12 files changed, 66 insertions, 76 deletions

diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 2b80bbc..826563b 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -15,11 +15,7 @@ in {
       wan = "pppoe-wan";
       lanIP = hosts.omnia;
       staticLeases = {
-        "7c:b0:c2:bb:9c:ca" = hosts.albert;
         "4c:d5:77:0d:85:d9" = hosts.binky;
-        "b8:27:eb:49:54:5a" = hosts.mpd;
-      };
-      guestStaticLeases = {
         "f4:a9:97:a4:bd:59" = hosts.printer;
       };
     };
@@ -40,18 +36,20 @@ in {
     monitoring.speedtest = true;
   };
 
-  services.journald.extraConfig = ''
-    SystemMaxUse=8G
-  '';
+  services = {
+    journald.extraConfig = ''
+      SystemMaxUse=8G
+    '';
 
-  services.btrfs.autoScrub = {
-    enable = true;
-    fileSystems = ["/"];
-  };
+    btrfs.autoScrub = {
+      enable = true;
+      fileSystems = ["/"];
+    };
 
-  services.fail2ban = {
-    enable = true;
-    ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+    fail2ban = {
+      enable = true;
+      ignoreIP = ["10.8.0.0/24" "10.8.1.0/24"];
+    };
   };
 
   networking.useDHCP = false;
@@ -82,7 +80,7 @@ in {
         linkConfig.RequiredForOnline = "routable";
       };
       "lan-brlan" = {
-        matchConfig.Name = "lan4";
+        matchConfig.Name = "lan*";
         networkConfig.Bridge = "brlan";
         bridgeVLANs = [
           {
@@ -92,16 +90,6 @@ in {
           {VLAN = 2;}
         ];
       };
-      "lan-guest" = {
-        matchConfig.Name = "lan[0-3]";
-        networkConfig.Bridge = "brlan";
-        bridgeVLANs = [
-          {
-            EgressUntagged = 2;
-            PVID = 2;
-          }
-        ];
-      };
     };
   };
 
@@ -121,14 +109,21 @@ in {
       password 02
     '';
   };
-  systemd.services."pppd-wan" = {
-    after = ["sys-subsystem-net-devices-end2.device"];
-    partOf = ["systemd-networkd.service"];
+  systemd.services = {
+    "pppd-wan" = {
+      after = ["sys-subsystem-net-devices-end2.device"];
+      partOf = ["systemd-networkd.service"];
+      serviceConfig = {
+        Restart = "always";
+        StartLimitBurst = 0;
+      };
+    };
+    "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";
   };
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
-    iifname {"home", "wg"} oifname {"home", "wg"} accept
+    iifname "wg" oifname "home" accept
     iifname "home" oifname "guest" accept comment "Allow home to access guest devices"
   '';
 }
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 556ca5d..291aa54 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -198,7 +198,7 @@
     # Nextcloud ################################################################
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud32;
+      package = pkgs.nextcloud33;
       https = true;
       hostName = "cloud.cynerd.cz";
       datadir = "/nas/nextcloud";
@@ -266,18 +266,18 @@
           license = "agpl3Plus";
         };
         integration_gitlab = pkgs.fetchNextcloudApp {
-          url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v4.0.0/integration_gitlab-v4.0.0.tar.gz";
-          hash = "sha256-0CKvAiwdG6Llomo9ROu0KLdUq1xfjAwlO1e1/LYzL4s=";
-          license = "agpl3Plus";
-        };
-        money = pkgs.fetchNextcloudApp {
-          url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz";
-          hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4=";
+          url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v5.0.0/integration_gitlab-v5.0.0.tar.gz";
+          hash = "sha256-f0D9UrlX8bsf4BSTCzb9bN1gYKDlSY9JxmgO6el7HZw=";
           license = "agpl3Plus";
         };
+        #money = pkgs.fetchNextcloudApp {
+        #  url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz";
+        #  hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4=";
+        #  license = "agpl3Plus";
+        #};
         passwords = pkgs.fetchNextcloudApp {
-          url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz";
-          hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho=";
+          url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.1/passwords-lsr-81.tar.gz";
+          hash = "sha256-NqeGO1iJC98fqgsEE+WZOUiTTI9Du/zRPSw/w5g9e/E=";
           license = "agpl3Plus";
         };
       };
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index c2ef049..df19d82 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -119,6 +119,8 @@ in {
       defaultroute6
       #usepeerdns
       maxfail 1
+      #holdoff 5
+      #persist
       user metronet
       password metronet
     '';
@@ -126,6 +128,10 @@ in {
   systemd.services."pppd-wan" = {
     after = ["sys-subsystem-net-devices-end2.848.device"];
     partOf = ["systemd-networkd.service"];
+    serviceConfig = {
+      Restart = "always";
+      StartLimitBurst = 0;
+    };
   };
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix
index 6ce1b6b..54cc150 100644
--- a/nixos/configurations/zd-mox.nix
+++ b/nixos/configurations/zd-mox.nix
@@ -113,6 +113,8 @@ in {
       defaultroute
       defaultroute6
       maxfail 1
+      #holdoff 5
+      #persist
       # user and password added in secrets
     '';
   };
@@ -120,6 +122,10 @@ in {
     "pppd-wan" = {
       requires = ["sys-subsystem-net-devices-end0.848.device"];
       partOf = ["systemd-networkd.service"];
+      serviceConfig = {
+        Restart = "always";
+        StartLimitBurst = 0;
+      };
     };
     "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";
   };
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix
index d7d6a7c..912f55f 100644
--- a/nixos/modules/autounlock.nix
+++ b/nixos/modules/autounlock.nix
@@ -18,6 +18,7 @@ in {
   config = mkIf (cnf != {}) {
     environment.systemPackages = [pkgs.luks-hw-password];
     boot.initrd = {
+      systemd.enable = false;
       extraFiles."/luks-hw-password".source = pkgs.luks-hw-password;
       luks.devices =
         mapAttrs (name: value: {
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index c39f9d2..575b85e 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -172,7 +172,7 @@ in {
             freecad
             kicad
             sweethome3d.application
-            qelectrotech
+            #qelectrotech
             super-slicer
           ]
           ++ (optionals cnf.laptop [
@@ -291,7 +291,7 @@ in {
         enable = true;
         discovery = true;
       };
-      davfs2.enable = true;
+      #davfs2.enable = true; TODO!!!
 
