From 0bcabe1c4b1dd74af233674dfa6c6ec3011ce2c0 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Tue, 18 Jan 2022 09:43:24 +0100
Subject: restructuring directories

---
 abbenay/configuration.nix                   |  58 +++++++++
 abbenay/hardware-configuration.nix          |  35 ++++++
 assets/ilztal.live/geolocation/index.html   | 179 ---------------------------
 assets/ilztal.live/geolocation/mapview.html |  94 ---------------
 assets/ilztal.live/geolocation/view.html    |  77 ------------
 chaski/configuration.nix                    |  48 ++++++++
 chaski/hardware-configuration.nix           |  23 ++++
 chaski/ilztal.live/geolocation/index.html   | 179 +++++++++++++++++++++++++++
 chaski/ilztal.live/geolocation/mapview.html |  94 +++++++++++++++
 chaski/ilztal.live/geolocation/view.html    |  77 ++++++++++++
 chaski/services/VaaS/.gitignore             |   1 +
 chaski/services/VaaS/CHANGELOG.md           |   5 +
 chaski/services/VaaS/app/Main.hs            |  58 +++++++++
 chaski/services/VaaS/default.nix            |  30 +++++
 chaski/services/VaaS/haskell.cabal          |  35 ++++++
 chaski/services/VaaS/index.html             |  46 +++++++
 chaski/services/geolocation.nix             |   6 +
 chaski/services/gtfs.nix                    |  38 ++++++
 chaski/services/jitsi.nix                   |  59 +++++++++
 chaski/services/uplcg.nix                   |  23 ++++
 chaski/services/woitb.nix                   |  32 +++++
 chaski/services/woitb/index.html            | 124 +++++++++++++++++++
 chaski/services/woitb/info.html             | 180 ++++++++++++++++++++++++++++
 cyberbox/configuration.nix                  |  59 +++++++++
 cyberbox/hardware-configuration.nix         |  31 +++++
 flake.nix                                   |   8 +-
 flora/configuration.nix                     |  72 +++++++++++
 flora/hardware-configuration.nix            |  25 ++++
 flora/services/blog.nix                     |   9 ++
 flora/services/cgit.nix                     |  94 +++++++++++++++
 flora/services/daemoniones.nix              |  34 ++++++
 flora/services/dockerhub.nix                |  23 ++++
 flora/services/hedgedoc.nix                 |  77 ++++++++++++
 flora/services/nginx.nix                    |  17 +++
 flora/services/picarones.nix                |  26 ++++
 flora/services/pleroma.nix                  | 178 +++++++++++++++++++++++++++
 flora/services/surveys.nix                  |  23 ++++
 hosts/abbenay/configuration.nix             |  58 ---------
 hosts/abbenay/hardware-configuration.nix    |  35 ------
 hosts/chaski/configuration.nix              |  50 --------
 hosts/chaski/hardware-configuration.nix     |  23 ----
 hosts/chaski/services/VaaS/.gitignore       |   1 -
 hosts/chaski/services/VaaS/CHANGELOG.md     |   5 -
 hosts/chaski/services/VaaS/app/Main.hs      |  58 ---------
 hosts/chaski/services/VaaS/default.nix      |  30 -----
 hosts/chaski/services/VaaS/haskell.cabal    |  35 ------
 hosts/chaski/services/VaaS/index.html       |  46 -------
 hosts/chaski/services/exneuland.nix         |  58 ---------
 hosts/chaski/services/geolocation.nix       |   6 -
 hosts/chaski/services/gtfs.nix              |  38 ------
 hosts/chaski/services/jitsi.nix             |  59 ---------
 hosts/chaski/services/uplcg.nix             |  23 ----
 hosts/chaski/services/woitb.nix             |  32 -----
 hosts/chaski/services/woitb/index.html      | 124 -------------------
 hosts/chaski/services/woitb/info.html       | 180 ----------------------------
 hosts/chaski/services/workadventure.nix     |  93 --------------
 hosts/cyberbox/configuration.nix            |  59 ---------
 hosts/cyberbox/hardware-configuration.nix   |  31 -----
 hosts/flora/configuration.nix               |  72 -----------
 hosts/flora/hardware-configuration.nix      |  25 ----
 hosts/flora/services/blog.nix               |   9 --
 hosts/flora/services/cgit.nix               |  94 ---------------
 hosts/flora/services/daemoniones.nix        |  34 ------
 hosts/flora/services/dockerhub.nix          |  23 ----
 hosts/flora/services/hedgedoc.nix           |  77 ------------
 hosts/flora/services/nginx.nix              |  17 ---
 hosts/flora/services/picarones.nix          |  26 ----
 hosts/flora/services/pleroma.nix            | 178 ---------------------------
 hosts/flora/services/surveys.nix            |  23 ----
 pkgs/default.nix                            |  17 ---
 pkgs/exneuland.nix                          |  32 -----
 71 files changed, 1823 insertions(+), 2025 deletions(-)
 create mode 100644 abbenay/configuration.nix
 create mode 100644 abbenay/hardware-configuration.nix
 delete mode 100644 assets/ilztal.live/geolocation/index.html
 delete mode 100644 assets/ilztal.live/geolocation/mapview.html
 delete mode 100644 assets/ilztal.live/geolocation/view.html
 create mode 100644 chaski/configuration.nix
 create mode 100644 chaski/hardware-configuration.nix
 create mode 100644 chaski/ilztal.live/geolocation/index.html
 create mode 100644 chaski/ilztal.live/geolocation/mapview.html
 create mode 100644 chaski/ilztal.live/geolocation/view.html
 create mode 100644 chaski/services/VaaS/.gitignore
 create mode 100644 chaski/services/VaaS/CHANGELOG.md
 create mode 100644 chaski/services/VaaS/app/Main.hs
 create mode 100644 chaski/services/VaaS/default.nix
 create mode 100644 chaski/services/VaaS/haskell.cabal
 create mode 100644 chaski/services/VaaS/index.html
 create mode 100644 chaski/services/geolocation.nix
 create mode 100644 chaski/services/gtfs.nix
 create mode 100644 chaski/services/jitsi.nix
 create mode 100644 chaski/services/uplcg.nix
 create mode 100644 chaski/services/woitb.nix
 create mode 100644 chaski/services/woitb/index.html
 create mode 100644 chaski/services/woitb/info.html
 create mode 100644 cyberbox/configuration.nix
 create mode 100644 cyberbox/hardware-configuration.nix
 create mode 100644 flora/configuration.nix
 create mode 100644 flora/hardware-configuration.nix
 create mode 100644 flora/services/blog.nix
 create mode 100644 flora/services/cgit.nix
 create mode 100644 flora/services/daemoniones.nix
 create mode 100644 flora/services/dockerhub.nix
 create mode 100644 flora/services/hedgedoc.nix
 create mode 100644 flora/services/nginx.nix
 create mode 100644 flora/services/picarones.nix
 create mode 100644 flora/services/pleroma.nix
 create mode 100644 flora/services/surveys.nix
 delete mode 100644 hosts/abbenay/configuration.nix
 delete mode 100644 hosts/abbenay/hardware-configuration.nix
 delete mode 100644 hosts/chaski/configuration.nix
 delete mode 100644 hosts/chaski/hardware-configuration.nix
 delete mode 100644 hosts/chaski/services/VaaS/.gitignore
 delete mode 100644 hosts/chaski/services/VaaS/CHANGELOG.md
 delete mode 100644 hosts/chaski/services/VaaS/app/Main.hs
 delete mode 100644 hosts/chaski/services/VaaS/default.nix
 delete mode 100644 hosts/chaski/services/VaaS/haskell.cabal
 delete mode 100644 hosts/chaski/services/VaaS/index.html
 delete mode 100644 hosts/chaski/services/exneuland.nix
 delete mode 100644 hosts/chaski/services/geolocation.nix
 delete mode 100644 hosts/chaski/services/gtfs.nix
 delete mode 100644 hosts/chaski/services/jitsi.nix
 delete mode 100644 hosts/chaski/services/uplcg.nix
 delete mode 100644 hosts/chaski/services/woitb.nix
 delete mode 100644 hosts/chaski/services/woitb/index.html
 delete mode 100644 hosts/chaski/services/woitb/info.html
 delete mode 100644 hosts/chaski/services/workadventure.nix
 delete mode 100644 hosts/cyberbox/configuration.nix
 delete mode 100644 hosts/cyberbox/hardware-configuration.nix
 delete mode 100644 hosts/flora/configuration.nix
 delete mode 100644 hosts/flora/hardware-configuration.nix
 delete mode 100644 hosts/flora/services/blog.nix
 delete mode 100644 hosts/flora/services/cgit.nix
 delete mode 100644 hosts/flora/services/daemoniones.nix
 delete mode 100644 hosts/flora/services/dockerhub.nix
 delete mode 100644 hosts/flora/services/hedgedoc.nix
 delete mode 100644 hosts/flora/services/nginx.nix
 delete mode 100644 hosts/flora/services/picarones.nix
 delete mode 100644 hosts/flora/services/pleroma.nix
 delete mode 100644 hosts/flora/services/surveys.nix
 delete mode 100644 pkgs/default.nix
 delete mode 100644 pkgs/exneuland.nix

diff --git a/abbenay/configuration.nix b/abbenay/configuration.nix
new file mode 100644
index 0000000..2aabaa7
--- /dev/null
+++ b/abbenay/configuration.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  services.flatpak.enable = true;
+  services.avahi.enable = true;
+  services.avahi.nssmdns = true;
+
+  services.xserver = {
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+  services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false;
+
+  environment.systemPackages = with pkgs; [
+    gnome3.gnome-tweaks
+    flatpak flatpak-builder
+    # for mounting samba
+    cifs-utils
+  ];
+
+  networking = {
+    hostName = "matthias-nix";
+
+    useDHCP = false;
+    interfaces.enp3s0.useDHCP = true;
+    # networkmanager shouldn't handle nixos container
+    networkmanager.unmanaged = [ "interface-name:ve-*" ];
+  };
+  # nixos containers should have internet access
+  networking.nat = {
+    enable = true;
+    internalInterfaces = ["ve-+"];
+    externalInterface = "eth0";
+  };
+
+  boot = {
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+    kernelModules = [ "v4l2loopback" ];
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.03"; # Did you read the comment?
+
+}
diff --git a/abbenay/hardware-configuration.nix b/abbenay/hardware-configuration.nix
new file mode 100644
index 0000000..876431d
--- /dev/null
+++ b/abbenay/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ba8853b3-6e52-49d6-a250-6d99b8dfe6d6";
+      fsType = "ext4";
+    };
+  fileSystems."/home" = 
+    { device = "/dev/disk/by-label/nix-space";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0F28-FE85";
+      fsType = "vfat";
+    };
+
+  swapDevices = [
+      { device = "/dev/disk/by-uuid/6e9fddfc-99d2-46d2-bcb4-d8c5e1c19d38"; }
+    ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/assets/ilztal.live/geolocation/index.html b/assets/ilztal.live/geolocation/index.html
deleted file mode 100644
index 052a9fa..0000000
--- a/assets/ilztal.live/geolocation/index.html
+++ /dev/null
@@ -1,179 +0,0 @@
-<!doctype html>
-<html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>geolocation tracker test</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <button id = "initialise">Start Tracking</button><br/>
-        <p id = "status"></p>
-        <a id = "map-link" target="_blank"></a>
-
-        <p>
-            Latitude: <span id="latitude"></span><br>
-            Longitude: <span id="longitude"></span><br>
-            Altitude: <span id="altitude"></span><br>
-            Accuracy: <span id="accuracy"></span><br>
-            Speed: <span id="speed"></span><br>
-            Angle: <span id="angle"></span><br>
-        </p>
-
-        <input id="note" placeholder="enter note here">
-        <button id="submit-note">Submit</button>
-
-        <p>
-            <button id="download">Download Log</button>
-            <button id="reset">Reset History</button>
-        </p>
-        <p id="error"></p>
-    </body>
-    <script>
-
-     /* TODO:
-     /  - how to push things to rocket? (probably just http post for now …)
-     /  - how to rate-limit new positions (either count dates, or option in geolocation?)
-     /  - how to get closest point on path?
