diff --git a/README.md b/README.md index f3ff301..0ddc915 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ sda ├─sda1 / ├─sda14 # BIOS boot └─sda15 /boot/efi # EFI stuff +zram0 [SWAP] ``` ### vm diff --git a/flake.lock b/flake.lock index 2de47a7..425358b 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1709938482, - "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=", + "lastModified": 1709485962, + "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", "owner": "nix-community", "repo": "home-manager", - "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0", + "rev": "d579633ff9915a8f4058d5c439281097e92380a8", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709906691, - "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=", + "lastModified": 1709435391, + "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178", + "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1709987509, - "narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=", + "lastModified": 1709309746, + "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0", + "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd", "type": "github" }, "original": { diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index 60cacca..b84a17a 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -5,7 +5,6 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ./modules/backup - ./modules/dns ./modules/fail2ban ./modules/mail ./modules/networks @@ -28,6 +27,7 @@ initrd.systemd.enable = true; kernelPackages = pkgs.linuxPackages_latest; }; + zramSwap.enable = true; time.timeZone = "Europe/Berlin"; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix deleted file mode 100644 index 48b2eb8..0000000 --- a/hosts/falkenstein/modules/dns/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, ... }: -{ - services.bind = { - enable = true; - zones = { - "rfive.de" = { - master = true; - slaves = [ - "185.181.104.96" - ]; - extraConfig = '' - also-notify {185.181.104.96;}; - ''; - file = pkgs.writeText "rfive.de_zone.txt" '' - $TTL 3600 - $ORIGIN rfive.de. - - rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030832 10800 3600 604800 3600 - @ 3600 IN NS ns.rfive.de. - @ 3600 IN NS ns.inwx.de. - @ 3600 IN NS ns2.inwx.de. - - ns.rfive.de. 3600 IN A 23.88.121.184 - ns.rfive.de. 3600 IN AAAA 2a01:4f8:c012:49de::1 - - @ IN A 23.88.121.184 - @ IN AAAA 2a01:4f8:c012:49de::1 - @ IN CAA 0 iodef "mailto:ca@rfive.de" - @ IN CAA 0 issue "letsencrypt.org" - @ IN CAA 0 issuewild ";" - - nuc IN A 141.30.227.6 - - falkenstein IN A 23.88.121.184 - falkenstein IN AAAA 2a01:4f8:c012:49de::1 - falkenstein IN SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F - falkenstein IN SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990 - falkenstein IN SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A - falkenstein IN SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2 - - @ IN MX 1 mail.rfive.de. - mail IN A 23.88.121.184 - mail IN AAAA 2a01:4f8:c012:49de::1 - - @ IN TXT "v=spf1 mx ~all" - rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" - _dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" - - cache IN CNAME nuc.rfive.de. - chat IN CNAME nuc.rfive.de. - img.trucks IN CNAME falkenstein.rfive.de. - matrix IN CNAME nuc.rfive.de. - purge IN CNAME falkenstein.rfive.de. - rspamd IN CNAME falkenstein.rfive.de. - seafile IN CNAME nuc.rfive.de. - trucks IN CNAME falkenstein.rfive.de. - vault IN CNAME nuc.rfive.de. - - _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c" - ''; - }; - }; - }; - networking.firewall.allowedUDPPorts = [ 53 ]; - networking.firewall.allowedTCPPorts = [ 53 ]; -} diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index 4f5ef3f..1e96bae 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -44,8 +44,7 @@ in sslKey = "/var/lib/acme/${hostname}/key.pem"; config = { home_mailbox = "Maildir/"; - smtp_helo_name = config.networking.fqdn; - smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; + smtp_helo_name = "falkenstein.vpn.rfive.de"; smtp_use_tls = true; smtpd_use_tls = true; smtpd_tls_protocols = [ @@ -221,6 +220,7 @@ in "dkim_signing.conf".text = '' selector = "rspamd"; allow_username_mismatch = true; + allow_hdrfrom_mismatch = true; path = /var/lib/rspamd/dkim/$domain.key; ''; }; diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix index 163bf41..4452579 100644 --- a/hosts/falkenstein/modules/networks/default.nix +++ b/hosts/falkenstein/modules/networks/default.nix @@ -31,10 +31,6 @@ "2620:fe::fe" "2620:fe::9" ]; - extraConfig = '' - [Resolve] - DNSStubListener=no - ''; }; systemd.network = { enable = true; @@ -76,7 +72,7 @@ wireguardPeerConfig = { PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; - Endpoint = "nuc.rfive.de:51820"; + Endpoint = "dorm.vpn.rfive.de:51820"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; }; } diff --git a/hosts/falkenstein/modules/trucksimulatorbot/default.nix b/hosts/falkenstein/modules/trucksimulatorbot/default.nix index 6e9ecd3..18d4496 100644 --- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix +++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix @@ -1,6 +1,6 @@ { config, pkgs, trucksimulatorbot, ... }: let - domain = "trucks.${config.networking.domain}"; + domain = "trucksimulatorbot.${config.networking.domain}"; in { services.trucksimulatorbot = { @@ -24,7 +24,7 @@ in ensureDatabases = [ "trucksimulator" ]; }; services.nginx.virtualHosts = { - "img.${domain}" = { + "images.${domain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 7415d60..670f0ea 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -7,9 +7,13 @@ ./modules/networks ./modules/backup ./modules/cache + # ./modules/grafana + ./modules/hydra + # ./modules/prometheus ./modules/matrix ./modules/mautrix-telegram ./modules/seafile + ./modules/uptime-kuma ./modules/vaultwarden ./modules/nginx ]; @@ -65,6 +69,8 @@ programs.mosh.enable = true; + # firmware updates + services.fwupd.enable = true; users.users.root.initialHashedPassword = "$y$j9T$hYM7FT2hn3O7OWBn9uz8e0$XquxONcPSke6YjdRGwOzGxC0/92hgP7PIB0y0K.Qdr/"; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../keys/ssh/rouven-thinkpad diff --git a/hosts/nuc/modules/uptime-kuma/default.nix b/hosts/nuc/modules/uptime-kuma/default.nix new file mode 100644 index 0000000..9d2e32b --- /dev/null +++ b/hosts/nuc/modules/uptime-kuma/default.nix @@ -0,0 +1,18 @@ +{ config, ... }: +let + domain = "uptime.${config.networking.domain}"; +in +{ + services.uptime-kuma = { + enable = true; + }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + proxyWebsockets = true; + }; + }; + +} diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 7bfaf31..3d1cbdb 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -151,7 +151,7 @@ wireguardPeerConfig = { PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; - Endpoint = "nuc.rfive.de:51820"; + Endpoint = "dorm.vpn.rfive.de:51820"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; }; } diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index ff2d7ec..d66570a 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -8,7 +8,7 @@ zip unzip man-pages - pcmanfm + cinnamon.nemo xdg-utils # used for xdg-open appimage-run seafile-client diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 59fd80d..fb95c2e 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -22,7 +22,7 @@ in identityFile = git; }; "rfive.de" = { - hostname = "falkenstein.rfive.de"; + hostname = "falkenstein.vpn.rfive.de"; user = "root"; extraOptions = { VerifyHostKeyDNS = "yes"; diff --git a/users/rouven/modules/wayland/default.nix b/users/rouven/modules/wayland/default.nix index e68e13b..16f0b52 100644 --- a/users/rouven/modules/wayland/default.nix +++ b/users/rouven/modules/wayland/default.nix @@ -29,7 +29,7 @@ { event = "lock"; command = lib.getExe pkgs.swaylock-effects; } ]; timeouts = [ - # { timeout = 300; command = lib.getExe pkgs.swaylock-effects; } + { timeout = 300; command = lib.getExe pkgs.swaylock-effects; } ]; systemdTarget = "graphical-session.target"; };