diff --git a/flake.lock b/flake.lock index c90d9c8..2de47a7 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1710062421, - "narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=", + "lastModified": 1709938482, + "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=", "owner": "nix-community", "repo": "home-manager", - "rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a", + "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1710040110, - "narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=", + "lastModified": 1709906691, + "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "851fcfd130597c5c91071d46275111522d4fd595", + "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1710096282, - "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=", + "lastModified": 1709987509, + "narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9", + "rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index 94365e0..8dffca6 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -1,21 +1,18 @@ { pkgs, config, ... }: let - secondary = "185.181.104.96"; zonefile = pkgs.writeText "rfive.de.zone.txt" '' $TTL 3600 $ORIGIN rfive.de. - - rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( - 2024031013 ; serial - 10800 ; refresh - 3600 ; retry - 604800 ; expire - 3600 ) ; negatives caching, ehem. minimum - + + rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600 + @ NS ns0.rfive.de. @ NS ns.inwx.de. @ NS ns2.inwx.de. @ NS ns3.inwx.eu. + ns0 A 23.88.121.184 + ns0 AAAA 2a01:4f8:c012:49de::1 + @ A 23.88.121.184 @ AAAA 2a01:4f8:c012:49de::1 @@ -23,9 +20,6 @@ let @ CAA 0 issue "letsencrypt.org" @ CAA 0 issuewild ";" - ns A 23.88.121.184 - ns AAAA 2a01:4f8:c012:49de::1 - nuc A 141.30.227.6 falkenstein A 23.88.121.184 falkenstein AAAA 2a01:4f8:c012:49de::1 @@ -46,13 +40,13 @@ let cache CNAME nuc.rfive.de. chat CNAME nuc.rfive.de. + img.trucks CNAME falkenstein.rfive.de. matrix CNAME nuc.rfive.de. - seafile CNAME nuc.rfive.de. - vault CNAME nuc.rfive.de. - purge CNAME falkenstein.rfive.de. rspamd CNAME falkenstein.rfive.de. + seafile CNAME nuc.rfive.de. trucks CNAME falkenstein.rfive.de. + vault CNAME nuc.rfive.de. ''; in { @@ -63,13 +57,12 @@ in "rfive.de" = { master = true; slaves = [ - secondary + "185.181.104.96" ]; extraConfig = '' - also-notify {${secondary};}; + also-notify {185.181.104.96;}; dnssec-policy default; inline-signing yes; - serial-update-method date; ''; file = "${directory}/rfive.de.zone.txt"; }; @@ -79,8 +72,6 @@ in # copy the file manually to its destination since signing requires a writable directory ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt ''; - networking.firewall.extraInputRules = '' - ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers" - ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers" - ''; + networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 ]; } diff --git a/hosts/falkenstein/modules/trucksimulatorbot/default.nix b/hosts/falkenstein/modules/trucksimulatorbot/default.nix index 26bf38a..6e9ecd3 100644 --- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix +++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix @@ -24,16 +24,20 @@ in ensureDatabases = [ "trucksimulator" ]; }; services.nginx.virtualHosts = { + "img.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}"; + }; + }; "${domain}" = { enableACME = true; forceSSL = true; - locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands"; + locations."/invite".return = " 301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands"; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}"; }; - locations."/images/" = { - proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/"; - }; locations."/docs" = { root = "${trucksimulatorbot.packages.x86_64-linux.docs}"; }; diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index d985cf5..5daa117 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -14,7 +14,7 @@ }; services.resolved = { enable = true; - # dnssec = "allow-downgrade"; + dnssec = "allow-downgrade"; fallbackDns = [ "9.9.9.9" "149.112.112.112" diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index dfc1a00..5441f94 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -14,6 +14,11 @@ ./modules/virtualisation ]; + # nixpkgs.hostPlatform = { + # gcc.arch = "tigerlake"; + # gcc.tune = "tigerlake"; + # system = "x86_64-linux"; + # }; nix.settings.system-features = [ "gccarch-tigerlake" ]; systemd.additionalUpstreamSystemUnits = [ diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 2c1dafa..2fc2ee1 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -4,8 +4,7 @@ gdb lldb rust-analyzer - nil - nixpkgs-fmt + rnix-lsp typst-lsp (python3.withPackages (ps: with ps; [ pyls-isort @@ -29,15 +28,14 @@ enable = true; languages = { - language-server.nil = { - command = "nil"; - config = { nil.formatting.command = [ "nixpkgs-fmt" ]; }; + language-server.rnix-lsp = { + command = "rnix-lsp"; }; language = [ { name = "nix"; auto-format = true; - language-servers = [ "nil" ]; + language-servers = [ "rnix-lsp" ]; } ]; }; @@ -48,7 +46,6 @@ color-modes = true; line-number = "relative"; cursor-shape.insert = "bar"; - completion-trigger-len = 0; lsp = { display-messages = true; display-inlay-hints = true; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index ed8bc6c..ff2d7ec 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -5,7 +5,6 @@ # essentials htop-vim lsof - zip unzip man-pages @@ -32,6 +31,7 @@ gomuks profanity fractal + tuba # mastodon client # games prismlauncher @@ -43,7 +43,10 @@ bitwarden-cli # misc + hugo neofetch # obligatory + jetbrains.idea-ultimate #😎 + croc # send files anywhere xournalpp libreoffice mosh