-     */
-
-     let lat = document.getElementById("latitude");
-     let long = document.getElementById("longitude");
-     let speed = document.getElementById("speed");
-     let acc = document.getElementById("accuracy");
-     let angle = document.getElementById("angle");
-     let alt = document.getElementById("altitude");
-
-     let status = document.querySelector('#status');
-     let mapLink = document.querySelector('#map-link');
-
-     function resetDisplay () {
-         lat.innerText = "-";
-         long.innerText = "-";
-         speed.innerText = "-";
-         acc.innerText = "-";
-         angle.innerText = "-";
-         alt.innerText = "-";
-     }
-
-     function init() {
-
-         mapLink.href = '';
-         mapLink.textContent = '';
-
-         resetDisplay();
-
-         if(!navigator.geolocation) {
-             status.textContent = 'Error: Geolocation API is not supported!';
-         } else {
-             status.textContent = 'Initialising …';
-             trackPosition();
-         }
-
-     }
-     var errcount = 1;
-     var geolog = [];
-
-     function trackPosition() {
-         function success(position) {
-             const latitude  = position.coords.latitude;
-             const longitude = position.coords.longitude;
-             errcount = 0;
-
-             status.textContent = '';
-             mapLink.href = `https://www.openstreetmap.org/#map=18/${latitude}/${longitude}`;
-             mapLink.textContent = `Latitude: ${latitude} °, Longitude: ${longitude} °`;
-
-             lat.innerText = position.coords.latitude;
-             long.innerText = position.coords.longitude;
-             alt.innerText = position.coords.altitude;
-             acc.innerText = position.coords.accuracy;
-             speed.innerText = position.coords.speed;
-             angle.innerText = position.coords.heading;
-
-             document.getElementById("error").innerText = JSON.stringify(position.coords);
-
-             let datapoint = {
-                 timestamp: new Date().toISOString(),
-                 data: {
-                     latitude: position.coords.latitude,
-                     longitude: position.coords.longitude,
-                     altitude: position.coords.altitude,
-                     accuracy: position.coords.accuracy,
-                     altitudeAccuracy: position.coords.altitudeAccuracy,
-                     heading: position.coords.heading,
-                     speed: position.coords.speed
-                 }
-             };
-
-             geolog.push(datapoint);
-             fetch(
-                 "https://ilztal.live/geoloc/push",
-                 { method: "POST", body: JSON.stringify(datapoint)}
-             ).then(() => console.log("pushed position"))
-              .catch(e => console.log("some error: ", e))
-         }
-
-         function error() {
-             status.textContent = "("+errcount+") Error: Getting Location failed, retrying …";
-             resetDisplay();
-             errcount += 1;
-             setTimeout(trackPosition, 3000);
-         }
-
-         navigator.geolocation.watchPosition(success, error);
-     }
-
-     function downloadHistory () {
-         let json = JSON.stringify(geolog);
-         let a = document.createElement("a");
-         console.log("attempting download!", geolog);
-         a.setAttribute("href", "data:text/plain;charset=utf-8," + encodeURIComponent(json));
-         a.setAttribute("download","history.json");
-         document.body.appendChild(a);
-         a.click();
-         document.body.removeChild(a);
-     }
-
-     document.getElementById("initialise").addEventListener('click', init);
-
-     document.getElementById("submit-note").onclick = (a) => {
-         let input = document.getElementById("note");
-         let text = input.value;
-         console.log("submitting note:", text);
-         geolog.push(text);
-         fetch("https://ilztal.live/geoloc/push",
-               {method:"POST", body: JSON.stringify({
-                   //ty: "note",
-                   timestamp: new Date().toISOString(),
-                   data: text
-               })}
-         ).then(() => input.value = "")
-          .catch(e => {
-              document.getElementById("error").innerText = "error:" + e;
-              console.log("error occurred");
-          });
-     };
-
-     document.getElementById("download").onclick = (a) => downloadHistory();
-
-     document.getElementById("reset").onclick = (a) => geolog = [];
-
-    </script>
-
-
-    </body>
-</html>
diff --git a/assets/ilztal.live/geolocation/mapview.html b/assets/ilztal.live/geolocation/mapview.html
deleted file mode 100644
index bb62f62..0000000
--- a/assets/ilztal.live/geolocation/mapview.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<!doctype html>
-<html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Position view</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-
-        <link rel="stylesheet" href="https://unpkg.com/leaflet@1.5.1/dist/leaflet.css"
-              integrity="sha512-xwE/Az9zrjBIphAcBb3F6JVqxf46+CDLwfLMHloNu6KEQCAWi6HcDUbeOfBIptF7tcCzusKFjFw2yuvEpDL9wQ=="
-              crossorigin=""/>
-        <script src="https://unpkg.com/leaflet@1.5.1/dist/leaflet.js"
-                integrity="sha512-GffPMF3RvMeYyc1LWMHtK8EbPv0iNZ8/oTtHPx9/cc2ILxQ+u905qIwdpULaqDkyBKgOaB57QTMg7ztg8Jm2Og=="
-                crossorigin=""></script>
-
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <div align="justify">
-          <div id="MapID2" style="height:100vh; margin-left: auto; margin-right:auto; width:80%"></div>
-        </div>
-        <script>
-         var mymap = L.map('MapID2');
-         L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA', {
-             attribution: 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, <a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, Imagery © <a href="https://www.mapbox.com/">Mapbox</a>',
-             maxZoom: 18,
-             id: 'mapbox/streets-v11',
-             accessToken: 'pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA'
-         }).addTo(mymap);
-         var marker = L.marker([0,0]).addTo(mymap);
-         marker.bindPopup("Hello Train!");
-
-         mymap.setView([0,0], 16);
-         function updateMap(pos) {
-             if (pos === null) {
-                 console.log("no data yet?");
-                 return;
-             }
-             mymap.setView(pos);
-             mymap.scrollWheelZoom.disable();
-             marker.setLatLng(pos);
-         }
-         updateMap([48.13716,11.57540]);
-
-         function fetchUpdate () {
-             fetch("https://ilztal.live/geoloc/history")
-                 .then((data) => {
-                     let text = data.text().then(text => {
-                         let hist = JSON.parse(text);
-                         console.log(hist)
-
-                         let latlngs = hist.filter(e => e.data.latitude !== undefined).map((e) => [e.data.latitude, e.data.longitude]);
-
-                         console.log(latlngs);
-                         let polyline = L.polyline(latlngs, {color: "red"}).addTo(mymap);
-
-                         mymap.fitBounds(polyline.getBounds())
-
-                         for (idx in hist) {
-                             if (hist[idx].data.latitude === undefined) {
-                                 console.log(hist[idx].data, idx, 1+parseInt(idx))
-                                 let nidx = 1+parseInt(idx);
-                                 if (hist[nidx] !== undefined && hist[nidx].data.latitude !== undefined) {
-                                     let marker = L.marker([hist[nidx].data.latitude, hist[nidx].data.longitude])
-                                                   .addTo(mymap);
-                                     marker.bindPopup(hist[idx].data);
-                                 }
-                             }
-                         }
-                     });
-
-                 })
-                 .catch((e) => {
-                     console.log("some error!", e);
-                     setTimeout(fetchUpdate, 3000);
-                 })
-         }
-
-         fetchUpdate()
-        </script>
-
-    </body>
-</html>
diff --git a/assets/ilztal.live/geolocation/view.html b/assets/ilztal.live/geolocation/view.html
deleted file mode 100644
index 58b4c76..0000000
--- a/assets/ilztal.live/geolocation/view.html
+++ /dev/null
@@ -1,77 +0,0 @@
-<!doctype html>
-<html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Position view</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-
-        <link rel="stylesheet" href="https://unpkg.com/leaflet@1.5.1/dist/leaflet.css"
-              integrity="sha512-xwE/Az9zrjBIphAcBb3F6JVqxf46+CDLwfLMHloNu6KEQCAWi6HcDUbeOfBIptF7tcCzusKFjFw2yuvEpDL9wQ=="
-              crossorigin=""/>
-        <script src="https://unpkg.com/leaflet@1.5.1/dist/leaflet.js"
-                integrity="sha512-GffPMF3RvMeYyc1LWMHtK8EbPv0iNZ8/oTtHPx9/cc2ILxQ+u905qIwdpULaqDkyBKgOaB57QTMg7ztg8Jm2Og=="
-                crossorigin=""></script>
-
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <div align="justify">
-          <div id="MapID2" style="height:60vh; margin-left: auto; margin-right:auto; width:80%"></div>
-        </div>
-        <script>
-         var mymap = L.map('MapID2');
-         L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA', {
-             attribution: 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, <a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, Imagery © <a href="https://www.mapbox.com/">Mapbox</a>',
-             maxZoom: 18,
-             id: 'mapbox/streets-v11',
-             accessToken: 'pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA'
-         }).addTo(mymap);
-         var marker = L.marker([0,0]).addTo(mymap);
-         marker.bindPopup("Hello Train!");
-
-         mymap.setView([0,0], 16);
-         function updateMap(pos) {
-             if (pos === null) {
-                 console.log("no data yet?");
-                 return;
-             }
-             mymap.setView(pos);
-             mymap.scrollWheelZoom.disable();
-             marker.setLatLng(pos);
-         }
-         updateMap([48.13716,11.57540]);
-
-         function fetchUpdate () {
-             fetch("https://ilztal.live/geoloc/current")
-                 .then((data) => {
-                     let text = data.text().then(text => {
-                         let pos = JSON.parse(text);
-                         console.log(pos)
-                         updateMap(pos.pos);
-                     });
-
-                     setTimeout(fetchUpdate, 3000);
-                 })
-                 .catch((e) => {
-                     console.log("some error!", e);
-                     setTimeout(fetchUpdate, 3000);
-                 })
-         }
-
-         fetchUpdate()
-        </script>
-
-    </body>
-</html>
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
new file mode 100644
index 0000000..fa51fdf
--- /dev/null
+++ b/chaski/configuration.nix
@@ -0,0 +1,48 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      # ./services/jitsi.nix
+      ./services/uplcg.nix
+      ./services/woitb.nix
+      ./services/geolocation.nix
+      ./services/gtfs.nix
+    ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx.appendHttpConfig = ''
+     access_log off;
+     add_header Permissions-Policy "interest-cohort=()";
+  '';
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+
+  networking.hostName = "chaski"; # Define your hostname.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.ens10.useDHCP = true;
+  networking.interfaces.ens3.useDHCP = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+}
diff --git a/chaski/hardware-configuration.nix b/chaski/hardware-configuration.nix
new file mode 100644
index 0000000..54fbcba
--- /dev/null
+++ b/chaski/hardware-configuration.nix
@@ -0,0 +1,23 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5beea4aa-5ea3-4518-9b7d-97f289be92ea";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+}
diff --git a/chaski/ilztal.live/geolocation/index.html b/chaski/ilztal.live/geolocation/index.html
new file mode 100644
index 0000000..052a9fa
--- /dev/null
+++ b/chaski/ilztal.live/geolocation/index.html
@@ -0,0 +1,179 @@
+<!doctype html>
+<html class="no-js" lang="">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>geolocation tracker test</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <button id = "initialise">Start Tracking</button><br/>
+        <p id = "status"></p>
+        <a id = "map-link" target="_blank"></a>
+
+        <p>
+            Latitude: <span id="latitude"></span><br>
+            Longitude: <span id="longitude"></span><br>
+            Altitude: <span id="altitude"></span><br>
+            Accuracy: <span id="accuracy"></span><br>
+            Speed: <span id="speed"></span><br>
+            Angle: <span id="angle"></span><br>
+        </p>
+
+        <input id="note" placeholder="enter note here">
+        <button id="submit-note">Submit</button>
+
+        <p>
+            <button id="download">Download Log</button>
+            <button id="reset">Reset History</button>
+        </p>
+        <p id="error"></p>
+    </body>
+    <script>
+
+     /* TODO:
+     /  - how to push things to rocket? (probably just http post for now …)
+     /  - how to rate-limit new positions (either count dates, or option in geolocation?)
+     /  - how to get closest point on path?
+     */
+
+     let lat = document.getElementById("latitude");
+     let long = document.getElementById("longitude");
+     let speed = document.getElementById("speed");
+     let acc = document.getElementById("accuracy");
+     let angle = document.getElementById("angle");
+     let alt = document.getElementById("altitude");
+
+     let status = document.querySelector('#status');
+     let mapLink = document.querySelector('#map-link');
+
+     function resetDisplay () {
+         lat.innerText = "-";
+         long.innerText = "-";
+         speed.innerText = "-";
+         acc.innerText = "-";
+         angle.innerText = "-";
+         alt.innerText = "-";
+     }
+
+     function init() {
+
+         mapLink.href = '';
+         mapLink.textContent = '';
+
+         resetDisplay();
+
+         if(!navigator.geolocation) {
+             status.textContent = 'Error: Geolocation API is not supported!';
+         } else {
+             status.textContent = 'Initialising …';
+             trackPosition();
+         }
+
+     }
+     var errcount = 1;
+     var geolog = [];
+
+     function trackPosition() {
+         function success(position) {
+             const latitude  = position.coords.latitude;
+             const longitude = position.coords.longitude;
+             errcount = 0;
+
+             status.textContent = '';
+             mapLink.href = `https://www.openstreetmap.org/#map=18/${latitude}/${longitude}`;
+             mapLink.textContent = `Latitude: ${latitude} °, Longitude: ${longitude} °`;
+
+             lat.innerText = position.coords.latitude;
+             long.innerText = position.coords.longitude;
