.forgejo/workflows/build_nixos_configs.yml

@@ -1,30 +0,0 @@
-name: Buill NixOS Configurations
-on: [push]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    container:
-      image: node:25
-      volumes:
-        - "/nix:/nix"
-    strategy:
-      matrix:
-        system:
-          - "carbon"
-          - "git"
-          - "gospel"
-          - "node"
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - run: |
-          echo 'Building configuration for ${{ matrix.system }}'
-          nix --extra-experimental-features nix-command --extra-experimental-features flakes \
-            build .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel
-      - name: Push build to attic
-        run: |
-          nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-            -- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }}
-          nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-            -- push gospel:nixosConfigs ./result

.forgejo/workflows/demo.yaml

@@ -0,0 +1,19 @@
+name: Forgejo Actions Demo
+run-name: ${{ forgejo.actor }} is testing out Forgejo Actions 🚀
+on: [push]
+
+jobs:
+  Explore-Forgejo-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "🎉 The job was automatically triggered by a ${{ forgejo.event_name }} event."
+      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Forgejo!"
+      - run: echo "🔎 The name of your branch is ${{ forgejo.ref }} and your repository is ${{ forgejo.repository }}."
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - run: echo "💡 The ${{ forgejo.repository }} repository has been cloned to the runner."
+      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
+      - name: List files in the repository
+        run: |
+          ls ${{ forgejo.workspace }}
+      - run: echo "🍏 This job's status is ${{ job.status }}."

homes/x86_64-linux/alejandro@git/default.nix

@@ -12,5 +12,6 @@
   nix.gc = {
     automatic = true;
     options = "-d";
+    frequency = "03:15";
   };
 }

modules/home/programs/opencode/default.nix

@@ -26,10 +26,6 @@ in
       enable = true;
       settings = {
         theme = "catppuccin";
-        keybinds = {
-          app_exit = "ctrl+d,<leader>q";
-          session_interrupt = "ctrl+c";
-        };
         mcp = {
           context7 = {
             type = "local";

modules/home/windowManagers/hyprland/default.nix

@@ -24,14 +24,6 @@ let
   emoji_picker = "${pkgs.bemoji}/bin/bemoji -t";
   terminal = "${pkgs.kitty}/bin/kitty";
 
-  layout_toggle_script = pkgs.writeShellScriptBin "layout-toggle" ''
-    current_layout="$(${pkgs.hyprland}/bin/hyprctl getoption general:layout -j | ${pkgs.jq}/bin/jq -r .str)"
-    case "$current_layout" in 
-        master) ${pkgs.hyprland}/bin/hyprctl -q keyword general:layout dwindle ;;
-        dwindle) ${pkgs.hyprland}/bin/hyprctl -q keyword general:layout master ;;
-    esac
-  '';
-
   generate_grim_command = target: ''
     exec mkdir -p ~/screenshots \
     && ${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp)" \
@@ -155,11 +147,6 @@ in
           preserve_split = true;
         };
 
-        # Master layout
-        master = {
-          orientation = "center";
-        };
-
         # Window rules
         windowrule = [
           "suppress_event maximize, match:class .*"
@@ -221,7 +208,6 @@ in
           "$mod SHIFT, o, movetoworkspace, 9"
 
           # Layout
-          "$mod, g, exec, ${layout_toggle_script}/bin/layout-toggle"
           "$mod, v, togglesplit"
           "$mod, f, fullscreen"
           "$mod SHIFT, f, togglefloating"

modules/nixos/nix/default.nix

@@ -13,6 +13,7 @@ let
     ;
 
   cfg = config.aa.nix;
+  selfHostedCacheHost = "https://cache.kilonull.com/";
 in
 {
   options.aa.nix = {
@@ -71,12 +72,13 @@ in
                 if cfg.useSelfhostedCache then
                   [
                     # TESTING
-                    "https://attic.kilonull.com/nixosConfigs"
+                    "https://minio.kilonull.com/nix-store"
+                    selfHostedCacheHost
                   ]
                 else
                   [ ];
               trusted-public-keys = mkIf cfg.useSelfhostedCache [
-                "nixosConfigs:mjWq+JcnAqwT20OZSsrh9od6LTNn8U3cYdaXhqhDqP0="
+                "gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="
               ];
             };
 

