diff --git a/.sops.yaml b/.sops.yaml index ba8bfb7..40bb237 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - &rouven 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - - &thinkpad age1s5aes35ku7d2600mwxu8jndvngqrpuuu2h6yrcetytgstkuzlsvstut3ge + - &thinkpad age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6 - &nuc age1930r9v2y57zkwghlxapj348c4rfnmr70de898cdhu5rue5cpagzq74wymk creation_rules: - path_regex: secrets/thinkpad\.yaml$ diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 60fdc74..3aae8ae 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -12,8 +12,12 @@ ]; # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + supportedFilesystems = [ "zfs" ]; + }; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index cd7eb2d..6519779 100755 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -9,20 +9,42 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/8633a706-bf54-4d29-9fba-dbcffd723ab6"; - fsType = "ext4"; + device = "rpool/nixos/root"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/home" = + { + device = "rpool/nixos/home"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var/lib" = + { + device = "rpool/nixos/var/lib"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var/log" = + { + device = "rpool/nixos/var/log"; + fsType = "zfs"; + options = [ "zfsutil" ]; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3A2E-1AB6"; + device = "/dev/disk/by-uuid/96DD-4C81"; fsType = "vfat"; }; @@ -36,6 +58,7 @@ # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 46b31d8..b0f4f42 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -14,6 +14,7 @@ networking = { useNetworkd = true; hostName = "thinkpad"; + hostId = "79353b92"; # Define your hostname. firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; # open ports for kde connect firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; wireless = { diff --git a/secrets/thinkpad.yaml b/secrets/thinkpad.yaml index 84f19fc..5e59cb8 100644 --- a/secrets/thinkpad.yaml +++ b/secrets/thinkpad.yaml @@ -1,50 +1,50 @@ -wireless-env: ENC[AES256_GCM,data:41kibhCdfuOcBV817pd01I3Rpu0vu1WPOFyKnzGSzQi0i4KbmOrbwWV45RWMzHdLWdPNyqJPb7k8rLdbH/ZKdkK1pyLciHbAwUqIll68TxW4Lk6dPUmOk7OX/AAV2DxBZBZj+BbgGHzVTp5WOp/kEQ8LZa9thM8+qIFAsP42opKD5q6wxqSythebYlJ2zqYdmP0smivF6sqTNSrT/8apW8T8O95+zAoxAWl7ginqyprOWCmcR9X++XOaYwSjr4wCIPrTmSEJ,iv:x3pBK4TNldKa7AkYaZOOCM36Dgn6uDQMfpFGtGT9lZs=,tag:hrw/aOEbcVDhz+e2O4kFTw==,type:str] +wireless-env: ENC[AES256_GCM,data:1WuWUmSe1kJykE9wtZ6UkLxYACUdvr9nTesfJQGM0fNgeRUDaUEAld5jaKb3GzKHx/0Q05xSNcWCCBYN68ZYP94BgGLy8bEHvTqTkp4Ub/HKPLcDSiqZtCRiQjV2eKDC8EsP5MMOuc2F7qxNjrMeEWdVF0HcdVYamhRPP/uDQK3m9iUqpqwwaXQ++V9LjjQ0v6M0f9dCo+7ngSgDWApMlZDeMLIOsUn9vnklVnLc8FyOxD+pNthrBhIOGBN1yTIYVUJaM5nr,iv:QsouKCwdBrVonPgKcnxPy/mZzWsWx8O4AOsAiFheDyI=,tag:R0ZinGNTX0G46ye/AAwJwg==,type:str] uni: - zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str] + zih: ENC[AES256_GCM,data:XwpN5u2X3YBZqxtb7COASMA=,iv:RmOYmjiNhXjs1iNq5WTZeVYmQArjqNpp6/a+9EkiIfw=,tag:Hcb0ECIM6HB4kM6/JudaMQ==,type:str] wireguard: dorm: - private: ENC[AES256_GCM,data:ISK2FjZsBx60Sgag8tJs+SyXSvdIQeIHeqB1V/m3g8RxkgIFBkCBnEjB8/g=,iv:CbDXnT3ERB+OYSa0+Xc4nN8joNj3dtSPTQa0SU5S5xg=,tag:Eap30fSv0MtBzaZvBLWAYA==,type:str] - preshared: ENC[AES256_GCM,data:5Kc/CMoEVpqJO0vyDOKmw5A19P68jJe5N025+kIvdvoOoNs2Knl127EuSAA=,iv:5lX9Kj5hz1GNh3a6Ig701cocuZ1CYr4Ze++wJzu7AAU=,tag:1rVx8EA5N++SgXpv0aMGNg==,type:str] + private: ENC[AES256_GCM,data:iibKc6YvL99Jf9RQA+4YlI65Yw0jtosOCid1q+beUpcn5jA3AOqKB3wjcJM=,iv:N3xAETIeRo7vRq+/3QMdUYJtaZQr7iIgnGoD5rnHsRc=,tag:Fyc12YxfqM/NuDuiyKQpvg==,type:str] + preshared: ENC[AES256_GCM,data:213FbLKK5RQa8uADicr7k/YyLI1L0oUR6vuGYX6PunvylKD619WCTZLoya8=,iv:RVs713dJO79C8vStcvIq9/kAWlE8wpKVJd3NjtTKI+g=,tag:yedynedj8BGaJpISY2y9ww==,type:str] email: - tu-dresden: ENC[AES256_GCM,data:erIlghjlXWE2kUqMZLEN70c=,iv:hWTA68mBDe92qDPwemlSFR2vV2sL+/GI4WjHbwViVic=,tag:ZZ2/vTxBWiC6lbN33lNr5w==,type:str] - rfive: ENC[AES256_GCM,data:+lYvCL0OxM7o3nLN4fPeeVyMSKUL6O0uEg==,iv:I0KrK6GRkQWyDkp0GxXgHuCbDzDZ0u2gejNJCEzChxo=,tag:bBsG3n7nsb9T/NOCeptSgg==,type:str] - google: ENC[AES256_GCM,data:J97kR5rrJ7GpqIN1XAeVlg==,iv:r6qXU6pGEfeiajWyqq3cVatS2m6omlUcJD7bDTwHDQI=,tag:B/lTvdRVxKjyAsO7TSsXdA==,type:str] + tu-dresden: ENC[AES256_GCM,data:13YAHNUqwmwj1yqOle+M1us=,iv:Ed960kTLUeq2lq0NogRmGXS69yKT2Mwst5XBrd110bY=,tag:6HNlFPTYXNzfsXTlwg1+uQ==,type:str] + rfive: ENC[AES256_GCM,data:dyJEoaq8EKqMD0loWr0H5gXepwptZ8givA==,iv:WAT4LsBbIA/po2xd5R0K5HAsqbw+WigLJWo0T8ftPTE=,tag:Tjs9zETfxXZsS43hC6+13Q==,type:str] + google: ENC[AES256_GCM,data:1BeiGEku2zE9uS8WR3yRgA==,iv:uRaDPblZpxdAH72EaV2Rjho/MZsiVjqFsVSJHzz3GrU=,tag:Vs9GWbwFrdg8vYnLROaOGA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1s5aes35ku7d2600mwxu8jndvngqrpuuu2h6yrcetytgstkuzlsvstut3ge + - recipient: age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbk81MnpjSzRBdmFJNFhV - RE9oZHFuUzd3bWRuNDI3VEpYK2VTMXdBSlNVCkJjS0dnc1NzenpzYWdydkJ0enVB - dGJVU2hTKzV1bDV2VnJ1Y0xBaHVoZW8KLS0tIGtaelVQNFFtMDVndlpoMFpKY3p2 - S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL - ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnd1UrV1pRSHhzL1dKWTBv + WkM0d0xLL1ErbDMyNmIwRlB5dDU5Sm5DYWxjCnVoVjN5RmRRNURpSm94Z1lKb2pn + dWJLZEpVR3hWeWlrd0hCOW41WWptZHcKLS0tIHJnWUlwV2RxMFZQMFBzQisyeGIz + ZGFKS3ZXR216SXpBK1E2d3IyS2h3WjAK6xFl7yDaLald51Dts1lL+M4IF84bzsgy + 