+             alt.innerText = position.coords.altitude;
+             acc.innerText = position.coords.accuracy;
+             speed.innerText = position.coords.speed;
+             angle.innerText = position.coords.heading;
+
+             document.getElementById("error").innerText = JSON.stringify(position.coords);
+
+             let datapoint = {
+                 timestamp: new Date().toISOString(),
+                 data: {
+                     latitude: position.coords.latitude,
+                     longitude: position.coords.longitude,
+                     altitude: position.coords.altitude,
+                     accuracy: position.coords.accuracy,
+                     altitudeAccuracy: position.coords.altitudeAccuracy,
+                     heading: position.coords.heading,
+                     speed: position.coords.speed
+                 }
+             };
+
+             geolog.push(datapoint);
+             fetch(
+                 "https://ilztal.live/geoloc/push",
+                 { method: "POST", body: JSON.stringify(datapoint)}
+             ).then(() => console.log("pushed position"))
+              .catch(e => console.log("some error: ", e))
+         }
+
+         function error() {
+             status.textContent = "("+errcount+") Error: Getting Location failed, retrying …";
+             resetDisplay();
+             errcount += 1;
+             setTimeout(trackPosition, 3000);
+         }
+
+         navigator.geolocation.watchPosition(success, error);
+     }
+
+     function downloadHistory () {
+         let json = JSON.stringify(geolog);
+         let a = document.createElement("a");
+         console.log("attempting download!", geolog);
+         a.setAttribute("href", "data:text/plain;charset=utf-8," + encodeURIComponent(json));
+         a.setAttribute("download","history.json");
+         document.body.appendChild(a);
+         a.click();
+         document.body.removeChild(a);
+     }
+
+     document.getElementById("initialise").addEventListener('click', init);
+
+     document.getElementById("submit-note").onclick = (a) => {
+         let input = document.getElementById("note");
+         let text = input.value;
+         console.log("submitting note:", text);
+         geolog.push(text);
+         fetch("https://ilztal.live/geoloc/push",
+               {method:"POST", body: JSON.stringify({
+                   //ty: "note",
+                   timestamp: new Date().toISOString(),
+                   data: text
+               })}
+         ).then(() => input.value = "")
+          .catch(e => {
+              document.getElementById("error").innerText = "error:" + e;
+              console.log("error occurred");
+          });
+     };
+
+     document.getElementById("download").onclick = (a) => downloadHistory();
+
+     document.getElementById("reset").onclick = (a) => geolog = [];
+
+    </script>
+
+
+    </body>
+</html>
diff --git a/chaski/ilztal.live/geolocation/mapview.html b/chaski/ilztal.live/geolocation/mapview.html
new file mode 100644
index 0000000..bb62f62
--- /dev/null
+++ b/chaski/ilztal.live/geolocation/mapview.html
@@ -0,0 +1,94 @@
+<!doctype html>
+<html class="no-js" lang="">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>Position view</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+
+        <link rel="stylesheet" href="https://unpkg.com/leaflet@1.5.1/dist/leaflet.css"
+              integrity="sha512-xwE/Az9zrjBIphAcBb3F6JVqxf46+CDLwfLMHloNu6KEQCAWi6HcDUbeOfBIptF7tcCzusKFjFw2yuvEpDL9wQ=="
+              crossorigin=""/>
+        <script src="https://unpkg.com/leaflet@1.5.1/dist/leaflet.js"
+                integrity="sha512-GffPMF3RvMeYyc1LWMHtK8EbPv0iNZ8/oTtHPx9/cc2ILxQ+u905qIwdpULaqDkyBKgOaB57QTMg7ztg8Jm2Og=="
+                crossorigin=""></script>
+
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <div align="justify">
+          <div id="MapID2" style="height:100vh; margin-left: auto; margin-right:auto; width:80%"></div>
+        </div>
+        <script>
+         var mymap = L.map('MapID2');
+         L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA', {
+             attribution: 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, <a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, Imagery © <a href="https://www.mapbox.com/">Mapbox</a>',
+             maxZoom: 18,
+             id: 'mapbox/streets-v11',
+             accessToken: 'pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA'
+         }).addTo(mymap);
+         var marker = L.marker([0,0]).addTo(mymap);
+         marker.bindPopup("Hello Train!");
+
+         mymap.setView([0,0], 16);
+         function updateMap(pos) {
+             if (pos === null) {
+                 console.log("no data yet?");
+                 return;
+             }
+             mymap.setView(pos);
+             mymap.scrollWheelZoom.disable();
+             marker.setLatLng(pos);
+         }
+         updateMap([48.13716,11.57540]);
+
+         function fetchUpdate () {
+             fetch("https://ilztal.live/geoloc/history")
+                 .then((data) => {
+                     let text = data.text().then(text => {
+                         let hist = JSON.parse(text);
+                         console.log(hist)
+
+                         let latlngs = hist.filter(e => e.data.latitude !== undefined).map((e) => [e.data.latitude, e.data.longitude]);
+
+                         console.log(latlngs);
+                         let polyline = L.polyline(latlngs, {color: "red"}).addTo(mymap);
+
+                         mymap.fitBounds(polyline.getBounds())
+
+                         for (idx in hist) {
+                             if (hist[idx].data.latitude === undefined) {
+                                 console.log(hist[idx].data, idx, 1+parseInt(idx))
+                                 let nidx = 1+parseInt(idx);
+                                 if (hist[nidx] !== undefined && hist[nidx].data.latitude !== undefined) {
+                                     let marker = L.marker([hist[nidx].data.latitude, hist[nidx].data.longitude])
+                                                   .addTo(mymap);
+                                     marker.bindPopup(hist[idx].data);
+                                 }
+                             }
+                         }
+                     });
+
+                 })
+                 .catch((e) => {
+                     console.log("some error!", e);
+                     setTimeout(fetchUpdate, 3000);
+                 })
+         }
+
+         fetchUpdate()
+        </script>
+
+    </body>
+</html>
diff --git a/chaski/ilztal.live/geolocation/view.html b/chaski/ilztal.live/geolocation/view.html
new file mode 100644
index 0000000..58b4c76
--- /dev/null
+++ b/chaski/ilztal.live/geolocation/view.html
@@ -0,0 +1,77 @@
+<!doctype html>
+<html class="no-js" lang="">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>Position view</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+
+        <link rel="stylesheet" href="https://unpkg.com/leaflet@1.5.1/dist/leaflet.css"
+              integrity="sha512-xwE/Az9zrjBIphAcBb3F6JVqxf46+CDLwfLMHloNu6KEQCAWi6HcDUbeOfBIptF7tcCzusKFjFw2yuvEpDL9wQ=="
+              crossorigin=""/>
+        <script src="https://unpkg.com/leaflet@1.5.1/dist/leaflet.js"
+                integrity="sha512-GffPMF3RvMeYyc1LWMHtK8EbPv0iNZ8/oTtHPx9/cc2ILxQ+u905qIwdpULaqDkyBKgOaB57QTMg7ztg8Jm2Og=="
+                crossorigin=""></script>
+
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <div align="justify">
+          <div id="MapID2" style="height:60vh; margin-left: auto; margin-right:auto; width:80%"></div>
+        </div>
+        <script>
+         var mymap = L.map('MapID2');
+         L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA', {
+             attribution: 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, <a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, Imagery © <a href="https://www.mapbox.com/">Mapbox</a>',
+             maxZoom: 18,
+             id: 'mapbox/streets-v11',
+             accessToken: 'pk.eyJ1IjoiZmVsaXg4MTgyOTMiLCJhIjoiY2p6a2h6cjdyMGpicjNvbzlzZ3UwNmloMCJ9.a4t1KM9Gid-q29ultM7HgA'
+         }).addTo(mymap);
+         var marker = L.marker([0,0]).addTo(mymap);
+         marker.bindPopup("Hello Train!");
+
+         mymap.setView([0,0], 16);
+         function updateMap(pos) {
+             if (pos === null) {
+                 console.log("no data yet?");
+                 return;
+             }
+             mymap.setView(pos);
+             mymap.scrollWheelZoom.disable();
+             marker.setLatLng(pos);
+         }
+         updateMap([48.13716,11.57540]);
+
+         function fetchUpdate () {
+             fetch("https://ilztal.live/geoloc/current")
+                 .then((data) => {
+                     let text = data.text().then(text => {
+                         let pos = JSON.parse(text);
+                         console.log(pos)
+                         updateMap(pos.pos);
+                     });
+
+                     setTimeout(fetchUpdate, 3000);
+                 })
+                 .catch((e) => {
+                     console.log("some error!", e);
+                     setTimeout(fetchUpdate, 3000);
+                 })
+         }
+
+         fetchUpdate()
+        </script>
+
+    </body>
+</html>
diff --git a/chaski/services/VaaS/.gitignore b/chaski/services/VaaS/.gitignore
new file mode 100644
index 0000000..b5e3679
--- /dev/null
+++ b/chaski/services/VaaS/.gitignore
@@ -0,0 +1 @@
+dist-newstyle/*
diff --git a/chaski/services/VaaS/CHANGELOG.md b/chaski/services/VaaS/CHANGELOG.md
new file mode 100644
index 0000000..500a0d0
--- /dev/null
+++ b/chaski/services/VaaS/CHANGELOG.md
@@ -0,0 +1,5 @@
+# Revision history for haskell
+
+## 0.1.0.0 -- YYYY-mm-dd
+
+* First version. Released on an unsuspecting world.
diff --git a/chaski/services/VaaS/app/Main.hs b/chaski/services/VaaS/app/Main.hs
new file mode 100644
index 0000000..b5697d7
--- /dev/null
+++ b/chaski/services/VaaS/app/Main.hs
@@ -0,0 +1,58 @@
+{-# LANGUAGE LambdaCase        #-}
+{-# LANGUAGE OverloadedStrings #-}
+
+module Main where
+
+import           Control.Exception        (try)
+import           Control.Exception.Base   (handle)
+import qualified Data.ByteString          as BS
+import           Data.ByteString.Base32
+import qualified Data.ByteString.Char8    as C8
+import qualified Data.ByteString.Lazy     as LB
+import           Data.Maybe               (mapMaybe)
+import           Network.HTTP.Client      (httpLbs, newManager, parseRequest,
+                                           responseBody)
+import           Network.HTTP.Client.TLS
+import           Network.HTTP.Types
+import           Network.Wai
+import           Network.Wai.Handler.Warp (run)
+import qualified System.Environment       as SE
+import           System.Process
+
+simpleResponse = responseLBS status200 [("Content-Type", "text/plain")]
+
+simpleError = responseLBS status400 [("Content-Type", "text/plain")]
+
+serveFile filename = do
+  content <- LB.readFile filename
+  pure $ responseLBS status200 [("Content-Type", "text/html")] content
+
+app :: FilePath -> FilePath -> Application
+app validator index req respond =
+    case requestMethod req of
+      "GET" -> case pathInfo req of
+        [] -> serveFile index >>= respond
+        ["validate"] -> do
+          let gtfsuri = head $ mapMaybe (\case { ("gtfs",a) -> Just a; _ -> Nothing }) $ queryString req
+          putStrLn $ "uri is " <> show gtfsuri
+          case gtfsuri of
+            Just uri -> do
+              man <- newManager tlsManagerSettings
+              request <- parseRequest $ C8.unpack uri
+              gtfs <- httpLbs request man
+              let filename = "/tmp/" <> C8.unpack (encodeBase32' uri) <> ".zip"
+              LB.writeFile filename (responseBody gtfs)
+              readProcessWithExitCode "python" [validator,"-n", filename, "--output", "/tmp/gtfs-validated.html"] ""
+
+              serveFile "/tmp/gtfs-validated.html" >>= respond
+
+            Nothing -> respond $ simpleError "missing gtfs parameter"
+        _ -> respond $ simpleError "unknown path"
+      _ -> respond $ simpleError "invalid reqeust method"
+
+main :: IO ()
+main = do
+  args <- SE.getArgs
+  let validator = head args
+  putStrLn "http://localhost:7000/"
+  run 7000 $ app validator (args!!1)
diff --git a/chaski/services/VaaS/default.nix b/chaski/services/VaaS/default.nix
new file mode 100644
index 0000000..427270c
--- /dev/null
+++ b/chaski/services/VaaS/default.nix
@@ -0,0 +1,30 @@
+{ pkgs, compiler ? "default", doBenchmark ? false }:
+
+let
+
+  inherit pkgs;
+
+  f = { mkDerivation, base, base32, bytestring, http-client
+      , http-client-tls, http-types, lib, process, wai, warp
+      }:
+      mkDerivation {
+        pname = "VaaS";
+        version = "0.1.0.0";
+        src = ./.;
+        isLibrary = false;
+        isExecutable = true;
+        executableHaskellDepends = [
+          base base32 bytestring http-client http-client-tls http-types
+          process wai warp
+        ];
+        license = "unknown";
+        hydraPlatforms = lib.platforms.none;
+      };
+
+  haskellPackages = if compiler == "default"
+                       then pkgs.haskellPackages
+                       else pkgs.haskell.packages.${compiler};
+
+  variant = if doBenchmark then pkgs.haskell.lib.doBenchmark else pkgs.lib.id;
+in
+  variant (haskellPackages.callPackage f {})
diff --git a/chaski/services/VaaS/haskell.cabal b/chaski/services/VaaS/haskell.cabal
new file mode 100644
index 0000000..262b65f
--- /dev/null
+++ b/chaski/services/VaaS/haskell.cabal
@@ -0,0 +1,35 @@
+cabal-version:      2.4
+name:               VaaS
+version:            0.1.0.0
+
+-- A short (one-line) description of the package.
+-- synopsis:
+
+-- A longer description of the package.
+-- description:
+
+-- A URL where users can report bugs.
+-- bug-reports:
+
+-- The license under which the package is released.
+-- license:
+author:             stuebinm
+maintainer:         stuebinm@disroot.org
+
+-- A copyright notice.
+-- copyright:
+-- category:
+extra-source-files: CHANGELOG.md
+
+executable VaaS
+    main-is:          Main.hs
+
+    -- Modules included in this executable, other than Main.
+    -- other-modules:
+
+    -- LANGUAGE extensions used by modules in this package.
+    -- other-extensions:
+    build-depends:    base ^>=4.14.1.0, wai, warp, http-types, bytestring, process,
+                      http-client, http-client-tls, base32
+    hs-source-dirs:   app
+    default-language: Haskell2010
diff --git a/chaski/services/VaaS/index.html b/chaski/services/VaaS/index.html
new file mode 100644
index 0000000..a7f59e0
--- /dev/null
+++ b/chaski/services/VaaS/index.html
@@ -0,0 +1,46 @@
+<!doctype html>
+<html class="no-js" lang="">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>GTFS Validator</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <h1>GTFS Validator</h1>
+        <p>
+            This runs the validator contained in the
+            <a href="https://github.com/google/transitfeed">transitfeed
+                git repository
+            </a>.
