update flake lock, swap off of adb and nixfmt-rfc-style

Merge pull request 'feature/qbit' (#172 ) from feature/qbit into main
Reviewed-on: #172
2026-01-16 12:32:23 -05:00 · 2026-01-16 12:29:45 -05:00 · 2026-01-16 12:25:01 -05:00 · 2026-01-10 01:07:18 -05:00 · 2026-01-09 23:27:03 -05:00 · 2026-01-09 23:25:05 -05:00
9 changed files with 225 additions and 179 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -76,11 +76,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1767473845,
-        "narHash": "sha256-Pvd0l14qYA4jBS+JSCufoj8qFpeu2dt0Q9zBvpeLKac=",
+        "lastModified": 1768536226,
+        "narHash": "sha256-d1VSTNa7ajTxT39QBp3gKSbgmgn7yx8RxTZuvZwNX9Y=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "7f7d9e8b61abade02c6dc0d530ba6b43a50acead",
+        "rev": "b092ea4a7d083e09e0aa2de909c1b35b9efb3ee0",
        "type": "gitlab"
      },
      "original": {
@@ -93,11 +93,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1764724327,
-        "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
+        "lastModified": 1764873433,
+        "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
+        "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
        "type": "github"
      },
      "original": {
@@ -125,11 +125,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1765835352,
-        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "lastModified": 1768135262,
+        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
        "type": "github"
      },
      "original": {
@@ -146,11 +146,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763759067,
-        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
+        "lastModified": 1767609335,
+        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
+        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
        "type": "github"
      },
      "original": {
@@ -220,11 +220,11 @@
      "flake": false,
      "locked": {
        "host": "gitlab.gnome.org",
-        "lastModified": 1764524476,
-        "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
+        "lastModified": 1767737596,
+        "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
+        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
        "type": "gitlab"
      },
      "original": {
@@ -242,11 +242,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767556355,
-        "narHash": "sha256-RDTUBDQBi9D4eD9iJQWtUDN/13MDLX+KmE+TwwNUp2s=",
+        "lastModified": 1768530555,
+        "narHash": "sha256-EBXKDho4t1YSgodAL6C8M3UTm8MGMZNQ9rQnceR5+6c=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f894bc4ffde179d178d8deb374fcf9855d1a82b7",
+        "rev": "d21bee5abf9fb4a42b2fa7728bf671f8bb246ba6",
        "type": "github"
      },
      "original": {
@@ -283,11 +283,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766066098,
-        "narHash": "sha256-d3HmUbmfTDIt9mXEHszqyo2byqQMoyJtUJCZ9U1IqHQ=",
+        "lastModified": 1768426687,
+        "narHash": "sha256-CopNx3j//gZ2mE0ggEK9dZ474UcbDhpTw+KMor8mSxI=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "41dbcac8183bb1b3a4ade0d8276b2f2df6ae4690",
+        "rev": "541628cebe42792ddf5063c4abd6402c2f1bd68f",
        "type": "github"
      },
      "original": {
@@ -417,11 +417,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1767185284,
-        "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
+        "lastModified": 1768583413,
+        "narHash": "sha256-tF5UD4D/s0kERXxhu5mzTo7FF/2jnU8PYf7wWk8guB0=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
+        "rev": "45bf76ef956c7ac771b56c54a3009506dc6c7af6",
        "type": "github"
      },
      "original": {
@@ -440,11 +440,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766370075,
-        "narHash": "sha256-gbhR8+gNrhmYxKaNJpTjFivuibr3ZdlB5eU0a8yE36I=",
+        "lastModified": 1768443651,
+        "narHash": "sha256-hmIo/e6mo40Y2v1DaH2yTtvB3lZ/zcf6gVNmgYhBgYc=",
        "owner": "NuschtOS",
        "repo": "nixos-modules",
-        "rev": "db6f2a33500dadb81020b6e5d4281b4820d1b862",
+        "rev": "31108e0d75bd47ddfc217b58df598e78fe3bcd42",
        "type": "github"
      },
      "original": {
@@ -502,11 +502,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1767379071,
-        "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
+        "lastModified": 1768305791,
+        "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fb7944c166a3b630f177938e478f0378e64ce108",
+        "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
        "type": "github"
      },
      "original": {
@@ -528,11 +528,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764773531,
-        "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
+        "lastModified": 1767810917,
+        "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
+        "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
        "type": "github"
      },
      "original": {
@@ -596,11 +596,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767495280,
-        "narHash": "sha256-hEEgtE/RSRigw8xscchGymf/t1nluZwTfru4QF6O1CQ=",
+        "lastModified": 1768531678,
+        "narHash": "sha256-tf4xEp5Zq8+Zce0WtU8b0VNMxhQtwes67sN2phnbkpk=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "cb24c5cc207ba8e9a4ce245eedd2d37c3a988bc1",
+        "rev": "0a9de73f3c23206a2fce3c7656a42d3a3f07be9f",
        "type": "github"
      },
      "original": {
@@ -616,11 +616,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767499857,
-        "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=",
+        "lastModified": 1768481291,
+        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190",
+        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
        "type": "github"
      },
      "original": {
@@ -650,11 +650,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1767559556,
-        "narHash": "sha256-Pf1d9Hh9UUQ/oS+evq6dU0MiaDczXXNztTlQekaMbW0=",
+        "lastModified": 1768492720,
+        "narHash": "sha256-aHos307HyVtOriYZppyUjrkcEKQzyp9F5WzxpMjPFH8=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "b135edbdd403896d1ef507934c045f716deb5609",
+        "rev": "5287bc719dbb6efb26f48c1677a221c966a4a4d9",
        "type": "github"
      },
      "original": {
@@ -729,11 +729,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1763914658,
-        "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
+        "lastModified": 1767710407,
+        "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
+        "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
        "type": "github"
      },
      "original": {
@@ -745,11 +745,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1764465359,
-        "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
+        "lastModified": 1767489635,
+        "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
+        "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
        "type": "github"
      },
      "original": {
@@ -761,11 +761,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1764464512,
-        "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
+        "lastModified": 1767488740,
+        "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
+        "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -171,7 +171,7 @@
      inherit lib; # for allowing use of custom functions in nix repl

      hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
-      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
+      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt);

      nixosConfigurations = genSystems inputs outputs src (src + "/systems");
      homeConfigurations = {
--- a/shell.nix
+++ b/shell.nix
@@ -44,7 +44,7 @@ forEachSystem (
        pre-commit
        treefmt
        statix
-        nixfmt-rfc-style
+        nixfmt
        jsonfmt
        mdformat
        shfmt
--- a/systems/artemision/programs.nix
+++ b/systems/artemision/programs.nix
@@ -5,6 +5,7 @@
    alacritty
    attic-client
    amdgpu_top
+    android-tools
    bat
    bitwarden-cli
    bfg-repo-cleaner
--- a/systems/palatine-hill/docker/minecraft.nix
+++ b/systems/palatine-hill/docker/minecraft.nix
@@ -11,30 +11,31 @@ let
    arcanum-institute = "arcanum.alicehuston.xyz";
    meits = "meits.alicehuston.xyz";
    # bcg-plus = "bcg.alicehuston.xyz";
+    pii = "pii.alicehuston.xyz";
  };

  defaultServer = "rlcraft";

-  # defaultEnv = {
-  #   EULA = "true";
-  #   TYPE = "AUTO_CURSEFORGE";
-  #   STOP_SERVER_ANNOUNCE_DELAY = "120";
-  #   STOP_DURATION = "600";
-  #   SYNC_CHUNK_WRITES = "false";
-  #   USE_AIKAR_FLAGS = "true";
-  #   MEMORY = "8GB";
-  #   ALLOW_FLIGHT = "true";
-  #   MAX_TICK_TIME = "-1";
-  # };
+  defaultEnv = {
+    EULA = "true";
+    TYPE = "AUTO_CURSEFORGE";
+    STOP_SERVER_ANNOUNCE_DELAY = "120";
+    STOP_DURATION = "600";
+    SYNC_CHUNK_WRITES = "false";
+    USE_AIKAR_FLAGS = "true";
+    MEMORY = "8GB";
+    ALLOW_FLIGHT = "true";
+    MAX_TICK_TIME = "-1";
+  };