modules/nixos/services/atticd/default.nix

@@ -1,81 +0,0 @@
-{
-  config,
-  namespace,
-  lib,
-  ...
-}:
-let
-  attic_cfg = config.services.atticd;
-  cfg = config.${namespace}.services.atticd;
-in
-{
-  options.${namespace}.services.atticd = {
-    enable = lib.mkEnableOption "atticd";
-    acmeCertName = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-      description = ''
-        If set to a non-empty string, forces SSL with the supplied acme
-        certificate.
-      '';
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    age.secrets.atticd.file = ../../../../secrets/atticd.age;
-
-    services.atticd = {
-      enable = true;
-      # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
-      # This file should have the following content:
-      #
-      # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=secret
-      #
-      # The secret is a base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. It
-      # can be generated with this command:
-      #
-      # openssl genrsa -traditional 4096 | base64 -w0
-      environmentFile = config.age.secrets.atticd.path;
-      settings = {
-        allowed-hosts = [ "attic.kilonull.com" ];
-        api-endpoint = "https://attic.kilonull.com/";
-        listen = "[::]:8080";
-        garbage-collection.retention-period = "30d";
-        database.url = "postgresql://atticd/?host=/run/postgresql";
-      };
-    };
-
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "atticd" ];
-      ensureUsers = [
-        {
-          name = attic_cfg.user;
-          ensureDBOwnership = true;
-        }
-      ];
-      identMap = ''
-        attic attic attic
-      '';
-      authentication = ''
-        local all attic peer map=attic
-      '';
-    };
-
-    services.nginx = {
-      enable = true;
-      virtualHosts."attic.kilonull.com" = {
-        extraConfig = ''
-          client_max_body_size 0;
-        '';
-        locations."/" = {
-          proxyPass = "http://localhost:8080";
-        };
-      }
-      // lib.optionalAttrs (cfg.acmeCertName != "") {
-        forceSSL = true;
-        useACMEHost = cfg.acmeCertName;
-      };
-    };
-  };
-}

