diff --git a/flake.lock b/flake.lock index 27db943..6dc7ad1 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1694158470, - "narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=", + "lastModified": 1695052866, + "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "owner": "serokell", "repo": "deploy-rs", - "rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab", + "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "type": "github" }, "original": { @@ -236,11 +236,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1694479651, - "narHash": "sha256-X8G8vOZXLnPZ6ktH+Q2CueS3IZS1twotcZy2A2h7fgs=", + "lastModified": 1695090634, + "narHash": "sha256-zwkbWSFXP0+BZH2F0j46ohnIjI/RU55Q6lWjPK9FeL4=", "owner": "helix-editor", "repo": "helix", - "rev": "ccabfee3811bdcc8372beaae777a98fd36e2657e", + "rev": "1c88432efc3724f60b27d580b8b490040a3048f6", "type": "github" }, "original": { @@ -255,11 +255,11 @@ ] }, "locked": { - "lastModified": 1694469544, - "narHash": "sha256-eqZng5dZnAUyb7xXyFk5z871GY/++KVv3Gyld5mVh20=", + "lastModified": 1695103414, + "narHash": "sha256-/kr1AQ8aPWl3OaTzZARhGPSS044vZq1Vh4wYX77T1DE=", "owner": "nix-community", "repo": "home-manager", - "rev": "5171f5ef654425e09d9c2100f856d887da595437", + "rev": "92364581dd3ada6981c4ddc5def8a35a1b945e75", "type": "github" }, "original": { @@ -290,11 +290,11 @@ }, "impermanence": { "locked": { - "lastModified": 1690797372, - "narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=", + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", "owner": "nix-community", "repo": "impermanence", - "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", "type": "github" }, "original": { @@ -356,11 +356,11 @@ ] }, "locked": { - "lastModified": 1694430658, - "narHash": "sha256-8+OZ98kD63e/GaOiJimXHR/VYiTYwr25jTYGEHHOfq4=", + "lastModified": 1694921880, + "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "9a5c4996d0918a151269600dfdf6ad3b3748f6a4", + "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", "type": "github" }, "original": { @@ -371,11 +371,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1694432324, - "narHash": "sha256-bo3Gv6Cp40vAXDBPi2XiDejzp/kyz65wZg4AnEWxAcY=", + "lastModified": 1695109627, + "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ca41b8a227dd235b1b308217f116c7e6e84ad779", + "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a", "type": "github" }, "original": { @@ -432,11 +432,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1693675694, - "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=", + "lastModified": 1694908564, + "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d", + "rev": "596611941a74be176b98aeba9328aa9d01b8b322", "type": "github" }, "original": { @@ -448,11 +448,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1694183432, - "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=", + "lastModified": 1694959747, + "narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b", + "rev": "970a59bd19eff3752ce552935687100c46e820a5", "type": "github" }, "original": { @@ -468,11 +468,11 @@ ] }, "locked": { - "lastModified": 1694162494, - "narHash": "sha256-VbgzfheTTfu7FiPfO7RhFkNmyivpsvQIzK+Rb4Y2DmM=", + "lastModified": 1694795979, + "narHash": "sha256-u86BfJNeHwPJrVfJE11OrBx6n/2NICohJsOkBARdWn0=", "owner": "therealr5", "repo": "pfersel", - "rev": "08726054ecda287311618178d0d98de097d4c4b8", + "rev": "2fcfdf8a481db9e2fe0d241ee9ac2739c1aace71", "type": "github" }, "original": { @@ -607,11 +607,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1694495315, - "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=", + "lastModified": 1695101768, + "narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415", + "rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b", "type": "github" }, "original": { diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix index a84640b..a05778b 100644 --- a/hosts/falkenstein-1/modules/mail/default.nix +++ b/hosts/falkenstein-1/modules/mail/default.nix @@ -1,8 +1,8 @@ { config, pkgs, ... }: let - domain = "rfive.de"; - hostname = "falkenstein.vpn.