diff --git a/flake.lock b/flake.lock
index d5b20ea..0960aa1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1718371084,
- "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
+ "lastModified": 1716561646,
+ "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
+ "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
@@ -38,11 +38,11 @@
"poetry2nix": "poetry2nix"
},
"locked": {
- "lastModified": 1718106692,
- "narHash": "sha256-IGMrKVU2fXgn30LQduJIg89HefHLlPMgJ3mnnKpnNfU=",
+ "lastModified": 1715166702,
+ "narHash": "sha256-PJxwZoT1JWxMaKRdTLMHN55mdYlhZn2L5VpvyevKkug=",
"owner": "nix-community",
"repo": "authentik-nix",
- "rev": "11f5e0fd17dd44d9946a23271d201b257df9f0f4",
+ "rev": "84c3ce6fe7c174ed1a53cbc5e36cf6a70f4dcc1b",
"type": "github"
},
"original": {
@@ -300,11 +300,11 @@
]
},
"locked": {
- "lastModified": 1718788307,
- "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=",
+ "lastModified": 1717931644,
+ "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca",
+ "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
"type": "github"
},
"original": {
@@ -448,11 +448,11 @@
]
},
"locked": {
- "lastModified": 1718507237,
- "narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=",
+ "lastModified": 1717995391,
+ "narHash": "sha256-lcJ7McLYCOZGmoUqWubg739iFIqVtPD+qDNQx6GPWCY=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4",
+ "rev": "ab78ec24f803bab7a18370220ae3db92d6d33c94",
"type": "github"
},
"original": {
@@ -463,11 +463,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1718895438,
- "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
+ "lastModified": 1717786204,
+ "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
+ "rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
"type": "github"
},
"original": {
diff --git a/hosts/falkenstein/modules/mail/rspamd.nix b/hosts/falkenstein/modules/mail/rspamd.nix
index 87223e5..15dbdde 100644
--- a/hosts/falkenstein/modules/mail/rspamd.nix
+++ b/hosts/falkenstein/modules/mail/rspamd.nix
@@ -31,74 +31,6 @@
allow_username_mismatch = true;
path = /var/lib/rspamd/dkim/$domain.key;
'';
- "reputation.conf".text = ''
- rules {
- ip_reputation = {
- selector "ip" {
- }
- backend "redis" {
- servers = "/run/redis-rspamd/redis.sock";
- }
-
- symbol = "IP_REPUTATION";
- }
- spf_reputation = {
- selector "spf" {
- }
- backend "redis" {
- servers = "/run/redis-rspamd/redis.sock";
- }
-
- symbol = "SPF_REPUTATION";
- }
- dkim_reputation = {
- selector "dkim" {
- }
- backend "redis" {
- servers = "/run/redis-rspamd/redis.sock";
- }
-
- symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT
- }
- generic_reputation = {
- selector "generic" {
- selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html
- }
- backend "redis" {
- servers = "/run/redis-rspamd/redis.sock";
- }
-
- symbol = "GENERIC_REPUTATION";
- }
- }
- '';
- "groups.conf".text = ''
- group "reputation" {
- symbols = {
- "IP_REPUTATION_HAM" {
- weight = 1.0;
- }
- "IP_REPUTATION_SPAM" {
- weight = 4.0;
- }
-
- "DKIM_REPUTATION" {
- weight = 1.0;
- }
-
- "SPF_REPUTATION_HAM" {
- weight = 1.0;
- }
- "SPF_REPUTATION_SPAM" {
- weight = 2.0;
- }
-
- "GENERIC_REPUTATION" {
- weight = 1.0;
- }
- }
- }
- '';
};
};
redis = {
diff --git a/hosts/fujitsu/default.nix b/hosts/fujitsu/default.nix
index 3685021..bbac861 100644
--- a/hosts/fujitsu/default.nix
+++ b/hosts/fujitsu/default.nix
@@ -4,7 +4,6 @@
./hardware-configuration.nix
./modules/networks
./modules/monitoring
- ./modules/nfs
];
boot.loader.grub.enable = true;
diff --git a/hosts/fujitsu/modules/nfs/default.nix b/hosts/fujitsu/modules/nfs/default.nix
deleted file mode 100644
index 890a8be..0000000
--- a/hosts/fujitsu/modules/nfs/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }:
-{
- fileSystems."/export" = {
- device = "/dev/sda2";
- fsType = "btrfs";
- options = [ "subvol=export" "compress=zstd" "noatime" ];
- };
-
- services.nfs.server = {
- enable = true;
- exports = ''
- /export 192.168.42.2(rw,fsid=0,no_subtree_check)
- /export/movies 192.168.42.2(rw,fsid=0,no_subtree_check)
- /export/shows 192.168.42.2(rw,fsid=0,no_subtree_check)
- '';
- };
- networking.firewall.allowedTCPPorts = [ 2049 ];
-
-}
