diff --git a/flake.lock b/flake.lock index 6ad590c..425358b 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", + "lastModified": 1709485962, + "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", + "rev": "d579633ff9915a8f4058d5c439281097e92380a8", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1706522977, - "narHash": "sha256-Tq69CQ+uutfY477w8uCRyF/2V0Wh/+zHzM3qwcVmqsk=", + "lastModified": 1709110024, + "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=", "owner": "rouven0", "repo": "TruckSimulatorBot-images", - "rev": "d54a772d48a329a402433cc90502700a6699008e", + "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1708830466, - "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=", + "lastModified": 1709435391, + "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b", + "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709150264, - "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -347,11 +347,11 @@ ] }, "locked": { - "lastModified": 1698315015, - "narHash": "sha256-RWYymaHHx6pi4HRLfJJTF3u4Im22uUtVZDUvTbP0Qrc=", + "lastModified": 1709373109, + "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=", "owner": "rouven0", "repo": "pfersel", - "rev": "40292aa59ed9f6630dc39405f318842a9c8e7cb3", + "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba", "type": "github" }, "original": { @@ -398,11 +398,11 @@ ] }, "locked": { - "lastModified": 1706780558, - "narHash": "sha256-tZRNaZKENRzd83oLgqgG/G2A+7FgsISFhgblGjFM244=", + "lastModified": 1709309729, + "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=", "owner": "rouven0", "repo": "purge", - "rev": "3875053bd588aeee14849c50c60f6a33ac784da3", + "rev": "0d083d35316101755d2ecb9bba32fefc42df914d", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1708375524, - "narHash": "sha256-6XxKJhGupxakfrz8GBJJ/l9RvLs3tt9wuj3c8MZoSuo=", + "lastModified": 1709309746, + "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "6b33532486100f83fc9c7f2da3d1b54ea4fe5986", + "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index 256d899..1e96bae 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -81,7 +81,6 @@ in smtpd_sasl_path = "/var/lib/postfix/auth"; smtpd_sasl_type = "dovecot"; mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp"; - }; }; @@ -203,31 +202,26 @@ in password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy"; ''; "redis.conf".text = '' - read_servers = "127.0.0.1"; - write_servers = "127.0.0.1"; + read_servers = "/run/redis-rspamd/redis.sock"; + write_servers = "/run/redis-rspamd/redis.sock"; ''; "milter_headers.conf".text = '' use = ["x-spam-level", "x-spam-status", "x-spamd-result", "authentication-results" ]; ''; "dmarc.conf".text = '' reporting { - # Required attributes - enabled = true; # Enable reports in general - email = 'reports@${config.networking.domain}'; # Source of DMARC reports - domain = '${config.networking.domain}'; # Domain to serve - org_name = '${config.networking.domain}'; # Organisation + enabled = true; + email = 'reports@${config.networking.domain}'; + domain = '${config.networking.domain}'; + org_name = '${config.networking.domain}'; from_name = 'DMARC Aggregate Report'; } ''; "dkim_signing.conf".text = '' selector = "rspamd"; allow_username_mismatch = true; - domain { - rfive.de { - path = /var/lib/rspamd/dkim/rfive.key; - selector = "rspamd"; - } - } + allow_hdrfrom_mismatch = true; + path = /var/lib/rspamd/dkim/$domain.key; ''; }; }; @@ -235,7 +229,6 @@ in vmOverCommit = true; servers.rspamd = { enable = true; - port = 6379; }; }; }; @@ -262,6 +255,7 @@ in }; }; }; + users.users.rspamd.extraGroups = [ "redis-rspamd" ]; systemd = { services.rspamd-dmarc-report = { description = "rspamd dmarc reporter"; @@ -271,16 +265,7 @@ in User = "rspamd"; Group = "rspamd"; }; + startAt = "daily"; }; - timers.rspamd-dmarc-report = { - description = "Timer for daily dmarc reports"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Unit = "rspamd-dmarc-report.service"; - }; - - }; - }; } diff --git a/hosts/falkenstein/modules/pfersel/default.nix b/hosts/falkenstein/modules/pfersel/default.nix index 1c6dc0d..b203b59 100644 --- a/hosts/falkenstein/modules/pfersel/default.nix +++ b/hosts/falkenstein/modules/pfersel/default.nix @@ -2,7 +2,6 @@ { age.secrets.pfersel = { file = ../../../../secrets/falkenstein/pfersel.age; - owner = "pfersel"; }; services.pfersel = { enable = true; diff --git a/secrets/thinkpad/ifsr-apb-auth.age b/secrets/thinkpad/ifsr-apb-auth.age index 153cab0..d372fd2 100644 Binary files a/secrets/thinkpad/ifsr-apb-auth.age and b/secrets/thinkpad/ifsr-apb-auth.age differ diff --git a/shared/nix.nix b/shared/nix.nix index ba3d866..cb5c735 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -11,11 +11,12 @@ experimental-features = [ "nix-command" "flakes" "repl-flake" ]; substituters = [ "https://cache.rfive.de" - "https://cache.ifsr.de" + # temp disabled until logging error is resolved + # "https://cache.ifsr.de" ]; trusted-public-keys = [ "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw=" - "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg=" + # "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg=" ]; }; }; diff --git a/shared/systemd.nix b/shared/systemd.nix index 4adfba9..45193d8 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -13,6 +13,10 @@ enableRootSlice = true; enableUserSlices = true; }; + watchdog = { + runtimeTime = "30s"; + rebootTime = "10m"; + }; }; } diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 429861a..d66570a 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -29,6 +29,7 @@ tdesktop gajim gomuks + profanity fractal tuba # mastodon client