigKH+dbTAOHK0S966/QE/7M
-            HtgdJi9roiyDwI9k56r35/MP3eURffXBWTmc8WZRHTxnhzo1GBpg0A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOTAzdEFVNmRWUFNzY211
+            NUpoMnpoVmpCeFIzU3JacDIxcjNYUTBCZTFrCnpFMUtydndyUDY3emdVVEp4dUpy
+            ZWhTRGEvdG9pQ2JvQ3pGL2s0M3Z1WHcKLS0tIExjaWh3MHk5WEZVQS9lYnkyemxE
+            UjhRL0swUnBJNmNzaGtUMjE2WlZ2VDAKYV8T2iXVEr77e0vuV8e8xpbhStxUoM9l
+            Jpn3XiYuoWHk/bmQyjQIQzjB4oqx4TqEnHccSmN3XtUIPGr296zwMg==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1e0a4ru707v637wzmuxqv0xywmlkhunzgyfy4mrkjc7a23qq8msgq7nqtvt
+        - recipient: age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMGtpL3JJaDN2Qm95b1cz
-            VEF2bHU3VjJLNUQya25lL01qYkFreFpTVGdBCkdHdnBUUjlXOU4yTkE5ZTF2OFll
-            UXNQTWsrQ2FGV21kRkllY2E5S0NRS1kKLS0tIGY1aHkyVE5XbHpLbGVBUVFmNlVy
-            VDcvTUY5YVEvOWFQOG5ULzFlQU9IMTAKQ601N8YNayuYrkZqqsKqlsnHN4rSMzN1
-            sesAmJVuj7ZddGQlzIJC9cydXkssmY5oDIj92J7DXTzhFQlO0o9tfA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVdmdEdZcTYxajVHQmtF
+            L1pad0ZxVUdlWXVjNHl3eEIxZlNtdlY2WGlBCi9NUUVEakZLV044dldDSkZzaFhS
+            U3FJanBaL0JGV3AyS2daTFNrM0J1M1EKLS0tIGs5ZjRZcVREenN0L2RPaWp5c0s1
+            U3AxOEpvdmozU3RRMGYzZGZOZGVhSWsKHEz+eL/fHgLUuixFIeA2dUAjZekzRIHy
+            NgYmzaWhY7IlPg4mZRIW7hW+ckfr9brdgOR3Gn5Fp3tPbAL9GO7bnQ==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1wmrrhd5deatmgflkas636u3rzuk46u9knl02v4t39ncs37xqquhq9vwzye
+        - recipient: age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZFV6cWN3OEloVmIrWG9Z
-            U0RxNVF0RlJ6UDNMK0psQjVKUkJiR0JUMWxBCll3NHpFempRcCtSYUQzWi9kclFP
-            Z3k5MXdCcTMxT21GL3E3Yk5md0o2cjAKLS0tIFZML05kSm1sVnIyRmpsSmdGbG8z
-            SllNcDVzSE4wTTB5NTNTYXJoemlIMUEKbJwinjEIjgwlShvUr+Jcfay0ha8Ndo6L
-            KM0QvKlcsx5Z6pqyYt6TvnlhyhcljN1IFfoUO5r3E9lYSyanv3HJRA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5THp4MkRiUGd0VDVERjU2
+            bmR5OWlkTFFmQUM2QmRNWU5DSUI3eFV4djBVCnF3dTV1aGlMUTd2UWlyUWtXcnlG
+            TFFRdUp4dnpXZ2FLSGZoRUsvRlR6ekUKLS0tIDVBMC9oUnBuQXpkcEZHSUd0NzNp
+            U2czY3YxRG10aW9hVGJsbkJwWTEwV0kKaNQRm6qmIIbztzrmw6nZSA131lxw7PA9
+            MBPmPQmskIbGJ/bQCfZ7Sp/Pe51sL3moA8tWMqGZEVa+xuxa/KEKSQ==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l
+        - recipient: age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SG15dS9JNmRETjBZL001
