rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-11 01:06:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

refactor networking domain

Browse source
This commit is contained in:
Rouven Seifert 2023-09-19 13:47:08 +02:00
parent 5cbf915808
commit 671f4eb06c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
17 changed files with 125 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
flake.lock generated
View file

@ -88,11 +88,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1694158470, "lastModified": 1695052866,
"narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=", "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab", "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -236,11 +236,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1694479651, "lastModified": 1695090634,
"narHash": "sha256-X8G8vOZXLnPZ6ktH+Q2CueS3IZS1twotcZy2A2h7fgs=", "narHash": "sha256-zwkbWSFXP0+BZH2F0j46ohnIjI/RU55Q6lWjPK9FeL4=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "ccabfee3811bdcc8372beaae777a98fd36e2657e", "rev": "1c88432efc3724f60b27d580b8b490040a3048f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -255,11 +255,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694469544, "lastModified": 1695103414,
"narHash": "sha256-eqZng5dZnAUyb7xXyFk5z871GY/++KVv3Gyld5mVh20=", "narHash": "sha256-/kr1AQ8aPWl3OaTzZARhGPSS044vZq1Vh4wYX77T1DE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5171f5ef654425e09d9c2100f856d887da595437", "rev": "92364581dd3ada6981c4ddc5def8a35a1b945e75",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -290,11 +290,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1690797372, "lastModified": 1694622745,
"narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=", "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851", "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +356,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694430658, "lastModified": 1694921880,
"narHash": "sha256-8+OZ98kD63e/GaOiJimXHR/VYiTYwr25jTYGEHHOfq4=", "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "9a5c4996d0918a151269600dfdf6ad3b3748f6a4", "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -371,11 +371,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1694432324, "lastModified": 1695109627,
"narHash": "sha256-bo3Gv6Cp40vAXDBPi2XiDejzp/kyz65wZg4AnEWxAcY=", "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "ca41b8a227dd235b1b308217f116c7e6e84ad779", "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -432,11 +432,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1693675694, "lastModified": 1694908564,
"narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=", "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d", "rev": "596611941a74be176b98aeba9328aa9d01b8b322",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -448,11 +448,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694183432, "lastModified": 1694959747,
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=", "narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b", "rev": "970a59bd19eff3752ce552935687100c46e820a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -468,11 +468,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694162494, "lastModified": 1694795979,
"narHash": "sha256-VbgzfheTTfu7FiPfO7RhFkNmyivpsvQIzK+Rb4Y2DmM=", "narHash": "sha256-u86BfJNeHwPJrVfJE11OrBx6n/2NICohJsOkBARdWn0=",
"owner": "therealr5", "owner": "therealr5",
"repo": "pfersel", "repo": "pfersel",
"rev": "08726054ecda287311618178d0d98de097d4c4b8", "rev": "2fcfdf8a481db9e2fe0d241ee9ac2739c1aace71",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -607,11 +607,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1694495315, "lastModified": 1695101768,
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=", "narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415", "rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b",
"type": "github" "type": "github"
}, },
"original": { "original": {