diff --git a/hosts/nuc/modules/authentik/default.nix b/hosts/nuc/modules/authentik/default.nix
index 5ee7e45..6913f98 100644
--- a/hosts/nuc/modules/authentik/default.nix
+++ b/hosts/nuc/modules/authentik/default.nix
@@ -12,15 +12,7 @@ in
services.authentik = {
enable = true;
environmentFile = config.age.secrets.authentik-core.path;
- settings = {
- cert_discovery_dir = "env://CREDENTIALS_DIRECTORY";
- };
};
- systemd.services.authentik-worker.serviceConfig.LoadCredential = [
- "${domain}.pem:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.crt"
- "${domain}.key:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.key"
- ];
-
services.authentik-ldap = {
enable = true;
environmentFile = config.age.secrets.authentik-ldap.path;
diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix
index 161c056..07591f4 100644
--- a/hosts/nuc/modules/matrix/default.nix
+++ b/hosts/nuc/modules/matrix/default.nix
@@ -72,9 +72,6 @@ in
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
reverse_proxy 127.0.0.1:8008
- handle /_synapse/metrics* {
- respond 404
- }
'';
# element
diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index 7c260c3..70f154e 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -1,13 +1,5 @@
{ ... }:
{
- fileSystems."/media/movies" = {
- device = "fujitsu.vpn.rfive.de:/movies";
- fsType = "nfs";
- };
- fileSystems."/media/shows" = {
- device = "fujitsu.vpn.rfive.de:/movies";
- fsType = "nfs";
- };
networking = {
hostName = "nuc";
domain = "rfive.de";
diff --git a/hosts/thinkpad/modules/security/default.nix b/hosts/thinkpad/modules/security/default.nix
index f67a81f..416969f 100644
--- a/hosts/thinkpad/modules/security/default.nix
+++ b/hosts/thinkpad/modules/security/default.nix
@@ -20,30 +20,6 @@
sudo.u2fAuth = true;
};
};
- krb5 = {
- enable = true;
- settings = {
- libdefaults = {
- default_realm = "AGDSN.DE";
- dns_lookup_realm = false;
- dns_lookup_kdc = true;
- ticket_lifetime = "24h";
- forwardable = "yes";
- };
- realms."AGDSN.DE" = {
- kdc = "idm.agdsn.network:88";
- master_kdc = "idm.agdsn.network:88";
- admin_server = "idm.agdsn.network:749";
- default_domain = "agdsn.de";
- };
- domain_realm = {
- "agdsn.de" = "AGDSN.DE";
- ".agdsn.de" = "AGDSN.DE";
- "agdsn" = "AGDSN.DE";
- ".agdsn" = "AGDSN.DE";
- };
- };
- };
};
services = {
fprintd.enable = true; # log in using fingerprint
diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix
index 7536dfc..d38155e 100644
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@@ -1,9 +1,14 @@
{ pkgs, ... }:
{
virtualisation = {
- podman = {
- enable = true;
- defaultNetwork.settings.dns_enabled = true;
+ docker = {
+ rootless = {
+ enable = true;
+ setSocketVariable = true;
+ daemon.settings = {
+ iptables = false;
+ };
+ };
};
libvirtd = {
enable = true;
@@ -22,6 +27,5 @@
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [
virt-viewer
- podman-compose
];
}
diff --git a/users/rouven/default.nix b/users/rouven/default.nix
index e2fffc7..5b89c9e 100644
--- a/users/rouven/default.nix
+++ b/users/rouven/default.nix
@@ -21,7 +21,7 @@
home-manager.useGlobalPkgs = true;
home-manager.users.rouven = { ... }: {
- imports = [ ./modules ];
+ imports = [ ./modules ./options ];
config = {
home.username = "rouven";
diff --git a/users/rouven/modules/default.nix b/users/rouven/modules/default.nix
index 1f50908..efddb7d 100644
--- a/users/rouven/modules/default.nix
+++ b/users/rouven/modules/default.nix
@@ -10,7 +10,7 @@
./mpv
./ssh
./theme
- # ./tex
+ ./tex
./packages.nix
];
}
diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix
index 496cd42..190dd8c 100644
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@@ -1,11 +1,10 @@
-{ pkgs, ... }:
+{ ... }:
let
git = "~/.ssh/git";
in
{
programs.ssh = {
enable = true;
- package = pkgs.openssh_gssapi;
compression = true;
controlMaster = "auto";
controlPersist = "10m";
@@ -68,15 +67,13 @@ in
user = "r5";
extraOptions = {
VerifyHostKeyDNS = "yes";
- GSSAPIAuthentication = "yes";
};
};
"*.agdsn.network" = {
user = "r5";
extraOptions = {
- # ProxyJump = "dijkstra";
+ ProxyJump = "dijkstra";
VerifyHostKeyDNS = "yes";
- GSSAPIAuthentication = "yes";
};
};
"git@git.agdsn.de" = {