-            VnNSN1o1ZENwdStLdnMxaGp2OVg4WFVUWmpvClJESk9KVi8rdkU5Q0ZHSnhOell2
-            K1UzMWpOMVUwUFc1STdVUjNsekt6L1UKLS0tIEIyTG9UMWs0UjZIZUpvMFA0ZWlZ
-            THhnZWZNckdTOXNpSjVDUEFWQW8rOE0K5ts7BAbcZ7L3cId+jjbC8ZDOnCEAjFW7
-            lizGlAPolgH6uNpPczneeFBczfU8nnWOcJTpPXQDxXiWv7y0aemJRQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYUJkQkhJbjU4a3ZNbzJM
+            NGFXS2ZDSjM0Nk9BVVVCNUx0Um9mbmVXT21BCmRjL0pNcUs1NWdxYkQyc25nMG53
+            c1lkaHVyRnloRGZmWk82K3RZVzNnTjAKLS0tIERndWk2TFJWSFUraldwczFOVm13
+            NWRDWGdMNXFraE5ueTM0ZG9hMHpKTjgK4xTJKPcrk3EHwMoXlTHzqeDgx9ZJl962
+            8lyQMOSeICyXLzRgKQWuXssDMuev0CZfvnXeWp8megmXuU5Eq1GW5A==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn
+        - recipient: age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQUEwa0cvcndUbnlpTlYr
-            ZUtEdlRKcmlrQU1USlZVeXNXejhBSUdLdGxNCmpzRHpoM1VNemo5angweW9QMGJ2
-            ZGpqZHpWeUwzZWl2NWJnbTBGYlcxZ2MKLS0tIHZJT05EZmI2NGRsZ05sL0Y1VmY1
-            Q1p0b2dJMXNhRFdYdHV3UFhUQzVmQVEK/3E/fDJcuwN8UJq05Dg0YLHhFRLjl4i7
-            98dDpycvPV8Py82q4pNpvI+goZ2T19QcxArSLNLQwd3TqIYvLHB+FA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY1p6QjViNmdHcjY2and5
+            aEYvOXpxWEtqUnRTNEgxeE44NzZ3VW00OEZFCjJVN0Q4c0FJNEZEaDVXZlNkMTlr
+            cGQ1WWhMY0JCTEVLUDNGMHZFZDAvOU0KLS0tIDE4ZklUMWtKL3JlbzlrUXdvekJt
+            cjhrRmQrQ3g0UG8wKzZHMllidmRaQ0EKVG9D8Fh7xMzNPXecdX6zTfank2/ZNnjl
+            mwxCXnM2e5udtviQURJstLvlCElNtvdY5WdMkUoCXwHoMspPwGByFw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOEhSZzhkZ25rL1dZVlRw
-            R0JMaUR2VXQ5cnYvdjRwQjU5VWYwcGRYbUMwClVBYi9nOHZkejBxamxKeHJSZmFC
-            NUFuQkVxS3VCMVZaMERYUG5Ba2FyTjQKLS0tIE5BTlN5MnYzTnlZbXpmNXBOL0NZ
-            TGpFN2xCTWcybnBBL0o2MVFoQzNRMkEKtprwI3p45huVaLJvqTNLU1k17uSObJaA
-            QEL/qzgLr//fSxiMQfJRtvqpcGuL/kTnmU56tJdLVCDAfFvW0OH9gQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NGpoWUVmK2ttVno2cG44
+            aGRVSStsc280cGFZL0xERUdrNjJVV01HemdBCmZBSEg0V3FHNVEzWDBId1RYck4w
+            dEd3WnVhUk0wdHRxOE9WUnpaUThLa2MKLS0tIHhWbXJmZ1Y4RWZ3Y1g3dTI0MzMw
+            eGdwemRYSCtoM0FseXhLd0Fzc1dzUG8KdPDyA/XJSgjHFycEwSg7KWX4fMA30CDq
+            GIWYDVDicgzbxjNKcQdGzFvL02B1igogHtuIJn1qE/bNrK6L9PQ3pA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTWVYY3hPMi85QjhYQWlW
