From 409e1332f824fcc5cd6681dfbe22197be0d37707 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Sat, 10 Jun 2023 20:48:07 +0200
Subject: [PATCH] Updates

---
 .../argon/adguardhome-sync/environment.age    | Bin 0 -> 709 bytes
 agenix/hosts/argon/config.nix                 |   4 ++
 flake.lock                                    |  30 ++++----
 hardware/hosts/argon.nix                      |   1 +
 home/hosts/Styx.nix                           |   1 +
 home/programs/nvim/plugins.nix                |  66 +++++++++---------
 home/programs/ssh/Styx.nix                    |   2 +-
 secret/hosts/argon.nix                        | Bin 181 -> 265 bytes
 secret/hosts/attic.nix                        | Bin 600 -> 729 bytes
 secret/hosts/mediaserver.nix                  | Bin 189 -> 453 bytes
 secrets.nix                                   |   2 +
 system/hosts/argon.nix                        |  14 ++++
 system/hosts/mediaserver.nix                  |   2 +
 system/nixos/adguardhome-sync.nix             |  18 +++++
 system/nixos/adguardhome.nix                  |   6 +-
 system/nixos/home-proxy.nix                   |  12 +++-
 16 files changed, 106 insertions(+), 52 deletions(-)
 create mode 100644 agenix/hosts/argon/adguardhome-sync/environment.age
 create mode 100644 system/nixos/adguardhome-sync.nix

diff --git a/agenix/hosts/argon/adguardhome-sync/environment.age b/agenix/hosts/argon/adguardhome-sync/environment.age
new file mode 100644
index 0000000000000000000000000000000000000000..e19a62346827359f0b3f89ced691381260f3511c
GIT binary patch
literal 709
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlEpaa}OIOe@a1Sgh
zG|x+Pv8*t+O!n~654Q~WHLi@x^e+sGOs#OKstEBj&(rpBvEa%KbvDfjPIt7(bIVUN
z4KB?zG4U~SEB5z{FmWt32`UT>&o8n_wFq?d$ws%$FfG|9G*F?!$J;HjDl#m{$->Od
zBsbEdBFeDB%q_dpBh$$|#3ITwDKS6AAl1buJe|um-J~)pFvldLJR&$O*QwGu%qiEa
z)Wgs`FxAA=BHukdu(&MJ&o?hH!x3bgpK4^SZhBE_VsR>$N3nKErF*ekrdwHPW=2*{
zgke^8wokHUu8&)KL7-`2h)=qEPNA2xzlX20n`54(zh!P<l50?YX}(2XWJyjsm#I;@
zNnU1Xez>nsa*}(ce?eqkv8zw8OJQD!Teg{xwt2RRVPzE1UR_;<0wdoHk3!doEcZ%h
zKNtPLU_;A9M`vx<u)v5&ufo8bARqmF$NU_(JV!?^1@@&EWX>IDZz_6{_;D8Nwf&t+
z>#B>(6&9C0Gv}$P|5mzjTfS9H=jrH%s(|)-$7|14Zr{)oRr+)GBX`D{jgL2VEnT!^
z#YXWDeqSnBw4Tf4O%=)0FWAz(uZAPZ=#NES#HnKEuWg#Y+kbW6^|{B(zo@3;fA`E&
zDwY+EnV;5d%DL;1%<l8+c68DcEd_rMwZl#~U+<Kv*?oKB2d%O{Os5_Hb8J36xAKVe
z-b99*T5~5Kx_Y=NWlhcfp8b!EmaWl}Q1)Tbh-m#3Wpcby>sErH#*d|)-=2AWOPICa
zb+MSZg2bf-LT~5h1k3G6l5nbw^7{LrKf#mf`awyf<sEAeox2v-zn3>YcUd&I@Y3tI
n=WNTicK1D%P`I@IkeJ_>ErOc0Gfci-t-ZW3SUv6no6a8qs6iS6

literal 0
HcmV?d00001

diff --git a/agenix/hosts/argon/config.nix b/agenix/hosts/argon/config.nix
index cd72e45..35b5ef2 100644
--- a/agenix/hosts/argon/config.nix
+++ b/agenix/hosts/argon/config.nix
@@ -14,6 +14,10 @@
       file = ./tailscale/authkey.age;
     };
 
