mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
wireguard and fail2ban
This commit is contained in:
parent
78a47101ac
commit
5148ff5953
42
flake.lock
42
flake.lock
|
@ -171,11 +171,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697410455,
|
"lastModified": 1697964592,
|
||||||
"narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=",
|
"narHash": "sha256-fua0LKNLkYYK2Dgdm9P+VPdqrVgDXUIx+EkQAQByhuc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "78125bc681d12364cb65524eaa887354134053d0",
|
"rev": "219d268a69512ff520fe8da1739ac22d95d52355",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -272,11 +272,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697340827,
|
"lastModified": 1697946153,
|
||||||
"narHash": "sha256-XlrR68N7jyaZ0bs8TPrhqcWG0IPG3pbjrKzJMpYOsos=",
|
"narHash": "sha256-7k7qIwWLaYPgQ4fxmEdew3yCffhK6rM4I4Jo3X/79DA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "29977d0796c058bbcfb2df5b18eb5badf1711007",
|
"rev": "5a2006282caaf32663cdcd582c5b18809c7d7d8d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -287,11 +287,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697100850,
|
"lastModified": 1697748412,
|
||||||
"narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=",
|
"narHash": "sha256-5VSB63UE/O191cuZiGHbCJ9ipc7cGKB8cHp0cfusuyo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565",
|
"rev": "72d53d51704295f1645d20384cd13aecc182f624",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -301,11 +301,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697059129,
|
"lastModified": 1697723726,
|
||||||
"narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
|
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
|
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -347,11 +347,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_2": {
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697332183,
|
"lastModified": 1697929210,
|
||||||
"narHash": "sha256-ACYvYsgLETfEI2xM1jjp8ZLVNGGC0onoCGe+69VJGGE=",
|
"narHash": "sha256-RkQZif6QhswEwv7484mrKfIU8XmIWm+ED6llbr4IyxM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0e1cff585c1a85aeab059d3109f66134a8f76935",
|
"rev": "fb000224952bf7749a9e8b3779104ef7ea4465c8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -419,11 +419,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696139730,
|
"lastModified": 1697981942,
|
||||||
"narHash": "sha256-Y7EIcrDVm6ACc9e8rXygXJkeODy1RzvlqI33ReV5Zug=",
|
"narHash": "sha256-D+2k9UubyeBaq0+L+nqmF0J9iqllhyO5gdJgg9UoGTA=",
|
||||||
"owner": "therealr5",
|
"owner": "therealr5",
|
||||||
"repo": "purge",
|
"repo": "purge",
|
||||||
"rev": "bf9d45d1ee3bec6232ddc1028a25b433df32c85a",
|
"rev": "7e3f832be406e1323138a6ec0e0d10347c8c9689",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -481,11 +481,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697339241,
|
"lastModified": 1697943852,
|
||||||
"narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=",
|