-  # defaultOptions = [
-  #   "--stop-signal=SIGTERM"
-  #   "--stop-timeout=1800"
-  #   "--network=minecraft-net"
-  # ];
+  defaultOptions = [
+    "--stop-signal=SIGTERM"
+    "--stop-timeout=1800"
+    "--network=minecraft-net"
+  ];

-  # vars = import ../vars.nix;
-  # minecraft_path = "${vars.primary_games}/minecraft";
+  vars = import ../vars.nix;
+  minecraft_path = "${vars.primary_games}/minecraft";
 in
 {
  virtualisation.oci-containers.containers = {
@@ -52,23 +53,43 @@ in
        )
      ];
    };
-    # rlcraft = {
-    #   image = "itzg/minecraft-server:java8";
-    #   volumes = [
-    #     "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
-    #     "${minecraft_path}/rlcraft/data:/data"
-    #   ];
-    #   hostname = "rlcraft";
-    #   environment = defaultEnv // {
-    #     VERSION = "1.12.2";
-    #     CF_SLUG = "rlcraft";
-    #     DIFFICULTY = "hard";
-    #     ENABLE_COMMAND_BLOCK = "true";
-    #   };
-    #   extraOptions = defaultOptions;
-    #   log-driver = "local";
-    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
-    # };
+    #rlcraft = {
+    #  image = "itzg/minecraft-server:java8";
+    #  volumes = [
+    #    "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
+    #    "${minecraft_path}/rlcraft/data:/data"
+    #  ];
+    #  hostname = "rlcraft";
+    #  environment = defaultEnv // {
+    #    VERSION = "1.12.2";
+    #    CF_SLUG = "rlcraft";
+    #    DIFFICULTY = "hard";
+    #    ENABLE_COMMAND_BLOCK = "true";
+    #  };
+    #  extraOptions = defaultOptions;
+    #  log-driver = "local";
+    #  environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
+    #};
+    prominence-ii = {
+      image = "itzg/minecraft-server:java25-graalvm";
+      volumes = [
+        "${minecraft_path}/prominence-ii/modpacks:/modpacks:ro"
+        "${minecraft_path}/prominence-ii/data:/data"
+      ];
+      hostname = "pii";
+      environment = defaultEnv // {
+        VERSION = "1.20.1";
+        TYPE = "modrinth";
+        MODRINTH_MODPACK = "prominence-2-fabric";
+        MODRINTH_VERSION = "3.9.14hf";
+        USE_AIKAR_FLAGS = "false";
+        USE_MEOWICE_FLAGS = "true";
+        DIFFICULTY = "hard";
+        ENABLE_COMMAND_BLOCK = "true";
+      };
+      extraOptions = defaultOptions;
+      log-driver = "local";
+    };
    # bcg-plus = {
    #   image = "itzg/minecraft-server:java17";
    #   volumes = [
--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@@ -1,130 +1,143 @@
 { config, pkgs, ... }:

 let
-  delugeBase = {
+  qbitBase = {
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
-      UMASK = "000";
-      DEBUG = "true";
-      DELUGE_DAEMON_LOG_LEVEL = "debug";
-      DELUGE_WEB_LOG_LEVEL = "debug";
    };
  };

  vars = import ../vars.nix;
  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
-  deluge_path = "${torr_path}/deluge";
-  delugevpn_path = "${torr_path}/delugevpn";
-
-  #genSopsConfWg = file: {
-  #  "${file}" = {
-  #    format = "binary";
-  #    sopsFile = ./wg/${file};
-  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
-  #    owner = "docker-service";
-  #    group = "users";
-  #    restartUnits = [ "docker-delugeVPN.service" ];
-  #  };
-  #};
-
-  genSopsConfOvpn = file: {
-    "${file}" = {
-      format = "binary";
-      sopsFile = ./openvpn/${file};
-      path = "${delugevpn_path}/config/openvpn/configs/${file}";
-      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
-    };
-
-  };
+  qbit_path = "${torr_path}/qbit";
+  qbitvpn_path = "${torr_path}/qbitvpn";
+  qbitperm_path = "${torr_path}/qbitperm";
 in
 {

