rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

fixed ssh errors, add hashcash, update mail config, update zsh config

Browse source
This commit is contained in:
Rouven Seifert 2023-09-24 21:32:28 +02:00
parent 5f4dce9a04
commit 6dece01018
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
10 changed files with 114 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
flake.lock
View file

@ -3,11 +3,11 @@
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1680729003, "lastModified": 1689473676,
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=", "narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-schemes", "repo": "base16-schemes",
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0", "rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -236,11 +236,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1695090634, "lastModified": 1695555223,
"narHash": "sha256-zwkbWSFXP0+BZH2F0j46ohnIjI/RU55Q6lWjPK9FeL4=", "narHash": "sha256-YEJcTOg6Lt4lxKJxcir1TLN/OZYdCHFe7lXskJGhcHY=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "1c88432efc3724f60b27d580b8b490040a3048f6", "rev": "7702e130ba93f885ac56be5818b93c544a00538f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -255,11 +255,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695103414, "lastModified": 1695550077,
"narHash": "sha256-/kr1AQ8aPWl3OaTzZARhGPSS044vZq1Vh4wYX77T1DE=", "narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "92364581dd3ada6981c4ddc5def8a35a1b945e75", "rev": "a88df2fb101778bfd98a17556b3a2618c6c66091",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -336,11 +336,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1682108218, "lastModified": 1695388192,
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=", "narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=",
"owner": "Misterio77", "owner": "Misterio77",
"repo": "nix-colors", "repo": "nix-colors",
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820", "rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,26 +356,26 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694921880, "lastModified": 1695526222,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", "narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=",
"owner": "Mic92", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", "rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Mic92", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1695109627, "lastModified": 1695541019,
"narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=", "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a", "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -401,11 +401,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1680397293, "lastModified": 1694911725,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", "narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a", "rev": "819180647f428a3826bfc917a54449da1e532ce0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -448,11 +448,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694959747, "lastModified": 1695360818,
"narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=", "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "970a59bd19eff3752ce552935687100c46e820a5", "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -607,11 +607,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1695101768, "lastModified": 1695284550,
"narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=", "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b", "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View file

@ -5,7 +5,7 @@
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
nix-index-database = { nix-index-database = {
url = "github:Mic92/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = { sops-nix = {
@ -72,6 +72,7 @@
adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { };
pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { };
gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { }; gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { };
hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { };
}; };
hydraJobs = self.packages; hydraJobs = self.packages;
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;

