about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-05-21 23:10:32 +0300
committerAzat Bahawi <azat@bahawi.net>2023-05-21 23:10:32 +0300
commitb07e10139c88d6060e57ca52b2dc12b17b53ac82 (patch)
tree5b5cddc2f47bddb8e8914aa66ae18d52cd519965
parent2023-05-06 (diff)
2023-05-21
-rw-r--r--flake.lock108
-rw-r--r--lib/default.nix2
-rw-r--r--modules/common/default.nix1
-rw-r--r--modules/common/emacs/doom/config.el8
-rw-r--r--modules/common/emacs/doom/init.el2
-rw-r--r--modules/common/emacs/doom/packages.el8
-rw-r--r--modules/common/mpv.nix2
-rw-r--r--modules/common/profiles/headful.nix1
-rw-r--r--modules/nixos/chromium.nix (renamed from modules/common/chromium.nix)0
-rw-r--r--modules/nixos/common/locale.nix12
-rw-r--r--modules/nixos/common/systemd.nix2
-rw-r--r--modules/nixos/default.nix1
-rw-r--r--modules/nixos/matrix/dendrite.nix20
-rw-r--r--modules/nixos/monitoring/default.nix18
-rw-r--r--modules/nixos/profiles/headful.nix7
-rw-r--r--modules/nixos/promtail.nix41
-rw-r--r--modules/nixos/syncthing.nix117
-rw-r--r--modules/nixos/unbound.nix17
-rw-r--r--nixosConfigurations/eonwe/default.nix16
-rw-r--r--nixosConfigurations/varda/default.nix8
20 files changed, 239 insertions, 152 deletions
diff --git a/flake.lock b/flake.lock
index 176bdc8..9758c4b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,16 +5,17 @@
         "darwin": [
           "darwin"
         ],
+        "home-manager": "home-manager",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1682101079,
-        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
+        "lastModified": 1684153753,
+        "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
+        "rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
         "type": "github"
       },
       "original": {
@@ -67,11 +68,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682873512,
-        "narHash": "sha256-/klMuyTFQLI3HgAPhh0il8RtXUvnLqylwFvlvCcd5Q8=",
+        "lastModified": 1683614365,
+        "narHash": "sha256-55hW0UQjQRJ6+xtMDpNI5mjxp/5QHNZuY1iqExqYdiM=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "75b869828b85755f940ee71b5ecbd824e8f20185",
+        "rev": "8b5d2c251cdd6c2fbcb86d0501a957cc94a14f10",
         "type": "github"
       },
       "original": {
@@ -121,11 +122,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682773107,
-        "narHash": "sha256-+h94XeJnG3uk5imJlBi/1lVmcfCbxHpwZp5u7n3Krwg=",
+        "lastModified": 1684343812,
+        "narHash": "sha256-ZTEjiC8PDKeP8JRchuwcFXUNlMcyQ4U+DpyVZ3pB6Q4=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "379d42fad6bc5c28f79d5f7ff2fa5f1c90cb7bf8",
+        "rev": "dfbdabbb3e797334172094d4f6c0ffca8c791281",
         "type": "github"
       },
       "original": {
@@ -236,15 +237,36 @@
     "home-manager": {
       "inputs": {
         "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1682203081,
+        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1683221986,
-        "narHash": "sha256-n688GK4wO2pZpI4gHOxj/PF85bzUMPEJ8B3Wd3cHSjk=",
+        "lastModified": 1684596126,
+        "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f3824311a16cbe70dbaeedc17a97dfcd11901c3f",
+        "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d",
         "type": "github"
       },
       "original": {
@@ -256,11 +278,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1682268411,
-        "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=",
+        "lastModified": 1684264534,
+        "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d",
+        "rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
         "type": "github"
       },
       "original": {
@@ -296,11 +318,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1683163598,
-        "narHash": "sha256-1mbFzocbp6qTMTZtgylIUKKBxQAvRfZN18l4zft5KSg=",
+        "lastModified": 1684287466,
+        "narHash": "sha256-Qo+tBZLEZZkQYZsbhOUswH5DsB23nDk/LCkzO5n3yoo=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "400056c5694a7ce5b7a97e446b64dee44c48d01c",
+        "rev": "5f4e13776ee0899b0aee4b253a8b733d899746a2",
         "type": "github"
       },
       "original": {
@@ -312,11 +334,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1683009613,
