Caddy has been migrated to wintermute. Remove the caddy.nix import,
delete the config file, and drop ports 80/443 from alt's firewall.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update reverse proxy backends from 192.168.80.4 to 192.168.80.9 for
services still hosted on alt (files, shiori, books, recipes, jelly).
Add avahi and bat to wintermute's packages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove alex from nix.settings.trusted-users in core.nix (was not in
the original base.nix and widens attack surface by allowing arbitrary
binary cache configuration without sudo)
- Restore useful comments in base.nix (zram explanation, earlyoom
purpose, avahi/systemd-resolved notes)
- Move documentation.man.man-db.enable = false into core.nix so all
hosts get it, remove redundant setting from wintermute and nightcity
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Minimal LXC host importing only core.nix — no build toolchains, no
Home Manager. Caddy config migrated from alt with all existing vhosts
intact. Ready to clone from bootstrap template and deploy.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
core.nix is the new minimal layer: user, SSH, fish, nix flakes/gc,
locale, and a handful of essential packages. Suitable for any headless
host that just needs to be SSHable and manageable.
base.nix now imports core.nix and adds the day-to-day quality-of-life
layer: avahi, mosh, direnv, nix-ld, earlyoom, zramSwap, CLI tools,
and build toolchains. All existing hosts that import base.nix are
unchanged.
bootstrap is updated to import core.nix directly instead of
duplicating the config inline.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch NetworkManager WiFi backend to iwd to resolve repeated
wpa_supplicant disconnects caused by nl80211 send_event_marker
incompatibility with iwlwifi. Each disconnect was triggering avahi
SIGHUP reloads, causing .local name resolution to fail for several
minutes at a time.
Also disable WiFi power save in TLP and enable IPv6 mDNS resolution
via NSS (nssmdns6) for hosts that only advertise IPv6 addresses.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