secrets/atticd.age

@@ -1,104 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBUdktL
-MDQvOGtBaUIrOFhxdG5iN202aW5PakcyYjZDQXliblhiWUVWTUJZCnR3bjlkcVQr
-cEVONURSRkJrZXNLSHhEdDBWeXIwUitwVGJMdVBoS0I5ZXcKLT4gc3NoLWVkMjU1
-MTkgUFpLZk9RIHZBem93VTE5aXBYNTRxaVJUREw3cXo5MzVGOHdIVmhrSDR5OHVo
-U2dSbk0KRURNSEZ5TXlzU09TNDNLRTJWMXFDSkpTeVMzbTJsdWxGVDc0TTBGOVBi
-awotPiBwaXYtcDI1NiBVSUVHemcgQXFOOVg0NkxiZjdmdkR4UmNwUDhnZTRZbTFs
-V0IyWXRNQ1Q5QTJRa0NweFIKR3ZUdDdsUHlHcjBhMlBZam4wMTVFZUxzdVRZVVpx
-ejR1OHhLMEVIUUlXQQotPiB2SChHM2xELWdyZWFzZSB9WiB2SDldIEo+YUkvNiBb
-PFYKZlIyWGpwQVNOT3lucmRCTTdjWUgrcVYvOGZJCi0tLSBwUEJ6M25wOVVoSENF
-a2oycWNZTlJQangvckI4THJ6eDNEYjhpSVQzVzlvCn/cvSXYNYJT+NkjOLx8mPnh
-FpPT8TwBTcHS5IRvzRlQsVTBHUCjjeWCwTh+GtesiAsFjvIMa5B0Krx0JDKlnRty
-UDCDtkX5PVb59Azg08qln06tn6TtvqnG/BHm4qRLDtSJouJYiLJeYgwi97Ms9BqX
-+LoPIKfJjnJ2+dymWWLMAD9iZQSzg7W+m1mWMN7ARjwAPeUfWhwuMmkmYE4RB+Wu
-wpahkSIyx9+UCDCynUIw3PiTLahY6ltUPUf0ByIPqUjeid6JaND2nwBzWuhZq3Oq
-vwNVY8HcRHHD4HLnDIYccV92Xm7BnYJfBxK4MQV36X8RJ90I6t15+hsm+nHJX3WI
-0mYn2po6n2wYs2MXyFBWk0xkovkJJk0O7uGcGJcwe94roy8FD7hQT8h3hTUNYh3y
-PRoO3ih42Ffsw2fL2+UNaKqFEqVxrTy313PK8SbONhquuVmSzBFOzSo2bA7cyA02
-ssJl+xV53xKBg34JxYMCjeaKGfV27eAe/+OzIBP8Ze4nK+y0hXDDvnpUNmn0qZDx
-iDkCM/+Bw9AlvWOsIVRoSSzngWUaBkiJndVgB2G2TidgUu6NmsdSYTzZLm31rdgB
-uosw/HLp6fmCeOi9DLdphuu2rPSBQcmhuuDgPXta+5STRkMN/oXrNWOm7Os7Imay
-iitbqCRjSGE6JnzWl2aS3ZiuymEe3+lc+xCs/EYnq/2zA2G+FJFq8s2L686RBD4L
-wSTB2u+G5phPP31PPRogr1fLDatDgcBSyn2qs8aquW53IZlFvtzusKmVU2B23aCa
-iX+DnAukcYrR7N/3eQYbPcf7MNgogi6UYuSpTeQW3/lu3OKW+qgkhEQNom9M0vy2
-SRi7E0je0RlrbpOFqOplla2VOe8VSP2SYydO023vt3SuDRLwAHKQNlBIsb0KTGLg
-qhYHYMBlEu6bppWPeUNrmHUrqZcMySJvpQW1i+OyWe7tDEIESetiGe6C6Cq9vR7h
-t7G6JPbWGZmG/gO5BTK/mgwLfn/AAEGpeGVU26tscdmTBRiFYf/7cc3394vTbpes
-Eol6cP7pukp1d1kp5gNlZrEZ6DL4BdSs1kaVJhTLYPNyJz+JUK1SEc9y33VhkeTO
-6smXk3OnBaKqBuF0d6Bt34IuxMuaZDeL6229rtRjY9wKyK/U+R6cWzL51prsv3gk
-afS/HVbul02DvwixBlOFVfOY97DiIK62lp41ImxIyy1ToGYs/446MlQAaw9Tm6lD
-6RloTCMS4qeLmAvO+hQzdX82pJWvTQajhtkMxi4KHlyxREbzIGniFqFmyQFaJnCC
-UAYyliMPkgsN5y+5gGdI46lN3/pp8jIbr59VnVPQVM1hpCbRwglDP+Bu4G95jlmI
-Iv0Izjk88tKJ8qmKFgvvWZRp7L0X4/CJTCwub/+gSQ0IxmRD4d8wDfMbtad8vbl6
-t8h2C7CyZXR/ZpKuV5vVDtK++w/mJvi4MTgYY6B11AM0C25qVNV4AIYKnSKqn5mK
-zkGEiSvnjAvxmLCMAm/diNG+l4R7HS0LA4oGemEWq2ts6EuDi+Tbyy2oMNFHtkTj