       locate.enable = true;
 
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index 587477f..69c58bc 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -30,7 +30,7 @@ in {
       openssl
       tio
       vim-vint
-      nodePackages.vim-language-server
+      vim-language-server
       vale
       can-utils
 
@@ -64,7 +64,7 @@ in {
 
       # C
       clang-tools
-      massif-visualizer
+      #massif-visualizer
       elf-size-analyze
 
       # Python
@@ -164,6 +164,9 @@ in {
       linux-manual
       stdmanpages
 
+      # Writing documentation
+      docstrfmt
+
       # SHV
       (shvcli.withPlugins [python3Packages.shvcli-ell])
 
@@ -173,10 +176,10 @@ in {
       # S3
       rclone
     ];
-    programs.wireshark = {
-      enable = true;
-      package = pkgs.wireshark;
-    };
+    #programs.wireshark = {
+    #  enable = true;
+    #  package = pkgs.wireshark;
+    #};
 
     documentation = {
       nixos = {
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index 6d901e0..0263d1c 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -73,10 +73,8 @@ in {
         "omnia2" = "10.8.3.3";
         # Local
         "3dprint" = "10.8.3.80";
-        "mpd" = "10.8.3.51";
-        "printer" = "192.168.1.20";
+        "printer" = "10.8.3.20";
         # Portable
-        "albert" = "10.8.3.61";
         "binky" = "10.8.3.63";
       };
     };
@@ -109,10 +107,8 @@ in {
       "${cnf.adm.omnia}" = ["omnia.adm"];
       "10.8.3.2" = ["redmi.adm"];
       "${cnf.adm.omnia2}" = ["omnia2.adm"];
-      "${cnf.adm.albert}" = ["albert.adm"];
       "${cnf.adm.binky}" = ["binky.adm"];
-      "${cnf.adm."3dprint"}" = ["3dprint"];
-      "${cnf.adm.mpd}" = ["mpd.adm"];
+      "${cnf.adm.printer}" = ["printer.adm"];
     };
   };
 }
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index e8ba2a9..481854c 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -150,6 +150,7 @@ in {
             security = {
               admin_user = "cynerd";
               admin_password = "$__file{/run/secrets/grafana.admin.pass}";
+              secret_key = "SW2YcwTIb9zpOOhoPsMm";
             };
             server = {
               domain = "grafana.cynerd.cz";
diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix
index 40c1ed6..c70dcbc 100644
--- a/nixos/modules/openwrtone.nix
+++ b/nixos/modules/openwrtone.nix
@@ -56,7 +56,7 @@ in {
       };
 
       # Use OpenWrt One specific kernel. It fixes SError with patch.
-      kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linuxOpenWrtOne);
+      kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linux_7_0);
       kernelParams = [
         "fw_devlink=permissive"
         "clk_ignore_unused"
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
index e97229f..a85f14a 100644
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@@ -63,7 +63,7 @@ in {
       wakeonlan
       speedtest-cli
       librespeed-cli
-      termshark
+      #termshark
       w3m
 
       lm_sensors
diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix
index 56ca65a..e69afd1 100644
--- a/nixos/modules/wifi-adm.nix
+++ b/nixos/modules/wifi-adm.nix
@@ -16,16 +16,8 @@
         saePasswordsFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
       };
     };
-    "${cnf."${name}".interface}.nela" = {
-      bssid = elemAt cnf."${name}".bssids 1;
-      ssid = "Nela";
-      authentication = {
-        mode = "wpa2-sha256";
-        wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
-      };
-    };
     "${cnf."${name}".interface}.milan" = {
-      bssid = elemAt cnf."${name}".bssids 2;
+      bssid = elemAt cnf."${name}".bssids 1;
       ssid = "MILAN-AC";
       authentication = {
         mode = "wpa2-sha1";
@@ -48,23 +40,13 @@
         }
       ];
     };
-    "lan-${cnf."${name}".interface}.nela" = {
-      matchConfig.Name = "${cnf."${name}".interface}-nela";
-      networkConfig.Bridge = "brlan";
-      bridgeVLANs = [
-        {
-          EgressUntagged = 2;
-          PVID = 2;
-        }
-      ];
-    };
     "lan-${cnf."${name}".interface}.milan" = {
       matchConfig.Name = "${cnf."${name}".interface}.milan";
       networkConfig.Bridge = "brlan";
       bridgeVLANs = [
         {
-          EgressUntagged = 2;
-          PVID = 2;
+          EgressUntagged = 1;
+          PVID = 1;
         }
       ];
     };