"narHash": "sha256-DaBxUPaZhQ3yLCmAATshYB7qo7NwcMvSFWz9T3bjYYY=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "51186b8012068c417dac7c31fb12861726577898",
|
"rev": "30a0ba4a20703b4bfe047fe5def1fc24978e322c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -5,7 +5,8 @@
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./modules/backup
|
# ./modules/backup
|
||||||
|
./modules/fail2ban
|
||||||
./modules/mail
|
./modules/mail
|
||||||
./modules/networks
|
./modules/networks
|
||||||
./modules/nginx
|
./modules/nginx
|
||||||
|
|
|
@ -5,8 +5,6 @@
|
||||||
services.borgmatic = {
|
services.borgmatic = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
# fix failing check
|
|
||||||
location = null;
|
|
||||||
source_directories = [
|
source_directories = [
|
||||||
"/var/lib"
|
"/var/lib"
|
||||||
"/var/log"
|
"/var/log"
|
||||||
|
|
25
hosts/falkenstein-1/modules/fail2ban/default.nix
Normal file
25
hosts/falkenstein-1/modules/fail2ban/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
bantime = "10m";
|
||||||
|
bantime-increment = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
jails = {
|
||||||
|
dovecot = ''
|
||||||
|
enabled = true
|
||||||
|
# aggressive mode add blocking for aborted connections
|
||||||
|
filter = dovecot[mode=aggressive]
|
||||||
|
bantime = 10m
|
||||||
|
maxretry = 3
|
||||||
|
'';
|
||||||
|
postfix = ''
|
||||||
|
enabled = true
|
||||||
|
filter = postfix[mode=aggressive]
|
||||||
|
maxretry = 3
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -42,8 +42,7 @@
|
||||||
netdevs."30-dorm" = {
|
netdevs."30-dorm" = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
Name = "dorm";
|
Name = "wg0";
|
||||||
Description = "WireGuard to my Dorm Infra";
|
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
|
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
|
||||||
|
@ -52,29 +51,29 @@
|
||||||
wireguardPeers = [
|
wireguardPeers = [
|
||||||
{
|
{
|
||||||
wireguardPeerConfig = {
|
wireguardPeerConfig = {
|
||||||
PublicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430=";
|
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
|
||||||
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
|
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
|
||||||
Endpoint = "dorm.vpn.rfive.de:51820";
|
Endpoint = "dorm.vpn.rfive.de:51820";
|
||||||
AllowedIPs = "10.10.10.0/24, 192.168.10.0/24";
|
AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networks."30-dorm" = {
|
networks."30-dorm" = {
|
||||||
matchConfig.Name = "dorm";
|
matchConfig.Name = "wg0";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DNS = "192.168.10.1";
|
DNS = "192.168.42.1";
|
||||||
};
|
};
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
addressConfig = {
|
addressConfig = {
|
||||||
Address = "10.10.10.4/24";
|
Address = "192.168.43.4/24";
|
||||||
RouteMetric = 30;
|
RouteMetric = 30;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.10.0/24"; Metric = 30; }; }
|