-        "narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=",
+        "lastModified": 1684169666,
+        "narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "7dc46304675f4ff2d6be921ef60883efd31363c4",
+        "rev": "71ce85372a614d418d5e303dd5702a79d1545c04",
         "type": "github"
       },
       "original": {
@@ -328,11 +350,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1683205728,
-        "narHash": "sha256-WF63FGzW3F3MHsUYkqbPyXrJgNR+gNOMAZDNoP5LYWE=",
+        "lastModified": 1684585791,
+        "narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f73acb5733244d0740c8181af30a58912427f5c6",
+        "rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
         "type": "github"
       },
       "original": {
@@ -344,11 +366,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1683236789,
-        "narHash": "sha256-BvCGBja7mzUqhbueGsGOyBlKPsnaVoA+HHmLkE6/QKs=",
+        "lastModified": 1684612454,
+        "narHash": "sha256-15vluZKXxC76FqAryST1QrUVE7Xlwkrs7lrPTQGYIz0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bbccd7d90372f5042b404ea74ead61d7df124384",
+        "rev": "8bf3e834daedadc6d0f4172616b2bdede1109c48",
         "type": "github"
       },
       "original": {
@@ -360,11 +382,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1683207485,
-        "narHash": "sha256-gs+PHt/y/XQB7S8+YyBLAM8LjgYpPZUVFQBwpFSmJro=",
+        "lastModified": 1684611397,
+        "narHash": "sha256-A65pyWfriRMqsjHlc9F19RKkMgY/EJqr7cBTcgxUo6Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cc45a3f8c98e1c33ca996e3504adefbf660a72d1",
+        "rev": "e31e2ce559a628995f6f564a80a2074b7f5dcd25",
         "type": "github"
       },
       "original": {
@@ -394,11 +416,11 @@
     "nmap-vulscan": {
       "flake": false,
       "locked": {
-        "lastModified": 1667425422,
-        "narHash": "sha256-NqRDzajxQilkvqfgRCjtplpSu4Q0fun0W3+IaK1aYWc=",
+        "lastModified": 1683781674,
+        "narHash": "sha256-X9z1TPFHaDEnjhn3MAgVsYx0SqXpK1U0mkmKN7aGXKk=",
         "owner": "scipag",
         "repo": "vulscan",
-        "rev": "a89e5b1372dfb2c07b37907537ac10a576532adf",
+        "rev": "7d62b8a4b111ffe258e45d9d994329996efe0a81",
         "type": "github"
       },
       "original": {
@@ -410,11 +432,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1683236736,
-        "narHash": "sha256-ruEH8oO2WLlZI8CSrKPmMbIFNO4/oEGeBwyTyszhw5Y=",
+        "lastModified": 1684612984,
+        "narHash": "sha256-XqWVrtHiY7r/NJMDS02i1kj3Q7BOU7BnfQfEd6v3ZIE=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "ee7b5b05842c7db8688a3a21f7c10e2eb8762882",
+        "rev": "3c932dd06b0a537b890e1fd3e31deceb1ac3dea3",
         "type": "github"
       },
       "original": {
@@ -466,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682596858,
-        "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=",
+        "lastModified": 1684195081,
+        "narHash": "sha256-IKnQUSBhQTChFERxW2AzuauVpY1HRgeVzAjNMAA4B6I=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "fb58866e20af98779017134319b5663b8215d912",
+        "rev": "96eabec58248ed8f4b0ad59e7ce9398018684fdc",
         "type": "github"
       },
       "original": {
@@ -491,7 +513,7 @@
         "flake-compat": "flake-compat",
         "flake-registry": "flake-registry",
         "flake-utils": "flake-utils",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "impermanence": "impermanence",
         "nix-minecraft": "nix-minecraft",
         "nixos-hardware": "nixos-hardware",
@@ -524,11 +546,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1671738303,
-        "narHash": "sha256-PRgqtaWf2kMSYqVmcnmhTh+UsC0RmvXRTr+EOw5VZUA=",
+        "lastModified": 1684048308,
+        "narHash": "sha256-JcQe0Zmov/32L+GQ+O+H8Qoll+jjvkcrd8/TNtE6TBY=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "6d0d9fb966cc565a3df74d3b686f924c7615118c",
+        "rev": "c04e4f22da48319d15593a2c942431744c12f27c",
         "type": "gitlab"
       },
       "original": {
diff --git a/lib/default.nix b/lib/default.nix
index 9e9cc1a..de013c2 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -14,8 +14,6 @@ lib: _: rec {
     assert exponent > 0;
       builtins.foldl' (x: _: x * base) 1 (builtins.genList _ exponent);
 