+    adguardhome-sync-environment = {
+      file = ./adguardhome-sync/environment.age;
+    };
+
     weewx-proxy-environment = {
       file = ./weewx-proxy/environment.age;
     };
diff --git a/flake.lock b/flake.lock
index 07fda0f..caade03 100644
--- a/flake.lock
+++ b/flake.lock
@@ -110,11 +110,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685559570,
-        "narHash": "sha256-MNIQvLRoq92isMLR/ordKNCl+aXNiuwBM4QyqmS8d00=",
+        "lastModified": 1686307493,
+        "narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4338bc869e9874d54a4c89539af72f16666b2abe",
+        "rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f",
         "type": "github"
       },
       "original": {
@@ -253,11 +253,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686142265,
-        "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
+        "lastModified": 1686391840,
+        "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
+        "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
         "type": "github"
       },
       "original": {
@@ -276,11 +276,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1686106284,
-        "narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=",
+        "lastModified": 1686365071,
+        "narHash": "sha256-6yybShpkWPJv8byx7lF1q55uzsnKX1/z0A2Xb74y3I4=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "a217675a67233ca2032cd668e919858d2aed92e7",
+        "rev": "b6d2f49b4536f89cf2428d1f214468aa5fb21788",
         "type": "github"
       },
       "original": {
@@ -301,11 +301,11 @@
         "weewx-proxy-flake": "weewx-proxy-flake"
       },
       "locked": {
-        "lastModified": 1686126028,
-        "narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=",
+        "lastModified": 1686385112,
+        "narHash": "sha256-6hH97tMLpMmiv5+5I3fsNDYsbElqgjQ0mJ8K2N7Q4VA=",
         "owner": "nifoc",
         "repo": "nix-overlay",
-        "rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d",
+        "rev": "6964b80444fb9574596a90cc5444f87acad037af",
         "type": "github"
       },
       "original": {
@@ -316,11 +316,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1684899633,
-        "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
+        "lastModified": 1686396027,
+        "narHash": "sha256-gE+csxJoXuNn5ZnlgNj0GnMQ2y4heBtDqkB1af8vfjU=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
+        "rev": "70d5f55faee9c1e141e32e6be1e77d13e5a570db",
         "type": "github"
       },
       "original": {
diff --git a/hardware/hosts/argon.nix b/hardware/hosts/argon.nix
index 6e86b41..c84320c 100644
--- a/hardware/hosts/argon.nix
+++ b/hardware/hosts/argon.nix
@@ -12,6 +12,7 @@
       "net.ipv4.tcp_syncookies" = 0;
       "net.ipv4.tcp_timestamps" = 1;
       "net.ipv4.tcp_window_scaling" = 1;
+      "net.core.rmem_max" = 2500000;
     };
   };
 
diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix
index 763c643..3cf92f6 100644
--- a/home/hosts/Styx.nix
+++ b/home/hosts/Styx.nix
@@ -49,6 +49,7 @@ args@{ pkgs, config, lib, ... }:
       curlHTTP3
       dasel
       deploy-rs
+      dig
       exa
       exiftool
       fd
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 806f248..d23fe27 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -19,12 +19,12 @@ in
   };
   plenary-nvim = buildVimPluginFrom2Nix {
     pname = "plenary.nvim";
-    version = "2023-05-31";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "nvim-lua";
       repo = "plenary.nvim";
-      rev = "499e0743cf5e8075cd32af68baa3946a1c76adf1";
-      sha256 = "0r9aw3a53vzq0rdyvq7pi99pqbmnww0dm146pbj2kd33rb34daz6";
+      rev = "36aaceb6e93addd20b1b18f94d86aecc552f30c4";
+      sha256 = "0r0z27kwpgd8ladjj86h9gmyq2mxcwbiaj3a6mi1bz2dwxqiddxb";
       fetchSubmodules = false;
     };
   };
@@ -107,12 +107,12 @@ in
   };
   nvim-treesitter = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter";
-    version = "2023-06-07";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "46ddea9deccb0608df416822228786d1a5a2b7d1";
-      sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak";
+      rev = "f9d701176cb9a3e206a4c690920a8993630c3ec8";
+      sha256 = "08zc1irs12clw8fy140j4lk9m4wfjmmmm64dw915gyl0l6r9g0rb";
       fetchSubmodules = false;
     };
   };
@@ -140,12 +140,12 @@ in
   };
   telescope-nvim = buildVimPluginFrom2Nix {
     pname = "telescope.nvim";
-    version = "2023-06-07";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "nvim-telescope";
       repo = "telescope.nvim";
-      rev = "be49680937e821e4d8522329727e50734fdb9b97";
-      sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb";
+      rev = "116dbea5800c908de4afa6e793f28f782621c65d";
+      sha256 = "1scp1pr8innnpk35wz9rq9npkha5j3hacpggrbafy0madvs92x60";
       fetchSubmodules = false;
     };
   };
@@ -220,23 +220,23 @@ in
   };
   nvim-lspconfig = buildVimPluginFrom2Nix {
     pname = "nvim-lspconfig";
-    version = "2023-06-07";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "neovim";
       repo = "nvim-lspconfig";
-      rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9";
-      sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr";
+      rev = "08f1f347c718e945c3b1712ebb68c6834182cf3a";
+      sha256 = "0kqxbyb5hg6r4rv79bxjj8dvm3440137xxppp2a5idxi8sisdqad";
       fetchSubmodules = false;
     };
   };
   nvim-jdtls = buildVimPluginFrom2Nix {
     pname = "nvim-jdtls";
-    version = "2023-06-02";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "mfussenegger";
       repo = "nvim-jdtls";
-      rev = "8597d57fb40d4ad503cf3acb2fdcfe1b0d8a193d";
-      sha256 = "1s7xnl8rsav4237mzh37q4qflhbfb2sq7vasdfgzx4mgad2x6kx5";
+      rev = "dbb8a403e90302bd5611da91975d37a0a26e1473";
+      sha256 = "11pfy4w67170fc32fhcyjr8lnw1g9yxrvsp9y676rfbp8imh1sf4";
       fetchSubmodules = false;
     };
   };
@@ -308,23 +308,23 @@ in
   };
   friendly-snippets = buildVimPluginFrom2Nix {
     pname = "friendly-snippets";
-    version = "2023-06-06";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "rafamadriz";
       repo = "friendly-snippets";
-      rev = "b471f5419155ce832eff71ad8920ea8cfbd54840";
