chore: update flake, disable unifi by default

config/graphical/fonts.nix

@@ -27,13 +27,13 @@
       </fontconfig>
     '';
 
-    packages = with pkgs; [
+    packages = [
-      (pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
+      pkgs.nerd-fonts.symbols-only
-      noto-fonts
+      pkgs.noto-fonts
-      noto-fonts-cjk-sans
+      pkgs.noto-fonts-cjk-sans
-      noto-fonts-cjk-serif
+      pkgs.noto-fonts-cjk-serif
-      noto-fonts-emoji
+      pkgs.noto-fonts-emoji
-      noto-fonts-extra
+      pkgs.noto-fonts-extra
     ];
   };
 

config/users.nix

@@ -41,5 +41,6 @@
       actual = uidGid 970;
       flatpak = uidGid 969;
       plugdev.gid = 967;
+      unifi = uidGid 968;
     };
 }

flake.lock

@@ -36,11 +36,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1732704340,
+        "lastModified": 1734208773,
-        "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=",
+        "narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=",
         "owner": "oddlama",
         "repo": "agenix-rekey",
-        "rev": "662522cf89fde332157e527b4322d614598631d9",
+        "rev": "1472730015a2b3da0de09d9f1538bab3a816f618",
         "type": "github"
       },
       "original": {
@@ -368,11 +368,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732742778,
+        "lastModified": 1734343412,
-        "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=",
+        "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8",
+        "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19",
         "type": "github"
       },
       "original": {
@@ -669,11 +669,11 @@
         "nixpkgs-lib": "nixpkgs-lib_3"
       },
       "locked": {
-        "lastModified": 1730504689,
+        "lastModified": 1733312601,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
         "type": "github"
       },
       "original": {
@@ -708,11 +708,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730504689,
+        "lastModified": 1733312601,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
         "type": "github"
       },
       "original": {
@@ -762,11 +762,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1726560853,
+        "lastModified": 1731533236,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -901,11 +901,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732021966,
+        "lastModified": 1734279981,
-        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
+        "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
+        "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
         "type": "github"
       },
       "original": {
@@ -1092,16 +1092,16 @@
     "gnome-shell": {
       "flake": false,
       "locked": {
-        "lastModified": 1713702291,
+        "lastModified": 1732369855,
-        "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
+        "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
         "owner": "GNOME",
         "repo": "gnome-shell",
-        "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
+        "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
         "type": "github"
       },
       "original": {
         "owner": "GNOME",
-        "ref": "46.1",
+        "ref": "47.2",
         "repo": "gnome-shell",
         "type": "github"
       }
@@ -1113,11 +1113,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732793095,
+        "lastModified": 1734344598,
-        "narHash": "sha256-6TrknJ8CpvSSF4gviQSeD+wyj3siRcMvdBKhOXkEMKU=",
+        "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f7739d01080feb4549524e8f6927669b61c6ee3",
+        "rev": "83ecd50915a09dca928971139d3a102377a8d242",
         "type": "github"
       },
       "original": {
@@ -1134,11 +1134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732482255,
+        "lastModified": 1734093295,
-        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
+        "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
+        "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8",
         "type": "github"
       },
       "original": {
@@ -1174,11 +1174,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1731242966,
+        "lastModified": 1734200366,
-        "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
+        "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
+        "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
         "type": "github"
       },
       "original": {
@@ -1237,11 +1237,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1732633513,
+        "lastModified": 1734041466,
-        "narHash": "sha256-6LmtOmeDpv9iHS8l0GNcppP11dKIJFMZLdFyxQ+qQBM=",
+        "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "093ef734d3c37669860043a87dbf1c09fc6f5b38",
+        "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3",
         "type": "github"
       },
       "original": {
@@ -1344,11 +1344,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732603785,
+        "lastModified": 1733570843,
-        "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=",
+        "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a",
+        "rev": "a35b08d09efda83625bef267eb24347b446c80b8",
         "type": "github"
       },
       "original": {
@@ -1364,11 +1364,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732519917,
+        "lastModified": 1734234111,
-        "narHash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q=",
+        "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "f4a5ca5771ba9ca31ad24a62c8d511a405303436",
+        "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d",
         "type": "github"
       },
       "original": {
@@ -1387,11 +1387,11 @@
         "pre-commit-hooks": "pre-commit-hooks_4"
       },
       "locked": {
-        "lastModified": 1732192922,
+        "lastModified": 1734266385,
