site-config: dedupe cross-host values, fix stale dark-reader urls, drop desktop 1g hugepages

new site-config.nix holds values previously duplicated across hosts:
  domain, old_domain, contact_email, timezone, binary_cache (url + pubkey),
  dns_servers, lan (cidr + gateway), hosts.{muffin,yarn} (ip/alias/ssh_host_key),
  ssh_keys.{laptop,desktop,ci_deploy}.

threaded through specialArgs on all three hosts + home-manager extraSpecialArgs +
homeConfigurations.primary + serverLib. service-configs.nix now takes
{ site_config } as a function arg and drops its https namespace; per-service
domains (gitea/matrix/ntfy/mollysocket/livekit/firefox-sync/grafana) are
derived from site_config.domain. ~15 service files and 6 vm tests migrated.

breakage fixes rolled in:
 - home/progs/zen/dark-reader.nix: 5 stale *.gardling.com entries in
   disabledFor rewritten to *.sigkill.computer (caddy 301s the old names so
   these never fired and the new sigkill urls were getting dark-reader applied)
 - modules/desktop-common.nix: drop unused hugepagesz=1G/hugepages=3
   kernelParams (no consumer on mreow or yarn; xmrig on muffin still reserves
   its own via services/monero/xmrig.nix)

verification: muffin toplevel is bit-identical to pre-refactor baseline.
mreow/yarn toplevels differ only in boot.json kernelParams + darkreader
storage.js (nix-diff verified). deployGuardTest and fail2banVaultwardenTest
(latter exercises site_config.domain via bitwarden.nix) pass.

tests/deploy-guard.nix

@@ -12,10 +12,10 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../site-config.nix;
+  baseServiceConfigs = import ../hosts/muffin/service-configs.nix { site_config = baseSiteConfig; };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
-    https.domain = "test.local";
   };
 
   alwaysOk = pkgs.writeShellApplication {

tests/fail2ban/gitea.nix

@@ -5,7 +5,10 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../../site-config.nix;
+  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix {
+    site_config = baseSiteConfig;
+  };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
     gitea = {

tests/fail2ban/immich.nix

@@ -5,10 +5,12 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../../site-config.nix;
+  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix {
+    site_config = baseSiteConfig;
+  };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
-    https.domain = "test.local";
     ports.private.immich = {
       port = 2283;
       proto = "tcp";

tests/fail2ban/jellyfin.nix

@@ -5,10 +5,12 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../../site-config.nix;
+  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix {
+    site_config = baseSiteConfig;
+  };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
-    https.domain = "test.local";
     jellyfin = {
       dataDir = "/var/lib/jellyfin";
       cacheDir = "/var/cache/jellyfin";
@@ -33,6 +35,7 @@ let
         (import ../../services/jellyfin/jellyfin.nix {
           inherit config pkgs;
           lib = testLib;
+          site_config = baseSiteConfig;
           service_configs = testServiceConfigs;
         })
       ];

tests/fail2ban/vaultwarden.nix

@@ -5,10 +5,12 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../../site-config.nix;
+  baseServiceConfigs = import ../../hosts/muffin/service-configs.nix {
+    site_config = baseSiteConfig;
+  };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
-    https.domain = "test.local";
   };
 
   testLib = lib.extend (
@@ -28,6 +30,7 @@ let
         (import ../../services/bitwarden.nix {
           inherit config pkgs;
           lib = testLib;
+          site_config = baseSiteConfig;
           service_configs = testServiceConfigs;
         })
       ];

tests/minecraft.nix

@@ -6,10 +6,10 @@
   ...
 }:
 let
-  baseServiceConfigs = import ../hosts/muffin/service-configs.nix;
+  baseSiteConfig = import ../site-config.nix;
+  baseServiceConfigs = import ../hosts/muffin/service-configs.nix { site_config = baseSiteConfig; };
   testServiceConfigs = lib.recursiveUpdate baseServiceConfigs {
     zpool_ssds = "";
-    https.domain = "test.local";
     minecraft.parent_dir = "/var/lib/minecraft";
     minecraft.memory = rec {
       heap_size_m = 1000;
@@ -31,6 +31,7 @@ testPkgs.testers.runNixOSTest {
 
   node.specialArgs = {
     inherit inputs lib;
+    site_config = baseSiteConfig;
     service_configs = testServiceConfigs;
     username = "testuser";
   };