-  comcat = builtins.concatStringsSep ",";
-
   mapListToAttrs = f: xs:
     builtins.listToAttrs (map (name: {
         name =
diff --git a/modules/common/default.nix b/modules/common/default.nix
index b722cae..a159a87 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -3,7 +3,6 @@ _: {
     ./alacritty.nix
     ./aria2.nix
     ./bat.nix
-    ./chromium.nix
     ./common
     ./curl.nix
     ./direnv.nix
diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el
index 589b993..d726406 100644
--- a/modules/common/emacs/doom/config.el
+++ b/modules/common/emacs/doom/config.el
@@ -122,10 +122,10 @@
 (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 60)
 
 (setq-hook! 'mu4e-compose-mode-hook sendmail-program (executable-find "msmtp")
-                                    send-mail-function #'sendmail-send-it
-                                    message-send-mail-function #'message-send-mail-with-sendmail
-                                    message-sendmail-extra-arguments '("--read-envelope-from")
-                                    message-sendmail-f-is-evil t)
+            send-mail-function #'sendmail-send-it
+            message-send-mail-function #'message-send-mail-with-sendmail
+            message-sendmail-extra-arguments '("--read-envelope-from")
+            message-sendmail-f-is-evil t)
 
 ;;
 ;;; Circe
diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el
index 764c25e..b0a7f4a 100644
--- a/modules/common/emacs/doom/init.el
+++ b/modules/common/emacs/doom/init.el
@@ -90,7 +90,7 @@
        (kotlin +lsp +tree-sitter)
        (latex +lsp +tree-sittter)
        (markdown +lsp +tree-sitter)
-       (nix +lsp)
+       (nix +lsp +tree-sitter)
        (org +pandoc +roam2)
        plantuml
        (python +lsp +tree-sitter)
diff --git a/modules/common/emacs/doom/packages.el b/modules/common/emacs/doom/packages.el
index 5df21b6..a8e52eb 100644
--- a/modules/common/emacs/doom/packages.el
+++ b/modules/common/emacs/doom/packages.el
@@ -1,6 +1,5 @@
 (disable-packages! writegood-mode)
 
-(unpin! org-roam)
 (package! org-roam
   :recipe (:host github
            :repo "org-roam/org-roam"
@@ -10,7 +9,12 @@
            :repo "org-roam/org-roam-ui"
            :branch "main"))
 
-;; (package! hledger-mode)
+(package! tree-sitter
+  :recipe (:host github
+           :repo "azahi/elisp-tree-sitter"
+           :branch "master"))
+
+(package! hledger-mode)
 
 (package! kubernetes)
 (package! kubernetes-evil)
diff --git a/modules/common/mpv.nix b/modules/common/mpv.nix
index afab1dd..0421d62 100644
--- a/modules/common/mpv.nix
+++ b/modules/common/mpv.nix
@@ -46,7 +46,7 @@ in {
         };
 
         config = let
-          lang = comcat [
+          lang = concatStringsSep "," [
             "Japanese"
             "japanese"
             "jp"
diff --git a/modules/common/profiles/headful.nix b/modules/common/profiles/headful.nix
index e5490b5..f51ecc8 100644
--- a/modules/common/profiles/headful.nix
+++ b/modules/common/profiles/headful.nix
@@ -36,6 +36,7 @@ in {
           ripgrep
           ripgrep-all
           sd
+          tldr
         ];
       };
     };
diff --git a/modules/common/chromium.nix b/modules/nixos/chromium.nix
index 4f0ae12..4f0ae12 100644
--- a/modules/common/chromium.nix
+++ b/modules/nixos/chromium.nix
diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix
index 62d19f4..7529996 100644
--- a/modules/nixos/common/locale.nix
+++ b/modules/nixos/common/locale.nix
@@ -12,9 +12,15 @@ with lib; {
   };
 
