From 3b495d8f1359525d95c016eb80f411289f4aaed8 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 19:52:15 +0100
Subject: [PATCH 1/7] user: fix nix lsp and remove some packages

---
 users/rouven/modules/helix/default.nix | 11 +++++++----
 users/rouven/modules/packages.nix      |  5 +----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix
index 2fc2ee1..2c1dafa 100644
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@@ -4,7 +4,8 @@
     gdb
     lldb
     rust-analyzer
-    rnix-lsp
+    nil
+    nixpkgs-fmt
     typst-lsp
     (python3.withPackages (ps: with ps; [
       pyls-isort
@@ -28,14 +29,15 @@
     enable = true;
 
     languages = {
-      language-server.rnix-lsp = {
-        command = "rnix-lsp";
+      language-server.nil = {
+        command = "nil";
+        config = { nil.formatting.command = [ "nixpkgs-fmt" ]; };
       };
       language = [
         {
           name = "nix";
           auto-format = true;
-          language-servers = [ "rnix-lsp" ];
+          language-servers = [ "nil" ];
         }
       ];
     };
@@ -46,6 +48,7 @@
         color-modes = true;
         line-number = "relative";
         cursor-shape.insert = "bar";
+        completion-trigger-len = 0;
         lsp = {
           display-messages = true;
           display-inlay-hints = true;
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index ff2d7ec..ed8bc6c 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -5,6 +5,7 @@
     # essentials
     htop-vim
     lsof
+
     zip
     unzip
     man-pages
@@ -31,7 +32,6 @@
     gomuks
     profanity
     fractal
-    tuba # mastodon client
 
     # games
     prismlauncher
@@ -43,10 +43,7 @@
     bitwarden-cli
 
     # misc
-    hugo
     neofetch # obligatory
-    jetbrains.idea-ultimate #😎
-    croc # send files anywhere
     xournalpp
     libreoffice
     mosh

From 276a49ce31e47649d9388deb2269426a27694b55 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 19:52:52 +0100
Subject: [PATCH 2/7] nuc: disable dnssec

---
 hosts/nuc/modules/networks/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index 5daa117..d985cf5 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -14,7 +14,7 @@
   };
   services.resolved = {
     enable = true;
-    dnssec = "allow-downgrade";
+    # dnssec = "allow-downgrade";
     fallbackDns = [
       "9.9.9.9"
       "149.112.112.112"

From 25ac3402131b38ef3ddde143b36b73d648014ba8 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 19:53:00 +0100
Subject: [PATCH 3/7] small cleanup

---
 hosts/thinkpad/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 5441f94..dfc1a00 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -14,11 +14,6 @@
       ./modules/virtualisation
     ];
 
-  # nixpkgs.hostPlatform = {
-  #   gcc.arch = "tigerlake";
-  #   gcc.tune = "tigerlake";
-  #   system = "x86_64-linux";
-  # };
 
   nix.settings.system-features = [ "gccarch-tigerlake" ];
   systemd.additionalUpstreamSystemUnits = [

From f717779d321f747fbabddbf4bddf7df6f9b0993e Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 19:53:30 +0100
Subject: [PATCH 4/7] trucksimulator-images: move to main domain

---
 flake.lock                                    | 24 +++++++++----------
 hosts/falkenstein/modules/dns/default.nix     | 13 ++++------
 .../modules/trucksimulatorbot/default.nix     | 12 ++++------
 3 files changed, 21 insertions(+), 28 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2de47a7..c90d9c8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709938482,
-        "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
+        "lastModified": 1710062421,
+        "narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
+        "rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709906691,
-        "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
+        "lastModified": 1710040110,
+        "narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
+        "rev": "851fcfd130597c5c91071d46275111522d4fd595",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709703039,
-        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
+        "lastModified": 1709961763,
+        "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
+        "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709987509,
-        "narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=",
+        "lastModified": 1710096282,
+        "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot",
-        "rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0",
+        "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
         "type": "github"
       },
       "original": {
diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 8dffca6..6fb6c1d 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -4,15 +4,11 @@ let
     $TTL 3600
     $ORIGIN rfive.de.
         
-    rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600
-    @ NS ns0.rfive.de.
+    rfive.de.  86400  IN  SOA ns.inwx.de. hostmaster.rfive.de. 2024031009 10800 3600 604800 3600
     @ NS ns.inwx.de.
     @ NS ns2.inwx.de.
     @ NS ns3.inwx.eu.
 