+        </p>
+
+        <p>Paste the url to your GTFS zip below</p>
+
+        <input id="url">
+        <button id="submit">Validate</button>
+
+        <script>
+         let submit = document.getElementById("submit");
+         let url = document.getElementById("url");
+
+         submit.onclick = () => {
+             window.location =
+                 "/validate?gtfs=" + url.value
+         }
+        </script>
+    </body>
+</html>
diff --git a/chaski/services/geolocation.nix b/chaski/services/geolocation.nix
new file mode 100644
index 0000000..9fe0973
--- /dev/null
+++ b/chaski/services/geolocation.nix
@@ -0,0 +1,6 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."ilztal.live".locations."/geolocation".root =
+     ../ilztal.live;
+}
diff --git a/chaski/services/gtfs.nix b/chaski/services/gtfs.nix
new file mode 100644
index 0000000..61837a1
--- /dev/null
+++ b/chaski/services/gtfs.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+let
+  vaas = import ./VaaS/default.nix {inherit pkgs; };
+
+  transitfeed = pkgs.fetchFromGitHub {
+    owner = "google";
+    repo = "transitfeed";
+    rev = "d727e97cb66ac2ca2d699a382ea1d449ee26c2a1";
+    sha256 = "0kmcmdja6h7gzvi40c9qfzxh6qwv5184g2rgpqx5rhj4ql9ini3h";
+  };
+
+  index = pkgs.copyPathToStore ./VaaS/index.html;
+in
+{
+  systemd.services.vaas = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    description = "GTFS feed validator as a service";
+    path = [ pkgs.python2 pkgs.python2Packages.pytz pkgs.python2Packages.enum34 ];
+    serviceConfig = {
+      ExecStart = "${vaas}/bin/VaaS ${transitfeed}/feedvalidator.py ${index}";
+      Restart = "always";
+      PrivateTmp = "true";
+      PrivateDevices = "true";
+      ProtectSystem = "strict";
+      ReadWritePaths = [ "/tmp" ];
+    };
+
+  };
+
+  services.nginx.virtualHosts."gtfs.stuebinm.eu" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://localhost:7000";
+  };
+}
diff --git a/chaski/services/jitsi.nix b/chaski/services/jitsi.nix
new file mode 100644
index 0000000..d6f398b
--- /dev/null
+++ b/chaski/services/jitsi.nix
@@ -0,0 +1,59 @@
+{config, pkgs, ...}:
+
+with pkgs.luaPackages;
+with pkgs;
+let extraLua = import ../../../../playground/jitsi/test.nix;
+in
+
+{
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "jitsi.stuebinm.eu";
+    config = {
+      enableWelcomePage = true;
+      prejoinPageEnabled = true;
+    };
+    interfaceConfig = {
+      SHOW_JITSI_WATERMARK = false;
+      SHOW_WATERMARK_FOR_GUESTS = false;
+    };
+  };
+  services.jitsi-videobridge.openFirewall = true;
+
+  services.nginx.virtualHosts."api.jitsi.stuebinm.eu" = {
+    locations."/room-size" = {
+      proxyPass = pkgs.lib.mkForce
+        "http://jitsi.stuebinm.eu:5280/room-size?$args&domain=jitsi.stuebinm.eu";
+
+      extraConfig = ''
+        add_header Access-Control-Allow-Origin *;
+      '';
+    };
+    locations."/room-list" = {
+      proxyPass = "http://jitsi.stuebinm.eu:5280/room-list?domain=jitsi.stuebinm.eu";
+      extraConfig = ''
+        add_header Access-Control-Allow-Origin *;
+      '';
+    };
+    locations."/dashboard/".root =
+      pkgs.copyPathToStore ../../../../playground/jitsi/html;
+
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.nginx.recommendedProxySettings = false;
+
+  services.prosody = {
+    #extraModules = [ "muc_size2" ];
+    extraModules = [ "jitsi_bundled" ];
+    extraPluginPaths = [
+      (pkgs.copyPathToStore ../../../../playground/jitsi/plugins)
+    ];
+    package = pkgs.prosody.override {
+      withExtraLibs = with extraLua; [ basexx luajwtjitsi net-url ];
+    };
+  };
+
+
+}
diff --git a/chaski/services/uplcg.nix b/chaski/services/uplcg.nix
new file mode 100644
index 0000000..5605046
--- /dev/null
+++ b/chaski/services/uplcg.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [
+    "${inputs.uplcg.outPath}/module.nix"
+  ];
+
+  services.uplcg = {
+    enable = true;
+    port = 9080;
+    domain = "0.0.0.0";
+  };
+
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."cards.stuebinm.eu" = {
+    locations."/" = {
+      proxyPass = "http://localhost:9080";
+      proxyWebsockets = true;
+    };
+    enableACME = true;
+    forceSSL = true;
+  };
+}
diff --git a/chaski/services/woitb.nix b/chaski/services/woitb.nix
new file mode 100644
index 0000000..0c50617
--- /dev/null
+++ b/chaski/services/woitb.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, inputs, ... }:
+
+let
+  #sources = ../../nix/sources.nix;
+  sources = /home/stuebinm/Dokumente/utils/playground/ilztal/server;
+in
+{
+  # systemd.services.woitb = {
+  #   enable = true;
+  #   description = "wo ist die ilztalbahn?";
+  #   wantedBy = [ "multi-user.target" ];
+  #   serviceConfig.type = "simple";
+  #   script = "${import sources}/bin/woitb";
+  # };
+
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."ilztal.live" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".root = pkgs.copyPathToStore ./woitb;
+
+    # locations."/upnext".proxyPass = "http://localhost:8000";
+    # locations."/geoloc".proxyPass = "http://localhost:8000";
+  };
+
+  services.nginx.virtualHosts."track.ilztal.live" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".root = inputs.tracktrain;
+  };
+
+}
diff --git a/chaski/services/woitb/index.html b/chaski/services/woitb/index.html
new file mode 100644
index 0000000..8d08826
--- /dev/null
+++ b/chaski/services/woitb/index.html
@@ -0,0 +1,124 @@
+<!DOCTYPE html>
+<html lang="de"><head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>Wo ist die Ilztalbahn?</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="https://ilztal.live/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+        <style>
+
+         body {
+             background-color: olivedrab;
+             color: white;
+             font-family: "Sans Serif";
+             max-width: 60em;
+             margin-left: auto;
+             margin-right: auto;
+             margin-top: 4em;
+         }
+
+         body > p, #sonst p {
+             text-align: center;
+             margin-bottom: 4rem;
+         }
+
+         section > p {
+             text-align: center;
+         }
+
+         a {
+             text-decoration: none;
+         }
+
+         h1, h2, h3 {
+             font-weight: lighter
+         }
+
+         h1 {
+             font-size: 40pt;
+             text-align: center;
+         }
+
+         @media only screen and (max-width: 1000px) {
+             h1 {
+                 font-size: 30pt;
+             }
+             body {
+                 margin: 1em;
+             }
+         }
+
+         h2 {
+             font-size: 23pt;
+         }
+
+         tr {
+             background-color: white;
+             color: black;
+         }
+
+         td {
+             margin-left: 0;
+             padding: 0.5em;
+         }
+
+         #wo {
+             color: black;
+             background-color: white;
+             padding: 1em;
+             max-width: 40em;
+             margin: auto;
+             font-weight: bold;
+         }
+
+         #wo div h2 {
+             margin-left: 2rem;
+         }
+
+         #wo div p {
+             margin-left: 3rem;
+         }
+
+         #fahrplan {
+             margin: auto;
+             max-width: 40em;
+         }
+
+         #fahrplan table tr td:last-child {
+             min-width: 70%;
+         }
+
+         #fahrplan table {
+             width: 100%;
+         }
+
+        </style>
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <h1>Wo ist die <a href="https://ilztalbahn.eu/">Ilztalbahn</a> gerade?</h1>
+
+        <p>(es gibt eh nur eine)</p>
+
+        <div id="root"><main id=""><h2 id="">Gerade nicht unterwegs</h2><div id="wo"><h2 id="">Nächste Fahrt 2022</h2><p id="">Fahrplan ist noch nicht bekannt.</p></div></main></div>
+
+        <section>
+            <p>Andere Abfahrten ab Passau <a href="https://marudor.de/NPA">via marudor.de</a> | <a href="https://iris.noncd.db.de/wbt/js/index.html?bhf=NPA&amp;Zeilen=20">via Iris der DB</a></p>
+
+            <p style="margin-top:3em">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="https://ilztal.live/info.html">Weitere Infos</a>)</p>
+        </section>
+
+    
+
+</body></html>
diff --git a/chaski/services/woitb/info.html b/chaski/services/woitb/info.html
new file mode 100644
index 0000000..e68d728
--- /dev/null
+++ b/chaski/services/woitb/info.html
@@ -0,0 +1,180 @@
+<!doctype html>
+<html lang="de">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>Wo ist die Ilztalbahn?</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
+        <!-- Place favicon.ico in the root directory -->
+        <style>
+
+         body {
+             background-color: olivedrab;
+             color: white;
+             font-family: "Sans Serif";
+             max-width: 60em;
+             margin-left: auto;
+             margin-right: auto;
+             margin-top: 4em;
+         }
+
+         body > p, #sonst p {
+             text-align: center;
+             margin-bottom: 4rem;
+         }
+
+         section > p {
+             text-align: center;
+         }
+
+         a {
+             text-decoration: none;
+         }
+
+         h1, h2, h3 {
+             font-weight: lighter
+         }
+
+         h1 {
+             font-size: 40pt;
+             text-align: center;
+         }
+
+         @media only screen and (max-width: 1000px) {
+             h1 {
+                 font-size: 30pt;
+             }
+             body {
+                 margin: 1em;
+             }
+         }
+
+         h2 {
+             font-size: 23pt;
+         }
+
+         tr {
+             background-color: white;
+             color: black;
+         }
+
+         td {
+             margin-left: 0;
+             padding: 0.5em;
+         }
+
+         #wo {
+             color: black;
+             background-color: white;
+             padding: 1em;
+             max-width: 40em;
+             margin: auto;
+             font-weight: bold;
+         }
+
+         #wo div h2 {
+             margin-left: 2rem;
+         }
+
+         #wo div p {
+             margin-left: 3rem;
+         }
+
+         #fahrplan {
+             margin: auto;
+             max-width: 40em;
+         }
+
+         #fahrplan table tr td:last-child {
+             min-width: 70%;
+         }
+
+         #fahrplan table {
+             width: 100%;
+         }
+
+        </style>
+    </head>
+    <body>
+        <!--[if lt IE 8]>
+            <p class="browserupgrade">
+            You are using an <strong>outdated</strong> browser. Please
+            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+            your experience.
+            </p>
+        <![endif]-->
+
+        <h1><a href="index.html">Wo ist die Ilztalbahn</a> – Über</h1>
+
+        <main>
+            <h2>Was ist das hier?</h2>
+            <p>
+                Diese Webseite zeigt den Fahrplan der <a href="https://ilztalbahn.eu">Ilztalbahn</a> an,
+                und macht sonst nicht viel. Bitte beachtet, dass diese Seite nicht von der Ilztalbahn GmbH,
+                dem Förderverein o.ä. betrieben wird, sondern nur ein privates Projekt einer einzelnen Person
+                ohne jede Verfügbarkeitsgarantie ist.
+            </p>
+
+            <h2>Wie funktioniert das?</h2>
+            <p>
+                Die Ilztalbahn bietet ihren Fahrplan im offenen Standard <a href="https://gtfs.org/">GTFS</a>
+                an. Weil GTFS an einigen Stellen ein manchmal schwer zu benutzender Standard ist (und nicht
+                jeder Besuch dieser Webseite einen Aufruf des GTFS der Ilztalbahn triggern muss), hängt noch
+                ein kleiner Server dazwischen der die relevanten Teile in JSON übersetzt.
+            </p>
+            <p>
+                Der Fahrplan ist jeweils für einen ganzen Sommer gültig, und wird auch währenddessen
+                (soweit ich sehen kann) nicht verändert oder aktualisiert — es gibt also keinerlei Garantie,
+                dass die Daten hier korrekt sind!
+            </p>
+
+            <h2>Gibt es das auch als App?</h2>
+            <p>
+                Aktuell nicht. Wenn ihr die Webseite im Browser offen lasst, sollte sie sich aber auch offline
+                noch automatisch aktualisieren.
+            </p>
+
+            <h2>Werden Verspätungen/etc. angezeigt?</h2>
+            <p>
+                Leider nein. Es gibt für einige Fahrten der Ilztalbahn zwar Echtzeitdaten von der DB, diese
+                sind aber nicht im Datensatz der Ilztalbahn enthalten. Vielleicht kommen die hier noch
+                irgendwann mit rein, solange könnt ihr sie (falls es sie gibt) bei
+                <a href="https://marudor.de/Passau%20Hbf">marudor.de</a> anschauen.
+            </p>
+
+            <h2>Gibts hier Quellcode zu?</h2>
+            <p>
+                Ja klar, hier: <a href="https://stuebinm.eu/git/woitb">git-Repository</a>
+            </p>
+
+            <h2>Datenschutz?</h2>
+            <p>
+                Diese Seite läuft aktuell auf einer kleinen vps bei <a href="https://hetzner.de">Hetzner</a>,
+                geloggt werden aktuell nur Zugriffe, aber keine IP-Adressen.
+            </p>
+
+            <h2>Wer macht das hier?</h2>
+            <p>
+                Auch nur so ein Mensch im Internet. Falls ihr wollt könnt ihr
+                <a href="https://pleroma.stuebinm.eu/stuebinm">auf meinem Pleroma</a> vorbeischauen.
+            </p>
+
+            <h2>Ich hab ne Idee für ein Feature!</h2>
+            <p>
+                Schreibt mich über Pleroma an, vielleicht habe ich Zeit und Lust es einzubauen.
+            </p>
+
+            <h2>Ich hab ein Feature dazuimplementiert!</h2>
+            <p>
+                Cool! Schick mir gerne nen Patch! (Mail ist im Repository)
+            </p>
+        </main>
+        <section>
+            <p style="margin-top:3em;">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="info.html">Weitere Infos</a>)</p>
+        </section>
+
+    </body>
+</html>
diff --git a/cyberbox/configuration.nix b/cyberbox/configuration.nix
new file mode 100644
index 0000000..47ffaad
--- /dev/null
+++ b/cyberbox/configuration.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  # laptop power things
+  services.tlp.enable = true;
+
+  programs.light.enable = true;
+  programs.slock.enable = true;
+
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  networking = {
+  hostName = "cyberbox"; # Define your hostname.
+    networkmanager.enable = true;
+    useDHCP = false;
+    interfaces.enp0s25.useDHCP = true;
+    interfaces.wlp3s0.useDHCP = true;
+  };
+
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # entrypoint for emacs configured with home-manager
+  # (must be available on the user's $PATH)
+  services.xserver.windowManager.session = pkgs.lib.singleton {
+    name = "exwm";
+    start = "emacs -l ${pkgs.writeText "emacs-exwm-load" ''
+      (require 'exwm-config)
+      (exwm-config-default)
+      (defvar inexwm t)
+    ''}";
+  };
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+
+}
+
diff --git a/cyberbox/hardware-configuration.nix b/cyberbox/hardware-configuration.nix
new file mode 100644
index 0000000..a724f02
--- /dev/null
+++ b/cyberbox/hardware-configuration.nix
@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/70a8042c-c5b5-4faa-8019-0eb042fbdf00";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/e53c9b77-5e00-40a0-bbda-62978b7b3000";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/60cda588-b262-4394-8d38-284109a08a59";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/flake.nix b/flake.nix
index aefc703..b6b4579 100644
--- a/flake.nix
+++ b/flake.nix
@@ -43,10 +43,10 @@
     in {
 
       nixosConfigurations = {
-        chaski = mkServer ./hosts/chaski/configuration.nix;
-        flora = mkServer ./hosts/flora/configuration.nix;
-        abbenay = mkDesktop ./hosts/abbenay/configuration.nix;
-        cyberbox = mkDesktop ./hosts/cyberbox/configuration.nix;
+        chaski = mkServer ./chaski/configuration.nix;
+        flora = mkServer ./flora/configuration.nix;
+        abbenay = mkDesktop ./abbenay/configuration.nix;
+        cyberbox = mkDesktop ./cyberbox/configuration.nix;
       };
 
       homeConfigurations.stuebinm =
diff --git a/flora/configuration.nix b/flora/configuration.nix
new file mode 100644
index 0000000..b2699b7
--- /dev/null
+++ b/flora/configuration.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    # ./services/hedgedoc.nix
+    #./services/daemoniones.nix
+    ./services/nginx.nix
+    ./services/pleroma.nix
+    ./services/cgit.nix
+    # ./services/surveys.nix
+    #./services/picarones.nix
+    ./services/dockerhub.nix
+    ./services/blog.nix
+  ];
+  
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  networking = {
+    hostName = "flora";
+    
+    enableIPv6 = true;
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "ens3";
+    };
+    
+    interfaces.ens3.ipv6.addresses = [ {
+      address = "2a01:4f9:c010:df15::1";
+      prefixLength = 64;
+    } ]; 
+    
+    useDHCP = false;
+    interfaces.ens3.useDHCP = true;
+
+    firewall.logRefusedConnections = false;
+    
+
+  };
+
+  services.fail2ban = {
+    enable = true;
+    bantime-increment.enable = true;
+    bantime-increment.overalljails = true;
+    bantime-increment.maxtime = "1312m";
+    ignoreIP = [ "88.133.194.232" ];
+  };
+  
+  services.logrotate = {
+    enable = true;
+    paths.nginx = {
+      path = "/var/log/nginx";
+      frequency = "weekly";
+    };
+  };
+
+  
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system = {
+    stateVersion = "20.09"; # Did you read the comment?
