Update nixpkgs 2025-10-25-01-03

hosts/carbon: Change DSL uplink to netcologne
hosts/clerie-backup: Export metrics for backup replication to Hetzner
2025-10-25 03:03:19 +02:00 · 2025-10-24 21:36:41 +02:00 · 2025-10-24 18:13:24 +02:00 · 2025-10-07 19:11:22 +02:00 · 2025-09-27 18:43:16 +02:00 · 2025-09-26 15:51:55 +02:00
11 changed files with 60 additions and 35 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -666,11 +666,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1758427187,
-        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
+        "lastModified": 1761114652,
+        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
+        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
        "type": "github"
      },
      "original": {
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -39,7 +39,7 @@
  networking.nat = {
    enableIPv6 = true;
    enable = true;
-    externalInterface = "ppp-dtagdsl";
+    externalInterface = "ppp-ncfttb";
    internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"];
    internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ];
  };
--- a/hosts/carbon/net-dsl.nix
+++ b/hosts/carbon/net-dsl.nix
@@ -3,17 +3,17 @@
 {

  ## DSL-Uplink
-  networking.vlans."enp1s0.7" = {
-    id = 7;
+  networking.vlans."enp1s0.10" = {
+    id = 10;
    interface = "enp1s0";
  };
-  networking.vlans."enp3s0.7" = {
-    id = 7;
+  networking.vlans."enp3s0.10" = {
+    id = 10;
    interface = "enp3s0";
  };
  networking.bridges."net-dsl".interfaces = [
-    "enp1s0.7"
-    "enp3s0.7"
+    "enp1s0.10"
+    "enp3s0.10"
  ];

 }
--- a/hosts/carbon/net-gastnetz.nix
+++ b/hosts/carbon/net-gastnetz.nix
@@ -61,7 +61,7 @@

  # net-gastnetz can only access internet
  clerie.firewall.extraForwardFilterCommands = ''
-    ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT
+    ip46tables -A forward-filter -i net-gastnetz -o ppp-ncfttb -j ACCEPT
    ip46tables -A forward-filter -i net-gastnetz -j DROP
    ip46tables -A forward-filter -o net-gastnetz -j DROP
  '';
--- a/hosts/carbon/ppp.nix
+++ b/hosts/carbon/ppp.nix
@@ -4,11 +4,11 @@

  services.pppd = {
    enable = true;
-    peers.dtagdsl = {
+    peers.ncfttb = {
      config = ''
        plugin pppoe.so net-dsl
-        user "''${PPPD_DTAGDSL_USERNAME}"
-        ifname ppp-dtagdsl
+        user "''${PPPD_NETCOLOGNE_USERNAME}"
+        ifname ppp-ncfttb
        persist
        maxfail 0
        holdoff 5
@@ -24,9 +24,9 @@
    };
  };

-  environment.etc."ppp/peers/dtagdsl".enable = false;
+  environment.etc."ppp/peers/ncfttb".enable = false;

-  systemd.services."pppd-dtagdsl".serviceConfig = let
+  systemd.services."pppd-ncfttb".serviceConfig = let
    preStart = ''
      mkdir -p /etc/ppp/peers

@@ -34,22 +34,22 @@
      umask u=rw,g=,o=

      # Copy config and substitute username
-      rm -f /etc/ppp/peers/dtagdsl
-      ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
+      rm -f /etc/ppp/peers/ncfttb
+      ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/ncfttb".source}" > /etc/ppp/peers/ncfttb

      # Copy login secrets
      rm -f /etc/ppp/pap-secrets
-      cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets
+      cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/pap-secrets
      rm -f /etc/ppp/chap-secrets
-      cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets
+      cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/chap-secrets
    '';