-        "narHash": "sha256-xQO/3I99TFdiXTN5VoS28NpbNlCQWQUvxmPQHlfkzmU=",
+        "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=",
         "owner": "oddlama",
         "repo": "nix-topology",
-        "rev": "2b107e98bbde932a363874e0ef5b1739a932bbc5",
+        "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448",
         "type": "github"
       },
       "original": {
@@ -1402,11 +1402,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1732410305,
+        "lastModified": 1734224914,
-        "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=",
+        "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "87b6978992e2eb605732fba842cad0a7e14b2047",
+        "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77",
         "type": "github"
       },
       "original": {
@@ -1426,11 +1426,11 @@
         "pre-commit-hooks": "pre-commit-hooks_5"
       },
       "locked": {
-        "lastModified": 1732216602,
+        "lastModified": 1734380133,
-        "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=",
+        "narHash": "sha256-gvbWJGjTpGJwyvK72Rf+z0aMVgKzpu+UWxbh7naZtvY=",
         "owner": "oddlama",
         "repo": "nixos-extra-modules",
-        "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e",
+        "rev": "558954ebb2959ea47bfa593f6a74ce54a21bfafd",
         "type": "github"
       },
       "original": {
@@ -1447,11 +1447,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732496924,
+        "lastModified": 1734311693,
-        "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=",
+        "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a",
+        "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb",
         "type": "github"
       },
       "original": {
@@ -1462,11 +1462,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1732483221,
+        "lastModified": 1734352517,
-        "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=",
+        "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405",
+        "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd",
         "type": "github"
       },
       "original": {
@@ -1498,11 +1498,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732521221,
+        "lastModified": 1734119587,
-        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
+        "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
+        "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
         "type": "github"
       },
       "original": {
@@ -1538,14 +1538,14 @@
     },
     "nixpkgs-lib_3": {
       "locked": {
-        "lastModified": 1730504152,
+        "lastModified": 1733096140,
-        "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
+        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
       }
     },
     "nixpkgs-lib_4": {
@@ -1711,11 +1711,11 @@
         "treefmt-nix": "treefmt-nix_4"
       },
       "locked": {
-        "lastModified": 1732726573,
+        "lastModified": 1734368549,
-        "narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
+        "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "fc9178d124eba824f1862513314d351784e1a84c",
+        "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6",
         "type": "github"
       },
       "original": {
@@ -1734,11 +1734,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731936508,
+        "lastModified": 1733773348,
-        "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
+        "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
+        "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
         "type": "github"
       },
       "original": {
@@ -1928,11 +1928,11 @@
         "nixpkgs-stable": "nixpkgs-stable_5"
       },
       "locked": {
-        "lastModified": 1732021966,
+        "lastModified": 1734379367,
-        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
+        "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
+        "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99",
         "type": "github"
       },
       "original": {
@@ -2189,11 +2189,11 @@
     "spectrum": {
       "flake": false,
       "locked": {
-        "lastModified": 1729945407,
+        "lastModified": 1733308308,
-        "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=",
+        "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
         "ref": "refs/heads/main",
-        "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa",
+        "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
-        "revCount": 764,
+        "revCount": 792,
         "type": "git",
         "url": "https://spectrum-os.org/git/spectrum"
       },
@@ -2223,11 +2223,11 @@
         "tinted-tmux": "tinted-tmux"
       },
       "locked": {
-        "lastModified": 1732608183,
+        "lastModified": 1734110168,
-        "narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=",
+        "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334",
+        "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1",
         "type": "github"
       },
       "original": {
@@ -2499,11 +2499,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732643199,
+        "lastModified": 1733761991,
-        "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=",
+        "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c",
+        "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
         "type": "github"
       },
       "original": {
@@ -2519,11 +2519,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732643199,
+        "lastModified": 1733761991,
-        "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=",
+        "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c",
+        "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
         "type": "github"
       },
       "original": {

