Remove some SSH keys

helpers.nix

@@ -12,9 +12,64 @@ with inputs.nixpkgs.lib; {
     extraModules ? [],
   }: let
     system = platform;
-
     secrets = builtins.toString inputs.secrets;
 
+    pull-requests = {
+      fluffychat = import nixpkgs-pr-fluffychat {
+        inherit system;
+        overlays = [
+          (final: prev: {
+            fluffychat = prev.fluffychat.overrideAttrs (prevAttrs: rec {
+              desktopItems = [
+                ((builtins.elemAt prevAttrs.desktopItems 0).override {startupWMClass = "fluffychat";})
+              ];
+            });
+          })
+        ];
+      };
+
+      feishin = import nixpkgs-pr-feishin {
+        inherit system;
+        overlays = [
+          (final: prev: {
+            feishin = prev.feishin.overrideAttrs (prevAttrs: rec {
+              pname = "feishin";
+              version = "0.18.0";
+
+              src = prev.fetchFromGitHub {
+                owner = "jeffvli";
+                repo = "feishin";
+                rev = "v${version}";
+                hash = "sha256-4gcS7Vd7LSpEByO2Hlk6nb8V2adBPh5XwWGCu2lwOA4=";
+              };
+
+              pnpmDeps = prev.pnpm_10.fetchDeps {
+                inherit pname version src;
+                hash = "sha256-1MGxrUcfvazxAubaYAsQuulUKm05opWOIC7oaLzjr7o=";
+              };
+            });
+          })
+        ];
+      };
+    };
+
+    userPackages = final: prev: {
+      # WebOne HTTP proxy.
+      webone = prev.pkgs.callPackage ./packages/webone {};
+      # Yazi Gruvbox theme.
+      yazi-flavour-gruvbox-dark = prev.pkgs.callPackage ./packages/yazi-flavour-gruvbox {};
+      # Latest FluffyChat.
+      fluffychat = pull-requests.fluffychat.fluffychat;
+      # Latest Feishin.
+      feishin = pull-requests.feishin.feishin;
+      # PrismLauncher with Temurin JRE.
+      prismlauncher = prev.prismlauncher.override {
+        jdks = [
+          prev.pkgs.temurin-jre-bin
+        ];
+      };
+    };
+
     pkgs = import nixpkgs {
       inherit system;
       config = {
@@ -24,9 +79,12 @@ with inputs.nixpkgs.lib; {
           "dotnet-runtime-6.0.36"
         ];
       };
+      overlays = [
+        userPackages
+      ];
     };
 
-    pkgs-deploy-rs = import nixpkgs {
+    deployPkgs = import nixpkgs {
       inherit system;
       overlays = [
         deploy-rs.overlays.default
@@ -38,13 +96,6 @@ with inputs.nixpkgs.lib; {
         })
       ];
     };
-
-    userPackages = {
-      fluffychat = (import nixpkgs-pr-fluffychat {inherit system;}).fluffychat;
-      feishin = (import nixpkgs-pr-feishin {inherit system;}).feishin;
-      webone = pkgs.callPackage ./packages/webone {};
-      yazi-flavour-gruvbox-dark = pkgs.callPackage ./packages/yazi-flavour-gruvbox {};
-    };
   in
     {
       nixosConfigurations.${hostname} = nixosSystem {
@@ -52,13 +103,11 @@ with inputs.nixpkgs.lib; {
 
         specialArgs = {
           inherit
-            nixpkgs
             hostname
             platform
             suite
             user
             secrets
-            userPackages
             ; # Inherit variables.
         };
 
@@ -73,13 +122,15 @@ with inputs.nixpkgs.lib; {
           ++ extraModules;
       };
     }
-    // optionalAttrs (suite != "desktop") {
+    // optionalAttrs ((suite == "server")
+      || (suite == "vm")
+      || (suite == "lxc")) {
       deploy.nodes.${hostname} = {
         hostname = "${hostname}.local";
         profiles.system = {
           user = "root";
           sshUser = user;
-          path = pkgs-deploy-rs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${hostname};
+          path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${hostname};
         };
       };
     };

hosts/weebill.nix

@@ -42,6 +42,7 @@
       };
     };
   };
+
   # Open ports for services.
   networking.firewall = {
     allowedUDPPorts = [

modules/webone.nix

@@ -1,7 +1,7 @@
 {
   config,
   lib,
-  userPackages,
+  pkgs,
   ...
 }:
 with lib; let
@@ -47,13 +47,13 @@ in {
       startLimitIntervalSec = 5;
       startLimitBurst = 3;
       environment = {
-        OPENSSL_CONF = "${userPackages.webone}/lib/webone/openssl_webone.cnf";
+        OPENSSL_CONF = "${pkgs.webone}/lib/webone/openssl_webone.cnf";
       };
       serviceConfig = {
         Type = "simple";
         User = "webone";
         Group = "webone";
-        ExecStart = "${userPackages.webone}/bin/webone";
+        ExecStart = "${pkgs.webone}/bin/webone";
         TimeoutStopSec = "10";
         Restart = "on-failure";
         RestartSec = "5";