+  };
+
+}
+
diff --git a/flora/hardware-configuration.nix b/flora/hardware-configuration.nix
new file mode 100644
index 0000000..2ce21f4
--- /dev/null
+++ b/flora/hardware-configuration.nix
@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ modulesPath, config, lib, pkgs, inputs, ... }:
+
+{
+  imports =
+    [ "${modulesPath}/profiles/qemu-guest.nix"
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5d31cad5-9076-4d2f-93f6-6af817bc368b";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}
+
diff --git a/flora/services/blog.nix b/flora/services/blog.nix
new file mode 100644
index 0000000..056a63b
--- /dev/null
+++ b/flora/services/blog.nix
@@ -0,0 +1,9 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  services.nginx.virtualHosts."stuebinm.eu" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".root = (import inputs.blog);
+  };
+}
diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
new file mode 100644
index 0000000..094bfd5
--- /dev/null
+++ b/flora/services/cgit.nix
@@ -0,0 +1,94 @@
+{pkgs, config, ...}:
+
+{
+  containers.cgit = { 
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress6 = "fd00::42:12";
+    localAddress6 = "fd00::42:13";
+
+    bindMounts."/git" = {
+      hostPath = "/var/git/public";
+      isReadOnly = true;
+    };
+
+    config = {pkgs, config, ...}: {
+      services.lighttpd.enable = true;
+      services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
+      services.lighttpd.cgit = {
+        enable = true;
+        subdir = "git";
+        configText = ''
+          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+          cache-size=1000
+          logo=/git/cgit.png
+          favicon=/git/favicon.ico
+
+          # take css from an assumed repo `config`
+          css=/git/config/plain/cgit.css
+
+          # remove .git extensions from repo names
+          remove-suffix=1
+
+          # readme formats which may be parsed
+          readme=:README.md
+          readme=:README
+          readme=:README.txt
+          readme=:README.org
+
+          # allow cloning repos
+          enable-http-clone=1
+                  
+          enable-follow-links=1
+          enable-html-serving=1
+          enable-index-owner=0
+
+          mimetype.css=text/css
+          mimetype.jpg=image/jpeg
+          mimetype.jpeg=image/jpeg
+          mimetype.pdf=application/pdf
+          mimetype.png=image/png
+          mimetype.svg=image/svg+xml
+
+          # some nice formatting
+          root-title=An Assortment of Stuff
+          root-desc=hand-squished into git repos
+          enable-commit-graph=1
+          enable-log-linecount=1
+          enable-log-filecount=1
+          branch-sort=age
+          # suppress email addresses in html logs
+          noplainemail=1
+
+          # maximum file size for plain blobs in kilobyte
+          max-blob-size=100
+
+          cache-scanrc-ttl=1
+
+          scan-path=/git
+        '';
+      };
+
+      networking.firewall.allowedTCPPorts = [ 80 ];
+    };
+  };
+
+  services.nginx.recommendedProxySettings = true;
+  services.nginx.virtualHosts."stuebinm.eu" = {
+    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  # user for git repo administration
+  users.users.git = {
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    home = "/var/git";
+    isNormalUser = true;
+    packages = [ pkgs.git ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}
diff --git a/flora/services/daemoniones.nix b/flora/services/daemoniones.nix
new file mode 100644
index 0000000..ae9d3cb
--- /dev/null
+++ b/flora/services/daemoniones.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, ...}:
+
+{
+  systemd.services = 
+    let simpledaemon = name: command: {
+      enable = true;
+      description = name;
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.Type = "simple";
+      script = command;
+    };
+  in {
+    choclo = simpledaemon "choclo signalling server" "/root/simple-signalling/target/release/chaski -b 127.0.0.1:5000";
+    wasi = simpledaemon "wasi backend" "/root/wasi-minimal/target/release/wasi";
+#    picarones = simpledaemon "picarones backend" "/root/picarones-server/target/release/picarones -b 127.0.0.1:6000";
+  };
+
+  services.nginx = {
+    virtualHosts = 
+      let websocketproxy = addr: {
+        locations."/".proxyPass = addr;
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyWebsockets = true;
+      };
+    in {
+      "wasi.stuebinm.eu" = websocketproxy "http://127.0.0.1:9000";
+      "choclo.stuebinm.eu" = websocketproxy "http://127.0.0.1:5000";
+#      "picarones.stuebinm.eu" = websocketproxy "http://127.0.0.1:6000";
+    };
+  };
+
+
+}
diff --git a/flora/services/dockerhub.nix b/flora/services/dockerhub.nix
new file mode 100644
index 0000000..c9b84b3
--- /dev/null
+++ b/flora/services/dockerhub.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.dockerRegistry = {
+    enable = true;
+    port = 6000;
+    enableRedisCache = false;
+    extraConfig = {
+      storage.maintenance.readonly.enabled = true;
+    };
+  };
+
+  services.nginx.virtualHosts."registry.stuebinm.eu" = {
+    locations."/" = {
+      proxyPass = "http://localhost:6000";
+      proxyWebsockets = true;
+    };
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.nginx.clientMaxBodySize = "0";
+}
diff --git a/flora/services/hedgedoc.nix b/flora/services/hedgedoc.nix
new file mode 100644
index 0000000..038f99f
--- /dev/null
+++ b/flora/services/hedgedoc.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+let
+  hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: {
+    src = pkgs.fetchgit {
+      url = "https://stuebinm.eu/git/hedgedoc";
+      rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3";
+      sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c";
+    };
+  });
+in
+{
+    # Container containing CodiMD and its database
+  # has its own internal network; needs a reverse-proxy to be reachable from the outside
+  # TODO: persistent memory for pads
+  containers.codimd = { 
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress6 = "fd00::42:10";
+    localAddress6 = "fd00::42:11";
+    
+    config = {config, pkgs, ... }: {
+      # open CodiMD port
+      networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ];
+
+      # database (postgres 11), with default database reachable for CodiMD; no imperative config needed!
+      services.postgresql = {
+        enable = true;
+        package = pkgs.postgresql_11;
+        ensureDatabases = [ "codimd" ];
+        ensureUsers = [ {
+          name = "hedgedoc";
+          ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";};
+        } ];
+        # ugly workaround to allow CodiMD to login without password — this service has lots of options,
+        # but apparently not for authentification, which even needs to be forced …
+        authentication = pkgs.lib.mkForce ''
+          # Generated file; do not edit!
+          local all all              trust
+          host  codimd hedgedoc  ::1/18       trust
+          host  codimd codimd ::1/128      trust
+        '';
+      };
+      # CodiMD itself
+      services.hedgedoc = {
+        enable = true;
+        workDir = "/var/codimd/";
+        configuration = {
+          dbURL = "postgres:///codimd";
+          port = 3000;
+          domain = "nix.stuebinm.eu";
+          urlAddPort = false;
+          protocolUseSSL = true;
+          allowPDFExport = true;
+          host = "::";
+          allowEmailRegister = false;
+          allowFreeURL = true;
+          uploadsPath = "/var/codimd/uploads";
+          #email = false;
+        };
+      };
+
+      systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc";
+    };
+  };
+
+    
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx.virtualHosts."nix.stuebinm.eu" = {
+    locations."/" = {
+      proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000";
+      proxyWebsockets = true;
+    };
+    forceSSL = true;
+    enableACME = true;
+  };
+}
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
new file mode 100644
index 0000000..bbcacb7
--- /dev/null
+++ b/flora/services/nginx.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+
+    appendHttpConfig = ''
+      add_header Permissions-Policy "interest-cohort=()";
+    '';
+  };
+}
diff --git a/flora/services/picarones.nix b/flora/services/picarones.nix
new file mode 100644
index 0000000..c2e3c7b
--- /dev/null
+++ b/flora/services/picarones.nix
@@ -0,0 +1,26 @@
+{config, pkgs, ...}:
+let
+  source = builtins.fetchGit {
+    url = "https://stuebinm.eu/git/picarones/";
+    rev = "0596b9f6c561daa67945adb81570efd30650dffd";
+  };
+in
+{
+
+  imports = [ source.outPath ];
+
+  services.picarones = {
+    enable = true;
+    frontend = {
+      enable = true;
+      domain = "picarones.stuebinm.eu";
+      proxyBackend = true;
+      config = {
+        enableACME = true;
+        forceSSL = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/flora/services/pleroma.nix b/flora/services/pleroma.nix
new file mode 100644
index 0000000..e0f60ed
--- /dev/null
+++ b/flora/services/pleroma.nix
@@ -0,0 +1,178 @@
+{config, pkgs, inputs, ...}:
+
+
+let
+  domain = "pleroma.stuebinm.eu";
+in
+{
+
+  containers.pleroma = {
+    autoStart = true;
+    privateNetwork = true;
+    
+    hostAddress = "192.168.42.30";
+    localAddress = "192.168.42.31";
+    hostAddress6 = "fd00::42:30";
+    localAddress6 = "fd00::42:31";
+    
+    
+    config = {pkgs, config, ...}: {
+      
+      # generating the manual will fail when mixing nixos channels,
+      # so disable it here or this won't build at all.
+      documentation.enable = false;
+      
+      # pleroma has a cli tool for configuration
+      environment.systemPackages = [ pkgs.dnsutils ];
+    
+      services.pleroma = {
+        enable = true;
+
+
+        # package = (import inputs.nixpkgs-unstable {}).pleroma;
+        
+        # this is barely necessary at this point — all that's
+        # set in here is the default_signer for joken, and the
+        # secret_key_base and signing_salt for phoenix.
+        secretConfigFile = "/var/lib/pleroma/secrets.exs";
+        
+        # for a list of available config options, see
+        # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/
+        # 
+        # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo)
+        # are better documented in their respective libraries (in this
+        # case, see the documentation for Ecto on Adapters).
+        configs = [ ''
+          import Config
+
+          config :pleroma, Pleroma.Web.Endpoint,
+            url: [host: "${domain}", scheme: "https", port: 443],
+            http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000]
+
+          config :pleroma, :instance,
+            name: "Pleroma",
+            limit: 5000,
+            registrations_open: false,
+            federating: true,
+            healthcheck: true,
+            allow_relay: true
+
+          config :pleroma, :media_proxy,
+            enabled: false,
+            redirect_on_failure: true
+
+          config :pleroma, Pleroma.Upload,
+            filters: [
+                Pleroma.Upload.Filter.Exiftool,
+                Pleroma.Upload.Filter.AnonymizeFilename,
+                Pleroma.Upload.Filter.Dedupe
+            ]
+            
+          config :pleroma, Pleroma.Uploaders.Local,
+            uploads: "/var/lib/pleroma/uploads"
+
+          config :pleroma, Pleroma.Repo,
+            adapter: Ecto.Adapters.Postgres,
+            username: "pleroma",
+            database: "pleroma",
+            socket_dir: "/run/postgresql",
+            pool_size: 10,
+            prepare: :named,
+            parameters: [
+                plan_cache_mode: "force_custom_plan"
+            ]
+
+
+
+          config :pleroma, :database, rum_enabled: false
+          config :pleroma, configurable_from_database: false
+
+          config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+          
+        '' ];
+      };
+
+      # otherwise, the exiftool will fail to run
+      systemd.services.pleroma.path = [ pkgs.exiftool ];
+          
+      services.postgresql = {
+        enable = true;
+        package = pkgs.postgresql_12;
+        
+        ensureDatabases = [ "pleroma" ];
+        ensureUsers = [ {
+          name = "pleroma";
+          ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES";
+        } ];
+        
+        # give pleroma access. must be done with lib.mkForce, for some reason
+        authentication = pkgs.lib.mkForce ''
+          # Generated file; do not edit!
+          local all all              trust
+          host  pleroma pleroma ::1/128      trust
+        '';
+        
+        # pleroma wants to do some initial config on startup, which it
+        # can't do by itself since those needs superuser access
+        #
+        # unfortunatly, this is executed /before/ the database is created,
+        # i.e. we have to create user and database by hand, even though
+        # they would otherwise created by ensureUsers / ensureDatabse.
+        # Using those does still prevent us from accidentally deleting
+        # them, though (but not from deleting the database's content!)
+        initialScript = pkgs.writeScript "postgres-pleroma-initial" ''
+          CREATE USER pleroma;
+          CREATE DATABASE pleroma OWNER pleroma;
+          \c pleroma;
+          --Extensions made by ecto.migrate that need superuser access
+          CREATE EXTENSION IF NOT EXISTS citext;
+          CREATE EXTENSION IF NOT EXISTS pg_trgm;
+          CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+        '';
+      };
+        
+      networking.firewall.allowedTCPPorts = [ 4000 10022 ];
+    };
+  };
+  
+  # give the container access to the external internet (necessary for
+  # fetching content from other instances). Doesn't appear to work with
+  # IPv6, though ...
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-pleroma" ];
+    externalInterface = "ens3";
+    
+  };
+  networking.firewall.allowedTCPPorts = [ 10022 ];
+  
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    
+    locations."/" = {
+      proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
+      proxyWebsockets = true;
+      # these headers are in the example config in the NixOS manual.
+      # take some time to figure out what they all do, and if these
+      # are necessary
+      extraConfig = ''
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
+        add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy same-origin;
+        add_header X-Download-Options noopen;
+        client_max_body_size 16m;
+      '';
+    };
+  };
+}
+
diff --git a/flora/services/surveys.nix b/flora/services/surveys.nix
new file mode 100644
index 0000000..befa673
--- /dev/null
+++ b/flora/services/surveys.nix
@@ -0,0 +1,23 @@
+{pkgs, config, ...}:
+
+let survey = pkgs.fetchgit {
+      url = "https://stuebinm.eu/git/slightly-better-surveys";
+      rev = "c255269db0c739400b62d4c4041e3238b1045d22";
+      sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
+    };
+in
+{
+  services.nginx.virtualHosts."survey.stuebinm.eu" = {
+    locations."/".root = survey.outPath + "/site";
+    locations."/upload".proxyPass = "http://localhost:8080";
+
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.nginx.appendHttpConfig = ''
+    types {
+        application/wasm wasm;
+    }
+  '';
+}
diff --git a/hosts/abbenay/configuration.nix b/hosts/abbenay/configuration.nix
deleted file mode 100644
index 2aabaa7..0000000
--- a/hosts/abbenay/configuration.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
-  services.flatpak.enable = true;
-  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
-
-  services.xserver = {
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-  };
-  services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false;
-
-  environment.systemPackages = with pkgs; [
-    gnome3.gnome-tweaks
-    flatpak flatpak-builder
-    # for mounting samba
-    cifs-utils
-  ];
-
-  networking = {
-    hostName = "matthias-nix";
-
-    useDHCP = false;
-    interfaces.enp3s0.useDHCP = true;
-    # networkmanager shouldn't handle nixos container
-    networkmanager.unmanaged = [ "interface-name:ve-*" ];
-  };
-  # nixos containers should have internet access
-  networking.nat = {
-    enable = true;
-    internalInterfaces = ["ve-+"];
-    externalInterface = "eth0";
-  };
-
-  boot = {
-    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
-    kernelModules = [ "v4l2loopback" ];
-  };
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.03"; # Did you read the comment?
-
-}
diff --git a/hosts/abbenay/hardware-configuration.nix b/hosts/abbenay/hardware-configuration.nix
deleted file mode 100644
index 876431d..0000000
--- a/hosts/abbenay/hardware-configuration.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/ba8853b3-6e52-49d6-a250-6d99b8dfe6d6";
-      fsType = "ext4";
-    };
-  fileSystems."/home" = 
-    { device = "/dev/disk/by-label/nix-space";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/0F28-FE85";
-      fsType = "vfat";
-    };
-
-  swapDevices = [
-      { device = "/dev/disk/by-uuid/6e9fddfc-99d2-46d2-bcb4-d8c5e1c19d38"; }
-    ];
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix
deleted file mode 100644
index ae422cf..0000000
--- a/hosts/chaski/configuration.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      # ./services/workadventure.nix
-      #./services/exneuland.nix
-      # ./services/jitsi.nix
-      ./services/uplcg.nix
-      ./services/woitb.nix
-      ./services/geolocation.nix
-      ./services/gtfs.nix
-    ];
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  services.nginx.appendHttpConfig = ''
-     access_log off;
-     add_header Permissions-Policy "interest-cohort=()";
-  '';
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-
-  networking.hostName = "chaski"; # Define your hostname.
