mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
Compare commits
7 commits
9f0712d2ca
...
5dbab41a2e
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | 5dbab41a2e | ||
Rouven Seifert | c877f4be7f | ||
Rouven Seifert | 9e01a0bc04 | ||
Rouven Seifert | f717779d32 | ||
Rouven Seifert | 25ac340213 | ||
Rouven Seifert | 276a49ce31 | ||
Rouven Seifert | 3b495d8f13 |
24
flake.lock
24
flake.lock
|
@ -180,11 +180,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709938482,
|
||||
"narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
|
||||
"lastModified": 1710062421,
|
||||
"narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
|
||||
"rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -281,11 +281,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709906691,
|
||||
"narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
|
||||
"lastModified": 1710040110,
|
||||
"narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
|
||||
"rev": "851fcfd130597c5c91071d46275111522d4fd595",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -296,11 +296,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1709703039,
|
||||
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
|
||||
"lastModified": 1709961763,
|
||||
"narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
|
||||
"rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -488,11 +488,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709987509,
|
||||
"narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=",
|
||||
"lastModified": 1710096282,
|
||||
"narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
|
||||
"owner": "rouven0",
|
||||
"repo": "TruckSimulatorBot",
|
||||
"rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0",
|
||||
"rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
secondary = "185.181.104.96";
|
||||
zonefile = pkgs.writeText "rfive.de.zone.txt" ''
|
||||
$TTL 3600
|
||||
$ORIGIN rfive.de.
|
||||
|
||||
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600
|
||||
@ NS ns0.rfive.de.
|
||||
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
|
||||
2024031013 ; serial
|
||||
10800 ; refresh
|
||||
3600 ; retry
|
||||
604800 ; expire
|
||||
3600 ) ; negatives caching, ehem. minimum
|
||||
|
||||
@ NS ns.inwx.de.
|
||||
@ NS ns2.inwx.de.
|
||||
@ NS ns3.inwx.eu.
|
||||
|
||||
ns0 A 23.88.121.184
|
||||
ns0 AAAA 2a01:4f8:c012:49de::1
|
||||
|
||||
@ A 23.88.121.184
|
||||
@ AAAA 2a01:4f8:c012:49de::1
|
||||
|
||||
|
@ -20,6 +23,9 @@ let
|
|||
@ CAA 0 issue "letsencrypt.org"
|
||||
@ CAA 0 issuewild ";"
|
||||
|
||||
ns A 23.88.121.184
|
||||
ns AAAA 2a01:4f8:c012:49de::1
|
||||
|
||||
nuc A 141.30.227.6
|
||||
falkenstein A 23.88.121.184
|
||||
falkenstein AAAA 2a01:4f8:c012:49de::1
|
||||
|
@ -40,13 +46,13 @@ let
|
|||
|
||||
cache CNAME nuc.rfive.de.
|
||||
chat CNAME nuc.rfive.de.
|
||||
img.trucks CNAME falkenstein.rfive.de.
|
||||
matrix CNAME nuc.rfive.de.
|
||||
seafile CNAME nuc.rfive.de.
|
||||
vault CNAME nuc.rfive.de.
|
||||
|
||||
purge CNAME falkenstein.rfive.de.
|
||||
rspamd CNAME falkenstein.rfive.de.
|
||||
seafile CNAME nuc.rfive.de.
|
||||
trucks CNAME falkenstein.rfive.de.
|
||||
vault CNAME nuc.rfive.de.
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
@ -57,12 +63,13 @@ in
|
|||
"rfive.de" = {
|
||||
master = true;
|
||||
slaves = [
|
||||
"185.181.104.96"
|
||||
secondary
|
||||
];
|
||||
extraConfig = ''
|
||||
also-notify {185.181.104.96;};
|
||||
also-notify {${secondary};};
|
||||
dnssec-policy default;
|
||||
inline-signing yes;
|
||||
serial-update-method date;
|
||||
'';
|
||||
file = "${directory}/rfive.de.zone.txt";
|
||||
};
|
||||
|
@ -72,6 +79,8 @@ in
|
|||
# copy the file manually to its destination since signing requires a writable directory
|
||||
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
|
||||
'';
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
networking.firewall.allowedTCPPorts = [ 53 ];
|
||||
networking.firewall.extraInputRules = ''
|
||||
ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
|
||||
ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -24,13 +24,6 @@ in
|
|||
ensureDatabases = [ "trucksimulator" ];
|
||||
};
|
||||
services.nginx.virtualHosts = {
|
||||
"img.${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}";
|
||||
};
|
||||
};
|
||||
"${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -38,6 +31,9 @@ in
|
|||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
|
||||
};
|
||||
locations."/images/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
|
||||
};
|
||||
locations."/docs" = {
|
||||
root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
|
||||
};
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
};
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnssec = "allow-downgrade";
|
||||
# dnssec = "allow-downgrade";
|
||||
fallbackDns = [
|
||||
"9.9.9.9"
|
||||
"149.112.112.112"
|
||||
|
|
|
@ -14,11 +14,6 @@
|
|||
./modules/virtualisation
|
||||
];
|
||||
|
||||
# nixpkgs.hostPlatform = {
|
||||
# gcc.arch = "tigerlake";
|
||||
# gcc.tune = "tigerlake";
|
||||
# system = "x86_64-linux";
|
||||
# };
|
||||
|
||||
nix.settings.system-features = [ "gccarch-tigerlake" ];
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
gdb
|
||||
lldb
|
||||
rust-analyzer
|
||||
rnix-lsp
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
typst-lsp
|
||||
(python3.withPackages (ps: with ps; [
|
||||
pyls-isort
|
||||
|
@ -28,14 +29,15 @@
|
|||
enable = true;
|
||||
|
||||
languages = {
|
||||
language-server.rnix-lsp = {
|
||||
command = "rnix-lsp";
|
||||
language-server.nil = {
|
||||
command = "nil";
|
||||
config = { nil.formatting.command = [ "nixpkgs-fmt" ]; };
|
||||
};
|
||||
language = [
|
||||
{
|
||||
name = "nix";
|
||||
auto-format = true;
|
||||
language-servers = [ "rnix-lsp" ];
|
||||
language-servers = [ "nil" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -46,6 +48,7 @@
|
|||
color-modes = true;
|
||||
line-number = "relative";
|
||||
cursor-shape.insert = "bar";
|
||||
completion-trigger-len = 0;
|
||||
lsp = {
|
||||
display-messages = true;
|
||||
display-inlay-hints = true;
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
# essentials
|
||||
htop-vim
|
||||
lsof
|
||||
|
||||
zip
|
||||
unzip
|
||||
man-pages
|
||||
|
@ -31,7 +32,6 @@
|
|||
gomuks
|
||||
profanity
|
||||
fractal
|
||||
tuba # mastodon client
|
||||
|
||||
# games
|
||||
prismlauncher
|
||||
|
@ -43,10 +43,7 @@
|
|||
bitwarden-cli
|
||||
|
||||
# misc
|
||||
hugo
|
||||
neofetch # obligatory
|
||||
jetbrains.idea-ultimate #😎
|
||||
croc # send files anywhere
|
||||
xournalpp
|
||||
libreoffice
|
||||
mosh
|
||||
|
|
Loading…
Reference in a new issue