rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

wireguard and fail2ban

Browse source
This commit is contained in:
Rouven Seifert 2023-10-22 15:45:30 +02:00
parent 78a47101ac
commit 5148ff5953
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
15 changed files with 132 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
flake.lock
View file

@ -171,11 +171,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1697410455, "lastModified": 1697964592,
"narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=", "narHash": "sha256-fua0LKNLkYYK2Dgdm9P+VPdqrVgDXUIx+EkQAQByhuc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "78125bc681d12364cb65524eaa887354134053d0", "rev": "219d268a69512ff520fe8da1739ac22d95d52355",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -272,11 +272,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1697340827, "lastModified": 1697946153,
"narHash": "sha256-XlrR68N7jyaZ0bs8TPrhqcWG0IPG3pbjrKzJMpYOsos=", "narHash": "sha256-7k7qIwWLaYPgQ4fxmEdew3yCffhK6rM4I4Jo3X/79DA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "29977d0796c058bbcfb2df5b18eb5badf1711007", "rev": "5a2006282caaf32663cdcd582c5b18809c7d7d8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -287,11 +287,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1697100850, "lastModified": 1697748412,
"narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=", "narHash": "sha256-5VSB63UE/O191cuZiGHbCJ9ipc7cGKB8cHp0cfusuyo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565", "rev": "72d53d51704295f1645d20384cd13aecc182f624",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -301,11 +301,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1697059129, "lastModified": 1697723726,
"narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -347,11 +347,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1697332183, "lastModified": 1697929210,
"narHash": "sha256-ACYvYsgLETfEI2xM1jjp8ZLVNGGC0onoCGe+69VJGGE=", "narHash": "sha256-RkQZif6QhswEwv7484mrKfIU8XmIWm+ED6llbr4IyxM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0e1cff585c1a85aeab059d3109f66134a8f76935", "rev": "fb000224952bf7749a9e8b3779104ef7ea4465c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -419,11 +419,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696139730, "lastModified": 1697981942,
"narHash": "sha256-Y7EIcrDVm6ACc9e8rXygXJkeODy1RzvlqI33ReV5Zug=", "narHash": "sha256-D+2k9UubyeBaq0+L+nqmF0J9iqllhyO5gdJgg9UoGTA=",
"owner": "therealr5", "owner": "therealr5",
"repo": "purge", "repo": "purge",
"rev": "bf9d45d1ee3bec6232ddc1028a25b433df32c85a", "rev": "7e3f832be406e1323138a6ec0e0d10347c8c9689",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -481,11 +481,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1697339241, "lastModified": 1697943852,
"narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=", "narHash": "sha256-DaBxUPaZhQ3yLCmAATshYB7qo7NwcMvSFWz9T3bjYYY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "51186b8012068c417dac7c31fb12861726577898", "rev": "30a0ba4a20703b4bfe047fe5def1fc24978e322c",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
hosts/falkenstein-1/default.nix
View file

@ -5,7 +5,8 @@
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./modules/backup # ./modules/backup
./modules/fail2ban
./modules/mail ./modules/mail
./modules/networks ./modules/networks
./modules/nginx ./modules/nginx

2
hosts/falkenstein-1/modules/backup/default.nix
View file

@ -5,8 +5,6 @@
services.borgmatic = { services.borgmatic = {
enable = true; enable = true;
settings = { settings = {
# fix failing check
location = null;
source_directories = [ source_directories = [
"/var/lib" "/var/lib"
"/var/log" "/var/log"

25
hosts/falkenstein-1/modules/fail2ban/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
services.fail2ban = {
enable = true;
bantime = "10m";
bantime-increment = {
enable = true;
};
jails = {
dovecot = ''
enabled = true
# aggressive mode add blocking for aborted connections
filter = dovecot[mode=aggressive]
bantime = 10m
maxretry = 3
'';
postfix = ''
enabled = true
filter = postfix[mode=aggressive]
maxretry = 3
'';
};
};
}