-
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.ens10.useDHCP = true;
-  networking.interfaces.ens3.useDHCP = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
-
-  boot.loader.grub.devices = [ "/dev/sda" ];
-
-}
diff --git a/hosts/chaski/hardware-configuration.nix b/hosts/chaski/hardware-configuration.nix
deleted file mode 100644
index 54fbcba..0000000
--- a/hosts/chaski/hardware-configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/5beea4aa-5ea3-4518-9b7d-97f289be92ea";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-}
diff --git a/hosts/chaski/services/VaaS/.gitignore b/hosts/chaski/services/VaaS/.gitignore
deleted file mode 100644
index b5e3679..0000000
--- a/hosts/chaski/services/VaaS/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-dist-newstyle/*
diff --git a/hosts/chaski/services/VaaS/CHANGELOG.md b/hosts/chaski/services/VaaS/CHANGELOG.md
deleted file mode 100644
index 500a0d0..0000000
--- a/hosts/chaski/services/VaaS/CHANGELOG.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Revision history for haskell
-
-## 0.1.0.0 -- YYYY-mm-dd
-
-* First version. Released on an unsuspecting world.
diff --git a/hosts/chaski/services/VaaS/app/Main.hs b/hosts/chaski/services/VaaS/app/Main.hs
deleted file mode 100644
index b5697d7..0000000
--- a/hosts/chaski/services/VaaS/app/Main.hs
+++ /dev/null
@@ -1,58 +0,0 @@
-{-# LANGUAGE LambdaCase        #-}
-{-# LANGUAGE OverloadedStrings #-}
-
-module Main where
-
-import           Control.Exception        (try)
-import           Control.Exception.Base   (handle)
-import qualified Data.ByteString          as BS
-import           Data.ByteString.Base32
-import qualified Data.ByteString.Char8    as C8
-import qualified Data.ByteString.Lazy     as LB
-import           Data.Maybe               (mapMaybe)
-import           Network.HTTP.Client      (httpLbs, newManager, parseRequest,
-                                           responseBody)
-import           Network.HTTP.Client.TLS
-import           Network.HTTP.Types
-import           Network.Wai
-import           Network.Wai.Handler.Warp (run)
-import qualified System.Environment       as SE
-import           System.Process
-
-simpleResponse = responseLBS status200 [("Content-Type", "text/plain")]
-
-simpleError = responseLBS status400 [("Content-Type", "text/plain")]
-
-serveFile filename = do
-  content <- LB.readFile filename
-  pure $ responseLBS status200 [("Content-Type", "text/html")] content
-
-app :: FilePath -> FilePath -> Application
-app validator index req respond =
-    case requestMethod req of
-      "GET" -> case pathInfo req of
-        [] -> serveFile index >>= respond
-        ["validate"] -> do
-          let gtfsuri = head $ mapMaybe (\case { ("gtfs",a) -> Just a; _ -> Nothing }) $ queryString req
-          putStrLn $ "uri is " <> show gtfsuri
-          case gtfsuri of
-            Just uri -> do
-              man <- newManager tlsManagerSettings
-              request <- parseRequest $ C8.unpack uri
-              gtfs <- httpLbs request man
-              let filename = "/tmp/" <> C8.unpack (encodeBase32' uri) <> ".zip"
-              LB.writeFile filename (responseBody gtfs)
-              readProcessWithExitCode "python" [validator,"-n", filename, "--output", "/tmp/gtfs-validated.html"] ""
-
-              serveFile "/tmp/gtfs-validated.html" >>= respond
-
-            Nothing -> respond $ simpleError "missing gtfs parameter"
-        _ -> respond $ simpleError "unknown path"
-      _ -> respond $ simpleError "invalid reqeust method"
-
-main :: IO ()
-main = do
-  args <- SE.getArgs
-  let validator = head args
-  putStrLn "http://localhost:7000/"
-  run 7000 $ app validator (args!!1)
diff --git a/hosts/chaski/services/VaaS/default.nix b/hosts/chaski/services/VaaS/default.nix
deleted file mode 100644
index 427270c..0000000
--- a/hosts/chaski/services/VaaS/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, compiler ? "default", doBenchmark ? false }:
-
-let
-
-  inherit pkgs;
-
-  f = { mkDerivation, base, base32, bytestring, http-client
-      , http-client-tls, http-types, lib, process, wai, warp
-      }:
-      mkDerivation {
-        pname = "VaaS";
-        version = "0.1.0.0";
-        src = ./.;
-        isLibrary = false;
-        isExecutable = true;
-        executableHaskellDepends = [
-          base base32 bytestring http-client http-client-tls http-types
-          process wai warp
-        ];
-        license = "unknown";
-        hydraPlatforms = lib.platforms.none;
-      };
-
-  haskellPackages = if compiler == "default"
-                       then pkgs.haskellPackages
-                       else pkgs.haskell.packages.${compiler};
-
-  variant = if doBenchmark then pkgs.haskell.lib.doBenchmark else pkgs.lib.id;
-in
-  variant (haskellPackages.callPackage f {})
diff --git a/hosts/chaski/services/VaaS/haskell.cabal b/hosts/chaski/services/VaaS/haskell.cabal
deleted file mode 100644
index 262b65f..0000000
--- a/hosts/chaski/services/VaaS/haskell.cabal
+++ /dev/null
@@ -1,35 +0,0 @@
-cabal-version:      2.4
-name:               VaaS
-version:            0.1.0.0
-
--- A short (one-line) description of the package.
--- synopsis:
-
--- A longer description of the package.
--- description:
-
--- A URL where users can report bugs.
--- bug-reports:
-
--- The license under which the package is released.
--- license:
-author:             stuebinm
-maintainer:         stuebinm@disroot.org
-
--- A copyright notice.
--- copyright:
--- category:
-extra-source-files: CHANGELOG.md
-
-executable VaaS
-    main-is:          Main.hs
-
-    -- Modules included in this executable, other than Main.
-    -- other-modules:
-
-    -- LANGUAGE extensions used by modules in this package.
-    -- other-extensions:
-    build-depends:    base ^>=4.14.1.0, wai, warp, http-types, bytestring, process,
-                      http-client, http-client-tls, base32
-    hs-source-dirs:   app
-    default-language: Haskell2010
diff --git a/hosts/chaski/services/VaaS/index.html b/hosts/chaski/services/VaaS/index.html
deleted file mode 100644
index a7f59e0..0000000
--- a/hosts/chaski/services/VaaS/index.html
+++ /dev/null
@@ -1,46 +0,0 @@
-<!doctype html>
-<html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>GTFS Validator</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <h1>GTFS Validator</h1>
-        <p>
-            This runs the validator contained in the
-            <a href="https://github.com/google/transitfeed">transitfeed
-                git repository
-            </a>.
-        </p>
-
-        <p>Paste the url to your GTFS zip below</p>
-
-        <input id="url">
-        <button id="submit">Validate</button>
-
-        <script>
-         let submit = document.getElementById("submit");
-         let url = document.getElementById("url");
-
-         submit.onclick = () => {
-             window.location =
-                 "/validate?gtfs=" + url.value
-         }
-        </script>
-    </body>
-</html>
diff --git a/hosts/chaski/services/exneuland.nix b/hosts/chaski/services/exneuland.nix
deleted file mode 100644
index 3ec3451..0000000
--- a/hosts/chaski/services/exneuland.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  workadventure-nix = builtins.fetchGit {
-    url = "https://stuebinm.eu/git/workadventure-nix";
-    ref = "master";
-  };
-  wapkgs = import "${workadventure-nix.outPath}/wapkgs.nix" {
-    inherit pkgs;
-    lib = pkgs.lib;
-  };
-  frontdrv = wapkgs.workadventure-tcm.front.override {
-    environment = {
-      PUSHER_URL = "https://exneuland.stuebinm.eu/pusher";
-      START_ROOM_URL = "/_/global/world.di.c3voc.de/maps/main.json";
-    };
-  };
-  exneuland = import ../../../pkgs/exneuland.nix;
-in
-{
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = false;
-    virtualHosts."exneuland.stuebinm.eu" = {
-      root = "${frontdrv}/dist";
-      locations."/_/".tryFiles = "/index.html =404";
-
-      locations."/pusher" = {
-        proxyPass = "http://localhost:4000";
-        proxyWebsockets = true;
-        extraConfig = ''
-          add_header Access-Control-Allow-Origin https://exneuland.stuebinm.eu;
-          proxy_pass_request_headers on;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_set_header X-Forwarded-Host $http_host;
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection $http_connection;
-        '';
-      };
-
-      enableACME = true;
-      forceSSL = true;
-    };
-  };
-
-  systemd.services.exneuland = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    description = "exneuland backend for workadventure";
-    serviceConfig = {
-      ExecStart = "${exneuland}/bin/exneuland start";
-      Restart = "always";
-    };
-  };
-}
diff --git a/hosts/chaski/services/geolocation.nix b/hosts/chaski/services/geolocation.nix
deleted file mode 100644
index 4b095bd..0000000
--- a/hosts/chaski/services/geolocation.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.nginx.virtualHosts."ilztal.live".locations."/geolocation".root =
-     ../../../assets/ilztal.live;
-}
diff --git a/hosts/chaski/services/gtfs.nix b/hosts/chaski/services/gtfs.nix
deleted file mode 100644
index 61837a1..0000000
--- a/hosts/chaski/services/gtfs.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  vaas = import ./VaaS/default.nix {inherit pkgs; };
-
-  transitfeed = pkgs.fetchFromGitHub {
-    owner = "google";
-    repo = "transitfeed";
-    rev = "d727e97cb66ac2ca2d699a382ea1d449ee26c2a1";
-    sha256 = "0kmcmdja6h7gzvi40c9qfzxh6qwv5184g2rgpqx5rhj4ql9ini3h";
-  };
-
-  index = pkgs.copyPathToStore ./VaaS/index.html;
-in
-{
-  systemd.services.vaas = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    description = "GTFS feed validator as a service";
-    path = [ pkgs.python2 pkgs.python2Packages.pytz pkgs.python2Packages.enum34 ];
-    serviceConfig = {
-      ExecStart = "${vaas}/bin/VaaS ${transitfeed}/feedvalidator.py ${index}";
-      Restart = "always";
-      PrivateTmp = "true";
-      PrivateDevices = "true";
-      ProtectSystem = "strict";
-      ReadWritePaths = [ "/tmp" ];
-    };
-
-  };
-
-  services.nginx.virtualHosts."gtfs.stuebinm.eu" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".proxyPass = "http://localhost:7000";
-  };
-}
diff --git a/hosts/chaski/services/jitsi.nix b/hosts/chaski/services/jitsi.nix
deleted file mode 100644
index d6f398b..0000000
--- a/hosts/chaski/services/jitsi.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{config, pkgs, ...}:
-
-with pkgs.luaPackages;
-with pkgs;
-let extraLua = import ../../../../playground/jitsi/test.nix;
-in
-
-{
-  services.jitsi-meet = {
-    enable = true;
-    hostName = "jitsi.stuebinm.eu";
-    config = {
-      enableWelcomePage = true;
-      prejoinPageEnabled = true;
-    };
-    interfaceConfig = {
-      SHOW_JITSI_WATERMARK = false;
-      SHOW_WATERMARK_FOR_GUESTS = false;
-    };
-  };
-  services.jitsi-videobridge.openFirewall = true;
-
-  services.nginx.virtualHosts."api.jitsi.stuebinm.eu" = {
-    locations."/room-size" = {
-      proxyPass = pkgs.lib.mkForce
-        "http://jitsi.stuebinm.eu:5280/room-size?$args&domain=jitsi.stuebinm.eu";
-
-      extraConfig = ''
-        add_header Access-Control-Allow-Origin *;
-      '';
-    };
-    locations."/room-list" = {
-      proxyPass = "http://jitsi.stuebinm.eu:5280/room-list?domain=jitsi.stuebinm.eu";
-      extraConfig = ''
-        add_header Access-Control-Allow-Origin *;
-      '';
-    };
-    locations."/dashboard/".root =
-      pkgs.copyPathToStore ../../../../playground/jitsi/html;
-
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  services.nginx.recommendedProxySettings = false;
-
-  services.prosody = {
-    #extraModules = [ "muc_size2" ];
-    extraModules = [ "jitsi_bundled" ];
-    extraPluginPaths = [
-      (pkgs.copyPathToStore ../../../../playground/jitsi/plugins)
-    ];
-    package = pkgs.prosody.override {
-      withExtraLibs = with extraLua; [ basexx luajwtjitsi net-url ];
-    };
-  };
-
-
-}
diff --git a/hosts/chaski/services/uplcg.nix b/hosts/chaski/services/uplcg.nix
deleted file mode 100644
index 5605046..0000000
--- a/hosts/chaski/services/uplcg.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-  imports = [
-    "${inputs.uplcg.outPath}/module.nix"
-  ];
-
-  services.uplcg = {
-    enable = true;
-    port = 9080;
-    domain = "0.0.0.0";
-  };
-
-  services.nginx.enable = true;
-  services.nginx.virtualHosts."cards.stuebinm.eu" = {
-    locations."/" = {
-      proxyPass = "http://localhost:9080";
-      proxyWebsockets = true;
-    };
-    enableACME = true;
-    forceSSL = true;
-  };
-}
diff --git a/hosts/chaski/services/woitb.nix b/hosts/chaski/services/woitb.nix
deleted file mode 100644
index 0c50617..0000000
--- a/hosts/chaski/services/woitb.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-let
-  #sources = ../../nix/sources.nix;
-  sources = /home/stuebinm/Dokumente/utils/playground/ilztal/server;
-in
-{
-  # systemd.services.woitb = {
-  #   enable = true;
-  #   description = "wo ist die ilztalbahn?";
-  #   wantedBy = [ "multi-user.target" ];
-  #   serviceConfig.type = "simple";
-  #   script = "${import sources}/bin/woitb";
-  # };
-
-  services.nginx.enable = true;
-  services.nginx.virtualHosts."ilztal.live" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".root = pkgs.copyPathToStore ./woitb;
-
-    # locations."/upnext".proxyPass = "http://localhost:8000";
-    # locations."/geoloc".proxyPass = "http://localhost:8000";
-  };
-
-  services.nginx.virtualHosts."track.ilztal.live" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".root = inputs.tracktrain;
-  };
-
-}
diff --git a/hosts/chaski/services/woitb/index.html b/hosts/chaski/services/woitb/index.html
deleted file mode 100644
index 8d08826..0000000
--- a/hosts/chaski/services/woitb/index.html
+++ /dev/null
@@ -1,124 +0,0 @@
-<!DOCTYPE html>
-<html lang="de"><head>
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Wo ist die Ilztalbahn?</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="https://ilztal.live/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-        <style>
-
-         body {
-             background-color: olivedrab;
-             color: white;
-             font-family: "Sans Serif";
-             max-width: 60em;
-             margin-left: auto;
-             margin-right: auto;
-             margin-top: 4em;
-         }
-
-         body > p, #sonst p {
-             text-align: center;
-             margin-bottom: 4rem;
-         }
-
-         section > p {
-             text-align: center;
-         }
-
-         a {
-             text-decoration: none;
-         }
-
-         h1, h2, h3 {
-             font-weight: lighter
-         }
-
-         h1 {
-             font-size: 40pt;
-             text-align: center;
-         }
-
-         @media only screen and (max-width: 1000px) {
-             h1 {
-                 font-size: 30pt;
-             }
-             body {
-                 margin: 1em;
-             }
-         }
-
-         h2 {
-             font-size: 23pt;
-         }
-
-         tr {
-             background-color: white;
-             color: black;
-         }
-
-         td {
-             margin-left: 0;
-             padding: 0.5em;
-         }
-
-         #wo {
-             color: black;
-             background-color: white;
-             padding: 1em;
-             max-width: 40em;
-             margin: auto;
-             font-weight: bold;
-         }
-
-         #wo div h2 {
-             margin-left: 2rem;
-         }
-
-         #wo div p {
-             margin-left: 3rem;
-         }
-
-         #fahrplan {
-             margin: auto;
-             max-width: 40em;
-         }
-
-         #fahrplan table tr td:last-child {
-             min-width: 70%;
-         }
-
-         #fahrplan table {
-             width: 100%;
-         }
-
-        </style>
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <h1>Wo ist die <a href="https://ilztalbahn.eu/">Ilztalbahn</a> gerade?</h1>
-
-        <p>(es gibt eh nur eine)</p>
-
-        <div id="root"><main id=""><h2 id="">Gerade nicht unterwegs</h2><div id="wo"><h2 id="">Nächste Fahrt 2022</h2><p id="">Fahrplan ist noch nicht bekannt.</p></div></main></div>
-
-        <section>
-            <p>Andere Abfahrten ab Passau <a href="https://marudor.de/NPA">via marudor.de</a> | <a href="https://iris.noncd.db.de/wbt/js/index.html?bhf=NPA&amp;Zeilen=20">via Iris der DB</a></p>
-
-            <p style="margin-top:3em">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="https://ilztal.live/info.html">Weitere Infos</a>)</p>
-        </section>
-
-    
-
-</body></html>
diff --git a/hosts/chaski/services/woitb/info.html b/hosts/chaski/services/woitb/info.html
deleted file mode 100644
index e68d728..0000000
--- a/hosts/chaski/services/woitb/info.html
+++ /dev/null
@@ -1,180 +0,0 @@
-<!doctype html>
-<html lang="de">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Wo ist die Ilztalbahn?</title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png">
-        <!-- Place favicon.ico in the root directory -->
-        <style>
-
-         body {
-             background-color: olivedrab;
-             color: white;
-             font-family: "Sans Serif";
-             max-width: 60em;
-             margin-left: auto;
-             margin-right: auto;
-             margin-top: 4em;
-         }
-
-         body > p, #sonst p {
-             text-align: center;
-             margin-bottom: 4rem;
-         }
-
-         section > p {
-             text-align: center;
-         }
-
-         a {
-             text-decoration: none;
-         }
-
-         h1, h2, h3 {
-             font-weight: lighter
-         }
-
-         h1 {
-             font-size: 40pt;
-             text-align: center;
-         }
-
-         @media only screen and (max-width: 1000px) {
-             h1 {
-                 font-size: 30pt;
-             }
-             body {
-                 margin: 1em;
-             }
-         }
-
-         h2 {
-             font-size: 23pt;
-         }
-
-         tr {
-             background-color: white;
-             color: black;
-         }
-
-         td {
-             margin-left: 0;
-             padding: 0.5em;
-         }
-
-         #wo {
-             color: black;
-             background-color: white;
-             padding: 1em;
-             max-width: 40em;
-             margin: auto;
-             font-weight: bold;
-         }
-
-         #wo div h2 {
-             margin-left: 2rem;
-         }
-
-         #wo div p {
-             margin-left: 3rem;
-         }
-
-         #fahrplan {
-             margin: auto;
-             max-width: 40em;
-         }
-
-         #fahrplan table tr td:last-child {
-             min-width: 70%;
-         }
-
-         #fahrplan table {
-             width: 100%;
-         }
-
-        </style>
-    </head>
-    <body>
-        <!--[if lt IE 8]>
-            <p class="browserupgrade">
-            You are using an <strong>outdated</strong> browser. Please
-            <a href="http://browsehappy.com/">upgrade your browser</a> to improve
-            your experience.
