diff --git a/flake.nix b/flake.nix index 3766dee..90c14c3 100644 --- a/flake.nix +++ b/flake.nix @@ -158,7 +158,7 @@ kilgharrah.deployment.targetHost = null; # disable remote deployment tohru.deployment.targetHost = null; # disable remote deployment - elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet + elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ]; tohru.imports = [ ./hosts/tohru home-manager ]; diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix index 0fe64e5..138bc50 100644 --- a/home/qenya/dconf/default.nix +++ b/home/qenya/dconf/default.nix @@ -12,7 +12,6 @@ in "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; "org/gnome/desktop/sound".event-sounds = false; "org/gnome/desktop/sound".allow-volume-above-100-percent = true; - "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true; }; imports = [ @@ -21,6 +20,5 @@ in ./mouse-touchpad.nix ./multitasking.nix ./shell.nix - ./wellbeing.nix ]; } diff --git a/home/qenya/dconf/wellbeing.nix b/home/qenya/dconf/wellbeing.nix deleted file mode 100644 index bea0036..0000000 --- a/home/qenya/dconf/wellbeing.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - dconf.settings = { - "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; - "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; - }; -} diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 47c64dd..f367f63 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -1,7 +1,6 @@ { imports = [ ./dconf - ./feishin.nix ./firefox.nix ./fonts.nix ./git.nix diff --git a/home/qenya/feishin.nix b/home/qenya/feishin.nix deleted file mode 100644 index e3c7360..0000000 --- a/home/qenya/feishin.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, osConfig, ... }: - -# Feishin ideally wants to see mpv at runtime, but this isn't catered for by -# the derivation in nixpkgs as it isn't strictly necessary. -# An easier way to do this would be to write mpv's full nix store path to -# Feishin's config. But Feishin has one JSON file for config and state, and -# we'd rather not overwrite the latter. Until and unless home-manager grows -# support for partially patching files, we live with this. - -let - inherit (lib) mkIf; - isGraphical = osConfig.services.xserver.enable; -in -{ - home.packages = mkIf isGraphical [ - (pkgs.feishin.overrideAttrs (originalAttrs: { - buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ]; - postFixup = '' - ${originalAttrs.postFixup or ""} - wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]} - ''; - })) - ]; -} diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index df281b6..b9a59da 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -23,6 +23,7 @@ in ] ++ optionals isGraphical [ bitwarden discord + feishin gimp-with-plugins jellyfin-media-player tor-browser-bundle-bin diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index ce4c125..d2b6298 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -47,7 +47,6 @@ }; # only allow remote connections from within birdsong vpn # TODO: don't hardcode the IP addresses - # TODO: move to tailscale authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all all trust # used by nixos for local monitoring diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 1545c62..b93c14b 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ./networking.nix + ./experiments/birdsong-dns.nix # TODO: this breaks external IPv6 somehow # ./experiments/pennykettle.nix ]; diff --git a/hosts/yevaud/experiments/birdsong-dns.nix b/hosts/yevaud/experiments/birdsong-dns.nix new file mode 100644 index 0000000..58db9b6 --- /dev/null +++ b/hosts/yevaud/experiments/birdsong-dns.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +{ + services.bind = { + # enable = true; + cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; + forwarders = [ ]; + listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; + listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; + zones = { + "birdsong.internal" = { + master = true; + file = pkgs.writeText "birdsong.internal.zone" '' + $TTL 60 + $ORIGIN birdsong.internal. + + birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 ) + birdsong.internal. IN NS ns.birdsong.internal. + + yevaud.c.birdsong.internal. IN A 10.127.1.1 + yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + + ns.birdsong.internal. IN A 10.127.1.1 + ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + ''; + }; + }; + }; + networking.resolvconf.useLocalResolver = false; + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; +} diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix index ec5f001..09cdd44 100644 --- a/services/distributed-builds.nix +++ b/services/distributed-builds.nix @@ -35,7 +35,7 @@ in nix.buildMachines = (optional (elem "kalessin" cfg.builders) { - hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up + hostName = config.birdsong.hosts."kalessin".ipv4; sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "aarch64-linux" ]; @@ -43,7 +43,7 @@ in supportedFeatures = [ "big-parallel" ]; }) ++ (optional (elem "kilgharrah" cfg.builders) { - hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up + hostName = config.birdsong.hosts."kilgharrah".ipv4; sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "x86_64-linux" ];