update and use kresd

briafzentrum.nix

@@ -19,7 +19,7 @@ with lib;
   networking.useDHCP = false;
   networking.interfaces.eth0.ipv4.addresses = [ { address = "83.133.178.166"; prefixLength = 28; } ];
   networking.defaultGateway = "83.133.178.161";
-  networking.nameservers = [ "::1" ];
+  networking.nameservers = [ "::1" "127.0.0.1" ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 25 ];
   networking.firewall.logRefusedConnections = false;
@@ -34,63 +34,15 @@ with lib;
   services.openssh.enable = true;
 
   users.extraUsers.root = {
-    initialHashedPassword = mkForce "$6$rounds=1000000$pAFNlOdBg.Ut$RJwIpzoSkdqUaxyLxtoFdgiR8UrtC/X1vd8W4dFGHDuZWW60J4qNAQ9DrozkmT6/AqBPQ8I2EWviDx.kloVkE.";
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs/VM56N9OsG/hK7LEwheHwptClBNPdBl/tIW8URWyQPsE0dN2FYAERsHom3I3IvAS3phfhYtLOwrQ+MqEt7u5f/E3CgdfvEFRER12arxlT/q3gSh5rUdq508fTjkUNmJr6Vul+BCZ7VeESa2yvvTesFqvdVP9NtpGbAusX/JCrXwQciygJ0hDuMdLFW8MmRzljDoBsyjz18MDaMzsGQddQuE+3uAzJ1NXZpNh+M+C6eLNe+QJQMb9VTPGB3Pc0cU0GWyXYpWTVkpJqJVe180ldMU9x2c2sBBcRM3N/UDn2MF3XQi3TdGO93AIcUHNCLmUvIdqz+DPdKzCt3c3HvHh fpletz@lolnovo"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK20Lv3TggAXcctelNGBxjcQeMB4AqGZ1tDCzY19xBUV fpletz@yolovo"
     ];
   };
 
-  environment.systemPackages = with pkgs; [ vim htop tmux iftop mailutils ];
+  environment.systemPackages = with pkgs; [ mailutils ];
 
-  services.unbound = {
-    enable = true;
-    allowedAccess = [ "::1" "127.0.0.1" ];
-    settings = {
-      server = {
-        port = 53;
-        interface = [ "::1" "127.0.0.1" ];
-        #interface-automatic: yes
-        so-reuseport = true;
-        num-threads = 1;
-        outgoing-range = 8192;
-        num-queries-per-thread = 4096;
-        #prefer-ip6 = true;
-
-        msg-cache-slabs = 1;
-        rrset-cache-slabs = 1;
-        infra-cache-slabs = 1;
-        key-cache-slabs = 1;
-
-        # more cache memory, rrset=msg*2
-        rrset-cache-size = "16m";
-        msg-cache-size = "8m";
-
-        # Larger socket buffer
-        so-rcvbuf = "2m";
-        so-sndbuf = "2m";
-
-        cache-min-ttl = 600;
-        cache-max-ttl = 86400;
-        cache-max-negative-ttl = 1;
-        qname-minimisation = true;
-        rrset-roundrobin = true;
-        prefetch = true;
-        use-caps-for-id = true;
-        hide-version = true;
-        hide-identity = true;
-
-        statistics-interval = 0;
-        extended-statistics = true;
-        statistics-cumulative = false;
-      };
-
-      remote-control = {
-        control-enable = true;
-        control-use-cert = false;
-      };
-    };
-  };
+  services.kresd.enable = true;
 
   services.redis.enable = true;
 

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1639161226,
-        "narHash": "sha256-75Y08ynJDTq6HHGIF+8IADBJSVip0UyWQH7jqSFnRR8=",
+        "lastModified": 1641870998,
+        "narHash": "sha256-6HkxR2WZsm37VoQS7jgp6Omd71iw6t1kP8bDbaqCDuI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "573095944e7c1d58d30fc679c81af63668b54056",
+        "rev": "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb",
         "type": "github"
       },
       "original": {

flake.nix

@@ -19,16 +19,15 @@
     colmena = {
       meta.nixpkgs = import nixpkgs { };
 
-      defaults = { name, pkgs, ... }: {
+      defaults = { name, pkgs, lib, ... }: {
         deployment.targetHost = "${name}.muc.ccc.de";
-        networking.hostName = name;
+        networking.hostName = lib.mkDefault name;
         time.timeZone = "UTC";
         environment.systemPackages = with pkgs; [
-          wget curl htop
+          wget curl htop iftop tmux
         ];
         programs.bash.enableCompletion = true;
         programs.vim.defaultEditor = true;
-        sound.enable = false;
         services.openssh.enable = true;
         nixpkgs.system = "x86_64-linux";
       };