ns: better soa format

flake.lock

@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709938482,
+        "lastModified": 1710062421,
-        "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
+        "narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
+        "rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709906691,
+        "lastModified": 1710040110,
-        "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
+        "narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
+        "rev": "851fcfd130597c5c91071d46275111522d4fd595",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709703039,
+        "lastModified": 1709961763,
-        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
+        "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
+        "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709987509,
+        "lastModified": 1710096282,
-        "narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=",
+        "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot",
-        "rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0",
+        "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/dns/default.nix

@@ -1,18 +1,21 @@
 { pkgs, config, ... }:
 let
+  secondary = "185.181.104.96";
   zonefile = pkgs.writeText "rfive.de.zone.txt" ''
     $TTL 3600
     $ORIGIN rfive.de.
 
-    rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600
+    rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-    @ NS ns0.rfive.de.
+      2024031013 ; serial
+      10800      ; refresh
+      3600       ; retry
+      604800     ; expire
+      3600 )     ; negatives caching, ehem. minimum
+    
     @ NS ns.inwx.de.
     @ NS ns2.inwx.de.
     @ NS ns3.inwx.eu.
 
-    ns0 A 23.88.121.184
-    ns0 AAAA 2a01:4f8:c012:49de::1
-
     @   A    23.88.121.184
     @   AAAA 2a01:4f8:c012:49de::1
 
@@ -20,6 +23,9 @@ let
     @   CAA 0 issue "letsencrypt.org"
     @   CAA 0 issuewild ";"
 
+    ns   A    23.88.121.184
+    ns   AAAA 2a01:4f8:c012:49de::1
+
     nuc         A     141.30.227.6
     falkenstein A     23.88.121.184
     falkenstein AAAA  2a01:4f8:c012:49de::1
@@ -40,13 +46,13 @@ let
 
     cache      CNAME nuc.rfive.de.
     chat       CNAME nuc.rfive.de.
-    img.trucks CNAME falkenstein.rfive.de.
     matrix     CNAME nuc.rfive.de.
+    seafile    CNAME nuc.rfive.de.
+    vault      CNAME nuc.rfive.de.
+
     purge      CNAME falkenstein.rfive.de.
     rspamd     CNAME falkenstein.rfive.de.
-    seafile    CNAME nuc.rfive.de.
     trucks     CNAME falkenstein.rfive.de.
-    vault      CNAME nuc.rfive.de.
   '';
 in
 {
@@ -57,12 +63,13 @@ in
       "rfive.de" = {
         master = true;
         slaves = [
-          "185.181.104.96"
+          secondary
         ];
         extraConfig = ''
-          also-notify {185.181.104.96;};
+          also-notify {${secondary};};
           dnssec-policy default;
           inline-signing yes;
+          serial-update-method date;
         '';
         file = "${directory}/rfive.de.zone.txt";
       };
@@ -72,6 +79,8 @@ in
     # copy the file manually to its destination since signing requires a writable directory
     ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
   '';
-  networking.firewall.allowedUDPPorts = [ 53 ];
+  networking.firewall.extraInputRules = ''
-  networking.firewall.allowedTCPPorts = [ 53 ];
+    ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
+    ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
+  '';
 }

hosts/falkenstein/modules/trucksimulatorbot/default.nix

@@ -24,20 +24,16 @@ in
     ensureDatabases = [ "trucksimulator" ];
   };
   services.nginx.virtualHosts = {
-    "img.${domain}" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}";
-      };
-    };
     "${domain}" = {
       enableACME = true;
       forceSSL = true;
-      locations."/invite".return = " 301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
+      locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
       locations."/" = {
         proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
       };
+      locations."/images/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
+      };
       locations."/docs" = {
         root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
       };

hosts/nuc/modules/networks/default.nix

@@ -14,7 +14,7 @@
   };
   services.resolved = {
     enable = true;
-    dnssec = "allow-downgrade";
+    # dnssec = "allow-downgrade";
     fallbackDns = [
       "9.9.9.9"
       "149.112.112.112"

hosts/thinkpad/default.nix

@@ -14,11 +14,6 @@
       ./modules/virtualisation
     ];
 
-  # nixpkgs.hostPlatform = {
-  #   gcc.arch = "tigerlake";
-  #   gcc.tune = "tigerlake";
-  #   system = "x86_64-linux";
-  # };
 
   nix.settings.system-features = [ "gccarch-tigerlake" ];
   systemd.additionalUpstreamSystemUnits = [

users/rouven/modules/helix/default.nix

@@ -4,7 +4,8 @@
     gdb
     lldb
     rust-analyzer
-    rnix-lsp
+    nil
+    nixpkgs-fmt
     typst-lsp
     (python3.withPackages (ps: with ps; [
       pyls-isort
@@ -28,14 +29,15 @@
     enable = true;
 
     languages = {
-      language-server.rnix-lsp = {
+      language-server.nil = {
-        command = "rnix-lsp";
+        command = "nil";
+        config = { nil.formatting.command = [ "nixpkgs-fmt" ]; };
       };
       language = [
         {
           name = "nix";
           auto-format = true;
-          language-servers = [ "rnix-lsp" ];
+          language-servers = [ "nil" ];
         }
       ];
     };
@@ -46,6 +48,7 @@
         color-modes = true;
         line-number = "relative";
         cursor-shape.insert = "bar";
+        completion-trigger-len = 0;
         lsp = {
           display-messages = true;
           display-inlay-hints = true;

users/rouven/modules/packages.nix

@@ -5,6 +5,7 @@
     # essentials
     htop-vim
     lsof
+
     zip
     unzip
     man-pages
@@ -31,7 +32,6 @@
     gomuks
     profanity
     fractal
-    tuba # mastodon client
 
     # games
     prismlauncher
@@ -43,10 +43,7 @@
     bitwarden-cli
 
     # misc
-    hugo
     neofetch # obligatory
-    jetbrains.idea-ultimate #😎
-    croc # send files anywhere
     xournalpp
     libreoffice
     mosh