overlay.nix

@@ -0,0 +1,43 @@
+inputs:
+with inputs; (super: self: {
+  webone = super.pkgs.callPackage ./packages/webone {};
+  yazi-flavour-gruvbox-dark = super.pkgs.callPackage ./packages/yazi-flavour-gruvbox {};
+  pr.fluffychat = import nixpikgs-pr-fluffychat {inherit system;};
+
+  pr.feishin = import nixpkgs-pr-feishin {
+    inherit system;
+    overlays = [
+      (self: super: {
+        feishin = super.feishin.overrideAttrs (old: rec {
+          pname = "feishin";
+          version = "0.18.0";
+
+          src = super.fetchFromGitHub {
+            owner = "jeffvli";
+            repo = "feishin";
+            rev = "v${version}";
+            hash = "sha256-4gcS7Vd7LSpEByO2Hlk6nb8V2adBPh5XwWGCu2lwOA4=";
+          };
+
+          pnpmDeps = super.pnpm_10.fetchDeps {
+            inherit pname version src;
+            hash = "sha256-1MGxrUcfvazxAubaYAsQuulUKm05opWOIC7oaLzjr7o=";
+          };
+        });
+      })
+    ];
+  };
+
+  deploy-rs = import nixpkgs {
+    inherit system;
+    overlays = [
+      deploy-rs.overlays.default
+      (self: super: {
+        deploy-rs = {
+          inherit (pkgs) deploy-rs;
+          lib = super.deploy-rs.lib;
+        };
+      })
+    ];
+  };
+})

suites/common.nix

@@ -1,6 +1,4 @@
 {
-  nixpkgs,
-  userPackages,
   pkgs,
   lib,
   hostname,
@@ -20,9 +18,6 @@ with lib; {
   # Add @wheel to trusted-users for remote deployments.
   nix.settings.trusted-users = ["root" "@wheel"];
 
-  # Set $NIX_PATH to flake input.
-  nix.nixPath = ["nixpkgs=${nixpkgs}"];
-
   # Enable redistributable firmware.
   hardware.enableRedistributableFirmware = true;
 
@@ -77,7 +72,7 @@ with lib; {
       # yazi cd on quit.
       function y
         set tmp (mktemp -t "yazi-cwd.XXXXXX")
-        ${pkgs.yazi}/bin/yazi $argv --cwd-file="$tmp"
+        yazi $argv --cwd-file="$tmp"
         if read -z cwd < "$tmp"; and [ -n "$cwd" ]; and [ "$cwd" != "$PWD" ]
           builtin cd -- "$cwd"
         end
@@ -89,10 +84,10 @@ with lib; {
   # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
   programs.bash = {
     interactiveShellInit = ''
-      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+      if [[ $(ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
       then
         shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
-        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+        exec fish $LOGIN_OPTION
       fi
     '';
   };
@@ -107,19 +102,26 @@ with lib; {
 
     nixvim = {
       enable = true;
+      defaultEditor = true;
 
+      # For telescope.
       dependencies.ripgrep.enable = true;
 
+      # Space as leader.
       globals.mapleader = " ";
 
       keymaps = [
         {
-          key = "<Leader>tt";
+          key = "<Leader>t";
           action = "<cmd> ToggleTerm direction=float <CR>";
         }
         {
-          key = "<Leader>xx";
-          action = "<cmd> Trouble diagnostics toggle focus=false<CR>";
+          key = "<Leader>x";
+          action = "<cmd> Trouble diagnostics toggle focus=false <CR>";
+        }
+        {
+          key = "<Leader>y";
+          action = "<cmd> Yazi <CR>";
         }
       ];
 
@@ -151,6 +153,7 @@ with lib; {
         toggleterm.enable = true;
         trouble.enable = true;
         web-devicons.enable = true;
+        yazi.enable = true;
 
         lualine = {
           enable = true;
@@ -221,7 +224,7 @@ with lib; {
 
   programs.yazi = {
     enable = true;
-    flavors."gruvbox-dark.yazi" = userPackages.yazi-flavour-gruvbox-dark;
+    flavors."gruvbox-dark.yazi" = pkgs.yazi-flavour-gruvbox-dark;
     settings.theme = {
       flavor.dark = "gruvbox-dark";
     };

suites/desktop.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  userPackages,
   lib,
   ...
 }:
@@ -48,8 +47,8 @@ with lib; {
   services.xserver = {
     enable = true;
 
-    excludePackages = with pkgs; [
-      xterm # Don't install xterm.
+    excludePackages = [
+      pkgs.xterm # Don't install xterm.
     ];
 
     displayManager.gdm.enable = true;
@@ -105,6 +104,8 @@ with lib; {
     celluloid
     deploy-rs
     discord
+    feishin
+    fluffychat
     ghostty
     gimp3
     glabels-qt
@@ -118,27 +119,12 @@ with lib; {
     merriweather-sans
     nerd-fonts.fira-code
     obsidian
+    prismlauncher
+    prismlauncher
     protonmail-desktop
     signal-desktop
     smile
-    userPackages.feishin
     yubioath-flutter
-
-    # PrismLauncher with temurin jre.
-    (prismlauncher.override {
-      jdks = [
-        temurin-jre-bin
-      ];
-    })
-
-    # FluffyChat 2.0.0 with fixed desktop item.
-    (userPackages.fluffychat.overrideAttrs (
-      finalAttrs: previousAttrs: {
-        desktopItems = [
-          ((builtins.elemAt previousAttrs.desktopItems 0).override {startupWMClass = "fluffychat";})
-        ];
-      }
-    ))
   ];
 
   # Allow opening terminal applications from gnome app launcher.

suites/server.nix

@@ -23,8 +23,6 @@ with lib; {
   users.users.${user} = {
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren"
       "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC"
     ];
     extraGroups = mkIf (user == "docker") ["docker"]; # if docker is enabled.