128
hosts/falkenstein-1/modules/mail/default.nix
View file

@ -149,51 +149,50 @@ in
pkgs.dovecot_pigeonhole pkgs.dovecot_pigeonhole
]; ];
extraConfig = '' extraConfig = ''
auth_username_format = %Ln auth_username_format = %Ln
userdb { userdb {
driver = passwd driver = passwd
args = blocking=no args = blocking=no
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
} }
service auth {
unix_listener /var/lib/postfix/auth { service_count = 1
group = postfix }
mode = 0660 service lmtp {
user = postfix unix_listener dovecot-lmtp {
} group = postfix
mode = 0600
user = postfix
} }
service managesieve-login { client_limit = 1
inet_listener sieve { }
port = 4190 plugin {
} sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_global_extensions = +vnd.dovecot.pipe
service_count = 1 sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
client_limit = 1
}
plugin { # Spam: From elsewhere to Spam folder or flag changed in Spam folder
sieve_plugins = sieve_imapsieve sieve_extprograms imapsieve_mailbox1_name = Spam
sieve_global_extensions = +vnd.dovecot.pipe imapsieve_mailbox1_causes = COPY APPEND FLAG
sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
# Spam: From elsewhere to Spam folder or flag changed in Spam folder # From Junk folder to elsewhere
imapsieve_mailbox1_name = Spam imapsieve_mailbox2_name = *
imapsieve_mailbox1_causes = COPY APPEND FLAG imapsieve_mailbox2_from = Spam
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
# From Junk folder to elsewhere }
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
}
''; '';
}; };
@ -209,55 +208,6 @@ in
enable = true; enable = true;
postfix.enable = true; postfix.enable = true;
locals = { locals = {
"neural.conf".text = ''
servers = "127.0.0.1:6379";
enabled = true
rules {
"LONG" {
train {
max_trains = 5000;
max_usages = 200;
max_iterations = 25;
learning_rate = 0.01,
}
symbol_spam = "NEURAL_SPAM_LONG";
symbol_ham = "NEURAL_HAM_LONG";
ann_expire = 100d;
}
"SHORT" {
train {
max_trains = 100;
max_usages = 2;
max_iterations = 25;
learning_rate = 0.01,
}
symbol_spam = "NEURAL_SPAM_SHORT";
symbol_ham = "NEURAL_HAM_SHORT";
ann_expire = 1d;
}
}
'';
"neural_group.conf".text = ''
symbols = {
"NEURAL_SPAM_LONG" {
weight = 1.0; # sample weight
description = "Neural network spam (long)";
}
"NEURAL_HAM_LONG" {
weight = -1.0; # sample weight
description = "Neural network ham (long)";
}
"NEURAL_SPAM_SHORT" {
weight = 1.0; # sample weight
description = "Neural network spam (short)";
}
"NEURAL_HAM_SHORT" {
weight = -0.5; # sample weight
description = "Neural network ham (short)";
}
}
'';
"worker-controller.inc".text = '' "worker-controller.inc".text = ''
password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy"; password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
''; '';

3
hosts/thinkpad/modules/networks/default.nix
View file

@ -63,6 +63,8 @@
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IgnoreCarrierLoss = "3s"; IgnoreCarrierLoss = "3s";
IPv6AcceptRA = "yes";
IPv6PrivacyExtensions = "yes";
}; };
dhcpV4Config = { dhcpV4Config = {
RouteMetric = 20; RouteMetric = 20;
@ -127,5 +129,4 @@
]; ];
}; };
}; };
services.resolved.dnssec = "true";
} }

23
overlays/default.nix
View file

@ -2,6 +2,7 @@ _final: prev:
let let
inherit (prev) callPackage; inherit (prev) callPackage;
inherit (prev) fetchFromGitHub; inherit (prev) fetchFromGitHub;
inherit (prev) fetchpatch;
in in
{ {
wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs
@ -29,21 +30,17 @@ in
}); });
pww = callPackage ../pkgs/pww { }; pww = callPackage ../pkgs/pww { };
crowdsec = prev.crowdsec.overrideAttrs (old: rec {
version = "1.5.2";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = old.pname;
rev = "v${version}";
hash = "sha256-260+XsRn3Mm/zCSvfEcBQ6j715KV4t1Z0CvXdriDzCs=";
};
# subPackages = [
# "cmd/crowdsec"
# "cmd/crowdsec-cli"
# "plugins/notifications/email/main.go"
# ];
tpm2-pkcs11 = prev.tpm2-pkcs11.overrideAttrs (_: {
configureFlags = [ "--with-fapi=no" ];
patches = [
(fetchpatch {
url = "https://github.com/tpm2-software/tpm2-pkcs11/commit/7ad56b0faa30691e22a110b4ddc91251846d48a4.patch";
hash = "sha256-ir12bFogdFtEF53G3eZjRXHNL5bfTVm9LODbRmBjvv4=";
})
];
}); });
gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
jmri = callPackage ../pkgs/jmri { }; jmri = callPackage ../pkgs/jmri { };
adguardian-term = callPackage ../pkgs/adguardian-term { }; adguardian-term = callPackage ../pkgs/adguardian-term { };

