diff --git a/flake.lock b/flake.lock
index 7b298cb..8f9e29e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1736955230,
- "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+ "lastModified": 1723293904,
+ "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+ "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@@ -301,11 +301,11 @@
]
},
"locked": {
- "lastModified": 1737461688,
- "narHash": "sha256-zQCFe5FcSSGzY3qauAAHZcPt7Ej4WSGo78ShSTCSBvU=",
+ "lastModified": 1736508663,
+ "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "bb14224f51ae4caed12a7b26f245d042c8cf8553",
+ "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc",
"type": "github"
},
"original": {
@@ -450,11 +450,11 @@
]
},
"locked": {
- "lastModified": 1737257306,
- "narHash": "sha256-lEGgpA4kGafc76+Amnz+gh1L/cwUS2pePFlf22WEyh8=",
+ "lastModified": 1736652904,
+ "narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "744d330659e207a1883d2da0141d35e520eb87bd",
+ "rev": "271e5bd7c57e1f001693799518b10a02d1123b12",
"type": "github"
},
"original": {
@@ -524,11 +524,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1737062831,
- "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
+ "lastModified": 1736701207,
+ "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
+ "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
"type": "github"
},
"original": {
diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 9144e4c..cb11a66 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -47,10 +47,19 @@ let
A = [ "23.88.121.184" ];
AAAA = [ "2a01:4f8:c012:49de::1" ];
};
+ k8s-master-1 = {
+ A = [ "88.198.147.123" ];
+ AAAA = [ "2a01:4f8:c012:ae0a::1" ];
+ };
ns = falkenstein;
mail = falkenstein;
_dmarc.TXT = [ "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" ];
_domainkey.subdomains.rspamd.TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" ];
+ k8s.subdomains."*" = {
+ A = [ "88.198.147.123" ];
+ AAAA = [ "2a01:4f8:c012:ae0a::1" ];
+ };
+
}
(builtins.removeAttrs (genCNAMEs "nuc") [ ":2018" ])
(builtins.removeAttrs (genCNAMEs "falkenstein") [ "mail" ":2018" ])
diff --git a/hosts/fujitsu/default.nix b/hosts/fujitsu/default.nix
index 6b26205..d1b30a0 100644
--- a/hosts/fujitsu/default.nix
+++ b/hosts/fujitsu/default.nix
@@ -41,8 +41,6 @@
btdu
tcpdump
mtr
- dnsutils
- mediainfo
];
programs.git = {
enable = true;
diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index c5f9c7f..b77564b 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -65,7 +65,6 @@
btdu
tcpdump
mtr
- dnsutils
];
programs.git = {
enable = true;
diff --git a/hosts/nuc/modules/logseq/default.nix b/hosts/nuc/modules/logseq/default.nix
index 6b3d440..b21d2e9 100644
--- a/hosts/nuc/modules/logseq/default.nix
+++ b/hosts/nuc/modules/logseq/default.nix
@@ -4,7 +4,7 @@ let
in
{
virtualisation.oci-containers = {
- containers.logseq = {
+ containers.kanboard = {
image = "ghcr.io/logseq/logseq-webapp:latest";
ports = [ "127.0.0.1:8045:80" ];
};
diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix
index 86c8522..9097c6f 100644
--- a/hosts/nuc/modules/monitoring/default.nix
+++ b/hosts/nuc/modules/monitoring/default.nix
@@ -141,12 +141,6 @@ in
targets = [ "nuc.vpn.rfive.de:9300" ];
}];
}
- {
- job_name = "qbittorrent";
- static_configs = [{
- targets = [ "nuc.vpn.rfive.de:8009" ];
- }];
- }
# {
# job_name = "pegel_dresden";
# metrics_path = "/probe";
diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix
index d55f270..08b580e 100644
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@@ -8,14 +8,9 @@ let
};
in
{
- imports = [
- ./exporter.nix
- ];
age.secrets.mullvad.file = ../../../../secrets/nuc/mullvad.age;
- age.secrets.airvpn-private.file = ../../../../secrets/nuc/airvpn/private.age;
- age.secrets.airvpn-psk.file = ../../../../secrets/nuc/airvpn/psk.age;
environment.etc."netns/torrent/resolv.conf".text = ''
- nameserver 9.9.9.9
+ nameserver 10.64.0.1
'';
systemd.services."netns@" = {
@@ -48,36 +43,20 @@ in
# scripted wireguard since systemd-networkd doesn't support netns yet
networking.wireguard.useNetworkd = false;
- # networking.wireguard.interfaces."wg0-mullvad" = {
- # # Funny Mole
- # privateKeyFile = config.age.secrets.mullvad.path;
- # ips = [ "10.67.237.93/32" ];
- # peers = [
- # {
- # publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
- # allowedIPs = [ "0.0.0.0/0" ];
- # endpoint = "138.199.34.129:51820";
- # }
- # ];
- # interfaceNamespace = "torrent";
- # };
- # systemd.services."wireguard-wg0-mullvad" = {
- # requires = [ "netns@torrent.service" ];
- # };
- networking.wireguard.interfaces."wg1-airvpn" = {
- privateKeyFile = config.age.secrets.airvpn-private.path;
- ips = [ " 10.146.65.170/32" "fd7d:76ee:e68f:a993:366:82ed:bc88:b04a/128" ];
+ networking.wireguard.interfaces."wg0-mullvad" = {
