treewide: Partial migration from custom WireGuard to Headscale

flake.nix

@@ -158,7 +158,7 @@
 
           kilgharrah.deployment.targetHost = null; # disable remote deployment
           tohru.deployment.targetHost = null; # disable remote deployment
-          elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet
+          elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet
 
           kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ];
           tohru.imports = [ ./hosts/tohru home-manager ];

home/qenya/dconf/default.nix

@@ -12,6 +12,7 @@ in
     "org/gnome/settings-daemon/plugins/color".night-light-enabled = true;
     "org/gnome/desktop/sound".event-sounds = false;
     "org/gnome/desktop/sound".allow-volume-above-100-percent = true;
+    "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true;
   };
 
   imports = [
@@ -20,5 +21,6 @@ in
     ./mouse-touchpad.nix
     ./multitasking.nix
     ./shell.nix
+    ./wellbeing.nix
   ];
 }

home/qenya/dconf/wellbeing.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  dconf.settings = {
+    "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true;
+    "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ];
+  };
+}

home/qenya/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./dconf
+    ./feishin.nix
     ./firefox.nix
     ./fonts.nix
     ./git.nix

home/qenya/feishin.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, osConfig, ... }:
+
+# Feishin ideally wants to see mpv at runtime, but this isn't catered for by
+# the derivation in nixpkgs as it isn't strictly necessary.
+# An easier way to do this would be to write mpv's full nix store path to
+# Feishin's config. But Feishin has one JSON file for config and state, and
+# we'd rather not overwrite the latter. Until and unless home-manager grows
+# support for partially patching files, we live with this.
+
+let
+  inherit (lib) mkIf;
+  isGraphical = osConfig.services.xserver.enable;
+in
+{
+  home.packages = mkIf isGraphical [
+    (pkgs.feishin.overrideAttrs (originalAttrs: {
+      buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ];
+      postFixup = ''
+        ${originalAttrs.postFixup or ""}
+        wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]}
+      '';
+    }))
+  ];
+}

home/qenya/packages.nix

@@ -23,7 +23,6 @@ in
   ] ++ optionals isGraphical [
     bitwarden
     discord
-    feishin
     gimp-with-plugins
     jellyfin-media-player
     tor-browser-bundle-bin

hosts/orm/default.nix

@@ -47,6 +47,7 @@
     };
     # only allow remote connections from within birdsong vpn
     # TODO: don't hardcode the IP addresses
+    # TODO: move to tailscale
     authentication = pkgs.lib.mkOverride 10 ''
       #type database  DBuser  auth-method
       local all       all     trust   # used by nixos for local monitoring

hosts/yevaud/default.nix

@@ -5,7 +5,6 @@
     ./hardware-configuration.nix
     ./networking.nix
 
-    ./experiments/birdsong-dns.nix
     # TODO: this breaks external IPv6 somehow
     # ./experiments/pennykettle.nix
   ];

hosts/yevaud/experiments/birdsong-dns.nix

@@ -1,32 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.bind = {
-    # enable = true;
-    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
-    forwarders = [ ];
-    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
-    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
-    zones = {
-      "birdsong.internal" = {
-        master = true;
-        file = pkgs.writeText "birdsong.internal.zone" ''
-          $TTL 60
-          $ORIGIN birdsong.internal.
-
-          birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 )
-          birdsong.internal. IN NS ns.birdsong.internal.
-
-          yevaud.c.birdsong.internal. IN A 10.127.1.1
-          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
-
-          ns.birdsong.internal. IN A 10.127.1.1
-          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
-        '';
-      };
-    };
-  };
-  networking.resolvconf.useLocalResolver = false;
-  networking.firewall.allowedTCPPorts = [ 53 ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
-}

services/distributed-builds.nix

@@ -35,7 +35,7 @@ in
 
     nix.buildMachines =
       (optional (elem "kalessin" cfg.builders) {
-        hostName = config.birdsong.hosts."kalessin".ipv4;
+        hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up
         sshUser = "remotebuild";
         sshKey = cfg.keyFile;
         systems = [ "aarch64-linux" ];
@@ -43,7 +43,7 @@ in
         supportedFeatures = [ "big-parallel" ];
       })
       ++ (optional (elem "kilgharrah" cfg.builders) {
-        hostName = config.birdsong.hosts."kilgharrah".ipv4;
+        hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up
         sshUser = "remotebuild";
         sshKey = cfg.keyFile;
         systems = [ "x86_64-linux" ];