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.42.0/24"; Metric = 30; }; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,7 +3,7 @@ let
|
||||||
domain = "purge.${config.networking.domain}";
|
domain = "purge.${config.networking.domain}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets."purge/token".owner = "purge";
|
sops.secrets."purge/token" = { };
|
||||||
services.purge = {
|
services.purge = {
|
||||||
enable = true;
|
enable = true;
|
||||||
discord = {
|
discord = {
|
||||||
|
|
|
@ -38,12 +38,12 @@
|
||||||
settings = {
|
settings = {
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
substituters = [
|
# substituters = [
|
||||||
"ssh://nuc.lan"
|
# "ssh://nuc.lan"
|
||||||
];
|
# ];
|
||||||
trusted-public-keys = [
|
# trusted-public-keys = [
|
||||||
"nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc="
|
# "nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc="
|
||||||
];
|
# ];
|
||||||
};
|
};
|
||||||
# distributedBuilds = true;
|
# distributedBuilds = true;
|
||||||
# extraOptions = ''
|
# extraOptions = ''
|
||||||
|
@ -231,7 +231,6 @@
|
||||||
|
|
||||||
deploy-rs
|
deploy-rs
|
||||||
man-pages
|
man-pages
|
||||||
man-pages-posix
|
|
||||||
];
|
];
|
||||||
programs.java.enable = true;
|
programs.java.enable = true;
|
||||||
documentation.dev.enable = true;
|
documentation.dev.enable = true;
|
||||||
|
|
|
@ -55,8 +55,8 @@
|
||||||
matchConfig.Name = "lo";
|
matchConfig.Name = "lo";
|
||||||
linkConfig.RequiredForOnline = false;
|
linkConfig.RequiredForOnline = false;
|
||||||
};
|
};
|
||||||
networks."10-wired" = {
|
networks."10-wired-default" = {
|
||||||
matchConfig.Name = "enp0s31f6";
|
matchConfig.Name = "en*";
|
||||||
linkConfig.RequiredForOnline = false;
|
linkConfig.RequiredForOnline = false;
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DHCP = "yes";
|
DHCP = "yes";
|
||||||
|
@ -102,11 +102,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# some wireguard interfaces
|
# some wireguard interfaces
|
||||||
netdevs."30-dorm" = {
|
netdevs."30-wg0" = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
Name = "dorm";
|
Name = "wg0";
|
||||||
Description = "WireGuard to my Dorm Infra";
|
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
|
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
|
||||||
|
@ -118,28 +117,27 @@
|
||||||
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
|
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
|
||||||
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
|
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
|
||||||
Endpoint = "141.30.227.6:51820";
|
Endpoint = "141.30.227.6:51820";
|
||||||
# Endpoint = "dorm.vpn.rfive.de:51820";
|
AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
|
||||||
AllowedIPs = "192.168.2.0/24, 192.168.1.0/24";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networks."30-dorm" = {
|
networks."30-wg0" = {
|
||||||
matchConfig.Name = "dorm";
|