-            R0s0bnVpNEFmalFBS3lISmtWanNPcEpPRlF3CjY2TnliWGJocWtkbjZZQUpPZ3dS
-            TUlDS3JVb09CZ3pUNGZvQkVFMHIreW8KLS0tIE0wS1Q0THdocmw2RGZ1RWtvbjY1
-            a3hmLzNiY2ZQdk5TQzExOGJPeTd0U0kKVqulWO1BniSTpYHa7fYwG0oj+hq+clGq
-            /XlvYUYNIApaAid3G9LrZNL7g3mhq1ANuDGMY7n0Z6/xhysTZwRzEQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTG81cS96bWtOWHJTK0RC
+            WlAzWWdiZkhncWRBVXZtVXdQeTR4WEl5MVJ3CkY5NEpnMmdpVnh1eXBCajhPT1Rr
+            ZWpkUm40WHpFcVdQcStWWVZWZU41VjgKLS0tIGRyUnBsb3FnRE9IL3RkTktjN3dO
+            ZEY3d0I3WVVhQUNPcmhKYW1sVlBGSmsKTsZwHdholYxIhOn49WTdb3pnjT8oTkH5
+            mfayWji2cOBRRRB9X40OaVg8SCIhVAQNdvbn64XaJWqWbXFtXamgLw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNkM5ZjRIK2FKL1B3S0tl
-            ZUdzMC9ONStkYnZZRm1VQy9FMVJkNk9SY1IwCnJFTVRTL1FkRlAySmF1ZDdBVUxz
-            M1lOdEhnRjI4blNhL1FYVEJubmQ5YVEKLS0tIEtLWktCQVp1eW10SnhkaUJDYnNv
-            cDdvRVl6a3VhZXhwUkl6eHo0OGxxUDQK5/Z3OCFIb4HOBBxHj0B7a0AuPXgPbuh5
-            TPGvfJpa3Ow/eJSpEdXOm6chTrvPsgGHKYZS75SAgHMP8SHHIPuxuQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhejJHU2N3cVF0TnNqZytD
+            UERpTmNnT0FJMysvbVYvNGM5ejNVcE5wemhjCjhyYVpsaDJlNHI2aVg1eXZtV21a
+            eHVFL1ljWXRkYlFrTkgvWHhKS2NZOHcKLS0tIEVLRFhKR0tyeUJ3Z3ZoREY2c2VI
+            c29MWkcvUFlzU0VCTnFTV01rWkxDVGsKcyKsGo6Ep7f2dBwaUYoMsqSqQrn3Obzm
+            sDovKBx+Y7+Yn6fnxy3ISQ9FUjupMtKffiO2AAK7AAI3MFjDOUb9zg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVXhHTE83aDFvN3U3Tncz
-            TzlYSVB1NzdvQVY5bU1yZTRhU0V1bXgyZ21RCm1WekpqcHE3cG5sRkM4Z2k4UzFK
-            TlZMOFFrb3BBZ0d3dDMzUzFueDJiZFUKLS0tIHkraEY4STNWbDZmQm4rUnFHWU5a
-            bHpyUUM4NlN3VDhVYVhFNVYyeElqVDQKm44tte4aQ5/0XVMd7IvnahRxdrSePHKn
-            f6EUC0tBdSAifbe8JdCvTz2DDbUbXRxDxZCJ35ATyB0K1AEgcVEVvA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVGVOcE9TdVFDYURFeEE5
+            M0t1Zm95SUZpNzdFR0N3UVYwdG1yOWErUTNBCjB4WWtRdXNJV1FVd0xNODUzTDZD
+            ZXRteEpwendneS95alVhckJyMXZucXMKLS0tIDZLNFdGUTNMTm5KUkF2TWxPNk1O
+            V0FISGRYNmZ0N3dXc3RHdGNpQldOVE0Kkc7MRhVvpKlIVGKRvvPGyW/DzatxM7+Z
+            VP4kAf0Vu6DyKZINDXH5XQh6qxeAccYXhv/QhxdSuCW4bjplMMBSnw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VTZXR2hZT2FERFNhNXVs
-            MkREdWxxNWNvZy9jRkp0d2YwNm5IRDY3Zm44CjZ0SC9NWE40TmFtR2NSMUZtMmV2
-            MXJ1SjI0V2lBWElXS1FHUTNRa3g5MVEKLS0tIGhnYW1yd3h5Zk1UYXpzZG1XeUdF
