flake.lock: Update

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f079a96bc6e7643ce88b49a1f4390424a6e1b04a?narHash=sha256-H69U4f1a0cULUyhBZMO/LkVf/96i/MCbD1pflVcGVUo%3D' (2025-01-02)
  → 'github:NixOS/nixpkgs/bd27be8c9381a66288504d5266db495de571d7bf?narHash=sha256-vL6dGj%2B0w%2Bl1cK4duEokolgmx4Hu3O1TPjpD6Dfd7oY%3D' (2025-01-06)
• Updated input 'nixpkgs-master':
    'github:NixOS/nixpkgs/a5af1da13031048da9c54fdd9c6aef0889585fc1?narHash=sha256-3TceuzEunxCRAYGsimgh2Uz8ZoukMuxPkiHRR0qXOOU%3D' (2025-01-03)
  → 'github:NixOS/nixpkgs/6199c32fe66a688ce7c3483de2b05b358ab7a0a6?narHash=sha256-y1OxajWQrxP7naHYPoUCrf4AAhEqOGwpNbj%2BqBXSn5s%3D' (2025-01-06)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/4138c1b330db6ac6f67abcc9988202e231b3ec54?narHash=sha256-KY5WZZ0kNBcWZtecGWoMKkkCx4aQGEQgQXuBz%2BWTq20%3D' (2025-01-03)
  → 'github:NixOS/nixpkgs/9f46f57b78d2ef865cd8c58eff8d430bb62a471a?narHash=sha256-AdKOlljgcTLOrJb3HFpaaoHWJhFrkVeT9HbRm0JvcwE%3D' (2025-01-06)

config/hosts/forgejo/forgejo.nix

@@ -3,7 +3,6 @@
   services.forgejo = {
     enable = true;
     database.type = "postgres";
-    mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
 
     settings = {
       DEFAULT = {
@@ -60,5 +59,6 @@
         HOST = "redis+socket:///run/redis-forgejo/redis.sock";
       };
     };
+    secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret";
   };
 }

config/hosts/ikiwiki/configuration.nix

@@ -0,0 +1,27 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "ikiwiki";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 8443 ];
+    };
+  };
+
+  fileSystems = {
+    # partition data disk with `sudo mkfs.ext4 /dev/vdx`
+    # label data disk with `e2label /dev/vdx "data"`
+    "/mnt/data" = {
+      device = "/dev/disk/by-label/data";
+      fsType = "ext4";
+      autoResize = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}

config/hosts/ikiwiki/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./ikiwiki.nix
+    ./nginx.nix
+  ];
+}