    preStartFile = pkgs.writeShellApplication {
-      name = "pppd-dtagdsl-pre-start";
+      name = "pppd-ncfttb-pre-start";
      text = preStart;
    };
  in {
-    EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path;
+    EnvironmentFile = config.sops.secrets.pppd-ncfttb-username.path;
    ExecStartPre = [
      # "+" marks script to be executed without priviledge restrictions
      "+${lib.getExe preStartFile}"
--- a/hosts/carbon/secrets.json
+++ b/hosts/carbon/secrets.json
@@ -1,21 +1,17 @@
 {
 	"wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]",
-	"pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]",
-	"pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]",
+	"pppd-ncfttb-username": "ENC[AES256_GCM,data:vyOCNm23xsD3Kj+R7zqnBjH4jEIfYpx/YUUGPcVzqMs9pnFEembahtFTl2sNzOFXLfYCYg==,iv:gMfi/6jldkXCnfdvhu5X1VKj58sVsPR8IX8iEECPfgk=,tag:PJGyIASP6RPAdVULEnn+Gg==,type:str]",
+	"pppd-ncfttb-secrets": "ENC[AES256_GCM,data:IEAguET78vdzRo47UvxbDdz+kKgYWVxYakPPu5rNAZ4BCui7DUG3qm2X9bBdHSMA,iv:Q8D58HXkCoVbqwFoYk+dizXNcEP1J63uMaDSNEzfg2g=,tag:R/xG3owmbVDOLM79sfBQjA==,type:str]",
 	"wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]",
 	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-08-13T14:06:43Z",
-		"mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]",
+		"lastmodified": "2025-10-24T19:16:49Z",
+		"mac": "ENC[AES256_GCM,data:ADhCQ7JxrEq+5ssevuuQVf3uyHcrcNVSzdT8bkFfDFVEE1hKv8q9QsGxhIaKtv4N2gt079fy0YA+WFKH6H8zWb5ONepH4H/mAek2SYgAtmVsxwdWY13zswsJUPi2CfbaCWOqppb9IiDb8+RCbzY2u/8Qqwk8gx/0uw2hr3IJrhM=,iv:c1/TS+W4pQgh2oPT77LX+dUL929YppRYdZCmMl2yN+M=,tag:fTk1sxdeT9xFjDMhqiHZAg==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-05-10T13:05:56Z",
@@ -24,6 +20,6 @@
 			}
 		],
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
+		"version": "3.10.2"
 	}
 }
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@@ -52,6 +52,11 @@
      environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
      compression = "auto,lzma";
      startAt = "*-*-* 04:07:00";
+
+      readWritePaths = [ "/var/lib/prometheus-node-exporter/textfiles" ];
+      postPrune = ''
+        echo "backup_replication_hetzner_last_successful_run_time $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/backup-replication-hetzner.prom
+      '';
    };
  };

--- a/hosts/krypton/programs.nix
+++ b/hosts/krypton/programs.nix
@@ -11,6 +11,8 @@
    signal-desktop
    dino
    fractal
+    tuba
+    flare-signal

    tio
    xournalpp
@@ -23,6 +25,7 @@
    wireshark
    tcpdump
    nmap
+    pkgs."http.server"

    kdePackages.okular
    chromium-incognito
--- a/hosts/storage-2/mixcloud.nix
+++ b/hosts/storage-2/mixcloud.nix
@@ -53,17 +53,23 @@ in {
    "mixcloud.clerie.de" = {
      enableACME = true;
      forceSSL = true;
+      basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
      locations."/" = {
        alias = "/data/mixcloud/";
-        basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
        '';
      };
+      locations."/api/" = {
+        alias = "/data/mixcloud/";
+        extraConfig = ''
+          autoindex on;
+          autoindex_format json;
+        '';
+      };
      locations."/media/" = {
        alias = "/data/media/";
-        basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
--- a/pkgs/http.server/default.nix
+++ b/pkgs/http.server/default.nix
@@ -0,0 +1,14 @@
+{
+  python3,
+  writeShellApplication,
+}:
+
+writeShellApplication {
+  name = "http.server";
+  text = ''
+    python3 -m http.server "$@"
+  '';
+  runtimeInputs = [
+    python3
+  ];
+}
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -22,6 +22,7 @@ final: prev: {
  git-pp = final.callPackage ./git-pp {};
  git-show-link = final.callPackage ./git-show-link {};
  grow-last-partition-and-filesystem = final.callPackage ./grow-last-partition-and-filesystem {};
+  "http.server" = final.callPackage ./http.server {};
  nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
  nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
  nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
Author	SHA1	Message	Date
Flake Update Bot	852ea7aeb6	Update nixpkgs 2025-10-25-01-03	2025-10-25 03:03:19 +02:00
clerie	44afbff445	hosts/carbon: Change DSL uplink to netcologne	2025-10-24 21:36:41 +02:00
clerie	92817fdcad	hosts/clerie-backup: Export metrics for backup replication to Hetzner	2025-10-24 18:13:24 +02:00
clerie	e8cca7b1b6	pkgs/http.server: Add shortcut command for python3 http.server	2025-10-07 19:11:22 +02:00
clerie	102509b9a8	hosts/krypton: Add tuba and flare apps	2025-09-27 18:43:16 +02:00
clerie	eaa4ee6d05	hosts/storage-2: Provide mixcloud directory listing as json too	2025-09-26 15:51:55 +02:00