Compare commits

..

7 commits

7 changed files with 47 additions and 47 deletions

View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709938482, "lastModified": 1710062421,
"narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=", "narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0", "rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -281,11 +281,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709906691, "lastModified": 1710040110,
"narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=", "narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178", "rev": "851fcfd130597c5c91071d46275111522d4fd595",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -296,11 +296,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709703039, "lastModified": 1709961763,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -488,11 +488,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709987509, "lastModified": 1710096282,
"narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=", "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
"owner": "rouven0", "owner": "rouven0",
"repo": "TruckSimulatorBot", "repo": "TruckSimulatorBot",
"rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0", "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,18 +1,21 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
secondary = "185.181.104.96";
zonefile = pkgs.writeText "rfive.de.zone.txt" '' zonefile = pkgs.writeText "rfive.de.zone.txt" ''
$TTL 3600 $TTL 3600
$ORIGIN rfive.de. $ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600 rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
@ NS ns0.rfive.de. 2024031013 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
3600 ) ; negatives caching, ehem. minimum
@ NS ns.inwx.de. @ NS ns.inwx.de.
@ NS ns2.inwx.de. @ NS ns2.inwx.de.
@ NS ns3.inwx.eu. @ NS ns3.inwx.eu.
ns0 A 23.88.121.184
ns0 AAAA 2a01:4f8:c012:49de::1
@ A 23.88.121.184 @ A 23.88.121.184
@ AAAA 2a01:4f8:c012:49de::1 @ AAAA 2a01:4f8:c012:49de::1
@ -20,6 +23,9 @@ let
@ CAA 0 issue "letsencrypt.org" @ CAA 0 issue "letsencrypt.org"
@ CAA 0 issuewild ";" @ CAA 0 issuewild ";"
ns A 23.88.121.184
ns AAAA 2a01:4f8:c012:49de::1
nuc A 141.30.227.6 nuc A 141.30.227.6
falkenstein A 23.88.121.184 falkenstein A 23.88.121.184
falkenstein AAAA 2a01:4f8:c012:49de::1 falkenstein AAAA 2a01:4f8:c012:49de::1
@ -40,13 +46,13 @@ let
cache CNAME nuc.rfive.de. cache CNAME nuc.rfive.de.
chat CNAME nuc.rfive.de. chat CNAME nuc.rfive.de.
img.trucks CNAME falkenstein.rfive.de.
matrix CNAME nuc.rfive.de. matrix CNAME nuc.rfive.de.
seafile CNAME nuc.rfive.de.
vault CNAME nuc.rfive.de.
purge CNAME falkenstein.rfive.de. purge CNAME falkenstein.rfive.de.
rspamd CNAME falkenstein.rfive.de. rspamd CNAME falkenstein.rfive.de.
seafile CNAME nuc.rfive.de.
trucks CNAME falkenstein.rfive.de. trucks CNAME falkenstein.rfive.de.
vault CNAME nuc.rfive.de.
''; '';
in in
{ {
@ -57,12 +63,13 @@ in
"rfive.de" = { "rfive.de" = {
master = true; master = true;
slaves = [ slaves = [
"185.181.104.96" secondary
]; ];
extraConfig = '' extraConfig = ''
also-notify {185.181.104.96;}; also-notify {${secondary};};
dnssec-policy default; dnssec-policy default;
inline-signing yes; inline-signing yes;
serial-update-method date;
''; '';
file = "${directory}/rfive.de.zone.txt"; file = "${directory}/rfive.de.zone.txt";
}; };
@ -72,6 +79,8 @@ in
# copy the file manually to its destination since signing requires a writable directory # copy the file manually to its destination since signing requires a writable directory
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
''; '';
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.extraInputRules = ''
networking.firewall.allowedTCPPorts = [ 53 ]; ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
'';
} }

View file

@ -24,13 +24,6 @@ in
ensureDatabases = [ "trucksimulator" ]; ensureDatabases = [ "trucksimulator" ];
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"img.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}";
};
};
"${domain}" = { "${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -38,6 +31,9 @@ in
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}"; proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
}; };
locations."/images/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
};
locations."/docs" = { locations."/docs" = {
root = "${trucksimulatorbot.packages.x86_64-linux.docs}"; root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
}; };

View file

@ -14,7 +14,7 @@
}; };
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "allow-downgrade"; # dnssec = "allow-downgrade";
fallbackDns = [ fallbackDns = [
"9.9.9.9" "9.9.9.9"
"149.112.112.112" "149.112.112.112"

View file

@ -14,11 +14,6 @@
./modules/virtualisation ./modules/virtualisation
]; ];
# nixpkgs.hostPlatform = {
# gcc.arch = "tigerlake";
# gcc.tune = "tigerlake";
# system = "x86_64-linux";
# };
nix.settings.system-features = [ "gccarch-tigerlake" ]; nix.settings.system-features = [ "gccarch-tigerlake" ];
systemd.additionalUpstreamSystemUnits = [ systemd.additionalUpstreamSystemUnits = [

View file

@ -4,7 +4,8 @@
gdb gdb
lldb lldb
rust-analyzer rust-analyzer
rnix-lsp nil
nixpkgs-fmt
typst-lsp typst-lsp
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps: with ps; [
pyls-isort pyls-isort
@ -28,14 +29,15 @@
enable = true; enable = true;
languages = { languages = {
language-server.rnix-lsp = { language-server.nil = {
command = "rnix-lsp"; command = "nil";
config = { nil.formatting.command = [ "nixpkgs-fmt" ]; };
}; };
language = [ language = [
{ {
name = "nix"; name = "nix";
auto-format = true; auto-format = true;
language-servers = [ "rnix-lsp" ]; language-servers = [ "nil" ];
} }
]; ];
}; };
@ -46,6 +48,7 @@
color-modes = true; color-modes = true;
line-number = "relative"; line-number = "relative";
cursor-shape.insert = "bar"; cursor-shape.insert = "bar";
completion-trigger-len = 0;
lsp = { lsp = {
display-messages = true; display-messages = true;
display-inlay-hints = true; display-inlay-hints = true;

View file

@ -5,6 +5,7 @@
# essentials # essentials
htop-vim htop-vim
lsof lsof
zip zip
unzip unzip
man-pages man-pages
@ -31,7 +32,6 @@
gomuks gomuks
profanity profanity
fractal fractal
tuba # mastodon client
# games # games
prismlauncher prismlauncher
@ -43,10 +43,7 @@
bitwarden-cli bitwarden-cli
# misc # misc
hugo
neofetch # obligatory neofetch # obligatory
jetbrains.idea-ultimate #😎
croc # send files anywhere
xournalpp xournalpp
libreoffice libreoffice
mosh mosh