flake.lock: Update

Flake lock file updates:

• Updated input 'atuin':
    'github:atuinsh/atuin/55840bddf5caec1137380f70ef9c9b556fd483e6?narHash=sha256-tpPlzCNSTloLoG7YrRWfyIpq1VYLs7iG0o/tJDhQFZ4%3D' (2024-06-17)
  → 'github:atuinsh/atuin/88633b8994437180afdd66068cc2c8f02aea1db1?narHash=sha256-TsRI1Ej7gkAWhUhT3vDa4aEhu20AX8KbbUM2iD%2B6gkw%3D' (2024-06-17)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/6439e136f3e93e21040f0e8483ed7744056b9d71?narHash=sha256-TAOe9upAJ8I9Yc5Z69M/w%2BbHlWq98ht%2BXBD2nlEyIDw%3D' (2024-06-17)
  → 'github:nix-community/emacs-overlay/27e6ef6f477ba42dc8682ed854a519cbea4bacaf?narHash=sha256-ALCQMCzcZuumVF/PaxW0xShwm72U5/2Zk/HHWwZrqlQ%3D' (2024-06-18)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/5c2ec3a5c2ee9909904f860dadc19bc12cd9cc44?narHash=sha256-ZFav8A9zPNfjZg/wrxh1uZeMJHELRfRgFP%2Bmeq01XYk%3D' (2024-06-12)
  → 'github:NixOS/nixpkgs/842253bf992c3a7157b67600c2857193f126563a?narHash=sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM%3D' (2024-06-15)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420?narHash=sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY%3D' (2024-06-13)
  → 'github:nixos/nixpkgs/b60ebf54c15553b393d144357375ea956f89e9a9?narHash=sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU%3D' (2024-06-16)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/5265b8a1e1d2e370e8b45b557326b691aec7d163?narHash=sha256-92OO8XrQTvdvDtRi0BAkjTaoZXW5ORuvqdk677wW7ko%3D' (2024-06-17)
  → 'github:oxalica/rust-overlay/16c8ad83297c278eebe740dea5491c1708960dd1?narHash=sha256-E/T7Ge6ayEQe7FVKMJqDBoHyLhRhjc6u9CmU8MyYfy0%3D' (2024-06-18)
• Removed input 'rust-overlay/flake-utils'

