diff --git a/flake.lock b/flake.lock index e0e86a3..975d825 100644 --- a/flake.lock +++ b/flake.lock @@ -301,11 +301,11 @@ ] }, "locked": { - "lastModified": 1728791962, - "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=", + "lastModified": 1730016908, + "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", "owner": "nix-community", "repo": "home-manager", - "rev": "64c6325b28ebd708653dd41d88f306023f296184", + "rev": "e83414058edd339148dc142a8437edb9450574c8", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "impermanence": { "locked": { - "lastModified": 1727649413, - "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=", + "lastModified": 1729068498, + "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=", "owner": "nix-community", "repo": "impermanence", - "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e", + "rev": "e337457502571b23e449bf42153d7faa10c0a562", "type": "github" }, "original": { @@ -450,11 +450,11 @@ ] }, "locked": { - "lastModified": 1728790083, - "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", + "lastModified": 1729999765, + "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", + "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix index 7cab1a4..3e695c4 100644 --- a/hosts/falkenstein/modules/mail/postfix.nix +++ b/hosts/falkenstein/modules/mail/postfix.nix @@ -40,7 +40,8 @@ in smtp_helo_name = config.networking.fqdn; smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; smtp_tls_security_level = "may"; - smtpd_tls_security_level = lib.mkForce "encrypt"; + # forcing encryption breaks rspamd + smtpd_tls_security_level = "may"; smtpd_tls_auth_only = true; smtpd_tls_protocols = [ "!SSLv2" diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index d46c038..99ca51d 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -15,9 +15,6 @@ in file = ../../../../secrets/nuc/matrix/shared.age; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; - "matrix/sync" = { - file = ../../../../secrets/nuc/matrix/sync.age; - }; }; nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" @@ -59,22 +56,11 @@ in }]; }; }; - matrix-sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = "https://${domain}"; - SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock"; - }; - environmentFile = config.age.secrets."matrix/sync".path; - }; - caddy = { virtualHosts = { # synapse "${domain}".extraConfig = '' - reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock - reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock reverse_proxy 127.0.0.1:8008 handle /_synapse/metrics* { respond 404 @@ -104,11 +90,6 @@ in RuntimeDirectory = "matrix-synapse"; }; }; - systemd.services.matrix-sliding-sync = { - serviceConfig = { - RuntimeDirectory = "matrix-sliding-sync"; - }; - }; systemd.services.matrix-synapse-pgsetup = { description = "Prepare Synapse postgres database"; diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix index 8c7c03c..9097c6f 100644 --- a/hosts/nuc/modules/monitoring/default.nix +++ b/hosts/nuc/modules/monitoring/default.nix @@ -85,6 +85,7 @@ in services.prometheus = { enable = true; port = 9001; + retentionTime = "1y"; ruleFiles = [ ./synapse-v2.rules ]; @@ -93,19 +94,19 @@ in enable = true; enabledCollectors = [ "systemd" ]; }; - json = { - enable = true; - configFile = pkgs.writeText "json-exporter.yml" '' - --- - modules: - pegelstand: - metrics: - - name: pegelstand_elbe_dresden - path: '{ $.pegel }' - type: value - help: Pegelstand in Dresden - ''; - }; + # json = { + # enable = true; + # configFile = pkgs.writeText "json-exporter.yml" '' + # --- + # modules: + # pegelstand: + # metrics: + # - name: pegelstand_elbe_dresden + # path: '{ $.pegel }' + # type: value + # help: Pegelstand in Dresden + # ''; + # }; }; scrapeConfigs = [ { @@ -140,20 +141,20 @@ in targets = [ "nuc.vpn.rfive.de:9300" ]; }]; } - { - job_name = "pegel_dresden"; - metrics_path = "/probe"; - params = { - module = [ "pegelstand" ]; - target = [ - "https://api.stramke.com/wasserstand/sachsen/Dresden" - ]; - }; - static_configs = [{ - targets = [ "nuc.vpn.rfive.de:7979" ]; - }]; - scrape_interval = "5m"; - } + # { + # job_name = "pegel_dresden"; + # metrics_path = "/probe"; + # params = { + # module = [ "pegelstand" ]; + # target = [ + # "https://api.stramke.com/wasserstand/sachsen/Dresden" + # ]; + # }; + # static_configs = [{ + # targets = [ "nuc.vpn.rfive.de:7979" ]; + # }]; + # scrape_interval = "5m"; + # } { job_name = "caddy"; static_configs = [{ diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 2bff346..0b7c0e0 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -19,9 +19,9 @@ in serviceConfig = { Type = "oneshot"; RemainAfterExit = true; - ExecStart = "${pkgs.iproute}/bin/ip netns add %I"; + ExecStart = "${pkgs.iproute2}/bin/ip netns add %I"; ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up"; - ExecStop = "${pkgs.iproute}/bin/ip netns del %I"; + ExecStop = "${pkgs.iproute2}/bin/ip netns del %I"; }; }; diff --git a/hosts/thinkpad/modules/graphics/default.nix b/hosts/thinkpad/modules/graphics/default.nix index e835627..d100e5c 100644 --- a/hosts/thinkpad/modules/graphics/default.nix +++ b/hosts/thinkpad/modules/graphics/default.nix @@ -9,7 +9,7 @@ [ nerdfonts noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji roboto fira diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 7db4fbd..54d3f6f 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -138,7 +138,7 @@ systemd.services = { openfortivpn-agdsn = { description = "AG DSN Fortinet VPN"; - script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31"; + script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978"; requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; serviceConfig = { diff --git a/secrets/nuc/matrix/sync.age b/secrets/nuc/matrix/sync.age deleted file mode 100644 index b7b6f0c..0000000 --- a/secrets/nuc/matrix/sync.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo -T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8 --> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno -TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A --> U1M[E6m-grease US!+ :Hx\j7A K -7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX -sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ ---- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ -\4O M_@ aŀ@6[XCͦ||" zOƔ!:>xMH(KByZ 1*]d|l? tE_: \ No newline at end of file diff --git a/secrets/thinkpad/agdsn.age b/secrets/thinkpad/agdsn.age index 3f28f76..32fd7fe 100644 Binary files a/secrets/thinkpad/agdsn.age and b/secrets/thinkpad/agdsn.age differ diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index 89bc53a..d7bb382 100644 Binary files a/secrets/thinkpad/wireless.age and b/secrets/thinkpad/wireless.age differ diff --git a/shared/nix.nix b/shared/nix.nix index 4a69065..fe7070a 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -9,7 +9,7 @@ distributedBuilds = true; settings = { auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + experimental-features = [ "nix-command" "flakes" ]; substituters = [ "https://cache.rfive.de" "https://cache.ifsr.de" diff --git a/users/rouven/fixes.nix b/users/rouven/fixes.nix index 469d8cf..0f6ebb6 100644 --- a/users/rouven/fixes.nix +++ b/users/rouven/fixes.nix @@ -47,4 +47,9 @@ # enable java black magic # programs.java.enable = true; + + # fix for old matrix clients + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; } diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index f02aee1..505d04b 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -12,6 +12,7 @@ pcmanfm xdg-utils # used for xdg-open appimage-run + glab # graphics (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; }) @@ -31,11 +32,12 @@ # messaging tdesktop profanity + gomuks # games prismlauncher superTuxKart - space-cadet-pinball + # space-cadet-pinball # cryptography yubikey-manager @@ -62,6 +64,7 @@ gnumake go pre-commit + jetbrains.idea-ultimate # fancy tools just @@ -113,6 +116,7 @@ "image/gif" = image-viewers; "image/webp" = image-viewers; "image/ico" = image-viewers; + "image/svg" = browsers; "x-scheme-handler/http" = browsers; "x-scheme-handler/https" = browsers; "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];