matchConfig.Name = "wg0";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DNS = "192.168.1.1";
|
DNS = "192.168.42.1";
|
||||||
};
|
};
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
addressConfig = {
|
addressConfig = {
|
||||||
Address = "192.168.2.3/24";
|
Address = "192.168.43.3/24";
|
||||||
RouteMetric = 30;
|
RouteMetric = 30;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
# allowedIPs is somewhat broken
|
# allowedIPs is somewhat broken
|
||||||
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.1.0/24"; Metric = 30; }; }
|
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.42.0/24"; Metric = 30; }; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -25,6 +25,20 @@
|
||||||
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
domain_suffix_match="radius.agdsn.de"
|
domain_suffix_match="radius.agdsn.de"
|
||||||
identity="r5"
|
identity="r5"
|
||||||
|
password="@AGDSN_WIFI_AUTH@"
|
||||||
|
phase2="auth=PAP"
|
||||||
|
'';
|
||||||
|
authProtocols = [ "WPA-EAP" ];
|
||||||
|
};
|
||||||
|
agdsn-office = {
|
||||||
|
auth = ''
|
||||||
|
eap=TTLS
|
||||||
|
anonymous_identity="wifi@agdsn.de"
|
||||||
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
domain_suffix_match="radius.agdsn.de"
|
||||||
|
identity="r5"
|
||||||
|
priority=5
|
||||||
|
proto=WPA2
|
||||||
password="@AGDSN_AUTH@"
|
password="@AGDSN_AUTH@"
|
||||||
phase2="auth=PAP"
|
phase2="auth=PAP"
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -4,8 +4,8 @@ pfersel:
|
||||||
token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str]
|
token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str]
|
||||||
wireguard:
|
wireguard:
|
||||||
dorm:
|
dorm:
|
||||||
private: ENC[AES256_GCM,data:3DMW+sZ1qEcfithXj8/7CUbKotJ2Ld23Fa6cf9ijLRvJPk5+VZOt8j5AIVY=,iv:pY/uAkkUOyFqEmWqoP8qC418VtbbX/Ws7BMuyGbvlXE=,tag:/u2akzXjchYlKR59Skk4aA==,type:str]
|
private: ENC[AES256_GCM,data:Wk6g0UW6onEQYh2Sjoh8pXtaxzQehbYzulS32LHENombOdM3xT6fLBRuI3o=,iv:i5HqTr/WV8tiBud1BApPWC2z1Ck5LiTRJ1MP8/1AH5U=,tag:ISAHSJCNzS/MCiPkPh6CXQ==,type:str]
|
||||||
preshared: ENC[AES256_GCM,data:+1O/8fW03NOqd2FJjCDvN1Ktb3mVBManB9gI8S0CensNayjFHLfPj4z64TQ=,iv:YgVsHG30XIr6lR9Is91sDW0jwxmUmmo49rD4tXknU/E=,tag:EKa1NDJIlPlU+AU0bcFu5w==,type:str]
|
preshared: ENC[AES256_GCM,data:8n4LJb9EeGfYp3VV4iL9O+IadsGok9EWZESXdkGDk/LwYUvKRxkFsfIUmA0=,iv:dAY3h8U+/+Ac4t7HIjTj2LvX2g6LUT9s8U4GU4tvPV0=,tag:UI7mOiQGWVnmIYJe8C1gpw==,type:str]
|
||||||
borg:
|
borg:
|
||||||
passphrase: ENC[AES256_GCM,data:54KCMu574Uj01sqnfBX9BqFc5+dx1Se7,iv:NgodekAUw0pNddA36oIranISkvUQIxZRmZW4s1UIHdU=,tag:frep/WspsozTL1V/OfuTxw==,type:str]
|
passphrase: ENC[AES256_GCM,data:54KCMu574Uj01sqnfBX9BqFc5+dx1Se7,iv:NgodekAUw0pNddA36oIranISkvUQIxZRmZW4s1UIHdU=,tag:frep/WspsozTL1V/OfuTxw==,type:str]
|
||||||
