vm doesn't need the index

flake.lock

@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1714136352,
-        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
+        "lastModified": 1715290355,
+        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
+        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
         "type": "github"
       },
       "original": {
@@ -216,11 +216,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714679908,
-        "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
+        "lastModified": 1715486357,
+        "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
+        "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
         "type": "github"
       },
       "original": {
@@ -317,11 +317,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714273701,
-        "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=",
+        "lastModified": 1715483403,
+        "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "941c4973c824509e0356be455d89613611f76c8a",
+        "rev": "f9027322f48b427da23746aa359a6510dfcd0228",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1714635257,
-        "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
+        "lastModified": 1715447595,
+        "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
+        "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652",
         "type": "github"
       },
       "original": {
@@ -376,6 +376,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-systemd-256": {
+      "locked": {
+        "lastModified": 1714430104,
+        "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=",
+        "owner": "nikstur",
+        "repo": "nixpkgs",
+        "rev": "12215c110b0f3a652953d215e827fd4b56e0f536",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nikstur",
+        "ref": "systemd-256",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "pfersel": {
       "inputs": {
         "nixpkgs": [
@@ -457,6 +473,7 @@
         "nix-colors": "nix-colors",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-systemd-256": "nixpkgs-systemd-256",
         "pfersel": "pfersel",
         "purge": "purge",
         "trucksimulatorbot": "trucksimulatorbot"

flake.nix

@@ -3,6 +3,7 @@
   inputs = {
 
     nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixpkgs-systemd-256.url = "github:nikstur/nixpkgs/systemd-256";
 
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
@@ -50,6 +51,7 @@
   outputs =
     { self
     , nixpkgs
+    , nixpkgs-systemd-256
     , home-manager
     , dns
     , nix-index-database
@@ -138,8 +140,7 @@
           specialArgs = attrs;
           modules = [
             ./hosts/vm
-            ./shared
-            nix-index-database.nixosModules.nix-index
+            ./shared/systemd.nix
           ];
         };
         iso = nixpkgs.lib.nixosSystem {

hosts/nuc/default.nix

@@ -54,6 +54,8 @@
     helix
     lsof
     btdu
+    tcpdump
+    mtr
   ];
   programs.git = {
     enable = true;

hosts/nuc/modules/backup/default.nix

@@ -19,6 +19,11 @@
         "/var/log"
         "/nix/persist"
       ];
+      # don't backup these for now
+      exclude_patterns = [
+        "/var/lib/movies"
+        "/var/lib/shows"
+      ];
       repositories = [
         {
           label = "nuc";

hosts/nuc/modules/networks/default.nix

@@ -34,7 +34,10 @@
         routeConfig.Gateway = "192.168.42.1";
       }];
       networkConfig = {
-        DNS = "192.168.42.1";
+        DNS = [
+          "9.9.9.9"
+          "149.112.112.112"
+        ];
         LLDP = true;
         EmitLLDP = "nearest-bridge";
         DNSSEC = false;

hosts/nuc/modules/torrent/default.nix

@@ -78,7 +78,7 @@ in
       Group = cfg.user;
       Restart = "always";
 
-      PrivateNetwork = true;
+      # PrivateNetwork = true;
       NetworkNamespacePath = "/var/run/netns/torrent";
 
       ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}";
@@ -88,9 +88,9 @@ in
 
       # Avoid using nscd (leaks dns)
       InaccessiblePaths = [ "/run/nscd" ];
-      # BindReadOnlyPaths = [
-      #   "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf"
-      # ];
+      BindReadOnlyPaths = [
+        "/etc/netns/torrent/resolv.conf:/etc/resolv.conf"
+      ];
 
       # systemd-analyze --no-pager security qbittorrent.service
       CapabilityBoundingSet = null;

hosts/thinkpad/default.nix

@@ -60,6 +60,10 @@
     upower.enable = true;
     fwupd.enable = true; # firmware updates
     btrfs.autoScrub.enable = true;
+    mullvad-vpn = {
+      enable = true;
+      enableExcludeWrapper = false;
+    };
   };
   hardware.bluetooth = {
     enable = true;

hosts/thinkpad/modules/networks/uni.nix

@@ -23,6 +23,7 @@
           identity="rose159e@tu-dresden.de"
           password="@EDUROAM_AUTH@"
           phase2="auth=PAP"
+          bssid_ignore=7c:5a:1c:02:3d:ef
         '';
         extraConfig = ''
           scan_ssid=1

hosts/vm/default.nix

@@ -13,6 +13,7 @@
     loader.efi.canTouchEfiVariables = true;
     kernelPackages = pkgs.linuxPackages_latest;
     tmp.useTmpfs = true;
+    initrd.systemd.enable = true;
   };
   networking.hostName = "vm";
   # environment.persistence."/nix/persistent/system" = {
@@ -42,7 +43,7 @@
   };
 
   # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  # services.openssh.enable = true;
 
   users.mutableUsers = false;
   users.users.root = {

shared/systemd.nix

@@ -1,9 +1,9 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, nixpkgs-systemd-256, ... }:
 
 {
   systemd = {
 
-    package = lib.mkDefault (pkgs.systemd.override { withHomed = false; });
+    package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; });
     sleep.extraConfig = ''
       HibernateDelaySec=2h
     '';

users/rouven/modules/packages.nix

@@ -17,6 +17,7 @@
     (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
     gimp
     ffmpeg
+    jellyfin-media-player
 
     # bluetooth
     blueman

users/rouven/modules/ssh/default.nix

@@ -35,6 +35,14 @@ in
         hostname = "login.zih.tu-dresden.de";
         user = "rose159e";
       };
+      "mininet" = {
+        hostname = "internet.netd.cs.tu-dresden.de";
+        user = "root";
+        port = 2133;
+        extraOptions = {
+          ProxyJump = "tud";
+        };
+      };
 
       # iFSR
       "quitte" = {