config/hosts/ikiwiki/ikiwiki.nix

@@ -0,0 +1,136 @@
+{ pkgs, config, ... }:
+let
+  ikiwikiBootstrapTheme = pkgs.fetchgit {
+    url = "https://github.com/dequis/ikiwiki-bootstrap-theme.git";
+    rev = "afaedf8460d03664be6f590cf632b8be05de77dc";
+    hash = "sha256-iX/onqrsvzJdDrJ7WoQMnlAQtOA+rmi+esv25/IOsq8=";
+  }; # TODO: fork and set link color to #6d2bff or something
+  ikiwikiDataPath = "/mnt/data/ikiwiki";
+  ikiwikiSettingsHeader = pkgs.writeText "ikiwiki-settings-header" ''
+    # IkiWiki::Setup::Yaml - YAML formatted setup file
+  '';
+  ikiwikiSettings = {
+    wikiname = "fi-zone";
+    adminemail = "fiona@grzb.de";
+    adminuser = [
+      "fi"
+    ];
+    banned_users = [];
+    srcdir = "${ikiwikiDataPath}/fi-zone";
+    destdir = "${ikiwikiDataPath}/public_html/fi-zone";
+    url = "https://fi.nekover.se/";
+    cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
+    reverse_proxy = 0;
+    cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
+    cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi";
+    cgi_wrappermode = "06755";
+    cgi_overload_delay = "";
+    cgi_overload_message = "";
+    only_committed_changes = 0;
+    rcs = "";
+    add_plugins = [
+      "goodstuff"
+      "websetup"
+      "httpauth"
+    ];
+    disable_plugins = [];
+    templatedir = "${ikiwikiBootstrapTheme}";
+    underlaydir = "${pkgs.ikiwiki-full}/share/ikiwiki/basewiki";
+    usedirs = 1;
+    prefix_directives = 1;
+    indexpages = 0;
+    discussion = 0;
+    html5 = 1;
+    sslcookie = 1;
+    default_pageext = "mdwn";
+    htmlext = "html";
+    timeformat = "%c";
+    userdir = "";
+    numbacklinks = 10;
+    hardlink = 0;
+    libdirs = [];
+    libdir = "${ikiwikiDataPath}/.ikiwiki";
+    ENV = {};
+    timezone = ":/etc/localtime";
+    wiki_file_chars = "-[:alnum:]+/.:_";
+    allow_symlinks_before_srcdir = 0;
+    cookiejar = {
+      file = "${ikiwikiDataPath}/.ikiwiki/cookies";
+    };
+    useragent = "ikiwiki/${pkgs.ikiwiki-full.version}";
+    responsive_layout = 1;
+    deterministic = 0;
+    rss = 1;
+    atom = 1;
+    blogspam_pagespec = "postcomment(*)";
+    locked_pages = "* and !postcomment(*)";
+    comments_pagespec = "posts/* and !*/Discussion";
+    archive_pagespec = "page(posts/*) and !*/Discussion";
+    global_sidebars = 0;
+    tagbase = "tags";
+  };
+  ikiwikiSettingsFile = pkgs.concatText "fi-zone.setup" [
+    ikiwikiSettingsHeader
+    ((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
+  ];
+in
+{
+  environment.systemPackages = with pkgs; [
+    ikiwiki-full
+  ];
+
+  users = {
+    users.ikiwiki = {
+      isSystemUser = true;
+      group = "ikiwiki";
+    };
+    groups.ikiwiki = {};
+  };
+
+  services.fcgiwrap.instances."ikiwiki" = {
+    socket = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+    process = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+  };
+
+  systemd.services.ikiwiki-directory-setup = {
+    description = "Setup ikiwiki directory structure.";
+
+    script = ''
+      mkdir -p ${ikiwikiDataPath}
+      mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki
+      touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile
+      chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath}
+    '';
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };
+
+  systemd.services.ikiwiki-settings-setup = {
+    description = "Setup ikiwiki with configuration managed by NixOS.";
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
+      User = config.users.users.ikiwiki.name;
+      Group = config.users.users.ikiwiki.group;
+      Requires = [ "ikiwiki-directory-setup.service" ];
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };
+}

config/hosts/ikiwiki/nginx.nix

@@ -0,0 +1,47 @@
+{ pkgs, config, ... }:
+let
+  ikiwikiDataPath = "/mnt/data/ikiwiki";
+in
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."fi.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          extraParameters = [ "proxy_protocol" ];
+        }
+      ];
+      root = "${ikiwikiDataPath}/public_html/fi-zone";
+      locations = {
+        "/" = {
+          tryFiles = "$uri $uri/ =404";
+        };
+        "~ .cgi" = {
+          basicAuthFile = "/secrets/ikiwiki-auth-file.secret";
+          extraConfig = ''
+            gzip off;
+            fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
+            fastcgi_index ikiwiki.cgi;
+            fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
+            fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
+            fastcgi_param REMOTE_USER $remote_user if_not_empty;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+          '';
+        };
+      };
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}

config/hosts/ikiwiki/secrets.nix

@@ -0,0 +1,11 @@
+{ keyCommandEnv, ... }:
+{
+  deployment.keys."ikiwiki-auth-file.secret" = {
+    keyCommand = keyCommandEnv ++ [ "pass" "ikiwiki/auth-file" ];
+    destDir = "/secrets";
+    user = "nginx";
+    group = "nginx";
+    permissions = "0640";
+    uploadAt = "pre-activation";
+  };
+}

config/hosts/keycloak/keycloak.nix

@@ -3,10 +3,10 @@
   services.keycloak = {
     enable = true;
     settings = {
-      hostname = "id.nekover.se";
-      hostname-admin = "keycloak-admin.nekover.se";
-      hostname-strict-backchannel = true;
-      proxy = "edge";
+      hostname = "https://id.nekover.se";
+      hostname-admin = "https://keycloak-admin.nekover.se";
+      proxy-headers = "forwarded";
+      http-enabled = true;
       http-host = "127.0.0.1";
       http-port = 8080;
     };