15
hosts/falkenstein-1/modules/networks/default.nix
View file

@ -42,8 +42,7 @@
netdevs."30-dorm" = { netdevs."30-dorm" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "dorm"; Name = "wg0";
Description = "WireGuard to my Dorm Infra";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path; PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
@ -52,29 +51,29 @@
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430="; PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path; PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
Endpoint = "dorm.vpn.rfive.de:51820"; Endpoint = "dorm.vpn.rfive.de:51820";
AllowedIPs = "10.10.10.0/24, 192.168.10.0/24"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
}; };
} }
]; ];
}; };
networks."30-dorm" = { networks."30-dorm" = {
matchConfig.Name = "dorm"; matchConfig.Name = "wg0";
networkConfig = { networkConfig = {
DNS = "192.168.10.1"; DNS = "192.168.42.1";
}; };
addresses = [ addresses = [
{ {
addressConfig = { addressConfig = {
Address = "10.10.10.4/24"; Address = "192.168.43.4/24";
RouteMetric = 30; RouteMetric = 30;
}; };
} }
]; ];
routes = [ routes = [
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.10.0/24"; Metric = 30; }; } { routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.42.0/24"; Metric = 30; }; }
]; ];
}; };
}; };

2
hosts/falkenstein-1/modules/purge/default.nix
View file

@ -3,7 +3,7 @@ let
domain = "purge.${config.networking.domain}"; domain = "purge.${config.networking.domain}";
in in
{ {
sops.secrets."purge/token".owner = "purge"; sops.secrets."purge/token" = { };
services.purge = { services.purge = {
enable = true; enable = true;
discord = { discord = {

13
hosts/thinkpad/default.nix
View file

@ -38,12 +38,12 @@
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true; auto-optimise-store = true;
substituters = [ # substituters = [
"ssh://nuc.lan" # "ssh://nuc.lan"
]; # ];
trusted-public-keys = [ # trusted-public-keys = [
"nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc=" # "nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc="
]; # ];
}; };
# distributedBuilds = true; # distributedBuilds = true;
# extraOptions = '' # extraOptions = ''
@ -231,7 +231,6 @@
deploy-rs deploy-rs
man-pages man-pages
man-pages-posix
]; ];
programs.java.enable = true; programs.java.enable = true;
documentation.dev.enable = true; documentation.dev.enable = true;

22
hosts/thinkpad/modules/networks/default.nix
View file

@ -55,8 +55,8 @@
matchConfig.Name = "lo"; matchConfig.Name = "lo";
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
}; };
networks."10-wired" = { networks."10-wired-default" = {
matchConfig.Name = "enp0s31f6"; matchConfig.Name = "en*";
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
@ -102,11 +102,10 @@
}; };
# some wireguard interfaces # some wireguard interfaces
netdevs."30-dorm" = { netdevs."30-wg0" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "dorm"; Name = "wg0";
Description = "WireGuard to my Dorm Infra";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path; PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
@ -118,28 +117,27 @@
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path; PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
Endpoint = "141.30.227.6:51820"; Endpoint = "141.30.227.6:51820";
# Endpoint = "dorm.vpn.rfive.de:51820"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
AllowedIPs = "192.168.2.0/24, 192.168.1.0/24";
}; };
} }
]; ];
}; };
networks."30-dorm" = { networks."30-wg0" = {
matchConfig.Name = "dorm"; matchConfig.Name = "wg0";
networkConfig = { networkConfig = {
DNS = "192.168.1.1"; DNS = "192.168.42.1";
}; };
addresses = [ addresses = [
{ {
addressConfig = { addressConfig = {
Address = "192.168.2.3/24"; Address = "192.168.43.3/24";
RouteMetric = 30; RouteMetric = 30;
}; };
} }
]; ];
routes = [ routes = [
# allowedIPs is somewhat broken # allowedIPs is somewhat broken
{ routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.1.0/24"; Metric = 30; }; } { routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.42.0/24"; Metric = 30; }; }
]; ];
}; };
}; };

14
hosts/thinkpad/modules/networks/uni.nix
View file

@ -25,6 +25,20 @@
ca_cert="/etc/ssl/certs/ca-certificates.crt" ca_cert="/etc/ssl/certs/ca-certificates.crt"
domain_suffix_match="radius.agdsn.de" domain_suffix_match="radius.agdsn.de"
identity="r5" identity="r5"
password="@AGDSN_WIFI_AUTH@"
phase2="auth=PAP"
'';
authProtocols = [ "WPA-EAP" ];
};
agdsn-office = {
auth = ''
eap=TTLS
anonymous_identity="wifi@agdsn.de"
ca_cert="/etc/ssl/certs/ca-certificates.crt"
domain_suffix_match="radius.agdsn.de"
identity="r5"
priority=5
proto=WPA2
password="@AGDSN_AUTH@" password="@AGDSN_AUTH@"
phase2="auth=PAP" phase2="auth=PAP"
''; '';