-      sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs";
+      rev = "b71d1ddc30a10ce0474156f7ee93bc9006d0cd74";
+      sha256 = "0jxj57996c4ab54p0zd4h5ldkz9yad1jy0ylzikfq8ylvw7z4p31";
       fetchSubmodules = false;
     };
   };
   nvim-cmp = buildVimPluginFrom2Nix {
     pname = "nvim-cmp";
-    version = "2023-05-30";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "hrsh7th";
       repo = "nvim-cmp";
-      rev = "fc0f694af1a742ada77e5b1c91ff405c746f4a26";
-      sha256 = "1vmsa4vrx7nsrq2kzh8pyjfssfhb9b7xy7qqcyja4g0xp9z9z077";
+      rev = "69e7d280cbe17e318b549a10ae3cae5810946be6";
+      sha256 = "119cfn70bb5bbfaq9rfc51dms64qfzzkn6aknj4lnd2dx1r56k00";
       fetchSubmodules = false;
     };
   };
@@ -396,12 +396,12 @@ in
   };
   cmp-cmdline = buildVimPluginFrom2Nix {
     pname = "cmp-cmdline";
-    version = "2023-04-24";
+    version = "2023-06-08";
     src = fetchFromGitHub {
       owner = "hrsh7th";
       repo = "cmp-cmdline";
-      rev = "5af1bb7d722ef8a96658f01d6eb219c4cf746b32";
-      sha256 = "02xpxdbjvic4l2s4fmhiy38igvvg0mdpi6hr49kvnibx1dyzhx5k";
+      rev = "8ee981b4a91f536f52add291594e89fb6645e451";
+      sha256 = "03j79ncxnnpilx17x70my7s8vvc4w81kipraq29g4vp32dggzjsv";
       fetchSubmodules = false;
     };
   };
@@ -462,12 +462,12 @@ in
   };
   nvim-treesitter-textobjects = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter-textobjects";
-    version = "2023-06-02";
+    version = "2023-06-08";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter-textobjects";
-      rev = "23e883b99228f8d438254e5ef8c897e5e60e75d1";
-      sha256 = "1xjwah0g96mjv01lhd7yfml2gd15syhj2axbvid9xk4yn4m6hks8";
+      rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd";
+      sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp";
       fetchSubmodules = false;
     };
   };
@@ -550,12 +550,12 @@ in
   };
   nui-nvim = buildVimPluginFrom2Nix {
     pname = "nui.nvim";
-    version = "2023-06-04";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "MunifTanjim";
       repo = "nui.nvim";
-      rev = "d5a82aae64426a805e19d8ef5a379292f9dc55d3";
-      sha256 = "14mnskwvzsva5pxh909xgrzg1cy7r4459f0g85dkqr8z4c9yajic";
+      rev = "64bdc579873fa5bd303f6951ead2b419493c88e8";
+      sha256 = "1hffqk9vz6lw6jrixqy9sxj1wv2z7cbj08ykccyfym2zpij40gx6";
       fetchSubmodules = false;
     };
   };
@@ -572,12 +572,12 @@ in
   };
   noice-nvim = buildVimPluginFrom2Nix {
     pname = "noice.nvim";
-    version = "2023-06-06";
+    version = "2023-06-10";
     src = fetchFromGitHub {
       owner = "folke";
       repo = "noice.nvim";
-      rev = "acf47e2b863eb20f177aa1bd5398041513e731e1";
-      sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr";
+      rev = "a070cb87a180fd7e2c4387accff0be90268fb736";
+      sha256 = "0838s3vqp2f6g8q7dwd4ga0m4qr8kj02snbrxd6xz4zzzaz1hlbq";
       fetchSubmodules = false;
     };
   };
diff --git a/home/programs/ssh/Styx.nix b/home/programs/ssh/Styx.nix
index ce64c8f..1b2b907 100644
--- a/home/programs/ssh/Styx.nix
+++ b/home/programs/ssh/Styx.nix
@@ -26,7 +26,7 @@ in
     extraConfig = ''
       IdentityAgent "${auth-socket}"
       UpdateHostKeys ask
-      VerifyHostKeyDNS yes
+      # VerifyHostKeyDNS yes
     '';
 
     matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;
diff --git a/secret/hosts/argon.nix b/secret/hosts/argon.nix
index 786124e3c846a9926eab03a656fe215c2dfeeee7..a58a4c170a78193b3ef41acb4d2bf5086a354261 100644
GIT binary patch
literal 265
zcmV+k0rvg?M@dveQdv+`0J0P?VuUy(05C1GMHB}s+?^Sb&vA2*Vz7(<o&HM_h+aYw
z;KChPciLS3lIAbA4(HqTV=?qK^hFCAlrzdogki}w(NPQUSZ+L6kmYVK>ABKZRits}
zn;d?xWB3V3L51Oxm@5L+aS+!e_kxV*U~MMvc|6)Y4GOi(iF5^ofDu%`QZA(gL03i`
z+(FuM?QA8Dm^=v2MOk|)lJ#`er9vy<?~lHKCUeI5)rG^Qm_>+@=*mTGG|FLgbfm~2
zogf}U$h-FuVjfd4w9vqPGn<z@kA4TbiMOFp@kx|r9HMj0vUUIK?FpVlx(XDyi<m6v
PBOjiXil#Q}|JUtc%tL=R

literal 181
zcmV;m080M=M@dveQdv+`0IPT0!NApKOBkPK8$5-X)0yY#orlVZ5OB>oUL{#&pgl8C
zES0l<DZ~?en|x6Y+<)f!vd$`K-2Y|u-2f#4$=@SeSl-)&i<ai&mwcO=RL>P5*~9c9
zt~(0fH;F2fv6Q)@>&^q~X#wtmClM#>V+-^IT_@A*b@IY~)_T_nzJklTWEKroV`!ym
j58UlX95@o&2;T6__wy=vmbYvr6ol5cgPY9JiC(PWZfaY%

diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix
index 65eafbed3c58640dba73c4fc3f7c39e2c1b64195..2a75e72e79f1ae2d61c97bc9a32b2b38c692d0db 100644
GIT binary patch
literal 729
zcmV;~0w(<cM@dveQdv+`0IEMeI3_50MJw*%F8-vYp_-F(-BjX&lSfuu0A!l0ijor(
zniOK}5njXdo=LBB59{diR*KcX(N#RW&}6_wY49kFnF2BkD<U~E+YVh=_=ZcXMAi!L
zhY5ONU)TNQ;0Zkog)U$2UnA8FNP1t0-Y#e9REVVz%3`td`H(bY0Oro1_m315$-%`Z
zWT?9>L-KU0sQ!8MP*XE5@#)<kf3|#LV^d~mM9Bz647n8mW@fdu@#-xs%MDHW6hCqK
zG+Jxe1v8S%93Jzp+v3n5p^IHiLgAjQSe3?-7|BrM-Dh~Y)isnXVHcf8`9*M*mjNR_
zwY=ND3NnKme5EX=SyzXe&NM@WU<a|#z(vUwGIRFyXr$%X7Yve12%#iY?^<Re4zrFR
zTq<|3@YIxM!!n&XbN7EoR+2s;5>wPn#XlD^=iY{eV5!*_Z3hu?tP-gIimI40=l7h*
zOe)J1Npm~%2jyIpQPl@O)vrHUk<@)7W%XVw9twY=3AQ<HAJbx-Jp(eq`ChY|^S+W*
zZbfTM{zteMf{hOLR4{`<xKw*O-Ow@J{v;wAka3w$c@eu>`7K#9rU{AeH1h43his0+
z8Q<hSt90?JYmS5_XUI(_J=MzIpr`k4<OBD!Al?3!A)o@5Rr1wA!enR%E&KtEcQpk^
z1VbRMpv{1@$?skPW6n8^K?|!TqTl8=T8az&Uqomg%@D6b#1VU_&j8q)fi4R53Kbt7
ziS|4<zTuFJPN~Z!Kd+-a8CdMgK6(TP{qfi>=>CymGsFX^`+9zO)k6ULgog9OqB^C2
zZE!iw<zWvSyWkA*+b{1(mP~qTnU6T&Vt_>nVY(0n`8}FcPQ;is2HIF9`V<P|=2&a_
zG?NALl6TLVL9T$i!oaC&4M2zzRB!vfeCopDeDC*OuMrD-q6|d!4s2m98S@CGbee_v
L43t!Xu>)ll`^R2g