  virtualisation.oci-containers.containers = {
-    deluge = delugeBase // {
-      image = "binhex/arch-deluge";
+    qbit = qbitBase // {
+      # webui port is 8082, torr port is 29432
+      environment = qbitBase.environment // {
+        WEBUI_PORT = "8082";
+        TORRENTING_PORT = "29432";
+      };
      volumes = [
-        "${deluge_path}/config:/config"
-        "${deluge_path}/data/:/data"
+        "${qbit_path}/config:/config" # move from docker/qbit to qbit_path
+        "${torr_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
+      networks = [ "host" ];
      ports = [
-        "8084:8112"
-        "29433:29433"
+        "8082:8082"
+        "29432:29432"
+        "29432:29432/udp"
+      ];
+      extraOptions = [
+        "--dns=9.9.9.9"
      ];
    };
-    delugeVPN = delugeBase // {
-      image = "binhex/arch-delugevpn:latest";
+
+    # temp instance
+    qbitVPN = qbitBase // {
+      # webui port is 8081, torr port is 39274
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      environment = qbitBase.environment // {
+        WEBUI_PORT = "8081";
+      };
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitvpn_path}/config:/config"
+        "${torr_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    gluetun-qbit = {
+      image = "qmcgaw/gluetun:v3";
      capabilities = {
        NET_ADMIN = true;
      };
-      autoRemoveOnStop = false;
-      environment = delugeBase.environment // {
-        VPN_ENABLED = "yes";
-        VPN_CLIENT = "openvpn";
-        VPN_PROV = "protonvpn";
-        ENABLE_PRIVOXY = "yes";
-        LAN_NETWORK = "192.168.0.0/16";
-        ENABLE_STARTUP_SCRIPTS = "yes";
-        #NAME_SERVERS = "194.242.2.9";
-        #NAME_SERVERS = "9.9.9.9";
-        # note, delete /config/perms.txt to force a bulk permissions update
-      };
-      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
-      volumes = [
-        "${delugevpn_path}/config:/config"
-        "${deluge_path}/data:/data" # use common torrent path yuck
-        "/etc/localtime:/etc/localtime:ro"
+      devices = [
+        "/dev/net/tun:/dev/net/tun"
      ];
      ports = [
-        "8085:8112"
-        "8119:8118"
-        "39275:39275"
-        "39275:39275/udp"
-        "48346:48346"
-        "48346:48346/udp"
+        "8081:8081"
+        "8083:8083"
+      ];
+      environment = {
+        TZ = "America/New_York";
+        # SOPS prep
+      };
+      environmentFiles = [
+        config.sops.secrets."docker/gluetun".path
+        config.sops.secrets."docker/gluetun-qbitvpn".path
+      ];
+    };

+    # permanent instance
+    qbitPerm = qbitBase // {
+      # webui port is 8083, torr port is 29434
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      environment = qbitBase.environment // {
+        WEBUI_PORT = "8083";
+      };
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitperm_path}/config:/config"
+        "${torr_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    gluetun-qbitperm = {
+      image = "qmcgaw/gluetun:v3";
+      capabilities = {
+        NET_ADMIN = true;
+      };
+      devices = [
+        "/dev/net/tun:/dev/net/tun"
+      ];
+      ports = [
+        "8083:8083"
+      ];
+      environment = {
+        TZ = "America/New_York";
+        # SOPS prep
+      };
+      environmentFiles = [
+        config.sops.secrets."docker/gluetun".path
+        config.sops.secrets."docker/gluetun-qbitperm".path
      ];
    };
  };