1RJiIAGi3/0R4f6GxH7oXaV14zXDk/6lw3VJbwIcgC9FSVcW1FJXIQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-27T10:55:24Z" - mac: ENC[AES256_GCM,data:gzQG0cc3x0MYqrafz7VYBC49hcYed9Bfvih1I6jsNvZ2olKLZaOnj4FKhgoDhmOqbbmjl5SCEaMDIgTkRxj5IZvkLlaJwquO8RFDHVZr2wgOzbbxPmo6NIJL7+kOJ2Qr17lr/L0JMD5kHA1srN0K5jNwSeOneHsloZtJsypd/cY=,iv:KOt/CM9+8mv7xVHGjUZMaaCTuU8oD7UVqnNmTA9utm8=,tag:gwTDa1p8O7sY/v6ON71wlw==,type:str] + lastmodified: "2023-01-28T13:13:40Z" + mac: ENC[AES256_GCM,data:DbgaU8iyEVBL8EQKHDXlu0DLoKjKKiHPtX3ugBzdTH3foW+ndQVwaLWa69rqJCaRSteq7GMsoGuodksR8MdOhP8qd9cFyNc34ap6D8EAYI/BlLUo71LryvMfAgBvQ2wuzrMFxWderPcg9tKIGMmbTeMcnK5gyDSBTrTm382Uj0Q=,iv:sMNqSQqlCV3YohSlPSa1f1kGDt3iN37o+7AdKMJdCw8=,tag:3DZ7iSbf7He8B6Xw+8np0A==,type:str] pgp: - - created_at: "2022-12-27T16:39:15Z" + - created_at: "2023-01-28T13:13:40Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMAzUXo8ZPJwGLAQ/+O6i2iycUhTxUEd+JjpRVOuK2+84ZS5vub8zEdgtvNZlb - +Jokp1pmzWxQ5jqwzJoJ4ALhK4RZWf/WdmUuDK2M7/T99zosPg8ZiADcqna3AACt - Neg/6irkgNfBEkhzKnSkfintE0U2GXcYQeKiQ88qtjJ2MFBrDmnMaTAr63C2u4ng - tiZ4VAgqWwJVpSOQ0lQn/QuZcQKeaXMP+1C8ezbbr/bh3AiOSN5CHNwNgwXVQFOj - JML4yyK+OTYG6STDDX2z18CosjZkrCakybFkW1sgb5KHnFmjouCLOH/eaof2Abea - B1d4TRkSCEHct471oVtFBc7FXuF80JG+OYActBYMviCReanbuQmiI63ngMS6+hkv - fkbRKpdZRYTRkYnKRbQeyOZ4e0+CTbVhNuSNgHF31zC8XUq4dZj67vJn9O0qvOJb - vtkoUAt+tsHeoCJjQsCb0UshjPPo3WAQThZdvE3PDX36qdm2WPkRkk2YYeu7YuPb - 8oZIPxF8UWriO5o/C6pqzMwMXqWTjFREz/7tZ7QbxMPSt1VgJGi1t63LMyv0Jw+Q - O87/hfWfoCBXS4juS3UuQGJqAV3M7qa17J1GrsJpOh/gWYIrkW1PQ4bfjY3Vj7P1 - arjRyk3QTxAPJy68p+1+p5QKCqWNrlZpZClHV6U9f0d4b+bdy2uaIZ5xHsf54oXS - UQHpLgxNzvTQZLTsMqb8yvFdj/KiQfa1MiOKMh2zMCpMImvkptmc3XtqXSybuCS4 - 6jPzv4cTvE/kpSxUO7fCOFIGoLleRYMpieYLyYsCrDrP8g== - =hdQ0 + wcFMAzUXo8ZPJwGLAQ//X2vlfKYO00ydDER64ca6cIvSTuNvteohKAmPZ+HNGhdy + UaPpmQyXo4hI98yT90/x3E/MWCUJSEeKnNkoga28PHS0Gna+nk8q/t11ITMs7Pcu + PJZreqs+eK2rgimpOx862OEY9ur/9+q8rgAmcRiuxhdwA+B23yrr8I+BcfCaUnTG + kXjv8eFzzoZ6g7vPDHYIcTISdlBvtM06TmikzxZ7TefE/19iFt0tvdmPy/s7YchC + Dk80ULIUI61yg7y4B1fczDPH5k/WWCjO3NfQ/mezkrD2RMmQPkeDnvvpeGrgZtD4 + 7sV7/TpNchFBjvnhCp5v2BaQN/r4jpCDdmU1rfc0ZfSuwcmUwwSJKS4cd5yb1gC+ + hYBevnNNepgiKYv1yXbNT92o4eI0QMe0nS1RnDZN3kTQxzS7Z/BbAj1yDjbl0zIq + t70quVCr4UintGRhm7pdMj8UIItOm2ef+Je+/hgXLPm+Quijt4fJjHS4IyK9neCf + j59iQ3aFUbEp9eu2M8pUI75dnZHM4NX7I+4VRseSD+LAXQoB7q19JWnCyA33rOjG + zXA89pVY0TKnjqNEISzTPqVIn4GF7hxFhY2r04F1lVBBd0uwKrWQttEbj9ndtKGV + HZqnVH+SiPmW5A3Tws3XkoyXstNbYc/ZRxMfmhlaID3T/7IZVweYV+YyCJxqwqTS + UQF93xbqnw11ry/LJ7Q8ShVe/VliZ+ztt+X+Buf7FvZscBus0PnVKVYtQRcy2XqS + KF3FPAEoDAMaB0Az+Io+w1LZLYjoqaFzr8MJrq2GHZ2Daw== + =lpTG -----END PGP MESSAGE----- fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 