mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-25 17:11:06 +01:00
Compare commits
7 commits
5e86eaec50
...
a5d244afb4
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | a5d244afb4 | ||
Rouven Seifert | 9a1435517f | ||
Rouven Seifert | f75a808a53 | ||
Rouven Seifert | 86cd05062e | ||
Rouven Seifert | 3a836ed4a7 | ||
Rouven Seifert | 5b741fa38e | ||
Rouven Seifert | 06bd805501 |
24
flake.lock
24
flake.lock
|
@ -301,11 +301,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728791962,
|
||||
"narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
|
||||
"lastModified": 1730016908,
|
||||
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "64c6325b28ebd708653dd41d88f306023f296184",
|
||||
"rev": "e83414058edd339148dc142a8437edb9450574c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -336,11 +336,11 @@
|
|||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1727649413,
|
||||
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
|
||||
"lastModified": 1729068498,
|
||||
"narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
|
||||
"rev": "e337457502571b23e449bf42153d7faa10c0a562",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -450,11 +450,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728790083,
|
||||
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
|
||||
"lastModified": 1729999765,
|
||||
"narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
|
||||
"rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -524,11 +524,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1728492678,
|
||||
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
|
||||
"lastModified": 1729880355,
|
||||
"narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
|
||||
"rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -40,7 +40,8 @@ in
|
|||
smtp_helo_name = config.networking.fqdn;
|
||||
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
|
||||
smtp_tls_security_level = "may";
|
||||
smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||
# forcing encryption breaks rspamd
|
||||
smtpd_tls_security_level = "may";
|
||||
smtpd_tls_auth_only = true;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2"
|
||||
|
|
|
@ -15,9 +15,6 @@ in
|
|||
file = ../../../../secrets/nuc/matrix/shared.age;
|
||||
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
};
|
||||
"matrix/sync" = {
|
||||
file = ../../../../secrets/nuc/matrix/sync.age;
|
||||
};
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"jitsi-meet-1.0.8043"
|
||||
|
@ -59,22 +56,11 @@ in
|
|||
}];
|
||||
};
|
||||
};
|
||||
matrix-sliding-sync = {
|
||||
enable = true;
|
||||
settings = {
|
||||
SYNCV3_SERVER = "https://${domain}";
|
||||
SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock";
|
||||
};
|
||||
environmentFile = config.age.secrets."matrix/sync".path;
|
||||
};
|
||||
|
||||
|
||||
caddy = {
|
||||
virtualHosts = {
|
||||
# synapse
|
||||
"${domain}".extraConfig = ''
|
||||
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
|
||||
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
|
||||
reverse_proxy 127.0.0.1:8008
|
||||
handle /_synapse/metrics* {
|
||||
respond 404
|
||||
|
@ -104,11 +90,6 @@ in
|
|||
RuntimeDirectory = "matrix-synapse";
|
||||
};
|
||||
};
|
||||
systemd.services.matrix-sliding-sync = {
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "matrix-sliding-sync";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse-pgsetup = {
|
||||
description = "Prepare Synapse postgres database";
|
||||
|
|
|
@ -85,6 +85,7 @@ in
|
|||
services.prometheus = {
|
||||
enable = true;
|
||||
port = 9001;
|
||||
retentionTime = "1y";
|
||||
ruleFiles = [
|
||||
./synapse-v2.rules
|
||||
];
|
||||
|
@ -93,19 +94,19 @@ in
|
|||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
json = {
|
||||
enable = true;
|
||||
configFile = pkgs.writeText "json-exporter.yml" ''
|
||||
---
|
||||
modules:
|
||||
pegelstand:
|
||||
metrics:
|
||||
- name: pegelstand_elbe_dresden
|
||||
path: '{ $.pegel }'
|
||||
type: value
|
||||
help: Pegelstand in Dresden
|
||||
'';
|
||||
};
|
||||
# json = {
|
||||
