rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

fixed ssh errors, add hashcash, update mail config, update zsh config

Browse source
This commit is contained in:
Rouven Seifert 2023-09-24 21:32:28 +02:00
parent 5f4dce9a04
commit 6dece01018
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
10 changed files with 114 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
flake.lock
View file

@ -3,11 +3,11 @@
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1680729003,
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
"lastModified": 1689473676,
"narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
"rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789",
"type": "github"
},
"original": {
@ -236,11 +236,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1695090634,
"narHash": "sha256-zwkbWSFXP0+BZH2F0j46ohnIjI/RU55Q6lWjPK9FeL4=",
"lastModified": 1695555223,
"narHash": "sha256-YEJcTOg6Lt4lxKJxcir1TLN/OZYdCHFe7lXskJGhcHY=",
"owner": "helix-editor",
"repo": "helix",
"rev": "1c88432efc3724f60b27d580b8b490040a3048f6",
"rev": "7702e130ba93f885ac56be5818b93c544a00538f",
"type": "github"
},
"original": {
@ -255,11 +255,11 @@
]
},
"locked": {
"lastModified": 1695103414,
"narHash": "sha256-/kr1AQ8aPWl3OaTzZARhGPSS044vZq1Vh4wYX77T1DE=",
"lastModified": 1695550077,
"narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "92364581dd3ada6981c4ddc5def8a35a1b945e75",
"rev": "a88df2fb101778bfd98a17556b3a2618c6c66091",
"type": "github"
},
"original": {
@ -336,11 +336,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1682108218,
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=",
"lastModified": 1695388192,
"narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=",
"owner": "Misterio77",
"repo": "nix-colors",
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820",
"rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c",
"type": "github"
},
"original": {
@ -356,26 +356,26 @@
]
},
"locked": {
"lastModified": 1694921880,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
"owner": "Mic92",
"lastModified": 1695526222,
"narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
"rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647",
"type": "github"
},
"original": {
"owner": "Mic92",
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1695109627,
"narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=",
"lastModified": 1695541019,
"narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a",
"rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296",
"type": "github"
},
"original": {
@ -401,11 +401,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1680397293,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
"lastModified": 1694911725,
"narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
"rev": "819180647f428a3826bfc917a54449da1e532ce0",
"type": "github"
},
"original": {
@ -448,11 +448,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1694959747,
"narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=",
"lastModified": 1695360818,
"narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "970a59bd19eff3752ce552935687100c46e820a5",
"rev": "e35dcc04a3853da485a396bdd332217d0ac9054f",
"type": "github"
},
"original": {
@ -607,11 +607,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1695101768,
"narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=",
"lastModified": 1695284550,
"narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b",
"rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
"type": "github"
},
"original": {

3
flake.nix
View file

@ -5,7 +5,7 @@
nixpkgs.url = "nixpkgs/nixos-unstable";
nix-index-database = {
url = "github:Mic92/nix-index-database";
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
@ -72,6 +72,7 @@
adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { };
pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { };
gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { };
hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { };
};
hydraJobs = self.packages;
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;

128
hosts/falkenstein-1/modules/mail/default.nix
View file

@ -149,51 +149,50 @@ in
pkgs.dovecot_pigeonhole
];
extraConfig = ''
auth_username_format = %Ln
userdb {
driver = passwd
args = blocking=no
auth_username_format = %Ln
userdb {
driver = passwd
args = blocking=no
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
service_count = 1
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
client_limit = 1
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe
service_count = 1
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
client_limit = 1
}
# Spam: From elsewhere to Spam folder or flag changed in Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND FLAG
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe
# From Junk folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
# Spam: From elsewhere to Spam folder or flag changed in Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND FLAG
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
# From Junk folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
}
}
'';
};
@ -209,55 +208,6 @@ in
enable = true;
postfix.enable = true;
locals = {
"neural.conf".text = ''
servers = "127.0.0.1:6379";
enabled = true
rules {
"LONG" {
train {
max_trains = 5000;
max_usages = 200;
max_iterations = 25;
learning_rate = 0.01,
}
symbol_spam = "NEURAL_SPAM_LONG";
symbol_ham = "NEURAL_HAM_LONG";
ann_expire = 100d;
}
"SHORT" {
train {
max_trains = 100;
max_usages = 2;
max_iterations = 25;
learning_rate = 0.01,
}
symbol_spam = "NEURAL_SPAM_SHORT";
symbol_ham = "NEURAL_HAM_SHORT";
ann_expire = 1d;
}
}
'';
"neural_group.conf".text = ''
symbols = {
"NEURAL_SPAM_LONG" {
weight = 1.0; # sample weight
description = "Neural network spam (long)";
}
"NEURAL_HAM_LONG" {
weight = -1.0; # sample weight
description = "Neural network ham (long)";
}
"NEURAL_SPAM_SHORT" {
weight = 1.0; # sample weight
description = "Neural network spam (short)";
}
"NEURAL_HAM_SHORT" {
weight = -0.5; # sample weight
description = "Neural network ham (short)";
}
}
'';
"worker-controller.inc".text = ''
password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
'';