hosts/kroma/default.nix

@@ -28,6 +28,7 @@
 
     ./fs.nix
     ./net.nix
+    ./unifi.nix
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
@@ -121,10 +122,4 @@
     dockerCompat = true;
     defaultNetwork.settings.dns_enabled = true;
   };
-
-  users.deterministicIds.unifi = {
-    uid = 968;
-    gid = 968;
-  };
-  services.unifi.enable = true;
 }

hosts/kroma/unifi.nix

@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/unifi";
+      mode = "0700";
+      user = "unifi";
+      group = "unifi";
+    }
+  ];
+
+  services.unifi.enable = true;
+  # Don't autostart.
+  systemd.services.unifi.wantedBy = lib.mkForce [ ];
+}

hosts/ward/net.nix

@@ -4,6 +4,12 @@
   lib,
   ...
 }:
+let
+  vlans.personal = 10;
+  vlans.devices = 20;
+  vlans.iot = 30;
+  vlans.guest = 40;
+in
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   networking.hostId = config.repo.secrets.local.networking.hostId;
@@ -42,86 +48,106 @@
 
   # Create a MACVTAP for ourselves too, so that we can communicate with
   # our guests on the same interface.
-  systemd.network.netdevs."10-lan-self" = {
+  systemd.network.netdevs =
-    netdevConfig = {
+    {
-      Name = "lan-self";
+      "10-lan-self" = {
-      Kind = "macvlan";
+        netdevConfig = {
-    };
+          Name = "lan-self";
-    extraConfig = ''
+          Kind = "macvlan";
-      [MACVLAN]
+        };
-      Mode=bridge
+        extraConfig = ''
-    '';
+          [MACVLAN]
-  };
+          Mode=bridge
+        '';
+      };
+    }
+    // lib.flip lib.mapAttrs' vlans (
+      vlanName: vlanId:
+      lib.nameValuePair "40-vlan-${vlanName}" {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "vlan-${vlanName}";
+        };
+        vlanConfig.Id = vlanId;
+      }
+    );
 
-  systemd.network.networks = {
+  systemd.network.networks =
-    "10-lan" = {
+    {
-      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
+      "10-lan" = {
-      # This interface should only be used from attached macvtaps.
+        matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
-      # So don't acquire a link local address and only wait for
+        # This interface should only be used from attached macvtaps.
-      # this interface to gain a carrier.
+        # So don't acquire a link local address and only wait for
-      networkConfig.LinkLocalAddressing = "no";
+        # this interface to gain a carrier.
-      linkConfig.RequiredForOnline = "carrier";
+        networkConfig.LinkLocalAddressing = "no";
-      extraConfig = ''
+        linkConfig.RequiredForOnline = "carrier";
-        [Network]
+        extraConfig = ''
-        MACVLAN=lan-self
+          [Network]
-      '';
+          MACVLAN=lan-self
-    };
+        '';
-    "10-wan" = {
-      #DHCP = "yes";
-      #dhcpV4Config.UseDNS = false;
-      #dhcpV6Config.UseDNS = false;
-      #ipv6AcceptRAConfig.UseDNS = false;
-      address = [ globals.net.home-wan.hosts.ward.cidrv4 ];
-      gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ];
-      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac;
-      networkConfig.IPv6PrivacyExtensions = "yes";
-      dhcpV6Config.PrefixDelegationHint = "::/64";
-      # FIXME: This should not be needed, but for some reason part of networkd
-      # isn't seeing the RAs and not triggering DHCPv6. Even though some other
-      # part of networkd is properly seeing them and logging accordingly.
-      dhcpV6Config.WithoutRA = "solicit";
-      linkConfig.RequiredForOnline = "routable";
-    };
-    "20-lan-self" = {
-      address = [
-        globals.net.home-lan.hosts.ward.cidrv4
-        globals.net.home-lan.hosts.ward.cidrv6
-      ];
-      matchConfig.Name = "lan-self";
-      networkConfig = {
-        IPv4Forwarding = "yes";
-        IPv6PrivacyExtensions = "yes";
-        IPv6SendRA = true;
-        IPv6AcceptRA = false;
-        DHCPPrefixDelegation = true;
-        MulticastDNS = true;
       };
-      dhcpPrefixDelegationConfig.UplinkInterface = "wan";
+      "10-wan" = {
-      dhcpPrefixDelegationConfig.Token = "::ff";
+        #DHCP = "yes";
-      # Announce a static prefix
+        #dhcpV4Config.UseDNS = false;
-      ipv6Prefixes = [
+        #dhcpV6Config.UseDNS = false;
-        { Prefix = globals.net.home-lan.cidrv6; }
+        #ipv6AcceptRAConfig.UseDNS = false;
-      ];
+        address = [ globals.net.home-wan.hosts.ward.cidrv4 ];
-      # Delegate prefix
+        gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ];
-      dhcpPrefixDelegationConfig = {
+        matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac;
-        SubnetId = "22";
+        networkConfig.IPv6PrivacyExtensions = "yes";
+        dhcpV6Config.PrefixDelegationHint = "::/64";
+        # FIXME: This should not be needed, but for some reason part of networkd
+        # isn't seeing the RAs and not triggering DHCPv6. Even though some other
+        # part of networkd is properly seeing them and logging accordingly.
+        dhcpV6Config.WithoutRA = "solicit";
+        linkConfig.RequiredForOnline = "routable";
       };
-      # Provide a DNS resolver
+      "20-lan-self" = {
-      # ipv6SendRAConfig = {
+        address = [
-      #   Managed = true;
+          globals.net.home-lan.hosts.ward.cidrv4
-      #   EmitDNS = true;
+          globals.net.home-lan.hosts.ward.cidrv6
-      # FIXME: this is not the true ipv6 of adguardhome   DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6;
+        ];
-      # FIXME: todo assign static additional to reservation in kea
+        matchConfig.Name = "lan-self";
-      # };
+        networkConfig = {
-      linkConfig.RequiredForOnline = "routable";
+          IPv4Forwarding = "yes";
-    };
+          IPv6PrivacyExtensions = "yes";
-    # Remaining macvtap interfaces should not be touched.
+          IPv6SendRA = true;
-    "90-macvtap-ignore" = {
+          IPv6AcceptRA = false;
-      matchConfig.Kind = "macvtap";
+          DHCPPrefixDelegation = true;
-      linkConfig.ActivationPolicy = "manual";
+          MulticastDNS = true;
-      linkConfig.Unmanaged = "yes";
+        };
-    };
+        dhcpPrefixDelegationConfig.UplinkInterface = "wan";
-  };
+        dhcpPrefixDelegationConfig.Token = "::ff";
+        # Announce a static prefix
+        ipv6Prefixes = [
+          { Prefix = globals.net.home-lan.cidrv6; }
+        ];
+        # Delegate prefix
+        dhcpPrefixDelegationConfig = {
+          SubnetId = "22";
+        };
+        # Provide a DNS resolver
+        # ipv6SendRAConfig = {
+        #   Managed = true;
+        #   EmitDNS = true;
+        # FIXME: this is not the true ipv6 of adguardhome   DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6;
+        # FIXME: todo assign static additional to reservation in kea
+        # };
+        linkConfig.RequiredForOnline = "routable";
+      };
+      # Remaining macvtap interfaces should not be touched.
+      "90-macvtap-ignore" = {
+        matchConfig.Kind = "macvtap";
+        linkConfig.ActivationPolicy = "manual";
+        linkConfig.Unmanaged = "yes";
+      };
+    }
+    // lib.flip lib.mapAttrs' vlans (
+      vlanName: _:
+      lib.nameValuePair "40-vlan-${vlanName}" {
+        matchConfig.Name = "vlan-${vlanName}";
+      }
+    );
 
