not going to make this whole thing about complaining, so I would like to say that I did eventually get cgit working, which means that I have a way of downloading tarballs of my self-hosted git repos using http, which means I can create my own nix channel containing all my machine configs, which means that /etc/nixos/configuration.nix on each machine can now converge on looking something like

{ imports = [ ./hardware-configuration.nix (import <telent-nixos-config>).hosts.noetbook ]; }

This channel is for my personal-but-not-really-private stuff that I wouldn't mind horribly if someone finds it (so, no passwords) but also wouldn't be a whole lot of use to anyone else either (my ip addresses and a description of which services run on which machines). Going to add a second channel for overlays and packages that other people might legitimately benefit from access to, once I've have a think about where to host that.