key: ENC[AES256_GCM,data:TGwOAKLEF/zy0PTMcdfkgypGR4/HlZ1By8cMT+sUbMQUfcw2HzvZBwbvfchx/abO9JXmbeSC1E7w6yEMIEg5bPAgGkylRdud/X5Ol/fRKZNdc61JyCWO/UT+qiI/vkikRKQxK/cpfB76+8TuTk0dElGOgJ0NTqklwjap200VdS/l5SBOpY50l338V0p4PQAJ50ry7qWlvN5+GKcHypVBTVabmvRUQCBmzK4N9yiW3zBpmA8e1MctmRiwqIBafeZVJ8YzVqC8cKLtFh4sVDd2fkrIEI4TMcGNS+E0VyHD7ZbTY8KBrNjmZPaTZz186g9PhB3rlHv6a6wAHJx3wZgijzxuXeX7yvyfM0NRz4DQaIANm1ggLdddUf6oS5i2kjKuENa2xL4ADpiO/d3U86HC9ldA8u0mHItjGlqZEL5/cBme1qKf70WsrGqN4gWLzMHZM2WkpssaIU3Ws6YksQHGP7iu5gXLIRB7/DqoY5kl2kS7vlyBVfv+G03nVO1981LVMbAWmNrstr0sOpOtGUYcxlCdGRDVOJIuUTfbRuvvuLy8NgVjL3eFHgkMi/r61iNh0e4C5rkbQVzlmwBqobDfizKJ49d4uBPbynDFYsDJwDK+W/BVtDkK4iEYYvfSbpaoKuNpBeibgZ7YOLUR7onxTCI/V5NczTjS1dezFNaF+l+XNLj6EjVWSdhd/ScRdniU0Q1lJU5hsOYPDiwHUPU9WMmaQeo9VezWYYJ2RroALnnw22XdRzfwNHICyGvUkzNqQnvDyUwZU6J2qMy8JnB6ViLWXE0VhsNZSQXFOLrKBMX+YwRm3n8jkeLN7sOnP8ejHYGxcXdKk0NLSdyNChTf9AzVvBGI2k9ky8bZPC5iB9zm2EkFvgtGgrRDpR7OpYJ4u71Xho96chGQ7B9MhnIDdKW2NYFE3ROdDQzfK2yrq18BjPxCaHXTk34JV8bf5LNellr2A80aA3TVmvYC/k2nHied4vW5RK+ngR0ev8b35+wl0HxJ1DnlYl4lSlDzzJwkS7ZlPWL4N2/205Ju8sjN7anp5KDb1jzGB3PTawDXbthiG8xLf2Dyf4ssbe1I,iv:8yl4F9+g+SfjvHVJKCTFXS9JU0Kzy7TqIX3HtQQt/n0=,tag:4r6A1K0zHSycglcZYGnkWw==,type:str]
|
key: ENC[AES256_GCM,data:TGwOAKLEF/zy0PTMcdfkgypGR4/HlZ1By8cMT+sUbMQUfcw2HzvZBwbvfchx/abO9JXmbeSC1E7w6yEMIEg5bPAgGkylRdud/X5Ol/fRKZNdc61JyCWO/UT+qiI/vkikRKQxK/cpfB76+8TuTk0dElGOgJ0NTqklwjap200VdS/l5SBOpY50l338V0p4PQAJ50ry7qWlvN5+GKcHypVBTVabmvRUQCBmzK4N9yiW3zBpmA8e1MctmRiwqIBafeZVJ8YzVqC8cKLtFh4sVDd2fkrIEI4TMcGNS+E0VyHD7ZbTY8KBrNjmZPaTZz186g9PhB3rlHv6a6wAHJx3wZgijzxuXeX7yvyfM0NRz4DQaIANm1ggLdddUf6oS5i2kjKuENa2xL4ADpiO/d3U86HC9ldA8u0mHItjGlqZEL5/cBme1qKf70WsrGqN4gWLzMHZM2WkpssaIU3Ws6YksQHGP7iu5gXLIRB7/DqoY5kl2kS7vlyBVfv+G03nVO1981LVMbAWmNrstr0sOpOtGUYcxlCdGRDVOJIuUTfbRuvvuLy8NgVjL3eFHgkMi/r61iNh0e4C5rkbQVzlmwBqobDfizKJ49d4uBPbynDFYsDJwDK+W/BVtDkK4iEYYvfSbpaoKuNpBeibgZ7YOLUR7onxTCI/V5NczTjS1dezFNaF+l+XNLj6EjVWSdhd/ScRdniU0Q1lJU5hsOYPDiwHUPU9WMmaQeo9VezWYYJ2RroALnnw22XdRzfwNHICyGvUkzNqQnvDyUwZU6J2qMy8JnB6ViLWXE0VhsNZSQXFOLrKBMX+YwRm3n8jkeLN7sOnP8ejHYGxcXdKk0NLSdyNChTf9AzVvBGI2k9ky8bZPC5iB9zm2EkFvgtGgrRDpR7OpYJ4u71Xho96chGQ7B9MhnIDdKW2NYFE3ROdDQzfK2yrq18BjPxCaHXTk34JV8bf5LNellr2A80aA3TVmvYC/k2nHied4vW5RK+ngR0ev8b35+wl0HxJ1DnlYl4lSlDzzJwkS7ZlPWL4N2/205Ju8sjN7anp5KDb1jzGB3PTawDXbthiG8xLf2Dyf4ssbe1I,iv:8yl4F9+g+SfjvHVJKCTFXS9JU0Kzy7TqIX3HtQQt/n0=,tag:4r6A1K0zHSycglcZYGnkWw==,type:str]
|
||||||
|
@ -24,8 +24,8 @@ sops:
|
||||||
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
|
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
|
||||||
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
|
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-09-08T08:32:30Z"
|
lastmodified: "2023-10-19T09:45:38Z"
|
||||||
mac: ENC[AES256_GCM,data:TaU+dHkgaaI/YD15CL/n2drdYRxQ1OlfqwaZrNmCOHCiSgDoAxx90HuRBE2z1v6y0TlQQ/An6/ZwS7qpd99awlBlYEj1M63R20VGqRpsKBk+5W2ISjRWrwTZlFrHllR78PJf4cpxfDRl+RGeODTSHTmuA1D3p06EbdO+xABw0nk=,iv:O4syFBWTciV8YCFmaweihyvhwz7EKw58AyGtbsOJb0Y=,tag:eKbW8Ey3Ux6LHMMwhUk8VQ==,type:str]
|
mac: ENC[AES256_GCM,data:b4KtXV64oYJu1VO63NQFJ16O9q509YThkJZXTbqnhgLlxmoZ3HEwQRYnsg3MgBOxj3Im9RhIj341f8p3JFnz/WM56ii9gJHPP+uaYJit4Pln6qqwa69rd+OLVUShz0NESNFCHuTYzPyREZOz5Y2N+QPIbhSE8L+2uleIsB9Lv78=,iv:qSs2R569Vp4BPuYpGedDxo19Ua4bhHzP1fFUdMtlvkk=,tag:BlWL5Dyh+AqDYDZHNglyHA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-04-12T15:47:07Z"