${domain}"; + domain = config.networking.domain; + hostname = "mail.${domain}"; # see https://www.kuketz-blog.de/e-mail-anbieter-ip-stripping-aus-datenschutzgruenden/ header_cleanup = pkgs.writeText "header_cleanup_outgoing" '' /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2 @@ -67,13 +67,9 @@ in networks = [ "127.0.0.1" "141.30.30.169" ]; sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem"; - - extraAliases = '' - postmaster: root - abuse: postmaster - ''; config = { home_mailbox = "Maildir/"; + smtp_helo_name = "falkenstein.vpn.rfive.de"; smtp_use_tls = true; smtpd_use_tls = true; smtpd_tls_protocols = [ @@ -100,6 +96,7 @@ in "reject_unauth_destination" ]; smtp_header_checks = "pcre:${header_cleanup}"; + alias_maps = [ "hash:/etc/aliases" ]; smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ]; non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ]; @@ -272,9 +269,9 @@ in reporting { # Required attributes enabled = true; # Enable reports in general - email = 'reports@rfive.de'; # Source of DMARC reports - domain = 'rfive.de'; # Domain to serve - org_name = 'rfive.de'; # Organisation + email = 'reports@${config.networking.domain}'; # Source of DMARC reports + domain = '${config.networking.domain}'; # Domain to serve + org_name = '${config.networking.domain}'; # Organisation from_name = 'DMARC Aggregate Report'; } ''; @@ -300,7 +297,7 @@ in enableACME = true; forceSSL = true; }; - "rspamd.rfive.de" = { + "rspamd.${config.networking.domain}" = { enableACME = true; forceSSL = true; locations = { diff --git a/hosts/falkenstein-1/modules/networks/default.nix b/hosts/falkenstein-1/modules/networks/default.nix index 3d9958e..560aa99 100644 --- a/hosts/falkenstein-1/modules/networks/default.nix +++ b/hosts/falkenstein-1/modules/networks/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: { sops.secrets = { "wireguard/dorm/private" = { @@ -10,6 +10,7 @@ }; networking = { hostName = "falkenstein-1"; + domain = "rfive.de"; useNetworkd = true; enableIPv6 = true; }; diff --git a/hosts/falkenstein-1/modules/nginx/default.nix b/hosts/falkenstein-1/modules/nginx/default.nix index 5a69f15..1b972ab 100644 --- a/hosts/falkenstein-1/modules/nginx/default.nix +++ b/hosts/falkenstein-1/modules/nginx/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { @@ -8,16 +8,16 @@ recommendedGzipSettings = true; recommendedOptimisation = true; - virtualHosts."rfive.de" = { + virtualHosts."${config.networking.domain}" = { enableACME = true; forceSSL = true; - root = "/srv/web/rfive.de"; + root = "/srv/web/${config.networking.domain}"; }; }; security.acme = { acceptTerms = true; defaults = { - email = "rouven@rfive.de"; + email = "rouven@${config.networking.domain}"; }; }; } diff --git a/hosts/falkenstein-1/modules/purge/default.nix b/hosts/falkenstein-1/modules/purge/default.nix index 822d232..37d26f9 100644 --- a/hosts/falkenstein-1/modules/purge/default.nix +++ b/hosts/falkenstein-1/modules/purge/default.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "purge.rfive.de"; + domain = "purge.${config.networking.domain}"; in { sops.secrets."purge/token".owner = "purge"; diff --git a/hosts/falkenstein-1/modules/trucksimulatorbot/default.nix b/hosts/falkenstein-1/modules/trucksimulatorbot/default.nix index 72e1333..18d4496 100644 --- a/hosts/falkenstein-1/modules/trucksimulatorbot/default.nix +++ b/hosts/falkenstein-1/modules/trucksimulatorbot/default.nix @@ -1,6 +1,6 @@ { config, pkgs, trucksimulatorbot, ... }: let - domain = "trucksimulatorbot.rfive.de"; + domain = "trucksimulatorbot.