diff --git a/flake.lock b/flake.lock index 85dd5b4..7da9f33 100644 --- a/flake.lock +++ b/flake.lock @@ -33,14 +33,15 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": "nixpkgs", - "poetry2nix": "poetry2nix" + "poetry2nix": "poetry2nix", + "systems": "systems_2" }, "locked": { - "lastModified": 1724362025, - "narHash": "sha256-/fzIU/Hjgksy7A4ji09zK6cH7ATQV5rAEYb/wgBw8x8=", + "lastModified": 1725809370, + "narHash": "sha256-uUc+TbF17Q9H00aj1cbZGB25Tob6PpZ9M0RoY/jOo6s=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "39cf62b92149800dd2a436f8b18acd471c9180dd", + "rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3", "type": "github" }, "original": { @@ -52,16 +53,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1724339964, - "narHash": "sha256-QwK/auMLCJEHHtyexFnO+adCq/u0fezHQ90fXW9J4c4=", + "lastModified": 1725718494, + "narHash": "sha256-X4Bwm7s6/8HcvKE+kyqwU+M1GEK/+RVHtDK1GpkuM4s=", "owner": "goauthentik", "repo": "authentik", - "rev": "8a0b31b9227ca33b96c5448f185419f17090ed38", + "rev": "f5580d311d01f2202b666f76931ed04f30b9ec30", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.6.4", + "ref": "version/2024.8.1", "repo": "authentik", "type": "github" } @@ -183,11 +184,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -219,7 +220,10 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": [ + "authentik", + "systems" + ] }, "locked": { "lastModified": 1710146030, @@ -252,7 +256,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -297,11 +301,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -332,11 +336,11 @@ }, "impermanence": { "locked": { - "lastModified": 1724489415, - "narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=", + "lastModified": 1725690722, + "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=", "owner": "nix-community", "repo": "impermanence", - "rev": "c7f5b394397398c023000cf843986ee2571a1fd7", + "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5", "type": "github" }, "original": { @@ -384,15 +388,16 @@ ] }, "locked": { - "lastModified": 1717929455, - "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=", - "owner": "nix-community", + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", "repo": "napalm", - "rev": "e1babff744cd278b56abe8478008b4a9e23036cf", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", "repo": "napalm", "type": "github" } @@ -445,11 +450,11 @@ ] }, "locked": { - "lastModified": 1725161148, - "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", + "lastModified": 1725765290, + "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "32058e9138248874773630c846563b1a78ee7a5b", + "rev": "642275444c5a9defce57219c944b3179bf2adaa9", "type": "github" }, "original": { @@ -460,11 +465,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -476,14 +481,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-lib_2": { @@ -519,11 +524,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -563,15 +568,18 @@ "authentik", "nixpkgs" ], - "systems": "systems_3", + "systems": [ + "authentik", + "systems" + ], "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724208502, - "narHash": "sha256-TCRcEPSfgAw/t7kClmlr23s591N06mQCrhzlAO7cyFw=", + "lastModified": 1725532428, + "narHash": "sha256-dCfawQDwpukcwQw++Cn/3LIh/RZMmH+k3fm91Oc5Pf0=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "884b66152b0c625b8220b570a31dc7acc36749a3", + "rev": "a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2", "type": "github" }, "original": { @@ -685,34 +693,20 @@ }, "systems_2": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index 708802a..5027db1 100644 --- a/flake.nix +++ b/flake.nix @@ -53,7 +53,6 @@ { self , nixpkgs , home-manager - , dns , nix-index-database , agenix , authentik @@ -70,7 +69,7 @@ # thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel; jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { }; adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; - matrix-authentication-service = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/matrix-authentication-service { }; + # matrix-authentication-service = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/matrix-authentication-service { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { }; hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { }; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index f9a0ae5..147f3ab 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -36,7 +36,7 @@ let subdomains = let getVirtualHosts = hostname: map (name: builtins.substring 0 (builtins.stringLength name - (builtins.stringLength domain + 1)) name) (builtins.attrNames self.nixosConfigurations."