flake.lock

@@ -46,6 +46,7 @@
     },
     "atuin": {
       "inputs": {
+        "fenix": "fenix",
         "flake-compat": "flake-compat_2",
         "flake-utils": [
           "flake-utils"
@@ -55,11 +56,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718047990,
-        "narHash": "sha256-eHTd7rasshvqnNNjfmB1A0rBchZfiF3M8vSorPuy/u0=",
+        "lastModified": 1718634998,
+        "narHash": "sha256-TsRI1Ej7gkAWhUhT3vDa4aEhu20AX8KbbUM2iD+6gkw=",
         "owner": "atuinsh",
         "repo": "atuin",
-        "rev": "55a2fe50f70a5dc7d4a9ee5e1d6ffc213c74291b",
+        "rev": "88633b8994437180afdd66068cc2c8f02aea1db1",
         "type": "github"
       },
       "original": {
@@ -196,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718008439,
-        "narHash": "sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y=",
+        "lastModified": 1718588625,
+        "narHash": "sha256-8ZbrJq1jcmyzJ4SDkvd8JOZD4/fNUHpL4cpqVe4w3CU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82",
+        "rev": "8262659fc990cecdf6a8de74c3de7b6ec58c2276",
         "type": "github"
       },
       "original": {
@@ -220,11 +221,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1718096975,
-        "narHash": "sha256-Ud33Yz5o2OJ9mjH5rhbrdR+polxq9QyOLLNbtQ63s4E=",
+        "lastModified": 1718675614,
+        "narHash": "sha256-ALCQMCzcZuumVF/PaxW0xShwm72U5/2Zk/HHWwZrqlQ=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "d2404a42ad3ae9c5ee5c481b7c7a4c91627d161f",
+        "rev": "27e6ef6f477ba42dc8682ed854a519cbea4bacaf",
         "type": "github"
       },
       "original": {
@@ -257,6 +258,28 @@
         "type": "github"
       }
     },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "atuin",
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1717827974,
+        "narHash": "sha256-ixopuTeTouxqTxfMuzs6IaRttbT8JqRW5C9Q/57WxQw=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "ab655c627777ab5f9964652fe23bbb1dfbd687a8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -564,11 +587,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717931644,
-        "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
+        "lastModified": 1718526747,
+        "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
+        "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
         "type": "github"
       },
       "original": {
@@ -588,11 +611,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1717441449,
-        "narHash": "sha256-juxjgmLnFbl+/hhIO2cVtIa6caCO4pLKlZWUMwAOznM=",
+        "lastModified": 1718483375,
+        "narHash": "sha256-VvD7zmbEn9Ua8w2wAMcIBXD09QqG1Ra5bNjhd1eqhOo=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "e3a4dd5b381fb580804105594cc9c71dc45abdb5",
+        "rev": "b11f00056e11a802809935b0675176a2429593d9",
         "type": "github"
       },
       "original": {
@@ -656,11 +679,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717767239,
-        "narHash": "sha256-F/ZA/yhBg1XJYudA6b4ORt5CnEwOu4gR/UbMVq1UYMY=",
+        "lastModified": 1718260327,
+        "narHash": "sha256-P2PsdY2kLin3S0AW7dYWWI+1/a/+onp3KaAz8O32EnY=",
         "owner": "nix-community",
         "repo": "nix-ld-rs",
-        "rev": "3397956280fe8f555ffe11fe3a8115341a0ef460",
+        "rev": "753a1539846e6f75c88583777a3f6e40f4064302",
         "type": "github"
       },
       "original": {
@@ -671,11 +694,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1717995329,
-        "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=",
+        "lastModified": 1718548414,
+        "narHash": "sha256-1obyIuQPR/Kq1j5/i/5EuAfQrDwjYnjCDG8iLtXmBhQ=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "58b52b0dd191af70f538c707c66c682331cfdffc",
+        "rev": "cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06",
         "type": "github"
       },
       "original": {
@@ -730,11 +753,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1717880976,
-        "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
+        "lastModified": 1718447546,
+        "narHash": "sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
+        "rev": "842253bf992c3a7157b67600c2857193f126563a",
         "type": "github"
       },
       "original": {
@@ -762,11 +785,11 @@
     },
     "nixpkgs-stable_4": {
       "locked": {
-        "lastModified": 1717880976,
-        "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
+        "lastModified": 1718478900,
+        "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
+        "rev": "c884223af91820615a6146af1ae1fea25c107005",
         "type": "github"
       },
       "original": {
@@ -778,11 +801,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1717974879,
-        "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
+        "lastModified": 1718530797,
+        "narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
+        "rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
         "type": "github"
       },
       "original": {
@@ -871,6 +894,23 @@
         "treefmt-nix": "treefmt-nix"
       }
     },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1717583671,
+        "narHash": "sha256-+lRAmz92CNUxorqWusgJbL9VE1eKCnQQojglRemzwkw=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "48bbdd6a74f3176987d5c809894ac33957000d19",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    },
     "rust-overlay": {
       "inputs": {
         "flake-utils": [
@@ -898,19 +938,16 @@
     },
     "rust-overlay_2": {
       "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1718072316,
-        "narHash": "sha256-p33h73iQ1HkLalCplV5MH0oP3HXRaH3zufnFqb5//ps=",
+        "lastModified": 1718681902,
+        "narHash": "sha256-E/T7Ge6ayEQe7FVKMJqDBoHyLhRhjc6u9CmU8MyYfy0=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "bedc47af18fc41bb7d2edc2b212d59ca36253f59",
+        "rev": "16c8ad83297c278eebe740dea5491c1708960dd1",
         "type": "github"
       },
       "original": {
@@ -927,11 +964,11 @@
         "nixpkgs-stable": "nixpkgs-stable_4"
       },
       "locked": {
-        "lastModified": 1718058322,
-        "narHash": "sha256-d5jLlAwVi4NzT9yc5UrPiOpDxTRhu8GGh0IIfeFcdrM=",
+        "lastModified": 1718506969,
+        "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "d071c74a7de1e26d211b69b6fbae37ae2e31a87f",
+        "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
         "type": "github"
       },
       "original": {
@@ -1024,11 +1061,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717850719,
-        "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
+        "lastModified": 1718522839,
+        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
+        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
         "type": "github"
       },
       "original": {