-  systemd.services.docker-delugeVPN = {
-    serviceConfig = {
-      ExecStartPre = [
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
-          + "-type l -not -name network.ovpn "
-          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
-        )
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
-          + "-type l "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
-        )
+  sops.secrets = {
+    "docker/gluetun" = {
+      owner = "docker-service";
+      restartUnits = [
+        "docker-gluetun-qbit.service"
+        "docker-gluetun-qbitperm.service"
      ];
-      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
    };
-  };
-
-  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
-    "docker/delugevpn" = {
+    "docker/gluetun-qbitvpn" = {
      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
+      restartUnits = [
+        "docker-gluetun-qbit.service"
+      ];
    };
-    "docker/protonvpn-start-script" = {
-      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
+    "docker/gluetun-qbitperm" = {
      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
+      restartUnits = [
+        "docker-gluetun-qbitperm.service"
+      ];
    };
  };
 }
--- a/systems/palatine-hill/firewall.nix
+++ b/systems/palatine-hill/firewall.nix
@@ -45,6 +45,14 @@
      8686
      8787
      5055
+
+      # torr
+      29432
+    ];
+
+    allowedUDPPorts = [
+      # torr
+      29432
    ];

  };
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -32,6 +32,9 @@ docker:
    sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str]
    lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str]
    jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str]
+    gluetun: ENC[AES256_GCM,data:ryhYVOYEZl5zDs+xMgbWI6q/Ei2AiNZJMxT/TcaHzTEocINgbczWk9GKeeZKno71vFXiF9/tPpYavLqvjWNL77doWDB+wiYrtBJ97PkQ70dqWntua9E8eCalYlIZpRbLsl5OA9ZHorIMPjjSB2CRYLCqq30PPi5I2TtRvs/g6LRUN4sZ/E2TTUjz7AEY7228ZEuHt1UkU+dY/jEbx6fwrm/ocP8xKvYUuAR1/Cx/z4N0mqmVl+FX/5dRSkmhpfAxO9ss898XKiJW4rewQIbG5ccYal+reZZr70TaEJQqg5KIfAnbp6dEjAsSXnRiEF801JXM0h+d14ECT4tQmdyvYBdCVnJ/Ibqw9D15cViHmeDbR68spqOCj67FSMKxgCVx4KFrxPOualsULX7RL/UbHq2cwyziSFkH4n2ljFlKohyj39F7EparJbiCOumNfhRWknDDwvXY+BjJhbAe19ccKP6QWrS68uBp0cTXqb0rVN/qlfz6Sj5EYj5M/u0rl6d5xctnKmOzfLjI2m5+E9WfDJaAUcP/Ihs+p2eD7aSQTIj+O7I66ju+UAz66D9ZoU1U3uVQ9gaPI5dOMmYdLKS3b19EVytwW2W13d0WXKIw5Vfb7MvFh9I0iPWq+ntL4jQzMYSwV5Y=,iv:Cy3h5I3vbqKORdqw91SHL4tRMeGHMLsXgQ0USJ2jtzk=,tag:0J/p1sUQfXR4ujjY7VzZuQ==,type:str]