   services.xserver = {
-    layout = comcat ["us" "ru"];
-    xkbVariant = comcat ["" "phonetic"];
-    xkbOptions = comcat [
+    layout = concatStringsSep "," [
+      "us"
+      "ru"
+    ];
+    xkbVariant = concatStringsSep "," [
+      ""
+      "phonetic"
+    ];
+    xkbOptions = concatStringsSep "," [
       "terminate:ctrl_alt_bksp"
       "caps:escape"
       "compose:menu"
diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix
index 29020a0..4e9eb26 100644
--- a/modules/nixos/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
@@ -4,6 +4,8 @@
     directories = ["/var/lib/systemd/coredump"];
   };
 
+  my.extraGroups = ["systemd-journal"];
+
   hm.systemd.user.startServices = "sd-switch";
 
   services.journald.extraConfig = ''
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 3c6e61b..f8347cf 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -5,6 +5,7 @@ _: {
     ./android.nix
     ./beets.nix
     ./bluetooth.nix
+    ./chromium.nix
     ./common
     ./discord.nix
     ./docker.nix
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index d9c4914..d7c7b18 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -67,6 +67,7 @@ in {
             };
           };
         };
+
         postgresql = {
           enable = true;
           extraPostStart = [
@@ -75,6 +76,25 @@ in {
             ''
           ];
         };
+
+        # Silence annoying errors when connecting to poorly configured federated
+        # homeservers.
+        promtail.filters = [
+          {
+            match = {
+              selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"'';
+              action = "drop";
+              drop_counter_reason = "noisy_error";
+            };
+          }
+          {
+            match = {
+              selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"'';
+              action = "drop";
+              drop_counter_reason = "noisy_error";
+            };
+          }
+        ];
       };
 
       services.postgresql = {
diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix
index 37e34d9..7f62874 100644
--- a/modules/nixos/monitoring/default.nix
+++ b/modules/nixos/monitoring/default.nix
@@ -122,8 +122,6 @@ in {
       loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}";
 
       prometheus = {
-        # It would be nice if these could be generated dynamically. That would
-        # require a complete rework of how configurations are defined, though.
         scrapeConfigs = with my.configurations;
           mapAttrsToList
           (
@@ -144,13 +142,15 @@ in {
                     hosts;
                 }
               ];
-              relabel_configs = [
-                {
-                  source_labels = ["__address__"];
-                  regex = "([^:]+):\\d+";
-                  target_label = "instance";
-                }
-              ];
+              relabel_configs =
+                [
+                  {
+                    source_labels = ["__address__"];
+                    regex = "([^:]+):\\d+";
+                    target_label = "instance";
+                  }
+                ]
+                ++ optionals (hasAttr "relabel" value) value.relabel;
             }
           )
           {
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 3bdf8fd..9e2b7a3 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -109,6 +109,11 @@ in {
 
     environment.systemPackages = with pkgs; [lm_sensors];
 
-    my.extraGroups = ["audio" "video" "input"];
+    my.extraGroups = [
+      "audio"
+      "input"
+      "render"
+      "video"
+    ];
   };
 }
diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix
index d52384a..157eb72 100644
--- a/modules/nixos/promtail.nix
+++ b/modules/nixos/promtail.nix
@@ -21,6 +21,12 @@ in {
       type = with types; str;
       default = "https://${config.nixfiles.modules.loki.domain}";
     };
+
+    filters = mkOption {
+      description = ''Filters to use with "scrape_config.pipeline_stages".'';
+      type = with types; listOf attrs;
+      default = [];
+    };
   };
 
   config = mkIf cfg.enable {
@@ -56,7 +62,7 @@ in {
         scrape_configs = [
           {
             job_name = "journal";
-            journal.max_age = "12h";
+            journal.max_age = "24h";
             relabel_configs =
               map (n: let
                 label = toLower n;
@@ -74,12 +80,12 @@ in {
 