diff --git a/users/rouven/modules/wayland/shikane.nix b/users/rouven/modules/wayland/shikane.nix
index c1580ab..b4d1ce6 100644
--- a/users/rouven/modules/wayland/shikane.nix
+++ b/users/rouven/modules/wayland/shikane.nix
@@ -1,19 +1,172 @@
-{ pkgs, ... }:
{
-
- home.packages = [
- pkgs.shikane
- ];
- systemd.user.services.shikane = {
- Unit = {
- Description = "Dynamic output configuration tool";
- Documentation = "man:shikane(1)";
- After = [ "graphical-session-pre.target" ];
- PartOf = [ "graphical-session.target" ];
+ services.shikane = {
+ enable = true;
+ settings = {
+ profile = [
+ {
+ name = "home";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 1920;
+ y = 0;
+ };
+ }
+ {
+ match = "DP-2";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ }
+ {
+ match = "HDMI-A-1";
+ enable = true;
+ position = {
+ x = 3840;
+ y = 0;
+ };
+ }
+ ];
+ }
+ {
+ name = "home-vertical";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 1080;
+ y = 0;
+ };
+ }
+ {
+ match = "DP-3";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ transform = "270";
+ }
+ {
+ match = "HDMI-A-1";
+ enable = true;
+ position = {
+ x = 3000;
+ y = 0;
+ };
+ }
+ ];
+ }
+ {
+ name = "external-monitor-default";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ }
+ {
+ match = "HDMI-A-1";
+ enable = true;
+ position = {
+ x = 1920;
+ y = 0;
+ };
+ }
+ ];
+ }
+ {
+ name = "external-monitor-usb-c";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 0;
+ y = 1440;
+ };
+ }
+ {
+ match = "/P24h/";
+ enable = true;
+ mode = {
+ height = 1440;
+ width = 2560;
+ refresh = 60;
+ };
+ position = {
+ x = 0;
+ y = 0;
+ };
+ }
+ ];
+ }
+ {
+ name = "external-monitor-usb-c";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 1920;
+ y = 0;
+ };
+ }
+ {
+ match = "DP-2";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ }
+ ];
+ }
+ # vertical mode if on dp-3
+ {
+ name = "external-monitor-usb-c-vertical";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 1080;
+ y = 840;
+ };
+ }
+ {
+ match = "DP-3";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ transform = "270";
+ }
+ ];
+ }
+ {
+ name = "builtin";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ position = {
+ x = 0;
+ y = 0;
+ };
+ }
+ ];
+ }
+ ];
};
-
- Service = { ExecStart = "${pkgs.shikane}/bin/shikane"; };
-
- Install = { WantedBy = [ "graphical-session.target" ]; };
};
}
diff --git a/users/rouven/options/default.nix b/users/rouven/options/default.nix
new file mode 100644
index 0000000..f8c03ee
--- /dev/null
+++ b/users/rouven/options/default.nix
@@ -0,0 +1,3 @@
+{
+ imports = [ ./shikane.nix ];
+}
diff --git a/users/rouven/options/shikane.nix b/users/rouven/options/shikane.nix
new file mode 100644
index 0000000..7b41407
--- /dev/null
+++ b/users/rouven/options/shikane.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.shikane;
+ tomlFormat = pkgs.formats.toml { };
+in
+{
+ meta.maintainers = [ maintainers.therealr5 ];
+ options.services.shikane = {
+
+ enable = mkEnableOption
+ "shikane, A dynamic output configuration tool that automatically detects and configures connected outputs based on a set of profiles.";
+
+ package = mkPackageOption pkgs "shikane" { };
+
+ settings = mkOption {
+ type = tomlFormat.type;
+ default = { };
+ example = literalExpression ''
+ {
+ profile = [
+ {
+ name = "external-monitor-default";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ }
+ {
+ match = "HDMI-A-1";
+ enable = true;
+ position = {
+ x = 1920;
+ y = 0;
+ };
+ }
+ ];
+ }
+ {
+ name = "builtin-monitor-only";
+ output = [
+ {
+ match = "eDP-1";
+ enable = true;
+ }
+ ];
+ }
+ ];
+ }
+ '';
+ description = ''
+ Configuration written to
+ $XDG_CONFIG_HOME/shikane/config.toml.
+
+ See
+ for more information.
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.user.services.shikane = {
+ Unit = {
+ Description = "Dynamic output configuration tool";
+ Documentation = "man:shikane(1)";
+ After = [ "graphical-session-pre.target" ];
+ PartOf = [ "graphical-session.target" ];
+ };
+
+ Service = { ExecStart = "${cfg.package}/bin/shikane -c ${tomlFormat.generate "shikane-config.toml" cfg.settings}"; };
+
+ Install = { WantedBy = [ "graphical-session.target" ]; };
+ };
+ };
+}