flake.nix

@@ -158,7 +158,7 @@
 
           kilgharrah.deployment.targetHost = null; # disable remote deployment
           tohru.deployment.targetHost = null; # disable remote deployment
-          elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet
+          elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet
 
           kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ];
           tohru.imports = [ ./hosts/tohru home-manager ];

home/qenya/dconf/default.nix

@@ -12,7 +12,6 @@ in
     "org/gnome/settings-daemon/plugins/color".night-light-enabled = true;
     "org/gnome/desktop/sound".event-sounds = false;
     "org/gnome/desktop/sound".allow-volume-above-100-percent = true;
-    "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true;
   };
 
   imports = [
@@ -21,6 +20,5 @@ in
     ./mouse-touchpad.nix
     ./multitasking.nix
     ./shell.nix
-    ./wellbeing.nix
   ];
 }

home/qenya/dconf/wellbeing.nix

@@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  dconf.settings = {
-    "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true;
-    "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ];
-  };
-}

home/qenya/default.nix

@@ -1,7 +1,6 @@
 {
   imports = [
     ./dconf
-    ./feishin.nix
     ./firefox.nix
     ./fonts.nix
     ./git.nix

home/qenya/feishin.nix

@@ -1,24 +0,0 @@
-{ config, lib, pkgs, osConfig, ... }:
-
-# Feishin ideally wants to see mpv at runtime, but this isn't catered for by
-# the derivation in nixpkgs as it isn't strictly necessary.
-# An easier way to do this would be to write mpv's full nix store path to
-# Feishin's config. But Feishin has one JSON file for config and state, and
-# we'd rather not overwrite the latter. Until and unless home-manager grows
-# support for partially patching files, we live with this.
-
-let
-  inherit (lib) mkIf;
-  isGraphical = osConfig.services.xserver.enable;
-in
-{
-  home.packages = mkIf isGraphical [
-    (pkgs.feishin.overrideAttrs (originalAttrs: {
-      buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ];
-      postFixup = ''
-        ${originalAttrs.postFixup or ""}
-        wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]}
-      '';
-    }))
-  ];
-}

home/qenya/packages.nix

@@ -23,6 +23,7 @@ in
   ] ++ optionals isGraphical [
     bitwarden
     discord
+    feishin
     gimp-with-plugins
     jellyfin-media-player
     tor-browser-bundle-bin

hosts/orm/default.nix

@@ -47,7 +47,6 @@
     };
     # only allow remote connections from within birdsong vpn
     # TODO: don't hardcode the IP addresses
-    # TODO: move to tailscale
     authentication = pkgs.lib.mkOverride 10 ''
       #type database  DBuser  auth-method
       local all       all     trust   # used by nixos for local monitoring

hosts/yevaud/default.nix

@@ -5,6 +5,7 @@
     ./hardware-configuration.nix
     ./networking.nix
 
+    ./experiments/birdsong-dns.nix
     # TODO: this breaks external IPv6 somehow
     # ./experiments/pennykettle.nix
   ];

hosts/yevaud/experiments/birdsong-dns.nix

@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.bind = {
+    # enable = true;
+    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+    forwarders = [ ];
+    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
+    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
+    zones = {
+      "birdsong.internal" = {
+        master = true;
+        file = pkgs.writeText "birdsong.internal.zone" ''
+          $TTL 60
+          $ORIGIN birdsong.internal.
+
+          birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 )
+          birdsong.internal. IN NS ns.birdsong.internal.
+
+          yevaud.c.birdsong.internal. IN A 10.127.1.1
+          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+
+          ns.birdsong.internal. IN A 10.127.1.1
+          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+        '';
+      };
+    };
+  };
+  networking.resolvconf.useLocalResolver = false;
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+}

services/distributed-builds.nix

@@ -35,7 +35,7 @@ in
 
     nix.buildMachines =
       (optional (elem "kalessin" cfg.builders) {
-        hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up
+        hostName = config.birdsong.hosts."kalessin".ipv4;
         sshUser = "remotebuild";
         sshKey = cfg.keyFile;
         systems = [ "aarch64-linux" ];
@@ -43,7 +43,7 @@ in
         supportedFeatures = [ "big-parallel" ];
       })
       ++ (optional (elem "kilgharrah" cfg.builders) {
-        hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up
+        hostName = config.birdsong.hosts."kilgharrah".ipv4;
         sshUser = "remotebuild";
         sshKey = cfg.keyFile;
         systems = [ "x86_64-linux" ];