nuc: networking updates

hosts/nuc/default.nix

@@ -54,6 +54,8 @@
     helix
     lsof
     btdu
+    tcpdump
+    mtr
   ];
   programs.git = {
     enable = true;

hosts/nuc/modules/backup/default.nix

@@ -19,6 +19,11 @@
         "/var/log"
         "/nix/persist"
       ];
+      # don't backup these for now
+      exclude_patterns = [
+        "/var/lib/movies"
+        "/var/lib/shows"
+      ];
       repositories = [
         {
           label = "nuc";

hosts/nuc/modules/networks/default.nix

@@ -34,7 +34,10 @@
         routeConfig.Gateway = "192.168.42.1";
       }];
       networkConfig = {
-        DNS = "192.168.42.1";
+        DNS = [
+          "9.9.9.9"
+          "149.112.112.112"
+        ];
         LLDP = true;
         EmitLLDP = "nearest-bridge";
         DNSSEC = false;

hosts/nuc/modules/torrent/default.nix

@@ -78,7 +78,7 @@ in
       Group = cfg.user;
       Restart = "always";
 
-      PrivateNetwork = true;
+      # PrivateNetwork = true;
       NetworkNamespacePath = "/var/run/netns/torrent";
 
       ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}";
@@ -88,9 +88,9 @@ in
 
       # Avoid using nscd (leaks dns)
       InaccessiblePaths = [ "/run/nscd" ];
-      # BindReadOnlyPaths = [
+      BindReadOnlyPaths = [
-      #   "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf"
+        "/etc/netns/torrent/resolv.conf:/etc/resolv.conf"
-      # ];
+      ];
 
       # systemd-analyze --no-pager security qbittorrent.service
       CapabilityBoundingSet = null;