From 30be9ada2486b92c39ddc464676f028dce980b55 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 13 Jan 2026 13:55:34 +0100
Subject: gitignore: fix bug introduced by 68d3c92

---
 krebs/1systems/ponte/config.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 8bb14d517..5deeb9923 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -8,6 +8,18 @@
     <stockholm/krebs/2configs/nameserver.nix>
   ];
 
+  #networking.defaultGateway6 = {
+  #  address = "fe80::1";
+  #  interface = "ens3";
+  #};
+  #networking.interfaces.ens3.ipv6.addresses = [
+  #  {
+  #    # old: address = "2a03:4000:13:4c::1";
+  #    address = "2a03:4000:1a:cf::1"; #/64"
+  #    prefixLength = 64;
+  #  }
+  #];
+
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   networking.firewall.logRefusedConnections = false;
   networking.firewall.logRefusedUnicastsOnly = false;
-- 
cgit v1.3.1


From 197bf404014b3bf33932ef8b7941ae0e26ea52a3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 21 Jan 2026 22:09:11 +0100
Subject: hotdog: cherry-pick nginx recommendedTlsSettings

---
 krebs/1systems/hotdog/config.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 91071ec85..655192077 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -5,6 +5,17 @@
     ../../../krebs
     ../../../krebs/2configs
     ../../../krebs/2configs/nginx.nix
+    {
+      # Cherry-pick services.nginx.recommendedTlsSettings to fix:
+      # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform
+      services.nginx.recommendedTlsSettings = lib.mkForce false;
+      services.nginx.appendHttpConfig = ''
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off;
+        ssl_prefer_server_ciphers off;
+      '';
+    }
 
     ../../../krebs/2configs/binary-cache/nixos.nix
     ../../../krebs/2configs/ircd.nix
-- 
cgit v1.3.1


From 4b80810e3669949ee9aa3c7ae93a1bc20f66f9fd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 21 Jan 2026 22:33:00 +0100
Subject: puyak: temporarily disable worlddomination

---
 krebs/1systems/puyak/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 0c361cc42..3a7b114cc 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -27,7 +27,7 @@
 
     ### shackspace ###
     # handle the worlddomination map via coap
-    ../../2configs/shack/worlddomination.nix
+    #../../2configs/shack/worlddomination.nix (FIXME error: python3.13-LinkHeader-0.4.3 does not configure a `format`. To build with setuptools as before, set `pyproject = true` and `build-system = [ setuptools ]`.)
     ../../2configs/shack/ssh-keys.nix
 
     # drivedroid.shack for shackphone
-- 
cgit v1.3.1


From 5901b3d01a9bc786c0a559c644820c6eb2dbbebd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 21 Jan 2026 22:36:17 +0100
Subject: puyak: temporarily disable driverdroid

---
 krebs/1systems/puyak/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 3a7b114cc..566f14f63 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -31,7 +31,7 @@
     ../../2configs/shack/ssh-keys.nix
 
     # drivedroid.shack for shackphone
-    ../../2configs/shack/drivedroid.nix
+    #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing)
     # ../../2configs/shack/nix-cacher.nix
 
     # Say if muell will be collected
-- 
cgit v1.3.1


From ef8f9e3533be50ee657ceae7c699a1105d8745fb Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 21 Jan 2026 22:45:21 +0100
Subject: puyak: temporarily disable mobile.lounge.mpd.shack

---
 krebs/1systems/puyak/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 566f14f63..60479fd90 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -70,7 +70,7 @@
     # ../../2configs/shack/share.nix
 
     # mobile.lounge.mpd.shack
-    ../../2configs/shack/mobile.mpd.nix
+    #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.)
 
     # hass.shack
     ../../2configs/shack/glados
-- 
cgit v1.3.1