10
secrets/falkenstein-1.yaml
View file

@ -4,8 +4,8 @@ pfersel:
token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str] token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str]
wireguard: wireguard:
dorm: dorm:
private: ENC[AES256_GCM,data:3DMW+sZ1qEcfithXj8/7CUbKotJ2Ld23Fa6cf9ijLRvJPk5+VZOt8j5AIVY=,iv:pY/uAkkUOyFqEmWqoP8qC418VtbbX/Ws7BMuyGbvlXE=,tag:/u2akzXjchYlKR59Skk4aA==,type:str] private: ENC[AES256_GCM,data:Wk6g0UW6onEQYh2Sjoh8pXtaxzQehbYzulS32LHENombOdM3xT6fLBRuI3o=,iv:i5HqTr/WV8tiBud1BApPWC2z1Ck5LiTRJ1MP8/1AH5U=,tag:ISAHSJCNzS/MCiPkPh6CXQ==,type:str]
preshared: ENC[AES256_GCM,data:+1O/8fW03NOqd2FJjCDvN1Ktb3mVBManB9gI8S0CensNayjFHLfPj4z64TQ=,iv:YgVsHG30XIr6lR9Is91sDW0jwxmUmmo49rD4tXknU/E=,tag:EKa1NDJIlPlU+AU0bcFu5w==,type:str] preshared: ENC[AES256_GCM,data:8n4LJb9EeGfYp3VV4iL9O+IadsGok9EWZESXdkGDk/LwYUvKRxkFsfIUmA0=,iv:dAY3h8U+/+Ac4t7HIjTj2LvX2g6LUT9s8U4GU4tvPV0=,tag:UI7mOiQGWVnmIYJe8C1gpw==,type:str]
borg: borg:
passphrase: ENC[AES256_GCM,data:54KCMu574Uj01sqnfBX9BqFc5+dx1Se7,iv:NgodekAUw0pNddA36oIranISkvUQIxZRmZW4s1UIHdU=,tag:frep/WspsozTL1V/OfuTxw==,type:str] passphrase: ENC[AES256_GCM,data:54KCMu574Uj01sqnfBX9BqFc5+dx1Se7,iv:NgodekAUw0pNddA36oIranISkvUQIxZRmZW4s1UIHdU=,tag:frep/WspsozTL1V/OfuTxw==,type:str]
key: ENC[AES256_GCM,data:TGwOAKLEF/zy0PTMcdfkgypGR4/HlZ1By8cMT+sUbMQUfcw2HzvZBwbvfchx/abO9JXmbeSC1E7w6yEMIEg5bPAgGkylRdud/X5Ol/fRKZNdc61JyCWO/UT+qiI/vkikRKQxK/cpfB76+8TuTk0dElGOgJ0NTqklwjap200VdS/l5SBOpY50l338V0p4PQAJ50ry7qWlvN5+GKcHypVBTVabmvRUQCBmzK4N9yiW3zBpmA8e1MctmRiwqIBafeZVJ8YzVqC8cKLtFh4sVDd2fkrIEI4TMcGNS+E0VyHD7ZbTY8KBrNjmZPaTZz186g9PhB3rlHv6a6wAHJx3wZgijzxuXeX7yvyfM0NRz4DQaIANm1ggLdddUf6oS5i2kjKuENa2xL4ADpiO/d3U86HC9ldA8u0mHItjGlqZEL5/cBme1qKf70WsrGqN4gWLzMHZM2WkpssaIU3Ws6YksQHGP7iu5gXLIRB7/DqoY5kl2kS7vlyBVfv+G03nVO1981LVMbAWmNrstr0sOpOtGUYcxlCdGRDVOJIuUTfbRuvvuLy8NgVjL3eFHgkMi/r61iNh0e4C5rkbQVzlmwBqobDfizKJ49d4uBPbynDFYsDJwDK+W/BVtDkK4iEYYvfSbpaoKuNpBeibgZ7YOLUR7onxTCI/V5NczTjS1dezFNaF+l+XNLj6EjVWSdhd/ScRdniU0Q1lJU5hsOYPDiwHUPU9WMmaQeo9VezWYYJ2RroALnnw22XdRzfwNHICyGvUkzNqQnvDyUwZU6J2qMy8JnB6ViLWXE0VhsNZSQXFOLrKBMX+YwRm3n8jkeLN7sOnP8ejHYGxcXdKk0NLSdyNChTf9AzVvBGI2k9ky8bZPC5iB9zm2EkFvgtGgrRDpR7OpYJ4u71Xho96chGQ7B9MhnIDdKW2NYFE3ROdDQzfK2yrq18BjPxCaHXTk34JV8bf5LNellr2A80aA3TVmvYC/k2nHied4vW5RK+ngR0ev8b35+wl0HxJ1DnlYl4lSlDzzJwkS7ZlPWL4N2/205Ju8sjN7anp5KDb1jzGB3PTawDXbthiG8xLf2Dyf4ssbe1I,iv:8yl4F9+g+SfjvHVJKCTFXS9JU0Kzy7TqIX3HtQQt/n0=,tag:4r6A1K0zHSycglcZYGnkWw==,type:str] key: ENC[AES256_GCM,data:TGwOAKLEF/zy0PTMcdfkgypGR4/HlZ1By8cMT+sUbMQUfcw2HzvZBwbvfchx/abO9JXmbeSC1E7w6yEMIEg5bPAgGkylRdud/X5Ol/fRKZNdc61JyCWO/UT+qiI/vkikRKQxK/cpfB76+8TuTk0dElGOgJ0NTqklwjap200VdS/l5SBOpY50l338V0p4PQAJ50ry7qWlvN5+GKcHypVBTVabmvRUQCBmzK4N9yiW3zBpmA8e1MctmRiwqIBafeZVJ8YzVqC8cKLtFh4sVDd2fkrIEI4TMcGNS+E0VyHD7ZbTY8KBrNjmZPaTZz186g9PhB3rlHv6a6wAHJx3wZgijzxuXeX7yvyfM0NRz4DQaIANm1ggLdddUf6oS5i2kjKuENa2xL4ADpiO/d3U86HC9ldA8u0mHItjGlqZEL5/cBme1qKf70WsrGqN4gWLzMHZM2WkpssaIU3Ws6YksQHGP7iu5gXLIRB7/DqoY5kl2kS7vlyBVfv+G03nVO1981LVMbAWmNrstr0sOpOtGUYcxlCdGRDVOJIuUTfbRuvvuLy8NgVjL3eFHgkMi/r61iNh0e4C5rkbQVzlmwBqobDfizKJ49d4uBPbynDFYsDJwDK+W/BVtDkK4iEYYvfSbpaoKuNpBeibgZ7YOLUR7onxTCI/V5NczTjS1dezFNaF+l+XNLj6EjVWSdhd/ScRdniU0Q1lJU5hsOYPDiwHUPU9WMmaQeo9VezWYYJ2RroALnnw22XdRzfwNHICyGvUkzNqQnvDyUwZU6J2qMy8JnB6ViLWXE0VhsNZSQXFOLrKBMX+YwRm3n8jkeLN7sOnP8ejHYGxcXdKk0NLSdyNChTf9AzVvBGI2k9ky8bZPC5iB9zm2EkFvgtGgrRDpR7OpYJ4u71Xho96chGQ7B9MhnIDdKW2NYFE3ROdDQzfK2yrq18BjPxCaHXTk34JV8bf5LNellr2A80aA3TVmvYC/k2nHied4vW5RK+ngR0ev8b35+wl0HxJ1DnlYl4lSlDzzJwkS7ZlPWL4N2/205Ju8sjN7anp5KDb1jzGB3PTawDXbthiG8xLf2Dyf4ssbe1I,iv:8yl4F9+g+SfjvHVJKCTFXS9JU0Kzy7TqIX3HtQQt/n0=,tag:4r6A1K0zHSycglcZYGnkWw==,type:str]
@ -24,8 +24,8 @@ sops:
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg== 20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-08T08:32:30Z" lastmodified: "2023-10-19T09:45:38Z"
mac: ENC[AES256_GCM,data:TaU+dHkgaaI/YD15CL/n2drdYRxQ1OlfqwaZrNmCOHCiSgDoAxx90HuRBE2z1v6y0TlQQ/An6/ZwS7qpd99awlBlYEj1M63R20VGqRpsKBk+5W2ISjRWrwTZlFrHllR78PJf4cpxfDRl+RGeODTSHTmuA1D3p06EbdO+xABw0nk=,iv:O4syFBWTciV8YCFmaweihyvhwz7EKw58AyGtbsOJb0Y=,tag:eKbW8Ey3Ux6LHMMwhUk8VQ==,type:str] mac: ENC[AES256_GCM,data:b4KtXV64oYJu1VO63NQFJ16O9q509YThkJZXTbqnhgLlxmoZ3HEwQRYnsg3MgBOxj3Im9RhIj341f8p3JFnz/WM56ii9gJHPP+uaYJit4Pln6qqwa69rd+OLVUShz0NESNFCHuTYzPyREZOz5Y2N+QPIbhSE8L+2uleIsB9Lv78=,iv:qSs2R569Vp4BPuYpGedDxo19Ua4bhHzP1fFUdMtlvkk=,tag:BlWL5Dyh+AqDYDZHNglyHA==,type:str]
pgp: pgp:
- created_at: "2023-04-12T15:47:07Z" - created_at: "2023-04-12T15:47:07Z"
enc: |- enc: |-
@ -48,4 +48,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