config/hosts/mail-1/configuration.nix

@@ -15,28 +15,20 @@
         ];
         routes = [
           {
-            routeConfig = {
             Gateway = "10.202.41.1";
             Destination = "10.201.0.0/16";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.202.41.1";
             Destination = "10.202.0.0/16";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.202.41.1";
             Destination = "172.21.87.0/24";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.202.41.1";
             Destination = "212.53.203.19/32";
-            };
           }
         ];
         linkConfig.RequiredForOnline = "routable";
@@ -62,13 +54,11 @@
           PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
         };
         wireguardPeers = [{
-          wireguardPeerConfig = {
           PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
           PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
           Endpoint = "212.53.203.19:51822";
           AllowedIPs = [ "0.0.0.0/0" ];
           PersistentKeepalive = 25;
-          };
         }];
       };
     };

config/hosts/mail-2/configuration.nix

@@ -15,28 +15,20 @@
         ];
         routes = [
           {
-            routeConfig = {
             Gateway = "10.201.41.1";
             Destination = "10.201.0.0/16";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.201.41.1";
             Destination = "10.202.0.0/16";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.201.41.1";
             Destination = "172.21.87.0/24";
-            };
           }
           {
-            routeConfig = {
             Gateway = "10.201.41.1";
             Destination = "217.160.117.160/32";
-            };
           }
         ];
         linkConfig.RequiredForOnline = "routable";
@@ -62,13 +54,11 @@
           PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
         };
         wireguardPeers = [{
-          wireguardPeerConfig = {
           PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
           PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
           Endpoint = "217.160.117.160:51820";
           AllowedIPs = [ "0.0.0.0/0" ];
           PersistentKeepalive = 25;
-          };
         }];
       };
     };

config/hosts/mastodon/mastodon.nix

@@ -5,28 +5,37 @@ let
     rev = "v2.2";
     hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ=";
   };
+  mastodonModern = pkgs.fetchgit {
+    url = "https://git.gay/freeplay/Mastodon-Modern.git";
+    rev = "e9e53496789234d5782b5b3d97ed66a130b1678a";
+    hash = "sha256-lUq57Gbr1UCMVGoO4xTT3wYPNwohdepxSPCX+WP6AS8=";
+  };
   mastodonNekoversePatches = pkgs.fetchgit {
     url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
     hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
   };
   mastodonNekoverseOverlay = final: prev: {
     mastodon = (prev.mastodon.override rec {
-      version = "4.3.1";
+      version = "4.3.2";
       srcOverride = final.applyPatches {
         src = pkgs.stdenv.mkDerivation {
           name = "mastodonWithThemes";
           src = pkgs.fetchgit {
             url = "https://github.com/mastodon/mastodon.git";
             rev = "v${version}";
-            sha256 = "sha256-JlpQGyVPTLcB3RcWMBrmYc1AAUT1JLfS4IDas9ZoWh4=";
+            sha256 = "sha256-A1sSUBtlztKFsZ3TY/c9CXFV8LhttRW2JmSU0QSVOIg=";
           };
           installPhase = ''
             cp -r ./ $out/
             cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/
+            echo "@import 'mastodon/variables';
+            @import 'application';" >> $out/app/javascript/styles/modern-dark.scss
+            cat ${mastodonModern}/modern.css >> $out/app/javascript/styles/modern-dark.scss
             echo "tangerineui: styles/tangerineui.scss
             tangerineui-purple: styles/tangerineui-purple.scss
             tangerineui-cherry: styles/tangerineui-cherry.scss
-            tangerineui-lagoon: styles/tangerineui-lagoon.scss" >> $out/config/themes.yml
+            tangerineui-lagoon: styles/tangerineui-lagoon.scss
+            modern-dark: styles/modern-dark.scss" >> $out/config/themes.yml
           '';
         };
         patches = [

config/hosts/nextcloud/nextcloud.nix

@@ -2,7 +2,7 @@
 {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud29;
+    package = pkgs.nextcloud30;
     hostName = "cloud.nekover.se";
     https = true;
     config = {

config/hosts/torrent/configuration.nix

@@ -25,5 +25,5 @@
     };
   };
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.11";
 }

config/hosts/torrent/jackett.nix

@@ -1,8 +1,8 @@
-{ nixpkgs-unstable, ... }:
+{ nixpkgs-master, ... }:
 {
   services.jackett = {
     enable = true;
-    # use package from unstable to work around faulty test in older jackett version
-    package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
+    # use package from master to work around faulty test in older jackett version
+    package = nixpkgs-master.legacyPackages."x86_64-linux".jackett;
   };
 }

