mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-14 21:03:10 +01:00
Compare commits
7 commits
5e86eaec50
...
a5d244afb4
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | a5d244afb4 | ||
Rouven Seifert | 9a1435517f | ||
Rouven Seifert | f75a808a53 | ||
Rouven Seifert | 86cd05062e | ||
Rouven Seifert | 3a836ed4a7 | ||
Rouven Seifert | 5b741fa38e | ||
Rouven Seifert | 06bd805501 |
24
flake.lock
24
flake.lock
|
@ -301,11 +301,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728791962,
|
"lastModified": 1730016908,
|
||||||
"narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
|
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "64c6325b28ebd708653dd41d88f306023f296184",
|
"rev": "e83414058edd339148dc142a8437edb9450574c8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -336,11 +336,11 @@
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727649413,
|
"lastModified": 1729068498,
|
||||||
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
|
"narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
|
"rev": "e337457502571b23e449bf42153d7faa10c0a562",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -450,11 +450,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728790083,
|
"lastModified": 1729999765,
|
||||||
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
|
"narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
|
"rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -524,11 +524,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728492678,
|
"lastModified": 1729880355,
|
||||||
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
|
"narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
|
"rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -40,7 +40,8 @@ in
|
||||||
smtp_helo_name = config.networking.fqdn;
|
smtp_helo_name = config.networking.fqdn;
|
||||||
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
|
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
|
||||||
smtp_tls_security_level = "may";
|
smtp_tls_security_level = "may";
|
||||||
smtpd_tls_security_level = lib.mkForce "encrypt";
|
# forcing encryption breaks rspamd
|
||||||
|
smtpd_tls_security_level = "may";
|
||||||
smtpd_tls_auth_only = true;
|
smtpd_tls_auth_only = true;
|
||||||
smtpd_tls_protocols = [
|
smtpd_tls_protocols = [
|
||||||
"!SSLv2"
|
"!SSLv2"
|
||||||
|
|
|
@ -15,9 +15,6 @@ in
|
||||||
file = ../../../../secrets/nuc/matrix/shared.age;
|
file = ../../../../secrets/nuc/matrix/shared.age;
|
||||||
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||||
};
|
};
|
||||||
"matrix/sync" = {
|
|
||||||
file = ../../../../secrets/nuc/matrix/sync.age;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
"jitsi-meet-1.0.8043"
|
"jitsi-meet-1.0.8043"
|
||||||
|
@ -59,22 +56,11 @@ in
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
matrix-sliding-sync = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
SYNCV3_SERVER = "https://${domain}";
|
|
||||||
SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock";
|
|
||||||
};
|
|
||||||
environmentFile = config.age.secrets."matrix/sync".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
caddy = {
|
caddy = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
# synapse
|
# synapse
|
||||||
"${domain}".extraConfig = ''
|
"${domain}".extraConfig = ''
|
||||||
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
|
|
||||||
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
|
|
||||||
reverse_proxy 127.0.0.1:8008
|
reverse_proxy 127.0.0.1:8008
|
||||||
handle /_synapse/metrics* {
|
handle /_synapse/metrics* {
|
||||||
respond 404
|
respond 404
|
||||||
|
@ -104,11 +90,6 @@ in
|
||||||
RuntimeDirectory = "matrix-synapse";
|
RuntimeDirectory = "matrix-synapse";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.matrix-sliding-sync = {
|
|
||||||
serviceConfig = {
|
|
||||||
RuntimeDirectory = "matrix-sliding-sync";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.matrix-synapse-pgsetup = {
|
systemd.services.matrix-synapse-pgsetup = {
|
||||||
description = "Prepare Synapse postgres database";
|
description = "Prepare Synapse postgres database";
|
||||||
|
|
|
@ -85,6 +85,7 @@ in
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 9001;
|
port = 9001;
|
||||||
|
retentionTime = "1y";
|
||||||
ruleFiles = [
|
ruleFiles = [
|
||||||
./synapse-v2.rules
|
./synapse-v2.rules
|
||||||
];
|
];
|
||||||
|
@ -93,19 +94,19 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
};
|
};
|
||||||
json = {
|
# json = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
configFile = pkgs.writeText "json-exporter.yml" ''
|
# configFile = pkgs.writeText "json-exporter.yml" ''
|
||||||
---
|
# ---
|
||||||
modules:
|
# modules:
|
||||||
pegelstand:
|
# pegelstand:
|
||||||
metrics:
|
# metrics:
|
||||||
- name: pegelstand_elbe_dresden
|
# - name: pegelstand_elbe_dresden
|
||||||
path: '{ $.pegel }'
|
# path: '{ $.pegel }'
|
||||||
type: value
|
# type: value
|
||||||
help: Pegelstand in Dresden
