mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
Compare commits
5 commits
2281866548
...
adbd54c150
| Author | SHA1 | Date | |
|---|---|---|---|
 Rouven Seifert
|
adbd54c150 | ||
|
Rouven Seifert
|
77c1054cb5 | ||
|
Rouven Seifert
|
7c5324dac8 | ||
|
Rouven Seifert
|
8b786bdc42 | ||
|
Rouven Seifert
|
43af3e872c |
30
flake.lock
30
flake.lock
|
|
@ -134,11 +134,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719459426,
|
"lastModified": 1726867691,
|
||||||
"narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=",
|
"narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "dns.nix",
|
"repo": "dns.nix",
|
||||||
"rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6",
|
"rev": "a3196708a56dee76186a9415c187473b94e6cbae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -301,11 +301,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725948275,
|
"lastModified": 1727346017,
|
||||||
"narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
|
"narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
|
"rev": "c124568e1054a62c20fbe036155cc99237633327",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -336,11 +336,11 @@
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725690722,
|
"lastModified": 1727198257,
|
||||||
"narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
|
"narHash": "sha256-/qMVI+SG9zvhLbQFOnqb4y4BH6DdK3DQHZU5qGptehc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
|
"rev": "8514fff0f048557723021ffeb31ca55f69b67de3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -450,11 +450,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725765290,
|
"lastModified": 1726975622,
|
||||||
"narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=",
|
"narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "642275444c5a9defce57219c944b3179bf2adaa9",
|
"rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -524,11 +524,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725634671,
|
"lastModified": 1727122398,
|
||||||
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
|
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
|
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
|
|
@ -39,8 +39,9 @@ in
|
||||||
# home_mailbox = "Maildir/";
|
# home_mailbox = "Maildir/";
|
||||||
smtp_helo_name = config.networking.fqdn;
|
smtp_helo_name = config.networking.fqdn;
|
||||||
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
|
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
|
||||||
smtp_use_tls = true;
|
smtp_tls_security_level = "may";
|
||||||
smtpd_use_tls = true;
|
smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||||
|
smtpd_tls_auth_only = true;
|
||||||
smtpd_tls_protocols = [
|
smtpd_tls_protocols = [
|
||||||
"!SSLv2"
|
"!SSLv2"
|
||||||
"!SSLv3"
|
"!SSLv3"
|
||||||
|
|
|
||||||
|
|
@ -93,6 +93,19 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
};
|
};
|
||||||
|
json = {
|
||||||
|
enable = true;
|
||||||
|
configFile = pkgs.writeText "json-exporter.yml" ''
|
||||||
|
---
|
||||||
|
modules:
|
||||||
|
pegelstand:
|
||||||
|
metrics:
|
||||||
|
- name: pegelstand_elbe_dresden
|
||||||
|
path: '{ $.pegel }'
|
||||||
|
type: value
|
||||||
|
help: Pegelstand in Dresden
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
{
|
{
|
||||||
|
|
@ -127,6 +140,20 @@ in