8
secrets/thinkpad.yaml
View file

@ -1,4 +1,4 @@
wireless-env: ENC[AES256_GCM,data:F8UA86v+sxZ2T16qCf0tqmmcl8ZX+ApN/yxU796Y7hZGxmBqIS5p6+HURhVjeODjvu7PRX5KbHrhjns3JW4vLeE1ZW3QNutJY7uwl37bz9fSHcTpd+csyz5+WfLAwmfH9hvaLINkf68LlOHGlPJtL4TsFjmHSHlHtJw4Ea0ESywMOqujEpNUSF1TCZo9JwwzIgBmdIkiAskhodlCNoyT6dbKI0SYmUMp1dJlkJbxNCP/yjfEhUtrTPiIW4YU6mpCDgB9ET3ErEaNlpq9m4t5HYfOAJlRxVKdLIuz+AZMiDCwalc0ms/MpiVyt9xmZcyuBPWVUKYGbutQew==,iv:3UiVmkoT39FScLD/m559LMdqrUJehwZ/Q8MRkju3TG4=,tag:P91YJFioMVdC3Ab6wHXoww==,type:str] wireless-env: ENC[AES256_GCM,data:IbvDlDV5Yg4rqqo5JIzX3eyR4c37BGsqzejBHvSWjk81hfxblhL2cBZcw1hlXW7Q5zjaD0eP9akdqG1RzhdH3iaIhaIVKO8LrXsbYI7fyG3OHCxZYZZ+5QA0LnASi9QD5Olxo0b0RIdomUehnWfTegBiVi8QshrfN+G1HOWL1YxuTv67DWMnA1/XCMOgYpznYS8wzRy7VM9PQWYYISqzoFbl1QIxTJEEVKEL529NzM7TBd4YU+NpcV/TQpy5qQ7F7hSVPxXx/m4RN+Km3EbM1q8Nr0Bckjc7GeDK/P0959ofSzwBzvQyZuQ3WrALqroI21wxQHO3HgDWJlPu7+aRTxPXE2SQka7gqDK4UnZU0GBxDRFi9GKWjhAsqQyKuRH6do9b,iv:t42Gu9j+Qe9TCnjbeH6o4pz1cc1IYHZoHbWOrfIpazA=,tag:68UhGtmx3gH0n9hTO1xalQ==,type:str]
uni: uni:
zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str] zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str]
wireguard: wireguard:
@ -23,8 +23,8 @@ sops:
YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ== PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-12T14:52:25Z" lastmodified: "2023-10-19T19:06:17Z"
mac: ENC[AES256_GCM,data:qhbViFDE+ULCCjRs1axPoVlywU5FgU9rV1dPoG4AxWyEPj33SX0fBFai3u8HTLzDYHmTcyjVwvACxT7DljCZXXVr4SZTFGoFARORMeBltu3GxLZkX0F/h1kb99CTHcRaUeKlDymtHikPfLBxce1gndHGTt8T+n5awS+sBODUbKE=,iv:Xpu6PUF8Rtkgh3uv/iy/KbSUlC47eL3esbl6UW+dq+o=,tag:FZu+h0Uq1WQIcTLyOmiGEg==,type:str] mac: ENC[AES256_GCM,data:SS7Q249lMciUL+lgHMqwDmLznzMB9NIBiO+Cn/j+o3ffmOrEhaho0dpNmoEXrDj5TTPQx4HkVkT/gypMbo3T9Z2mBOhnHY7NFWqgNatmhAfTHoqqiXJGNA6lS8xpBbUoJZ8gYIIqnBLVf/LirxM1l1KVc1sgJKPaMM2kswIytP0=,iv:JoaSBETswIdYaXdEi5qiSONuNb34EwFc1ZRPI7IEdSE=,tag:M4wd7ZTCQQBIwtKqrWjzKg==,type:str]
pgp: pgp:
- created_at: "2023-08-02T14:13:52Z" - created_at: "2023-08-02T14:13:52Z"
enc: |- enc: |-
@ -47,4 +47,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.1