19
hosts/falkenstein-1/modules/mail/default.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
domain = "rfive.de"; domain = config.networking.domain;
hostname = "falkenstein.vpn.${domain}"; hostname = "mail.${domain}";
# see https://www.kuketz-blog.de/e-mail-anbieter-ip-stripping-aus-datenschutzgruenden/ # see https://www.kuketz-blog.de/e-mail-anbieter-ip-stripping-aus-datenschutzgruenden/
header_cleanup = pkgs.writeText "header_cleanup_outgoing" '' header_cleanup = pkgs.writeText "header_cleanup_outgoing" ''
/^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2 /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2
@ -67,13 +67,9 @@ in
networks = [ "127.0.0.1" "141.30.30.169" ]; networks = [ "127.0.0.1" "141.30.30.169" ];
sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem";
extraAliases = ''
postmaster: root
abuse: postmaster
'';
config = { config = {
home_mailbox = "Maildir/"; home_mailbox = "Maildir/";
smtp_helo_name = "falkenstein.vpn.rfive.de";
smtp_use_tls = true; smtp_use_tls = true;
smtpd_use_tls = true; smtpd_use_tls = true;
smtpd_tls_protocols = [ smtpd_tls_protocols = [
@ -100,6 +96,7 @@ in
"reject_unauth_destination" "reject_unauth_destination"
]; ];
smtp_header_checks = "pcre:${header_cleanup}"; smtp_header_checks = "pcre:${header_cleanup}";
alias_maps = [ "hash:/etc/aliases" ]; alias_maps = [ "hash:/etc/aliases" ];
smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ]; smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ];
non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ]; non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ];
@ -272,9 +269,9 @@ in
reporting { reporting {
# Required attributes # Required attributes
enabled = true; # Enable reports in general enabled = true; # Enable reports in general
email = 'reports@rfive.de'; # Source of DMARC reports email = 'reports@${config.networking.domain}'; # Source of DMARC reports
domain = 'rfive.de'; # Domain to serve domain = '${config.networking.domain}'; # Domain to serve
org_name = 'rfive.de'; # Organisation org_name = '${config.networking.domain}'; # Organisation
from_name = 'DMARC Aggregate Report'; from_name = 'DMARC Aggregate Report';
} }
''; '';
@ -300,7 +297,7 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
"rspamd.rfive.de" = { "rspamd.${config.networking.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { locations = {

3
hosts/falkenstein-1/modules/networks/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, lib, ... }:
{ {
sops.secrets = { sops.secrets = {
"wireguard/dorm/private" = { "wireguard/dorm/private" = {
@ -10,6 +10,7 @@
}; };
networking = { networking = {
hostName = "falkenstein-1"; hostName = "falkenstein-1";
domain = "rfive.de";
useNetworkd = true; useNetworkd = true;
enableIPv6 = true; enableIPv6 = true;
}; };

8
hosts/falkenstein-1/modules/nginx/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
@ -8,16 +8,16 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."rfive.de" = { virtualHosts."${config.networking.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/srv/web/rfive.de"; root = "/srv/web/${config.networking.domain}";
}; };
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "rouven@rfive.de"; email = "rouven@${config.networking.domain}";
}; };
}; };
} }

2
hosts/falkenstein-1/modules/purge/default.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
domain = "purge.rfive.de"; domain = "purge.${config.networking.domain}";
in in
{ {
sops.secrets."purge/token".owner = "purge"; sops.secrets."purge/token".owner = "purge";

2
hosts/falkenstein-1/modules/trucksimulatorbot/default.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, trucksimulatorbot, ... }: { config, pkgs, trucksimulatorbot, ... }:
let let
domain = "trucksimulatorbot.rfive.de"; domain = "trucksimulatorbot.${config.networking.domain}";
in in
{ {
services.trucksimulatorbot = { services.trucksimulatorbot = {

2
hosts/nuc/modules/hydra/default.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
domain = "hydra.rfive.de"; domain = "hydra.${config.networking.domain}";
in in
{ {
services.hydra = { services.hydra = {

1
hosts/nuc/modules/networks/default.nix
View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "nuc"; hostName = "nuc";
domain = "rfive.de";
useNetworkd = true; useNetworkd = true;
enableIPv6 = true; enableIPv6 = true;
}; };

2
hosts/nuc/modules/nextcloud/default.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
domain = "nextcloud.rfive.de"; domain = "nextcloud.${config.networking.domain}";
in in
{ {
sops.secrets = { sops.secrets = {

2
hosts/nuc/modules/nginx/default.nix
View file

@ -15,7 +15,7 @@ in
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "rouven@rfive.de"; email = "rouven@${config.networking.domain}";
}; };
}; };
} }

4
hosts/nuc/modules/uptime-kuma/default.nix
View file

@ -1,6 +1,6 @@
{ ... }: { config, ... }:
let let
domain = "monitoring.rfive.de"; domain = "monitoring.${config.networking.domain}";
in in
{ {
services.uptime-kuma = { services.uptime-kuma = {

2
hosts/nuc/modules/vaultwarden/default.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
domain = "vault.rfive.de"; domain = "vault.${config.networking.domain}";
in in
{ {
sops.secrets."vaultwarden/env".owner = "vaultwarden"; sops.secrets."vaultwarden/env".owner = "vaultwarden";

32
hosts/thinkpad/default.nix
View file

@ -50,17 +50,27 @@
# extraOptions = '' # extraOptions = ''
# builders-use-substitutes = true # builders-use-substitutes = true
# ''; # '';
# buildMachines = [ # buildMachines = [
# { # {
# hostName = "nuc.lan"; # hostName = "nuc.lan";
# system = "x86_64-linux"; # system = "x86_64-linux";
# protocol = "ssh-ng"; # protocol = "ssh-ng";
# maxJobs = 4; # maxJobs = 2;
# speedFactor = 1; # speedFactor = 1;
# supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; # supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
# mandatoryFeatures = [ ]; # mandatoryFeatures = [ ];
# } # }
# ]; # {
# hostName = "quitte.ifsr.de";
# system = "x86_64-linux";
# protocol = "ssh-ng";
# maxJobs = 12;
# sshUser = "rouven.seifert";
# speedFactor = 10;
# supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
# mandatoryFeatures = [ ];
# }
# ];
}; };
environment.persistence."/nix/persist/system" = { environment.persistence."/nix/persist/system" = {

1
hosts/thinkpad/modules/networks/default.nix
View file

@ -127,4 +127,5 @@
]; ];
}; };
}; };
services.resolved.dnssec = "true";
} }

4
pkgs/gnome-break-timer/default.nix
View file

@ -3,7 +3,7 @@
, fetchurl , fetchurl
, meson , meson
, vala , vala
, pkgconfig , pkg-config
, cairo , cairo
, gsound , gsound
, gtk3 , gtk3
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
meson meson
ninja ninja
vala vala
pkgconfig pkg-config
cairo cairo
gsound gsound
gtk3 gtk3

