diff --git a/flake.lock b/flake.lock index ebe6cdc..98edfba 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1703787578, - "narHash": "sha256-YanYMRry0uvExeCZYbM7yEp3H0gct9SocfFWvsYtyfs=", + "lastModified": 1704311514, + "narHash": "sha256-j6JsfCv31bW7LzV06q2L/27QZ4k1Zq7lEq2AR9R150A=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8a4a5c18f4fee53ac3016a52a97df2aaeede65b", + "rev": "fcbc70a7ee064f2b65dc1fac1717ca2a9813bbe6", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1702553482, - "narHash": "sha256-kWU543mm3ai7fZhYNqlLfozsrcAZsmDsp7iCzO1Utng=", + "lastModified": 1703800710, + "narHash": "sha256-BlTnkNW50xEMojxDd+M4W1WUX4t33vkxJhsW/eeSCco=", "owner": "therealr5", "repo": "TruckSimulatorBot-images", - "rev": "0bbd6647c6479312305623f1bc5699cf6874b323", + "rev": "ead83b4ce653e293b9459b0495f0a3f1baac0aa3", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1703387252, - "narHash": "sha256-XKJqGj0BaEn/zyctEnkgVIh6Ba1rgTRc+UBi9EU8Y54=", + "lastModified": 1703992163, + "narHash": "sha256-709CGmwU34dxv8DjSpRBZ+HibVJIVaFcA4JH+GFnhyM=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "f4340c1a42c38d79293ba69bfd839fbd6268a538", + "rev": "d6510ce144f5da7dd9bac667ba3d5a4946c00d11", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703438236, - "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -398,11 +398,11 @@ ] }, "locked": { - "lastModified": 1702553371, - "narHash": "sha256-6jdDRktu7NaWifzhV+/IgRg8aBqELv4L51Ijurqt2a8=", + "lastModified": 1704138480, + "narHash": "sha256-KSWmE3C/nnU6gJ2KIYaTPB4Yk58BhqFdOhaIuhCCFfg=", "owner": "therealr5", "repo": "purge", - "rev": "0f12b011b86571435e37e69e91a464513ecdd24e", + "rev": "3ae163c8fa9a64ecf1d06f390c6072948a57905f", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1702553577, - "narHash": "sha256-RTNBEoapC+HYU2jev6jc9XiffL1Zf6w51GZ96zoA3zE=", + "lastModified": 1704138497, + "narHash": "sha256-+bDxq8eeLpPO/4fZm4ikAbW064T4+n8CIY4kv+sd41U=", "owner": "therealr5", "repo": "TruckSimulatorBot", - "rev": "bb08a872dbcb4e386835c581c0ecfccf936b4012", + "rev": "1053bcb5419c18fb7f700e7b2a0cde9c0467f79c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9a87706..c699135 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ }@attrs: { packages.x86_64-linux = { iso = self.nixosConfigurations.iso.config.system.build.isoImage; + thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel; jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { }; adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index 83aa8df..680bff2 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -35,13 +35,10 @@ environment.systemPackages = with pkgs; [ vim - wget htop-vim helix lsof python3 - php - phpPackages.composer ]; programs.git = { enable = true; @@ -60,10 +57,6 @@ }; services.journald.enableHttpGateway = true; programs.mosh.enable = true; - security = { - audit.enable = true; - auditd.enable = true; - }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../keys/ssh/rouven-thinkpad ../../keys/ssh/rouven-pixel diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index e1fbaac..72a0d4a 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -6,7 +6,9 @@ ./hardware-configuration.nix ./modules/networks ./modules/backup + ./modules/cache ./modules/grafana + ./modules/hydra ./modules/prometheus ./modules/matrix ./modules/seafile @@ -15,6 +17,7 @@ ./modules/nginx ]; + nix.settings.system-features = [ "gccarch-tigerlake" ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -46,7 +49,6 @@ environment.systemPackages = with pkgs; [ vim - wget htop-vim helix lsof @@ -64,10 +66,6 @@ services.openssh.enable = true; services.journald.enableHttpGateway = true; programs.mosh.enable = true; - security = { - audit.enable = true; - auditd.enable = true; - }; # firmware updates diff --git a/hosts/nuc/modules/cache/default.nix b/hosts/nuc/modules/cache/default.nix new file mode 100644 index 0000000..049d0b2 --- /dev/null +++ b/hosts/nuc/modules/cache/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: +let + domain = "cache.rfive.de"; +in +{ + age.secrets.cache = { + file = ../../../../secrets/nuc/cache.age; + }; + services.nix-serve = { + enable = true; + secretKeyFile = config.age.secrets.cache.path; + }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; + }; + }; +} diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index 67d6146..ec40060 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -43,13 +43,13 @@ in }]; }]; }; - sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = "https://${domain}"; - }; - environmentFile = config.age.secrets."matrix/sync".path; + }; + matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://${domain}"; }; + environmentFile = config.age.secrets."matrix/sync".path; }; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 5aa1c52..4ee618c 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -14,6 +14,14 @@ ./modules/virtualisation ]; + nixpkgs.hostPlatform = { + gcc.arch = "tigerlake"; + gcc.tune = "tigerlake"; + system = "x86_64-linux"; + }; + + nix.settings.system-features = [ "gccarch-tigerlake" ]; + # Use the systemd-boot EFI boot loader. boot = { kernelModules = [ "v4l2loopback" ]; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index e0aafe5..c31e349 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -21,8 +21,8 @@ whois inetutils openssl - wget dnsutils + nmap ]; services.resolved = { fallbackDns = [ @@ -40,9 +40,6 @@ hostName = "thinkpad"; hostId = "d8d34032"; enableIPv6 = true; - firewall = { - logRefusedConnections = false; - }; wireless = { enable = true; userControlled.enable = true; @@ -163,7 +160,7 @@ linkConfig.RequiredForOnline = "carrier"; networkConfig = { Address = "192.168.43.3/32"; - DNS = "192.168.42.1"; + DNS = "192.168.43.1"; DNSSEC = true; BindCarrier = [ "wlp9s0" "enp0s31f6" ]; }; diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index bd321c4..fd17428 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -31,7 +31,6 @@ environment.systemPackages = with pkgs; [ vim - wget htop-vim ]; programs.git = { diff --git a/secrets.nix b/secrets.nix index 3194430..12bac9e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -19,6 +19,7 @@ in "secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/cache.age b/secrets/nuc/cache.age new file mode 100644 index 0000000..0d3d055 --- /dev/null +++ b/secrets/nuc/cache.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ pLKYxDwT0w0iVvg+Ppu66RaQ+6b9Mw935ol8X5+wWgU +VL90qNwa1IWO8GdIuI9JGjP62qVF5kJbWmuciq6Kbos +-> ssh-ed25519 2TRdXg T9oZyBSqwUTBMws7tykM8xqyOChp1/E80aOlYvzz0CE +lY4VA7dwfkHsRQyrSuAJC5CS9/h6x2vlBEEHFwfeb3s +--- USkk3hxaZmHIwdd5Y62i9VeIlBzGJQCnCBeGvO/3NzQ +l34nvi(rH;0!Eb-h2 AZDEփ1хMVBnh{DJc?ii2b0dMHQ-=4С4r4Eџ6ק. \ No newline at end of file diff --git a/shared/nix.nix b/shared/nix.nix index 6dda9be..f428010 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -10,6 +10,12 @@ settings = { auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + substituters = [ + "https://cache.rfive.de" + ]; + trusted-public-keys = [ + "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw=" + ]; }; }; } diff --git a/shared/systemd.nix b/shared/systemd.nix index 19f6ec1..4adfba9 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -11,7 +11,7 @@ enable = true; enableSystemSlice = true; enableRootSlice = true; - enableUserServices = true; + enableUserSlices = true; }; }; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index cbe982b..9a59d4d 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -33,6 +33,7 @@ gajim gomuks fractal + tuba # mastodon client # games prismlauncher diff --git a/users/rouven/modules/wayland/breaktimer.nix b/users/rouven/modules/wayland/breaktimer.nix index 692058d..0c12cc4 100644 --- a/users/rouven/modules/wayland/breaktimer.nix +++ b/users/rouven/modules/wayland/breaktimer.nix @@ -1,16 +1,14 @@ { pkgs, ... }: { - systemd.user = { - services.ianny = { - Unit = { - Description = "Ianny break timer"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - Service = { - ExecStart = "${pkgs.ianny}/bin/ianny"; - }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + systemd.user.services.ianny = { + Unit = { + Description = "Ianny break timer"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; }; + Service = { + ExecStart = "${pkgs.ianny}/bin/ianny"; + }; + Install = { WantedBy = [ "graphical-session.target" ]; }; }; } diff --git a/users/rouven/modules/wayland/default.nix b/users/rouven/modules/wayland/default.nix index b7c68b2..3603f27 100644 --- a/users/rouven/modules/wayland/default.nix +++ b/users/rouven/modules/wayland/default.nix @@ -34,6 +34,18 @@ systemdTarget = "graphical-session.target"; }; + systemd.user.services.swayidle-inhibit = { + Unit = { + Description = "Service preventing swayidle from sleeping while any application is outputting or receiving audio"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + Service = { + ExecStart = "${lib.getExe pkgs.sway-audio-idle-inhibit}"; + }; + Install = { WantedBy = [ "graphical-session.target" ]; }; + }; + systemd.user.services.swaync = { Install.WantedBy = [ "graphical-session.target" ]; Service = {