home-manager/modules/emacs/default.nix

@@ -166,7 +166,7 @@ in
             ;
         })
         orgProtocolDesktop
-        nodePackages.bash-language-server
+        bash-language-server
         aspell
         lldb
         (nil.overrideAttrs (_: {

machines/heimdall/configuration.nix

@@ -1,8 +1,10 @@
-{ self, ... }@inputs:
-{ modulesPath, lib, ... }:
-# let
-#   pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
-# in
+{ self, ... }:
+{
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
 {
   imports = [
     "${modulesPath}/profiles/qemu-guest.nix"
@@ -26,6 +28,7 @@
     keycloak.enable = true;
     nix-common = {
       enable = true;
+      gc-interval = "03:15";
     };
   };
 
@@ -120,6 +123,22 @@
       enable = true;
       permitCertUid = "caddy";
     };
+
+    caddy = {
+      virtualHosts = {
+        "garfield.datarift.nl" =
+          let
+            webRoot = pkgs.writeTextDir "index.html" (builtins.readFile ../proxy/index.html);
+          in
+          {
+            extraConfig = ''
+              root * ${webRoot}
+              rewrite * /index.html
+              file_server
+            '';
+          };
+      };
+    };
   };
 
   security = {

machines/minio/configuration.nix

@@ -1,5 +1,5 @@
-{ self, ... }:
-{ modulesPath, ... }:
+{ self, caddy-with-plugins, ... }:
+{ pkgs, modulesPath, ... }:
 {
   imports = [
     (modulesPath + "/virtualisation/lxc-container.nix")
@@ -14,6 +14,21 @@
       enable = true;
       server = true;
     };
+    caddy-proxy = {
+      enable = true;
+      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
+      proxyHosts = [
+        {
+          externalHostname = "minio.datarift.nl";
+          proxyAddress = "127.0.0.1:9000";
+          external = true;
+        }
+        {
+          externalHostname = "minio-admin.datarift.nl";
+          proxyAddress = "127.0.0.1:9001";
+        }
+      ];
+    };
     services = {
       minio.enable = true;
     };
@@ -74,6 +89,7 @@
     minio-root-credentials = { };
     minio_backup_ssh_key = { };
     minio_backup_pass = { };
+    caddy-env = { };
   };
 
   system.stateVersion = "24.05";