|
- created_at: "2023-04-12T15:47:07Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
@ -48,4 +48,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
wireless-env: ENC[AES256_GCM,data:F8UA86v+sxZ2T16qCf0tqmmcl8ZX+ApN/yxU796Y7hZGxmBqIS5p6+HURhVjeODjvu7PRX5KbHrhjns3JW4vLeE1ZW3QNutJY7uwl37bz9fSHcTpd+csyz5+WfLAwmfH9hvaLINkf68LlOHGlPJtL4TsFjmHSHlHtJw4Ea0ESywMOqujEpNUSF1TCZo9JwwzIgBmdIkiAskhodlCNoyT6dbKI0SYmUMp1dJlkJbxNCP/yjfEhUtrTPiIW4YU6mpCDgB9ET3ErEaNlpq9m4t5HYfOAJlRxVKdLIuz+AZMiDCwalc0ms/MpiVyt9xmZcyuBPWVUKYGbutQew==,iv:3UiVmkoT39FScLD/m559LMdqrUJehwZ/Q8MRkju3TG4=,tag:P91YJFioMVdC3Ab6wHXoww==,type:str]
|
wireless-env: ENC[AES256_GCM,data:IbvDlDV5Yg4rqqo5JIzX3eyR4c37BGsqzejBHvSWjk81hfxblhL2cBZcw1hlXW7Q5zjaD0eP9akdqG1RzhdH3iaIhaIVKO8LrXsbYI7fyG3OHCxZYZZ+5QA0LnASi9QD5Olxo0b0RIdomUehnWfTegBiVi8QshrfN+G1HOWL1YxuTv67DWMnA1/XCMOgYpznYS8wzRy7VM9PQWYYISqzoFbl1QIxTJEEVKEL529NzM7TBd4YU+NpcV/TQpy5qQ7F7hSVPxXx/m4RN+Km3EbM1q8Nr0Bckjc7GeDK/P0959ofSzwBzvQyZuQ3WrALqroI21wxQHO3HgDWJlPu7+aRTxPXE2SQka7gqDK4UnZU0GBxDRFi9GKWjhAsqQyKuRH6do9b,iv:t42Gu9j+Qe9TCnjbeH6o4pz1cc1IYHZoHbWOrfIpazA=,tag:68UhGtmx3gH0n9hTO1xalQ==,type:str]
|
||||||
uni:
|
uni:
|
||||||
zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str]
|
zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str]
|
||||||
wireguard:
|
wireguard:
|
||||||
|
@ -23,8 +23,8 @@ sops:
|
||||||
YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
|
YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
|
||||||
PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
|
PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-10-12T14:52:25Z"
|
lastmodified: "2023-10-19T19:06:17Z"
|
||||||
mac: ENC[AES256_GCM,data:qhbViFDE+ULCCjRs1axPoVlywU5FgU9rV1dPoG4AxWyEPj33SX0fBFai3u8HTLzDYHmTcyjVwvACxT7DljCZXXVr4SZTFGoFARORMeBltu3GxLZkX0F/h1kb99CTHcRaUeKlDymtHikPfLBxce1gndHGTt8T+n5awS+sBODUbKE=,iv:Xpu6PUF8Rtkgh3uv/iy/KbSUlC47eL3esbl6UW+dq+o=,tag:FZu+h0Uq1WQIcTLyOmiGEg==,type:str]
|
mac: ENC[AES256_GCM,data:SS7Q249lMciUL+lgHMqwDmLznzMB9NIBiO+Cn/j+o3ffmOrEhaho0dpNmoEXrDj5TTPQx4HkVkT/gypMbo3T9Z2mBOhnHY7NFWqgNatmhAfTHoqqiXJGNA6lS8xpBbUoJZ8gYIIqnBLVf/LirxM1l1KVc1sgJKPaMM2kswIytP0=,iv:JoaSBETswIdYaXdEi5qiSONuNb34EwFc1ZRPI7IEdSE=,tag:M4wd7ZTCQQBIwtKqrWjzKg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-08-02T14:13:52Z"
|
- created_at: "2023-08-02T14:13:52Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
@ -47,4 +47,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.0
|
version: 3.8.1
|
||||||
|
|
|
@ -42,6 +42,9 @@ in
|
||||||
source ${./powerline.muttrc}
|
source ${./powerline.muttrc}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# set sidebar_indent_string = ' '
|
||||||
|
# set sidebar_width = 80
|
||||||
|
# set sidebar_folder_indent = yes
|
||||||
mbsync.enable = true;
|
mbsync.enable = true;
|
||||||
};
|
};
|
||||||
accounts.email.accounts = {