+    gluetun-qbitvpn: ENC[AES256_GCM,data:3IdmuLvWs5YRQZuG9y1GRTMKMbR7OynUUVluezviDOV22EkABvo3Ic/+xZrWi/lzAhQRwRsCGjinlUJf7lBvPLg53HaIplbzSIyd3IPLbKzEVAK32WYB/M5cGNQW+XV8TiKK72HO8+WG588A0bsuvp/wQ86ohpRHVrnlboANLS3diCNXI3VdFIHPGpvM77TqB3/vo2AFLKjxi2es4l6KRam8cEUFAz0eH03tTUYaxy+ewA5IZCQSbMURLFKKdh0EATTG5jIz3jFp372fnk8UBgFPeH8+N9VHNM6rnV6zAsC2Vlj2E1YQRTRqOwSK0NRAAV5NBbr7zumS3VS0rVUpIbZVrW/C2BSAVbzowkHuo5o1B7UFsryb3s2FJJGF2biaDoL+ijM5a0Qi4LfNeaSLNKrzaTin0wYq8rPrQKOUBZL4t6FsRbG7KHmfwM4uYdWqV5h1syjI9WWReuePVb416YvqSH9p8HhNsDTka8IGgYkHcYAXYuuxUc6sgQONBwrsdeN5Dhq1IedhuOW+3qAV+hHl8qmVgiWZ8Ss+nmo016nsikifEp08N7J8t3f86/SFZO+YMBxQ/K9PJLsJzR2jsBcf2aTlq0cuzXDvb4cMtro=,iv:N9zdyKJDsj049j5hZOSnAkS/VTWlC3crTODJKIpYYko=,tag:uYHq3CZj0P/BAv+0Ak5ZEw==,type:str]
+    gluetun-qbitperm: ENC[AES256_GCM,data:kzSrILs78UkzNeAvxoDU3QsLKdapQNyQW9nq0it+7HhhwDQ0MJB1s2Ek8zKErTatpwzG8xiUK0HwX5hFLgNZYc+OE0CH4PUrgX1t6dykuPLD2rKQL7veElNgqhX0/39xNyopyJk2UMVFNSqoV1DCC/ja9MqX9+jBYk++7DeX7v1Gl1ntjzJ+zIscg0nOTN1eQAHtiOWtFU0COC/aA8KS+HLIsMkjrIk9UD4C/DE8AOS07s+gDxPRtl6L7324FRqjEHNyxAobWOOLeG711RZcskF7dlminVJu4aVGbBwIy/zDdHFxRwO6yaLr/AqrTlRVOa2O8Qu2Ydpv8ZNj2F6fHrVNNmVwvMEKYibV6oMVo72uT+DTz/mFaYuTUeuJfkdCy7tnQYhBnpbd5J4mKfVb8uOF9Tx02kL2fTFKyvtET3nrtakQUjv8mEqHn4F8136O2JvUBN5RmC3B3vRdFjYgdfwy8hUT9b0Cmi8w0Zzs+XGMRdvWv2g6b5fmlAn0K+a0KB1fdDLhvbIXhY+sYzR3yOH01K0lW3xVdnl1eMIFjZkUGRTi32HyCYb0SUA1EcXmtA4XmyZ6HHFEXFA5y2guVqU4xLyXXldM+lGB7yGLMcM=,iv:kuueHxYafrEdyBxGUBoU2ks7kdr/rWMnXZmE3Kx/iK4=,tag:bNIfP3H5/Kh3ofuCGGx5Hg==,type:str]
 acme:
    bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -50,8 +53,8 @@ sops:
            cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
            LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-25T17:45:31Z"
-    mac: ENC[AES256_GCM,data:lVRqQWnO1RvmoW13/xCpP2SvibccRWwmr1Gyj6EgrE+V+Iu1bfnZRkTkHiFIQqQLQgCy2qBiSHeZF/dNERe83eEwpXgRQAduarpE/qL8K1mxcwf5HMMYACjlNfsL/I1/TCJrJ7DZBxI4neRLetc5OpScVXqHj1neOodD/g8n+ls=,iv:+gZpo0I2NVYz24o42mUW/OkfONqNSjgaJeKeFdKx7dg=,tag:EJnpiotQuBKth21mdhvjZQ==,type:str]
+    lastmodified: "2026-01-10T05:52:21Z"
+    mac: ENC[AES256_GCM,data:DyLjQrIXJD7udT32xJ20WgCYr+4zXr7s0uuVMxOYSiC1VphhV+BQ2BgGF0bxAfx1n+JiO2BnyX8uD+z/iWh/k/9+UBGnL3MPJ5L5ffvno8hktVU9NHO72xkugYIkbSievTYrJGcSwWAsfJGTm4+1rG9GgcSoxIvRUoR6QJss22s=,iv:pHkPR0Va4bKjZVzNtvsDJ211ORNvNyZfWRf70OWI01w=,tag:/gEp09I+1nD6Cn6dPGZglA==,type:str]
    pgp:
        - created_at: "2024-11-28T18:56:39Z"
          enc: |-
--- a/users/alice/non-server.nix
+++ b/users/alice/non-server.nix
@@ -66,7 +66,7 @@

