misc updates

flake.lock

@@ -301,11 +301,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728791962,
-        "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
+        "lastModified": 1730016908,
+        "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64c6325b28ebd708653dd41d88f306023f296184",
+        "rev": "e83414058edd339148dc142a8437edb9450574c8",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1727649413,
-        "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
+        "lastModified": 1729068498,
+        "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
+        "rev": "e337457502571b23e449bf42153d7faa10c0a562",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728790083,
-        "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
+        "lastModified": 1729999765,
+        "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
+        "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
         "type": "github"
       },
       "original": {
@@ -524,11 +524,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1728492678,
-        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
+        "lastModified": 1729880355,
+        "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
+        "rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/mail/postfix.nix

@@ -40,7 +40,8 @@ in
         smtp_helo_name = config.networking.fqdn;
         smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
         smtp_tls_security_level = "may";
-        smtpd_tls_security_level = lib.mkForce "encrypt";
+        # forcing encryption breaks rspamd
+        smtpd_tls_security_level = "may";
         smtpd_tls_auth_only = true;
         smtpd_tls_protocols = [
           "!SSLv2"

hosts/nuc/modules/matrix/default.nix

@@ -15,9 +15,6 @@ in
       file = ../../../../secrets/nuc/matrix/shared.age;
       owner = config.systemd.services.matrix-synapse.serviceConfig.User;
     };
-    "matrix/sync" = {
-      file = ../../../../secrets/nuc/matrix/sync.age;
-    };
   };
   nixpkgs.config.permittedInsecurePackages = [
     "jitsi-meet-1.0.8043"
@@ -59,22 +56,11 @@ in
         }];
       };
     };
-    matrix-sliding-sync = {
-      enable = true;
-      settings = {
-        SYNCV3_SERVER = "https://${domain}";
-        SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock";
-      };
-      environmentFile = config.age.secrets."matrix/sync".path;
-    };
-
 
     caddy = {
       virtualHosts = {
         # synapse
         "${domain}".extraConfig = ''
-          reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
-          reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
           reverse_proxy 127.0.0.1:8008
           handle /_synapse/metrics* {
             respond 404
@@ -104,11 +90,6 @@ in
       RuntimeDirectory = "matrix-synapse";
     };
   };
-  systemd.services.matrix-sliding-sync = {
-    serviceConfig = {
-      RuntimeDirectory = "matrix-sliding-sync";
-    };
-  };
 
   systemd.services.matrix-synapse-pgsetup = {
     description = "Prepare Synapse postgres database";

hosts/nuc/modules/monitoring/default.nix

@@ -85,6 +85,7 @@ in
   services.prometheus = {
     enable = true;
     port = 9001;
+    retentionTime = "1y";
     ruleFiles = [
       ./synapse-v2.rules
     ];
@@ -93,19 +94,19 @@ in
         enable = true;
         enabledCollectors = [ "systemd" ];
       };
-      json = {
-        enable = true;
-        configFile = pkgs.writeText "json-exporter.yml" ''
-          ---
-          modules:
-            pegelstand:
-              metrics:
-                - name: pegelstand_elbe_dresden
-                  path: '{ $.pegel }'
-                  type: value
-                  help: Pegelstand in Dresden
-        '';
-      };
+      # json = {
+      #   enable = true;
+      #   configFile = pkgs.writeText "json-exporter.yml" ''
+      #     ---
+      #     modules:
+      #       pegelstand:
+      #         metrics:
+      #           - name: pegelstand_elbe_dresden
+      #             path: '{ $.pegel }'
+      #             type: value
+      #             help: Pegelstand in Dresden
+      #   '';
+      # };
     };
     scrapeConfigs = [
       {
@@ -140,20 +141,20 @@ in
           targets = [ "nuc.vpn.rfive.de:9300" ];
         }];
       }
-      {
-        job_name = "pegel_dresden";
-        metrics_path = "/probe";
-        params = {
-          module = [ "pegelstand" ];
-          target = [
-            "https://api.stramke.com/wasserstand/sachsen/Dresden"
-          ];
-        };
-        static_configs = [{
-          targets = [ "nuc.vpn.rfive.de:7979" ];
-        }];
-        scrape_interval = "5m";
-      }
+      # {
+      #   job_name = "pegel_dresden";
+      #   metrics_path = "/probe";
+      #   params = {
+      #     module = [ "pegelstand" ];
+      #     target = [
+      #       "https://api.stramke.com/wasserstand/sachsen/Dresden"
+      #     ];
+      #   };
+      #   static_configs = [{
+      #     targets = [ "nuc.vpn.rfive.de:7979" ];
+      #   }];
+      #   scrape_interval = "5m";
+      # }
       {
         job_name = "caddy";
         static_configs = [{

hosts/nuc/modules/torrent/default.nix

@@ -19,9 +19,9 @@ in
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
-      ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
+      ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
       ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec %I ${pkgs.iproute2}/bin/ip link set dev lo up";
-      ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+      ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
     };
   };
 

hosts/thinkpad/modules/graphics/default.nix

@@ -9,7 +9,7 @@
       [
         nerdfonts
         noto-fonts
-        noto-fonts-cjk
+        noto-fonts-cjk-sans
         noto-fonts-emoji
         roboto
         fira

hosts/thinkpad/modules/networks/uni.nix

@@ -138,7 +138,7 @@
   systemd.services = {
     openfortivpn-agdsn = {
       description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
       requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       serviceConfig = {

secrets/nuc/matrix/sync.age

@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo
-T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8
--> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno
-TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A
--> U1M[E6m-grease US!+ :Hx\j7A K
-7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX
-sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ
---- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ
-\4À‹±
¼µƒOÒ<0B>ˆM©•_è–@…
Œ¾aÅ€@ã6¦³½ï[×XC–ͦ챞|<7C>|"£–—¢
÷z<C3B7>OÆ”!:>xMH( KBóy
¼Z	‹1ù*“]‰d|ýÀ¦l?þ
t·¹öE_:

shared/nix.nix

@@ -9,7 +9,7 @@
     distributedBuilds = true;
     settings = {
       auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      experimental-features = [ "nix-command" "flakes" ];
       substituters = [
         "https://cache.rfive.de"
         "https://cache.ifsr.de"

users/rouven/fixes.nix

@@ -47,4 +47,9 @@
 
   # enable java black magic 
   # programs.java.enable = true;
+
+  # fix for old matrix clients
+  nixpkgs.config.permittedInsecurePackages = [
+    "olm-3.2.16"
+  ];
 }

users/rouven/modules/packages.nix

@@ -12,6 +12,7 @@
     pcmanfm
     xdg-utils # used for xdg-open
     appimage-run
+    glab
 
     # graphics
     (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
@@ -31,11 +32,12 @@
     # messaging
     tdesktop
     profanity
+    gomuks
 
     # games
     prismlauncher
     superTuxKart
-    space-cadet-pinball
+    # space-cadet-pinball
 
     # cryptography
     yubikey-manager
@@ -62,6 +64,7 @@
     gnumake
     go
     pre-commit
+    jetbrains.idea-ultimate
 
     # fancy tools
     just
@@ -113,6 +116,7 @@
         "image/gif" = image-viewers;
         "image/webp" = image-viewers;
         "image/ico" = image-viewers;
+        "image/svg" = browsers;
         "x-scheme-handler/http" = browsers;
         "x-scheme-handler/https" = browsers;
         "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];