ethnt · ethnt · Mar 18, 2026 · Mar 7, 2026 · Mar 9, 2026 · Mar 17, 2026
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,30 +10,26 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v4.2.1
-    - name: Clean up storage
-      run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
-
-        sudo docker image prune --all --force
-
-        sudo docker builder prune -a
-
-        '
     - name: Install Nix
-      uses: DeterminateSystems/nix-installer-action@v14
+      uses: NixOS/nix-installer-action@main
       with:
-        extra-conf: allow-import-from-derivation = true
+        extra-conf: 'accept-flake-config = true
+
+          max-jobs = auto
+
+          '
     - name: Add SSH keys to ssh-agent
       uses: webfactory/ssh-agent@v0.9.0
       with:
         ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }}
     - name: Setup Attic cache
-      uses: ryanccn/attic-action@v0.3.1
+      uses: ryanccn/attic-action@v0
       with:
         cache: e10
         endpoint: https://cache.e10.camp
         token: ${{ secrets.ATTIC_TOKEN }}
     - name: Use Cachix store
-      uses: cachix/cachix-action@v15
+      uses: cachix/cachix-action@master
       with:
         authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
         installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix
@@ -58,34 +54,38 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v4.2.1
-    - name: Clean up storage
-      run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
-
-        sudo docker image prune --all --force
-
-        sudo docker builder prune -a
-
-        '
     - name: Install Nix
-      uses: DeterminateSystems/nix-installer-action@v14
+      uses: NixOS/nix-installer-action@main
       with:
-        extra-conf: allow-import-from-derivation = true
+        extra-conf: 'accept-flake-config = true
+
+          max-jobs = auto
+
+          '
     - name: Add SSH keys to ssh-agent
       uses: webfactory/ssh-agent@v0.9.0
       with:
         ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }}
     - name: Setup Attic cache
-      uses: ryanccn/attic-action@v0.3.1
+      uses: ryanccn/attic-action@v0
       with:
         cache: e10
         endpoint: https://cache.e10.camp
         token: ${{ secrets.ATTIC_TOKEN }}
     - name: Use Cachix store
-      uses: cachix/cachix-action@v15
+      uses: cachix/cachix-action@master
       with:
         authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
         installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix
         name: e10
+    - name: Clean up storage
+      run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
+
+        sudo docker image prune --all --force
+
+        sudo docker builder prune -a
+
+        '
     - run: 'nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel
         --accept-flake-config --show-trace
 

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -5,30 +5,26 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v4.2.1
-    - name: Clean up storage
-      run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
-
-        sudo docker image prune --all --force
-
-        sudo docker builder prune -a
-
-        '
     - name: Install Nix
-      uses: DeterminateSystems/nix-installer-action@v14
+      uses: NixOS/nix-installer-action@main
       with:
-        extra-conf: allow-import-from-derivation = true
+        extra-conf: 'accept-flake-config = true
+
+          max-jobs = auto
+
+          '
     - name: Add SSH keys to ssh-agent
       uses: webfactory/ssh-agent@v0.9.0
       with:
         ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }}
     - name: Setup Attic cache
-      uses: ryanccn/attic-action@v0.3.1
+      uses: ryanccn/attic-action@v0
       with:
         cache: e10
         endpoint: https://cache.e10.camp
         token: ${{ secrets.ATTIC_TOKEN }}
     - name: Use Cachix store
-      uses: cachix/cachix-action@v15
+      uses: cachix/cachix-action@master
       with:
         authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
         installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix

diff --git a/deploy/terraform/vms.tf b/deploy/terraform/vms.tf
@@ -462,6 +462,12 @@ resource "proxmox_virtual_environment_vm" "controller" {
     usb3 = true
   }
 
+  # TP-Link bluetooth adapter
+  usb {
+    host = "2357:0604"
+    usb3 = true
+  }
+
   startup {
     down_delay = -1
     order      = 2

diff --git a/flake.lock b/flake.lock
diff --git a/hosts/bastion/profiles/caddy/default.nix b/hosts/bastion/profiles/caddy/default.nix
@@ -93,11 +93,6 @@
         inherit (hosts.htpc.config.services.sonarr) port;
       };
 
