From 6dece010188a5f1f8b39bcb8a56cf2998a7b46a4 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sun, 24 Sep 2023 21:32:28 +0200 Subject: [PATCH] fixed ssh errors, add hashcash, update mail config, update zsh config --- flake.lock | 58 ++++----- flake.nix | 3 +- hosts/falkenstein-1/modules/mail/default.nix | 128 ++++++------------- hosts/thinkpad/modules/networks/default.nix | 3 +- overlays/default.nix | 23 ++-- pkgs/hashcash-milter/default.nix | 18 +++ shared/zsh.nix | 3 +- users/rouven/modules/accounts/default.nix | 5 - users/rouven/modules/packages.nix | 4 + users/rouven/modules/ssh/default.nix | 8 ++ 10 files changed, 114 insertions(+), 139 deletions(-) create mode 100644 pkgs/hashcash-milter/default.nix diff --git a/flake.lock b/flake.lock index 6dc7ad1..5ff55d3 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "base16-schemes": { "flake": false, "locked": { - "lastModified": 1680729003, - "narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=", + "lastModified": 1689473676, + "narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=", "owner": "tinted-theming", "repo": "base16-schemes", - "rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0", + "rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789", "type": "github" }, "original": { @@ -236,11 +236,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1695090634, - "narHash": "sha256-zwkbWSFXP0+BZH2F0j46ohnIjI/RU55Q6lWjPK9FeL4=", + "lastModified": 1695555223, + "narHash": "sha256-YEJcTOg6Lt4lxKJxcir1TLN/OZYdCHFe7lXskJGhcHY=", "owner": "helix-editor", "repo": "helix", - "rev": "1c88432efc3724f60b27d580b8b490040a3048f6", + "rev": "7702e130ba93f885ac56be5818b93c544a00538f", "type": "github" }, "original": { @@ -255,11 +255,11 @@ ] }, "locked": { - "lastModified": 1695103414, - "narHash": "sha256-/kr1AQ8aPWl3OaTzZARhGPSS044vZq1Vh4wYX77T1DE=", + "lastModified": 1695550077, + "narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=", "owner": "nix-community", "repo": "home-manager", - "rev": "92364581dd3ada6981c4ddc5def8a35a1b945e75", + "rev": "a88df2fb101778bfd98a17556b3a2618c6c66091", "type": "github" }, "original": { @@ -336,11 +336,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1682108218, - "narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=", + "lastModified": 1695388192, + "narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=", "owner": "Misterio77", "repo": "nix-colors", - "rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820", + "rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c", "type": "github" }, "original": { @@ -356,26 +356,26 @@ ] }, "locked": { - "lastModified": 1694921880, - "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", - "owner": "Mic92", + "lastModified": 1695526222, + "narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=", + "owner": "nix-community", "repo": "nix-index-database", - "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", + "rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647", "type": "github" }, "original": { - "owner": "Mic92", + "owner": "nix-community", "repo": "nix-index-database", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1695109627, - "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=", + "lastModified": 1695541019, + "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a", + "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", "type": "github" }, "original": { @@ -401,11 +401,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1680397293, - "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", + "lastModified": 1694911725, + "narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a", + "rev": "819180647f428a3826bfc917a54449da1e532ce0", "type": "github" }, "original": { @@ -448,11 +448,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1694959747, - "narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=", + "lastModified": 1695360818, + "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "970a59bd19eff3752ce552935687100c46e820a5", + "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", "type": "github" }, "original": { @@ -607,11 +607,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1695101768, - "narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=", + "lastModified": 1695284550, + "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b", + "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 859f3cb..551eb07 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ nixpkgs.url = "nixpkgs/nixos-unstable"; nix-index-database = { - url = "github:Mic92/nix-index-database"; + url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; sops-nix = { @@ -72,6 +72,7 @@ adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { }; + hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { }; }; hydraJobs = self.packages; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix index a05778b..f6ee39e 100644 --- a/hosts/falkenstein-1/modules/mail/default.nix +++ b/hosts/falkenstein-1/modules/mail/default.nix @@ -149,51 +149,50 @@ in pkgs.dovecot_pigeonhole ]; extraConfig = '' - auth_username_format = %Ln - userdb { - driver = passwd - args = blocking=no + auth_username_format = %Ln + userdb { + driver = passwd + args = blocking=no + } + service auth { + unix_listener /var/lib/postfix/auth { + group = postfix + mode = 0660 + user = postfix + } + } + service managesieve-login { + inet_listener sieve { + port = 4190 } - service auth { - unix_listener /var/lib/postfix/auth { - group = postfix - mode = 0660 - user = postfix - } + + service_count = 1 + } + service lmtp { + unix_listener dovecot-lmtp { + group = postfix + mode = 0600 + user = postfix } - service managesieve-login { - inet_listener sieve { - port = 4190 - } - - service_count = 1 - } - service lmtp { - unix_listener dovecot-lmtp { - group = postfix - mode = 0600 - user = postfix - } - client_limit = 1 - } + client_limit = 1 + } + plugin { + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_global_extensions = +vnd.dovecot.pipe + sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe - plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_global_extensions = +vnd.dovecot.pipe - sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe + # Spam: From elsewhere to Spam folder or flag changed in Spam folder + imapsieve_mailbox1_name = Spam + imapsieve_mailbox1_causes = COPY APPEND FLAG + imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve - # Spam: From elsewhere to Spam folder or flag changed in Spam folder - imapsieve_mailbox1_name = Spam - imapsieve_mailbox1_causes = COPY APPEND FLAG - imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve + # From Junk folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Spam + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve - # From Junk folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve - - } + } ''; }; @@ -209,55 +208,6 @@ in enable = true; postfix.enable = true; locals = { - "neural.conf".text = '' - servers = "127.0.0.1:6379"; - enabled = true - - rules { - "LONG" { - train { - max_trains = 5000; - max_usages = 200; - max_iterations = 25; - learning_rate = 0.01, - } - symbol_spam = "NEURAL_SPAM_LONG"; - symbol_ham = "NEURAL_HAM_LONG"; - ann_expire = 100d; - } - "SHORT" { - train { - max_trains = 100; - max_usages = 2; - max_iterations = 25; - learning_rate = 0.01, - } - symbol_spam = "NEURAL_SPAM_SHORT"; - symbol_ham = "NEURAL_HAM_SHORT"; - ann_expire = 1d; - } - } - ''; - "neural_group.conf".text = '' - symbols = { - "NEURAL_SPAM_LONG" { - weight = 1.0; # sample weight - description = "Neural network spam (long)"; - } - "NEURAL_HAM_LONG" { - weight = -1.0; # sample weight - description = "Neural network ham (long)"; - } - "NEURAL_SPAM_SHORT" { - weight = 1.0; # sample weight - description = "Neural network spam (short)"; - } - "NEURAL_HAM_SHORT" { - weight = -0.5; # sample weight - description = "Neural network ham (short)"; - } - } - ''; "worker-controller.inc".text = '' password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy"; ''; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 99fd68d..8dd0953 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -63,6 +63,8 @@ networkConfig = { DHCP = "yes"; IgnoreCarrierLoss = "3s"; + IPv6AcceptRA = "yes"; + IPv6PrivacyExtensions = "yes"; }; dhcpV4Config = { RouteMetric = 20; @@ -127,5 +129,4 @@ ]; }; }; - services.resolved.dnssec = "true"; } diff --git a/overlays/default.nix b/overlays/default.nix index 3073169..accda89 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,6 +2,7 @@ _final: prev: let inherit (prev) callPackage; inherit (prev) fetchFromGitHub; + inherit (prev) fetchpatch; in { wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs @@ -29,21 +30,17 @@ in }); pww = callPackage ../pkgs/pww { }; - crowdsec = prev.crowdsec.overrideAttrs (old: rec { - version = "1.5.2"; - src = fetchFromGitHub { - owner = "crowdsecurity"; - repo = old.pname; - rev = "v${version}"; - hash = "sha256-260+XsRn3Mm/zCSvfEcBQ6j715KV4t1Z0CvXdriDzCs="; - }; - # subPackages = [ - # "cmd/crowdsec" - # "cmd/crowdsec-cli" - # "plugins/notifications/email/main.go" - # ]; + tpm2-pkcs11 = prev.tpm2-pkcs11.overrideAttrs (_: { + configureFlags = [ "--with-fapi=no" ]; + patches = [ + (fetchpatch { + url = "https://github.com/tpm2-software/tpm2-pkcs11/commit/7ad56b0faa30691e22a110b4ddc91251846d48a4.patch"; + hash = "sha256-ir12bFogdFtEF53G3eZjRXHNL5bfTVm9LODbRmBjvv4="; + }) + ]; }); + gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; diff --git a/pkgs/hashcash-milter/default.nix b/pkgs/hashcash-milter/default.nix new file mode 100644 index 0000000..5ff396a --- /dev/null +++ b/pkgs/hashcash-milter/default.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchFromGitHub, lib }: +stdenv.mkDerivation rec { + pname = "hashcash-milter"; + version = "0.1.3"; + src = fetchFromGitHub { + owner = "zholos"; + repo = pname; + rev = "v${version}"; + hash = "sha256-yVpfvwpZUZQppZpmXmAqjoZH5shWUnA8aMVSOkPyQXw="; + }; + + meta = with lib; { + description = "Hashcash Milter"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ therealr5 ]; + }; +} diff --git a/shared/zsh.nix b/shared/zsh.nix index aa01f4e..a1fc6a4 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: { programs.command-not-found.enable = false; + programs.nix-index-database.comma.enable = true; environment.systemPackages = with pkgs; [ # fzf bat @@ -85,7 +86,7 @@ unset PKGS for var in "$@" do - PKGS=$PKGS\ nixpkgs/nixos-unstable#$var + PKGS=$PKGS\ nixpkgs/nixos-unstable\#$var done eval ${pkgs.nix-output-monitor}/bin/nom shell $PKGS } diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix index b5ed8b3..aa0e32b 100644 --- a/users/rouven/modules/accounts/default.nix +++ b/users/rouven/modules/accounts/default.nix @@ -42,7 +42,6 @@ in ''; }; mbsync.enable = true; - msmtp.enable = true; }; accounts.email.accounts = { "rouven@rfive.de" = rec { @@ -59,7 +58,6 @@ in host = "mail.rfive.de"; port = 465; }; - msmtp.enable = true; thunderbird.enable = true; mbsync = { enable = true; @@ -172,7 +170,6 @@ in }; }; }; - msmtp.enable = true; thunderbird.enable = true; neomutt = let c = mbsync.groups.tud.channels; in { @@ -264,7 +261,6 @@ in }; }; }; - msmtp.enable = true; thunderbird.enable = true; neomutt = let c = mbsync.groups.ifsr.channels; in { @@ -323,7 +319,6 @@ in }; }; }; - msmtp.enable = true; thunderbird.enable = true; neomutt = let c = mbsync.groups.gmail.channels; in { diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 8ff93c9..d9d34bc 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -13,6 +13,7 @@ ffmpeg drawio leafpad + gamescope # sound pavucontrol @@ -24,6 +25,8 @@ # internet google-chrome filezilla + dbeaver + apache-directory-studio # messaging discord @@ -53,6 +56,7 @@ bacula hcloud jq + logseq # programming languages cargo diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 00bb292..6cde9ee 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -23,6 +23,9 @@ in hostname = "falkenstein.vpn.rfive.de"; user = "root"; port = 2222; + extraOptions = { + VerifyHostKeyDNS = "ask"; + }; }; falkenstein-1 = matchBlocks."rfive.de"; "durian" = { @@ -41,6 +44,10 @@ in "quitte" = { hostname = "quitte.ifsr.de"; user = "root"; + extraOptions = { + RequestTTY = "yes"; + RemoteCommand = "zsh -i"; + }; }; "tomate" = { hostname = "tomate.ifsr.de"; @@ -66,6 +73,7 @@ in extraConfig = '' PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so IdentityFile ~/.ssh/id_ed25519 + VisualHostKey = yes ''; }; }