Compare commits

...

7 commits

13 changed files with 57 additions and 75 deletions

View file

@ -301,11 +301,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728791962, "lastModified": 1730016908,
"narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=", "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "64c6325b28ebd708653dd41d88f306023f296184", "rev": "e83414058edd339148dc142a8437edb9450574c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -336,11 +336,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1727649413, "lastModified": 1729068498,
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=", "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e", "rev": "e337457502571b23e449bf42153d7faa10c0a562",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,11 +450,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728790083, "lastModified": 1729999765,
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -524,11 +524,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1728492678, "lastModified": 1729880355,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -40,7 +40,8 @@ in
smtp_helo_name = config.networking.fqdn; smtp_helo_name = config.networking.fqdn;
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
smtp_tls_security_level = "may"; smtp_tls_security_level = "may";
smtpd_tls_security_level = lib.mkForce "encrypt"; # forcing encryption breaks rspamd
smtpd_tls_security_level = "may";
smtpd_tls_auth_only = true; smtpd_tls_auth_only = true;
smtpd_tls_protocols = [ smtpd_tls_protocols = [
"!SSLv2" "!SSLv2"

View file

@ -15,9 +15,6 @@ in
file = ../../../../secrets/nuc/matrix/shared.age; file = ../../../../secrets/nuc/matrix/shared.age;
owner = config.systemd.services.matrix-synapse.serviceConfig.User; owner = config.systemd.services.matrix-synapse.serviceConfig.User;
}; };
"matrix/sync" = {
file = ../../../../secrets/nuc/matrix/sync.age;
};
}; };
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043" "jitsi-meet-1.0.8043"
@ -59,22 +56,11 @@ in
}]; }];
}; };
}; };
matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://${domain}";
SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock";
};
environmentFile = config.age.secrets."matrix/sync".path;
};
caddy = { caddy = {
virtualHosts = { virtualHosts = {
# synapse # synapse
"${domain}".extraConfig = '' "${domain}".extraConfig = ''
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
reverse_proxy 127.0.0.1:8008 reverse_proxy 127.0.0.1:8008
handle /_synapse/metrics* { handle /_synapse/metrics* {
respond 404 respond 404
@ -104,11 +90,6 @@ in
RuntimeDirectory = "matrix-synapse"; RuntimeDirectory = "matrix-synapse";
}; };
}; };
systemd.services.matrix-sliding-sync = {
serviceConfig = {
RuntimeDirectory = "matrix-sliding-sync";
};
};
systemd.services.matrix-synapse-pgsetup = { systemd.services.matrix-synapse-pgsetup = {
description = "Prepare Synapse postgres database"; description = "Prepare Synapse postgres database";

View file

@ -85,6 +85,7 @@ in
services.prometheus = { services.prometheus = {
enable = true; enable = true;
port = 9001; port = 9001;
retentionTime = "1y";
ruleFiles = [ ruleFiles = [
./synapse-v2.rules ./synapse-v2.rules
]; ];
@ -93,19 +94,19 @@ in
enable = true; enable = true;
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
}; };
json = { # json = {
enable = true; # enable = true;
configFile = pkgs.writeText "json-exporter.yml" '' # configFile = pkgs.writeText "json-exporter.yml" ''
--- # ---
modules: # modules:
pegelstand: # pegelstand:
metrics: # metrics:
- name: pegelstand_elbe_dresden # - name: pegelstand_elbe_dresden
path: '{ $.pegel }' # path: '{ $.pegel }'
type: value # type: value
help: Pegelstand in Dresden # help: Pegelstand in Dresden
''; # '';
}; # };
}; };
scrapeConfigs = [ scrapeConfigs = [
{ {
@ -140,20 +141,20 @@ in
targets = [ "nuc.vpn.rfive.de:9300" ]; targets = [ "nuc.vpn.rfive.de:9300" ];
}]; }];
} }
{ # {
job_name = "pegel_dresden"; # job_name = "pegel_dresden";
metrics_path = "/probe"; # metrics_path = "/probe";
params = { # params = {
module = [ "pegelstand" ]; # module = [ "pegelstand" ];
target = [ # target = [
"https://api.stramke.com/wasserstand/sachsen/Dresden" # "https://api.stramke.com/wasserstand/sachsen/Dresden"
]; # ];
}; # };
static_configs = [{ # static_configs = [{
targets = [ "nuc.vpn.rfive.de:7979" ]; # targets = [ "nuc.vpn.rfive.de:7979" ];
}]; # }];
scrape_interval = "5m"; # scrape_interval = "5m";
} # }
{ {
job_name = "caddy"; job_name = "caddy";
static_configs = [{ static_configs = [{

View file

@ -19,9 +19,9 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStart = "${pkgs.iproute}/bin/ip netns add %I"; ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up"; ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up";
ExecStop = "${pkgs.iproute}/bin/ip netns del %I"; ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
}; };
}; };

View file

@ -9,7 +9,7 @@
[ [
nerdfonts nerdfonts
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk-sans
noto-fonts-emoji noto-fonts-emoji
roboto roboto
fira fira

View file

@ -138,7 +138,7 @@
systemd.services = { systemd.services = {
openfortivpn-agdsn = { openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN"; description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31"; script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ]; after = [ "network.target" "network-online.target" ];
serviceConfig = { serviceConfig = {

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo
T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8
-> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno
TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A
-> U1M[E6m-grease US!+ :Hx\j7A K
7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX
sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ
--- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ
\4À‹±¼µƒOÒ <0B>ˆM©•_è@… Œ¾aÅ€@ã6¦³½ï[×XCͦ챞|<7C>|"£–—¢ ÷z<C3B7>OÆ”!:>xMH( KBóy¼Z 1ù*“]‰d|ýÀ¦l?þ t·¹öE_:

Binary file not shown.

Binary file not shown.

View file

@ -9,7 +9,7 @@
distributedBuilds = true; distributedBuilds = true;
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" ]; experimental-features = [ "nix-command" "flakes" ];
substituters = [ substituters = [
"https://cache.rfive.de" "https://cache.rfive.de"
"https://cache.ifsr.de" "https://cache.ifsr.de"

View file

@ -47,4 +47,9 @@
# enable java black magic # enable java black magic
# programs.java.enable = true; # programs.java.enable = true;
# fix for old matrix clients
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
} }

View file

@ -12,6 +12,7 @@
pcmanfm pcmanfm
xdg-utils # used for xdg-open xdg-utils # used for xdg-open
appimage-run appimage-run
glab
# graphics # graphics
(zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; }) (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
@ -31,11 +32,12 @@
# messaging # messaging
tdesktop tdesktop
profanity profanity
gomuks
# games # games
prismlauncher prismlauncher
superTuxKart superTuxKart
space-cadet-pinball # space-cadet-pinball
# cryptography # cryptography
yubikey-manager yubikey-manager
@ -62,6 +64,7 @@
gnumake gnumake
go go
pre-commit pre-commit
jetbrains.idea-ultimate
# fancy tools # fancy tools
just just
@ -113,6 +116,7 @@
"image/gif" = image-viewers; "image/gif" = image-viewers;
"image/webp" = image-viewers; "image/webp" = image-viewers;
"image/ico" = image-viewers; "image/ico" = image-viewers;
"image/svg" = browsers;
"x-scheme-handler/http" = browsers; "x-scheme-handler/http" = browsers;
"x-scheme-handler/https" = browsers; "x-scheme-handler/https" = browsers;
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ]; "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];