    # nix tools
    nil
-    nixfmt-rfc-style
+    nixfmt
    nix-init

    # markdown
Author	SHA1	Message	Date
ahuston-0	004ccc4161	update flake lock, swap off of adb and nixfmt-rfc-style Some checks failed Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9s Details Check Nix flake / Perform Nix flake checks (pull_request) Failing after 2m40s Details	2026-01-16 12:32:23 -05:00
ahuston-0	5f8cd26ac8	Merge pull request 'feature/qbit' (#172 ) from feature/qbit into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 12s Details Check Nix flake / Perform Nix flake checks (push) Failing after 3m50s Details Reviewed-on: #172	2026-01-16 12:29:45 -05:00
ahuston-0	49f4303af0	set up prominence II server All checks were successful Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m47s Details Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 8s Details	2026-01-16 12:25:01 -05:00
ahuston-0	1397f3bce8	split gluetun instances Some checks failed Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 10s Details Check Nix flake / Perform Nix flake checks (pull_request) Failing after 39s Details	2026-01-10 01:07:18 -05:00
ahuston-0	31ca3ebc18	port forwarding All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 17s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m59s Details	2026-01-09 23:27:03 -05:00
ahuston-0	65cfa5a29c	port forwarding All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 11s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m49s Details	2026-01-09 23:25:05 -05:00
ahuston-0	14d2998fcb	port forwarding All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 15s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m33s Details	2026-01-09 23:12:54 -05:00
ahuston-0	f5e22ad04a	port forwarding All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 11s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m37s Details	2026-01-09 23:08:05 -05:00
ahuston-0	96ac9384c3	fix ports All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 19s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 4m33s Details	2026-01-09 22:41:15 -05:00
ahuston-0	6d1e44b219	update ports	2026-01-09 22:41:14 -05:00
ahuston-0	49f6858484	Merge pull request 'qbit is host networked' (#171 ) from feature/qbit into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 13s Details Check Nix flake / Perform Nix flake checks (push) Successful in 3m49s Details Update flakes / update_lockfile (push) Failing after 8m45s Details Reviewed-on: #171	2026-01-08 16:34:10 -05:00
ahuston-0	141d893493	remove data path for trash All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 1m18s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 4m44s Details	2026-01-08 16:28:54 -05:00
ahuston-0	670a19f27f	qbit is host networked Some checks failed Check Nix flake / Perform Nix flake checks (pull_request) Failing after 26s Details Check flake.lock / Check health of `flake.lock` (pull_request) Failing after 15s Details	2026-01-08 11:45:34 -05:00
ahuston-0	2b53e6d478	Merge pull request 'feature/qbit' (#170 ) from feature/qbit into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 10s Details Check Nix flake / Perform Nix flake checks (push) Failing after 16m4s Details Update flakes / update_lockfile (push) Failing after 10m41s Details Reviewed-on: #170	2026-01-08 03:04:52 -05:00
ahuston-0	158bfad61c	fix ports	2026-01-08 03:04:52 -05:00
ahuston-0	d247c38cb1	fix ports	2026-01-08 03:04:52 -05:00
ahuston-0	70dc094061	fix ports	2026-01-08 03:04:52 -05:00
ahuston-0	701199c12e	fix capabilties	2026-01-08 03:04:52 -05:00
ahuston-0	5f3a4edbda	fix capabilties	2026-01-08 03:04:52 -05:00
ahuston-0	5aa5ccc98c	fix ports	2026-01-08 03:04:52 -05:00
ahuston-0	f9f5c535f5	fix capabilties	2026-01-08 03:04:52 -05:00
ahuston-0	068327df3d	Merge pull request 'add qbit config' (#169 ) from feature/qbit into main Some checks failed Check flake.lock / Check health of `flake.lock` (push) Successful in 11s Details Check Nix flake / Perform Nix flake checks (push) Failing after 3m7s Details Reviewed-on: #169	2026-01-07 22:34:41 -05:00
ahuston-0	6befd45a07	add qbit config All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 13s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m5s Details	2026-01-07 22:16:01 -05:00