-aIRi64S36Q8TRDUsGAzfXeySIdWl1gglmuJJKbFglo60bjX22jTSUJhDgncUX7ae
-DyUqb1cXYnvWyiwQH8EsIZo59SaZYhAfyVN44uvqGxuN+NV6gVmb/MzVVycqWPFU
-VDXwfzgQBJaVO0SNFumNANnGYY4Nf7yK5w/TmsrwDMWeUbrHqIXAHtYGX+1UEFKe
-4zx1dTeO8hbexf/uEhAgbFos4QEMJ2WhwtAvzT1VITbdVNus6zM/RC6OV4TTigMA
-RpZfXiw3L3FMxB7PObOeLJ7UVZSMzOMMRt6apzYOScrwV1WqBvryzE/rxZCHkpDw
-yxRgghD/UnpvwhdY4GQ2BhPUCqD/YYqShLNoFGbAzylaR1BMWUPsawb3KPlaN2/x
-y3+9RcztzwjgDvxk4XVLQhLunBD6HnKwpFyCGDW97DkG85knmv48J7Mw+uY2pfte
-hCc3/oLwNxFFyjW7S3F+w4cBlLRxwtvIq1TfZ14q/dgUcgFqIDSUCEOy3NoBzxDc
-k9eoYTPYXStDFRkNsEwCYqBtqDeUFO8GefMOeE/xC9O2SHjw746BaYz2crDZHqo6
-UewVQrNKk2ofrNliv7qPB410XxdKJ9lwn54sAIzbfplTVjd+vnixRs93ISZYrglP
-+8iQB8v1JVuBXNQV8/F3RXBQFZrZ4frtLO6usT/mOxUyhOltJLrH/rcyshKIuxGY
-ATf2SmT5g4ejXhI0fauTHc6yJ4h7XhKgpDysPDxTxOORPzv0H14IDcLitpgsCLh8
-EtGNfMNc/iNrjDj0ydZ3pgURpXHYPFlliTesMK+pA26LQahG+x4UwF0IIxNUUdL2
-xWgrGuif1nqknd4/p1STtaASHNt8I95eDR49aHlozK3D+Yh179+RNHoMJsy58LaU
-Nq7Cx6iimp3LJRsVMqH8khNH3DsVPhHbJFBUeEt0HYzCh4KAe0qJLrLa8Oc975N6
-CzyworGfParm+/edX3JtEenLdzSjdy4xMnySoKVKJpjfjYDo6GGQ1qGnucCWrd3m
-zvqm60kbnWRnSFGVA6oLBvUcKmTOaK+FjCICCuodD9UwvQZuDoxDsRBa8AzBPu4m
-vka4If1uYZUAtefUG2oQASBV9atFpEbQ+sbvI65bBTALMmZzBcF6MW6P6TxZSQkw
-bd1ELgwN1hYQhTFpPwQKMwPfGhYitW2gIeE+cXp0Wi4fKk8Wg2pF3pHftOhUSAg5
-2qbeF8ovlv3APZbTPdlZVuqg993zRgetutoDxvdSCBBp1mvuURUp/Vr2ZijRDZFs
-NnbwcTUCLEPZ/gSgw17XE+ZyYo5L9OJrX6zmRxL88Kxz7dqyN3Yq4WMIdHDDRxFZ
-BEYjGXuekehf3cRtkHytkbEM2m6ACdvHBAsvCpl8Lj2mmMcYy4A88oLUatAgNIzd
-4hb1chaCNePuKRwP7rW7PDJ/8ieiUfG8OiL/blUfVJnDBuHX5PWvYeAiZN4rLm/2
-s1fenVnjzPewVO8flDu8q5/J8msbF+FnSoxqwRE+Uu6Zny5XWSp0ltbKIr1/4Qcw
-mqUu076h5n9abj8P6RYAqn1sZabvXWrkNSA2OqYgnhFT7NYAXZtw1AMxWohOJ8Wq
-q+pjqj9Ci8FBBlwzMLxLuBefmD0Nn4CLWLDTIW7Ee0aDxY50ruM4eF3173jik1LB
-/6wIalfA+M7W4BTGYZk+RkmXHH7CS4mWOepkCmLxdJnltyJBKAPEbjd49OVIwV7R
-Pwp+HkwaKoZxZMhV9sqfLfXBXG1zIDdngp+JgPzdkK38rqiGz2niijqcg3NObOFV
-hPduSyoGbY/hARSwrQwa1QX1YYpv28kjnSzVmsACs5h03xCBQgJIgfPnV1Kv8I5S
-vTLYwNa57hw4f6Td2WljZuwuoAy6ee3her9ArXDr68m02KBjo0GB/gRtPH/ekqbJ
-bpRHNblAXCyfSzIHNZE4Md4iHtZk5/TAqj1AjVnXVrSAwkgMRLLeC+NAcg6N+Vfd
-oLLWeHOBs/kS0bQd+Uo3hkrS6gkFyqbKoC9B1Hh0TA809Ut/gyyAg01mjstWHsfN
-sALvcA9eETOzSw/WoFPxOmpfwuDXBybg/8yXpw3mgNCNDlTZG7M1ZfwStOlZRU58
-gwMeHKh+/oc8VjZWh93F2Xy7paTva7pXpHn84n7nN81jFbPsIhC+GWq0O3hHQaha