-            </p>
-        <![endif]-->
-
-        <h1><a href="index.html">Wo ist die Ilztalbahn</a> – Über</h1>
-
-        <main>
-            <h2>Was ist das hier?</h2>
-            <p>
-                Diese Webseite zeigt den Fahrplan der <a href="https://ilztalbahn.eu">Ilztalbahn</a> an,
-                und macht sonst nicht viel. Bitte beachtet, dass diese Seite nicht von der Ilztalbahn GmbH,
-                dem Förderverein o.ä. betrieben wird, sondern nur ein privates Projekt einer einzelnen Person
-                ohne jede Verfügbarkeitsgarantie ist.
-            </p>
-
-            <h2>Wie funktioniert das?</h2>
-            <p>
-                Die Ilztalbahn bietet ihren Fahrplan im offenen Standard <a href="https://gtfs.org/">GTFS</a>
-                an. Weil GTFS an einigen Stellen ein manchmal schwer zu benutzender Standard ist (und nicht
-                jeder Besuch dieser Webseite einen Aufruf des GTFS der Ilztalbahn triggern muss), hängt noch
-                ein kleiner Server dazwischen der die relevanten Teile in JSON übersetzt.
-            </p>
-            <p>
-                Der Fahrplan ist jeweils für einen ganzen Sommer gültig, und wird auch währenddessen
-                (soweit ich sehen kann) nicht verändert oder aktualisiert — es gibt also keinerlei Garantie,
-                dass die Daten hier korrekt sind!
-            </p>
-
-            <h2>Gibt es das auch als App?</h2>
-            <p>
-                Aktuell nicht. Wenn ihr die Webseite im Browser offen lasst, sollte sie sich aber auch offline
-                noch automatisch aktualisieren.
-            </p>
-
-            <h2>Werden Verspätungen/etc. angezeigt?</h2>
-            <p>
-                Leider nein. Es gibt für einige Fahrten der Ilztalbahn zwar Echtzeitdaten von der DB, diese
-                sind aber nicht im Datensatz der Ilztalbahn enthalten. Vielleicht kommen die hier noch
-                irgendwann mit rein, solange könnt ihr sie (falls es sie gibt) bei
-                <a href="https://marudor.de/Passau%20Hbf">marudor.de</a> anschauen.
-            </p>
-
-            <h2>Gibts hier Quellcode zu?</h2>
-            <p>
-                Ja klar, hier: <a href="https://stuebinm.eu/git/woitb">git-Repository</a>
-            </p>
-
-            <h2>Datenschutz?</h2>
-            <p>
-                Diese Seite läuft aktuell auf einer kleinen vps bei <a href="https://hetzner.de">Hetzner</a>,
-                geloggt werden aktuell nur Zugriffe, aber keine IP-Adressen.
-            </p>
-
-            <h2>Wer macht das hier?</h2>
-            <p>
-                Auch nur so ein Mensch im Internet. Falls ihr wollt könnt ihr
-                <a href="https://pleroma.stuebinm.eu/stuebinm">auf meinem Pleroma</a> vorbeischauen.
-            </p>
-
-            <h2>Ich hab ne Idee für ein Feature!</h2>
-            <p>
-                Schreibt mich über Pleroma an, vielleicht habe ich Zeit und Lust es einzubauen.
-            </p>
-
-            <h2>Ich hab ein Feature dazuimplementiert!</h2>
-            <p>
-                Cool! Schick mir gerne nen Patch! (Mail ist im Repository)
-            </p>
-        </main>
-        <section>
-            <p style="margin-top:3em;">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="info.html">Weitere Infos</a>)</p>
-        </section>
-
-    </body>
-</html>
diff --git a/hosts/chaski/services/workadventure.nix b/hosts/chaski/services/workadventure.nix
deleted file mode 100644
index c2b704f..0000000
--- a/hosts/chaski/services/workadventure.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{pkgs, lib, config, ...}:
-
-let
-  sources = import ../../../nix/sources.nix {};
-  # why the double outPath? Dunno, just niv things …
-  workadventure-nix = sources.workadventure.outPath.outPath;
-  packageset = (
-    import "${workadventure-nix}/wapkgs.nix" {
-      inherit pkgs lib;
-    }
-  ).workadventure-xce;
-in
-{
-  # not the most intuitive of container names, but "workadventure" is too long
-  containers.wa-space = {
-
-    # we'll need the outer config to get the turn secret inside the container,
-    # and I'm feeling haskelly so config' it is!
-    config = let config' = config; in {config, pkgs, ...}: {
-      imports = [ workadventure-nix ];
-      networking.firewall.allowedTCPPorts = [ 80 ];
-
-      services.workadventure."space.stuebinm.eu" = {
-        inherit packageset;
-
-        nginx = {
-          default = true;
-          domain = "space.stuebinm.eu";
-          maps.serve = true;
-          maps.path = "/workadventuremaps/";
-        };
-
-        frontend.startRoomUrl = "/_/global/space.stuebinm.eu/maps/Floor0/floor0.json";
-
-        commonConfig = {
-          webrtc.stun.url = "stun:space.stuebinm.eu:3478";
-          webrtc.turn = {
-            url = "turn:95.217.159.23";
-            user = "turn";
-            password = config'.services.coturn.static-auth-secret;
-          };
-          jitsi.url = "meet.ffmuc.net";
-        };
-      };
-    };
-
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:14";
-    localAddress6 = "fd00::42:16";
-
-    autoStart = true;
-
-  };
-
-  services.coturn = {
-    enable = true;
-    realm = "turn.hacc.space";
-    # this is a static "secret" that is also compiled into workadventure,
-    # so it seems ok to put it into the nix store
-    static-auth-secret = "1c496cea367f9608c77a754c1ef78079a512e013";
-    use-auth-secret = true;
-    no-cli = true;
-    no-tcp-relay = true;
-
-    cert = config.security.acme.certs."space.stuebinm.eu".directory + "full.pem";
-    pkey = config.security.acme.certs."space.stuebinm.eu".directory + "key.pem";
-  };
-
-
-  services.nginx = {
-    virtualHosts."space.stuebinm.eu" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://[${config.containers.wa-space.localAddress6}]";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-
-  networking.firewall = with config.services.coturn;
-  let
-  ports = [ listening-port tls-listening-port ];
-  in {
-    allowedTCPPorts = [ 80 ] ++ ports;
-    allowedUDPPorts = ports;
-    allowedUDPPortRanges = [
-      { from = min-port; to = max-port; }
-    ];
-  };
-
-}
diff --git a/hosts/cyberbox/configuration.nix b/hosts/cyberbox/configuration.nix
deleted file mode 100644
index 47ffaad..0000000
--- a/hosts/cyberbox/configuration.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
-  # laptop power things
-  services.tlp.enable = true;
-
-  programs.light.enable = true;
-  programs.slock.enable = true;
-
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  networking = {
-  hostName = "cyberbox"; # Define your hostname.
-    networkmanager.enable = true;
-    useDHCP = false;
-    interfaces.enp0s25.useDHCP = true;
-    interfaces.wlp3s0.useDHCP = true;
-  };
-
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # entrypoint for emacs configured with home-manager
-  # (must be available on the user's $PATH)
-  services.xserver.windowManager.session = pkgs.lib.singleton {
-    name = "exwm";
-    start = "emacs -l ${pkgs.writeText "emacs-exwm-load" ''
-      (require 'exwm-config)
-      (exwm-config-default)
-      (defvar inexwm t)
-    ''}";
-  };
-
-  # Enable sound.
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  services.xserver.libinput.enable = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
-
-}
-
diff --git a/hosts/cyberbox/hardware-configuration.nix b/hosts/cyberbox/hardware-configuration.nix
deleted file mode 100644
index a724f02..0000000
--- a/hosts/cyberbox/hardware-configuration.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/70a8042c-c5b5-4faa-8019-0eb042fbdf00";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/e53c9b77-5e00-40a0-bbda-62978b7b3000";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/60cda588-b262-4394-8d38-284109a08a59";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix
deleted file mode 100644
index b2699b7..0000000
--- a/hosts/flora/configuration.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-    # ./services/hedgedoc.nix
-    #./services/daemoniones.nix
-    ./services/nginx.nix
-    ./services/pleroma.nix
-    ./services/cgit.nix
-    # ./services/surveys.nix
-    #./services/picarones.nix
-    ./services/dockerhub.nix
-    ./services/blog.nix
-  ];
-  
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.devices = [ "/dev/sda" ];
-
-  networking = {
-    hostName = "flora";
-    
-    enableIPv6 = true;
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "ens3";
-    };
-    
-    interfaces.ens3.ipv6.addresses = [ {
-      address = "2a01:4f9:c010:df15::1";
-      prefixLength = 64;
-    } ]; 
-    
-    useDHCP = false;
-    interfaces.ens3.useDHCP = true;
-
-    firewall.logRefusedConnections = false;
-    
-
-  };
-
-  services.fail2ban = {
-    enable = true;
-    bantime-increment.enable = true;
-    bantime-increment.overalljails = true;
-    bantime-increment.maxtime = "1312m";
-    ignoreIP = [ "88.133.194.232" ];
-  };
-  
-  services.logrotate = {
-    enable = true;
-    paths.nginx = {
-      path = "/var/log/nginx";
-      frequency = "weekly";
-    };
-  };
-
-  
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system = {
-    stateVersion = "20.09"; # Did you read the comment?