|
# help: Pegelstand in Dresden
|
||||||
'';
|
# '';
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
{
|
{
|
||||||
|
@ -140,20 +141,20 @@ in
|
||||||
targets = [ "nuc.vpn.rfive.de:9300" ];
|
targets = [ "nuc.vpn.rfive.de:9300" ];
|
||||||
}];
|
}];
|
||||||
}
|
}
|
||||||
{
|
# {
|
||||||
job_name = "pegel_dresden";
|
# job_name = "pegel_dresden";
|
||||||
metrics_path = "/probe";
|
# metrics_path = "/probe";
|
||||||
params = {
|
# params = {
|
||||||
module = [ "pegelstand" ];
|
# module = [ "pegelstand" ];
|
||||||
target = [
|
# target = [
|
||||||
"https://api.stramke.com/wasserstand/sachsen/Dresden"
|
# "https://api.stramke.com/wasserstand/sachsen/Dresden"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
static_configs = [{
|
# static_configs = [{
|
||||||
targets = [ "nuc.vpn.rfive.de:7979" ];
|
# targets = [ "nuc.vpn.rfive.de:7979" ];
|
||||||
}];
|
# }];
|
||||||
scrape_interval = "5m";
|
# scrape_interval = "5m";
|
||||||
}
|
# }
|
||||||
{
|
{
|
||||||
job_name = "caddy";
|
job_name = "caddy";
|
||||||
static_configs = [{
|
static_configs = [{
|
||||||
|
|
|
@ -19,9 +19,9 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
|
ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
|
||||||
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up";
|
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up";
|
||||||
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
|
ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
[
|
[
|
||||||
nerdfonts
|
nerdfonts
|
||||||
noto-fonts
|
noto-fonts
|
||||||
noto-fonts-cjk
|
noto-fonts-cjk-sans
|
||||||
noto-fonts-emoji
|
noto-fonts-emoji
|
||||||
roboto
|
roboto
|
||||||
fira
|
fira
|
||||||
|
|
|
@ -138,7 +138,7 @@
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
openfortivpn-agdsn = {
|
openfortivpn-agdsn = {
|
||||||
description = "AG DSN Fortinet VPN";
|
description = "AG DSN Fortinet VPN";
|
||||||
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31";
|
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
after = [ "network.target" "network-online.target" ];
|
after = [ "network.target" "network-online.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo
|
|
||||||
T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8
|
|
||||||
-> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno
|
|
||||||
TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A
|
|
||||||
-> U1M[E6m-grease US!+ :Hx\j7A K
|
|
||||||
7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX
|
|
||||||
sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ
|
|
||||||
--- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ
|
|
||||||
\4À‹±¼µƒOÒ<0B>ˆM©•_è–@…
Œ¾aÅ€@ã6¦³½ï[×XC–ͦ챞|<7C>|"£–—¢
÷z<C3B7>OÆ”!:>xMH( KBóy¼Z ‹1ù*“]‰d|ýÀ¦l?þ
t·¹öE_:
|
|
Binary file not shown.
Binary file not shown.
|
@ -9,7 +9,7 @@
|
||||||
distributedBuilds = true;
|
distributedBuilds = true;
|
||||||
settings = {
|
settings = {
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://cache.rfive.de"
|
"https://cache.rfive.de"
|
||||||
"https://cache.ifsr.de"
|
"https://cache.ifsr.de"
|
||||||
|
|
|
@ -47,4 +47,9 @@
|
||||||
|
|
||||||
# enable java black magic
|
# enable java black magic
|
||||||
# programs.java.enable = true;
|
# programs.java.enable = true;
|
||||||
|
|
||||||
|
# fix for old matrix clients
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"olm-3.2.16"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
pcmanfm
|
pcmanfm
|
||||||
xdg-utils # used for xdg-open
|
xdg-utils # used for xdg-open
|
||||||
appimage-run
|
appimage-run
|
||||||
|
glab
|
||||||
|
|
||||||
# graphics
|
# graphics
|
||||||
(zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
|
(zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
|
||||||
|
@ -31,11 +32,12 @@
|
||||||
# messaging
|
# messaging
|
||||||
tdesktop
|
tdesktop
|
||||||
profanity
|
profanity
|
||||||
|
gomuks
|
||||||
|
|
||||||
# games
|
# games
|
||||||
prismlauncher
|
prismlauncher
|
||||||
superTuxKart
|
superTuxKart
|
||||||
space-cadet-pinball
|
# space-cadet-pinball
|
||||||
|
|
||||||
# cryptography
|
# cryptography
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
|
@ -62,6 +64,7 @@
|
||||||
gnumake
|
gnumake
|
||||||
go
|
go
|
||||||
pre-commit
|
pre-commit
|
||||||
|
jetbrains.idea-ultimate
|
||||||
|
|
||||||
# fancy tools
|
# fancy tools
|
||||||
just
|
just
|
||||||
|
@ -113,6 +116,7 @@
|
||||||
"image/gif" = image-viewers;
|
"image/gif" = image-viewers;
|
||||||
"image/webp" = image-viewers;
|
"image/webp" = image-viewers;
|
||||||
"image/ico" = image-viewers;
|
"image/ico" = image-viewers;
|
||||||
|
"image/svg" = browsers;
|
||||||
"x-scheme-handler/http" = browsers;
|
"x-scheme-handler/http" = browsers;
|
||||||
"x-scheme-handler/https" = browsers;
|
"x-scheme-handler/https" = browsers;
|
||||||
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
|
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
|
||||||
|
|
Loading…
Reference in a new issue