-            Q2VuWG8yOE1ob1Ayd2Z6NllhNnMxK2MK1BzxHusN/Ad0+2ExwK/q8qyPObDL+112
-            o5/LeOh2vA3KQOG7QmlfhOK8NEID2dcWXoK3Kg8H24rowZq+WQryqg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVDZVbDBOR0d2VDJHY0Q5
+            VkdETUV2dFVWcUM0N3pwU0dlekJqYzZPZEhZCkZWd0dVS25jYm5Eb1hES3Z5SmFk
+            WnVEYmFtRURTa2FUYXhpQkNLUnhjbFUKLS0tIForS3RPcFkvenJNaW9wMFAyOEpP
+            c2g3UlRHc1ljVGZaWVRlTUVORzNoczQKFvxD6ty10YobBU2BuyVpDsqGI1nie4Oh
+            eQbvBEqfTN3zR38ujT6/tLfyNrtj71oGzI9M+vUUGbrmob+/y2VABg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXblVrSXJjVUVtaWltVzQy
-            OGFDR05TNTJEY2M3dUQ5bEtnaVF2dnd3VVdjCmFlL3MwVEFrYml5UE54U3Z5bUNU
-            dVRiUmlZS1lEMms2YzNxRjQ2NzAxdW8KLS0tIFhKS2hZS1Y4a2E0SzY2dHFPTUk0
-            MTc3MVhaU0s5anZPdUg4RlFiZmU4MHcKepCAfP8iMOJ39LL4S8XA18pXAYZgcdLO
-            xNV7kAcdXpywk/ffnWAukwI32LegGQ+efNtysCeESNKomSDtXKtm6Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOblRZRERwT1k0cUVkeXlF
+            bXZ6VnU1TmE2dFlaU1IwMXV0V09FZjR1bUFFCnFUa0hzeXhvTjlaSk9lZFZHT1d2
+            RU5NQXJBb1FISTVnSFJheEZLTFNWa28KLS0tIFEzUWFvOXE4WGRkWmxtd1hvUGZu
+            QlBkaCsxdlEyT1hhbVA0c3J4bkhHU0EKbdPpiKgu416P0Ciacs3wkH0OAeHKyzQE
+            ekyNhHHKT7IqJSvEl47PpTIsgk99SrLgImNKY8sDieOqDVuM0bhgTA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-12-04T05:53:51Z"
    mac: ENC[AES256_GCM,data:o55keAaJEXVOAGvoMp8FWvtlxMgfF/qR50FGnNM1whYz+5+naRJ1dAOW9NKYHWbtOa/ZXEMTkjoFrTJidAaIXza1Ot8llbTGYh56fsnu0FKZfVM+rvecRDhXKWxiAqyiLUvtUfA2fSg9LGveh2U+0dulcU25sb3Wf0RcFrtM3xI=,iv:3/UllekmGIaluv8y8I6Azd/52dJzk+C5ah6XLJj7Zik=,tag:T5ILXiC5hK++0jGOnHCMYA==,type:str]
    pgp:
-        - created_at: "2026-04-18T16:25:16Z"
+        - created_at: "2026-01-16T06:34:51Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hQIMA0av/duuklWYAQ/+KtiEJNL7M4M8NH+UhisZPM5q7RecKdQde4yjJF5YrXey
-            SNcy98WJJrX4p5ZBccLxJ6IW6UNIxFz7JX227jQDCAbPvGBh0uCJTpSosChJHs7s
-            GUt/7CHfyV2+Z0FJS6iN6AZrE6Kjkkc3Uyp/Wt1va56gQ8Xx9hZHhjjgXEiORYWZ
-            bU7DKvX5n5A7GNkrBTZ/+YKtRqT/m6ZPVWfVnY0rY9KhzfvmmyOpQrB7n/DcdUbf
-            +OhAP7p3UdEWquh9OJOiDRUqo7ykGCw/dYltmt2I9JcGiyKsLyyTTtFWgZSnUCsm
-            DFCGXkFwPOsxE1WxRpl0mR7P77rMvHxJEukUNUW0DMPUjzaaHH8LINukgpOD0hpQ
-            yvfFjRKUG4Ygi4mSmETylll7pD9XBRfihTjJ5vh4VQH5PAHecWtIXgYSso12Zx6v
-            nmvgZTmikSBImEqS/MOM5Zx+esmjlEsgKuXP9HmIwBwHExLGF7U93OGswF3vEW+X
