config: minor changes and fixes

2026-01-09 15:10:24 +01:00 · 2025-10-04 16:57:45 +02:00 · 2025-10-04 16:57:45 +02:00 · 16afcd6838
commit 16afcd6838
parent d8a9db867c
6 changed files with 26 additions and 59 deletions
--- a/flake.lock
+++ b/flake.lock
@ -318,11 +318,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1751271578,
-        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
        "type": "github"
      },
      "original": {
--- a/hosts/thegeneralist-central/archive/default.nix
+++ b/hosts/thegeneralist-central/archive/default.nix
@ -5,7 +5,7 @@ let
  ssl = {
    forceSSL = true;
    quic = true;
-    useACMEHost = domain;
+    useACMEHost = acmeDomain;
  };
 in
 {
--- a/hosts/thegeneralist-central/dns.nix
+++ b/hosts/thegeneralist-central/dns.nix
@ -1,75 +1,42 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
-  internalZoneFile = pkgs.writeText "internal.zone" ''
-    $ORIGIN internal.thegeneralist01.com.
-    @   IN SOA  ns.internal.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025071801 ; serial (yyyymmddXX)
+  subdomains = [ "internal" "archive" "crawler" "r" "b" "s" "p" "q" "cloud" ];
+
+  mainZoneFile = pkgs.writeText "thegeneralist01.zone" ''
+    $ORIGIN thegeneralist01.com.
+    @   IN SOA  ns.thegeneralist01.com. thegeneralist01.proton.me. (
+          2025081501 ; serial (yyyymmddXX)
          3600       ; refresh
          600        ; retry
          86400      ; expire
          3600       ; minimum
    )
-        IN NS   ns.internal.thegeneralist01.com.
+        IN NS   ns.thegeneralist01.com.
    ns  IN A    100.86.129.23
    @   IN A    100.86.129.23
+    ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)}
  '';

-  archiveZoneFile = pkgs.writeText "archive.zone" ''
-    $ORIGIN archive.thegeneralist01.com.
-    @   IN SOA  ns.archive.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025073101 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.archive.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
-  '';
-
-  crawlerZoneFile = pkgs.writeText "crawler.zone" ''
-    $ORIGIN crawler.thegeneralist01.com.
-    @   IN SOA  ns.crawler.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025080801 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.crawler.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
+  forwarderBlock = ''
+    .:53 {
+      forward . 100.100.100.100 45.90.28.181 45.90.30.181
+      cache
+      log
+      errors
+    }
  '';
 in
 {
  services.coredns = {
    enable = true;
    config = ''
-      internal.thegeneralist01.com:53 {
-        file ${internalZoneFile}
+      thegeneralist01.com:53 {
+        file ${mainZoneFile}
        log
        errors
      }

-      archive.thegeneralist01.com:53 {
-        file ${archiveZoneFile}
-        log
-        errors
-      }
-
-      crawler.thegeneralist01.com:53 {
-        file ${crawlerZoneFile}
-        log
-        errors
-      }
-
-      .:53 {
-        forward . 100.100.100.100 45.90.28.181 45.90.30.181
-        cache
-        log
-        errors
-      }
+      ${forwarderBlock}
    '';
  };

--- a/hosts/thegeneralist-central/site.nix
+++ b/hosts/thegeneralist-central/site.nix
@ -14,7 +14,7 @@ in {
    package                       = pkgs.nginxQuic;
    enableQuicBPF                 = true;

-    recommendedZstdSettings       = true;
+    experimentalZstdSettings      = true;
    recommendedUwsgiSettings      = true;
    recommendedTlsSettings        = true;
    recommendedProxySettings      = true;
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@ -25,7 +25,7 @@ in {
      "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
    ];

-    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" ];
+    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" "jellyfin" ];

    builders-use-substitutes = true;
  };
--- a/modules/common/nushell/config.nu
+++ b/modules/common/nushell/config.nu
@ -22,7 +22,7 @@ $env.config.completions = {
    enable:      true
    max_results: 100
    completer:   {|tokens: list<string>|
-      let expanded = scope aliases | where name == $tokens.0 | get --ignore-errors expansion.0
+      let expanded = scope aliases | where name == $tokens.0 | get --optional expansion.0

      mut expanded_tokens = if $expanded != null and $tokens.0 != "cd" {
        $expanded | split row " " | append ($tokens | skip 1)