-  };
-
-}
-
diff --git a/hosts/flora/hardware-configuration.nix b/hosts/flora/hardware-configuration.nix
deleted file mode 100644
index 2ce21f4..0000000
--- a/hosts/flora/hardware-configuration.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ modulesPath, config, lib, pkgs, inputs, ... }:
-
-{
-  imports =
-    [ "${modulesPath}/profiles/qemu-guest.nix"
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/5d31cad5-9076-4d2f-93f6-6af817bc368b";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 1;
-}
-
diff --git a/hosts/flora/services/blog.nix b/hosts/flora/services/blog.nix
deleted file mode 100644
index 056a63b..0000000
--- a/hosts/flora/services/blog.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-  services.nginx.virtualHosts."stuebinm.eu" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".root = (import inputs.blog);
-  };
-}
diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix
deleted file mode 100644
index 094bfd5..0000000
--- a/hosts/flora/services/cgit.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{pkgs, config, ...}:
-
-{
-  containers.cgit = { 
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:12";
-    localAddress6 = "fd00::42:13";
-
-    bindMounts."/git" = {
-      hostPath = "/var/git/public";
-      isReadOnly = true;
-    };
-
-    config = {pkgs, config, ...}: {
-      services.lighttpd.enable = true;
-      services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
-      services.lighttpd.cgit = {
-        enable = true;
-        subdir = "git";
-        configText = ''
-          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
-          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-          cache-size=1000
-          logo=/git/cgit.png
-          favicon=/git/favicon.ico
-
-          # take css from an assumed repo `config`
-          css=/git/config/plain/cgit.css
-
-          # remove .git extensions from repo names
-          remove-suffix=1
-
-          # readme formats which may be parsed
-          readme=:README.md
-          readme=:README
-          readme=:README.txt
-          readme=:README.org
-
-          # allow cloning repos
-          enable-http-clone=1
-                  
-          enable-follow-links=1
-          enable-html-serving=1
-          enable-index-owner=0
-
-          mimetype.css=text/css
-          mimetype.jpg=image/jpeg
-          mimetype.jpeg=image/jpeg
-          mimetype.pdf=application/pdf
-          mimetype.png=image/png
-          mimetype.svg=image/svg+xml
-
-          # some nice formatting
-          root-title=An Assortment of Stuff
-          root-desc=hand-squished into git repos
-          enable-commit-graph=1
-          enable-log-linecount=1
-          enable-log-filecount=1
-          branch-sort=age
-          # suppress email addresses in html logs
-          noplainemail=1
-
-          # maximum file size for plain blobs in kilobyte
-          max-blob-size=100
-
-          cache-scanrc-ttl=1
-
-          scan-path=/git
-        '';
-      };
-
-      networking.firewall.allowedTCPPorts = [ 80 ];
-    };
-  };
-
-  services.nginx.recommendedProxySettings = true;
-  services.nginx.virtualHosts."stuebinm.eu" = {
-    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  # user for git repo administration
-  users.users.git = {
-    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
-    home = "/var/git";
-    isNormalUser = true;
-    packages = [ pkgs.git ];
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-}
diff --git a/hosts/flora/services/daemoniones.nix b/hosts/flora/services/daemoniones.nix
deleted file mode 100644
index ae9d3cb..0000000
--- a/hosts/flora/services/daemoniones.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, pkgs, ...}:
-
-{
-  systemd.services = 
-    let simpledaemon = name: command: {
-      enable = true;
-      description = name;
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig.Type = "simple";
-      script = command;
-    };
-  in {
-    choclo = simpledaemon "choclo signalling server" "/root/simple-signalling/target/release/chaski -b 127.0.0.1:5000";
-    wasi = simpledaemon "wasi backend" "/root/wasi-minimal/target/release/wasi";
-#    picarones = simpledaemon "picarones backend" "/root/picarones-server/target/release/picarones -b 127.0.0.1:6000";
-  };
-
-  services.nginx = {
-    virtualHosts = 
-      let websocketproxy = addr: {
-        locations."/".proxyPass = addr;
-        forceSSL = true;
-        enableACME = true;
-        locations."/".proxyWebsockets = true;
-      };
-    in {
-      "wasi.stuebinm.eu" = websocketproxy "http://127.0.0.1:9000";
-      "choclo.stuebinm.eu" = websocketproxy "http://127.0.0.1:5000";
-#      "picarones.stuebinm.eu" = websocketproxy "http://127.0.0.1:6000";
-    };
-  };
-
-
-}
diff --git a/hosts/flora/services/dockerhub.nix b/hosts/flora/services/dockerhub.nix
deleted file mode 100644
index c9b84b3..0000000
--- a/hosts/flora/services/dockerhub.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.dockerRegistry = {
-    enable = true;
-    port = 6000;
-    enableRedisCache = false;
-    extraConfig = {
-      storage.maintenance.readonly.enabled = true;
-    };
-  };
-
-  services.nginx.virtualHosts."registry.stuebinm.eu" = {
-    locations."/" = {
-      proxyPass = "http://localhost:6000";
-      proxyWebsockets = true;
-    };
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  services.nginx.clientMaxBodySize = "0";
-}
diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix
deleted file mode 100644
index 038f99f..0000000
--- a/hosts/flora/services/hedgedoc.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: {
-    src = pkgs.fetchgit {
-      url = "https://stuebinm.eu/git/hedgedoc";
-      rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3";
-      sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c";
-    };
-  });
-in
-{
-    # Container containing CodiMD and its database
-  # has its own internal network; needs a reverse-proxy to be reachable from the outside
-  # TODO: persistent memory for pads
-  containers.codimd = { 
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:10";
-    localAddress6 = "fd00::42:11";
-    
-    config = {config, pkgs, ... }: {
-      # open CodiMD port
-      networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ];
-
-      # database (postgres 11), with default database reachable for CodiMD; no imperative config needed!
-      services.postgresql = {
-        enable = true;
-        package = pkgs.postgresql_11;
-        ensureDatabases = [ "codimd" ];
-        ensureUsers = [ {
-          name = "hedgedoc";
-          ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";};
-        } ];
-        # ugly workaround to allow CodiMD to login without password — this service has lots of options,
-        # but apparently not for authentification, which even needs to be forced …
-        authentication = pkgs.lib.mkForce ''
-          # Generated file; do not edit!
-          local all all              trust
-          host  codimd hedgedoc  ::1/18       trust
-          host  codimd codimd ::1/128      trust
-        '';
-      };
-      # CodiMD itself
-      services.hedgedoc = {
-        enable = true;
-        workDir = "/var/codimd/";
-        configuration = {
-          dbURL = "postgres:///codimd";
-          port = 3000;
-          domain = "nix.stuebinm.eu";
-          urlAddPort = false;
-          protocolUseSSL = true;
-          allowPDFExport = true;
-          host = "::";
-          allowEmailRegister = false;
-          allowFreeURL = true;
-          uploadsPath = "/var/codimd/uploads";
-          #email = false;
-        };
-      };
-
-      systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc";
-    };
-  };
-
-    
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  services.nginx.virtualHosts."nix.stuebinm.eu" = {
-    locations."/" = {
-      proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000";
-      proxyWebsockets = true;
-    };
-    forceSSL = true;
-    enableACME = true;
-  };
-}
diff --git a/hosts/flora/services/nginx.nix b/hosts/flora/services/nginx.nix
deleted file mode 100644
index bbcacb7..0000000
--- a/hosts/flora/services/nginx.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  services.nginx = {
-    enable = true;
-    
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-    recommendedProxySettings = true;
-
-    appendHttpConfig = ''
-      add_header Permissions-Policy "interest-cohort=()";
-    '';
-  };
-}
diff --git a/hosts/flora/services/picarones.nix b/hosts/flora/services/picarones.nix
deleted file mode 100644
index c2e3c7b..0000000
--- a/hosts/flora/services/picarones.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{config, pkgs, ...}:
-let
-  source = builtins.fetchGit {
-    url = "https://stuebinm.eu/git/picarones/";
-    rev = "0596b9f6c561daa67945adb81570efd30650dffd";
-  };
-in
-{
-
-  imports = [ source.outPath ];
-
-  services.picarones = {
-    enable = true;
-    frontend = {
-      enable = true;
-      domain = "picarones.stuebinm.eu";
-      proxyBackend = true;
-      config = {
-        enableACME = true;
-        forceSSL = true;
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/hosts/flora/services/pleroma.nix b/hosts/flora/services/pleroma.nix
deleted file mode 100644
index e0f60ed..0000000
--- a/hosts/flora/services/pleroma.nix
+++ /dev/null
@@ -1,178 +0,0 @@
-{config, pkgs, inputs, ...}:
-
-
-let
-  domain = "pleroma.stuebinm.eu";
-in
-{
-
-  containers.pleroma = {
-    autoStart = true;
-    privateNetwork = true;
-    
-    hostAddress = "192.168.42.30";
-    localAddress = "192.168.42.31";
-    hostAddress6 = "fd00::42:30";
-    localAddress6 = "fd00::42:31";
-    
-    
-    config = {pkgs, config, ...}: {
-      
-      # generating the manual will fail when mixing nixos channels,
-      # so disable it here or this won't build at all.
-      documentation.enable = false;
-      
-      # pleroma has a cli tool for configuration
-      environment.systemPackages = [ pkgs.dnsutils ];
-    
-      services.pleroma = {
-        enable = true;
-
-
-        # package = (import inputs.nixpkgs-unstable {}).pleroma;
-        
-        # this is barely necessary at this point — all that's
-        # set in here is the default_signer for joken, and the
-        # secret_key_base and signing_salt for phoenix.
-        secretConfigFile = "/var/lib/pleroma/secrets.exs";
-        
-        # for a list of available config options, see
-        # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/
-        # 
-        # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo)
-        # are better documented in their respective libraries (in this
-        # case, see the documentation for Ecto on Adapters).
-        configs = [ ''
-          import Config
-
-          config :pleroma, Pleroma.Web.Endpoint,
-            url: [host: "${domain}", scheme: "https", port: 443],
-            http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000]
-
-          config :pleroma, :instance,
-            name: "Pleroma",
-            limit: 5000,
-            registrations_open: false,
-            federating: true,
-            healthcheck: true,
-            allow_relay: true
-
-          config :pleroma, :media_proxy,
-            enabled: false,
-            redirect_on_failure: true
-
-          config :pleroma, Pleroma.Upload,
-            filters: [
-                Pleroma.Upload.Filter.Exiftool,
-                Pleroma.Upload.Filter.AnonymizeFilename,
-                Pleroma.Upload.Filter.Dedupe
-            ]
-            
-          config :pleroma, Pleroma.Uploaders.Local,
-            uploads: "/var/lib/pleroma/uploads"
-
-          config :pleroma, Pleroma.Repo,
-            adapter: Ecto.Adapters.Postgres,
-            username: "pleroma",
-            database: "pleroma",
-            socket_dir: "/run/postgresql",
-            pool_size: 10,
-            prepare: :named,
-            parameters: [
-                plan_cache_mode: "force_custom_plan"
-            ]
-
-
-
-          config :pleroma, :database, rum_enabled: false
-          config :pleroma, configurable_from_database: false
-
-          config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
-          
-        '' ];
-      };
-
-      # otherwise, the exiftool will fail to run
-      systemd.services.pleroma.path = [ pkgs.exiftool ];
-          
-      services.postgresql = {
-        enable = true;
-        package = pkgs.postgresql_12;
-        
-        ensureDatabases = [ "pleroma" ];
-        ensureUsers = [ {
-          name = "pleroma";
-          ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES";
-        } ];
-        
-        # give pleroma access. must be done with lib.mkForce, for some reason
-        authentication = pkgs.lib.mkForce ''
-          # Generated file; do not edit!
-          local all all              trust
-          host  pleroma pleroma ::1/128      trust
-        '';
-        
-        # pleroma wants to do some initial config on startup, which it
-        # can't do by itself since those needs superuser access
-        #
-        # unfortunatly, this is executed /before/ the database is created,
-        # i.e. we have to create user and database by hand, even though
-        # they would otherwise created by ensureUsers / ensureDatabse.
-        # Using those does still prevent us from accidentally deleting
-        # them, though (but not from deleting the database's content!)
-        initialScript = pkgs.writeScript "postgres-pleroma-initial" ''
-          CREATE USER pleroma;
-          CREATE DATABASE pleroma OWNER pleroma;
-          \c pleroma;
-          --Extensions made by ecto.migrate that need superuser access
-          CREATE EXTENSION IF NOT EXISTS citext;
-          CREATE EXTENSION IF NOT EXISTS pg_trgm;
-          CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-        '';
-      };
-        
-      networking.firewall.allowedTCPPorts = [ 4000 10022 ];
-    };
-  };
-  
-  # give the container access to the external internet (necessary for
-  # fetching content from other instances). Doesn't appear to work with
-  # IPv6, though ...
-  networking.nat = {
-    enable = true;
-    internalInterfaces = [ "ve-pleroma" ];
-    externalInterface = "ens3";
-    
-  };
-  networking.firewall.allowedTCPPorts = [ 10022 ];
-  
-  services.nginx.virtualHosts."${domain}" = {
-    forceSSL = true;
-    enableACME = true;
-    
-    locations."/" = {
-      proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
-      proxyWebsockets = true;
-      # these headers are in the example config in the NixOS manual.
-      # take some time to figure out what they all do, and if these
-      # are necessary
-      extraConfig = ''
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
-        add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
-        if ($request_method = OPTIONS) {
-            return 204;
-        }
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Permitted-Cross-Domain-Policies none;
-        add_header X-Frame-Options DENY;
-        add_header X-Content-Type-Options nosniff;
-        add_header Referrer-Policy same-origin;
-        add_header X-Download-Options noopen;
-        client_max_body_size 16m;
-      '';
-    };
-  };
-}
-
diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix
deleted file mode 100644
index befa673..0000000
--- a/hosts/flora/services/surveys.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{pkgs, config, ...}:
-
-let survey = pkgs.fetchgit {
-      url = "https://stuebinm.eu/git/slightly-better-surveys";
-      rev = "c255269db0c739400b62d4c4041e3238b1045d22";
-      sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
-    };
-in
-{
-  services.nginx.virtualHosts."survey.stuebinm.eu" = {
-    locations."/".root = survey.outPath + "/site";
-    locations."/upload".proxyPass = "http://localhost:8080";
-
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  services.nginx.appendHttpConfig = ''
-    types {
-        application/wasm wasm;
-    }
-  '';
-}
diff --git a/pkgs/default.nix b/pkgs/default.nix
deleted file mode 100644
index 0017eda..0000000
--- a/pkgs/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ ... }:
-
-let
-  sources = import ../nix/sources.nix;
-  pkgs = import sources.nixpkgs {};
-
-  callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);
-
-  newpkgs = {
-#    dendrite = callPackage "${sources.nixchen}/pkgs/dendrite" {};
-
-    inherit callPackage;
-    appendOverlays = overlays: (pkgs.appendOverlays overlays) // newpkgs;
-  };
-
-in pkgs // newpkgs
-
diff --git a/pkgs/exneuland.nix b/pkgs/exneuland.nix
deleted file mode 100644
index 9cd4c71..0000000
--- a/pkgs/exneuland.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-let
-  sources = import ../nix/sources.nix {};
-in
-
-with import sources.nixpkgs {};
-
-let
-  packages = beam.packagesWith beam.interpreters.erlang;
-  src = fetchFromGitLab {
-    owner = "hexchen";
-    repo = "exneuland";
-    rev = "main";
-    sha256 = "0zh1vvjhzaymlngg5armhp6xqrdjmnd29hpf7c3ci03h3rg4snbq";
-  };
-
-  pname = "exneuland";
-  version = "0.0.1";
-  mixEnv = "prod";
-
-  mixDeps = packages.fetchMixDeps {
-    pname = "mix-deps-${pname}";
-    inherit src mixEnv version;
-    sha256 = "0nyips2ky6rmgq3xdhrhg4fnw4m2pmck6p1amw9m7qisdqlxhv25";
-  };
-
-in (packages.mixRelease.override {
-  elixir = (import sources.nixpkgs-unstable {}).elixir_1_12;
-}) {
-  inherit src pname version mixEnv mixDeps;
-
-  buildInputs = [ rebar3 protobuf ];
-}
-- 
cgit v1.2.3