config/hosts/torrent/sonarr.nix

@@ -1,5 +1,17 @@
 { ... }:
 {
+  # The sonarr package is dependend on .NET 6 which is marked as insecure.
+  # It doesn't seem to build with the later .NET versions.
+  # In the meantime allow the installation of these insecure packages since sonarr is only reachable locally.
+  nixpkgs.config = {
+    permittedInsecurePackages = [
+      "aspnetcore-runtime-wrapped-6.0.36"
+      "aspnetcore-runtime-6.0.36"
+      "dotnet-sdk-wrapped-6.0.428"
+      "dotnet-sdk-6.0.428"
+    ];
+  };
+
   services.sonarr = {
     enable = true;
     user = "torrent";

config/hosts/web-public-2/nginx.nix

@@ -20,6 +20,7 @@
           birdsite.nekover.se 10.202.41.107:8443;
           cloud.nekover.se 10.202.41.122:8443;
           element.nekover.se 127.0.0.1:8443;
+          fi.nekover.se 10.202.41.125:8443;
           gameserver.grzb.de 127.0.0.1:8443;
           git.grzb.de 127.0.0.1:8443;
           git.nekover.se 10.202.41.106:8443;

config/hosts/web-public-2/virtualHosts/acme-challenge.nix

@@ -7,6 +7,7 @@ let
     "netbox.grzb.de" = "netbox.vs.grzb.de";
     "git.nekover.se" = "forgejo.vs.grzb.de";
     "grafana.grzb.de" = "metrics.vs.grzb.de";
+    "fi.nekover.se" = "ikiwiki.vs.grzb.de";
     "jackett.grzb.de" = "torrent.vs.grzb.de";
     "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";
     "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de";

config/nixos-generators/default.nix

@@ -10,5 +10,5 @@
     firewall.enable = true;
   };
 
-  system.stateVersion = "23.05";
+  system.stateVersion = "24.11";
 }

flake.lock

@@ -34,11 +34,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1731805462,
-        "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
+        "lastModified": 1734829460,
+        "narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
+        "rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732151224,
-        "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=",
+        "lastModified": 1734915500,
+        "narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c",
+        "rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4",
         "type": "github"
       },
       "original": {
@@ -70,16 +70,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731842749,
-        "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
+        "lastModified": 1736167739,
+        "narHash": "sha256-vL6dGj+0w+l1cK4duEokolgmx4Hu3O1TPjpD6Dfd7oY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
+        "rev": "bd27be8c9381a66288504d5266db495de571d7bf",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.05-small",
+        "ref": "nixos-24.11-small",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -101,11 +101,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1732154639,
-        "narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=",
+        "lastModified": 1736204625,
+        "narHash": "sha256-y1OxajWQrxP7naHYPoUCrf4AAhEqOGwpNbj+qBXSn5s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d",
+        "rev": "6199c32fe66a688ce7c3483de2b05b358ab7a0a6",
         "type": "github"
       },
       "original": {
@@ -117,11 +117,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1732136765,
-        "narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=",
+        "lastModified": 1736165148,
+        "narHash": "sha256-AdKOlljgcTLOrJb3HFpaaoHWJhFrkVeT9HbRm0JvcwE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2",
+        "rev": "9f46f57b78d2ef865cd8c58eff8d430bb62a471a",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1718084203,
-        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
+        "lastModified": 1734885828,
+        "narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
+        "rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
         "type": "gitlab"
       },
       "original": {

flake.nix

@@ -1,6 +1,6 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
     nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     nixos-generators = {
@@ -31,7 +31,7 @@
           inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
 
           # Provide environment for secret key command
-          keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
+          keyCommandEnv = [ "env" "GNUPGHOME=/home/fi/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/fi/pass/infra" ];
         };
       };
     } // builtins.mapAttrs (helper.generateColmenaHost) hosts;

hosts.nix

@@ -30,6 +30,10 @@ in
       site = "vs";
       environment = "proxmox";
     };
+    ikiwiki = {
+      site = "vs";
+      environment = "proxmox";
+    };
     iperf = {
       site = "vs";
       environment = "proxmox";
@@ -78,10 +82,6 @@ in
       site = "vs";
       environment = "proxmox";
     };
-    nitter = {
-      site = "vs";
-      environment = "proxmox";
-    };
     coturn = {
       site = "vs";
       environment = "proxmox";
@@ -92,6 +92,7 @@ in
       environment = "proxmox";
     };
     torrent = {
+      hostNixpkgs = nixpkgs-unstable;
       site = "vs";
       environment = "proxmox";
     };