update, calibre, and wireguard on roam

2026-03-18 15:24:09 +01:00 · 2026-03-18 15:24:09 +01:00 · a6a5ff50df
commit a6a5ff50df
parent 15660bda99
5 changed files with 51 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@ -180,11 +180,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769939035,
-        "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
+        "lastModified": 1772893680,
+        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "a8ca480175326551d6c4121498316261cbb5b260",
+        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
        "type": "github"
      },
      "original": {
@ -265,11 +265,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772164835,
-        "narHash": "sha256-zRcwrZDeBfYipqv/7K7TqsfPb87LFU6b7JhoNUGSnvQ=",
+        "lastModified": 1773810247,
+        "narHash": "sha256-6Vz1Thy/1s7z+Rq5OfkWOBAdV4eD+OrvDs10yH6xJzQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2a39b0828bbffce0d73769a61e46e780488d098b",
+        "rev": "d47357a4c806d18a3e853ad2699eaec3c01622e7",
        "type": "github"
      },
      "original": {
@ -325,11 +325,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1771969195,
-        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
+        "lastModified": 1773533765,
+        "narHash": "sha256-qonGfS2lzCgCl59Zl63jF6dIRRpvW3AJooBGMaXjHiY=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
+        "rev": "f8e82243fd601afb9f59ad230958bd073795cbfe",
        "type": "github"
      },
      "original": {
@ -341,11 +341,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1771848320,
-        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
+        "lastModified": 1773734432,
+        "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
+        "rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
        "type": "github"
      },
      "original": {
@ -357,11 +357,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1770650459,
-        "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=",
+        "lastModified": 1773046814,
+        "narHash": "sha256-3CEw64UyzEk5QjfbcXNIl4TfmIpa2oY+duuo6aiawcU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378",
+        "rev": "0c6c0dd2469abaa216599bb19bbf77a328af6564",
        "type": "github"
      },
      "original": {
@ -454,11 +454,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1772064816,
-        "narHash": "sha256-ks1D9Rtmopd5F/8ENjEUJpSYYMxv603/v6TRen9Hq54=",
+        "lastModified": 1773599089,
+        "narHash": "sha256-3R+2SlbvKyYprAwWafUk7ATVKcJRBKlNhbm6Bn6t0HU=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "ea4dc17f4bc0f65eed082fa394509e4543072b56",
+        "rev": "7dfcb21d35a4e8de09b38d822a0e0b7d64d61192",
        "type": "gitlab"
      },
      "original": {
@ -520,11 +520,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772160053,
-        "narHash": "sha256-ZA8B+3MPfHmpZqzEzyjV8j3qQKq8LQitu5qEjSyZ+dQ=",
+        "lastModified": 1773802261,
+        "narHash": "sha256-yA91ySZRw9x7aLSy79LCWXt3l05lwNIfuNnGqz7Jy5A=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "104487aa06fdff228f52fc05f12808ea69c7daab",
+        "rev": "af36c53062b124e097e2a545c68eacfde3fc715b",
        "type": "github"
      },
      "original": {
--- a/host/roam/networking.nix
+++ b/host/roam/networking.nix
@ -1,9 +1,21 @@
-{ var, ... }:
+{
+  var,
+  config,
+  secrets,
+  ...
+}:
 let
  wireguard-port = 51820;
 in

 {
+  age.secrets.mullvad-vpn-key = {
+    file = secrets.roam."mullvad-vpn-key.age";
+    owner = "root";
+    group = "root";
+    mode = "440";
+  };
+
  networking = {
    enableIPv6 = true;

@ -48,6 +60,21 @@ in
        privateKeyFile = var.wg.keyFile;
        peers = var.wg.peers-for "roam";
      };
+      interfaces."mullvad" = {
+        ips = [
+          "10.69.173.41/32"
+          "fc00:bbbb:bbbb:bb01::6:ad28/128"
+        ]; # free cat
+        privateKeyFile = config.age.secrets.mullvad-vpn-key.path;
+        peers = [
+          {
+            name = "de-fra-wg-007";
+            publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys=";
+            allowedIPs = [ ];
+            endpoint = "de-fra-wg-007.relays.mullvad.net:51820";
+          }
+        ];
+      };
    };

  };
--- a/mod/desktop/software/default.nix
+++ b/mod/desktop/software/default.nix
@ -15,7 +15,7 @@ in
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      bitwarden-desktop
-      # calibre FIXME: broken atm
+      calibre
      colmena
      fuzzel
      gh
--- a/secrets.nix
+++ b/secrets.nix
@ -10,6 +10,7 @@ let
    "roam/nextcloud-admin-password"
    "hd-password"
    "tlskey"
+    "roam/mullvad-vpn-key"
  ];
  trusted-secrets = [
    # Can only be decrypted by clients
--- a/secrets/roam/mullvad-vpn-key.age
+++ b/secrets/roam/mullvad-vpn-key.age