literal 600
zcmV-e0;l}|M@dveQdv+`06^u^Bj;(}$N1qtbL*^3dz6|_WA)3%9{HwB6-ma!XM%7>
zf5Pq5AJt*(ve5-(;f7~2rvk!PkLcmaDWhtNAGE-7IF$mK+t4F^`2iF%HZ4Usx^r`2
zbB%Ut+)GR2VD+vVzv_A(V~7ug9|UmCSD3|2GKB5)GzeeEa8=L#vFN~p|GHAopgc9;
z!*rH}ibX45_UuV)8%$iP{XH8tfXw^~;kw8bCTXC!!du)u@lA>6%2Dbi>FlZy`Mo|Q
zlusH?5Hh*NAEPckN;oQ44RT|guK0|#8WC|eUU^{1qV$Pyp2)UM4pUhO>hQEBKOA?Y
zj%%A$sqO2xgLSTWQ2@PeCPb@;|7c52c@#a{=?(cn2Qd-VYnnhG#4Qh3p<r~SCDlF?
zkvk;RbF^dHN7$+d#ZAPnF|Nfy(pxYbESWH_ePjrpk+(4j`H~?TInJp8%PTq00@MYk
zvA}jQcAU2abMOs#RG+ag9^dA4(z0DSLdkRMR$(>aFSew0rEWw+{c0r7A{Qac&$>A|
ziOJ_J-f<<~dSmxGLmVk=dpP7!kE#u|#@Jnz9dEt_(@$jX%v7z5$h623?so?$YI)Kz
zAN^H}x@OM9nA9mP$b8NZ-bX!clr(mn9S$HB)Q|a8T4@fHK-0fh^x|Oxk}8Wzn3T*%
z@NZOrb~JZt+ZK(bMH8x#7Wh1MC_gtBqXRxTs4wCS*{n9KPLRbd=FmVQ82THJSlOCy
m_WokBeaO{~+DB$+k$tN@H#xQ!ipZ`jMVr4GwCXZEluY?(cOs7f

diff --git a/secret/hosts/mediaserver.nix b/secret/hosts/mediaserver.nix
index 05ae022c230a94180825b3dd9f0ed644f3f50d79..ec150ea802d87fdaf1b351409b6e8f0d2806e98a 100644
GIT binary patch
literal 453
zcmV;$0XqHwM@dveQdv+`027ta{Zs2Mzoig@r~G!~e8<2D#eYJzBsq%OqvG+iPtq8+
zwg^ng;;E~v+tLZ#_SKRyW-X;0wj)hi^~MXNVSl>zL-UNlW>>trltX=m)fERi3)_rM
z6$%+=&WYeR<=bVrPrpm0V^F71)luRIt?+I9>+|U2C69Y*g(x3ccjrM*)#~d5(WZ2t
z0(}LtzUGV~^G8%hTyu%$RahQ}Gu8?Ft%teKPn?ba@fBDG;!Jhha=1x+hOfj{<K|ur
z*CSh`dZ42<obwV<J)j-t(ZPb9#U@7rcV6X{*-7CVujc+<j(jHfAW#og|L5IX0VAaz
zA@jTk>PUY_3m?lK2m56RRU7qo6D&~;Y2RC_De>(Fx1OMrwt!0Wrv?G6Up(tPFFn5m
zG?#RdV;$IIt&>vk@`O*bj!nYcce+Fev`7N(_o6ip3M;dm+MCoxVqc%iU$dZ_7-lOr
z^?Ta302wQ2rxq6@>LZ`p+_N1PWMz()Ky$1KZIlP<cO34BrXsTWIz49@$--Xq49wPK
v+dzh778kWWFQNs^)X5YNmsITaDocUC1$0n?XB*ajWX?j{RU=$_tu3?7L6_e8

literal 189
zcmV;u07Cx&M@dveQdv+`0134MtKyOAlDokV&fq5kLL_a;yZc_5Xi5_Ef0K~K&?Tl7
z76L%97_y=e?*&c~((p{^2O)5@s4dy8!O4ay00!`Oy}_u*_0QW_MQsoNM^tg8|ITAY
ziVCwk3=H+I{i?B7cvCB^i*5MDiKKl_Ri<Pt72F$-(L>IXB92g)t+u&GoFyoeQus{1
rdD_ZptF~&=EQge|$wgQj`HLsM&tlg|>%X-7sstc4P}&IYDq%vPMUh<&

diff --git a/secrets.nix b/secrets.nix
index 3f23e28..95c17a8 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -81,5 +81,7 @@ in
 