|
||||||
targets = [ "nuc.vpn.rfive.de:9300" ];
|
targets = [ "nuc.vpn.rfive.de:9300" ];
|
||||||
}];
|
}];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
job_name = "pegel_dresden";
|
||||||
|
metrics_path = "/probe";
|
||||||
|
params = {
|
||||||
|
module = [ "pegelstand" ];
|
||||||
|
target = [
|
||||||
|
"https://api.stramke.com/wasserstand/sachsen/Dresden"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "nuc.vpn.rfive.de:7979" ];
|
||||||
|
}];
|
||||||
|
scrape_interval = "5m";
|
||||||
|
}
|
||||||
{
|
{
|
||||||
job_name = "caddy";
|
job_name = "caddy";
|
||||||
static_configs = [{
|
static_configs = [{
|
||||||
|
|
|
||||||
|
|
@ -53,56 +53,56 @@
|
||||||
console.keyMap = "dvorak";
|
console.keyMap = "dvorak";
|
||||||
|
|
||||||
|
|
||||||
services.openldap = {
|
# services.openldap = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
urlList = [ "ldap:///" ];
|
# urlList = [ "ldap:///" ];
|
||||||
settings = {
|
# settings = {
|
||||||
attrs = {
|
# attrs = {
|
||||||
olcLogLevel = "conns config";
|
# olcLogLevel = "conns config";
|
||||||
};
|
# };
|
||||||
children = {
|
# children = {
|
||||||
"cn=schema".includes = [
|
# "cn=schema".includes = [
|
||||||
"${pkgs.openldap}/etc/schema/core.ldif"
|
# "${pkgs.openldap}/etc/schema/core.ldif"
|
||||||
# attributetype ( 9999.1.1 NAME 'isMemberOf'
|
# # attributetype ( 9999.1.1 NAME 'isMemberOf'
|
||||||
# DESC 'back-reference to groups this user is a member of'
|
# # DESC 'back-reference to groups this user is a member of'
|
||||||
# SUP distinguishedName )
|
# # SUP distinguishedName )
|
||||||
"${pkgs.openldap}/etc/schema/cosine.ldif"
|
# "${pkgs.openldap}/etc/schema/cosine.ldif"
|
||||||
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
# "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
||||||
"${pkgs.openldap}/etc/schema/nis.ldif"
|
# "${pkgs.openldap}/etc/schema/nis.ldif"
|
||||||
# "${pkgs.writeText "openssh.schema" ''
|
# # "${pkgs.writeText "openssh.schema" ''
|
||||||
# attributetype ( 9999.1.2 NAME 'sshPublicKey'
|
# # attributetype ( 9999.1.2 NAME 'sshPublicKey'
|
||||||
# DESC 'SSH public key used by this user'
|
# # DESC 'SSH public key used by this user'
|
||||||
# SUP name )
|
# # SUP name )
|
||||||
# ''}"
|
# # ''}"
|
||||||
];
|
# ];
|
||||||
|
|
||||||
"olcDatabase={1}mdb".attrs = {
|
# "olcDatabase={1}mdb".attrs = {
|
||||||
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
# objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
|
|
||||||
olcDatabase = "{1}mdb";
|
# olcDatabase = "{1}mdb";
|
||||||
olcDbDirectory = "/var/lib/openldap/data";
|
# olcDbDirectory = "/var/lib/openldap/data";
|
||||||
|
|
||||||
olcSuffix = "dc=ifsr,dc=de";
|
# olcSuffix = "dc=ifsr,dc=de";
|
||||||
|
|
||||||
/* your admin account, do not use writeText on a production system */
|
# /* your admin account, do not use writeText on a production system */
|
||||||
olcRootDN = "cn=portunus,dc=ifsr,dc=de";
|
# olcRootDN = "cn=portunus,dc=ifsr,dc=de";
|
||||||
olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
|
# olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
|
||||||
|
|
||||||
olcAccess = [
|
# olcAccess = [
|
||||||
/* custom access rules for userPassword attributes */
|
# /* custom access rules for userPassword attributes */
|