                 "MESSAGE"
                 # "MESSAGE_ID"
-                # "PRIORITY"
+                "PRIORITY"
                 # "CODE_FILE"
                 # "CODE_LINE"
                 # "CODE_FUNC"
                 # "ERRNO"
-                # "SYSLOG_FACILITY"
+                "SYSLOG_FACILITY"
                 "SYSLOG_IDENTIFIER"
                 # "SYSLOG_PID"
                 # "_PID"
@@ -93,8 +99,8 @@ in {
                 # "_AUDIT_LOGINUID"
                 # "_SYSTEMD_CGROUP"
                 # "_SYSTEMD_SESSION"
-                "_SYSTEMD_UNIT"
-                "_SYSTEMD_USER_UNIT"
+                # "_SYSTEMD_UNIT"
+                # "_SYSTEMD_USER_UNIT"
                 # "_SYSTEMD_OWNER_UID"
                 # "_SYSTEMD_SLICE"
                 # "_SELINUX_CONTEXT"
@@ -106,23 +112,16 @@ in {
                 # "__CURSOR"
                 # "__REALTIME_TIMESTAMP"
                 # "__MONOTONIC_TIMESTAMP"
+              ]
+              ++ [
+                {
+                  # This is weird. I can't find where is this defined in the
+                  # source code but apparently it exists.
+                  source_labels = ["__journal_priority_keyword"];
+                  target_label = "level";
+                }
               ];
-            pipeline_stages = [
-              {
-                match = {
-                  selector = ''{systemd_unit="dendrite.service"} |~ ".*Failed to fetch key for server.*"'';
-                  action = "drop";
-                  drop_counter_reason = "noisy_error";
-                };
-              }
-              {
-                match = {
-                  selector = ''{systemd_unit="dendrite.service"} |~ ".*could not download key for.*"'';
-                  action = "drop";
-                  drop_counter_reason = "noisy_error";
-                };
-              }
-            ];
+            pipeline_stages = cfg.filters;
           }
         ];
       };
diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix
index b0d98bc..faf6723 100644
--- a/modules/nixos/syncthing.nix
+++ b/modules/nixos/syncthing.nix
@@ -48,74 +48,77 @@ in {
         key = config.secrets."syncthing-key-${this.hostname}".path;
 
         overrideDevices = true;
-        devices = mapAttrs (name: attr:
-          mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) {
-            inherit (attr.syncthing) id;
-            addresses = ["tcp://${name}.${config.networking.domain}:22000"];
-            introducer = this.isHeadless;
-          })
-        my.configurations;
-
         overrideFolders = true;
-        folders = let
-          filterDevices = f:
-            attrNames (filterAttrs (_: attr:
-              (attr.hostname != this.hostname)
-              && (attr.syncthing.id != null)
-              && f attr)
-            my.configurations);
-          all = filterDevices (_: true);
-          notHeadless = filterDevices (attr: !attr.isHeadless);
-          notOther = filterDevices (attr: !attr.isOther);
 
-          simple = {
-            type = "simple";
-            params.keep = "5";
-          };
-          trashcan = {
-            type = "trashcan";
-            params.cleanoutDays = "7";
-          };
-        in
-          with config.hm.xdg.userDirs; {
-            share = {
-              path = publicShare;
-              devices = notHeadless;
-              versioning = trashcan;
-            };
-            pass = {
-              path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR;
-              devices = notOther;
-              versioning = trashcan;
-            };
-            org = {
-              path = "${documents}/org";
-              devices = all;
-              versioning = simple;
-            };
-            roam = {
-              path = "${documents}/roam";
-              devices = notOther;
-              versioning = simple;
+        settings = {
+          devices = mapAttrs (name: attr:
+            mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) {
+              inherit (attr.syncthing) id;
+              addresses = ["tcp://${name}.${config.networking.domain}:22000"];
+              introducer = this.isHeadless;
+            })
+          my.configurations;
+
+          folders = let
+            filterDevices = f:
+              attrNames (filterAttrs (_: attr:
+                (attr.hostname != this.hostname)
+                && (attr.syncthing.id != null)
+                && f attr)
+              my.configurations);
+            all = filterDevices (_: true);
+            notHeadless = filterDevices (attr: !attr.isHeadless);
+            notOther = filterDevices (attr: !attr.isOther);
+
+            simple = {
+              type = "simple";
+              params.keep = "5";
             };
-            elfeed = {
-              path = "${config.my.home}/.elfeed";
-              devices = notOther;
-              versioning = trashcan;
+            trashcan = {
+              type = "trashcan";
+              params.cleanoutDays = "7";
             };
-            books = {
-              path = "${documents}/books";
-              devices = notOther;
-              versioning = trashcan;
+          in
+            with config.hm.xdg.userDirs; {
+              share = {
+                path = publicShare;
+                devices = notHeadless;
+                versioning = trashcan;
+              };
+              pass = {
+                path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR;
+                devices = notOther;
+                versioning = trashcan;
+              };
+              org = {
+                path = "${documents}/org";
+                devices = all;
+                versioning = simple;
+              };
+              roam = {
+                path = "${documents}/roam";
+                devices = notOther;
+                versioning = simple;
+              };
+              elfeed = {
+                path = "${config.my.home}/.elfeed";
+                devices = notOther;
+                versioning = trashcan;
+              };
+              books = {
+                path = "${documents}/books";
+                devices = notOther;
+                versioning = trashcan;
+              };
             };
-          };
 