   "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
 
+  "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
+
   "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
 }
diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix
index 82c1957..5162b89 100644
--- a/system/hosts/argon.nix
+++ b/system/hosts/argon.nix
@@ -24,6 +24,9 @@ in
     ../nixos/tailscale.nix
 
     ../nixos/weewx-proxy.nix
+
+    ../nixos/container.nix
+    ../nixos/adguardhome-sync.nix
   ];
 
   system.stateVersion = "22.11";
@@ -77,6 +80,17 @@ in
     useNetworkd = true;
   };
 
+  environment.etc."resolv.conf".text = lib.mkForce ''
+    nameserver 127.0.0.1
+    nameserver 10.0.0.110
+    options edns0 trust-ad
+    search .
+  '';
+
+  services.resolved.extraConfig = ''
+    DNSStubListener=no
+  '';
+
   systemd.network = {
     enable = true;
 
diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix
index 47b2ded..2702c53 100644
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@@ -16,6 +16,8 @@ in
     ../nixos/acme-mediaserver.nix
     ../nixos/nginx.nix
 
+    (import ../nixos/adguardhome.nix (args // { inherit secret; }))
+
     ../nixos/attic.nix
 
     ../nixos/bdfr-browser.nix
diff --git a/system/nixos/adguardhome-sync.nix b/system/nixos/adguardhome-sync.nix
new file mode 100644
index 0000000..2dc3602
--- /dev/null
+++ b/system/nixos/adguardhome-sync.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+
+{
+  virtualisation.oci-containers.containers.adguardhome-sync = {
+    image = "ghcr.io/bakito/adguardhome-sync";
+    cmd = [ "run" ];
+    environmentFiles = [ config.age.secrets.adguardhome-sync-environment.path ];
+    extraOptions = [
+      "--label=com.centurylinklabs.watchtower.enable=true"
+      "--label=io.containers.autoupdate=registry"
+    ];
+  };
+
+  networking.firewall.interfaces."podman+" = {
+    allowedUDPPorts = [ 443 ];
+    allowedTCPPorts = [ 443 ];
+  };
+}
diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix
index 18d73db..eb2e0b7 100644
--- a/system/nixos/adguardhome.nix
+++ b/system/nixos/adguardhome.nix
@@ -18,7 +18,7 @@
       debug_pprof = false;
 
       dns = {
-        bind_hosts = [ "127.0.0.1" "10.0.0.5" ];
+        bind_hosts = secret.adguardhome.bind_hosts;
         port = 53;
 
         bootstrap_dns = [
@@ -54,7 +54,9 @@
           })
         (builtins.filter builtins.isString interfaces));
 
-  services.nginx.virtualHosts."agh.internal.kempkens.network" = {
+  virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce secret.adguardhome.podmanDNS;
+
+  services.nginx.virtualHosts."${secret.adguardhome.domain_prefix}.internal.kempkens.network" = {
     serverAliases = [ "dns.internal.kempkens.network" ];
 
     listen = [
diff --git a/system/nixos/home-proxy.nix b/system/nixos/home-proxy.nix
index d5e605e..17e85f9 100644
--- a/system/nixos/home-proxy.nix
+++ b/system/nixos/home-proxy.nix
@@ -22,8 +22,18 @@
 
     upstreams.dns = {
       servers = {
-        "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { };
+        "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
+          fail_timeout = "5s";
+        };
+
+        "${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
+          backup = true;
+        };
       };
+
+      extraConfig = ''
+        keepalive 8;
+      '';
     };
 
     virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {