Compare commits

..

7 commits

7 changed files with 47 additions and 47 deletions

View file

@ -180,11 +180,11 @@
]
},
"locked": {
"lastModified": 1709938482,
"narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
"lastModified": 1710062421,
"narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
"rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a",
"type": "github"
},
"original": {
@ -281,11 +281,11 @@
]
},
"locked": {
"lastModified": 1709906691,
"narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
"lastModified": 1710040110,
"narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
"rev": "851fcfd130597c5c91071d46275111522d4fd595",
"type": "github"
},
"original": {
@ -296,11 +296,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1709703039,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"lastModified": 1709961763,
"narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
"type": "github"
},
"original": {
@ -488,11 +488,11 @@
]
},
"locked": {
"lastModified": 1709987509,
"narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=",
"lastModified": 1710096282,
"narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
"owner": "rouven0",
"repo": "TruckSimulatorBot",
"rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0",
"rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
"type": "github"
},
"original": {

View file

@ -1,18 +1,21 @@
{ pkgs, config, ... }:
let
secondary = "185.181.104.96";
zonefile = pkgs.writeText "rfive.de.zone.txt" ''
$TTL 3600
$ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600
@ NS ns0.rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
2024031013 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
3600 ) ; negatives caching, ehem. minimum
@ NS ns.inwx.de.
@ NS ns2.inwx.de.
@ NS ns3.inwx.eu.
ns0 A 23.88.121.184
ns0 AAAA 2a01:4f8:c012:49de::1
@ A 23.88.121.184
@ AAAA 2a01:4f8:c012:49de::1
@ -20,6 +23,9 @@ let
@ CAA 0 issue "letsencrypt.org"
@ CAA 0 issuewild ";"
ns A 23.88.121.184
ns AAAA 2a01:4f8:c012:49de::1
nuc A 141.30.227.6
falkenstein A 23.88.121.184
falkenstein AAAA 2a01:4f8:c012:49de::1
@ -40,13 +46,13 @@ let
cache CNAME nuc.rfive.de.
chat CNAME nuc.rfive.de.
img.trucks CNAME falkenstein.rfive.de.
matrix CNAME nuc.rfive.de.
seafile CNAME nuc.rfive.de.
vault CNAME nuc.rfive.de.
purge CNAME falkenstein.rfive.de.
rspamd CNAME falkenstein.rfive.de.
seafile CNAME nuc.rfive.de.
trucks CNAME falkenstein.rfive.de.
vault CNAME nuc.rfive.de.
'';
in
{
@ -57,12 +63,13 @@ in
"rfive.de" = {
master = true;
slaves = [
"185.181.104.96"
secondary
];
extraConfig = ''
also-notify {185.181.104.96;};
also-notify {${secondary};};
dnssec-policy default;
inline-signing yes;
serial-update-method date;
'';
file = "${directory}/rfive.de.zone.txt";
};
@ -72,6 +79,8 @@ in
# copy the file manually to its destination since signing requires a writable directory
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
'';
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.extraInputRules = ''
ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
'';
}

View file

@ -24,20 +24,16 @@ in
ensureDatabases = [ "trucksimulator" ];
};
services.nginx.virtualHosts = {
"img.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}";
};
};
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/invite".return = " 301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
};
locations."/images/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
};
locations."/docs" = {
root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
};

View file

@ -14,7 +14,7 @@
};
services.resolved = {
enable = true;
dnssec = "allow-downgrade";
# dnssec = "allow-downgrade";
fallbackDns = [
"9.9.9.9"
"149.112.112.112"

View file

@ -14,11 +14,6 @@
./modules/virtualisation
];
# nixpkgs.hostPlatform = {
# gcc.arch = "tigerlake";
# gcc.tune = "tigerlake";
# system = "x86_64-linux";
# };
nix.settings.system-features = [ "gccarch-tigerlake" ];
systemd.additionalUpstreamSystemUnits = [

View file

@ -4,7 +4,8 @@
gdb
lldb
rust-analyzer
rnix-lsp
nil
nixpkgs-fmt
typst-lsp
(python3.withPackages (ps: with ps; [
pyls-isort
@ -28,14 +29,15 @@
enable = true;
languages = {
language-server.rnix-lsp = {
command = "rnix-lsp";
language-server.nil = {
command = "nil";
config = { nil.formatting.command = [ "nixpkgs-fmt" ]; };
};
language = [
{
name = "nix";
auto-format = true;
language-servers = [ "rnix-lsp" ];
language-servers = [ "nil" ];
}
];
};
@ -46,6 +48,7 @@
color-modes = true;
line-number = "relative";
cursor-shape.insert = "bar";
completion-trigger-len = 0;
lsp = {
display-messages = true;
display-inlay-hints = true;

View file

@ -5,6 +5,7 @@
# essentials
htop-vim
lsof
zip
unzip
man-pages
@ -31,7 +32,6 @@
gomuks
profanity
fractal
tuba # mastodon client
# games
prismlauncher
@ -43,10 +43,7 @@
bitwarden-cli
# misc
hugo
neofetch # obligatory
jetbrains.idea-ultimate #😎
croc # send files anywhere
xournalpp
libreoffice
mosh