enable autoupdates

common.nix

@@ -81,13 +81,13 @@
   systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000;
 
   system.autoUpgrade = {
-    enable = false;
+    enable = true;
-    dates = "minutely";
+    dates = "hourly";
     flake = "git+https://git.missing.ninja/lf3/server-conf.git";
   };
 
   networking.hosts = {
-    "192.168.88.251" = [ "wiki.it3" ];
+    "192.168.88.251" = builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts;
     "192.168.88.1" = [ "router" ];
   };
 

router.nix

@@ -1,4 +1,5 @@
 {
+  # Resret router with /system reset-configuration keep-users no-defaults run-after-reset=router-config.rsc
   "/interface bridge" = [
     {
       auto-mac = "no";
@@ -101,78 +102,34 @@
     }
   ];
   "/ip dns" = {
-    "allow-remote-requests" = "yes";
+    no_label = {
+      allow-remote-requests = "yes";
       servers = "1.1.1.1,1.0.0.1";
     };
+  };
   "/ip dns static" = [
     {
       address = "192.168.88.1";
       name = "router.lan";
     }
   ];
+  "/ip firewall address-list" = [
+    {
+      address = "10.10.10.10-10.10.10.10.254";
+      list = "allowed_to_router";
+    }
+  ];
   "/ip firewall filter" = [
     {
       action = "accept";
       chain = "input";
-      comment = "defconf: accept established,related,untracked";
+      src-address-list = "allowed_to_router";
-      "connection-state" = "established,related,untracked";
-    }
-    {
-      action = "drop";
-      chain = "input";
-      comment = "defconf: drop invalid";
-      "connection-state" = "invalid";
     }
     {
       action = "accept";
       chain = "input";
-      comment = "defconf: accept ICMP";
       protocol = "icmp";
     }
-    {
-      action = "drop";
-      chain = "input";
-      comment = "defconf: drop all not coming from LAN";
-      "in-interface-list" = "!LAN";
-    }
-    {
-      action = "accept";
-      chain = "forward";
-      comment = "defconf: accept in ipsec policy";
-      "ipsec-policy" = "in,ipsec";
-    }
-    {
-      action = "accept";
-      chain = "forward";
-      comment = "defconf: accept out ipsec policy";
-      "ipsec-policy" = "out,ipsec";
-    }
-    {
-      action = "fasttrack-connection";
-      chain = "forward";
-      comment = "defconf: fasttrack";
-      "connection-state" = "established,related";
-    }
-    {
-      action = "accept";
-      chain = "forward";
-      comment = "defconf: accept established,related, untracked";
-      "connection-state" = "established,related,untracked";
-    }
-    {
-      action = "drop";
-      chain = "forward";
-      comment = "defconf: drop invalid";
-      "connection-state" = "invalid";
-    }
-    {
-      action = "drop";
-      chain = "forward";
-      comment = "defconf:  drop all from WAN not DSTNATed";
-      "connection-nat-state" = "!dstnat";
-      "connection-state" = "new";
-      "in-interface-list" = "WAN";
-    }
   ];
   "/ip firewall nat" = [
     {

systems/mio-mio-mate/default.nix

@@ -49,6 +49,13 @@
 
   services.nginx = {
     enable = true;
+    virtualHosts = {
+      "manga.it3" = {
+        locations."/" = {
+          proxyPass = "http://localhost:8080/";
+        };
+      };
+    };
   };
 
   services.dnsmasq = {
@@ -72,4 +79,27 @@
     nginx.hostName = "wiki.it3";
     passwordFile = "${../../init/mediawiki}";
   };
+
+  services.suwayomi-server = {
+    enable = true;
+    settings = {
+      server = {
+        systemTrayEnabled = true;
+        extensionRepos = [
+          "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"
+        ];
+        webUIEnabled = true;
+        initialOpenInBrowserEnabled = true;
+        webUIInterface = "browser";
+        webUIFlavor = "WebUI";
+      };
+    };
+  };
+
+  services.freshrss = {
+    enable = true;
+    virtualHost = "rss.it3";
+    authType = "none";
+    baseUrl = "http://rss.it3";
+  };
 }