flake.lock: Update

Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8' (2024-04-13) → 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15) • Updated input 'secrets': 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=fe08a4769ba195e2ee515967d33a520c8692420c' (2024-04-09) → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=17e318fd2ae0272999e89a43279298517b9444b4' (2024-04-15)
knot-resolver: chill cache size
2024-04-16 02:08:18 +02:00 · 2024-04-16 02:08:18 +02:00 · 2024-04-16 02:08:18 +02:00
6 changed files with 38 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@ -120,11 +120,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1713013257,
+        "lastModified": 1713145326,
-        "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
+        "narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
+        "rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
        "type": "github"
      },
      "original": {
@ -165,11 +165,11 @@
    },
    "secrets": {
      "locked": {
-        "lastModified": 1712706448,
+        "lastModified": 1713224959,
-        "narHash": "sha256-ekO1azljI9rKc5u+cRp+33Xe8VVxvDxxseXFvtypHI8=",
+        "narHash": "sha256-WnZVnnu1L/PyODRrjwU/K4xcJx4HlCX72Dm3KBzgSA0=",
        "ref": "refs/heads/master",
-        "rev": "fe08a4769ba195e2ee515967d33a520c8692420c",
+        "rev": "17e318fd2ae0272999e89a43279298517b9444b4",
-        "revCount": 16,
+        "revCount": 17,
        "type": "git",
        "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
      },
--- a/hosts/delta/knot-resolver.nix
+++ b/hosts/delta/knot-resolver.nix
@ -45,10 +45,9 @@
        "${config.security.acme.certs."caspervk.net".directory}/fullchain.pem",
        "${config.security.acme.certs."caspervk.net".directory}/key.pem"
      )
-      -- Cache is stored in /var/cache/knot-resolver, which is mounted as
+      -- Cache is stored in /var/cache/knot-resolver, which is mounted as tmpfs
      -- tmpfs. Allow using 90% of the partition for caching.
      -- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
-      cache.size = math.floor(cache.fssize() * 0.9)
+      cache.size = 1.5 * GB
      -- The predict module helps to keep the cache hot by prefetching
      -- records. Any time the resolver answers with records that are about to
      -- expire, they get refreshed.
--- a/hosts/sigma/acme.nix
+++ b/hosts/sigma/acme.nix
@ -0,0 +1,11 @@
 {...}: {
  security.acme.certs."caspervk.net" = {
    domain = "*.caspervk.net";
    reloadServices = [
      "caddy.service"
    ];
  };
  users.groups.acme.members = [
    "caddy"
  ];
 }
--- a/hosts/sigma/caddy.nix
+++ b/hosts/sigma/caddy.nix
@ -0,0 +1,3 @@
 {secrets, ...}: {
  services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
 }
--- a/hosts/sigma/default.nix
+++ b/hosts/sigma/default.nix
@ -3,9 +3,11 @@
    ../../overlays
    ../../modules/base
    ../../modules/server
-    ./hardware.nix
+    ./acme.nix
-    #./borg.nix
+    #./borg.nix TODO!
    ./caddy.nix
    ./gitea.nix
    ./hardware.nix
    ./network.nix
  ];
--- a/hosts/sigma/network.nix
+++ b/hosts/sigma/network.nix
@ -132,16 +132,23 @@
    allowedUDPPorts = lib.mkForce [];
    allowedTCPPortRanges = lib.mkForce [];
    allowedUDPPortRanges = lib.mkForce [];
    interfaces = {
      "enp5s0" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
          22 # SSH
        ];
      };
      "wg-sigma-public" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
          22 # SSH
          80 # Caddy
          443 # Caddy
        ];
      };
      "wg-sigma-p2p" = {
-        allowedTCPPorts = [1337];
+        allowedTCPPorts = [
          1337 # random testing (TODO)
        ];
      };
    };
  };