diff --git a/flake.lock b/flake.lock index 98edfba..ebe6cdc 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1704311514, - "narHash": "sha256-j6JsfCv31bW7LzV06q2L/27QZ4k1Zq7lEq2AR9R150A=", + "lastModified": 1703787578, + "narHash": "sha256-YanYMRry0uvExeCZYbM7yEp3H0gct9SocfFWvsYtyfs=", "owner": "nix-community", "repo": "home-manager", - "rev": "fcbc70a7ee064f2b65dc1fac1717ca2a9813bbe6", + "rev": "f8a4a5c18f4fee53ac3016a52a97df2aaeede65b", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1703800710, - "narHash": "sha256-BlTnkNW50xEMojxDd+M4W1WUX4t33vkxJhsW/eeSCco=", + "lastModified": 1702553482, + "narHash": "sha256-kWU543mm3ai7fZhYNqlLfozsrcAZsmDsp7iCzO1Utng=", "owner": "therealr5", "repo": "TruckSimulatorBot-images", - "rev": "ead83b4ce653e293b9459b0495f0a3f1baac0aa3", + "rev": "0bbd6647c6479312305623f1bc5699cf6874b323", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1703992163, - "narHash": "sha256-709CGmwU34dxv8DjSpRBZ+HibVJIVaFcA4JH+GFnhyM=", + "lastModified": 1703387252, + "narHash": "sha256-XKJqGj0BaEn/zyctEnkgVIh6Ba1rgTRc+UBi9EU8Y54=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "d6510ce144f5da7dd9bac667ba3d5a4946c00d11", + "rev": "f4340c1a42c38d79293ba69bfd839fbd6268a538", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1703438236, + "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", "type": "github" }, "original": { @@ -398,11 +398,11 @@ ] }, "locked": { - "lastModified": 1704138480, - "narHash": "sha256-KSWmE3C/nnU6gJ2KIYaTPB4Yk58BhqFdOhaIuhCCFfg=", + "lastModified": 1702553371, + "narHash": "sha256-6jdDRktu7NaWifzhV+/IgRg8aBqELv4L51Ijurqt2a8=", "owner": "therealr5", "repo": "purge", - "rev": "3ae163c8fa9a64ecf1d06f390c6072948a57905f", + "rev": "0f12b011b86571435e37e69e91a464513ecdd24e", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1704138497, - "narHash": "sha256-+bDxq8eeLpPO/4fZm4ikAbW064T4+n8CIY4kv+sd41U=", + "lastModified": 1702553577, + "narHash": "sha256-RTNBEoapC+HYU2jev6jc9XiffL1Zf6w51GZ96zoA3zE=", "owner": "therealr5", "repo": "TruckSimulatorBot", - "rev": "1053bcb5419c18fb7f700e7b2a0cde9c0467f79c", + "rev": "bb08a872dbcb4e386835c581c0ecfccf936b4012", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c699135..9a87706 100644 --- a/flake.nix +++ b/flake.nix @@ -61,7 +61,6 @@ }@attrs: { packages.x86_64-linux = { iso = self.nixosConfigurations.iso.config.system.build.isoImage; - thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel; jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { }; adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index 680bff2..83aa8df 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -35,10 +35,13 @@ environment.systemPackages = with pkgs; [ vim + wget htop-vim helix lsof python3 + php + phpPackages.composer ]; programs.git = { enable = true; @@ -57,6 +60,10 @@ }; services.journald.enableHttpGateway = true; programs.mosh.enable = true; + security = { + audit.enable = true; + auditd.enable = true; + }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../keys/ssh/rouven-thinkpad ../../keys/ssh/rouven-pixel diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 72a0d4a..e1fbaac 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -6,9 +6,7 @@ ./hardware-configuration.nix ./modules/networks ./modules/backup - ./modules/cache ./modules/grafana - ./modules/hydra ./modules/prometheus ./modules/matrix ./modules/seafile @@ -17,7 +15,6 @@ ./modules/nginx ]; - nix.settings.system-features = [ "gccarch-tigerlake" ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -49,6 +46,7 @@ environment.systemPackages = with pkgs; [ vim + wget htop-vim helix lsof @@ -66,6 +64,10 @@ services.openssh.enable = true; services.journald.enableHttpGateway = true; programs.mosh.enable = true; + security = { + audit.enable = true; + auditd.enable = true; + }; # firmware updates diff --git a/hosts/nuc/modules/cache/default.nix b/hosts/nuc/modules/cache/default.nix deleted file mode 100644 index 049d0b2..0000000 --- a/hosts/nuc/modules/cache/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, ... }: -let - domain = "cache.rfive.de"; -in -{ - age.secrets.cache = { - file = ../../../../secrets/nuc/cache.age; - }; - services.nix-serve = { - enable = true; - secretKeyFile = config.age.secrets.cache.path; - }; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; - }; - }; -} diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index ec40060..67d6146 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -43,13 +43,13 @@ in }]; }]; }; - }; - matrix-sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = "https://${domain}"; + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://${domain}"; + }; + environmentFile = config.age.secrets."matrix/sync".path; }; - environmentFile = config.age.secrets."matrix/sync".path; }; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 4ee618c..5aa1c52 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -14,14 +14,6 @@ ./modules/virtualisation ]; - nixpkgs.hostPlatform = { - gcc.arch = "tigerlake"; - gcc.tune = "tigerlake"; - system = "x86_64-linux"; - }; - - nix.settings.system-features = [ "gccarch-tigerlake" ]; - # Use the systemd-boot EFI boot loader. boot = { kernelModules = [ "v4l2loopback" ]; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index c31e349..e0aafe5 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -21,8 +21,8 @@ whois inetutils openssl + wget dnsutils - nmap ]; services.resolved = { fallbackDns = [ @@ -40,6 +40,9 @@ hostName = "thinkpad"; hostId = "d8d34032"; enableIPv6 = true; + firewall = { + logRefusedConnections = false; + }; wireless = { enable = true; userControlled.enable = true; @@ -160,7 +163,7 @@ linkConfig.RequiredForOnline = "carrier"; networkConfig = { Address = "192.168.43.3/32"; - DNS = "192.168.43.1"; + DNS = "192.168.42.1"; DNSSEC = true; BindCarrier = [ "wlp9s0" "enp0s31f6" ]; }; diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index fd17428..bd321c4 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -31,6 +31,7 @@ environment.systemPackages = with pkgs; [ vim + wget htop-vim ]; programs.git = { diff --git a/secrets.nix b/secrets.nix index 12bac9e..3194430 100644 --- a/secrets.nix +++ b/secrets.nix @@ -19,7 +19,6 @@ in "secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; - "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/cache.age b/secrets/nuc/cache.age deleted file mode 100644 index 0d3d055..0000000 --- a/secrets/nuc/cache.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uWbAHQ pLKYxDwT0w0iVvg+Ppu66RaQ+6b9Mw935ol8X5+wWgU -VL90qNwa1IWO8GdIuI9JGjP62qVF5kJbWmuciq6Kbos --> ssh-ed25519 2TRdXg T9oZyBSqwUTBMws7tykM8xqyOChp1/E80aOlYvzz0CE -lY4VA7dwfkHsRQyrSuAJC5CS9/h6x2vlBEEHFwfeb3s ---- USkk3hxaZmHIwdd5Y62i9VeIlBzGJQCnCBeGvO/3NzQ -l34nvi(rH;0!Eb-h2 AZDEփ1хMVBnh{DJc?ii2b0dMHQ-=4С4r4Eџ6ק. \ No newline at end of file diff --git a/shared/nix.nix b/shared/nix.nix index f428010..6dda9be 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -10,12 +10,6 @@ settings = { auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" "repl-flake" ]; - substituters = [ - "https://cache.rfive.de" - ]; - trusted-public-keys = [ - "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw=" - ]; }; }; } diff --git a/shared/systemd.nix b/shared/systemd.nix index 4adfba9..19f6ec1 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -11,7 +11,7 @@ enable = true; enableSystemSlice = true; enableRootSlice = true; - enableUserSlices = true; + enableUserServices = true; }; }; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 9a59d4d..cbe982b 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -33,7 +33,6 @@ gajim gomuks fractal - tuba # mastodon client # games prismlauncher diff --git a/users/rouven/modules/wayland/breaktimer.nix b/users/rouven/modules/wayland/breaktimer.nix index 0c12cc4..692058d 100644 --- a/users/rouven/modules/wayland/breaktimer.nix +++ b/users/rouven/modules/wayland/breaktimer.nix @@ -1,14 +1,16 @@ { pkgs, ... }: { - systemd.user.services.ianny = { - Unit = { - Description = "Ianny break timer"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; + systemd.user = { + services.ianny = { + Unit = { + Description = "Ianny break timer"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + Service = { + ExecStart = "${pkgs.ianny}/bin/ianny"; + }; + Install = { WantedBy = [ "graphical-session.target" ]; }; }; - Service = { - ExecStart = "${pkgs.ianny}/bin/ianny"; - }; - Install = { WantedBy = [ "graphical-session.target" ]; }; }; } diff --git a/users/rouven/modules/wayland/default.nix b/users/rouven/modules/wayland/default.nix index 3603f27..b7c68b2 100644 --- a/users/rouven/modules/wayland/default.nix +++ b/users/rouven/modules/wayland/default.nix @@ -34,18 +34,6 @@ systemdTarget = "graphical-session.target"; }; - systemd.user.services.swayidle-inhibit = { - Unit = { - Description = "Service preventing swayidle from sleeping while any application is outputting or receiving audio"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - Service = { - ExecStart = "${lib.getExe pkgs.sway-audio-idle-inhibit}"; - }; - Install = { WantedBy = [ "graphical-session.target" ]; }; - }; - systemd.user.services.swaync = { Install.WantedBy = [ "graphical-session.target" ]; Service = {