-            GuMguPfwmW/w4fFX8t2Ln9uA/E06SlD7wG9sZji1NkwW/h0/3BEOdcg5MTyQQdNe
-            mn5pyFKoH88Km2ktjVRq10ImUa2ZLyL/6RTHZ+BryXvRDtBW0zzbZhPHVvpCLKbZ
-            lkLSEwVhGFfWaRWfGsEx28MGMKicirZjw/RsRXq19alruLW3entRRRkFV71zeMXS
-            XgESJpGWxo709IBQvsooJ/2VRHnGZNkvJipWc9pPmRYQLrxP9jxX34jcmjkNYX08
-            wcmJ+ioRqPV1qvYfxdnKTtth4g7ePZywDo6FUgiCwaEa8jhR8ISsDM2DCDAg/LA=
-            =3HI1
+            hQIMA0av/duuklWYAQ//S5CPlAJka09zfxhQCKY9SnHOlkNL3mQxSN9EcxiKFgQD
+            G2/qlFze7CiswTr608TXNQ/lPb+SJHgLrJvcBwISh0MCKKOZtyNjfSIIdR1A/JTE
+            OaA/JCJ76j2W7YWYrL18dY57n7DOMmhf/BZj0hI4PtDqh+dB2vX/U2i3kWdODb/K
+            fowmPrqustOLGAXOhuKegtQ8K5KLsP3NHjrp5TiOYmI7fDVkwvBnqXj52n94pw3n
+            o+HpvmyWFSm7QExGsjbbMbtDEmJJ/u8arx+Tb+ELumrz7QgwXt9ZGoPpJnmz9SsC
+            4MoTF8Ul4HRwMoMyGEQAzb1J32THFKWSUtWaLjNDOW91l/eiLpY0Kk5f1BTVcD4W
+            GsA63BsSqnIDB4Tisz4ZRhaRGY6sxyXHDSnHzVQmKrv3kwTJm8ODA18gu+HZ021h
+            ShG+m81PYrGkeqYwJHnEMfSo4XY4/lHdsZ0yldF8eSjZ2raPbsw+lmadot8mc1eE
+            leiEJOP6+ZOs60dJ+dOwaeCb5CDjFaCrq6c0+6ESWpN354tN9L9DZGLlYIt2AlcM
+            /N/5DO5F81jxlBbxI4IFwRvBDBwO81eQlVtjQB5V1+dbeIaZYS6GN72xHUSjICNJ
+            0Wv8iDwxKRjQI2uol7KmPN0Vr9siMIMAP4yCppnmdxF5VcGbLWNu9lZfxlj5o4fS
+            XgHq8TJTMWKGF2Yq25/5rKmIb/8cCOU8XLNZ3xT4X2dErqV+nWtmXgmNySCphn+C
+            xK/cKHseztzXzffdqCrJCaeo2KmTou+gMyDEmJrVLhrcIMayptt9dc0dgJ12N3s=
+            =pLWS
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
--- a/secrets/skrot/skrot.yaml
+++ b/secrets/skrot/skrot.yaml
@@ -1,6 +1,9 @@
 dibbler:
    postgresql:
        password: ENC[AES256_GCM,data:3X9A3jOpFVRuBg0gRiCEsZVKfLI=,iv:XC7LBNUhALk9IEhItV8fO5p/m7VKL0REBY1W2IZt7G4=,tag:l18R7EhbOlucZHFQiEvpHw==,type:str]
+worblehat:
+    postgresql:
+        password: ENC[AES256_GCM,data:WpJR6MumY+7WUYdVVgAqv1af+NmqecTMO9aP5lidSpE=,iv:7aoN8mjXckd81LxasMSG3R2vqj0SvzSl7wrEQ1LwToo=,tag:zeeNcEpkYnqyd8be0ZS+kQ==,type:str]
 sops:
    age:
        - recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
@@ -66,8 +69,8 @@ sops:
            MmxPMWNPYzJiOFRqY2VYczhvRm5IR3cKpUVV+zsMolsHI2YK9YqC6ecNT6QXv0TV
            d1SpXRAexZBeWCCHBjSdvQBl8AT4EwrAIP2M2o++6i5DaGoGiEIWZQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-10T20:02:28Z"