${hostname}".config.services.caddy.virtualHosts); - genCNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (label: { CNAME = [ "${hostname}.${domain}." ]; }); + genCNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (_label: { CNAME = [ "${hostname}.${domain}." ]; }); in lib.attrsets.mergeAttrsList [ rec { diff --git a/hosts/falkenstein/modules/monitoring/dmarc.nix b/hosts/falkenstein/modules/monitoring/dmarc.nix index e7c264f..d7e29a9 100644 --- a/hosts/falkenstein/modules/monitoring/dmarc.nix +++ b/hosts/falkenstein/modules/monitoring/dmarc.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, ... }: { # required for elasticsearch nixpkgs.config.allowUnfree = true; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index c9bee3f..ddc413d 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -53,56 +53,56 @@ console.keyMap = "dvorak"; - # services.openldap = { - # enable = true; - # urlList = [ "ldap:///" ]; - # settings = { - # attrs = { - # olcLogLevel = "conns config"; - # }; - # children = { - # "cn=schema".includes = [ - # "${pkgs.openldap}/etc/schema/core.ldif" - # # attributetype ( 9999.1.1 NAME 'isMemberOf' - # # DESC 'back-reference to groups this user is a member of' - # # SUP distinguishedName ) - # "${pkgs.openldap}/etc/schema/cosine.ldif" - # "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - # "${pkgs.openldap}/etc/schema/nis.ldif" - # # "${pkgs.writeText "openssh.schema" '' - # # attributetype ( 9999.1.2 NAME 'sshPublicKey' - # # DESC 'SSH public key used by this user' - # # SUP name ) - # # ''}" - # ]; + services.openldap = { + enable = true; + urlList = [ "ldap:///" ]; + settings = { + attrs = { + olcLogLevel = "conns config"; + }; + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + # attributetype ( 9999.1.1 NAME 'isMemberOf' + # DESC 'back-reference to groups this user is a member of' + # SUP distinguishedName ) + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + # "${pkgs.writeText "openssh.schema" '' + # attributetype ( 9999.1.2 NAME 'sshPublicKey' + # DESC 'SSH public key used by this user' + # SUP name ) + # ''}" + ]; - # "olcDatabase={1}mdb".attrs = { - # objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + "olcDatabase={1}mdb".attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - # olcDatabase = "{1}mdb"; - # olcDbDirectory = "/var/lib/openldap/data"; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; - # olcSuffix = "dc=ifsr,dc=de"; + olcSuffix = "dc=ifsr,dc=de"; - # /* your admin account, do not use writeText on a production system */ - # olcRootDN = "cn=portunus,dc=ifsr,dc=de"; - # olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32"; + /* your admin account, do not use writeText on a production system */ + olcRootDN = "cn=portunus,dc=ifsr,dc=de"; + olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32"; - # olcAccess = [ - # /* custom access rules for userPassword attributes */ - # ''{0}to attrs=userPassword - # by self write - # by anonymous auth - # by * none'' + olcAccess = [ + /* custom access rules for userPassword attributes */ + ''{0}to attrs=userPassword + by self write + by anonymous auth + by * none'' - # /* allow read on anything else */ - # ''{1}to * - # by * read'' - # ]; - # }; - # }; - # }; - # }; + /* allow read on anything else */ + ''{1}to * + by * read'' + ]; + }; + }; + }; + }; services = { diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index a2e9188..9a96170 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -5,6 +5,9 @@ # enable = true; # defaultNetwork.settings.dns_enabled = true; # }; + docker = { + enable = true; + }; libvirtd = { enable = true; qemu = { diff --git a/shared/systemd.nix b/shared/systemd.nix index bb6a7d5..691d568 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, nixpkgs-systemd-256, ... }: +{ pkgs, lib, ... }: { systemd = {