unencrypted_suffix: _unencrypted diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix index 946137b..15d96d5 100644 --- a/users/rouven/modules/accounts/default.nix +++ b/users/rouven/modules/accounts/default.nix @@ -53,6 +53,11 @@ in create = "maildir"; expunge = "both"; groups.rfive = { + channels.inbox = { + nearPattern = "INBOX"; + farPattern = "INBOX"; + extraConfig.Create = "near"; + }; channels.trash = { nearPattern = "Trash"; farPattern = "Gel&APY-schte Elemente"; @@ -63,6 +68,11 @@ in farPattern = "Gesendete Elemente"; extraConfig.Create = "near"; }; + channels.junk = { + nearPattern = "Junk"; + farPattern = "Junk-E-Mail"; + extraConfig.Create = "near"; + }; channels.drafts = { nearPattern = "Drafts"; farPattern = "Entw&APw-rfe"; @@ -78,7 +88,7 @@ in neomutt = { enable = true; mailboxName = "--rouven@rfive.de--"; - extraMailboxes = [ "Sent" "Trash" "Junk-E-Mail" "Drafts" ]; + extraMailboxes = [ "Sent" "Trash" "Junk" "Drafts" ]; }; }; "TU-Dresden" = { @@ -102,6 +112,16 @@ in create = "maildir"; expunge = "both"; groups.tud = { + channels.inbox = { + nearPattern = "INBOX"; + farPattern = "INBOX"; + extraConfig.Create = "near"; + }; + channels.opal = { + nearPattern = "Opal"; + farPattern = "Opal"; + extraConfig.Create = "near"; + }; channels.trash = { nearPattern = "Trash"; farPattern = "Gel&APY-schte Elemente"; @@ -112,6 +132,11 @@ in farPattern = "Gesendete Elemente"; extraConfig.Create = "near"; }; + channels.junk = { + nearPattern = "Junk"; + farPattern = "Junk-E-Mail"; + extraConfig.Create = "near"; + }; channels.drafts = { nearPattern = "Drafts"; farPattern = "Entw&APw-rfe"; @@ -128,8 +153,7 @@ in neomutt = { enable = true; mailboxName = "--TU Dresden-------"; - # mbsync can't handle umlauts, crap - extraMailboxes = [ "Opal" "Sent" "Trash" "Junk-E-Mail" "Drafts" ]; + extraMailboxes = [ "Opal" "Sent" "Trash" "Junk" "Drafts" ]; }; }; "gmail" = rec { @@ -150,6 +174,11 @@ in create = "maildir"; expunge = "both"; groups.googlemail = { + channels.inbox = { + nearPattern = "INBOX"; + farPattern = "INBOX"; + extraConfig.Create = "near"; + }; channels.trash = { nearPattern = "Trash"; farPattern = "[Gmail]/Papierkorb"; @@ -160,6 +189,11 @@ in farPattern = "[Gmail]/Gesendet"; extraConfig.Create = "near"; }; + channels.junk = { + nearPattern = "Junk"; + farPattern = "[Gmail]/Spam"; + extraConfig.Create = "near"; + }; channels.drafts = { nearPattern = "Drafts"; farPattern = "[Gmail]/Entw&APw-rfe"; @@ -176,7 +210,7 @@ in neomutt = { enable = true; mailboxName = "--gmail------------"; - extraMailboxes = [ "Sent" "Trash" "[Gmail]/Spam" "Drafts" ]; + extraMailboxes = [ "Sent" "Trash" "Junk" "Drafts" ]; }; }; };