From 7544f6d121b3b1fb4a9ff0947c7e6a5dfd601f1d Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Sun, 31 May 2026 20:12:35 +0200
Subject: [PATCH] Upgrade to NixOS 26.05

---
 configuration.nix      |  5 +++++
 flake.nix              |  2 +-
 modules/monitoring.nix | 11 +++++++----
 modules/networking.nix |  8 ++++----
 secrets/grafana.age    |  5 +++++
 secrets/secrets.nix    |  1 +
 6 files changed, 23 insertions(+), 9 deletions(-)
 create mode 100644 secrets/grafana.age

diff --git a/configuration.nix b/configuration.nix
index 50c8d27..827c383 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -237,6 +237,11 @@ with pkgs;
       owner = "63026";
       group = "63026";
     };
+    secrets.grafana = {
+      file = secrets/grafana.age;
+      owner = "grafana";
+      group = "granafa";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
diff --git a/flake.nix b/flake.nix
index 4bbd612..68f9f62 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,7 +9,7 @@
   };
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05";
     determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
     agenix = {
       url = "github:ryantm/agenix";
diff --git a/modules/monitoring.nix b/modules/monitoring.nix
index 05a8ddb..0689cd9 100644
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@@ -82,10 +82,13 @@ with pkgs;
   # Grafana configuration
   services.grafana = {
     enable = true;
-    settings.server = {
-      domain = "grafana.psydnd.org";
-      http_port = 9009;
-      http_addr = "127.0.0.1";
+    settings = {
+      server = {
+        domain = "grafana.psydnd.org";
+        http_port = 9009;
+        http_addr = "127.0.0.1";
+      };
+      security.secret_key = config.age.secrets.grafana.path;
     };
   };
 
diff --git a/modules/networking.nix b/modules/networking.nix
index efcdb6a..a8f45b9 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -135,10 +135,10 @@ in
   services.resolved = {
     enable = true;
     llmnr = "false";
-    extraConfig = ''
-      MulticastDNS=yes
-      DNSStubListener=no
-    '';
+    settings.Resolve = {
+      MulticastDNS = true;
+      DNSStubListener = false;
+    };
   };
 
   # DNS server with ad-block
diff --git a/secrets/grafana.age b/secrets/grafana.age
new file mode 100644
index 0000000..5d48581
--- /dev/null
+++ b/secrets/grafana.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg Ag32nut/aBlxEy7RPw7sV5itZSHkp8eMLVtxFxwQ8EM
+ZhK8EZWTLkxrwo+x97w4HpexDXkC1yQuKyYFujqlOgs
+--- kszqKtyubreK5mGkrJg4hrEKrfITJCCM/hW6IHKlMIE
+T�+�~/��DbM?�������a-�'��p^5�?��&#!�ϳ��~59O
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4fb35e1..70bd9ea 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,5 @@ in
   "acme-porkbun.age".publicKeys = [ zion ];
   "microbin.age".publicKeys = [ zion ];
   "readeck.age".publicKeys = [ zion ];
+  "grafana.age".publicKeys = [ zion ];
 }