+ # Funny Mole
+ privateKeyFile = config.age.secrets.mullvad.path;
+ ips = [ "10.67.237.93/32" ];
peers = [
{
- publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
- presharedKeyFile = config.age.secrets.airvpn-psk.path;
- allowedIPs = [ "0.0.0.0/0" "::/0" ];
- endpoint = "europe3.vpn.airdns.org:1637";
+ publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
+ allowedIPs = [ "0.0.0.0/0" ];
+ endpoint = "138.199.34.129:51820";
}
];
interfaceNamespace = "torrent";
};
- systemd.services."wireguard-wg1-airvpn" = {
+ systemd.services."wireguard-wg0-mullvad" = {
requires = [ "netns@torrent.service" ];
};
diff --git a/hosts/nuc/modules/torrent/exporter.nix b/hosts/nuc/modules/torrent/exporter.nix
deleted file mode 100644
index 9fe2b93..0000000
--- a/hosts/nuc/modules/torrent/exporter.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }:
-{
- virtualisation.oci-containers = {
- containers.qbittorrent-exporter = {
- image = "caseyscarborough/qbittorrent-exporter";
- ports = [ "0.0.0.0:8009:17871" ];
- environment = {
- QBITTORRENT_PORT = "8081";
- QBITTORRENT_HOST = "nuc.vpn.rfive.de";
- };
- };
- };
-}
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 8ac927b..1f60883 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -113,7 +113,6 @@
devmon.enable = true; # automount stuff
upower.enable = true;
fwupd.enable = true; # firmware updates
- avahi.enable = true;
btrfs.autoScrub.enable = true;
mullvad-vpn = {
enable = true;
diff --git a/hosts/thinkpad/modules/backup/default.nix b/hosts/thinkpad/modules/backup/default.nix
index a9f9af8..7d6ed7f 100644
--- a/hosts/thinkpad/modules/backup/default.nix
+++ b/hosts/thinkpad/modules/backup/default.nix
@@ -32,10 +32,9 @@
"/home/*/.wine*"
"/home/*/.mypy_cache*"
"/home/*/.local/share"
- "/home/rouven/Games"
+ # contains very big files that don't need to clutter up the backup
+ # if I ever happen to have important data in virtual machines, this can be reconsidered
"/var/lib/libvirt"
- "/var/lib/machines"
- "/var/lib/docker"
];
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
compression = "lz4";
diff --git a/hosts/thinkpad/modules/sound/default.nix b/hosts/thinkpad/modules/sound/default.nix
index 801bf5f..43fd7ec 100644
--- a/hosts/thinkpad/modules/sound/default.nix
+++ b/hosts/thinkpad/modules/sound/default.nix
@@ -2,24 +2,9 @@
{
services.pipewire = {
enable = true;
- raopOpenFirewall = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
- extraConfig.pipewire = {
- "10-airplay" = {
- "context.modules" = [
- {
- name = "libpipewire-module-raop-discover";
-
- # increase the buffer size if you get dropouts/glitches
- # args = {
- # "raop.latency.ms" = 500;
- # };
- }
- ];
- };
- };
};
environment.systemPackages = with pkgs; [
helvum
diff --git a/overlays/default.nix b/overlays/default.nix
index 1042eda..7f850db 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -34,7 +34,7 @@ in
jmri = callPackage ../pkgs/jmri { };
adguardian-term = callPackage ../pkgs/adguardian-term { };
python312 = prev.python312.override {
- packageOverrides = _final: prev: {
+ packageOverrides = final: prev: {
pysaml2 = prev.pysaml2.overridePythonAttrs (orig: {
disabledTests =
orig.disabledTests
diff --git a/secrets.nix b/secrets.nix
index d7554e0..f84d30d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -21,8 +21,6 @@ in
"secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ];
- "secrets/nuc/airvpn/private.age".publicKeys = [ rouven nuc ];
- "secrets/nuc/airvpn/psk.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/authentik/core.age".publicKeys = [ rouven nuc ];
"secrets/nuc/authentik/ldap.age".publicKeys = [ rouven nuc ];
diff --git a/secrets/nuc/airvpn/private.age b/secrets/nuc/airvpn/private.age
deleted file mode 100644
index d8c0deb..0000000
--- a/secrets/nuc/airvpn/private.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 uWbAHQ eRn24OdOUxmaXy98cE749nX5YSNFEd/UWZNKgn2XdTM
-rQajaxGqfAO/C0jUuamcQQddKvqM0+TA8eW4yyp7JkE
--> ssh-ed25519 2TRdXg zRn6vmnqyB4YPSlRH8Oe65VkQoMfWA9zdEYObQEFviE
-sNrVqHwegkwMEBodil9mNAtLweftKU6CWgG9oUnCf64
---- W++fFNnOMSC6/PWBTBVpi5che6eyqZVLXkdPlpAXAKI
-��a�^����Ƞ�:�;(X��%����D��D���v`�)P�����'����eܫ�r�/3����.�NU�/��%��gR裡/8
\ No newline at end of file
diff --git a/secrets/nuc/airvpn/psk.age b/secrets/nuc/airvpn/psk.age
deleted file mode 100644
index 7fe62e7..0000000
--- a/secrets/nuc/airvpn/psk.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 uWbAHQ K/v5vDqaxdVlk6EORXlGPMepr2XcqsN9CKw4Z+6KJAI
-a1GVmh+wxVbBhywgI4mkWFPJZnEAHBM31hQFa4NIays
--> ssh-ed25519 2TRdXg Fl1LKF42rS6mW4qcuV7yRwz2I3O3ueT0ieMaz79SRnA
-sCevZCW6bYxbsOJgS9jn5uOeCyI39swYX/oWbNXk05w
---- uOZ3aavCOsb0rjofhb2gbNbiLAA3cWWoSX6lqqOJpjk
-�S��A����wB�Y��������*_*�~#���V1������m�V+Q��?/�}��������G��J�i#`��D�;��Le7
\ No newline at end of file