${config.networking.domain}"; in { services.trucksimulatorbot = { diff --git a/hosts/nuc/modules/hydra/default.nix b/hosts/nuc/modules/hydra/default.nix index 120e60e..f478138 100644 --- a/hosts/nuc/modules/hydra/default.nix +++ b/hosts/nuc/modules/hydra/default.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "hydra.rfive.de"; + domain = "hydra.${config.networking.domain}"; in { services.hydra = { diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index 29736cf..7e491d8 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -2,6 +2,7 @@ { networking = { hostName = "nuc"; + domain = "rfive.de"; useNetworkd = true; enableIPv6 = true; }; diff --git a/hosts/nuc/modules/nextcloud/default.nix b/hosts/nuc/modules/nextcloud/default.nix index 46efe10..ba198ec 100644 --- a/hosts/nuc/modules/nextcloud/default.nix +++ b/hosts/nuc/modules/nextcloud/default.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: let - domain = "nextcloud.rfive.de"; + domain = "nextcloud.${config.networking.domain}"; in { sops.secrets = { diff --git a/hosts/nuc/modules/nginx/default.nix b/hosts/nuc/modules/nginx/default.nix index f37316c..20b1a53 100644 --- a/hosts/nuc/modules/nginx/default.nix +++ b/hosts/nuc/modules/nginx/default.nix @@ -15,7 +15,7 @@ in security.acme = { acceptTerms = true; defaults = { - email = "rouven@rfive.de"; + email = "rouven@${config.networking.domain}"; }; }; } diff --git a/hosts/nuc/modules/uptime-kuma/default.nix b/hosts/nuc/modules/uptime-kuma/default.nix index 06c476f..27f61fa 100644 --- a/hosts/nuc/modules/uptime-kuma/default.nix +++ b/hosts/nuc/modules/uptime-kuma/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, ... }: let - domain = "monitoring.rfive.de"; + domain = "monitoring.${config.networking.domain}"; in { services.uptime-kuma = { diff --git a/hosts/nuc/modules/vaultwarden/default.nix b/hosts/nuc/modules/vaultwarden/default.nix index 40f55d5..8f2d945 100644 --- a/hosts/nuc/modules/vaultwarden/default.nix +++ b/hosts/nuc/modules/vaultwarden/default.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "vault.rfive.de"; + domain = "vault.${config.networking.domain}"; in { sops.secrets."vaultwarden/env".owner = "vaultwarden"; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index a8b3c45..6201ad6 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -50,17 +50,27 @@ # extraOptions = '' # builders-use-substitutes = true # ''; - # buildMachines = [ - # { - # hostName = "nuc.lan"; - # system = "x86_64-linux"; - # protocol = "ssh-ng"; - # maxJobs = 4; - # speedFactor = 1; - # supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - # mandatoryFeatures = [ ]; - # } - # ]; + # buildMachines = [ + # { + # hostName = "nuc.lan"; + # system = "x86_64-linux"; + # protocol = "ssh-ng"; + # maxJobs = 2; + # speedFactor = 1; + # supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + # mandatoryFeatures = [ ]; + # } + # { + # hostName = "quitte.ifsr.de"; + # system = "x86_64-linux"; + # protocol = "ssh-ng"; + # maxJobs = 12; + # sshUser = "rouven.seifert"; + # speedFactor = 10; + # supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + # mandatoryFeatures = [ ]; + # } + # ]; }; environment.persistence."/nix/persist/system" = { diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index d88e1a1..99fd68d 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -127,4 +127,5 @@ ]; }; }; + services.resolved.dnssec = "true"; } diff --git a/pkgs/gnome-break-timer/default.nix b/pkgs/gnome-break-timer/default.nix index 04e5a11..6113f9e 100644 --- a/pkgs/gnome-break-timer/default.nix +++ b/pkgs/gnome-break-timer/default.nix @@ -3,7 +3,7 @@ , fetchurl , meson , vala -, pkgconfig +, pkg-config , cairo , gsound , gtk3 @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { meson ninja vala - pkgconfig + pkg-config cairo gsound gtk3 diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix index 75ed75f..b5ed8b3 100644 --- a/users/rouven/modules/accounts/default.nix +++ b/users/rouven/modules/accounts/default.nix @@ -52,13 +52,12 @@ in userName = address; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; imap = { - host = "falkenstein.vpn.rfive.de"; + host = "mail.rfive.de"; port = 993; }; smtp = { - host = "falkenstein.vpn.rfive.de"; - port = 587; - tls.useStartTls = true; + host = "mail.rfive.de"; + port = 465; }; msmtp.enable = true; thunderbird.enable = true; @@ -92,6 +91,16 @@ in farPattern = "Drafts"; extraConfig.Create = "near"; }; + channels.github = { + nearPattern = "GitHub"; + farPattern = "GitHub"; + extraConfig.Create = "near"; + }; + channels.reports = { + nearPattern = "Reports"; + farPattern = "Reports"; + extraConfig.Create = "near"; + }; }; extraConfig = { account = { @@ -103,7 +112,7 @@ in { enable = true; mailboxName = " 󰒋 rfive.de"; - extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); + extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts c.reports c.github ] (x: x.nearPattern); }; }; "TU-Dresden" = rec { @@ -191,27 +200,41 @@ in passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/ifsr"; imap = { host = "mail.ifsr.de"; - port = 143; - tls.useStartTls = true; + port = 993; }; smtp = { host = "mail.ifsr.de"; - port = 587; - tls.useStartTls = true; + port = 465; }; mbsync = { enable = true; create = "maildir"; expunge = "both"; groups.ifsr = { + # TODO beautify with nix magic channels.inbox = { nearPattern = "INBOX"; farPattern = "INBOX"; extraConfig.Create = "near"; }; - channels.admin = { - nearPattern = "Admin spam"; - farPattern = "Admin spam"; + channels.root = { + nearPattern = "Root"; + farPattern = "Root"; + extraConfig.Create = "near"; + }; + channels.ese = { + nearPattern = "ESE"; + farPattern = "ESE"; + extraConfig.Create = "near"; + }; + channels.github = { + nearPattern = "GitHub"; + farPattern = "GitHub"; + extraConfig.Create = "near"; + }; + channels.reports = { + nearPattern = "Reports"; + farPattern = "Reports"; extraConfig.Create = "near"; }; channels.trash = { @@ -225,8 +248,8 @@ in extraConfig.Create = "near"; }; channels.junk = { - nearPattern = "Junk"; - farPattern = "Public/Spam"; + nearPattern = "Spam"; + farPattern = "Spam"; extraConfig.Create = "near"; }; channels.drafts = { @@ -247,7 +270,7 @@ in { enable = true; mailboxName = "  iFSR"; - extraMailboxes = lib.lists.forEach [ c.admin c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); + extraMailboxes = lib.lists.forEach [ c.root c.ese c.github c.reports c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); }; }; "gmail" = rec { diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 88792dc..8ff93c9 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -12,6 +12,7 @@ gimp ffmpeg drawio + leafpad # sound pavucontrol @@ -22,6 +23,7 @@ # internet google-chrome + filezilla # messaging discord @@ -35,9 +37,9 @@ superTuxKart # yubikey and password stuff - # yubikey-manager - # yubikey-manager-qt - # yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubioath-flutter bitwarden pass @@ -70,7 +72,10 @@ indicator = true; }; - programs.texlive.enable = true; + programs.texlive = { + enable = true; + extraPackages = tpkgs: { inherit (tpkgs) collection-basic xetex collection-fontsrecommended; }; + }; programs.obs-studio.enable = true; programs.firefox.enable = true; @@ -79,7 +84,7 @@ defaultApplications = let image-viewers = [ "imv.desktop" "gimp.desktop" "swappy.desktop" "org.qutebrowser.qutebrowser.desktop" "google-chrome.desktop" ]; - browsers = [ "firefox.desktop" "google-chrome.desktop" "org.qutebrowser.qutebrowser.desktop" ]; + browsers = [ "google-chrome.desktop" "firefox.desktop" "org.qutebrowser.qutebrowser.desktop" ]; in { "application/pdf" = [ "org.gnome.Evince.desktop" ];