-+9OgxsThOPcor9mE+HLIk3eL+v89DmS33Cubim1YPxVxFmX8w4VxXaHrU4TC3/iy
-uVhNfoysjX92w503UhUp0pZaOQHuqihpePbEnQMpHr7UEtYq5WXTq+8wQj6xuakY
-FOShK8yvK9RQUTYA5mIoWGRc8z10YTJHagOrQIzp7/WDQHkNIdlMaOnJ7NIq2w19
-vily7S+EcGdf3rPr+H6rE8sq++9ziNQsdnuz4BCcopybdyRdQ08qd1Ok1j1/Hdqj
-aDOLk54Ue1FzQPQh3rcFxWCEk5uRSePHdJI0WNGm+5ji4ME3hv8lWYR0B+PrSD8f
-AmnYRWVzPwzXSDGr9YtiNVezPN9PCSedKBgfhOP0qkxk5lSeFQMpHM+Glmi6SXFw
-i720L3QpLGjQSqD66P1EKErWCVnIBV4nr7dRxKzPMRMdEKZ5MV/c0VGqewrH3q1P
-rs41OFplzz4pMOUngFglayItcmD9FqQab4bGImK7/4ft3W0nZIUmYEPQyoGfNvh+
-qKSO3dBM2wsw8LFMeLzHAoBT+2YfSv6FBRCeFdBQH3ABRqXFcGOgj/oaQp6Qb84r
-v2kCi9BodXD0SWpkMadtW0XWYRkhI90xTsgDTuFdta6QpxjQMt+9Hrcm0Lu+tUG8
-slCQND3+Inq8bfRiEEdKTgTbagzD/SiUOxWeTh2qolIXjaJa1OKf7HSXdFYUH32n
-hSwhPcFnYSdE3q8MaYZD915SjqhlirvVhSSsfz66ME62EotDPNLePplCaVs1wjpI
-6hTUoWJqEvuPN6oz80RurQAeKT+LC1iGRkfIK43RmZ+wk5VhsRUiu/fP2nhqAZmf
-GhmnzOCDt9x1g9STyTXDDLH/wDQqKSFTGbZpbatIo4oA1XkxH3F6BcYSf1ynQ/5J
-Fe+jPD9B/3Q+tdEspXw88MReVEu9kC72gop6psE7i4pQgCIpWnQetEhMSKYY1bOW
-WDR6H0oMYXiNmWRZ193je0S+xM00I+IBO6c6hg5dqyOxl+D0hztKpAOqxM8lohmV
-IH8RmJpAEr6Q4T4s6W0zxFEokL319wlKsTDCvAsEC2RiZREecZhKdOdX0M9yvtq+
-RABjcB4kdx3XF02cEcdrO9auRCXXMNFe7bgBgO0bKU1dwRXZ3EtiVx7/gxhzZ9lH
-NXstrAvZeDGPFk41uj5gaprJqtoQ92fonycFBpbdV7/uUN6cysyjQRN+FLboNjPa
-CvtbK5KTWTMQM1nZlHUa7kkke38GtLjKeZaPPuvPw2eSFBTg3gFvK0wd22uoBSHE
-mUy6mrHJiJ9UVvP+5EWcuFTURes/xv6WZYjPwbAVwGh+aj1t5qMtCZaA0j7yvi8C
-dwUQDUtqRWuwdmGouZG5ooAs8F82FsX8Sl69SFdwIrwoi/zOSj2XgHLKbu/T9Iiv
-Hr387XDxWYL3k2iaopRIEGSgurOAEalcvee173I6/Nw5NuA2ICB6wpBdKKgbxUhz
-dyueYz9DIGGr53iHPbBJlOcxGAFRQLQ07tA7BqtZwHpnGNoF32b114einU7ncgSr
-efTa9CEHRk5Uc02xJa1ZZK4XmFC+b6QKu1DBloPeXE1ohSry8JxO92wwBrAelGbj
-6wp1Thva/ql+HVnZUOwPS6GrDYltUXNt5DqJP3mEOsuf4b6Lji/1fsmFApX/pRvA
-tB/F22KMkTPVkH1WDSd15C+WAX/CkB+Gn27s5YLY99LFeRHoc4ICDUwnslZilFsz
-mP34qb6l5oB6QoHoNmO6Ypkr10FQUS4b+p4BHKSXMDJR0n055p5qqiyprq/nDy8w
-T7IApT76h6xkpLIJjklUHliWGlku5SjTLQaQRNAoZjFfCNDH0P7zrngcs2R9QY46
-oQC1uI3bdEftMGsZ3Djx8M56Z2RUbAgOuYgBdFYUv1BwJZs22/6ePs1JgdikENNt
-vCmlSl9URoUbFcghNKC5J8Niksd8Zn9ozf2xXgpcOsRuElvUO23opv+Hvur+ft5/
-FV4WYj26jOeAagF1Cj6se59MX3VqerTywEC+bKzQeol7wBGiZGRM+errNF0eMf6W
-4x8szh1liYv95p/4dTqSt70bctr+yZi2RjFnBYR+NdIaBgmkSHPBzWpyffUcXAnB
-6Dx29T5rSMwR8GXX3w==
------END AGE ENCRYPTED FILE-----

