shaw: init, install syncthing

deployment/local.nix

@@ -1,7 +1,6 @@
 { name, nodes, config, lib, pkgs, ... }:
 
-let sources = import ../npins;
+{
-in {
   deployment = {
     allowLocalDeployment = true;
     targetHost = null;

hive.nix

@@ -35,7 +35,7 @@ in {
     time.timeZone = "Europe/London";
 
     imports = [
-      ./colmena/local.nix
+      ./deployment/local.nix
       ./hosts/tohru/configuration.nix
     ];
   };
@@ -45,7 +45,7 @@ in {
     time.timeZone = "Etc/UTC";
 
     imports = [
-      ./colmena/remote.nix
+      ./deployment/remote.nix
       ./hosts/yevaud/configuration.nix
     ];
   };
@@ -55,7 +55,7 @@ in {
     time.timeZone = "Etc/UTC";
 
     imports = [
-      ./colmena/remote.nix
+      ./deployment/remote.nix
       ./hosts/orm/configuration.nix
     ];
   };

hosts/shaw/home.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.syncthing = {
+    enable = true;
+    extraOptions = [
+      "--gui-address=:8385"
+      "--home=/home/qenya/state/syncthing"
+    ];
+  };
+}

hosts/tohru/configuration.nix

@@ -1,14 +1,10 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports =
+  imports = [
-    [
+    ./hardware-configuration.nix
-      ./hardware-configuration.nix
+    ./syncthing.nix
-      ./home.nix
+  ];
-      ../../services/fonts.nix
-      ../../services/steam.nix
-      ./syncthing.nix
-    ];
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -26,6 +22,12 @@
   qenya.services.fonts.enable = true;
   qenya.services.steam.enable = true;
 
+  home-manager.users.qenya = { pkgs, ... }: {
+    imports = [
+      ./home.nix
+    ];
+  };
+
   networking.networkmanager.enable = true;
 
   i18n.defaultLocale = "en_GB.UTF-8";

hosts/tohru/home.nix

@@ -1,33 +1,31 @@
 { config, lib, pkgs, ... }:
 
 {
-  home-manager.users.qenya = { pkgs, ... }: {
+  dconf.enable = true;
-    dconf.enable = true;
 
-    programs = {
+  programs = {
-      firefox.enable = true; # TODO: config is not yet nix-ified
+    firefox.enable = true; # TODO: config is not yet nix-ified
-      vscode.enable = true;
+    vscode.enable = true;
-    };
-
-    home.packages = (with pkgs; [
-      bitwarden
-      discord
-      foliate
-      gimp-with-plugins
-      jellyfin-media-player
-      keepassxc
-      tor-browser-bundle-bin
-
-      # libreoffice
-      libreoffice
-      hunspell
-      hunspellDicts.en_GB-ise
-
-      # games
-      openttd
-      prismlauncher
-      nur.repos.qenya.digital-a-love-story
-      nur.repos.qenya.dont-take-it-personally-babe
-    ]);
   };
+
+  home.packages = with pkgs; [
+    bitwarden
+    discord
+    foliate
+    gimp-with-plugins
+    jellyfin-media-player
+    keepassxc
+    tor-browser-bundle-bin
+
+    # libreoffice
+    libreoffice
+    hunspell
+    hunspellDicts.en_GB-ise
+
+    # games
+    openttd
+    prismlauncher
+    nur.repos.qenya.digital-a-love-story
+    nur.repos.qenya.dont-take-it-personally-babe
+  ];
 }

hosts/yevaud/configuration.nix

@@ -15,6 +15,36 @@
     privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path;
   };
 
+  services.bind = {
+    enable = true;
+    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+    forwarders = [ ];
+    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
+    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
+    zones = {
+      "birdsong.internal" = {
+        master = true;
+        # TODO: pick better email address for SOA record
+        file = pkgs.writeText "birdsong.internal.zone" ''
+          $TTL 60
+          $ORIGIN birdsong.internal.
+
+          birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 )
+          birdsong.internal. IN NS ns.birdsong.internal.
+
+          yevaud.c.birdsong.internal. IN A 10.127.1.1
+          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+
+          ns.birdsong.internal. IN A 10.127.1.1
+          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+        '';
+      };
+    };
+  };
+  networking.resolvconf.useLocalResolver = false;
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
   qenya.services.forgejo = {
     enable = true;
     domain = "git.qenya.tel";