-      "huntarr.e10.camp" = {
-        host = hosts.htpc;
-        inherit (hosts.htpc.config.services.huntarr) port;
-      };
-
       "bazarr.e10.camp" = {
         host = hosts.htpc;
         port = hosts.htpc.config.services.bazarr.listenPort;
@@ -312,7 +307,12 @@
           }
         '';
         extraReverseProxyConfig = ''
-          header_up X-Real-IP {remote_host}
+          header_up X-Real-IP {http.request.remote.host}
+
+          transport http {
+            read_buffer 0
+            write_buffer 0
+          }
         '';
       };
     };

diff --git a/hosts/builder/configuration.nix b/hosts/builder/configuration.nix
@@ -1,10 +1,10 @@
 { suites, profiles, ... }: {
   imports = with suites;
-    core ++ local ++ proxmox-vm ++ [
-      profiles.services.attic-watch-store.default
+    core ++ proxmox-vm ++ [
       profiles.emulation.aarch64-linux
       profiles.remote-builder.builder
       profiles.remote-builder.substituter
+      profiles.services.attic-watch-store.default
     ] ++ [ ./hardware-configuration.nix ./disk-config.nix ];
 
   boot.loader.grub.devices =

diff --git a/hosts/controller/configuration.nix b/hosts/controller/configuration.nix
@@ -1,6 +1,6 @@
 { profiles, suites, ... }: {
   imports = with suites;
-    core ++ local ++ proxmox-vm ++ [
+    core ++ proxmox-vm ++ [
       profiles.communications.mosquitto.default
       profiles.hardware.bluetooth
       profiles.home-automation.home-assistant.default

diff --git a/hosts/htpc/configuration.nix b/hosts/htpc/configuration.nix
@@ -1,13 +1,13 @@
 { suites, profiles, pkgs, secrets, ... }: {
   imports = with suites;
-    core ++ local ++ proxmox-vm ++ [
+    core ++ proxmox-vm ++ [
       profiles.filesystems.blockbuster
       profiles.filesystems.files.personal
       profiles.hardware.nvidia
+      profiles.home-automation.frigate.default
       profiles.media-management.bazarr.default
       profiles.media-management.declutarr.default
       profiles.media-management.fileflows.server
-      profiles.media-management.huntarr
       profiles.media-management.jellyfin
       profiles.media-management.jellyseerr
       profiles.media-management.plex
@@ -17,9 +17,8 @@
       profiles.media-management.sabnzbd.default
       profiles.media-management.sonarr.default
       profiles.media-management.tautulli
-      profiles.media-management.wizarr
-      profiles.home-automation.frigate.default
       profiles.media-management.tracearr.default
+      profiles.media-management.wizarr
       profiles.services.attic-watch-store.default
       profiles.sharing.nfs-client
       profiles.telemetry.prometheus-dcgm-exporter
@@ -65,11 +64,19 @@
 
   environment.systemPackages = with pkgs; [ mediainfo ];
 
-  services.borgmatic.configurations.system.exclude_patterns = [
-    "/var/lib/sabnzbd/downloads"
-    "/var/lib/plex/transcodes"
-    "/var/lib/fileflows/Temp"
-  ];
+  services.restic.backups = {
+    system-omnibus.exclude = [
+      "/var/lib/sabnzbd/downloads"
+      "/var/lib/plex/transcodes"
+      "/var/lib/fileflows/Temp"
+    ];
+
+    system-rsync-net.exclude = [
+      "/var/lib/sabnzbd/downloads"
+      "/var/lib/plex/transcodes"
+      "/var/lib/fileflows/Temp"
+    ];
+  };
 
   system.stateVersion = "24.05";
 }
diff --git a/hosts/matrix/configuration.nix b/hosts/matrix/configuration.nix
@@ -1,6 +1,6 @@
 { lib, suites, profiles, ... }: {
   imports = with suites;
-    core ++ local ++ proxmox-vm ++ [
+    core ++ proxmox-vm ++ [
       profiles.databases.postgresql
       profiles.emulation.aarch64-linux
       profiles.filesystems.blockbuster
@@ -63,8 +63,10 @@
     };
   };
 
-  services.borgmatic.configurations.system.source_directories =
-    lib.mkAfter [ "/var/www" ];
+  services.restic.backups = {
+    system-omnibus.paths = lib.mkAfter [ "/var/www" ];
+    system-rsync-net.exclude = lib.mkAfter [ "/var/www" ];
+  };
 
   system.stateVersion = "24.05";
 }
diff --git a/hosts/monitor/configuration.nix b/hosts/monitor/configuration.nix
@@ -3,8 +3,8 @@
     core ++ aws ++ web ++ [
       profiles.communications.grafana-to-ntfy.default
       profiles.communications.ntfy
-      profiles.monitoring.loki.default
       profiles.monitoring.influxdb2.default
+      profiles.monitoring.loki.default
       profiles.monitoring.rsyslogd
       profiles.monitoring.thanos.default
       profiles.observability.gatus.default

diff --git a/hosts/monitor/profiles/grafana/default.nix b/hosts/monitor/profiles/grafana/default.nix
@@ -165,14 +165,6 @@
           name = "Nvidia";
           options.path = ./provisioning/nvidia.json;
         }
-        {
-          name = "Borgmatic Logs";
-          options.path = ./provisioning/borgmatic/logs.json;
-        }
-        {
-          name = "Borgmatic Backups";
-          options.path = ./provisioning/borgmatic/backups.json;
-        }
         {
           name = "Caddy";
           options.path = ./provisioning/caddy.json;