networking updates, too many to write down

hosts/falkenstein-1/default.nix

@@ -4,7 +4,7 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      # ./modules/backup
+      ./modules/backup
       ./modules/fail2ban
       ./modules/mail
       ./modules/networks
@@ -31,6 +31,7 @@
   time.timeZone = "Europe/Berlin";
 
   i18n.defaultLocale = "en_US.UTF-8";
+  systemd.package = pkgs.systemd.override { withHomed = false; };
 
   environment.systemPackages = with pkgs; [
     vim

hosts/falkenstein-1/modules/backup/default.nix

@@ -13,7 +13,7 @@
 
       repositories = [
         {
-          path = "ssh://root@192.168.10.2/mnt/backup/falkenstein";
+          path = "ssh://root@192.168.42.2/mnt/backup/falkenstein";
           label = "nuc";
         }
       ];

hosts/falkenstein-1/modules/mail/default.nix

@@ -118,9 +118,10 @@ in
       sslServerKey = "/var/lib/acme/${hostname}/key.pem";
       protocols = [ "imap" "sieve" ];
       mailPlugins = {
+        globally.enable = [ "listescape" ];
         perProtocol = {
           imap = {
-            enable = [ "imap_sieve" ];
+            enable = [ "imap_sieve" "imap_filter_sieve" ];
           };
           lmtp = {
             enable = [ "sieve" ];
@@ -168,6 +169,10 @@ in
         
           service_count = 1
         }
+        namespace inbox {
+          separator = /
+          inbox = yes
+        }
         service lmtp {
           unix_listener dovecot-lmtp {
             group = postfix

hosts/nuc/default.nix

@@ -6,7 +6,7 @@
       ./hardware-configuration.nix
       # ./modules/adguard
       ./modules/networks
-      # ./modules/backup
+      ./modules/backup
       ./modules/grafana
       ./modules/prometheus
       ./modules/matrix
@@ -22,6 +22,7 @@
     loader.efi.canTouchEfiVariables = true;
     tmp.useTmpfs = true;
   };
+  systemd.package = pkgs.systemd.override { withHomed = false; };
   services.btrfs.autoScrub.enable = true;
 
   sops.secrets."store/secretkey" = { };

hosts/thinkpad/default.nix

@@ -1,10 +1,10 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, agenix, ... }:
 {
 
   imports =
     [
       ./hardware-configuration.nix
-      # ./modules/backup
+      ./modules/backup
       ./modules/networks
       ./modules/greetd
       ./modules/virtualisation
@@ -33,6 +33,7 @@
     kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
     tmp.useTmpfs = true;
   };
+  systemd.package = pkgs.systemd.override { withHomed = false; };
 
   environment.persistence."/nix/persist/system" = {
     directories = [
@@ -83,6 +84,7 @@
     noto-fonts-cjk
     noto-fonts-emoji
     dejavu_fonts
+    fira
   ];
 
   # Enable sound.
@@ -114,16 +116,18 @@
   programs.light.enable = true;
 
   services = {
-    homed.enable = true;
+    # homed.enable = true;
     blueman.enable = true; # bluetooth
     devmon.enable = true; # automount stuff
-    printing = {
-      enable = true;
-      browsedConf = ''
-        BrowsePoll cups.agdsn.network
-        LocalQueueNamingRemoteCUPS RemoteName
-      '';
-    };
+    # printing = {
+    #   enable = true;
+    #   stateless = true;
+    #   browsedConf = ''
+    #     BrowsePoll tomate.local
+    #     BrowsePoll cups.agdsn.network
+    #     LocalQueueNamingRemoteCUPS RemoteName
+    #   '';
+    # };
     avahi = {
       # autodiscover printers
       enable = true;
@@ -192,10 +196,24 @@
     pciutils
     lm_sensors
     sbctl
-    deploy-rs
     man-pages
+    openssl
+    cups
+    agenix.packages.x86_64-linux.default
   ];
   programs.java.enable = true;
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark-qt;
+  };
+  security.wrappers.etherape = {
+    source = "${pkgs.etherape}/bin/etherape";
+    capabilities = "cap_net_raw,cap_net_admin+eip";
+    owner = "root";
+    group = "wireshark"; # too lazy to create a new one
+    permissions = "u+rx,g+x";
+  };
+
   documentation.dev.enable = true;
 
 

hosts/thinkpad/modules/backup/default.nix

@@ -16,7 +16,7 @@
       repositories = [
         {
           label = "nuc";
-          path = "ssh://root@192.168.10.2/mnt/backup/thinkpad";
+          path = "ssh://root@192.168.42.2/mnt/backup/thinkpad";
         }
       ];
       exclude_patterns = [