53
users/rouven/modules/accounts/default.nix
View file

@ -52,13 +52,12 @@ in
userName = address; userName = address;
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
imap = { imap = {
host = "falkenstein.vpn.rfive.de"; host = "mail.rfive.de";
port = 993; port = 993;
}; };
smtp = { smtp = {
host = "falkenstein.vpn.rfive.de"; host = "mail.rfive.de";
port = 587; port = 465;
tls.useStartTls = true;
}; };
msmtp.enable = true; msmtp.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
@ -92,6 +91,16 @@ in
farPattern = "Drafts"; farPattern = "Drafts";
extraConfig.Create = "near"; extraConfig.Create = "near";
}; };
channels.github = {
nearPattern = "GitHub";
farPattern = "GitHub";
extraConfig.Create = "near";
};
channels.reports = {
nearPattern = "Reports";
farPattern = "Reports";
extraConfig.Create = "near";
};
}; };
extraConfig = { extraConfig = {
account = { account = {
@ -103,7 +112,7 @@ in
{ {
enable = true; enable = true;
mailboxName = " 󰒋 rfive.de"; mailboxName = " 󰒋 rfive.de";
extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts c.reports c.github ] (x: x.nearPattern);
}; };
}; };
"TU-Dresden" = rec { "TU-Dresden" = rec {
@ -191,27 +200,41 @@ in
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/ifsr"; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/ifsr";
imap = { imap = {
host = "mail.ifsr.de"; host = "mail.ifsr.de";
port = 143; port = 993;
tls.useStartTls = true;
}; };
smtp = { smtp = {
host = "mail.ifsr.de"; host = "mail.ifsr.de";
port = 587; port = 465;
tls.useStartTls = true;
}; };
mbsync = { mbsync = {
enable = true; enable = true;
create = "maildir"; create = "maildir";
expunge = "both"; expunge = "both";
groups.ifsr = { groups.ifsr = {
# TODO beautify with nix magic
channels.inbox = { channels.inbox = {
nearPattern = "INBOX"; nearPattern = "INBOX";
farPattern = "INBOX"; farPattern = "INBOX";
extraConfig.Create = "near"; extraConfig.Create = "near";
}; };
channels.admin = { channels.root = {
nearPattern = "Admin spam"; nearPattern = "Root";
farPattern = "Admin spam"; farPattern = "Root";
extraConfig.Create = "near";
};
channels.ese = {
nearPattern = "ESE";
farPattern = "ESE";
extraConfig.Create = "near";
};
channels.github = {
nearPattern = "GitHub";
farPattern = "GitHub";
extraConfig.Create = "near";
};
channels.reports = {
nearPattern = "Reports";
farPattern = "Reports";
extraConfig.Create = "near"; extraConfig.Create = "near";
}; };
channels.trash = { channels.trash = {
@ -225,8 +248,8 @@ in
extraConfig.Create = "near"; extraConfig.Create = "near";
}; };
channels.junk = { channels.junk = {
nearPattern = "Junk"; nearPattern = "Spam";
farPattern = "Public/Spam"; farPattern = "Spam";
extraConfig.Create = "near"; extraConfig.Create = "near";
}; };
channels.drafts = { channels.drafts = {
@ -247,7 +270,7 @@ in
{ {
enable = true; enable = true;
mailboxName = " iFSR"; mailboxName = " iFSR";
extraMailboxes = lib.lists.forEach [ c.admin c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); extraMailboxes = lib.lists.forEach [ c.root c.ese c.github c.reports c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
}; };
}; };
"gmail" = rec { "gmail" = rec {

15
users/rouven/modules/packages.nix
View file

@ -12,6 +12,7 @@
gimp gimp
ffmpeg ffmpeg
drawio drawio
leafpad
# sound # sound
pavucontrol pavucontrol
@ -22,6 +23,7 @@
# internet # internet
google-chrome google-chrome
filezilla
# messaging # messaging
discord discord
@ -35,9 +37,9 @@
superTuxKart superTuxKart
# yubikey and password stuff # yubikey and password stuff
# yubikey-manager yubikey-manager
# yubikey-manager-qt yubikey-manager-qt
# yubioath-flutter yubioath-flutter
bitwarden bitwarden
pass pass
@ -70,7 +72,10 @@
indicator = true; indicator = true;
}; };
programs.texlive.enable = true; programs.texlive = {
enable = true;
extraPackages = tpkgs: { inherit (tpkgs) collection-basic xetex collection-fontsrecommended; };
};
programs.obs-studio.enable = true; programs.obs-studio.enable = true;
programs.firefox.enable = true; programs.firefox.enable = true;
@ -79,7 +84,7 @@
defaultApplications = defaultApplications =
let let
image-viewers = [ "imv.desktop" "gimp.desktop" "swappy.desktop" "org.qutebrowser.qutebrowser.desktop" "google-chrome.desktop" ]; image-viewers = [ "imv.desktop" "gimp.desktop" "swappy.desktop" "org.qutebrowser.qutebrowser.desktop" "google-chrome.desktop" ];
browsers = [ "firefox.desktop" "google-chrome.desktop" "org.qutebrowser.qutebrowser.desktop" ]; browsers = [ "google-chrome.desktop" "firefox.desktop" "org.qutebrowser.qutebrowser.desktop" ];
in in
{ {
"application/pdf" = [ "org.gnome.Evince.desktop" ]; "application/pdf" = [ "org.gnome.Evince.desktop" ];