|
accounts.email.accounts = {
|
||||||
|
@ -275,6 +278,10 @@ in
|
||||||
# gpg.key = gpg-default-key;
|
# gpg.key = gpg-default-key;
|
||||||
realName = "Rouven Seifert";
|
realName = "Rouven Seifert";
|
||||||
userName = "r5@agdsn.me";
|
userName = "r5@agdsn.me";
|
||||||
|
aliases = [
|
||||||
|
"r5@agdsn.de"
|
||||||
|
"rouven.seifert@agdsn.de"
|
||||||
|
];
|
||||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/agdsn";
|
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/agdsn";
|
||||||
imap = {
|
imap = {
|
||||||
host = "imap.agdsn.de";
|
host = "imap.agdsn.de";
|
||||||
|
|
|
@ -47,6 +47,7 @@ in
|
||||||
tdesktop
|
tdesktop
|
||||||
element-desktop
|
element-desktop
|
||||||
gomuks # alternative matrix client
|
gomuks # alternative matrix client
|
||||||
|
mattermost-desktop
|
||||||
|
|
||||||
# games
|
# games
|
||||||
# dwarf-fortress-packages.dwarf-fortress-full
|
# dwarf-fortress-packages.dwarf-fortress-full
|
||||||
|
@ -82,8 +83,7 @@ in
|
||||||
gcc
|
gcc
|
||||||
nodejs_20
|
nodejs_20
|
||||||
|
|
||||||
# tools
|
plantuml
|
||||||
postman
|
|
||||||
|
|
||||||
# libs
|
# libs
|
||||||
libyubikey
|
libyubikey
|
||||||
|
|
|
@ -29,7 +29,7 @@ in
|
||||||
};
|
};
|
||||||
falkenstein-1 = matchBlocks."rfive.de";
|
falkenstein-1 = matchBlocks."rfive.de";
|
||||||
"durian" = {
|
"durian" = {
|
||||||
hostname = "manual.ifsr.de";
|
hostname = "durian.ifsr.de";
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
"kaki" = {
|
"kaki" = {
|
||||||
|
@ -58,7 +58,7 @@ in
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
"nuc" = {
|
"nuc" = {
|
||||||
hostname = "192.168.1.2";
|
hostname = "192.168.42.2";
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
"router" = matchBlocks."cudy";
|
"router" = matchBlocks."cudy";
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
settings = {
|
settings = {
|
||||||
profile = [
|
profile = [
|
||||||
{
|
{
|
||||||
# TODO home vertical
|
|
||||||
name = "home";
|
name = "home";
|
||||||
output = [
|
output = [
|
||||||
{
|
{
|
||||||
|
@ -34,7 +33,6 @@
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# TODO home vertical
|
|
||||||
name = "home-vertical";
|
name = "home-vertical";
|
||||||
output = [
|
output = [
|
||||||
{
|
{
|
||||||
|
@ -85,6 +83,32 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "external-monitor-usb-c";
|
||||||
|
output = [
|
||||||
|
{
|
||||||
|
match = "eDP-1";
|
||||||
|
enable = true;
|
||||||
|
position = {
|
||||||
|
x = 0;
|
||||||
|
y = 1440;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
match = "/P24h/";
|
||||||
|
enable = true;
|
||||||
|
mode = {
|
||||||
|
height = 1440;
|
||||||
|
width = 2560;
|
||||||
|
refresh = 60;
|
||||||
|
};
|
||||||
|
position = {
|
||||||
|
x = 0;
|
||||||
|
y = 0;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
name = "external-monitor-usb-c";
|
name = "external-monitor-usb-c";
|
||||||
output = [
|
output = [
|
||||||
|
|
Loading…
Reference in a new issue