-    ns0 A 23.88.121.184
-    ns0 AAAA 2a01:4f8:c012:49de::1
-
     @   A    23.88.121.184
     @   AAAA 2a01:4f8:c012:49de::1
 
@@ -40,13 +36,13 @@ let
 
     cache      CNAME nuc.rfive.de.
     chat       CNAME nuc.rfive.de.
-    img.trucks CNAME falkenstein.rfive.de.
     matrix     CNAME nuc.rfive.de.
+    seafile    CNAME nuc.rfive.de.
+    vault      CNAME nuc.rfive.de.
+
     purge      CNAME falkenstein.rfive.de.
     rspamd     CNAME falkenstein.rfive.de.
-    seafile    CNAME nuc.rfive.de.
     trucks     CNAME falkenstein.rfive.de.
-    vault      CNAME nuc.rfive.de.
   '';
 in
 {
@@ -63,6 +59,7 @@ in
           also-notify {185.181.104.96;};
           dnssec-policy default;
           inline-signing yes;
+          serial-update-method date;
         '';
         file = "${directory}/rfive.de.zone.txt";
       };
diff --git a/hosts/falkenstein/modules/trucksimulatorbot/default.nix b/hosts/falkenstein/modules/trucksimulatorbot/default.nix
index 6e9ecd3..26bf38a 100644
--- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix
+++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix
@@ -24,20 +24,16 @@ in
     ensureDatabases = [ "trucksimulator" ];
   };
   services.nginx.virtualHosts = {
-    "img.${domain}" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}";
-      };
-    };
     "${domain}" = {
       enableACME = true;
       forceSSL = true;
-      locations."/invite".return = " 301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
+      locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
       locations."/" = {
         proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
       };
+      locations."/images/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
+      };
       locations."/docs" = {
         root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
       };

From 9e01a0bc04c364e3367382e45cd795202f4cddb3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 20:42:51 +0100
Subject: [PATCH 5/7] ns: fix soa record

---
 hosts/falkenstein/modules/dns/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 6fb6c1d..fe8fa5e 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -4,7 +4,7 @@ let
     $TTL 3600
     $ORIGIN rfive.de.
         
-    rfive.de.  86400  IN  SOA ns.inwx.de. hostmaster.rfive.de. 2024031009 10800 3600 604800 3600
+    rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024031010 10800 3600 604800 3600
     @ NS ns.inwx.de.
     @ NS ns2.inwx.de.
     @ NS ns3.inwx.eu.
@@ -16,6 +16,9 @@ let
     @   CAA 0 issue "letsencrypt.org"
     @   CAA 0 issuewild ";"
 
+    ns   A    23.88.121.184
+    ns   AAAA 2a01:4f8:c012:49de::1
+
     nuc         A     141.30.227.6
     falkenstein A     23.88.121.184
     falkenstein AAAA  2a01:4f8:c012:49de::1

From c877f4be7f482ed9637cbda4461ff1b14b3b17f9 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 20:51:05 +0100
Subject: [PATCH 6/7] ns: switch to hidden primary model

---
 hosts/falkenstein/modules/dns/default.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index fe8fa5e..19b83e1 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -1,5 +1,6 @@
 { pkgs, config, ... }:
 let
+  secondary = "185.181.104.96";
   zonefile = pkgs.writeText "rfive.de.zone.txt" ''
     $TTL 3600
     $ORIGIN rfive.de.
@@ -56,10 +57,10 @@ in
       "rfive.de" = {
         master = true;
         slaves = [
-          "185.181.104.96"
+          secondary
         ];
         extraConfig = ''
-          also-notify {185.181.104.96;};
+          also-notify {${secondary};};
           dnssec-policy default;
           inline-signing yes;
           serial-update-method date;
@@ -72,6 +73,8 @@ in
     # copy the file manually to its destination since signing requires a writable directory
     ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
   '';
-  networking.firewall.allowedUDPPorts = [ 53 ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.extraInputRules = ''
+    ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
+    ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
+  '';
 }

From 5dbab41a2e18c787be0b8b63639eb8be1bdc5b90 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 10 Mar 2024 21:01:44 +0100
Subject: [PATCH 7/7] ns: better soa format

---
 hosts/falkenstein/modules/dns/default.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 19b83e1..94365e0 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -4,8 +4,14 @@ let
   zonefile = pkgs.writeText "rfive.de.zone.txt" ''
     $TTL 3600
     $ORIGIN rfive.de.
-        
-    rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024031010 10800 3600 604800 3600
+
+    rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
+      2024031013 ; serial
+      10800      ; refresh
+      3600       ; retry
+      604800     ; expire
+      3600 )     ; negatives caching, ehem. minimum
+    
     @ NS ns.inwx.de.
     @ NS ns2.inwx.de.
     @ NS ns3.inwx.eu.