-        extraOptions = {
           gui = {
             insecureAdminAccess = true;
             insecureSkipHostcheck = this.isHeadless;
           };
+
           options = {
+            testOption = false;
             autoUpgradeIntervalH = 0;
             crashReportingEnabled = false;
             globalAnnounceEnabled = false;
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 7805b02..c9d45f2 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -24,7 +24,22 @@ in {
     mkIf cfg.enable {
       ark.directories = [config.services.unbound.stateDir];
 
-      nixfiles.modules.redis.enable = true;
+      nixfiles.modules = {
+        redis.enable = true;
+
+        promtail.filters = [
+          {
+            match = {
+              # Should be fixed[1] in the next release.
+              #
+              # [1]: https://github.com/NLnetLabs/unbound/commit/d7e776114114c16816570e48ab3a27eedc401a0e
+              selector = ''{syslog_identifier="unbound"} |~ ".*could not SSL_read crypto.*"'';
+              action = "drop";
+              drop_counter_reason = "noisy_error";
+            };
+          }
+        ];
+      };
 
       services = {
         unbound = {
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index 5de3315..1545925 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -16,7 +16,7 @@ with lib; {
 
     games = {
       lutris.enable = true;
-      # minecraft.client.enable = true; # FIXME Build fails.
+      minecraft.client.enable = true;
       steam.enable = true;
       steam-run.quirks.crusaderKings3 = true;
     };
@@ -81,10 +81,14 @@ with lib; {
     cores = 32;
   };
 
+  # Required[1] for using ZFS kernel modules with "unsupported" kernels.
+  #
+  # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344
+  # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615
+  nixpkgs.config.allowBroken = true;
+
   boot = {
-    # TODO Override Xanmod kernel to support ZFS. This probably will require
-    # some patching.
-    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    kernelPackages = pkgs.linuxPackages_xanmod;
 
     kernelParams = [
       # Silence benign MCE errors:
@@ -94,8 +98,8 @@ with lib; {
       # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
       # ```
       "mce=nobootlog"
-      # This disables[1] User Mode Instruction Protection (UMIP)[2]. Required
-      # for some games to run via Wine.
+      # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is
+      # required for some games to run via Wine.
       #
       # [1]: https://docs.kernel.org/x86/cpuinfo.html
       # [2]: https://en.wikichip.org/wiki/x86/umip
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index 2ff8993..230521e 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -22,6 +22,14 @@ with lib; {
       "virtio_pci"
       "virtio_scsi"
     ];
+
+    # https://github.com/NixOS/nixpkgs/issues/89025
+    # https://forum.netcup.de/administration-of-a-server-vserver/vserver-server-kvm-server/p67571-icmpv6-ra-ndisc-router-discovery-failed-to-add-default-route/#post67571
+    # https://superuser.com/questions/33196/how-to-disable-autoconfiguration-on-ipv6-in-linux
+    kernel.sysctl = {
+      "net.ipv6.conf.all.autoconf" = 0;
+      "net.ipv6.conf.all.accept_ra" = 0;
+    };
   };
 
   fileSystems = {

Consider giving Nix/NixOS a try! <3