machines/minio/secrets.yaml

@@ -1,6 +1,7 @@
 minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str]
 minio_backup_ssh_key: ENC[AES256_GCM,data:pVyhIAa+7GEgOouwgSYgN6rFjm9nZEesYJvrUIA0SZ9hXW4tnuc01DMLoGLTqYLqtlhpEtTtfMd0no55sHesCqru+5z3I4b5YlYEMoPR3ce0sDTV3lxnRSJGK+O5YRxnza1fG4RUAaOt0neiRma7F8+jFFJJPHksy8qrzYd3bQFiLEaRTJdyv9M5b2ETsi4A9ZVDPcwk34TEcrldEQIVIQU8rl0LPyN7WhaaHwjospb0Fav8U0w4PYCuqsBVmX3ssD7OZw1vJjz6eVB3CeUe91VbDfx6O3ahrUb4E9LWgWh4VlsGYtz7/ThNRR8n5DdYxUnA5aLDSkaEv64WBcUmA5VA6IZ7/jeMr4bGBf5f0rxlBMXqOdauBNeO/o5UwdHN8EV5Hafpn5XuLQ7sTSknTzxi0bo9mR63SWulW/64I6iN9kSEPs6OtKMNsaoYt9fyaGcPEEOAXLPauXMk/ddXK5l3D/GNLShwuH2nKWaoDCIvDjBx7rwW5wZynPxlTYlB7Pj1rkXK2J9nbRObTYps,iv:F82onSArHBV7z2BZ83yZUWPTf+Nj/yGwPckhj1JC3A4=,tag:e/QwEifl96Vtuf1jeItVhQ==,type:str]
 minio_backup_pass: ENC[AES256_GCM,data:t6mh1Fuj+CNbRCi6zgM/IDUc7IaHnsWcqsWKtTSzfO0gmAkfpGcvqe1KhDrgQiYqwVSlzYfIa5bsYrrgrePejmkt2hcTBeCM51dBIPJSqx6b47MAii/nEvdksxUENAZiUxP6ZSfrLOs2dkuEbxOTXfBC4z/bISKvst3VILH7ZqM=,iv:Pn0PUCCvqZQmV3Hkjd5CbSRR3sHGZsBcZdhUCgSZb0U=,tag:3Vru8OLVa72e677DEy6LvQ==,type:str]
+caddy-env: ENC[AES256_GCM,data:zhpmvdUyXZGAMpvlPSVhkDApgLKOvUvhh37lNQI8hjCz2zvZKLwQHI99zeq1M7w7GN4xfDyN,iv:F5MQz8tMIWaJWls1lkmaw0wzOVaZdDdVEYke0hDYExs=,tag:ngsGPqiJSulR4jQpHfta5w==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -34,8 +35,8 @@ sops:
             d0NWMXF3R2lwL2RQRFVFY3RteGFPVEkKACtGvv9tx9H34QW7vbLswFBsaQHTWwXc
             L2n3760iwAnVad4Aw7cQHUwzEUopWwhvg10BTrhi67CB9AG73yPNmA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-11T14:19:07Z"
-    mac: ENC[AES256_GCM,data:G/hYRqQxQxdij3hNsZcaQvx/SA95FeEA9q2DlC/Bkx1x0ApM7qG7eVNeVtqlYHkUd7IsylKyq1lf4Z4GQMj0Cq2sMZRn0Z6InUq67FSHqTd0JInZPQGDY5DDSD0WNuDSIHPJLWd1cC+onSpvBtx2xqxGb9HGNAJo+sGM4mlUBvU=,iv:E5pzAv+WRx8lPofUGZcH39lEPZa0MIn/m/ldX4I9PdU=,tag:a7pnkayI+U04G1KBrBEpOg==,type:str]
+    lastmodified: "2024-06-12T19:17:15Z"
+    mac: ENC[AES256_GCM,data:xW5JuueKrim2QdsKS7l4TdLymIFzvYLHz5wNBHs5D9nzIPvT28z8wf2qiD9o2M7QSHnbr5ZpltU5cfikCfEaJV5C0a9JtcL9cGfpMX43Aq5B+g6UsOs6On21F7qNt5XV6cc0Shn/Mk/lPkEaiHXum2ufbouVluqY+oiywFM3erE=,iv:dC6aBBfDKOW31XKkk/6lXYATe5hjSIRPzeijPWBATW4=,tag:5uxkapWz7oFUT5xnWRrp0A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1

machines/nix-cache/configuration.nix

@@ -24,6 +24,17 @@
       enable = true;
       server = true;
     };
+    caddy-proxy = {
+      enable = true;
+      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
+      proxyHosts = [
+        {
+          externalHostname = "nix-cache.datarift.nl";
+          proxyAddress = "127.0.0.1:8080";
+        }
+      ];
+
+    };
     nix-common = {
       enable = true;
       remote-builders = true;
@@ -130,33 +141,6 @@
       };
     };
 
