hippocampus: perfect pitch: net tun device

hippocampus: glia.club domain prep
2026-02-11 22:20:03 -05:00 · 2026-02-11 21:49:21 -05:00
3 changed files with 24 additions and 5 deletions
--- a/machines/hippocampus/secrets/pass.yaml
+++ b/machines/hippocampus/secrets/pass.yaml
@@ -13,6 +13,8 @@ restic:
    repo: ENC[AES256_GCM,data:7sy35DPRrhGudRorlGb2OSQzXgeKBXlC5KEYCAtw0VgCu5K2A4XjS8mSlDdf4Tz/4tun6nmH,iv:X+JOQVHL9t8Nc7zuSUrYKkUUV/lqlav9RehZf4bs8pw=,tag:roC7vneozMbnO40713tUkQ==,type:str]
    passwd: ENC[AES256_GCM,data:vUsAP5+iZo7U55xnUP7Cnk1OxnrO+paHKmT2cuc=,iv:GF7fybEQZIxHPm1Z6Sj5dn/zOR5dRVgikH8LILsTMIs=,tag:Mh61boRPsfHeiSfXmrEx5Q==,type:str]
    backblaze: ENC[AES256_GCM,data:IfWzuIYUrCGYpP68CPFi2vLqq9NVmiVyCE+Z8yi+cnaQwgwNL40lJEPL/U3d0lgsmrsV4GheNJ0oQ9tnrrJeBgZgwMl/CwXMctuUHo+cvVot/cNRd1vCdjRr7WUnw8737uxyW45OaaYbkZRa3NWEGDll1iFDWB2w4n5DTsomyO03tFZB5gckwQYmpjYmK4DcIWyTaEiDrznmkyM+sxoWv9pcTHZIIN7TCHHkzmlMzXXqJnoRfCpdVm/QF9jbrAYs,iv:tOa1FFyggm0ScoRdFk6tACOnQVcZMYaDqeJyX5SMKXc=,tag:EY5jQhZnLP6IzqY9garoEQ==,type:str]
 oinkapi: ENC[AES256_GCM,data:bk4tLEYGpPnTgiSz9KAAwykjIFRMOL+GK9/VP/C/WGXSYyGq245w+EJuC/4+XNyic0dniGFtJOOGy9reIWj1ZIDXZY4=,iv:a85CCgy27ByGnMS/0ForMY25xkU1kgahyis0yLs5hTs=,tag:AsXxzQgyvBmpP/I0f0wApQ==,type:str]
 oinkSapi: ENC[AES256_GCM,data:SXfowRHpuhDMVoeqWPkfbnj/9+uGlBCg3MwUHCADeuLgaZImSnEiYLyjQfruhzoul9E+F1Uj4QxG8KeOY7nAFqkl/Ns=,iv:GYEiAQDylHxu9CW5DB0so9QY8Ou4fZT3+wk7ZrgoP+o=,tag:W/Q+tSfDsEcSYcI+oLuxxA==,type:str]
 sops:
    age:
        - recipient: age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve
@@ -24,7 +26,7 @@ sops:
            RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
            LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-19T19:15:37Z"
+    lastmodified: "2026-02-12T02:49:05Z"
-    mac: ENC[AES256_GCM,data:RPGKe5f+5GUnGK3zybRrTnd8N4TprLWBEWLI2HI68Acf1MlJ1AMOWOhpi5xa0Hkxpah8D/d0CEH2ymaO5EBSUamPdYThI4g/4cxNBXboKnALSf91ZUty86/1+14TbI6vFCZ5ghjB4THxszGf47ajIDa/TjHx0yHFWDi7rpApmcw=,iv:ep/NlJfkIkQe5RJ4U2YfZ7/0S4vWqxjg+xrLLnJwfwI=,tag:c01jey2juzoPKux7n/0rug==,type:str]
+    mac: ENC[AES256_GCM,data:DpNGfZsTv0obPiESnlxWV/jNHplGxScwrxUU84/2KIffMouMclIewz+VCKc0CxONXZh6ckMfkXZ+qNWPEp3NQCytmdymVhullKj3Rqn03/2yjbnLm+c1ehzoLinpdFOJykXkHlhnrVEfuxVLVcshm+auRVHbhYl9sY5r4lIvaWY=,iv:4QMDrDYxKb8Ut93bfjGdVGxkb4s9wWzwppwvr4anBvo=,tag:YPOmw1s1cHxEn+dQNJ2qcw==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
--- a/machines/hippocampus/servers/public/perfect_pitch.nix
+++ b/machines/hippocampus/servers/public/perfect_pitch.nix
@@ -10,7 +10,7 @@
    };
    script = ''
      exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
-        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \
+        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse --bind /dev/net/tun \
        -nbD /var/lib/machines/perfectpitch --machine perfectpitch
    '';
    postStart = ''
@@ -22,7 +22,10 @@
      Type = "notify";
      Slice = "machine.slice";
      Delegate = true;
-      DeviceAllow = "/dev/fuse rwm";
+      DeviceAllow = [
        "/dev/fuse rwm"
        "/dev/net/tun rwm"
      ];
    };
  };
  networking.nat = {
--- a/machines/hippocampus/services/dyndns.nix
+++ b/machines/hippocampus/services/dyndns.nix
@@ -11,4 +11,18 @@
      "@"
    ];
  };
  sops.secrets.oinkapi = {};
  sops.secrets.oinkSapi = {};
  services.oink = {
    enable = true;
    apiKeyFile = config.sops.secrets.oinkapi.path;
    secretApiKeyFile = config.sops.secrets.oinkSapi.path;
    domains = [
      {
        domain = "glia.club";
        subdomain = "";
        ttl = 1200;
      }
    ];
  };
 }
Author	SHA1	Message	Date
David Crompton	3ad59a986a	hippocampus: perfect pitch: net tun device	2026-02-11 22:20:03 -05:00
David Crompton	9291300cbd	hippocampus: glia.club domain prep	2026-02-11 21:49:21 -05:00