3
hosts/thinkpad/modules/networks/default.nix
View file

@ -63,6 +63,8 @@
networkConfig = {
DHCP = "yes";
IgnoreCarrierLoss = "3s";
IPv6AcceptRA = "yes";
IPv6PrivacyExtensions = "yes";
};
dhcpV4Config = {
RouteMetric = 20;
@ -127,5 +129,4 @@
];
};
};
services.resolved.dnssec = "true";
}

23
overlays/default.nix
View file

@ -2,6 +2,7 @@ _final: prev:
let
inherit (prev) callPackage;
inherit (prev) fetchFromGitHub;
inherit (prev) fetchpatch;
in
{
wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs
@ -29,21 +30,17 @@ in
});
pww = callPackage ../pkgs/pww { };
crowdsec = prev.crowdsec.overrideAttrs (old: rec {
version = "1.5.2";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = old.pname;
rev = "v${version}";
hash = "sha256-260+XsRn3Mm/zCSvfEcBQ6j715KV4t1Z0CvXdriDzCs=";
};
# subPackages = [
# "cmd/crowdsec"
# "cmd/crowdsec-cli"
# "plugins/notifications/email/main.go"
# ];
tpm2-pkcs11 = prev.tpm2-pkcs11.overrideAttrs (_: {
configureFlags = [ "--with-fapi=no" ];
patches = [
(fetchpatch {
url = "https://github.com/tpm2-software/tpm2-pkcs11/commit/7ad56b0faa30691e22a110b4ddc91251846d48a4.patch";
hash = "sha256-ir12bFogdFtEF53G3eZjRXHNL5bfTVm9LODbRmBjvv4=";
})
];
});
gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
jmri = callPackage ../pkgs/jmri { };
adguardian-term = callPackage ../pkgs/adguardian-term { };

18
pkgs/hashcash-milter/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ stdenv, fetchFromGitHub, lib }:
stdenv.mkDerivation rec {
pname = "hashcash-milter";
version = "0.1.3";
src = fetchFromGitHub {
owner = "zholos";
repo = pname;
rev = "v${version}";
hash = "sha256-yVpfvwpZUZQppZpmXmAqjoZH5shWUnA8aMVSOkPyQXw=";
};
meta = with lib; {
description = "Hashcash Milter";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ therealr5 ];
};
}

3
shared/zsh.nix
View file

@ -1,6 +1,7 @@
{ pkgs, config, lib, ... }:
{
programs.command-not-found.enable = false;
programs.nix-index-database.comma.enable = true;
environment.systemPackages = with pkgs; [
# fzf
bat
@ -85,7 +86,7 @@
unset PKGS
for var in "$@"
do
PKGS=$PKGS\ nixpkgs/nixos-unstable#$var
PKGS=$PKGS\ nixpkgs/nixos-unstable\#$var
done
eval ${pkgs.nix-output-monitor}/bin/nom shell $PKGS
}

5
users/rouven/modules/accounts/default.nix
View file

@ -42,7 +42,6 @@ in
'';
};
mbsync.enable = true;
msmtp.enable = true;
};
accounts.email.accounts = {
"rouven@rfive.de" = rec {
@ -59,7 +58,6 @@ in
host = "mail.rfive.de";
port = 465;
};
msmtp.enable = true;
thunderbird.enable = true;
mbsync = {
enable = true;
@ -172,7 +170,6 @@ in
};
};
};
msmtp.enable = true;
thunderbird.enable = true;
neomutt = let c = mbsync.groups.tud.channels; in
{
@ -264,7 +261,6 @@ in
};
};
};
msmtp.enable = true;
thunderbird.enable = true;
neomutt = let c = mbsync.groups.ifsr.channels; in
{
@ -323,7 +319,6 @@ in
};
};
};
msmtp.enable = true;
thunderbird.enable = true;
neomutt = let c = mbsync.groups.gmail.channels; in
{

4
users/rouven/modules/packages.nix
View file

@ -13,6 +13,7 @@
ffmpeg
drawio
leafpad
gamescope
# sound
pavucontrol
@ -24,6 +25,8 @@
# internet
google-chrome
filezilla
dbeaver
apache-directory-studio
# messaging
discord
@ -53,6 +56,7 @@
bacula
hcloud
jq
logseq
# programming languages
cargo

8
users/rouven/modules/ssh/default.nix
View file

@ -23,6 +23,9 @@ in
hostname = "falkenstein.vpn.rfive.de";
user = "root";
port = 2222;
extraOptions = {
VerifyHostKeyDNS = "ask";
};
};
falkenstein-1 = matchBlocks."rfive.de";
"durian" = {
@ -41,6 +44,10 @@ in
"quitte" = {
hostname = "quitte.ifsr.de";
user = "root";
extraOptions = {
RequestTTY = "yes";
RemoteCommand = "zsh -i";
};
};
"tomate" = {
hostname = "tomate.ifsr.de";
@ -66,6 +73,7 @@ in
extraConfig = ''
PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
IdentityFile ~/.ssh/id_ed25519
VisualHostKey = yes
'';
};
}