-    caddy = {
-      enable = true;
-      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
-
-      email = "erwin@datarift.nl";
-
-      virtualHosts = {
-        "nix-cache.datarift.nl" = {
-          extraConfig = ''
-            @local_or_ts {
-              remote_ip 10.0.0.0/24 100.64.0.0/10
-            }
-
-            handle @local_or_ts {
-              reverse_proxy 127.0.0.1:8080
-            }
-            handle {
-              error "Nope." 403
-            }
-
-            tls {
-              dns cloudflare {env.CF_API_TOKEN}
-            }
-          '';
-        };
-      };
-    };
   };
 
   sops.defaultSopsFile = ./secrets.yaml;

machines/odin/configuration.nix

@@ -94,6 +94,28 @@
 
   hardware.enableAllFirmware = true;
 
+  users.users.consoledash = {
+    isSystemUser = true;
+    home = "/var/lib/consoledash";
+    group = "consoledash";
+    createHome = true;
+    # Stole this from here:
+    # https://github.com/mcdonc/.nixconfig/blob/66f427c029eb673c44bb7df919b78485ce3e8b01/videos/restricteduser/script.rst
+    # shell =
+    #   let
+    #     rbash = pkgs.runCommandNoCC "rbash-${pkgs.bashInteractive.version}" { } ''
+    #       mkdir -p $out/bin
+    #       ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/rbash
+    #     '';
+
+    #   in
+    #   "${rbash}/bin/rbash";
+    shell = "${pkgs.glances}/bin/glances";
+    ignoreShellProgramCheck = true;
+    hashedPassword = null;
+  };
+  users.groups.consoledash = { };
+
   programs = {
     nix-ld = {
       enable = true;
@@ -102,6 +124,7 @@
   };
 
   services = {
+    getty.autologinUser = "consoledash";
     openssh.enable = true;
     lvm = {
       enable = true;

machines/proxy/configuration.nix

@@ -74,22 +74,26 @@
     firewall.trustedInterfaces = [ "tailscale0" ];
   };
 
-  systemd.network = {
-    enable = true;
+  systemd = {
+    services.logrotate-checkconf.enable = false;
 
-    wait-online.anyInterface = true;
+    network = {
+      enable = true;
 
-    networks = {
-      "40-eth0" = {
-        matchConfig = {
-          Name = "eth0";
-        };
+      wait-online.anyInterface = true;
 
-        networkConfig = {
-          Address = "10.0.0.251/24";
-          Gateway = "10.0.0.1";
-          DNS = "10.0.0.206";
-          DHCP = "no";
+      networks = {
+        "40-eth0" = {
+          matchConfig = {
+            Name = "eth0";
+          };
+
+          networkConfig = {
+            Address = "10.0.0.251/24";
+            Gateway = "10.0.0.1";
+            DNS = "10.0.0.206";
+            DHCP = "no";
+          };
         };
       };
     };
@@ -104,6 +108,28 @@
     sudo.enable = false;
   };
 
+  services = {
+    caddy = {
+      virtualHosts = {
+        "garfield.datarift.nl" =
+          let
+            webRoot = pkgs.writeTextDir "index.html" (builtins.readFile ./index.html);
+          in
+          {
+            extraConfig = ''
+              root * ${webRoot}
+              rewrite * /index.html
+              file_server
+              tls {
+                dns cloudflare {env.CF_API_TOKEN}
+                resolvers 1.1.1.1
+              }
+            '';
+          };
+      };
+    };
+  };
+
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
     caddy-env = { };

machines/proxy/index.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <title>Today's Garfield</title>
+    <script>
+      document.addEventListener("DOMContentLoaded", () => {
+        const date = new Date();
+        
+        const year = date.getFullYear();
+        let month = date.getMonth() + 1;
+        let day = date.getDate();
+
+        if (month < 10) {
+          month = "0" + month;
+        }
+
+        if (day < 10) {
+          day = "0" + day;
+        }
+        const url = `https://www.gocomics.com/garfield/${year}/${month}/${day}/`;
+        console.log(`Redirecting to ${url}`);
+        location.href = url;
+      });
+    </script>
+    <meta charset="utf-8" />
+  </head>
+  <body></body>
+</html>

machines/valkyrie/configuration.nix

@@ -1,5 +1,5 @@
-{ self, ... }:
-{ modulesPath, ... }:
+{ self, caddy-with-plugins, ... }:
+{ pkgs, modulesPath, ... }:
 {
   imports = [
     (modulesPath + "/virtualisation/lxc-container.nix")
@@ -22,6 +22,16 @@
     # adguard = {
     #   upstreams = [ "127.0.0.1:5335" ];
     # };
+    caddy-proxy = {
+      enable = true;
+      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
+      proxyHosts = [
+        {
+          externalHostname = "blocky.datarift.nl";
+          proxyAddress = "127.0.0.1:4000";
+        }
+      ];
+    };
     nix-common = {
       enable = true;
       remote-builders = true;
@@ -88,6 +98,7 @@
     defaultSopsFile = ./secrets.yaml;
     secrets = {
       coredns-env = { };
+      caddy-env = { };
     };
   };
 

machines/valkyrie/kea/default.nix

@@ -15,41 +15,41 @@
             socket-name = "/run/kea/kea-dhcp4.socket";
           };
 
-          # option-def = [
-          #   {
-          #     space = "ubnt";
-          #     name = "unifi-address";
-          #     code = 1;
-          #     type = "ipv4-address";
-          #   }
-          # ];
+          option-def = [
+            {
+              space = "ubnt";
+              name = "unifi-address";
+              code = 1;
+              type = "ipv4-address";
+            }
+          ];
 
-          # client-classes = [
-          #   {
-          #     name = "ubnt";
-          #     test = "substring(option[60].hex,0,4) == 'ubnt'";
-          #     option-data = [
-          #       {
-          #         space = "ubnt";
-          #         name = "vendor-class-identifier";
-          #         code = 60;
-          #         data = "ubnt";
-          #       }
-          #       {
-          #         name = "vendor-encapsulated-options";
-          #         code = 43;
-          #       }
-          #     ];
-          #     option-def = [
-          #       {
-          #         name = "vendor-encapsulated-options";
-          #         code = 43;
-          #         type = "empty";
-          #         encapsulate = "ubnt";
-          #       }
-          #     ];
-          #   }
-          # ];
+          client-classes = [
+            {
+              name = "ubnt";
+              test = "substring(option[60].hex,0,4) == 'ubnt'";
+              option-data = [
+                {
+                  space = "dhcp4";
+                  name = "vendor-class-identifier";
+                  code = 60;
+                  data = "ubnt";
+                }
+                {
+                  name = "vendor-encapsulated-options";
+                  code = 43;
+                }
+              ];
+              option-def = [
+                {
+                  name = "vendor-encapsulated-options";
+                  code = 43;
+                  type = "empty";
+                  encapsulate = "ubnt";
+                }
+              ];
+            }
+          ];
 
           interfaces-config = {
             interfaces = [ "eth0" ];
@@ -75,12 +75,12 @@
                   name = "domain-name-servers";
                   data = "10.0.0.206";
                 }
-                # {
-                #   space = "ubnt";
-                #   name = "unifi-address";
-                #   code = 1;
-                #   data = "10.0.0.207";
-                # }
+                {
+                  space = "ubnt";
+                  name = "unifi-address";
+                  code = 1;
+                  data = "10.0.0.207";
+                }
               ];
 