-    mac: ENC[AES256_GCM,data:i8CjVxoD7zdkLNJlI9DCo/tDV5DUI7JdpozLtYZzI7Cu51GayaE2Y3Wg4de6P0L7C3FER04WfRe/h+G9PLZICX/CfSipQysyrEq3Pjt9IKsjytDhP9VYJ36QFGF0PuHUQAMSLts/tAoAvLue6MP+V82l5js9ghvyBrzyBGxoyJw=,iv:QFNxvCYxrSkwy7iT+2BEacNPftDXju1cibprVPDjic0=,tag:496E+oCy/VwTylyaWhQD+A==,type:str]
+    lastmodified: "2026-03-18T14:56:22Z"
+    mac: ENC[AES256_GCM,data:nBKtFmFKx/Mt9TIFnKuuznsPAXCQpc3+WIspNu5TN9TpIqw75nzYXpxIb2hxRfRu0nbjHXpBy4bkzeMi41BGkvkvV57CZyq11J5i/iIKwuvllaB1IWrdDT2u+6RH3jIspp3KoyxFWdRqcGfNma9dSmtI+1Dd5z7XaxVaoVK2QMI=,iv:6joviyJ2cXmGh/9HH7VEcoK3+4GK5I6i2N/1d65PAN0=,tag:0BFVPWL3BByJH8HbrBTKOw==,type:str]
    pgp:
        - created_at: "2026-02-10T20:01:32Z"
          enc: |-
@@ -90,4 +93,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.12.1
Author	SHA1	Message	Date
Vegard Bieker Matthey	d3562899d4	remove unused modules dibbler and worblehat All checks were successful Eval nix flake / evals (push) Successful in 8m47s Details Eval nix flake / evals (pull_request) Successful in 9m57s Details	2026-03-26 11:46:41 +01:00
h7x4	e64b75f5c5	modules/drumknotty: split into several parts All checks were successful Eval nix flake / evals (pull_request) Successful in 8m44s Details Eval nix flake / evals (push) Successful in 9m59s Details This also fixes a few issues, such as enabling `createLocalDatabase` for multiple programs, and wraps all the screen logic within a screenrc file. Some assertions were also added to avoid some easy-to-make mistakes.	2026-03-26 17:27:05 +09:00
Vegard Bieker Matthey	45a32fad73	attach with dibbler window selected All checks were successful Eval nix flake / evals (push) Successful in 10m1s Details Eval nix flake / evals (pull_request) Successful in 10m15s Details	2026-03-21 14:34:29 +01:00
Vegard Bieker Matthey	083098d76e	flake.lock: bump dibbler and worblehat All checks were successful Eval nix flake / evals (push) Successful in 9m58s Details Eval nix flake / evals (pull_request) Successful in 8m39s Details	2026-03-21 13:47:30 +01:00
Vegard Bieker Matthey	a9e1625a96	use main branch for worblehat after merge	2026-03-21 13:47:30 +01:00
Vegard Bieker Matthey	2a3a3e36c0	set default settings for worblehat and dibbler	2026-03-21 13:47:27 +01:00
Vegard Bieker Matthey	6a23363f6a	add worblehat daemons	2026-03-21 13:46:29 +01:00
Vegard Bieker Matthey	b2d00393e0	add database password for worblehat	2026-03-21 13:46:29 +01:00
Vegard Bieker Matthey	4920f394e9	drumknotty: init	2026-03-21 13:46:24 +01:00