18
pkgs/hashcash-milter/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ stdenv, fetchFromGitHub, lib }:
stdenv.mkDerivation rec {
pname = "hashcash-milter";
version = "0.1.3";
src = fetchFromGitHub {
owner = "zholos";
repo = pname;
rev = "v${version}";
hash = "sha256-yVpfvwpZUZQppZpmXmAqjoZH5shWUnA8aMVSOkPyQXw=";
};
meta = with lib; {
description = "Hashcash Milter";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ therealr5 ];
};
}

3
shared/zsh.nix
View file

@ -1,6 +1,7 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
{ {
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
programs.nix-index-database.comma.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# fzf # fzf
bat bat
@ -85,7 +86,7 @@
unset PKGS unset PKGS
for var in "$@" for var in "$@"
do do
PKGS=$PKGS\ nixpkgs/nixos-unstable#$var PKGS=$PKGS\ nixpkgs/nixos-unstable\#$var
done done
eval ${pkgs.nix-output-monitor}/bin/nom shell $PKGS eval ${pkgs.nix-output-monitor}/bin/nom shell $PKGS
} }

5
users/rouven/modules/accounts/default.nix
View file

@ -42,7 +42,6 @@ in
''; '';
}; };
mbsync.enable = true; mbsync.enable = true;
msmtp.enable = true;
}; };
accounts.email.accounts = { accounts.email.accounts = {
"rouven@rfive.de" = rec { "rouven@rfive.de" = rec {
@ -59,7 +58,6 @@ in
host = "mail.rfive.de"; host = "mail.rfive.de";
port = 465; port = 465;
}; };
msmtp.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
mbsync = { mbsync = {
enable = true; enable = true;
@ -172,7 +170,6 @@ in
}; };
}; };
}; };
msmtp.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
neomutt = let c = mbsync.groups.tud.channels; in neomutt = let c = mbsync.groups.tud.channels; in
{ {
@ -264,7 +261,6 @@ in
}; };
}; };
}; };
msmtp.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
neomutt = let c = mbsync.groups.ifsr.channels; in neomutt = let c = mbsync.groups.ifsr.channels; in
{ {
@ -323,7 +319,6 @@ in
}; };
}; };
}; };
msmtp.enable = true;
thunderbird.enable = true; thunderbird.enable = true;
neomutt = let c = mbsync.groups.gmail.channels; in neomutt = let c = mbsync.groups.gmail.channels; in
{ {

4
users/rouven/modules/packages.nix
View file

@ -13,6 +13,7 @@
ffmpeg ffmpeg
drawio drawio
leafpad leafpad
gamescope
# sound # sound
pavucontrol pavucontrol
@ -24,6 +25,8 @@
# internet # internet
google-chrome google-chrome
filezilla filezilla
dbeaver
apache-directory-studio
# messaging # messaging
discord discord
@ -53,6 +56,7 @@
bacula bacula
hcloud hcloud
jq jq
logseq
# programming languages # programming languages
cargo cargo

8
users/rouven/modules/ssh/default.nix
View file

@ -23,6 +23,9 @@ in
hostname = "falkenstein.vpn.rfive.de"; hostname = "falkenstein.vpn.rfive.de";
user = "root"; user = "root";
port = 2222; port = 2222;
extraOptions = {
VerifyHostKeyDNS = "ask";
};
}; };
falkenstein-1 = matchBlocks."rfive.de"; falkenstein-1 = matchBlocks."rfive.de";
"durian" = { "durian" = {
@ -41,6 +44,10 @@ in
"quitte" = { "quitte" = {
hostname = "quitte.ifsr.de"; hostname = "quitte.ifsr.de";
user = "root"; user = "root";
extraOptions = {
RequestTTY = "yes";
RemoteCommand = "zsh -i";
};
}; };
"tomate" = { "tomate" = {
hostname = "tomate.ifsr.de"; hostname = "tomate.ifsr.de";
@ -66,6 +73,7 @@ in
extraConfig = '' extraConfig = ''
PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_ed25519
VisualHostKey = yes
''; '';
}; };
} }