||||||
''{0}to attrs=userPassword
|
# ''{0}to attrs=userPassword
|
||||||
by self write
|
# by self write
|
||||||
by anonymous auth
|
# by anonymous auth
|
||||||
by * none''
|
# by * none''
|
||||||
|
|
||||||
/* allow read on anything else */
|
# /* allow read on anything else */
|
||||||
''{1}to *
|
# ''{1}to *
|
||||||
by * read''
|
# by * read''
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
||||||
|
|
@ -49,29 +49,29 @@
|
||||||
userControlled.enable = true;
|
userControlled.enable = true;
|
||||||
# sadly broken on my machine
|
# sadly broken on my machine
|
||||||
scanOnLowSignal = false;
|
scanOnLowSignal = false;
|
||||||
environmentFile = config.age.secrets.wireless.path;
|
secretsFile = config.age.secrets.wireless.path;
|
||||||
networks = {
|
networks = {
|
||||||
"@HOME_SSID@" = {
|
"Smoerrebroed" = {
|
||||||
psk = "@HOME_PSK@";
|
pskRaw = "ext:HOME_PSK";
|
||||||
authProtocols = [ "WPA-PSK" ];
|
authProtocols = [ "WPA-PSK" ];
|
||||||
};
|
};
|
||||||
"@DORM_SSID@" = {
|
"Cudy-6140" = {
|
||||||
psk = "@DORM_PSK@";
|
pskRaw = "ext:DORM_PSK";
|
||||||
authProtocols = [ "SAE" ];
|
authProtocols = [ "SAE" ];
|
||||||
extraConfig = "disabled=1";
|
extraConfig = "disabled=1";
|
||||||
};
|
};
|
||||||
"@DORM5_SSID@" = {
|
"Cudy-6150" = {
|
||||||
priority = 5;
|
priority = 5;
|
||||||
psk = "@DORM_PSK@";
|
pskRaw = "ext:DORM_PSK";
|
||||||
authProtocols = [ "SAE" ];
|
authProtocols = [ "SAE" ];
|
||||||
extraConfig = "disabled=1";
|
extraConfig = "disabled=1";
|
||||||
};
|
};
|
||||||
"LKG-Gast" = {
|
"LKG-Gast" = {
|
||||||
psk = "@LKGDD_GUEST_PSK@";
|
pskRaw = "ext:LKGDD_GUEST_PSK";
|
||||||
authProtocols = [ "WPA-PSK" ];
|
authProtocols = [ "WPA-PSK" ];
|
||||||
};
|
};
|
||||||
"@PIXEL_SSID@" = {
|
"Pxl" = {
|
||||||
psk = "@PIXEL_PSK@";
|
pskRaw = "ext:PIXEL_PSK";
|
||||||
authProtocols = [ "WPA-PSK" ];
|
authProtocols = [ "WPA-PSK" ];
|
||||||
};
|
};
|
||||||
"WIFI@DB" = {
|
"WIFI@DB" = {
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,36 @@
|
||||||
"LAN" = {
|
"LAN" = {
|
||||||
userControlled.enable = true;
|
userControlled.enable = true;
|
||||||
driver = "wired";
|
driver = "wired";
|
||||||
configFile.path = config.age.secrets.dyport-auth.path;
|
configFile.path = pkgs.writeText "supplicant-lan.conf" ''
|
||||||
|
ctrl_interface=/run/wpa_supplicant
|
||||||
|
ap_scan=0
|
||||||
|
network={
|
||||||
|
ssid="apb-ifsr"
|
||||||
|
key_mgmt=IEEE8021X
|
||||||
|
eap=TTLS
|
||||||
|
anonymous_identity="rose159e@apb-ifsr"
|
||||||
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
domain_suffix_match="radius-tud.zih.tu-dresden.de"
|
||||||
|
identity="rose159e@apb-ifsr"
|
||||||
|
password=ext:TUD_AUTH
|
||||||
|
phase2="auth=PAP"
|
||||||
|
disabled=1
|
||||||
|
}
|
||||||
|
network={
|
||||||
|
ssid="zih-ma"
|
||||||
|
key_mgmt=IEEE8021X
|
||||||
|
eap=TTLS
|
||||||
|
anonymous_identity="rose159e@zih-ma"
|
||||||
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
domain_suffix_match="radius-tud.zih.tu-dresden.de"
|
||||||
|
identity="rose159e@zih-ma"
|
||||||
|
password=ext:TUD_AUTH
|
||||||
|
phase2="auth=PAP"
|
||||||
|
disabled=1
|
||||||
|
}
|
||||||
|
ext_password_backend=file:${config.age.secrets.dyport-auth.path}
|
||||||
|
'';
|
||||||
|
