8 files changed, 75 insertions, 34 deletions

diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix
index 30f232b64..a53596cc6 100644
--- a/krebs/2configs/mud.nix
+++ b/krebs/2configs/mud.nix
@@ -5,7 +5,7 @@
     MUD_SERVER=''${MUD_SERVER:-127.0.0.1}
     MUD_PORT=''${MUD_PORT:-8080}
 
-    if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
+    if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
       ${nvim}/bin/nvim \
         +"let g:instant_username = \"$MUD_NICKNAME\"" \
         +":InstantJoinSession $MUD_SERVER $MUD_PORT" \
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index cc67c1a0a..e12f097cb 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -563,28 +563,28 @@ in {
         };
       };
     };
-    alsace = {
-      owner = config.krebs.users.xkey;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.73.31";
-          aliases = [ "alsace.r" ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAn9mZHXfUcR1/oby6KB1Z8s1AAuie4l5G624r0UqbWu+4xowFIeZs
-            kv2dqd+yiqammAA9P207ooLbGBp+P6i4f5VMCemkCnv0sC1TJ+DNwYqWYcFRZE7I
-            j00fw/QI9d6L1c4CqZHJPQXEHG3v46qPuUow8FDJ6fjoBmy6biHjSd0XC7oHGqRh
-            GE5RolnqUiQhW0b4TkHJV4yUfVki+olxQtYd4xIHs1hcSqoMK898jsPX5cLgoCzR
-            NPZVyHf2BM0urPn4mu/th4ZDKpQtrqeI7h6yhnzJ0onhtValwHiA3/DcHcWmYvHC
-            vw6umyiCqFDx2kmzOnpkBWv65ugKUwDSZR8ibp3q7W9iPBiCPv0FtKXsQW9EngSS
-            asQWC8U6cB23nKuMYQrtD33fVwYn58FBIY6+avroc7XN5cPM/9VBHqyXSDZNAWtt
-            TwC/sXFWqT6AbTwLV6zY1TW4jiwKOh3KAVnHqQhUhNlEMk6EFOjR1CABSwUVXleR
-            5whr1RbKAsrhqMprGKHndvxLXjbKSh6A0bVdOLOzSs7BME2Oi1OdHd6tqqYmcyuV
-            XQnFcOYKxF0RM83/V8rEgvVisIxXTGVrGw8Kse7PGFA1dGldptTC6kofLUxzADNw
-            bRnXtRk8VR0BBzTuPNDgUXL2XQLht6FwDKCA/En2vId98yc2uuDk468CAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-          tinc.pubkey_ed25519 = "lPvwNm2mfF+rX3noqt+80c7nlDCpC+98JPLWx2jJRLN";
+    rojava = {
+     owner = config.krebs.users.xkey;
+     nets = {
+       retiolum = {
+         ip4.addr = "10.243.23.42";
+         aliases = [ "rojava.r" ];
+         tinc.pubkey = ''
+           -----BEGIN RSA PUBLIC KEY-----
+           MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
+           B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
+           HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
+           Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
+           lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+           +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
+           3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
+           vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
+           HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
+           XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
+           yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
+           -----END RSA PUBLIC KEY-----
+         '';
+         tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
         };
       };
     };
diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix
index 6e4457eae..52ca718dd 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@@ -116,6 +116,28 @@ in
         wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
       };
     };
+    tahina = {
+      nets.retiolum = {
+        ip4.addr = "10.243.2.74";
+        aliases = [ "tahina.r" "tahina.kmein.r" ];
+        tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV
+          5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8
+          VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv
+          EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz
+          iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u
+          i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R
+          FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9
+          9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ
+          0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/
+          VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY
+          tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ==
+          -----END RSA PUBLIC KEY-----
+        '';
+        tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I";
+      };
+    };
     zaatar = {
       nets.retiolum = {
         ip4.addr = "10.243.2.34";
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index b62ece0c7..779e242c0 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -160,6 +160,25 @@ in {
         };
       };
     };
+    rauter = {
+      owner = config.krebs.users.mic92;
+      nets = rec {
+        retiolum = {
+          aliases = [ "rauter.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEArpSEoqFUdjaLiR3MpBlEoR0AOyaHPY9IPG4C5KsrfjeMDdfpOEGu
+            G0VHksBbkDV/MIgUVlK1B7LxZ73WUwKKB1YWGtY+QVX1tzoUqYwjMhp/xFVybyBw
+            M7nmTnM6Uq9Xd+S5mNMmOdvgNXfiP+zy4+iHJpn8YN/RnuyETqXhvVW9UasqVlmz
+            cY0dl+wsYFsJDnGc2ebpx5dzfpPgZKIFc0GlqDX0AqdQ2t2O9x4G5sFyUH0qPnDQ
+            776it6NXhwSKfl1h9xjQp8+qowIUlUqKgiVXfAzXHSxWmVQyxilCAkEk4vSs1HOj
+            ZNiK3LJKWEsy61hMt6K6AqpvSGlOdGa8WQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+          tinc.pubkey_ed25519 = "bL0slCR9oHx7FBeVb4ubo/bX8QJJBgchVKVSlWh3y1D";
+        };
+      };
+    };
     eve = {
       owner = config.krebs.users.mic92;
       extraZones."krebsco.de" = ''
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 3bab13b0e..7007090c0 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -125,8 +125,8 @@ let
         (interface: interfaceConfig: [
           (map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts)
           (map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts)
-          (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
-          (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
+          (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
+          (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
         ])
         config.networking.firewall.interfaces
       );
diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix
index 61bcc2b89..2930fd1eb 100644
--- a/krebs/5pkgs/simple/untilport/default.nix
+++ b/krebs/5pkgs/simple/untilport/default.nix
@@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" ''
   if [ $# -ne 2 ]; then
     usage
   else
-    until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
+    until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
   fi
 ''
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 71367c2f1..5e98fcb79 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d",
-  "date": "2022-02-21T09:47:16+01:00",
-  "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs",
-  "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2",
+  "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936",
+  "date": "2022-04-27T07:19:43+10:00",
+  "path": "/nix/store/hzywi4az4ldmh416hpm4r27075qvfmsf-nixpkgs",
+  "sha256": "1if304v4i4lm217kp9f11f241kl3drbix3d0f08vgd6g43pv5mhq",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index e7760128f..970ffa20a 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2",
-  "date": "2022-03-04T16:09:08+01:00",
-  "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs",
-  "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6",
+  "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879",
+  "date": "2022-04-30T11:27:15+02:00",
+  "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs",
+  "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,