diff --git a/flake.lock b/flake.lock index ed028d6..f382057 100644 --- a/flake.lock +++ b/flake.lock @@ -96,6 +96,27 @@ "type": "github" } }, + "dns": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1635273082, + "narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=", + "owner": "nix-community", + "repo": "dns.nix", + "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dns.nix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -134,6 +155,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1614513358, + "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -180,11 +216,11 @@ ] }, "locked": { - "lastModified": 1712759992, - "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=", + "lastModified": 1713294767, + "narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9", + "rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7", "type": "github" }, "original": { @@ -233,7 +269,7 @@ "crane": "crane", "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -281,11 +317,11 @@ ] }, "locked": { - "lastModified": 1712459390, - "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", + "lastModified": 1713067146, + "narHash": "sha256-9D20xjblGKEVRVCnM3qWhiizEa9i6OpK6xQJajwcwOQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "4676d72d872459e1e3a248d049609f110c570e9a", + "rev": "93aed67288be60c9ef6133ba2f8de128f4ef265c", "type": "github" }, "original": { @@ -296,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712791164, - "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", + "lastModified": 1713248628, + "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", + "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8", "type": "github" }, "original": { @@ -414,24 +450,25 @@ "river": { "flake": false, "locked": { - "lastModified": 1712665127, - "narHash": "sha256-uACc9Cb1tSw3I0fMlEMX74NfU+Tg3It74tb+nc51AZ4=", + "lastModified": 1713357595, + "narHash": "sha256-LGqP2HBrMKGGTnqFDjmZRKXN88SQMgfLm2plVAzan8c=", "ref": "refs/heads/master", - "rev": "14e941bae16b1ca478c32198c131c4297157f888", - "revCount": 1238, + "rev": "6b86af4f85f66697a0ffc504c4fcc1db05bfbb80", + "revCount": 1246, "submodules": true, "type": "git", - "url": "https://github.com/riverwm/river" + "url": "https://codeberg.org/river/river" }, "original": { "submodules": true, "type": "git", - "url": "https://github.com/riverwm/river" + "url": "https://codeberg.org/river/river" } }, "root": { "inputs": { "agenix": "agenix", + "dns": "dns", "home-manager": "home-manager", "impermanence": "impermanence", "lanzaboote": "lanzaboote", diff --git a/flake.nix b/flake.nix index 710abc2..ffb8b80 100644 --- a/flake.nix +++ b/flake.nix @@ -18,9 +18,12 @@ impermanence.url = "github:nix-community/impermanence"; home-manager = { - inputs = { - nixpkgs.follows = "nixpkgs"; - }; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + dns = { + url = "github:nix-community/dns.nix"; + inputs.nixpkgs.follows = "nixpkgs"; }; nix-colors.url = "github:Misterio77/nix-colors"; @@ -44,7 +47,7 @@ }; river = { - url = "https://github.com/riverwm/river"; + url = "https://codeberg.org/river/river"; flake = false; type = "git"; submodules = true; @@ -56,6 +59,7 @@ { self , nixpkgs , home-manager + , dns , nix-index-database , agenix , impermanence diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index b6ac08f..8fd068a 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -1,53 +1,52 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, dns, ... }: let secondary = "185.181.104.96"; - zonefile = pkgs.writeText "rfive.de.zone.txt" '' - $TTL 3600 - $ORIGIN rfive.de. + zonefile = with dns.lib.combinators; pkgs.writeText "rfive.de.zone.txt" (dns.lib.toString "rfive.de" { + TTL = 3600; + SOA = { + nameServer = "ns.rfive.de."; + adminEmail = "hostmaster@rfive.de"; + serial = 2024041709; + refresh = 10800; + retry = 3600; + expire = 604800; + minimum = 3600; + }; + NS = [ + "ns.inwx.de." + "ns2.inwx.de." + "ns3.inxw.eu." + ]; + A = [ "23.88.121.184" ]; + AAAA = [ "2a01:4f8:c012:49de::1" ]; - rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( - 2024040800 ; serial - 10800 ; refresh - 3600 ; retry - 604800 ; expire - 3600 ) ; negatives caching, ehem. minimum - - @ NS ns.inwx.de. - @ NS ns2.inwx.de. - @ NS ns3.inwx.eu. + CAA = letsEncrypt "ca@rfive.de"; - @ A 23.88.121.184 - @ AAAA 2a01:4f8:c012:49de::1 + MX = [{ preference = 1; exchange = "mail.rfive.de."; }]; - @ CAA 0 iodef "mailto:ca@rfive.de" - @ CAA 0 issue "letsencrypt.org" - @ CAA 0 issuewild ";" + TXT = [ + (spf.soft [ "mx" ]) + ]; - ns A 23.88.121.184 - ns AAAA 2a01:4f8:c012:49de::1 + subdomains = lib.attrsets.mergeAttrsList [ + rec { + nuc = { + A = [ "141.30.227.6" ]; + }; + falkenstein = { + A = [ "23.88.121.184" ]; + AAAA = [ "2a01:4f8:c012:49de::1" ]; + }; + ns = falkenstein; + mail = falkenstein; + _dmarc.TXT = [ "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" ]; + _domainkey.subdomains.rspamd.TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" ]; - nuc A 141.30.227.6 - falkenstein A 23.88.121.184 - falkenstein AAAA 2a01:4f8:c012:49de::1 - - @ MX 1 mail.rfive.de. - mail A 23.88.121.184 - mail AAAA 2a01:4f8:c012:49de::1 - - @ TXT "v=spf1 mx ~all" - rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" - _dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" - - cache CNAME nuc.rfive.de. - chat CNAME nuc.rfive.de. - matrix CNAME nuc.rfive.de. - seafile CNAME nuc.rfive.de. - vault CNAME nuc.rfive.de. - - purge CNAME falkenstein.rfive.de. - rspamd CNAME falkenstein.rfive.de. - trucks CNAME falkenstein.rfive.de. - ''; + } + (lib.attrsets.genAttrs [ "cache" "chat" "matrix" "seafile" "vault" ] (label: { CNAME = [ "nuc.rfive.de." ]; })) + (lib.attrsets.genAttrs [ "purge" "rspamd" "trucks" ] (label: { CNAME = [ "falkenstein.rfive.de." ]; })) + ]; + }); in { services.bind = rec { diff --git a/shared/nix.nix b/shared/nix.nix index b5411a4..ba3d866 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -11,7 +11,6 @@ experimental-features = [ "nix-command" "flakes" "repl-flake" ]; substituters = [ "https://cache.rfive.de" - # temp disabled until logging error is resolved "https://cache.ifsr.de" ]; trusted-public-keys = [ diff --git a/shared/zsh.nix b/shared/zsh.nix index 0588bd8..61b2d18 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -11,7 +11,9 @@ iperf ]; users.defaultUserShell = pkgs.zsh; - programs.fzf.enable = true; + programs.fzf = { + keybindings = true; + }; programs.zsh = { enable = true; shellAliases = { diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 19307c7..ae98767 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -17,7 +17,6 @@ (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; }) gimp ffmpeg - imv # bluetooth blueman @@ -39,12 +38,10 @@ bitwarden-cli # misc - neofetch # obligatory xournalpp libreoffice mosh typst - typst-preview hut # programming languages @@ -73,8 +70,6 @@ ]; - - programs.obs-studio.enable = true; programs.firefox.enable = true; programs = { thunderbird = { @@ -98,7 +93,7 @@ enable = true; defaultApplications = let - image-viewers = [ "imv.desktop" "gimp.desktop" "swappy.desktop" "org.qutebrowser.qutebrowser.desktop" "google-chrome.desktop" ]; + image-viewers = [ "google-chrome.desktop" "gimp.desktop" "swappy.desktop" "org.qutebrowser.qutebrowser.desktop" ]; browsers = [ "google-chrome.desktop" "firefox.desktop" "org.qutebrowser.qutebrowser.desktop" ]; in { diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 94c8371..7c5e6e3 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -16,7 +16,7 @@ in VisualHostKey = yes ''; matchBlocks = { - # personal use + # Personal "git@github.com" = { match = "Host github.com User git"; identityFile = git; @@ -25,6 +25,16 @@ in match = "Host git.sr.ht User git"; identityFile = git; }; + "*.vpn.rfive.de" = { + user = "root"; + }; + + # TU Dresden + "tud" = { + hostname = "login.zih.tu-dresden.de"; + user = "rose159e"; + }; + # iFSR "fsr" = { hostname = "ifsr.de"; @@ -33,27 +43,14 @@ in "quitte" = { hostname = "quitte.ifsr.de"; user = "root"; - extraOptions = { - RequestTTY = "yes"; - RemoteCommand = "zsh -i"; - }; - }; - "quitte-notty" = { - hostname = "quitte.ifsr.de"; - user = "root"; }; "tomate" = { hostname = "tomate.ifsr.de"; user = "root"; extraOptions = { - RequestTTY = "yes"; - RemoteCommand = "zsh -i"; + ProxyJump = "tud"; }; }; - "tomate-notty" = { - hostname = "tomate.ifsr.de"; - user = "root"; - }; "git@ifsr.de" = { match = "Host ifsr.de User git"; identityFile = git; @@ -74,9 +71,6 @@ in VerifyHostKeyDNS = "yes"; }; }; - "*.vpn.rfive.de" = { - user = "root"; - }; "git@git.agdsn.de" = { match = "Host git.agdsn.de User git"; identityFile = git;