   networking.nftables.firewall = {
     snippets.nnf-icmp.ipv6Types = [

pkgs/awakened-poe-trade.nix

@@ -1,35 +0,0 @@
-{
-  pkgs,
-  fetchurl,
-}:
-let
-  name = "awakened-poe-trade";
-  version = "3.24.10002";
-  description = "Path of Exile trading app for price checking";
-  desktopEntry = pkgs.writeText "awakened-poe.desktop" ''
-    [Desktop Entry]
-    Type=Application
-    Version=${version}
-    Name=Awakened PoE Trade
-    GenericName=${description}
-    Icon=/share/applications/awakened-poe-trade.png
-    Exec=${name}
-    Terminal=false
-    Categories=Game
-  '';
-  file = "Awakened-PoE-Trade-${version}.AppImage";
-in
-pkgs.appimageTools.wrapType2 {
-  name = "awakened-poe-trade";
-  src = fetchurl {
-    url = "https://github.com/SnosMe/awakened-poe-trade/releases/download/v${version}/${file}";
-    hash = "sha256-ieRBYrtpB8GgnDDy+fDuwamix5syRH3NG5jE5UoGg5A=";
-  };
-
-  extraInstallCommands = ''
-    mkdir -p $out/share/applications
-    cp ${./TransferOrb.png} $out/share/applications/awakened-poe-trade.png
-    cp ${desktopEntry} $out/share/applications/${name}.desktop
-    substituteInPlace $out/share/applications/awakened-poe-trade.desktop --replace /share/ $out/share/
-  '';
-}

pkgs/default.nix

@@ -3,7 +3,6 @@ _inputs: [
   (_final: prev: {
     deploy = prev.callPackage ./deploy.nix { };
     git-fuzzy = prev.callPackage ./git-fuzzy { };
-    awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
     segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix { };
     zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix { };
     actual-server = prev.callPackage ./actual-server.nix { };

users/config/impermanence.nix

@@ -25,6 +25,9 @@ in
     ]
     ++ optionals nixosConfig.services.pipewire.enable [
       ".local/state/wireplumber"
+    ]
+    ++ optionals nixosConfig.programs.steam.enable [
+      ".local/share/Steam"
     ];
 
   home.persistence."/persist".directories =
@@ -32,7 +35,7 @@ in
       ".local/share/nix" # Repl history
     ]
     ++ optionals nixosConfig.programs.steam.enable [
-      ".local/share/Steam"
+      ".local/share/Steam/userdata"
       ".steam"
     ];
 }

users/myuser/graphical/games/poe.nix

@@ -9,7 +9,6 @@
   ];
 
   home.packages = [
-    pkgs.awakened-poe-trade
     pkgs.path-of-building
   ];
 }