# enable = true;
|
||||
# configFile = pkgs.writeText "json-exporter.yml" ''
|
||||
# ---
|
||||
# modules:
|
||||
# pegelstand:
|
||||
# metrics:
|
||||
# - name: pegelstand_elbe_dresden
|
||||
# path: '{ $.pegel }'
|
||||
# type: value
|
||||
# help: Pegelstand in Dresden
|
||||
# '';
|
||||
# };
|
||||
};
|
||||
scrapeConfigs = [
|
||||
{
|
||||
|
@ -140,20 +141,20 @@ in
|
|||
targets = [ "nuc.vpn.rfive.de:9300" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "pegel_dresden";
|
||||
metrics_path = "/probe";
|
||||
params = {
|
||||
module = [ "pegelstand" ];
|
||||
target = [
|
||||
"https://api.stramke.com/wasserstand/sachsen/Dresden"
|
||||
];
|
||||
};
|
||||
static_configs = [{
|
||||
targets = [ "nuc.vpn.rfive.de:7979" ];
|
||||
}];
|
||||
scrape_interval = "5m";
|
||||
}
|
||||
# {
|
||||
# job_name = "pegel_dresden";
|
||||
# metrics_path = "/probe";
|
||||
# params = {
|
||||
# module = [ "pegelstand" ];
|
||||
# target = [
|
||||
# "https://api.stramke.com/wasserstand/sachsen/Dresden"
|
||||
# ];
|
||||
# };
|
||||
# static_configs = [{
|
||||
# targets = [ "nuc.vpn.rfive.de:7979" ];
|
||||
# }];
|
||||
# scrape_interval = "5m";
|
||||
# }
|
||||
{
|
||||
job_name = "caddy";
|
||||
static_configs = [{
|
||||
|
|
|
@ -19,9 +19,9 @@ in
|
|||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
|
||||
ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
|
||||
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up";
|
||||
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
|
||||
ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
[
|
||||
nerdfonts
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-emoji
|
||||
roboto
|
||||
fira
|
||||
|
|
|
@ -138,7 +138,7 @@
|
|||
systemd.services = {
|
||||
openfortivpn-agdsn = {
|
||||
description = "AG DSN Fortinet VPN";
|
||||
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31";
|
||||
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
|
||||
requires = [ "network-online.target" ];
|
||||
after = [ "network.target" "network-online.target" ];
|
||||
serviceConfig = {
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo
|
||||
T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8
|
||||
-> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno
|
||||
TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A
|
||||
-> U1M[E6m-grease US!+ :Hx\j7A K
|
||||
7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX
|
||||
sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ
|
||||
--- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ
|
||||
\4À‹±¼µƒOÒ<0B>ˆM©•_è–@…
Œ¾aÅ€@ã6¦³½ï[×XC–ͦ챞|<7C>|"£–—¢
÷z<C3B7>OÆ”!:>xMH( KBóy¼Z ‹1ù*“]‰d|ýÀ¦l?þ
t·¹öE_:
|
Binary file not shown.
Binary file not shown.
|
@ -9,7 +9,7 @@
|
|||
distributedBuilds = true;
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = [
|
||||
"https://cache.rfive.de"
|
||||
"https://cache.ifsr.de"
|
||||
|
|
|
@ -47,4 +47,9 @@
|
|||
|
||||
# enable java black magic
|
||||
# programs.java.enable = true;
|
||||
|
||||
# fix for old matrix clients
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"olm-3.2.16"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
pcmanfm
|
||||
xdg-utils # used for xdg-open
|
||||
appimage-run
|
||||
glab
|
||||
|
||||
# graphics
|
||||
(zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
|
||||
|
@ -31,11 +32,12 @@
|
|||
# messaging
|
||||
tdesktop
|
||||
profanity
|
||||
gomuks
|
||||
|
||||
# games
|
||||
prismlauncher
|
||||
superTuxKart
|
||||
space-cadet-pinball
|
||||
# space-cadet-pinball
|
||||
|
||||
# cryptography
|
||||
yubikey-manager
|
||||
|
@ -62,6 +64,7 @@
|
|||
gnumake
|
||||
go
|
||||
pre-commit
|
||||
jetbrains.idea-ultimate
|
||||
|
||||
# fancy tools
|
||||
just
|
||||
|
@ -113,6 +116,7 @@
|
|||
"image/gif" = image-viewers;
|
||||
"image/webp" = image-viewers;
|
||||
"image/ico" = image-viewers;
|
||||
"image/svg" = browsers;
|
||||
"x-scheme-handler/http" = browsers;
|
||||
"x-scheme-handler/https" = browsers;
|
||||
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
|
||||
|
|
Loading…
Reference in a new issue