7
users/rouven/modules/accounts/default.nix
View file

@ -42,6 +42,9 @@ in
source ${./powerline.muttrc} source ${./powerline.muttrc}
''; '';
}; };
# set sidebar_indent_string = ' '
# set sidebar_width = 80
# set sidebar_folder_indent = yes
mbsync.enable = true; mbsync.enable = true;
}; };
accounts.email.accounts = { accounts.email.accounts = {
@ -275,6 +278,10 @@ in
# gpg.key = gpg-default-key; # gpg.key = gpg-default-key;
realName = "Rouven Seifert"; realName = "Rouven Seifert";
userName = "r5@agdsn.me"; userName = "r5@agdsn.me";
aliases = [
"r5@agdsn.de"
"rouven.seifert@agdsn.de"
];
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/agdsn"; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/agdsn";
imap = { imap = {
host = "imap.agdsn.de"; host = "imap.agdsn.de";

4
users/rouven/modules/packages.nix
View file

@ -47,6 +47,7 @@ in
tdesktop tdesktop
element-desktop element-desktop
gomuks # alternative matrix client gomuks # alternative matrix client
mattermost-desktop
# games # games
# dwarf-fortress-packages.dwarf-fortress-full # dwarf-fortress-packages.dwarf-fortress-full
@ -82,8 +83,7 @@ in
gcc gcc
nodejs_20 nodejs_20
# tools plantuml
postman
# libs # libs
libyubikey libyubikey

4
users/rouven/modules/ssh/default.nix
View file

@ -29,7 +29,7 @@ in
}; };
falkenstein-1 = matchBlocks."rfive.de"; falkenstein-1 = matchBlocks."rfive.de";
"durian" = { "durian" = {
hostname = "manual.ifsr.de"; hostname = "durian.ifsr.de";
user = "root"; user = "root";
}; };
"kaki" = { "kaki" = {
@ -58,7 +58,7 @@ in
user = "root"; user = "root";
}; };
"nuc" = { "nuc" = {
hostname = "192.168.1.2"; hostname = "192.168.42.2";
user = "root"; user = "root";
}; };
"router" = matchBlocks."cudy"; "router" = matchBlocks."cudy";

28
users/rouven/modules/wayland/shikane.nix
View file

@ -4,7 +4,6 @@
settings = { settings = {
profile = [ profile = [
{ {
# TODO home vertical
name = "home"; name = "home";
output = [ output = [
{ {
@ -34,7 +33,6 @@
]; ];
} }
{ {
# TODO home vertical
name = "home-vertical"; name = "home-vertical";
output = [ output = [
{ {
@ -85,6 +83,32 @@
} }
]; ];
} }
{
name = "external-monitor-usb-c";
output = [
{
match = "eDP-1";
enable = true;
position = {
x = 0;
y = 1440;
};
}
{
match = "/P24h/";
enable = true;
mode = {
height = 1440;
width = 2560;
refresh = 60;
};
position = {
x = 0;
y = 0;
};
}
];
}
{ {
name = "external-monitor-usb-c"; name = "external-monitor-usb-c";
output = [ output = [