# configFile.path = config.age.secrets.dyport-auth.path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
wireless.networks = {
|
wireless.networks = {
|
||||||
|
|
@ -23,7 +52,7 @@
|
||||||
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
|
domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
|
||||||
identity="rose159e@tu-dresden.de"
|
identity="rose159e@tu-dresden.de"
|
||||||
password="@EDUROAM_AUTH@"
|
password=ext:EDUROAM_AUTH
|
||||||
phase2="auth=PAP"
|
phase2="auth=PAP"
|
||||||
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b
|
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b
|
||||||
'';
|
'';
|
||||||
|
|
@ -39,7 +68,7 @@
|
||||||
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
ca_cert="/etc/ssl/certs/ca-certificates.crt"
|
||||||
domain_suffix_match="radius.agdsn.de"
|
domain_suffix_match="radius.agdsn.de"
|
||||||
identity="r5"
|
identity="r5"
|
||||||
password="@AGDSN_WIFI_AUTH@"
|
password=ext:AGDSN_WIFI_AUTH
|
||||||
phase2="auth=PAP"
|
phase2="auth=PAP"
|
||||||
bssid_ignore=b8:3a:5a:8b:96:c2
|
bssid_ignore=b8:3a:5a:8b:96:c2
|
||||||
'';
|
'';
|
||||||
|
|
@ -54,18 +83,18 @@
|
||||||
domain_suffix_match="radius.agdsn.de"
|
domain_suffix_match="radius.agdsn.de"
|
||||||
identity="r5"
|
identity="r5"
|
||||||
proto=WPA2
|
proto=WPA2
|
||||||
password="@AGDSN_AUTH@"
|
password=ext:AGDSN_AUTH
|
||||||
phase2="auth=PAP"
|
phase2="auth=PAP"
|
||||||
'';
|
'';
|
||||||
extraConfig = "disabled=1";
|
extraConfig = "disabled=1";
|
||||||
authProtocols = [ "WPA-EAP" ];
|
authProtocols = [ "WPA-EAP" ];
|
||||||
};
|
};
|
||||||
agdsn_fritzbox = {
|
agdsn_fritzbox = {
|
||||||
psk = "@AGDSN_FRITZBOX_PSK@";
|
psk = "ext:AGDSN_FRITZBOX_PSK";
|
||||||
authProtocols = [ "WPA-PSK" ];
|
authProtocols = [ "WPA-PSK" ];
|
||||||
};
|
};
|
||||||
FSR = {
|
FSR = {
|
||||||
psk = "@FSR_PSK@";
|
psk = "ext:FSR_PSK";
|
||||||
authProtocols = [ "WPA-PSK" ];
|
authProtocols = [ "WPA-PSK" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
|
|
@ -41,8 +41,8 @@
|
||||||
shell = "${pkgs.zsh}/bin/zsh";
|
shell = "${pkgs.zsh}/bin/zsh";
|
||||||
# dpi-aware = "yes";
|
# dpi-aware = "yes";
|
||||||
font = "monospace:family=Iosevka Nerd Font:size=12";
|
font = "monospace:family=Iosevka Nerd Font:size=12";
|
||||||
notify = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
|
|
||||||
};
|
};
|
||||||
|
desktop-notifications.command = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}";
|
||||||
cursor.color = "${colors.background} ${colors.foreground}";
|
cursor.color = "${colors.background} ${colors.foreground}";
|
||||||
url = {
|
url = {
|
||||||
launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}";
|
launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}";
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
rust-analyzer
|
rust-analyzer
|
||||||
nil
|
nil
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
# typst-lsp
|
typst-lsp
|
||||||
(python3.withPackages (ps: with ps; [
|
(python3.withPackages (ps: with ps; [
|
||||||
pyls-isort
|
pyls-isort
|
||||||
pylsp-mypy
|
pylsp-mypy
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
# essentials
|
# essentials
|
||||||
htop-vim
|
htop-vim
|
||||||
lsof
|
lsof
|
||||||
|
postgresql
|
||||||
|
|
||||||
zip
|
zip
|
||||||
unzip
|
unzip
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue