flake.lock

@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1715290355,
+        "lastModified": 1714136352,
-        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
         "type": "github"
       },
       "original": {
@@ -216,11 +216,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715486357,
+        "lastModified": 1714679908,
-        "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
+        "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
+        "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
         "type": "github"
       },
       "original": {
@@ -317,11 +317,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715483403,
+        "lastModified": 1714273701,
-        "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=",
+        "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "f9027322f48b427da23746aa359a6510dfcd0228",
+        "rev": "941c4973c824509e0356be455d89613611f76c8a",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1715447595,
+        "lastModified": 1714635257,
-        "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=",
+        "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652",
+        "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
         "type": "github"
       },
       "original": {
@@ -376,22 +376,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-systemd-256": {
-      "locked": {
-        "lastModified": 1714430104,
-        "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=",
-        "owner": "nikstur",
-        "repo": "nixpkgs",
-        "rev": "12215c110b0f3a652953d215e827fd4b56e0f536",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nikstur",
-        "ref": "systemd-256",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "pfersel": {
       "inputs": {
         "nixpkgs": [
@@ -473,7 +457,6 @@
         "nix-colors": "nix-colors",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-systemd-256": "nixpkgs-systemd-256",
         "pfersel": "pfersel",
         "purge": "purge",
         "trucksimulatorbot": "trucksimulatorbot"

flake.nix

@@ -3,7 +3,6 @@
   inputs = {
 
     nixpkgs.url = "nixpkgs/nixos-unstable";
-    nixpkgs-systemd-256.url = "github:nikstur/nixpkgs/systemd-256";
 
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
@@ -51,7 +50,6 @@
   outputs =
     { self
     , nixpkgs
-    , nixpkgs-systemd-256
     , home-manager
     , dns
     , nix-index-database
@@ -140,7 +138,8 @@
           specialArgs = attrs;
           modules = [
             ./hosts/vm
-            ./shared/systemd.nix
+            ./shared
+            nix-index-database.nixosModules.nix-index
           ];
         };
         iso = nixpkgs.lib.nixosSystem {

hosts/nuc/default.nix

@@ -54,8 +54,6 @@
     helix
     lsof
     btdu
-    tcpdump
-    mtr
   ];
   programs.git = {
     enable = true;

hosts/nuc/modules/backup/default.nix

@@ -19,11 +19,6 @@
         "/var/log"
         "/nix/persist"
       ];
-      # don't backup these for now
-      exclude_patterns = [
-        "/var/lib/movies"
-        "/var/lib/shows"
-      ];
       repositories = [
         {
           label = "nuc";

hosts/nuc/modules/networks/default.nix

@@ -34,10 +34,7 @@
         routeConfig.Gateway = "192.168.42.1";
       }];
       networkConfig = {
-        DNS = [
+        DNS = "192.168.42.1";
-          "9.9.9.9"
-          "149.112.112.112"
-        ];
         LLDP = true;
         EmitLLDP = "nearest-bridge";
         DNSSEC = false;

hosts/nuc/modules/torrent/default.nix

@@ -78,7 +78,7 @@ in
       Group = cfg.user;
       Restart = "always";
 
-      # PrivateNetwork = true;
+      PrivateNetwork = true;
       NetworkNamespacePath = "/var/run/netns/torrent";
 
       ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}";
@@ -88,9 +88,9 @@ in
 
       # Avoid using nscd (leaks dns)
       InaccessiblePaths = [ "/run/nscd" ];
-      BindReadOnlyPaths = [
+      # BindReadOnlyPaths = [
-        "/etc/netns/torrent/resolv.conf:/etc/resolv.conf"
+      #   "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf"
-      ];
+      # ];
 
       # systemd-analyze --no-pager security qbittorrent.service
       CapabilityBoundingSet = null;

hosts/thinkpad/default.nix

@@ -60,10 +60,6 @@
     upower.enable = true;
     fwupd.enable = true; # firmware updates
     btrfs.autoScrub.enable = true;
-    mullvad-vpn = {
-      enable = true;
-      enableExcludeWrapper = false;
-    };
   };
   hardware.bluetooth = {
     enable = true;

hosts/thinkpad/modules/networks/uni.nix

@@ -23,7 +23,6 @@
           identity="rose159e@tu-dresden.de"
           password="@EDUROAM_AUTH@"
           phase2="auth=PAP"
-          bssid_ignore=7c:5a:1c:02:3d:ef
         '';
         extraConfig = ''
           scan_ssid=1

hosts/vm/default.nix

@@ -13,7 +13,6 @@
     loader.efi.canTouchEfiVariables = true;
     kernelPackages = pkgs.linuxPackages_latest;
     tmp.useTmpfs = true;
-    initrd.systemd.enable = true;
   };
   networking.hostName = "vm";
   # environment.persistence."/nix/persistent/system" = {
@@ -43,7 +42,7 @@
   };
 
   # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
+  services.openssh.enable = true;
 
   users.mutableUsers = false;
   users.users.root = {

shared/systemd.nix

@@ -1,9 +1,9 @@
-{ pkgs, lib, nixpkgs-systemd-256, ... }:
+{ pkgs, lib, ... }:
 
 {
   systemd = {
 
-    package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; });
+    package = lib.mkDefault (pkgs.systemd.override { withHomed = false; });
     sleep.extraConfig = ''
       HibernateDelaySec=2h
     '';

users/rouven/modules/packages.nix

@@ -17,7 +17,6 @@
     (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
     gimp
     ffmpeg
-    jellyfin-media-player
 
     # bluetooth
     blueman

users/rouven/modules/ssh/default.nix

@@ -35,14 +35,6 @@ in
         hostname = "login.zih.tu-dresden.de";
         user = "rose159e";
       };
-      "mininet" = {
-        hostname = "internet.netd.cs.tu-dresden.de";
-        user = "root";
-        port = 2133;
-        extraOptions = {
-          ProxyJump = "tud";
-        };
-      };
 
       # iFSR
       "quitte" = {