10 changed files with 37 additions and 39 deletions
--- a/flake.nix
+++ b/flake.nix
@ -158,7 +158,7 @@

          kilgharrah.deployment.targetHost = null; # disable remote deployment
          tohru.deployment.targetHost = null; # disable remote deployment
-          elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet
+          elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet

          kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ];
          tohru.imports = [ ./hosts/tohru home-manager ];
--- a/home/qenya/dconf/default.nix
+++ b/home/qenya/dconf/default.nix
@ -12,7 +12,6 @@ in
    "org/gnome/settings-daemon/plugins/color".night-light-enabled = true;
    "org/gnome/desktop/sound".event-sounds = false;
    "org/gnome/desktop/sound".allow-volume-above-100-percent = true;
-    "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true;
  };

  imports = [
@ -21,6 +20,5 @@ in
    ./mouse-touchpad.nix
    ./multitasking.nix
    ./shell.nix
-    ./wellbeing.nix
  ];
 }
--- a/home/qenya/dconf/wellbeing.nix
+++ b/home/qenya/dconf/wellbeing.nix
@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  dconf.settings = {
-    "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true;
-    "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ];
-  };
-}
--- a/home/qenya/default.nix
+++ b/home/qenya/default.nix
@ -1,7 +1,6 @@
 {
  imports = [
    ./dconf
-    ./feishin.nix
    ./firefox.nix
    ./fonts.nix
    ./git.nix
--- a/home/qenya/feishin.nix
+++ b/home/qenya/feishin.nix
@ -1,24 +0,0 @@
-{ config, lib, pkgs, osConfig, ... }:
-
-# Feishin ideally wants to see mpv at runtime, but this isn't catered for by
-# the derivation in nixpkgs as it isn't strictly necessary.
-# An easier way to do this would be to write mpv's full nix store path to
-# Feishin's config. But Feishin has one JSON file for config and state, and
-# we'd rather not overwrite the latter. Until and unless home-manager grows
-# support for partially patching files, we live with this.
-
-let
-  inherit (lib) mkIf;
-  isGraphical = osConfig.services.xserver.enable;
-in
-{
-  home.packages = mkIf isGraphical [
-    (pkgs.feishin.overrideAttrs (originalAttrs: {
-      buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ];
-      postFixup = ''
-        ${originalAttrs.postFixup or ""}
-        wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]}
-      '';
-    }))
-  ];
-}
--- a/home/qenya/packages.nix
+++ b/home/qenya/packages.nix
@ -23,6 +23,7 @@ in
  ] ++ optionals isGraphical [
    bitwarden
    discord
+    feishin
    gimp-with-plugins
    jellyfin-media-player
    tor-browser-bundle-bin
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@ -47,7 +47,6 @@
    };
    # only allow remote connections from within birdsong vpn
    # TODO: don't hardcode the IP addresses
-    # TODO: move to tailscale
    authentication = pkgs.lib.mkOverride 10 ''
      #type database  DBuser  auth-method
      local all       all     trust   # used by nixos for local monitoring
--- a/hosts/yevaud/default.nix
+++ b/hosts/yevaud/default.nix
@ -5,6 +5,7 @@
    ./hardware-configuration.nix
    ./networking.nix

+    ./experiments/birdsong-dns.nix
    # TODO: this breaks external IPv6 somehow
    # ./experiments/pennykettle.nix
  ];
--- a/hosts/yevaud/experiments/birdsong-dns.nix
+++ b/hosts/yevaud/experiments/birdsong-dns.nix
@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.bind = {
+    # enable = true;
+    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+    forwarders = [ ];
+    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
+    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
+    zones = {
+      "birdsong.internal" = {
+        master = true;
+        file = pkgs.writeText "birdsong.internal.zone" ''
+          $TTL 60
+          $ORIGIN birdsong.internal.
+
+          birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 )
+          birdsong.internal. IN NS ns.birdsong.internal.
+
+          yevaud.c.birdsong.internal. IN A 10.127.1.1
+          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+
+          ns.birdsong.internal. IN A 10.127.1.1
+          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+        '';
+      };
+    };
+  };
+  networking.resolvconf.useLocalResolver = false;
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+}
--- a/services/distributed-builds.nix
+++ b/services/distributed-builds.nix
@ -35,7 +35,7 @@ in

    nix.buildMachines =
      (optional (elem "kalessin" cfg.builders) {
-        hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up
+        hostName = config.birdsong.hosts."kalessin".ipv4;
        sshUser = "remotebuild";
        sshKey = cfg.keyFile;
        systems = [ "aarch64-linux" ];
@ -43,7 +43,7 @@ in
        supportedFeatures = [ "big-parallel" ];
      })
      ++ (optional (elem "kilgharrah" cfg.builders) {
-        hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up
+        hostName = config.birdsong.hosts."kilgharrah".ipv4;
        sshUser = "remotebuild";
        sshKey = cfg.keyFile;
        systems = [ "x86_64-linux" ];