The LUKS device is named "luks-5c5e94fc-..." in hardware-configuration.nix
which already has the FIDO2 options. The "crypted" reference caused a build
error. Also fix duplicate attribute definitions and unnecessary config wrapper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All nodes now list 1.1.1.1 and 8.8.8.8 as fallback nameservers after
MCNS. When MCNS is down, internal names (.svc.mcp.metacircular.net)
fail but external DNS (google.com, github.com, etc.) keeps working.
Lesson from 2026-04-03 incident: without fallbacks, MCNS failure
caused total DNS blackout including external services, forcing
Tailscale to be disabled to restore any DNS resolution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The FIDO2 crypttab options are already on the correct UUID-named device
in hardware-configuration.nix; the "crypted" name only applies to
disko-provisioned hosts (rift).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The module used explicit `config = { ... }` but also had duplicate
networking.nameservers and services.resolved.domains at the top level,
causing a NixOS module evaluation error. Merged the Tailscale nameserver
into the config block and removed the duplicates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Install mciasctl, mciasgrpcctl, mcrctl, and mcproxyctl via new
configs/mcpkg.nix module. Adds flake inputs for mcias, mcr, and
mc-proxy from git.wntrmute.dev.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