               reservations = [

machines/valkyrie/secrets.yaml

@@ -1,4 +1,5 @@
-coredns-env: ENC[AES256_GCM,data:vsLJBvRJZPgvlny9IQb0WJai/D+JHFk5plz2L1y1Q6VDJQpSuFB1hene2JHXBGniij3ytUDVWOIeXjYxb0fyVDb0q7t9EDA5u1M=,iv:/HISs3OOAv996rFxsADdW74DiOogozRvD+l6+sFqbL0=,tag:ndIHOdTKPutyd+LqKMoVyA==,type:str]
+coredns-env: ENC[AES256_GCM,data:uBcKR82ESKixJIXNw6XEGu0S9lBAYzvF5nkIoLpP0OCQQnZjfXP4h+sRtaKS9umwyw2CzqEpVrxeEyP2QBdAWfVS4tOr2mWl1E8=,iv:a+tpGeslKBZUNOvG6XhPqS6JX4oVJbKa6vG03JaQDZg=,tag:XMW6xoS6qqKID6GngHgKpw==,type:str]
+caddy-env: ENC[AES256_GCM,data:BSzzxyVp676Ua3P4YpGageosFp6XbF8eWMjajh2MoyRnmmZNJ+ZOphoZiVd0SNjQypYRuIl3,iv:uB0MekCnnMl8YQHH3k3j8DPlUVyRbnfrM13gq0FxdrY=,tag:Je1e4mWVBQAREsE7WScrYw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -32,8 +33,8 @@ sops:
             MmRsQU43UDUyQ2ZVbWxvRWdBajYwWlEKDNaV/6gjIszP31b8kT+JZxiTWILqbQdR
             OKdTbC3XIiFBGpslr5QKJzj26dKsgYvmzEHuHgglZdvuX5EDmzTf5w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-03T09:07:22Z"
-    mac: ENC[AES256_GCM,data:AoDPnZopNrWnA6KZQ07We+Znl3yF7DRr2gF6HSL1M1Tnlqy1h8++/M3DNCOZgfZ6Dxluedy3JAuRyznJkbHgrB3qBUn8S3bf+M4UlXCR7ovXIqaQkfwRiCz4/RwOk0KYNO0YbYhdI9wFNVwqji40RfDLK8YY2SqOXC7yIzIB4p8=,iv:qmygqqj/iiDVJHrZB4ZlCYG5IkZsvC0Ixl937jLDeqY=,tag:3skyAFGytXJYRxlK3ukdvA==,type:str]
+    lastmodified: "2024-06-17T13:03:09Z"
+    mac: ENC[AES256_GCM,data:QhdsjE7S1mmyICidvF76URrMZwcLDL2kMF7TLLIRjpNQltB/UX/0JN6zMAe/st1IABucTEbkUvUOxRFqXI7m+ds6c/G/NQYeYrWs4usQ5S4wxmeZu+ybvQq20FhNHvdj0vh3rGpkAJirNjIx6IVbSMdhllCJpl/KXv2OmKLre50=,iv:0kiGKN0R6mHgNx5CZLP/Hefy84LgGR2Ez4jxim5R/4k=,tag:uswFxjGKGWp5dpiYdaFz0w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

modules/fonts/default.nix

@@ -8,11 +8,7 @@ with lib;
 let
   cfg = config.eboskma.fonts;
 
-  iosevka-buildplans = builtins.fromTOML (builtins.readFile "${pkgs.iosevka.src}/build-plans.toml");
-  iosevka-aile = pkgs.iosevka.override {
-    privateBuildPlan = iosevka-buildplans.buildPlans.IosevkaAile;
-    set = "aile";
-  };
+  iosevka-aile = pkgs.iosevka-bin.override { variant = "Aile"; };
 in
 {
   options.eboskma.fonts = {

modules/nix-common/default.nix

@@ -17,6 +17,11 @@ in
       type = with types; listOf str;
       default = [ ];
     };
+    gc-interval = mkOption {
+      description = "How often to run nix-collect-garbage";
+      type = types.str;
+      default = "weekly";
+    };
   };
 
   imports = [
@@ -82,7 +87,7 @@ in
 
       gc = {
         automatic = true;
-        dates = "weekly";
+        dates = cfg.gc-interval;
         options = "--delete-older-than 30d";
       };
     };

users/erwin/home.nix

@@ -238,7 +238,7 @@ in
             steam
             steamcmd
             steam-tui
-            # super-slicer-latest
+            super-slicer-beta
             units
             unzip
             vial