secrets/secrets.nix

@@ -13,11 +13,6 @@ let
   };
 in
 {
-  "atticd.age".publicKeys = [
-    users.me
-    machines.gospel
-    tmp
-  ];
   "cf_dns_kilonull.age".publicKeys = [
     users.me
     machines.node

systems/x86_64-linux/carbon/default.nix

@@ -9,7 +9,7 @@
   aa = {
     nix = {
       enable = true;
-      useSelfhostedCache = true;
+      useSelfhostedCache = false;
       remoteBuilder.client.enable = false;
     };
 

systems/x86_64-linux/gospel/default.nix

@@ -33,10 +33,6 @@
       dnsCredentialsFile = config.age.secrets.cf_dns_kilonull.path;
     };
 
-    services.atticd = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
     services.openssh.enable = true;
     services.printing.enable = true;
     services.tailscale = {
@@ -91,21 +87,7 @@
         name = config.networking.hostName;
         url = "https://git.alejandr0angul0.dev";
         tokenFile = config.age.secrets.gitea-runner-gospel.path;
-        hostPackages = with pkgs; [
-          nix
-          attic-client
-          bash
-          coreutils
-          curl
-          gawk
-          gitMinimal
-          gnused
-          nodejs
-          wget
-        ];
         labels = [
-          "nix-builder:host"
-
           "ubuntu-latest:docker://node:16-bullseye"
           "ubuntu-22.04:docker://node:16-bullseye"
           "ubuntu-20.04:docker://node:16-bullseye"
@@ -114,15 +96,6 @@
       };
     };
   };
-  # Allow the Forgejo Actions runner user to talk to nix-daemon when
-  # running jobs directly on the host.
-  nix.settings.trusted-users = [
-    config.systemd.services."gitea-runner-gospel".serviceConfig.User
-  ];
-  nix.settings.allowed-users = [
-    config.systemd.services."gitea-runner-gospel".serviceConfig.User
-  ];
-
   virtualisation = {
     libvirtd.enable = true;
 
@@ -159,10 +132,6 @@
         prefixLength = 24;
       }
     ];
-    firewall.allowedTCPPorts = [
-      80
-      443
-    ];
   };
   programs.winbox = {
     enable = true;